c/ietf-wimse-ect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace medical device workflow with medtech SDLC use case

Browse Source 
Replace the clinical treatment recommendation workflow with a
software development lifecycle (SDLC) workflow covering spec
review, code generation, autonomous testing, build validation,
and HITL release approval. Add FDA audit subsection showing DAG
reconstruction for regulatory evidence review. Update Example 2
in appendix with matching detailed JSON examples for all 5 SDLC
phases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christian Nennemann
2026-02-24 06:31:10 +01:00
parent e581290403
commit 005509b20c
1 changed files with 172 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
draft-nennemann-wimse-execution-context-00.md
View File

@@ -904,51 +904,95 @@ Note: task identifiers in this section are abbreviated for
readability. In production, all "tid" values MUST be UUIDs per readability. In production, all "tid" values MUST be UUIDs per
{{RFC9562}}. {{RFC9562}}.
## Medical Device Workflow ## Medical Device SDLC Workflow
In a medical device workflow, multiple AI agents coordinate to In a medical device software development lifecycle (SDLC),
produce a treatment recommendation. Regulatory frameworks AI agents assist across multiple phases from requirements
analysis through release approval. Regulatory frameworks
including {{FDA-21CFR11}} Section 11.10(e) and {{EU-MDR}} require including {{FDA-21CFR11}} Section 11.10(e) and {{EU-MDR}} require
audit trails of decisions made by or with the assistance of audit trails documenting the complete development process for
software systems. software used in medical devices.
~~~ ~~~
Agent A (Clinical Reasoning): Agent A (Spec Reviewer):
tid: task-001 par: [] tid: task-001 par: []
exec_act: recommend_treatment exec_act: review_requirements_spec
pol: clinical_rules_v2 pol_decision: approved pol: spec_review_policy_v2 pol_decision: approved
Agent B (Safety Check): Agent B (Code Generator):
tid: task-002 par: [task-001] tid: task-002 par: [task-001]
exec_act: check_drug_interactions exec_act: implement_module
pol: safety_policy_v3 pol_decision: approved pol: coding_standards_v3 pol_decision: approved
Agent C (Dosage Calculation): Agent C (Test Agent):
tid: task-003 par: [task-002] tid: task-003 par: [task-002]
exec_act: calculate_dosage exec_act: execute_test_suite
pol: dosage_rules_v1 pol_decision: approved pol: test_coverage_policy_v1 pol_decision: approved
Human Physician Review: Agent D (Build Agent):
tid: task-004 par: [task-003] tid: task-004 par: [task-003]
exec_act: approve_treatment exec_act: build_release_artifact
pol: physician_approval pol_decision: approved pol: build_validation_v2 pol_decision: approved
pol_enforcer: spiffe://hospital.com/human/physician-123
witnessed_by: [spiffe://hospital.com/audit/observer-1]
~~~
{: #fig-medtech title="Medical Device Workflow"}
ECTs record that clinical reasoning preceded safety checking, Human Release Manager:
safety checking preceded dosage calculation, and a human physician tid: task-005 par: [task-004]
approved the final recommendation. The DAG structure shows that exec_act: approve_release
no step was skipped or reordered. pol: release_approval_policy pol_decision: approved
pol_enforcer: spiffe://meddev.example/human/release-mgr-42
witnessed_by: [spiffe://meddev.example/audit/qa-observer-1]
~~~
{: #fig-medtech-sdlc title="Medical Device SDLC Workflow"}
ECTs record that requirements were reviewed before implementation
began, that tests were executed against the implemented code, that
the build artifact was validated, and that a human release manager
explicitly approved the release. The DAG structure ensures no
phase was skipped or reordered.
### FDA Audit with DAG Reconstruction
During a regulatory audit, an FDA reviewer requests evidence of
the development process for a specific software release. The
auditing authority retrieves all ECTs sharing the same workflow
identifier ("wid") from the audit ledger and reconstructs the
complete DAG:
~~~
task-001 (review_requirements_spec)
|
v
task-002 (implement_module)
|
v
task-003 (execute_test_suite)
|
v
task-004 (build_release_artifact)
|
v
task-005 (approve_release) [human, witnessed]
~~~
{: #fig-fda-audit title="Reconstructed DAG for FDA Audit"}
The reconstructed DAG provides cryptographic evidence that:
- Each phase was executed by an identified and authenticated agent.
- Policy checkpoints were evaluated at every phase transition.
- The execution sequence was maintained (no step was bypassed).
- A human-in-the-loop approved the final release, with independent
witness attestation.
- Timestamps and execution durations are recorded for each step.
This can contribute to compliance with: This can contribute to compliance with:
- {{FDA-21CFR11}} Section 11.10(e): Computer-generated audit trails - {{FDA-21CFR11}} Section 11.10(e): Computer-generated audit trails
that record the date, time, and identity of the operator. that record the date, time, and identity of the operator.
- {{EU-MDR}} Annex II: Technical documentation traceability. - {{EU-MDR}} Annex II: Technical documentation traceability for the
software development lifecycle.
- {{EU-AI-ACT}} Article 12: Automatic logging capabilities for - {{EU-AI-ACT}} Article 12: Automatic logging capabilities for
high-risk AI systems. high-risk AI systems involved in the development process.
- {{EU-AI-ACT}} Article 14: ECTs can record evidence that human
oversight events occurred during the release process.
## Financial Trading Workflow ## Financial Trading Workflow
@@ -1565,87 +1609,144 @@ task-...-0001 (fetch_patient_data)
task-...-0002 (validate_safety) task-...-0002 (validate_safety)
~~~ ~~~
## Example 2: Medical Workflow with Human Oversight ## Example 2: Medical Device SDLC with Release Approval
{:numbered="false"} {:numbered="false"}
A multi-step clinical workflow with physician approval: A multi-step medical device software lifecycle workflow with
autonomous agents and human release approval:
Task 1 (Clinical Reasoning Agent): Task 1 (Spec Review Agent):
~~~json ~~~json
{ {
"iss": "spiffe://hospital.example/agent/clinical", "iss": "spiffe://meddev.example/agent/spec-reviewer",
"sub": "spiffe://hospital.example/agent/clinical", "sub": "spiffe://meddev.example/agent/spec-reviewer",
"aud": "spiffe://hospital.example/agent/safety", "aud": "spiffe://meddev.example/agent/code-gen",
"iat": 1772064150, "iat": 1772064150,
"exp": 1772064750, "exp": 1772064750,
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901", "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"tid": "a1b2c3d4-0001-0000-0000-000000000001", "tid": "a1b2c3d4-0001-0000-0000-000000000001",
"exec_act": "recommend_treatment", "exec_act": "review_requirements_spec",
"par": [], "par": [],
"pol": "clinical_rules_v2", "pol": "spec_review_policy_v2",
"pol_decision": "approved", "pol_decision": "approved",
"regulated_domain": "medtech", "regulated_domain": "medtech",
"model_version": "clinical-reasoning-v4.2" "model_version": "spec-review-v3.1",
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
} }
~~~ ~~~
Task 2 (Human Physician Approval): Task 2 (Code Generation Agent):
~~~json ~~~json
{ {
"iss": "spiffe://hospital.example/human/physician-456", "iss": "spiffe://meddev.example/agent/code-gen",
"sub": "spiffe://hospital.example/human/physician-456", "sub": "spiffe://meddev.example/agent/code-gen",
"aud": "spiffe://hospital.example/agent/dosage", "aud": "spiffe://meddev.example/agent/test-runner",
"iat": 1772064210, "iat": 1772064200,
"exp": 1772064810, "exp": 1772064800,
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901", "wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"tid": "a1b2c3d4-0001-0000-0000-000000000002", "tid": "a1b2c3d4-0001-0000-0000-000000000002",
"exec_act": "approve_treatment_recommendation", "exec_act": "implement_module",
"par": ["a1b2c3d4-0001-0000-0000-000000000001"], "par": ["a1b2c3d4-0001-0000-0000-000000000001"],
"pol": "physician_approval_policy", "pol": "coding_standards_v3",
"pol_decision": "approved", "pol_decision": "approved",
"pol_enforcer": "spiffe://hospital.example/human/physician-456", "regulated_domain": "medtech",
"model_version": "codegen-v2.4"
}
~~~
Task 3 (Autonomous Test Agent):
~~~json
{
"iss": "spiffe://meddev.example/agent/test-runner",
"sub": "spiffe://meddev.example/agent/test-runner",
"aud": "spiffe://meddev.example/agent/build",
"iat": 1772064260,
"exp": 1772064860,
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"tid": "a1b2c3d4-0001-0000-0000-000000000003",
"exec_act": "execute_test_suite",
"par": ["a1b2c3d4-0001-0000-0000-000000000002"],
"pol": "test_coverage_policy_v1",
"pol_decision": "approved",
"regulated_domain": "medtech",
"exec_time_ms": 4523
}
~~~
Task 4 (Build Agent):
~~~json
{
"iss": "spiffe://meddev.example/agent/build",
"sub": "spiffe://meddev.example/agent/build",
"aud": "spiffe://meddev.example/human/release-mgr-42",
"iat": 1772064310,
"exp": 1772064910,
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"tid": "a1b2c3d4-0001-0000-0000-000000000004",
"exec_act": "build_release_artifact",
"par": ["a1b2c3d4-0001-0000-0000-000000000003"],
"pol": "build_validation_v2",
"pol_decision": "approved",
"regulated_domain": "medtech",
"out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
}
~~~
Task 5 (Human Release Manager Approval):
~~~json
{
"iss": "spiffe://meddev.example/human/release-mgr-42",
"sub": "spiffe://meddev.example/human/release-mgr-42",
"aud": "spiffe://meddev.example/system/ledger",
"iat": 1772064510,
"exp": 1772065110,
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"tid": "a1b2c3d4-0001-0000-0000-000000000005",
"exec_act": "approve_release",
"par": ["a1b2c3d4-0001-0000-0000-000000000004"],
"pol": "release_approval_policy",
"pol_decision": "approved",
"pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
"witnessed_by": [ "witnessed_by": [
"spiffe://hospital.example/audit/observer-1" "spiffe://meddev.example/audit/qa-observer-1"
], ],
"regulated_domain": "medtech" "regulated_domain": "medtech"
} }
~~~ ~~~
Task 3 (Dosage Calculation Agent): The resulting DAG records the complete SDLC: spec review preceded
implementation, implementation preceded testing, testing preceded
~~~json build, and a human release manager approved the final release
{ with independent witness attestation.
"iss": "spiffe://hospital.example/agent/dosage",
"sub": "spiffe://hospital.example/agent/dosage",
"aud": "spiffe://hospital.example/system/ledger",
"iat": 1772064230,
"exp": 1772064830,
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"tid": "a1b2c3d4-0001-0000-0000-000000000003",
"exec_act": "calculate_dosage",
"par": ["a1b2c3d4-0001-0000-0000-000000000002"],
"pol": "dosage_rules_v1",
"pol_decision": "approved",
"regulated_domain": "medtech"
}
~~~
The resulting DAG records: clinical reasoning preceded physician
approval, which preceded dosage calculation. The physician
approval was independently witnessed.
~~~ ~~~
task-...-0001 (recommend_treatment) task-...-0001 (review_requirements_spec)
| |
v v
task-...-0002 (approve_treatment) [physician, witnessed] task-...-0002 (implement_module)
| |
v v
task-...-0003 (calculate_dosage) task-...-0003 (execute_test_suite)
|
v
task-...-0004 (build_release_artifact)
|
v
task-...-0005 (approve_release) [human, witnessed]
~~~ ~~~
An FDA auditor reconstructs this DAG by querying the audit ledger
for all ECTs with wid "c2d3e4f5-a6b7-8901-cdef-012345678901" and
verifying each signature. The DAG provides cryptographic evidence
that the SDLC followed the prescribed process with human oversight
at the release gate.
## Example 3: Parallel Execution with Join ## Example 3: Parallel Execution with Join
{:numbered="false"} {:numbered="false"}