The finding travels. The patient record
stays where it lives.
Every architectural decision follows from one constraint: for health, financial, and minor-facing AI, the data cannot be centralised — not even for a compliance check. So the diagnostic travels to the data, and only the signed Evidence Record travels back.
Findings travel
The result crosses the boundary. The data never does.
Ed25519 signing
Every Evidence Record verifiable offline, by anyone
Role-bound review
Server-side checks; no one reviews what they cannot defend
Revocation at the next call
One action, and the agent stops — not at the next audit
Security headers
Security principles
Eight controls. On by default. Not configurable off.
Raw export is refused, not merely discouraged
No raw prompt, completion, retrieval corpus, model weight, clinical record, or financial record is exported. A diagnostic yields a signed Evidence Record — the finding. The raw-export flag is off by default, cannot be set from the browser, and is refused by the container itself.
Organisation isolation
Evidence, passports, visas, and decisions are isolated at the database and API layer. Nothing crosses an organisation boundary without an explicit, recorded act — a Wake, issued by a named person, to a named recipient.
Role-bound review
A reviewer sees only the decisions their role can defend. The DPO takes legal basis and special-category exposure; the CISO takes tools, credentials, egress, and logging. Every route enforces the check server-side — never in the client.
Evidence Records — signed and immutable
Every diagnostic result is signed with an Ed25519 key and cannot be amended after issue. A supervisory authority, a notified body, or a hospital's DPO can verify the signature offline — without re-running the check, and without trusting the issuer.
The decision log is the record
Every scan finding, passport issue and re-issue, visa grant, refusal, suspension, and revocation is written to an immutable log with actor, role, timestamp, rationale, and resource. AI Act Art. 12 requires the events be recorded; this is where they are recorded.
Keys and secrets
Signing keys, API keys, and webhook secrets live in the environment, never in the database or version control, and rotate without downtime. In a federated deployment the signing key never leaves your infrastructure at all.
Encryption in transit and at rest
AES-256 at rest, TLS 1.3 in transit. Webhook payloads are HMAC-verified before processing — and an entitlement activates only on a verified webhook event, never on a browser redirect.
Federated execution
Diagnostics run inside your perimeter — on-premise, in your VPC, or air-gapped. Only the signed Evidence Record crosses the boundary. For health, financial, and minor-facing AI, this is not a deployment option; it is the only lawful shape of the problem.
Evidence Records
The result is signed. The input is never transmitted.
A diagnostic run — in your perimeter or ours — produces one signed, immutable Evidence Record: the check, the runner and version, the parameters, the score, the result, and the model version it was run against. No input row, prompt, or document is included, and the record is bound to the model version so that a silent swap invalidates it.
Evidence Record — anatomy
Security HTTP headers