diff --git a/healthcare/README.md b/healthcare/README.md index 97f0277..02c4505 100644 --- a/healthcare/README.md +++ b/healthcare/README.md @@ -196,6 +196,26 @@ curl "http://localhost:8443/audit/export?session_id=" | python3 -m json.tool --- +## Regulatory Variants + +This demo uses EU AI Act Art. 14 and HIPAA as its primary policy example. Additional +variants in subdirectories show how the same cMCP + TRACE architecture maps to other +healthcare regulatory frameworks. The Cedar policy and TRACE record fields change; +the runtime architecture does not. + +| Variant | Jurisdiction | Regulatory focus | +|---------|-------------|-----------------| +| This demo | EU + US | EU AI Act Art. 14 human oversight + HIPAA PHI | +| [`us-fda-samd/`](us-fda-samd/README.md) | United States | FDA SaMD Action Plan -- cleared-scope enforcement, 21 CFR Part 820 | +| [`uk-nhs/`](uk-nhs/README.md) | United Kingdom | UK GDPR Art. 22 -- DSPT token gate, MHRA AI as medical device | +| [`sg-moh/`](sg-moh/README.md) | Singapore | IMDA AI Governance Tier 1/2 -- PDPA consent, MOH guidelines | + +Each variant includes a Cedar policy file showing jurisdiction-specific rules and a +TRACE Trust Record with the `runtime.region`, `runtime.provider`, and +`compliance_domains_touched` fields set for that jurisdiction. + +--- + ## License Apache 2.0. See [LICENSE](../LICENSE) in the repo root. diff --git a/healthcare/sg-moh/README.md b/healthcare/sg-moh/README.md new file mode 100644 index 0000000..fa464d2 --- /dev/null +++ b/healthcare/sg-moh/README.md @@ -0,0 +1,58 @@ +# Singapore MOH: Clinical AI Governance with TRACE + +Demonstrates TRACE Trust Records for an AI healthcare deployment in Singapore. Shows how +the governance record maps to IMDA AI Governance Framework Tier 1/2 classification, +Singapore MOH AI in Healthcare guidelines, PDPA consent requirements, and HSA medical +device registration obligations. + +**Regulatory references:** IMDA AI Governance Framework v2 (2020), MOH Singapore AI in +Healthcare Guidelines (2023), PDPA 2012, HSA guidance on AI/ML-based medical devices. + +--- + +## What the Cedar policy enforces + +| Rule | Regulatory basis | What it blocks | +|------|-----------------|---------------| +| Default deny | -- | Anything not explicitly permitted | +| `imda-tier1-human-review` | IMDA AI Governance Framework v2 -- Tier 1 (consequential) | Final diagnostic outputs without `human_review_token` when `imda_tier == "tier1"` | +| `pdpa-consent-required` | PDPA 2012 -- sensitive personal data | Imaging reads when no `patient_consent_ref` is present in context | +| `sg-data-residency` | PDPA Part 9 -- cross-border transfer obligations | Calls where `data_residency != "ap-southeast-1"` | + +**Key difference from EU/US demos:** IMDA's two-tier model is explicit in the policy -- +`imda_tier` is a context field on every tool call. Tier 1 (consequential decisions, e.g. +diagnosis affecting treatment) requires human review unconditionally. Tier 2 +(non-consequential) does not. This is a different gating model than the EU risk-category +or US acuity-level approaches. PDPA consent reference is also enforced at the call layer, +not just at data collection time. + +--- + +## TRACE Trust Record: key fields for MOH / PDPA audit + +```json +{ + "runtime": { "region": "ap-southeast-1", "provider": "aws-nitro-enclaves" }, + "policy": { "version": "radiology-sg-v1.0", "enforcement_mode": "enforce" }, + "call_graph_summary": { + "compliance_domains_touched": ["sensitive-personal-data", "imda-ai-governance-framework-v2", "pdpa-2012"], + "data_residency_violations": [], + "consent_ref_present": true, + "imda_tier": "tier1" + } +} +``` + +`imda_tier: "tier1"` in the record confirms the session was treated as a consequential +decision -- meaning the human review gate was active for the duration of the session. + +--- + +## Relationship to other healthcare variants + +| Variant | Jurisdiction | Key differentiator | +|---------|-------------|-------------------| +| Base demo (`../`) | EU + US | EU AI Act Art. 14 + HIPAA | +| `../us-fda-samd/` | US FDA | Cleared-scope enforcement, SaMD Action Plan | +| `../uk-nhs/` | UK | UK GDPR Art. 22, DSPT token gate, MHRA oversight | +| This demo | Singapore | IMDA Tier 1/2 consequential-decision gate, PDPA consent | diff --git a/healthcare/sg-moh/policy/radiology-sg.cedar b/healthcare/sg-moh/policy/radiology-sg.cedar new file mode 100644 index 0000000..160e3c8 --- /dev/null +++ b/healthcare/sg-moh/policy/radiology-sg.cedar @@ -0,0 +1,86 @@ +// Cedar policy bundle for AI in healthcare -- Singapore +// version: radiology-sg-v1.0 +// Regulatory references: +// MOH Singapore: Artificial Intelligence in Healthcare Guidelines (2023) +// IMDA AI Governance Framework v2 (2020) -- Tier 1/2 risk classification +// PDPA (Personal Data Protection Act 2012) -- health data as sensitive personal data +// HSA (Health Sciences Authority): guidance on AI/ML-based medical devices +// +// Cedar default-deny. workflow_id required on every call. +// IMDA Tier 1 = consequential, Tier 2 = non-consequential. +// Radiology diagnosis is Tier 1 (consequential decision). + +// Rule 1: imaging read permitted for the sg-radiology-ai workflow. +permit ( + principal, + action == Action::"Radiology.imagingRead", + resource +) when { + context has workflow_id && + context.workflow_id == "sg-radiology-ai" +}; + +// Rule 2: inference permitted within HSA-registered device scope. +permit ( + principal, + action == Action::"Radiology.runDiagnosticInference", + resource +) when { + context has workflow_id && + context.workflow_id == "sg-radiology-ai" +}; + +// Rule 3: report write permitted, subject to human oversight rules below. +permit ( + principal, + action == Action::"Radiology.writeDiagnosticReport", + resource +) when { + context has workflow_id && + context.workflow_id == "sg-radiology-ai" +}; + +// Rule 4: IMDA Tier 1 (consequential decisions) -- all final diagnostic outputs +// require human review before release. MOH guidelines: AI must augment, not replace, +// clinical judgment for consequential decisions. +@id("imda-tier1-human-review") +@reason("human-review-required-for-tier1-decision") +@regulation("imda-ai-governance-framework-v2") +@reviewer_role("radiologist") +forbid ( + principal, + action == Action::"Radiology.writeDiagnosticReport", + resource +) when { + context.arguments has imda_tier && + context.arguments.imda_tier == "tier1" && + !(context has human_review_token) +}; + +// Rule 5: PDPA -- health data is sensitive personal data requiring explicit consent +// record. Deny access if no consent reference is present in context. +@id("pdpa-consent-required") +@reason("pdpa-sensitive-data-consent-required") +@regulation("pdpa-2012") +forbid ( + principal, + action == Action::"Radiology.imagingRead", + resource +) when { + context.data_class == "sensitive-personal-data" && + !(context has patient_consent_ref) +}; + +// Rule 6: health data must remain within Singapore or countries with equivalent +// PDPA protection. Singapore has not granted adequacy to all jurisdictions. +@id("sg-data-residency") +@reason("pdpa-cross-border-transfer-requires-protection") +@regulation("pdpa-2012-part-9") +forbid ( + principal, + action, + resource +) when { + context has data_residency && + context.data_residency != "ap-southeast-1" +}; diff --git a/healthcare/sg-moh/trace-output/example-sg-trust-record.json b/healthcare/sg-moh/trace-output/example-sg-trust-record.json new file mode 100644 index 0000000..80ab328 --- /dev/null +++ b/healthcare/sg-moh/trace-output/example-sg-trust-record.json @@ -0,0 +1,60 @@ +{ + "cmcp_version": "1.0", + "trace": { + "eat_profile": "tag:agentrust.io,2026:trace-v0.1", + "iat": 1781280300, + "subject": "spiffe://cmcp.gateway/session/sg-moh-demo-session-001", + "runtime": { + "platform": "amd-sev-snp", + "measurement": "sha256:d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7", + "firmware_version": "amd-sev-snp-milan-1.55.21", + "region": "ap-southeast-1", + "provider": "aws-nitro-enclaves" + }, + "policy": { + "bundle_hash": "sha256:f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", + "enforcement_mode": "enforce", + "version": "radiology-sg-v1.0" + }, + "data_class": "sensitive-personal-data", + "tool_transcript": { + "hash": "sha256:b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1", + "call_count": 3 + }, + "cnf": { + "jwk": { + "kty": "OKP", + "crv": "Ed25519", + "x": "l6c3ZuLwXZ3GxUEoW9TW205GQi5mpO4GxlkSu3c3z58", + "kid": "cmcp-sg-moh-01" + } + } + }, + "gateway": { + "session_id": "sg-moh-demo-session-001", + "gateway_version": "1.0.0", + "sequence_number": 3, + "audit_chain": { + "root": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5", + "tip": "b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1", + "length": 5 + }, + "call_summary": { + "tool_calls_total": 3, + "tool_calls_allowed": 3, + "tool_calls_denied": 0, + "tools_invoked": [ + "radiology.imaging_read", + "radiology.run_diagnostic_inference", + "radiology.write_diagnostic_report" + ], + "session_max_sensitivity": "sensitive-personal-data", + "call_graph_summary": { + "compliance_domains_touched": ["sensitive-personal-data", "imda-ai-governance-framework-v2", "pdpa-2012"], + "data_residency_violations": [], + "consent_ref_present": true, + "imda_tier": "tier1" + } + } + } +} diff --git a/healthcare/uk-nhs/README.md b/healthcare/uk-nhs/README.md new file mode 100644 index 0000000..7ade8d7 --- /dev/null +++ b/healthcare/uk-nhs/README.md @@ -0,0 +1,54 @@ +# UK NHS: Clinical AI Governance with TRACE + +Demonstrates TRACE Trust Records for an NHS AI deployment in radiology. Shows how the +governance record maps to MHRA medical device guidance, UK GDPR Article 22 automated +decision-making requirements, and NHS Data Security and Protection Toolkit (DSPT) obligations. + +**Regulatory references:** NHS AI Lab Principles (2023), MHRA Software and AI as a Medical +Device (2024), UK GDPR Article 22, NHS DSPT. + +--- + +## What the Cedar policy enforces + +| Rule | Regulatory basis | What it blocks | +|------|-----------------|---------------| +| Default deny | -- | Anything not explicitly permitted | +| `ukgdpr-art22-clinician-review` | UK GDPR Art. 22 -- significant automated decisions | Reports with `clinical_significance == "significant"` without clinician review token | +| `dspt-required` | NHS DSPT | Any access to NHS patient data without a DSPT access token in context | +| `uk-data-residency` | UK GDPR Chapter V | Calls where `data_residency != "uk-south"` | + +**Key difference from EU AI Act demo:** UK focuses on the DSPT access token as a +runtime enforcement gate (not just configuration), and UK GDPR Art. 22 requires clinician +review for any "significant" AI output rather than EU's risk-category model. UKCA marking +(UK conformity, post-Brexit equivalent of CE) also applies to the device scope. + +--- + +## TRACE Trust Record: key fields for MHRA / NHS audit + +```json +{ + "runtime": { "region": "uk-south", "provider": "azure-confidential-compute" }, + "policy": { "version": "radiology-nhs-v1.0", "enforcement_mode": "enforce" }, + "call_graph_summary": { + "compliance_domains_touched": ["nhs-patient-data", "uk-gdpr-art-22", "nhs-dspt"], + "data_residency_violations": [], + "dspt_token_present": true + } +} +``` + +`dspt_token_present: true` and `data_residency_violations: []` are the two key fields +an NHS Digital or MHRA auditor checks first. + +--- + +## Relationship to other healthcare variants + +| Variant | Jurisdiction | Key differentiator | +|---------|-------------|-------------------| +| Base demo (`../`) | EU + US | EU AI Act Art. 14 + HIPAA | +| `../us-fda-samd/` | US FDA | Cleared-scope enforcement, SaMD Action Plan | +| This demo | UK | UK GDPR Art. 22, DSPT token gate, MHRA oversight | +| `../sg-moh/` | Singapore | IMDA Tier 1/2, PDPA consent, MOH guidelines | diff --git a/healthcare/uk-nhs/policy/radiology-nhs.cedar b/healthcare/uk-nhs/policy/radiology-nhs.cedar new file mode 100644 index 0000000..1e39a7a --- /dev/null +++ b/healthcare/uk-nhs/policy/radiology-nhs.cedar @@ -0,0 +1,86 @@ +// Cedar policy bundle for NHS AI deployment in radiology +// version: radiology-nhs-v1.0 +// Regulatory references: +// NHS AI Lab: Principles for the Development, Deployment and Use of AI in Health (2023) +// MHRA guidance: Software and AI as a Medical Device (2024) +// NHS Data Security and Protection Toolkit (DSPT) -- mandatory for NHS data access +// UK GDPR Article 22: automated decision-making with significant effects +// +// Cedar default-deny. workflow_id required on every call. + +// Rule 1: imaging read permitted for the nhs-radiology-ai workflow +// only when the DSPT access agreement token is present. +permit ( + principal, + action == Action::"Radiology.imagingRead", + resource +) when { + context has workflow_id && + context.workflow_id == "nhs-radiology-ai" && + context has dspt_access_token && + context.dspt_access_token != "" +}; + +// Rule 2: inference permitted within the UKCA-marked device scope. +permit ( + principal, + action == Action::"Radiology.runDiagnosticInference", + resource +) when { + context has workflow_id && + context.workflow_id == "nhs-radiology-ai" +}; + +// Rule 3: diagnostic report write permitted, subject to MHRA human oversight below. +permit ( + principal, + action == Action::"Radiology.writeDiagnosticReport", + resource +) when { + context has workflow_id && + context.workflow_id == "nhs-radiology-ai" +}; + +// Rule 4: UK GDPR Article 22 -- AI decisions with significant effects on a patient +// require a qualified clinician to review before the report is issued. +// MHRA: clinically significant AI outputs must remain under qualified human oversight. +@id("ukgdpr-art22-clinician-review") +@reason("clinician-review-required") +@regulation("uk-gdpr-art-22") +@reviewer_role("reporting-radiographer-or-radiologist") +forbid ( + principal, + action == Action::"Radiology.writeDiagnosticReport", + resource +) when { + context.arguments has clinical_significance && + context.arguments.clinical_significance == "significant" +}; + +// Rule 5: NHS data access requires a valid DSPT token; deny if absent. +// DSPT is a mandatory NHS England framework for data security. +@id("dspt-required") +@reason("nhs-dspt-access-agreement-required") +@regulation("nhs-dspt") +forbid ( + principal, + action, + resource +) when { + context.data_class == "nhs-patient-data" && + !(context has dspt_access_token) +}; + +// Rule 6: patient data must remain within UK geographic boundary. +// UK GDPR Chapter V: international transfers require adequacy decision or SCCs. +@id("uk-data-residency") +@reason("uk-data-residency-required") +@regulation("uk-gdpr-chapter-v") +forbid ( + principal, + action, + resource +) when { + context has data_residency && + context.data_residency != "uk-south" +}; diff --git a/healthcare/uk-nhs/trace-output/example-nhs-trust-record.json b/healthcare/uk-nhs/trace-output/example-nhs-trust-record.json new file mode 100644 index 0000000..3b75d8b --- /dev/null +++ b/healthcare/uk-nhs/trace-output/example-nhs-trust-record.json @@ -0,0 +1,59 @@ +{ + "cmcp_version": "1.0", + "trace": { + "eat_profile": "tag:agentrust.io,2026:trace-v0.1", + "iat": 1781280200, + "subject": "spiffe://cmcp.gateway/session/uk-nhs-demo-session-001", + "runtime": { + "platform": "intel-tdx", + "measurement": "sha256:c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "firmware_version": "intel-tdx-1.5.0", + "region": "uk-south", + "provider": "azure-confidential-compute" + }, + "policy": { + "bundle_hash": "sha256:e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8", + "enforcement_mode": "enforce", + "version": "radiology-nhs-v1.0" + }, + "data_class": "nhs-patient-data", + "tool_transcript": { + "hash": "sha256:a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0", + "call_count": 3 + }, + "cnf": { + "jwk": { + "kty": "OKP", + "crv": "Ed25519", + "x": "k5b2YtKvWY2FwTDnV8SV194FPh4loN3FwkjRt2b2y47", + "kid": "cmcp-uk-nhs-01" + } + } + }, + "gateway": { + "session_id": "uk-nhs-demo-session-001", + "gateway_version": "1.0.0", + "sequence_number": 3, + "audit_chain": { + "root": "c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4", + "tip": "a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0", + "length": 5 + }, + "call_summary": { + "tool_calls_total": 3, + "tool_calls_allowed": 3, + "tool_calls_denied": 0, + "tools_invoked": [ + "radiology.imaging_read", + "radiology.run_diagnostic_inference", + "radiology.write_diagnostic_report" + ], + "session_max_sensitivity": "nhs-patient-data", + "call_graph_summary": { + "compliance_domains_touched": ["nhs-patient-data", "uk-gdpr-art-22", "nhs-dspt"], + "data_residency_violations": [], + "dspt_token_present": true + } + } + } +} diff --git a/healthcare/us-fda-samd/README.md b/healthcare/us-fda-samd/README.md new file mode 100644 index 0000000..c9a51d7 --- /dev/null +++ b/healthcare/us-fda-samd/README.md @@ -0,0 +1,52 @@ +# US FDA SaMD: Clinical AI Governance with TRACE + +Demonstrates TRACE Trust Records for an AI/ML-based Software as a Medical Device (SaMD) +running in a US regulated context. Shows how the governance record maps to FDA SaMD Action +Plan requirements, cleared-scope enforcement, and HIPAA PHI safeguards. + +**Regulatory references:** FDA AI/ML SaMD Action Plan (2021), 21 CFR Part 820, HIPAA 45 CFR 164.312. + +--- + +## What the Cedar policy enforces + +| Rule | Regulatory basis | What it blocks | +|------|-----------------|---------------| +| Default deny | -- | Anything not explicitly permitted | +| `hitl-high-acuity` | FDA SaMD Action Plan -- human-AI teaming | Autonomous writes of critical-acuity reports without physician sign-off | +| `out-of-scope-modality` | 21 CFR Part 820 -- cleared device scope | Inference on imaging types outside the cleared indication of use | +| `require-attested-runtime` | HIPAA 164.312 | PHI tool access when `attestation_platform == "unknown"` | + +**Key difference from EU AI Act demo:** US focuses on cleared-scope enforcement (the SaMD +may only run on imaging modalities it was FDA-cleared for) and real-world evidence +traceability, rather than EU's risk-category human oversight model. + +--- + +## TRACE Trust Record: key fields for FDA audit + +```json +{ + "runtime": { "region": "us-east-1", "provider": "aws-nitro-enclaves" }, + "policy": { "version": "radiology-fda-v1.0", "enforcement_mode": "enforce" }, + "call_graph_summary": { + "compliance_domains_touched": ["phi", "hipaa-164-312", "fda-samd-action-plan-2021"], + "cleared_scope_violations": [], + "imaging_modality_used": "chest-xr" + } +} +``` + +`cleared_scope_violations: []` is the machine-readable answer to "did the SaMD operate +outside its FDA-cleared scope?" for this session. + +--- + +## Relationship to other healthcare variants + +| Variant | Jurisdiction | Key differentiator | +|---------|-------------|-------------------| +| Base demo (`../`) | EU + US | EU AI Act Art. 14 + HIPAA | +| This demo | US FDA | Cleared-scope enforcement, SaMD Action Plan | +| `../uk-nhs/` | UK | UK GDPR Art. 22, DSPT token, MHRA oversight | +| `../sg-moh/` | Singapore | IMDA Tier 1/2, PDPA consent, MOH guidelines | diff --git a/healthcare/us-fda-samd/policy/radiology-fda.cedar b/healthcare/us-fda-samd/policy/radiology-fda.cedar new file mode 100644 index 0000000..5c2eb47 --- /dev/null +++ b/healthcare/us-fda-samd/policy/radiology-fda.cedar @@ -0,0 +1,86 @@ +// Cedar policy bundle for AI/ML-based Software as a Medical Device (SaMD) +// version: radiology-fda-v1.0 +// Regulatory references: +// FDA Guidance: Artificial Intelligence/Machine Learning-Based SaMD Action Plan (2021) +// FDA 21 CFR Part 820 (Quality System Regulation) +// 21st Century Cures Act - Real-World Evidence requirements +// HIPAA 45 CFR Parts 160 and 164 (PHI safeguards) +// +// Cedar default-deny. workflow_id required on every call. + +// Rule 1: imaging read permitted for the radiology-samd workflow. +permit ( + principal, + action == Action::"Radiology.imagingRead", + resource +) when { + context has workflow_id && + context.workflow_id == "radiology-samd" +}; + +// Rule 2: AI inference permitted within the cleared indication of use. +// FDA SaMD: model may only run on imaging types within its 510(k)/DeNovo cleared scope. +permit ( + principal, + action == Action::"Radiology.runDiagnosticInference", + resource +) when { + context has workflow_id && + context.workflow_id == "radiology-samd" && + context has imaging_modality && + ["chest-xr", "ct-thorax", "mammography"].contains(context.imaging_modality) +}; + +// Rule 3: diagnostic report write permitted, subject to human oversight rules below. +permit ( + principal, + action == Action::"Radiology.writeDiagnosticReport", + resource +) when { + context has workflow_id && + context.workflow_id == "radiology-samd" +}; + +// Rule 4: FDA SaMD -- autonomous AI decisions on high-acuity findings require physician +// sign-off before the report is finalized. Maps to FDA guidance on human-AI teaming +// and the "Software Function" oversight category. +@id("hitl-high-acuity") +@reason("physician-review-required") +@regulation("fda-samd-action-plan-2021") +@reviewer_role("radiologist-md") +forbid ( + principal, + action == Action::"Radiology.writeDiagnosticReport", + resource +) when { + context.arguments has acuity_level && + context.arguments.acuity_level == "critical" +}; + +// Rule 5: inference outside the cleared imaging modality scope is blocked. +// FDA: use outside cleared indications is an unauthorized device modification. +@id("out-of-scope-modality") +@reason("imaging-modality-outside-cleared-scope") +@regulation("fda-21-cfr-820") +forbid ( + principal, + action == Action::"Radiology.runDiagnosticInference", + resource +) when { + context has imaging_modality && + !["chest-xr", "ct-thorax", "mammography"].contains(context.imaging_modality) +}; + +// Rule 6: PHI may only flow through an attested runtime. +// HIPAA 45 CFR 164.312(a)(2)(iv): encryption and decryption of PHI. +@id("require-attested-runtime") +@reason("attested-runtime-required") +@regulation("hipaa-164-312") +forbid ( + principal, + action, + resource +) when { + context.data_class == "phi" && + context.attestation_platform == "unknown" +}; diff --git a/healthcare/us-fda-samd/trace-output/example-fda-trust-record.json b/healthcare/us-fda-samd/trace-output/example-fda-trust-record.json new file mode 100644 index 0000000..09a6703 --- /dev/null +++ b/healthcare/us-fda-samd/trace-output/example-fda-trust-record.json @@ -0,0 +1,59 @@ +{ + "cmcp_version": "1.0", + "trace": { + "eat_profile": "tag:agentrust.io,2026:trace-v0.1", + "iat": 1781280100, + "subject": "spiffe://cmcp.gateway/session/us-fda-samd-demo-session-001", + "runtime": { + "platform": "amd-sev-snp", + "measurement": "sha256:b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5", + "firmware_version": "amd-sev-snp-milan-1.55.21", + "region": "us-east-1", + "provider": "aws-nitro-enclaves" + }, + "policy": { + "bundle_hash": "sha256:d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7", + "enforcement_mode": "enforce", + "version": "radiology-fda-v1.0" + }, + "data_class": "phi", + "tool_transcript": { + "hash": "sha256:f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", + "call_count": 3 + }, + "cnf": { + "jwk": { + "kty": "OKP", + "crv": "Ed25519", + "x": "j4a1XsJuVX1EvSCmU7RU093EOg3knM2EvjkQs1a1x36", + "kid": "cmcp-us-fda-samd-01" + } + } + }, + "gateway": { + "session_id": "us-fda-samd-demo-session-001", + "gateway_version": "1.0.0", + "sequence_number": 3, + "audit_chain": { + "root": "b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3", + "tip": "f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", + "length": 5 + }, + "call_summary": { + "tool_calls_total": 3, + "tool_calls_allowed": 3, + "tool_calls_denied": 0, + "tools_invoked": [ + "radiology.imaging_read", + "radiology.run_diagnostic_inference", + "radiology.write_diagnostic_report" + ], + "session_max_sensitivity": "phi", + "call_graph_summary": { + "compliance_domains_touched": ["phi", "hipaa-164-312", "fda-samd-action-plan-2021"], + "cleared_scope_violations": [], + "imaging_modality_used": "chest-xr" + } + } + } +}