Resources

The resources an evaluator actually uses.

Five tracks. Each links to real pages, real downloads, real code — nothing here is a stub. If you're evaluating, auditing, or integrating RadMah AI, start with the track closest to your role.

Flagship depth

Evidence bundle architecture

Nine-artefact BLAKE3-sealed bundle that ships with every run. Per-step provenance, quality-gate results, SBOM, narrative, offline verifier hint — how it's built and why it survives procurement.

CCTP — physics-constrained projection

The Dykstra projection + SGLD sampler that keeps generated trajectories on a customer-defined constraint manifold. Used for Virtual SCADA realism and replay-determinism research.

Healthcare FHIR — the R4 bundle pipeline

Eight R4 resource types with 100% referential integrity by construction, LOINC / RxNorm / full US ICD-10-CM shipped, two-stage validator gate — every line grounded in the ``fhir.resources`` validator.

Proof you can touch

Download a real evidence bundle

The /verify page publishes a live 9-artefact BLAKE3-sealed example bundle, its release seal, and the offline verifier command. Download and byte-verify in five minutes.

release_seal.json — the root document

Synthetic example of a production release seal with every field populated (chain root, artefact manifest, ed25519 signature, reproducibility block). Inspect the shape before you install the SDK.

Developer reference

Python SDK

Pydantic-v2-typed, async-first, 100% type coverage. Same object model as the REST surface — the only way to drive the agent runtime in-process.

REST API — OpenAPI 3.1

Live route count fetched from the openapi.json on deploy (see /developer/rest-api for the current number). Idempotency keys, HMAC-signed webhooks, per-tenant rate limits.

Connector catalogue

14 encrypted source connectors — warehouses, RDBMS, object storage, HF Hub — with per-tenant Fernet-encrypted secret vault auto-hoisted from inline config.

CLI + offline verifier

Install with ``pip install radmah-sdk`` and you get ``slt-verify``, the offline evidence-bundle verifier. Runs on an airgapped machine, no network required.

Posture + trust

Security posture

Tenant isolation model, encryption at rest + in transit, key rotation, compliance controls. The procurement-review answer key.

Trust centre

Current alignment with ISO 27001 / SOC 2 / GDPR / UK GDPR / HIPAA-style controls. No placebo badges — we show what's aligned, what's in progress, and what's out of scope.

Vulnerability disclosure

The public security disclosure policy — scope, safe-harbour terms, response SLA, PGP key. security.txt served at the standard /.well-known/ path.

Data Processing Addendum

Default DPA text + sub-processor list. The GDPR-aligned data-protection contract most enterprise customers want signed before signature on the MSA.

Engineering process

AI disclaimer

Where humans stay in the loop, where the AI agent has authority, what it can and cannot do with your data.

Data retention + erasure

How long each artefact lives, what happens on account deletion (GDPR Article 17 right-to-erasure), the 30-day scheduled-purge window + the Enterprise override.

SLA

Response SLA by plan tier, uptime commitment, credit-back terms for outages.