The resources an evaluator actually uses.
Five tracks. Each links to real pages, real downloads, real code — nothing here is a stub. If you're evaluating, auditing, or integrating RadMah AI, start with the track closest to your role.
Flagship depth
Evidence bundle architecture
Nine-artefact BLAKE3-sealed bundle that ships with every run. Per-step provenance, quality-gate results, SBOM, narrative, offline verifier hint — how it's built and why it survives procurement.
CCTP — physics-constrained projection
The Dykstra projection + SGLD sampler that keeps generated trajectories on a customer-defined constraint manifold. Used for Virtual SCADA realism and replay-determinism research.
Healthcare FHIR — the R4 bundle pipeline
Eight R4 resource types with 100% referential integrity by construction, LOINC / RxNorm / full US ICD-10-CM shipped, two-stage validator gate — every line grounded in the ``fhir.resources`` validator.
Proof you can touch
Download a real evidence bundle
The /verify page publishes a live 9-artefact BLAKE3-sealed example bundle, its release seal, and the offline verifier command. Download and byte-verify in five minutes.
release_seal.json — the root document
Synthetic example of a production release seal with every field populated (chain root, artefact manifest, ed25519 signature, reproducibility block). Inspect the shape before you install the SDK.
Developer reference
Python SDK
Pydantic-v2-typed, async-first, 100% type coverage. Same object model as the REST surface — the only way to drive the agent runtime in-process.
REST API — OpenAPI 3.1
Live route count fetched from the openapi.json on deploy (see /developer/rest-api for the current number). Idempotency keys, HMAC-signed webhooks, per-tenant rate limits.
Connector catalogue
14 encrypted source connectors — warehouses, RDBMS, object storage, HF Hub — with per-tenant Fernet-encrypted secret vault auto-hoisted from inline config.
CLI + offline verifier
Install with ``pip install radmah-sdk`` and you get ``slt-verify``, the offline evidence-bundle verifier. Runs on an airgapped machine, no network required.
Posture + trust
Security posture
Tenant isolation model, encryption at rest + in transit, key rotation, compliance controls. The procurement-review answer key.
Trust centre
Current alignment with ISO 27001 / SOC 2 / GDPR / UK GDPR / HIPAA-style controls. No placebo badges — we show what's aligned, what's in progress, and what's out of scope.
Vulnerability disclosure
The public security disclosure policy — scope, safe-harbour terms, response SLA, PGP key. security.txt served at the standard /.well-known/ path.
Data Processing Addendum
Default DPA text + sub-processor list. The GDPR-aligned data-protection contract most enterprise customers want signed before signature on the MSA.
Engineering process
AI disclaimer
Where humans stay in the loop, where the AI agent has authority, what it can and cannot do with your data.
Data retention + erasure
How long each artefact lives, what happens on account deletion (GDPR Article 17 right-to-erasure), the 30-day scheduled-purge window + the Enterprise override.
SLA
Response SLA by plan tier, uptime commitment, credit-back terms for outages.