Mission Control
v3.3.3.5-hf11 VM
Protocol telemetry and anchoring
UI Integrity Error
—
Deployment check: update public/index.html (not index.htm) and restart the Node service.
Current Merkle Root
—
Suggested demo flow: Seed Demo Data → Anchor Root to activate the ticker and viewer.
Evidence Throughput
Receipts
—
Anchors
—
Events
—
Leaves
—
Receipts are immutable, signed objects; Merkle roots batch receipts for anchoring & inclusion proofs.
Kill-Switch Status
—
—
Recovery is staged; re-enable requires negative tests + quorum approvals (demo simulated when backend lacks quorum).
Mission Brief
What the demo proves + a fast runbook (3D viewer lives only in the Viewer tab)
Integrity Guarantees
• Signed receipts (Ed25519) → non‑repudiation
• Merkle batching → tamper‑evidence + inclusion proofs
• Anchor checkpoints → audit references (roots)
• Encrypted payloads → proof without leaking sensitive content
• Purge certificates → retention enforcement (auditable tombstones)
60‑Second Demo Flow
1) Seed Demo Data → create receipts for 3 rails
2) Rails → Healthcare → run a “Bad Claim” (policy refusal)
3) Run “Fixed Claim” → accepted → Anchor Root
4) Viewer → Merkle / Continuity → click node → Proof Inspector
5) Evidence → Quick Verify → signature + inclusion proof
Last Action
—
Last Receipt
—
Anchor Ticker
Clickable checkpoints (opens inspector)
No anchors yet. Click “Anchor Root”.
Auto Template Builder
One-click template generation to standardize payloads and accelerate demos.
Build Diagnostics
Deployment validation & runtime build metadata
Displays the active UI artifact served at /, the backend build identifier, and the availability of local /vendor/* dependencies used by the 3D viewer.
Includes raw /api/build output for audit/debug capture.
—
Operational note: after deployments, a hard refresh may be required to clear cached assets.
Viewer
Dedicated 3D canvas (Merkle + Continuity) — no overlap, easier to demo
If the Merkle tree looks empty (fresh browser / cleared storage), use Sync Leaves to pull recent leaves from the backend.
3D Viewer
Merkle Tree • Continuity Graph • “electric” link flow
Graph status:
initializing…
Viewer Hint
Orbit (default): click‑drag anywhere to rotate in 3D • Right‑drag or Shift+drag to pan • Scroll to zoom • Click node to inspect • Toggle “Drag Nodes” to rearrange
Local Leaves
—
Graph Mode
Merkle
Legend
• Merkle mode: leaf hashes → branch hashes → root
• Continuity mode: actor vUID → event chain
• Click a node with a cached receipt to open the Proof Inspector
Quick Demo
One-click flow to populate the viewer:
Viewer Controls
Leaf Window
Sync From Server
Use “Master Reset” to clear server state (admin) + local caches so the Merkle tree can grow from zero again.
Leaf Sync Output
—
Event Stream
Operator view (full ciphertext stored server-side)
Loading…
Quick Verify
Paste receipt + proof (or use “Inspect” from event list)
—
Concept Stack
Receipt
Signed, immutable audit entry (UID-bound)
Merkle Inclusion Proof
Shows receipt belongs to anchored batch
Regulator Mirror
Redacted read-only view with purge proofs
Rails
Same core engine, different policy + payload + compliance wrappers
Use the rail buttons to switch verticals. Each emit returns a receipt + inclusion proof + updated Merkle root.
Healthcare modules
Encrypted Encounter (ePHI)
Emit encounter → receipt → optional blind-index fields
—
Encrypted Search (PEK)
Search via trapdoor + blind index tokens (demo)
—
Healthcare Depth
• CDI Note events (documentation integrity + coding deltas)
• Consent tokens (clinical trial / data sharing)
• EHR access audits (who viewed what, when)
• Break-glass access events (emergency override + TTL)
• Litigation-hold freeze + purge completion proofs (mirror)
CDI Note
Documentation integrity + CDI provenance (audit-ready)
—
Consent Token
Clinical-trial / sharing consent: revocable, time-bounded
—
Denial Defense
Policy-bound claim controls (modifiers • prior auth • medical necessity)
• Refuses to “sign” a claim receipt if required modifiers are missing
• Forces prior authorization evidence for high-cost procedures
• Adds immutable appeal bundles (receipt + proof + anchor chain)
Demo sequence: run Bad Claim to show policy refusal; run Fixed Claim to show pass + anchoring.
Denial-Prevention Output
Policy result + last receipt/proof pointers
—
Why it hits
• Converts payer rules into enforceable “policy bounds”
• Shrinks appeal cycles by packaging proofs the first time
• Makes compliance auditable without leaking ePHI
Claims Workflow — Step-by-Step Evidence Pack
Prior Auth → Operative Note → Claim → Denial → Appeal (each step signed + anchored)
—
Provider ROI highlights
• Denials are prevented before submission by enforcing payer rules at sign-time
• Appeals become a one-click evidence bundle anchored to a Merkle root
• Evidence stays encrypted; the proof is what travels
EHR Access Audit Receipt
Immutable access trail for HIPAA “minimum necessary” + break-the-glass oversight
—
What it proves
• Who accessed what, when, and why — without exposing ePHI in the receipt
• “Minimum necessary” intent + scope captured as an enforceable policy-bound event
• Creates audit-ready evidence for internal compliance and external investigations
Break-Glass Override Receipt
Emergency access with forced justification + TTL + post-event review
—
Why doctors care
• Allows real emergency access without turning the audit trail into “he said/she said”
• Auto-generates defensible evidence for compliance reviews and patient disputes
• Prevents silent misuse by requiring justification + time-bounded access
Fintech modules
Fintech Transaction Receipt
KYC/AML wrapped • jurisdiction tags • classification
—
Custody Transfer Receipt
Chain-of-custody event (wallet → wallet) with policy gate + Merkle proof
—
KYC / AML Attestation
Proof that checks occurred (without leaking PII)
—
Sanctions Screening Receipt
Proof of screening (OFAC/EU/UN) with vendor/run traceability
—
Why it matters
• Provides audit-grade evidence that screening happened at decision-time
• Prevents “we screened later” disputes by anchoring vendor run IDs and results
• Mirrors cleanly into regulator views without exposing full PII
Travel Rule Transfer Packet
Originator/beneficiary metadata packet for VASP-to-VASP compliance
—
What banks see
• A verifiable packet that can be shared while keeping sensitive fields encrypted
• Consistent provenance from KYC → sanctions → transfer → custody
• Stronger dispute/recall posture because every step is signed and anchored
SAR/STR Receipt
Suspicious activity evidence trail (case → codes → filing status)
—
Messaging (demo-grade)
Threads + message receipts. Each send generates a signed ProofStack receipt referencing message_hash (hash-only in receipt for privacy).
Threads
By rail / case_id / transaction_id
No threads yet. Send a message to create one.
Message feed
Thread: (new)
Select a thread on the left.
Compose
Lightweight, stable (no websockets). Evidence Explorer will show a receipt event per message.
Receipt stores message_hash only • plaintext stored server-side for demo UI persistence
—
AI / Flight modules
AI Prompt Receipt
Traceability for prompts, RAG state, policy gates
—
AI Safety Incident Receipt
Capture incident → mitigation → policy outcome under immutable audit
—
Use cases
• Governance: show that safety processes were executed at the time of incident
• Compliance: immutable record for auditors and model risk management
• Product: turn safety into a measurable, provable operational control
Model Card Anchor
Anchor model documentation + policy binding for audit readiness
—
Eval Report Receipt
Store evaluation results + report hash under policy bounds
—
Flight Mission Log
Swarm / drone mission authorization, geofence, time gates
—
Flight Telemetry Anchor
Anchor telemetry segment hashes so flight evidence scales without bloating receipts
—
Why it scales
• Anchor hashes for large telemetry blobs; keep receipts small
• Enables forensic proof without leaking raw data in the UI
• Plays cleanly with regulator mirror + purge certificates
Maintenance / Pre-Flight Check
Signed checklist proof + status to defend safety posture
—
Why it matters
• Converts checklists into verifiable safety controls
• Helps defend incident investigations with immutable maintenance evidence
• Pairs with telemetry anchoring to show end-to-end flight integrity
Regulator Mirror (read-only)
Redacted events • proofs preserved • purge status visible
Mirror omits ciphertext; retains hashes + policy tags + purged_at.
Loading…
Purge Tool (Admin)
Select mirror events → issue purge completion proof
—
Purge Vault (server)
Backend-stored purge certificates (click to inspect)
Loading…
Purged Receipts (local cache)
Stored locally (demo) for later inspection
None yet.
Audit & Tamper Lab
Audit-grade integrity testing: tamper simulation, chain validation, and recovery drills
Integrity test suite for auditors and security reviewers: tamper simulation, anchor-chain validation, Merkle root recomputation, and kill-switch exercises.
Tamper Simulation Output
What changed, what broke, what the auditor sees.
—
Chain-of-Command Checker
Validates anchor checkpoint chaining (prev_hash)
—
Merkle Root Integrity
Recomputes Merkle root from locally stored leaves
—
Downgrade / Incident
Demo idea: capability downgrade → incident token → scoped kill-switch → staged recovery.
Demo Script (inside UI)
1) Seed demo data (3 rails) → generates receipts/leaves
2) Mission Control → Anchor Root → Anchor Ticker populates
3) Evidence Explorer → Inspect one receipt → Verify
4) Regulator Mirror → select events → Purge → Inspect purge receipt
5) Audit Lab → Simulate Tamper → show proof break / root mismatch