Skip to content

Security and assurance

Other AI vendors want your case data. We want none of it.

The whole thing runs on your servers, on your own database, and you can cut it off from the internet entirely. It never phones home. Your security and validation teams read every line of it before a single case moves, because it is open source and runs where you run.

Self-hosted by design

Your infrastructure, your database, your perimeter.

The thing a security reviewer fears is a vendor service sitting in the data path with patient data and a phone-home channel they cannot see. There is no such service here. It runs where you run, and we never touch your data.

Your perimeter

Runs inside your environment

The control plane runs on your infrastructure, inside your network. There is no MakerChecker cloud in the data path, and no tenant of ours sees your case data. You operate it the way you operate any internal service.

Your database

Your own Postgres

State and the audit chain live in a Postgres instance you own and manage, under your backup, encryption-at-rest, and access policies. We do not run a database for you and we do not hold a copy.

Air-gapped capable

Runs disconnected

It can run fully disconnected from the internet, the deployment mode validation teams often require. The audit verifier needs no network and no account, so the offline-verify story holds in an air-gapped enclave.

Never phones home

No telemetry out

The service does not call back to us. There is no usage beacon, no remote log shipping, and no hidden dependency on a hosted endpoint. What runs is what you read in the open-source repository.

Database hardening

The audit is only as trustworthy as the store beneath it.

An audit chain on top of a database anyone can quietly edit is theatre. These properties make a direct edit to the store detectable by the same verifier an inspector runs, and make write access to the database insufficient to forge a record.

  • Co-commitThe state change and its audit event commit in one database transaction. There is no application path that writes one without the other, so a partial write cannot leave an action unlogged.
  • Append-only chainEach audit entry commits the hash of the prior entry. An update or delete at the row level breaks every downstream hash, so direct database tampering is detected by the same verifier an auditor runs.
  • Signed chain headThe chain head is signed with an Ed25519 key. Holding write access to the database is not enough to forge a record, because a re-signed forgery fails against the published public key.
  • Least privilege by roleDeny-by-default grants mean an agent role can only do what it was explicitly granted, at one pinned skill version. The identity that processed a case is barred in code from signing it off.

See the offline verify break when one row changes →

Control-to-clause crosswalk

Each control maps to a clause your inspector already enforces.

We never say compliant or validated for you, and we never say certified. We say this: MakerChecker is designed against the requirements of these rules, and it produces the signed artifact each one asks for. The grants and the segregation of duties prevent the wrong action; the chain and the signature prove what happened.

This crosswalk is a map, not a certificate. It is meant to give your validation team a clear line from a control they can read in the code to a clause they have to satisfy.

  • 21 CFR Part 1111.10(e) audit trails and 11.50 signature meaning. The signed export carries the approver, the date and time, the signature meaning, and the verbatim reason. We produce the evidence Part 11 asks for; the hash chain goes beyond what it requires and we never claim it demands one.
  • ICH E2B(R3)The expedited-reporting data interchange standard for ICSRs. The engine binds every clock-affecting decision (seriousness, expectedness, expedited status, submission) to a named human and the awareness timestamp, so the record behind an E2B submission shows who owned each call and when.
  • ALCOA+Attributable, legible, contemporaneous, original, accurate, and the rest. Every action is bound to a named identity in an append-only record committed in the same transaction as the state change, so the trail an inspector reads is contemporaneous and attributable by construction.
  • EU GVPGood Pharmacovigilance Practices make a named QPPV personally accountable for the safety system. The engine does not transfer that accountability; it makes it provable, by holding every clock-affecting decision for a named, authenticated human who signs, and recording the segregation of duties in code.

How the primitives land for a GxP buyer →

Verify, don't trust

Read every line before it touches a case.

The code that decides what your agent may do should be the most readable thing you run, not a vendor black box. It is open source and self-hosted, so your security and validation teams read the gate and recheck the record themselves, with us nowhere in the loop.

Read the source before you trust itRead the self-hosting guide

Keep reading

For life sciences

Complaint and adverse-event triage, batch release, the reportability call stays a named officer’s.

Read →

For oncology

Patient access, funding and appeals, and trial cohort identification, the eligibility attestation kept off the agent that ran the investigation.

Read →

The six primitives

Agents as employees, versioned grants, structural segregation of duties, gates, limits, signed audit.

Read →

Use cases

Where a governed agent must not act alone, every workflow has a one-way door.

Read →

Why now

No rules means no safe harbor. The predicate rules underneath are date-proof.

Read →

How it compares

Guardrails, gateways, observability, and the authorization layer only MakerChecker provides.

Read →

See it for yourself

Bring it to your security review. Read every line.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Book a demoRead the docs

Designed against the rules your auditors already enforce.