DEMONSTRATION DATA·NO PHI
Kairos
Phase 2 · Architecture

How Kairos stays auditable

Every insight has a deterministic substrate underneath it. The LLM is the writing surface; the rules and validators are the load-bearing structure. This page shows the data flow, the anti-reversion contract, what Kairos cannot do, what an audit entry looks like, and how confidence is tiered.

Data flow

Each insight on the panel is the output of these seven steps

1
Chart data
DATA

Patient JSON: labs, vitals, meds, visits, MyChart, interventions.

2
Pre-processors
CODE

Pull last N labs by test, group meds by prescriber, parse pending-call note, derive trends.

3
Rule block (const)
RULES

Named clinical guardrails. These are the invariants we will not let drift.

4
LLM call
MODEL

claude-sonnet-4-6 with claude-3-5-sonnet fallback. Streaming.

5
Post-processors
CODE

Named validators run on the assembled output: regex checks, structural checks, word-count window.

6
Governance metadata
DATA

`meta` (rules + validators + model + tier) and `done` (used model, validations, word count) emitted as SSE.

7
User
HUMAN

Nurse sees: streamed draft, validator pass/fail, "Why did Kairos draft this?" drawer, action buttons gated until validators pass.

The anti-reversion contract

Why a fix shipped today does not silently regress next week

The clinical rules are not in the LLM prompt as free text. They live in named const blocks in code. The system prompt builder reads from these constants. Every change to a rule is a code commit with a diff and a reviewer. The model never "decides" what the rules are; it decides how to phrase what the rules require.

// kairos/lib/clinical/coumadin-callback.js export const COUMADIN_CALLBACK_RULES = [ 'INR target range for non-valvular atrial fibrillation: 2.0 to 3.0.', 'Three consecutive subtherapeutic INR draws (<2.0) require provider escalation, not nurse-driven dose change.', 'Phone callback must: greet by first name, state INR with date and target, ask three adherence questions, close by stating the prescriber will be notified.', 'Do NOT instruct the patient to change their warfarin dose.', // ... ]; export const COUMADIN_CALLBACK_VALIDATORS = [ 'no-dose-change-language', 'mentions-target-range', 'mentions-adherence-questions', 'word-count-window', ];
  • ·Rules are pinned, not prompted. The builder injects them by index into the system prompt every call, with no drift between runs.
  • ·Validators are post-processors, not LLM calls.They are deterministic regex / structural / word-count checks. The Send button stays disabled if any validator fails.
  • ·Both arrays ship to the user. The "Why did Kairos draft this?" drawer renders the same constants the system prompt uses. The audit trail logs the rule and validator names per call.

What Kairos cannot do without human approval

Hard guardrails, enforced in code, not policy

  • Send any communication to a patient or family member
  • Change any medication or dose
  • Order any test, lab, imaging, or referral
  • Schedule, reschedule, or cancel any appointment
  • Page or call a provider on the user's behalf
  • Mark any insight as resolved or dismissed
  • Edit, sign, or close any chart note
  • Bill, code, or modify any billing record
  • Authorize prior-authorization or pharmacy substitution
  • Communicate outside the chart (no email, no SMS, no MyChart push)

Every workflow ends with a draft and a Send / Page / Order button. The button is gated on validators passing AND the human pressing it. There is no autonomous action surface.

Audit trail entry

What gets recorded for every workflow invocation

Timestamp2026-04-24T13:42:18-05:00
Insight IDmc-2
Patient MRNDEMO-1001
Workflowcoumadin-callback
EndpointPOST /api/coumadin-callback
TierCLINICAL
Requested modelclaude-sonnet-4-6
Used modelclaude-sonnet-4-6
Fallbacks0
Rules applied7
Word count162
Validators
  • no-dose-change-language
  • mentions-target-range
  • mentions-adherence-questions
  • word-count-window
User actions
  • 2026-04-24T13:42:23-05:00Brandon S., RN·Reviewed draft
  • 2026-04-24T13:43:02-05:00Brandon S., RN·Edited 2 sentences for tone
  • 2026-04-24T13:43:48-05:00Brandon S., RN·Sent to MyChart (final)

Three-tier confidence model

How Kairos labels and constrains its own claims

High

Trigger rule

Deterministic rule match against structured chart data.

UI surfacing

Rendered with a primary-action button (amber) and "Confidence: High" label.

Workflows allowed

May draft callbacks, consult requests, and provider notes (output gated by validators).

Worked example

mc-2: INR subtherapeutic ×3 within 4 weeks. Three labs, one threshold, no inference.

Moderate

Trigger rule

Pattern match with limited prior, or threshold satisfied with one ambiguous input.

UI surfacing

Rendered with a primary-action button but a clear "Confidence: Moderate" label.

Workflows allowed

May draft handoffs and notes for human review. Will not propose an SBAR recommendation as a single answer if multiple options are clinically reasonable.

Worked example

pk-1: resistant HTN criteria met, but 4th-agent vs. workup is provider judgment. Note proposes both options.

AI Uncertain

Trigger rule

Pattern shift visible but does not satisfy a deterministic rule. Names possibility; defers to nurse and physician.

UI surfacing

Rendered with an explicit "AI Uncertain · names possibility · defers to RN judgment" stripe and conservative-by-default phrasing.

Workflows allowed

May draft an SBAR handoff that names uncertainty and lists the receiving clinician's options. Will NOT assert a diagnosis.

Worked example

lw-1: Linda's pattern shift in chest pain. Surface as "concerning for, cannot rule out," not "ACS."

Live trace viewer reading from real route logs is on the Phase 2F roadmap. Until then, each workflow modal includes its own inline audit (rules + validators + used model + word count). See the "Why did Kairos draft this?" drawer.