Skip to content

feat: add fail-closed OpenMed privacy gate#5

Merged
ruvnet merged 2 commits into
mainfrom
feat/openmed-privacy-gate
Jul 13, 2026
Merged

feat: add fail-closed OpenMed privacy gate#5
ruvnet merged 2 commits into
mainfrom
feat/openmed-privacy-gate

Conversation

@ruvnet

@ruvnet ruvnet commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

Implements the Helix integration for OpenMed PR #1550 at upstream head 4ee5b28d0f118a2a521cb781551c1dcd343f8db2.

OpenMed is treated as a probabilistic candidate-span producer. Helix remains the disclosure authority through a new fail-closed Rust policy gate.

What changed

  • adds helix-openmed with immutable artifact locks, SHA-256 verification, complete-document window coverage, UTF-8/UTF-16/scalar offset normalization, deterministic identifier detection, redaction policy, and HMAC-only audit receipts
  • exposes openmed_plan_windows_json and openmed_gate_json through helix-wasm
  • adds an exact OpenMed 1.9 browser adapter using loadOnnxModel plus extractPii, with remote loading disabled and same-origin or loopback model enforcement
  • blocks artifact drift, incomplete inference, invalid offsets, nullable scores, unknown labels, weak HMAC keys, and unsafe artifact paths
  • preserves clinical concepts locally while redacting direct identifiers and, by default, quasi-identifiers
  • records the decision in ADR-050 and includes a deployment guide
  • updates one pre-existing redundant borrow so current stable clippy remains green

OpenMed 1.9 is not yet published to npm, so the adapter accepts the module built from the upstream PR rather than adding an unresolved registry dependency. The guide documents the switch to the published package once available.

Security model

Raw clinical text stays local. JavaScript may run inference but cannot issue an approved release receipt. A release is approved only after Rust verifies the model lock and full byte coverage, unions deterministic detections with model spans, and applies policy. Receipts contain vault-scoped HMACs and metadata, never raw span text.

This is a privacy-risk reduction control, not a HIPAA Safe Harbor or Expert Determination opinion.

Validation

  • cargo +1.80.1 test -p helix-openmed --lib
  • cargo +stable test --workspace
  • cargo +stable clippy --workspace --all-targets --all-features -- -D warnings
  • cargo +stable fmt --all -- --check
  • node --test ui/openmed-adapter.test.mjs
  • cargo +stable audit against 1,160 RustSec advisories
  • Ruflo 3.25.6 deep security, dependency, and secret scans: zero critical/high findings, zero dependency findings, and no secrets detected

The Rust suite includes a 1,000-document synthetic leakage canary plus regression coverage for Unicode offsets, overlapping spans, model misses, artifact drift, path escape, incomplete coverage, and unknown labels.

@ruvnet
ruvnet marked this pull request as ready for review July 13, 2026 20:50
@ruvnet
ruvnet merged commit 87ff0e1 into main Jul 13, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant