Skip to content

sadpig70/Qvidence

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.pgf
.pgf
 
 
assets
assets
 
 
docs
docs
 
 
src/qvidence
src/qvidence
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Qvidence — Quantum + Evidence

Qvidence

Quantum + Evidence — bio/clinical evidence that survives the quantum transition.

status tests python deps license

What is Qvidence?

AI-native bio pipelines emit clinical, genomic, patient-stratification, and manufacturing data at high velocity. This data has long-lived value, which makes it a direct target of the harvest-now, decrypt-later threat model — while regulators (FDA real-time monitoring, EU AI Act, regional sovereignty) demand stronger evidence and stricter routing.

Qvidence binds three previously-separate domains into one operating system:

  • Bio / Clinical — hospital, CRO, wearable, lab, and manufacturing evidence;
  • PQC / Cybersecurity — every record sealed in a post-quantum capsule with a hash chain;
  • Regulatory governance — consent-aware jurisdictional routing, zero-knowledge style audit, IP escrow, incident replay.

It is built end-to-end with the PG / PGF AI-native design framework.

Architecture (8 components)

# Component Module
1 Clinical Data Ingest Layer qvidence/ingest.py
2 Crypto-Inventory Scanner qvidence/crypto_inventory.py
3 PQC Evidence Capsule qvidence/capsule.py
4 Consent & Jurisdiction Router qvidence/consent.py
5 Zero-Knowledge Audit Interface qvidence/zk_audit.py
6 Regulator Adapter Layer qvidence/regulator.py
7 Pharma / IP Escrow Module qvidence/escrow.py
8 Incident Replay Engine qvidence/incident.py

Plus shared kernel core.py (types, ULID-shaped IDs, errors, clock pair) and façade app.py.

End-to-end flow:

caller
  │  record_consent(subject, scope, jurisdictions)
  │  ingest(source, raw, subject, scope, intended_jurisdictions, meta)
  ▼
QvidenceApp ─┬─▶ build_envelope ─▶ router.evaluate ─▶ build_capsule ─▶ store.append
             │   accumulator.append(digest)
             │   emit ingest / capsule_built / route_decision events
             │
             │  regulator_export(jurisdiction, report_type, subject, scope)
             ├─▶ re-evaluate consent at export time
             │   inclusion proofs ─▶ adapter.shape ─▶ structural-scan-no-bytes
             │
             │  revoke_consent(subject, scope)
             ├─▶ next regulator_export ⇒ ConsentDenied
             │
             │  replay(subject)
             └─▶ deterministic time-ordered events

For the full design, see docs/Qvidence-TechnicalSpecification.md and the PG/PGF artifacts under .pgf/.

Quick start

Stdlib-only — no third-party packages required for the prototype.

git clone https://github.com/sadpig70/Qvidence.git
cd Qvidence

# run tests
python -m pytest -q
# 28 passed in 0.14s

Minimal usage:

import sys; sys.path.insert(0, "src")
from qvidence.app import QvidenceApp

app = QvidenceApp()

subject = "patient-001"
scope   = "trial:NCT-Q01"

app.record_consent(subject, scope, jurisdictions=["FDA", "EMA"])

ingest = app.ingest(
    source="hospital",
    raw=b"vital-signs:hr=72,bp=118/76",
    subject_id=subject,
    scope=scope,
    intended_jurisdictions=["FDA", "EMA", "KR-MFDS"],
    meta={"study": "NCT-Q01", "site": "S001"},
)
print(ingest["allowed_sinks"])     # ['fda.realtime', 'ema.dossier']

fda = app.regulator_export("FDA", "realtime_monitoring", subject, scope)
print(fda["schema"], fda["merkle_root"])

app.revoke_consent(subject, scope)

# subsequent export now raises ConsentDenied
events = app.replay(subject)
print([e["kind"] for e in events])

Security model

Threat Mitigation
Harvest-now, decrypt-later on TLS / DB / backup Every record sealed in a PQC capsule (KEM + AEAD + signature).
Tampered storage Capsule digest binds AAD + nonce + ciphertext + tag + encapsulated key; signature over digest; hash chain over prev_digest.
Mock provider in production QVIDENCE_REQUIRE_REAL_PQC=1 blocks both build and verify against any provider whose name starts with mock-.
Raw payload exfiltration via regulator submission RegulatorExportService runs a structural scanner; adapter shapes contain only digests / proofs / Merkle root / timestamps.
Replay of escrow release signature Canonical message includes at_bucket = floor(at / 60).
Stale consent at export Consent re-evaluated at export time, not at capsule-build time.
Inventory leakage crypto_inventory reads filename + ≤ 256-byte sidecar manifest only — never opens secret bytes.
Logging payloads via incident events EventLog.append rejects non-string and oversized detail values.

Mock cryptography. This prototype ships MockPqcProvider (mock-pqc-v0) built from HKDF-SHA256 + HMAC-SHA256 + a sha256-stream AEAD. It is not real PQC. Production deployments must register a PqcProvider backed by ML-KEM-768 / ML-DSA-65 (e.g. liboqs-python). The env gate QVIDENCE_REQUIRE_REAL_PQC=1 exists to prevent accidental promotion of mock artifacts.

Repository layout

.
├── README.md                                # this file
├── LICENSE
├── assets/
│   └── banner.svg
├── docs/
│   └── Qvidence-TechnicalSpecification.md   # full technical spec
├── .pgf/                                    # PG/PGF design + verification artifacts
│   ├── DESIGN-Qvidence.md
│   ├── REVIEW-Qvidence.md
│   ├── WORKPLAN-Qvidence.md
│   ├── status-Qvidence.json
│   ├── VERIFY-Qvidence.md
│   └── REPORT-Qvidence.md
├── src/qvidence/
│   ├── __init__.py
│   ├── core.py
│   ├── capsule.py
│   ├── consent.py
│   ├── ingest.py
│   ├── crypto_inventory.py
│   ├── zk_audit.py
│   ├── regulator.py
│   ├── escrow.py
│   ├── incident.py
│   └── app.py
└── tests/
    ├── conftest.py
    ├── test_core.py
    ├── test_capsule.py
    ├── test_consent.py
    ├── test_zk_audit.py
    ├── test_crypto_inventory.py
    ├── test_escrow.py
    └── test_e2e.py

PG / PGF conformance

Qvidence was specified, planned, executed, and verified using the PG (PPR/Gantree Notation) and PGF (PPR/Gantree Framework) AI-native skills.

  • Gantree depth = 3 (limit 5); no (decomposed) split required.
  • Every leaf passes the 15-minute / single-responsibility atomic-node test.
  • @dep: graph is a DAG; topologically equivalent to the actual import graph.
  • Acceptance criteria are inline (# acceptance_criteria:) and traced 1:1 to test cases in .pgf/VERIFY-Qvidence.md.

PGF artifacts:

Artifact Purpose
DESIGN-Qvidence.md Gantree + PPR.
REVIEW-Qvidence.md 3-perspective design review (feasibility / risk / architecture).
WORKPLAN-Qvidence.md 12 work nodes, DAG, POLICY block.
status-Qvidence.json done = 12 / 12, tests = 28 / 0.
VERIFY-Qvidence.md 3-perspective cross-verification.
REPORT-Qvidence.md Final report.

Roadmap (out of prototype scope)

  1. Real PqcProvider (liboqs-python ML-KEM-768 + ML-DSA-65 or AWS KMS PQ hybrid).
  2. Real ZK verifier (SNARK/STARK over capsule digest + processing-step transcript).
  3. Persistence: append-only WAL store, atomic head fsync, restart recovery.
  4. HTTP surface: thin FastAPI binding over QvidenceApp; auth via JWT-PQC hybrid.
  5. Source connectors: HL7/FHIR ingest, MES batch ingest, wearable streaming.
  6. Regulator schema fielding: align FDA / EMA / IRB shapes with current submission specs.
  7. Multi-region: per-region capsule stores with cross-region Merkle anchoring.

License

See LICENSE.

About

Qvidence (Quantum + Evidence) — bio/clinical evidence platform with PQC, consent routing, multi-jurisdiction regulator adapters, IP escrow, and incident replay. Built via PG/PGF.

Topics

python fda healthcare merkle-tree post-quantum-cryptography zero-knowledge clinical-data biotech pqc evidence-management regulatory-compliance ai-native ml-kem ml-dsa eu-ai-act harvest-now-decrypt-later incident-replay patient-consent ip-escrow pg-pgf

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages