Hearth Insights
Hearth Insights enforces accountability at every AI decision: verifiable, immutable, impossible to bypass.
Cryptographically Verified · Air-Gap Ready · Auditable by design.
agents:
# Data gatherer: zero network egress
DataGathererKyc:
image: aml-forensic/datagatherer-kyc:latest
bidding_strategy:
type: "claim"
target_types: ["GoalDefined"]
allowed_types: ["Failure", "KycData"]
network_access:
mode: restricted
allowed_domains: [] # no external access
workspace:
mode: ro
volumes:
- "./data:/data:ro"
# AI specialist: restricted to model endpoint
L1KycSpecialist:
image: aml-forensic/l1-kyc-specialist:latest
bidding_strategy:
type: "claim"
target_types: ["KycData"]
allowed_types: ["Failure", "KycAnalysis"]
network_access:
mode: restricted
allowed_domains: ["host.docker.internal"] # locally hosted LLM
workspace:
mode: ro
from /etc/holt/policy.yaml
Your board wants to know why the AI demo is not in production. The answer is not the model. The answer is that your most expensive engineers are building the plumbing of compliance: audit logs, security gates, access controls, and forensic trails, from scratch, instead of building your product.
This is the Hidden Factory: a second operation running inside your AI programme, invisible to the board, consuming budget that was approved for delivery.
The regulator will not ask how fast the model ran. They will ask what controls were in place, who approved them, and whether you can prove they worked.
When a regulator or your board asks what your AI decided and why, you answer immediately. Every artefact includes the system_manifest_id — the cryptographic hash of the holt.yml that governed it. You can prove not just the decision, but the exact policy configuration in force at the moment it was made.
{
"id": "110aeaa9ffa7dfe4beb5490d9d9e50b7...",
"header": {
"type": "CalculatedMetrics",
"produced_by_role": "L1BehavioralCalculator",
"created_at_ms": 1781700566652,
"parent_hashes": [
"911aba1b383561bc4add422c3549059c..."
],
"logical_thread_id": "53dc7f3e9607c79e...",
"metadata": {
"system_manifest_id": "7ca755cd3d501c5b..."
// holt.yml hash active at decision time
}
},
"relationships": {
"produced_by": { "status": "complete" },
"consumed_by": {
"parallel_agents": ["L1BehavioralAnalyst"]
}
}
}
Network isolation is enforced at the agent level, not the deployment boundary. Each agent's permitted external domains are declared in policy and enforced by the engine. Data gatherers operate with zero egress. AI specialists are constrained to named model endpoints. No agent can exceed its declared permissions.
DataGathererKyc: # reads raw data
network_access:
mode: restricted
allowed_domains: [] # zero egress
L1KycSpecialist: # runs AI analysis
network_access:
mode: restricted
allowed_domains: ["host.docker.internal"] # locally hosted LLM
L1Gatekeeper: # human review point
network_access:
mode: restricted
allowed_domains: [] # zero egress
In high-stakes industries, 99% accuracy is not enough. The gatekeeper agent fires on the completed AI dossier and can only produce a question, a decision to escalate, or a decision to discard. There is no automated approval path. The allowed_types constraint is enforced by the engine — not by convention — and cannot be bypassed.
L1Gatekeeper:
image: aml-forensic/l1-gatekeeper:latest
bidding_strategy:
type: "exclusive"
target_types: ["L1TriageDossier"]
# Engine-enforced output constraints.
# There is no automated approval type.
# Human must act.
allowed_types:
- "Question" # request human input
- "Failure" # system error
- "L1TriageDecisionEscalate" # elevate to L2
- "L1TriageDecisionDiscard" # close the alert
workspace:
mode: ro
network_access:
mode: restricted
allowed_domains: []
The FCA Mills Review (January 2026) formalised individual executive accountability for algorithmic failures under SM&CR. The Treasury Select Committee confirmed there is no published safe harbour for AI assurance. You cannot delegate this responsibility.
Enforce immutable AML adjudication trails. Move from manual review to deterministic AI replay. When the regulator calls, you answer with a forensic artefact, not a log file.
ENFORCEMENT PRECEDENT
£44.1m FCA enforcement action (2025)
Governance and oversight failures
REGULATORY EVENT
FCA Mills Review (January 2026)
SM&CR personal liability for AI decisions confirmed
Current automated AI pipelines lack the comprehensive audit trails required for regulated clinical data. Holt enforces these controls. Operating in secure, air-gapped environments with minimal privileges, Holt records every text process, retrieval, prompt, and model execution to a cryptographically verifiable ledger. From automating clinical notes to orchestrating complex LC-MS analytical pipelines, patient data never leaves your perimeter, and every decision is fully reconstructable.
Deploy in environments with no external connectivity. Process classified directives with zero external API calls and no licensing dependencies.
In a recent peer-reviewed study (Gut Appendix, 2026), Holt was tested in UHSFT to detect HPO terms from gastrointestinal clinical notes using an agentic workflow. By decomposing complex clinical workflows into discrete steps and enforcing a strict review cycle, Holt allowed a 3-billion parameter edge model to outperform a 120-billion parameter alternative on the same local hardware. Superior precision with a drastically reduced carbon footprint.
We do not ask you to trust our code. We ask you to verify our artefacts. Every release of the Holt engine is cryptographically signed (Cosign) and published to an immutable transparency log. You run exactly what we built, with a mathematical chain of custody from our compiler to your air-gap.
The question is not whether your AI is accurate. The question is whether you can prove it.
$ cosign verify-blob \
--key cosign.pub \
--signature checksums.txt.sig \
checksums.txt
Verified OK
# holt-linux-amd64
b7233901ce42c70dc220b3c64eb8cc17
6e63d790c5db1b841c3ad97cb2a8c4bb
# docker image
ghcr.io/hearth-insights/holt-engine/
holt-orchestrator:latest
sha256:ea41cdd3db3244e7ecd0177321e1120b
ed8acb7da8f99eb9efb64923ca79d0d7
# built: 2026-06-15 20:37:18 UTC
# commit: ce2f3176cb8a338a1bd12d0f4808944
github.com/hearth-insights/holt