DAVRDEV
Back to archive
II. Clinical AI & Health Platformsshowcaseleadclient anonymised

Popper — Clinical AI Supervision

Supervision/policy engine for the US healthtech platform/Healthcare platform platform: implements the Hermes Protocol v2.0.0 (supervision requests/responses, HTV scoring, proposed interventions, audit). Human-in-the-loop governance on top of clinical AI (deutsch). A full OSS-grade project with multi-region deployment (KSA + US).

Status
active
Period
2026-01-25 → 2026-02-14
AI sessions
Stack
Languages
TypeScriptSQL
Frameworks · Infra
Elysia.jsBunDrizzle ORMTimescaleDBTurborepoBiome
§01

Overview

  • What it is: "Popper" — a supervision/policy layer: receives supervision requests from the AI engine (deutsch), applies policy packs (YAML DSL), computes HTV thresholds, issues decisions (approve/route/reject) with mandatory audit. Named after Karl Popper (epistemology of refutation — a shared theme with deutsch/HTV). Part of the US healthtech platform ecosystem; shared protocol is @regain/hermes.
  • Type / status / role: api (policy/supervision engine + server) · active · lead — the user is the primary author (72 of 112 commits); the US healthtech platform team: Anton Kim <anton@US healthtech platform> (18), Harsh Manwani (17), aniashev/Anna Shevtsova (8).
  • Activity period: 2026-01-25 → 2026-02-14 — an intense ~3-week sprint, active. Full OSS scaffolding (LICENSE, VISION, GOVERNANCE, CODE_OF_CONDUCT, CONTRIBUTING, TRADEMARK, CERTIFICATION, PRD.md 51 KB).
§02

Stack

  • Languages: TypeScript (strictest tsconfig), SQL (TimescaleDB).
  • Frameworks/libraries: Bun 1.3+; Elysia.js (HTTP, apps/server); TimescaleDB (PostgreSQL 16, hypertables) + Drizzle ORM; Turborepo; Biome 2 (lint/format); lefthook (git hooks); @regain/hermes (npm package for contracts: types, AJV validation, builders, HTV utilities, fixtures). apps: server, queue, web; packages: core (policy engine + DSL parser), db, auth, cache.
  • Infra/deploy: multi-region — Helm dual-mode secrets (HashiCorp Vault for KSA/Saudi Arabia + AWS Secrets Manager for US), GitHub Actions deploy US + SA, AWS ECS (task definitions with ARN-rewrite during account migration), OTEL/LGTM observability (Loki/Grafana/Tempo/Mimir). config/policies (YAML policy packs), docs/specs (PRD + Popper/Hermes specs).
  • Data: TimescaleDB (time-series audit with compression / retention 7 years / continuous aggregates).
§03

What was shipped

Major commits authored by the user (per diffs) — primarily platform/infra/governance:

  • Dual-mode secrets for data residency (187423c, +528): Helm support for Vault (KSA) and AWS Secrets Manager (US) — meeting regional data-residency requirements.
  • Multi-region CI/CD: AWS US deploy workflow (b4cf6cb +124), Dockerfile path fixes (56d6d5e), ARN-rewrite during AWS account migration (86cb1bd, 41714b6), DATABASE_URL via Turbo for server tests (2d38ac1).
  • Observability: OTEL config/logging (0e44db2, 99631f8), LGTM section in the SA deployment guide (2a1c467).
  • Runtime: switch from bun compile to the Bun runtime for env support (3b7d546).
  • Policy engine + Hermes contracts: core (DSL parser, policy packs), @regain/hermes integration (supervision types, HTV).
  • Volume: 112 commits over 3 weeks; the user is the lead on infra/deploy/governance.
§04

Technical challenges

By code/diffs (user authorship):

  • Multi-region deployment with data residency (187423c): one Helm chart, two secret modes — Vault (Saudi Arabia, KSA) vs AWS Secrets Manager (US) — so data/keys never leave the region. → Serious infra/compliance engineering (medical data, distinct jurisdictions).
  • TimescaleDB hypertables for audit (CLAUDE.md workflow): composite PK with partition column timestamp, segment_by/order_by, compression after 7 days, 7-year retention (audit), continuous aggregates (hourly dashboards / daily baselines), real-time aggregation off. → Sound time-series design driven through pg aiguide.
  • Policy/supervision engine (packages/core): YAML policy pack DSL parser, application to supervision requests, HTV thresholds, decisions with audit. Contracts via @regain/hermes (AJV validation, type guards). → Governance engine supervising AI (responsible AI).
  • Observability-first: OTEL + the LGTM stack (Loki/Grafana/Tempo/Mimir) in both regions. → Production observability for a distributed system.
  • Engineering culture: strictest TS, Biome, lefthook, Turborepo, full OSS governance kit.
§05

AI-assisted development

  • Sessions found: 0 in the local Claude Code sessions directory (verified by normalizing the full path). API-driven testing was done in popper-cookbook (#51) — sessions are to be found there. CLAUDE.md describes in detail the workflow with MCP (pg aiguide) and skills (pg:setup-timescaledb-hypertables).
  • What was done with AI: development against SAL-* tickets (supervision API et al.), DB design via the pg-aiguide MCP.
  • AI workflow patterns: MCP tooling for TimescaleDB schema design, skills, cookbook-driven testing, detailed specs/PRD as context. A mature AI-native process.
§06

Achievements & metrics

  • Governance engine for a real health-AI product, US healthtech platform; multi-region (KSA + US) with data residency; TimescaleDB audit with 7-year retention; OTEL/LGTM observability; full OSS documentation set (PRD 51 KB).
  • 5-person team, user is the lead author (72/112) on infra/deploy/governance.
§07

Contributors

git shortlog · all branches

  1. Dave9372
  2. Anton Kim18
  3. Harsh Manwani17
  4. aniashev8
4 contributors115 commits total
Previous
PII Service — Searchable Encryption
Next
PHI Service (Elysia, US + KSA)
Currently

Open to Senior / Staff engineering roles and selective freelance — production AI, platform, and full-stack work.

Get in touch