K
Keystone AI

keystone://procedure-retrieval

Controlled procedure retrieval for industrial safety and regulated operations. On your infrastructure. With access control and audit records.

Keystone AI is an on-premises procedure retrieval system for industrial and regulated environments where cloud AI is not an option. Access control enforced at query time, every answer cites its source, every query writes an audit record.

Runs fully on customer infrastructure. No external API calls. Air-gap compatible.

Contact for Technical Discussion View on GitHub
How it works
no cloud calls · no data exfiltration
Query:   "What is the confined space entry procedure?"
Sources: Document corpus (Markdown — LRFD protocol procedures, KDAT-001A demo data)
Gate:    Query-time ACL enforcement — user groups checked before retrieval
Output:  Answer + source citation + audit record (who / what / when / permission decision)
Multi-source ingestion (SharePoint, SMB file shares, SQL databases) is on the roadmap. See what is demonstrated today →

The procedure retrieval problem

In industrial and regulated environments, critical procedures are scattered across disconnected systems:

  • - Safety procedures in SharePoint
  • - Equipment manuals on file shares
  • - Incident reports in email archives
  • - Work orders in databases

When field personnel need the right procedure, they spend time searching or rely on memory. That is how avoidable incidents and audit failures happen.

Keystone enables natural language queries against your procedure and document corpus while enforcing access controls and maintaining audit records. Multi-source ingestion from SharePoint, file shares, and databases is on the roadmap.

What the system does today

Capabilities below reflect what is demonstrated and running on the current deployment. Roadmap items are labelled explicitly.

Permission-aware retrieval

Users only retrieve content they are authorized to access. Authorization is enforced at the retrieval query layer — groups are checked before the vector search runs, not filtered from results afterward. Unauthorized documents never enter the retrieval context.

Multi-source ingestion

roadmap

Designed for SharePoint (Graph API with OAuth delegation), SMB/NFS file shares, SQL databases, and email archives. Current demo uses a Markdown document corpus. Multi-source ingestion connectors are on the roadmap.

Audit-grade records

Every query recorded: user identity, groups at query time, sources accessed, permission decision, generated answer, and citations. Hash-chained records with INSERT-only database role — the application cannot retroactively modify or delete audit entries.

Fail-closed behavior

When evidence is insufficient, Keystone refuses to answer rather than generate an unsupported response. This is an architectural constraint, not a prompt instruction. The evidence threshold is enforced outside the model.

On-prem deployment

Runs entirely on your infrastructure. No external API calls. Air-gap compatible. Docker Compose orchestration. Single-machine proof complete — multi-node deployment patterns on the roadmap.

Designed for compliance-constrained environments

NIST 800-171
CUI handling constraints
CMMC readiness
Supplier and contractor controls
HIPAA
Healthcare auditability needs
SOX
Change and access traceability

Built for regulated enterprises and compliance-constrained teams where data sovereignty is non-negotiable.

Keystone enables compliance controls. It does not claim certification. Compliance determination is your organization's responsibility.

Proof and roadmap

Every public claim maps to a runnable demonstration, verification artifact, or published proof entry. Demonstrated capability is separated clearly from roadmap items.

Demonstrated
  • On-prem operation on customer-controlled infrastructure, with no external API dependency for core operation
  • Access control enforced before retrieval, so users only retrieve content they are permitted to access
  • Evidence-backed answers tied to source material, with traceable references to supporting documents
  • Fail-closed behavior when evidence is insufficient or access is restricted
  • Tamper-evident audit records and offline verification workflows for audit review
  • Backup, restore, and restore-drill discipline for recovery validation
  • Supply chain integrity controls for deployment and restore inputs
  • Operational smoke checks and timer-based verification for ongoing deployment health
Proof ledger → github.com/getkeystone/keystone-kdat
Roadmap — not yet proven
  • Enterprise identity integration and production-grade authorization federation
  • Multi-node or HA/DR deployment
  • Multi-source ingestion connectors for enterprise systems
  • Production-scale corpus validation across large document estates
  • Formal compliance certification of any kind

Technical docs available on request

Public proof artifacts

The public proof ledger covers demonstrated capabilities across governed retrieval, operator trust controls, audit verification, backup and restore discipline, supply chain integrity, and operational monitoring.

Proof ledger → github.com/getkeystone/keystone-kdat Technical docs available on request

Technology stack

Current stack
Inference
Ollama — local LLM deployment, llama3.1:8b
Embeddings
nomic-embed-text:v1.5 — 768-dimension vectors
Vector search
Qdrant — metadata-filtered search (demo deployment)
Permissions
PostgreSQL — RBAC enforcement, group sync state, INSERT-only audit role
API
FastAPI — async ingestion and query pipeline
Access
Cloudflare Access — identity proxy for on-prem deployment
Security
SOPS + age encryption, HMAC hash-chained audit records
Orchestration
Docker Compose — single-machine, reproducible offline run
Open source where possible. Proprietary where necessary. Public proof is tracked in the keystone-kdat milestone ledger.

What Keystone is not

Not a chatbot
Keystone is a controlled retrieval system. It does not maintain conversation state or engage in open-ended dialogue.
Not an AI agent
There are no autonomous agents or agentic loops. Retrieval and answer generation are deterministically bounded.
Not enterprise-ready today
This is a validated single-machine deployment. Multi-node, HA/DR, and enterprise identity federation are on the roadmap — not yet proven.
Not certified for any compliance framework
Keystone enables auditability and access controls consistent with compliance objectives. It does not hold and does not claim any certification.
Not a multi-source system yet
Current retrieval operates against a Markdown document corpus. SharePoint, SMB file share, SQL, and email connectors are on the roadmap.

Built by an enterprise infrastructure engineer

12 years at Genesys delivering and supporting enterprise platforms for public sector and Fortune 500 environments where uptime, security, and documentation under audit pressure were non-negotiable.

Built production systems under strict change-control, access-control, and compliance review requirements. That background is why Keystone is built the way it is.

Keystone applies enterprise operational discipline to on-prem controlled procedure retrieval. Every design decision is documented. Every capability claim maps to a proof artifact.

Technical discussion

If your organization needs controlled procedure retrieval while maintaining data sovereignty, let's discuss the architecture. Primary focus: Alberta industrial safety and compliance-driven organizations.

Currently seeking early pilot partners for validation in industrial safety environments. Engagements at this stage are structured as early pilot / validation, not production deployment.

Email
arnaldo@getkeystone.ai
GitHub
github.com/getkeystone
LinkedIn
linkedin.com/in/arnaldosepulveda
Licensing

Source code available under Business Source License 1.1. Free for non-production use, converts to Apache 2.0 in 2030.