K
Keystone AI

Controlled procedure retrieval for industrial safety and regulated operations. On your infrastructure. With access control and audit records.

Keystone AI is an on-premises procedure retrieval system for industrial and regulated environments where cloud AI is not an option. Access control enforced at query time, every answer cites its source, every query writes an audit record.

Runs fully on customer infrastructure. No external API calls. Air-gap compatible.

Contact for Technical Discussion View on GitHub
How it works
no cloud calls · no data exfiltration
Query:   "What is the confined space entry procedure?"
Sources: Approved operational documents loaded into the system
Gate:    Query-time ACL enforcement — user groups checked before retrieval
Output:  Answer + source citation + audit record (who / what / when / permission decision)
See what is demonstrated today →

The procedure retrieval problem

In industrial and regulated environments, critical procedures are scattered across disconnected systems:

  • - Safety procedures in document management systems
  • - Equipment manuals on file shares
  • - Incident reports in internal repositories
  • - Work orders in operational systems

When field personnel need the right procedure, they spend time searching or rely on memory. That is how avoidable incidents and audit failures happen.

Keystone enables natural language queries against your procedure and document corpus while enforcing access controls and maintaining audit records.

What the system does today

Capabilities below reflect what is demonstrated and running on the current deployment. Roadmap items are labelled explicitly.

Permission-aware retrieval

Users only retrieve content they are authorized to access. Authorization is enforced at the retrieval query layer — groups are checked before retrieval runs, not filtered from results afterward. Unauthorized documents never enter the retrieval context.

Audit-grade records

Every query recorded: user identity, groups at query time, sources accessed, permission decision, generated answer, and citations. Hash-chained records with INSERT-only database role — the application cannot retroactively modify or delete audit entries.

Fail-closed behavior

When evidence is insufficient, Keystone refuses to answer rather than generate an unsupported response. This is an architectural constraint, not a prompt instruction. The evidence threshold is enforced outside the model.

On-prem deployment

Runs entirely on your infrastructure. No external API calls. Air-gap compatible. Docker Compose orchestration. Single-machine proof complete — multi-node deployment patterns on the roadmap.

Operator-facing console

Role-aware operator workflow. LLM-synthesized answers with source evidence expandable for review. Trust-oriented result presentation. Refusal and restricted states surfaced without leaking hidden document detail.

Document and corpus governance

Document registry and governance workflows. Metadata patching and controlled updates. Owner, domain, and content-kind tracking. Validation at update time.

Requirements-aware guidance

Retrieval constrained to documents matching the query context and the user's access level. Role-gated documents excluded from guidance when the requesting user lacks the required permission. Refusal states surfaced explicitly rather than silently omitted.

Evidence signing and verification

Audit records are HMAC hash-chained with an INSERT-only database role. Every query generates a tamper-evident entry. Offline verification workflows allow audit review without live system access.

Backup and recovery

Automated encrypted backup with restore discipline and smoke-check verification. Recovery integrity validated without network dependency. Restore drills are part of ongoing deployment health checks.

Proof and roadmap

Every public claim maps to a runnable demonstration, verification artifact, or published proof entry. Demonstrated capability is separated clearly from roadmap items.

Demonstrated
  • On-prem operation on customer-controlled infrastructure, with no external API dependency for core operation
  • Access control enforced before retrieval, so users only retrieve content they are permitted to access
  • Evidence-backed answers tied to source material, with traceable references to supporting documents
  • Fail-closed behavior when evidence is insufficient or access is restricted
  • Tamper-evident audit records and offline verification workflows for audit review
  • Backup, restore, and restore-drill discipline for recovery validation
  • Operational smoke checks and timer-based verification for ongoing deployment health
  • Operator-facing role-aware console with trust-oriented result presentation
  • Document and corpus governance including staged ingestion, metadata validation, and lifecycle management
  • Requirements-aware retrieval with role-gated document access enforced at the query layer
  • Evidence signing and offline audit verification for tamper-evident records
  • Cloudflare Access integration for on-prem identity gating without cloud-native API dependency
Proof ledger → github.com/getkeystone/keystone-kdat
Roadmap — not yet proven
  • Enterprise identity integration and production-grade authorization federation
  • Multi-node or HA/DR deployment
  • Multi-source ingestion connectors for enterprise systems
  • Production-scale corpus validation across large document estates
  • Formal compliance certification of any kind

Technical docs available on request

Public proof artifacts

The public proof ledger covers demonstrated capabilities across governed retrieval, permission-aware access control, operator console and trust controls, document governance, evidence signing and verification, audit verification, backup and restore discipline, and operational monitoring.

Proof ledger → github.com/getkeystone/keystone-kdat Technical docs available on request

Architecture

Governance layer
Retrieval
Hybrid search — full-text + pgvector cosine similarity in a single PostgreSQL database. Scores merged with configurable weights. No external search service dependency.
Access control
Role-based permissions enforced at the query layer. Unauthorized documents are excluded before retrieval, not filtered from results.
Audit
HMAC hash-chained records with INSERT-only database role. Ed25519 signed evidence bundles for offline verification.
Fail-closed
Deterministic evidence threshold enforced outside the model. Refuses to answer when confidence is insufficient.
Generation
Evidence-constrained answer synthesis via local LLM. The model sees only documents that passed access control and relevance gates. Citations verified against source chunks. Graceful degradation to deterministic summary if inference is unavailable.
Deployment model
Infrastructure
Single-machine Docker Compose deployment. Air-gap compatible. No external API calls for core operation.
Identity
Cloudflare Access integration for identity gating. Operates without cloud-native API dependency.
Inference
Local GPU inference via Ollama. Embedding: nomic-embed-text. Generation: qwen2.5:7b-instruct. No data leaves the deployment boundary.
Security
HMAC hash-chained audit, Ed25519 evidence signing, INSERT-only audit database role, two-person approval controls for evidence export.
Open source where possible. Proprietary where necessary. Public proof is tracked in the keystone-kdat milestone ledger.

What Keystone is not

Not a chatbot
Keystone is a controlled retrieval system. It does not maintain conversation state or engage in open-ended dialogue.
Not an AI agent
There are no autonomous agents or agentic loops. Retrieval is deterministically bounded and answer generation is constrained to retrieved evidence.
Not enterprise-ready today
This is a validated single-machine deployment. Multi-node, HA/DR, and enterprise identity federation are on the roadmap — not yet proven.
Not certified for any compliance framework
Keystone enables auditability and access controls consistent with compliance objectives. It does not hold and does not claim any certification.
Not a multi-source system yet
Multi-source ingestion connectors are planned but not yet built.

Built from real operational and infrastructure experience

12 years at Genesys delivering and supporting enterprise platforms for public sector and Fortune 500 environments where uptime, security, and documentation under audit pressure were non-negotiable.

Built production systems under strict change-control, access-control, and compliance review requirements. That background is why Keystone is built the way it is.

Keystone applies enterprise operational discipline to on-prem controlled procedure retrieval. Every design decision is documented. Every capability claim maps to a proof artifact.

Technical discussion

If your organization needs controlled procedure retrieval while maintaining data sovereignty, let's discuss the architecture. Primary focus: Alberta industrial safety and compliance-driven organizations.

Currently seeking early pilot partners for validation in industrial safety environments. Engagements at this stage are structured as early pilot / validation, not production deployment.

Email
arnaldo@getkeystone.ai
GitHub
github.com/getkeystone
LinkedIn
linkedin.com/in/arnaldosepulveda
Licensing

Source code available under Business Source License 1.1. Free for non-production use, converts to Apache 2.0 in 2030.