Skip to main content

Security and Governance

Security is built around data sovereignty, access control, auditability, source-grounded answers, OCR review gates, and government communication policy.

Data sovereignty

All document storage, vector DB, model inference, OCR, observability, and prompt management run in client-controlled Huawei Cloud. Delivered operation must not depend on external SaaS or data egress.

Access model

The working roles are admin, operator, and user, with ABAC attributes such as department and document classification refining document-level visibility.

Audit log

The audit log stores actor ID, action, entity type, entity ID, request ID, metadata, and timestamp. It records policy, query, answer, and review events so operational teams can inspect how a response was produced.

Policy Guard

The Government Policy Guard filters every generated response for anti-SARA, anti-jailbreak, and government communication policy compliance.

OCR governance

OCR confidence and model version are recorded so confidence can be interpreted correctly. Low-confidence or non-comparable OCR output routes to review and is excluded from retrieval.

Dependency governance

Every delivered component must use an OSI-approved license. This constraint drives Qwen, PaddleOCR-VL, pgvector, vLLM, Langfuse, Docling Slim, PostgreSQL, Redis, and Kafka choices.