Security and Governance
Security is built around data sovereignty, access control, auditability, source-grounded answers, OCR review gates, and government communication policy.
Data sovereignty
All document storage, vector DB, model inference, OCR, observability, and prompt management run in client-controlled Huawei Cloud. Delivered operation must not depend on external SaaS or data egress.
Access model
The working roles are admin, operator, and user, with ABAC attributes such as department and document classification refining document-level visibility.
Audit log
The audit log stores actor ID, action, entity type, entity ID, request ID, metadata, and timestamp. It records policy, query, answer, and review events so operational teams can inspect how a response was produced.
Policy Guard
The Government Policy Guard filters every generated response for anti-SARA, anti-jailbreak, and government communication policy compliance.
OCR governance
OCR confidence and model version are recorded so confidence can be interpreted correctly. Low-confidence or non-comparable OCR output routes to review and is excluded from retrieval.
Dependency governance
Every delivered component must use an OSI-approved license. This constraint drives Qwen, PaddleOCR-VL, pgvector, vLLM, Langfuse, Docling Slim, PostgreSQL, Redis, and Kafka choices.