Hearth Insights

PLATFORM OVERVIEW

The Blackboard Architecture

Redis-backed orchestration. Complete audit trail. Zero data leakage.

SYSTEM ARCHITECTURE

The 12-Step Workflow

graph TD User([fa:fa-user Authorised Operator]) -- "1. Operator commits intent" --> CLI(fa:fa-terminal The Airlock) subgraph SecurePerimeter ["🔒 The Air-Gap"] subgraph ControlPlane ["Control & Data Plane"] direction TB subgraph Blackboard [fa:fa-database The Event Ledger] direction TB Artefacts("fa:fa-file-alt Artefacts") Claims("fa:fa-check-square Claims") Bids("fa:fa-gavel Bids") end Orchestrator(fa:fa-sitemap The Governor) end subgraph ExecutionPlane ["Execution Plane"] direction TB Agents["fa:fa-users Hermetic Unit<br/>(e.g., Screener, Investigator, Adjudicator)"] Tools([fa:fa-wrench Verified Toolchain<br/>OpenSSL, Pandas, SWIFT Parser]) end CLI -- "2. Ingests Intent" --> Blackboard Blackboard -- "3. New Ingest Event" --> Orchestrator Orchestrator -- "4. Governor opens tender" --> Blackboard Blackboard -- "5. Tender details" --> Agents Agents -- "6. Units bid" --> Blackboard Orchestrator -- "7. Governor awards tender" --> Blackboard Blackboard -- "8. Notify Unit" --> Agents Agents -- "9. Executes in sealed container" --> Tools Tools -- "10. Attests Result (e.g., Signed SAR Payload)" --> Agents Agents -- "11. Attests Execution" --> Blackboard Blackboard -- "12. Loop: Next Cycle Begins..." --> Orchestrator %% Explicitly linking strut to ensure verticals %% Explicitly link Control Plane bottom to Execution Plane top to force stacking Orchestrator ~~~ Agents end classDef core fill:#ffffff,stroke:#13756e,color:#0f172a; classDef agent fill:#ffffff,stroke:#13756e,color:#0f172a; classDef user fill:#ffffff,stroke:#13756e,color:#0f172a; classDef data fill:#1e293b,stroke:#94a3b8,color:#e2e8f0; classDef perimeter fill:none,stroke:#64748b,stroke-width:2px,stroke-dasharray:5 5; classDef plane fill:#e2e8f0,stroke:none,color:#94a3b8; class Orchestrator,Blackboard core; class Agents agent; class User,CLI user; class Tools,Artefacts,Claims,Bids data; class SecurePerimeter perimeter; class ControlPlane,ExecutionPlane plane;

THE FORENSIC LOOP

Ingest: The Authorised Operator commits a goal via The Airlock.
Tender: The Governor posts the task to The Event Ledger.
Bid: Hermetic Units compete for the work.
Execute: The winner executes in a sealed container using a Verified Toolchain.
Attest: The result is hashed and written back to the Ledger. No side effects. No hidden logs.

KEY COMPONENTS

The Three Layers

CONTROL PLANE

Redis Blackboard

Chronological ledger storing artefacts, claims, and bids. Append-only for complete audit trail. Every decision traced to source.

EXECUTION PLANE Hermetic Units

Docker-isolated agents bid for work. Execute with tools (Git, linters, etc.). Commit results with cryptographic signatures.

AUDIT TRAIL Provable Compliance

Complete history in Redis + Git. Every artefact timestamped. Every claim logged. When the regulator calls, you have the answer.

LIVE AUDIT TRAIL

From alert to SAR: the complete chain.

End-to-end audit trail for AML alert ALT-2026-001. Three sequential human consultations — L1 triage, L2 investigation, MLRO sign-off — each producing a named, cryptographically linked artefact. Under POCA 2002, the MLRO carries personal liability for SAR filing decisions. Artefact 36df4891 is that decision: timestamped, hashed, permanently recorded.

LIVE AUDIT LOG — HOLT ENGINE

[14:12:32.286] ✨ Artefact created: by=orchestrator, type=SystemConfig, id=92c7bee8
[14:12:41.145] 🏆 Claim granted: agent=L1TriageSynthesizer, claim=fanin:f3, type=exclusive
[14:12:41.145] 🏆 Claim granted: agent=DataGathererTxHistory, claim=2a3bd4db, type=claim
[14:12:41.145] 🏆 Claim granted: agent=DataGathererKyc, claim=2a3bd4db, type=claim
[14:12:41.145] 🏆 Claim granted: agent=DataGathererSanctions, claim=2a3bd4db, type=claim
[14:12:41.145] ✨ Artefact created: by=user, type=GoalDefined, id=f3a3353b (anchored to spine=92c7bee8)
[14:12:42.343] 🏆 Claim granted: agent=L1KycSpecialist, claim=7b546aa3, type=claim
[14:12:42.343] 🏆 Claim granted: agent=L1CounterpartySpecialist, claim=2a04c899, type=claim
[14:12:42.343] ✨ Artefact created: by=DataGathererSanctions, type=SanctionsData, id=e30ce293
[14:12:42.343] ✨ Artefact created: by=DataGathererKyc, type=KycData, id=d66b18ec
[14:12:42.344] ✨ Artefact created: by=DataGathererTxHistory, type=TxHistoryData, id=9e960558
[14:12:43.857] ✨ Artefact created: by=L1BehavioralCalculator, type=CalculatedMetrics, id=26848142
[14:12:47.661] ✨ Artefact created: by=L1CounterpartySpecialist, type=CounterpartyAnalysis, id=fcc4afe5
[14:12:47.997] ✨ Artefact created: by=L1KycSpecialist, type=KycAnalysis, id=23f71bd9
[14:12:48.796] ✅ Review Approved - Jurisdiction assessment correct: by=L1CounterpartyValidator for artefact fcc4afe5 (review: 044c2898)
[14:12:49.137] ✅ Review Approved - KYC analysis schema valid: by=L1KycValidator for artefact 23f71bd9 (review: aaf3c5f4)
[14:12:50.247] 🏆 Claim granted: agent=L1BehavioralValidator, claim=64b7e11e, type=review
[14:12:50.247] ✨ Artefact created: by=L1BehavioralAnalyst, type=BehavioralAnalysis, id=2db32217
[14:12:51.386] ✅ Review Approved - Schema validation passed: by=L1BehavioralValidator for artefact 2db32217 (review: 00227b55)
[14:12:57.975] ✨ Artefact created: by=L1TriageSynthesizer, type=L1TriageDossier, id=fdc06213
[14:12:57.975] 🏆 Claim granted: agent=L1DossierValidator@a2c9bd10fd7e, claim=111f0b21, type=review
[14:12:59.116] ✅ Review Approved - Dossier synthesis complete: by=L1DossierValidator for artefact fdc06213 (review: a7bc8525)
[14:12:57.975] 🏆 Claim granted: agent=L1Gatekeeper@d2760c47cc39, claim=111f0b21, type=exclusive
[14:13:00.164] ❓ Question asked: by=L1Gatekeeper, type=L1Question, id=5f2c866a
[14:13:30.167] 💬 Answer provided: by=user, type=L1Answer, id=fb11fe99
[14:12:57.975] 🏆 Claim granted: agent=L1Gatekeeper, claim=2611159e, type=exclusive
[14:13:31.209] 🔄 Artefact Reworked (v1): by=L1Gatekeeper, type=L1TriageDecisionEscalate, id=92d5006d
[14:13:31.209] ✨ Artefact created: by=L1Gatekeeper, type=L1TriageDecisionEscalate, id=92d5006d
[14:13:31.209] 🏆 Claim granted: agent=L2DataGathererOsint@2bf94f114ec0, claim=6139dceb, type=claim
[14:13:31.209] 🏆 Claim granted: agent=L2DataGathererMedia@7f18cc5c640b, claim=6139dceb, type=claim
[14:13:32.422] ✨ Artefact created: by=L2DataGathererOsint, type=L2OsintData, id=031913d6
[14:13:32.422] ✨ Artefact created: by=L2DataGathererMedia, type=L2MediaData, id=9403cd58
[14:13:32.422] 🏆 Claim granted: agent=L2OsintSpecialist@cc290d5c9e5d, claim=8b6948bf, type=claim
[14:13:32.422] 🏆 Claim granted: agent=L2MediaSpecialist@2f581be697ae, claim=b2f94aee, type=claim
[14:13:37.177] ✨ Artefact created: by=L2MediaSpecialist, type=L2MediaAnalysis, id=26838df3
[14:13:37.177] 🏆 Claim granted: agent=L2MediaValidator@b747d61a7e36, claim=43e7b251, type=review
[14:13:38.327] ✅ Review Approved - Media analysis complete: by=L2MediaValidator for artefact 26838df3 (review: 708ca7c9)
[14:13:39.871] ✨ Artefact created: by=L2OsintSpecialist, type=L2OsintAnalysis, id=6d51f420
[14:13:39.871] 🏆 Claim granted: agent=L2OsintValidator@3c3abb5c8914, claim=fa739bcf, type=review
[14:13:41.023] ✅ Review Approved - OSINT analysis complete: by=L2OsintValidator for artefact 6d51f420 (review: 61c4eeeb)
[14:13:39.871] 🏆 Claim granted: agent=ShellCompanySpecialist@246b2c6c9172, claim=fa739bcf, type=claim
[14:13:47.384] ✨ Artefact created: by=ShellCompanySpecialist, type=ShellCompanyAssessment, id=8528e1a4
[14:13:47.384] 🏆 Claim granted: agent=ShellCompanyValidator@be3b43854809, claim=6f6ed9bd, type=review
[14:13:48.535] ✅ Review Approved - Shell company assessment complete: by=ShellCompanyValidator for artefact 8528e1a4 (review: 9bb83a59)
[14:13:53.633] ✨ Artefact created: by=L2Investigator, type=L2InvestigationReport, id=f43af51b
[14:13:53.633] 🏆 Claim granted: agent=L2ReportValidator@1a33c0e825ff, claim=39b9a31a, type=review
[14:13:54.780] ✅ Review Approved - Investigation report validated: by=L2ReportValidator for artefact f43af51b (review: 107f6d86)
[14:13:53.633] 🏆 Claim granted: agent=L2Gatekeeper@e2b406dbee1a, claim=39b9a31a, type=exclusive
[14:13:55.836] ❓ Question asked: by=L2Gatekeeper, type=L2Question, id=2cb63db4
[14:14:04.512] 💬 Answer provided: by=user, type=L2Answer, id=b446ac58
[14:13:53.633] 🏆 Claim granted: agent=L2Gatekeeper, claim=2a3385cb, type=exclusive
[14:14:05.547] ✨ Artefact created: by=L2Gatekeeper, type=L2SarRecommendation, id=694eb606
[14:14:05.547] 🔄 Artefact Reworked (v1): by=L2Gatekeeper, type=L2SarRecommendation, id=694eb606
[14:14:05.547] 🏆 Claim granted: agent=MlroGatekeeper@d483a880dc7e, claim=d9944a9b, type=exclusive
[14:14:06.709] ❓ Question asked: by=MlroGatekeeper, type=MLROQuestion, id=ca31c068
[14:14:16.340] 💬 Answer provided: by=user, type=MLROAnswer, id=2a733b47
[14:14:05.547] 🏆 Claim granted: agent=MlroGatekeeper, claim=0439b2af, type=exclusive
[14:14:17.370] 🔄 Artefact Reworked (v1): by=MlroGatekeeper, type=MLROApproval, id=36df4891
[14:14:17.370] ✨ Artefact created: by=MlroGatekeeper, type=MLROApproval, id=36df4891
[14:14:17.370] 🏆 Claim granted: agent=SarDrafter@cacebfecefd4, claim=ed9d85ea, type=exclusive
[14:14:18.590] ✨ Artefact created: by=SarDrafter, type=SarDraft, id=0333e3e9
[14:14:20.742] 🏁 Workflow complete [status=complete]: workflow=b6d2509e, goal={"alert_id": "ALT-2026-001", "subject_name": "hans_mueller"}

Forensic Replay: Because every event is written to an append-only ledger, an auditor can reconstruct the exact state at any point in the chain — including the system_manifest_id embedded in each artefact, which identifies the precise version of holt.yml governing each agent at the moment of its decision.

Three human consultations. Zero automated approvals.

THE THREE-TIER GATE

No automated approval path

L1Gatekeeper, L2Gatekeeper, MlroGatekeeper — three independent human consultations, each producing a named, hashed artefact. The system cannot advance without a human decision at each tier. This is not a policy statement. It is a hard architectural constraint.

THE ARTEFACT CHAIN

Every link is cryptographic

L1TriageDecisionEscalate (92d5006d) unlocks the L2 investigation. L2SarRecommendation (694eb606) triggers MLRO review. MLROApproval (36df4891) authorises the SAR draft. Remove any link and the chain breaks. A regulator can follow it forward or backward to any point.

THE MLRO RECORD

Personal liability, permanently recorded

Artefact 36df4891 is the MLRO's approval decision: named agent, timestamp, parent hash — immutable. Under POCA 2002, the MLRO carries personal liability for SAR filing decisions. This is what they can show a regulator if that decision is ever questioned.

POLICY AS CODE

The Specialist Pattern

holt.yml — aml forensic pipeline

version: "1.0"

agents:

  # Phase 1: Data ingest — reads from source, writes nothing upstream
  DataGathererKyc:
    image: aml-forensic/datagatherer-kyc:latest
    bidding_strategy:
      type: "claim"
      target_types: ["GoalDefined"]
    allowed_types: ["Failure", "KycData"]
    network_access:
      mode: restricted
      allowed_domains: []     # zero egress
    workspace:
      mode: ro
    volumes:
      - "./data:/data:ro"

  # Phase 2: AI analysis — restricted to named model endpoint
  L1KycSpecialist:
    image: aml-forensic/l1-kyc-specialist:latest
    bidding_strategy:
      type: "claim"
      target_types: ["KycData"]
    allowed_types: ["Failure", "KycAnalysis"]
    network_access:
      mode: restricted
      allowed_domains: ["host.docker.internal"]  # locally hosted LLM
    workspace:
      mode: ro

  # Phase 3: Human gate — no automated approval path exists
  L1Gatekeeper:
    image: aml-forensic/l1-gatekeeper:latest
    bidding_strategy:
      type: "exclusive"
      target_types: ["L1TriageDossier"]
    allowed_types:
      - "Question"                   # request human input
      - "Failure"                    # system error
      - "L1TriageDecisionEscalate"   # elevate to L2
      - "L1TriageDecisionDiscard"    # close the alert
    workspace:
      mode: ro
    network_access:
      mode: restricted
      allowed_domains: []

The engine enforces the boundary. Not the agent.

Each agent declares what it can consume (target_types) and what it can produce (allowed_types). The engine enforces both. DataGathererKyc can only produce KycData or Failure — it cannot write an analysis, escalate a case, or contact an external endpoint. This is not a coding convention. It is a runtime constraint.

L1Gatekeeper carries no Approval type in its allowed_types. The AI cannot produce an automated approval because the platform does not permit the type to exist. The only paths forward are a question, an escalation, or a discard. Human action is not a workflow step. It is a hard architectural boundary.

The AI cannot hallucinate a permission that does not exist. Security is not a guideline. It is architecture.

THE EVIDENCE GAP

The Difference is Forensic

Most orchestration tools optimize for speed. Holt optimizes for proof.

Feature	Standard CI/CD / Agents	Hearth Blackboard Architecture
The Log	Ephemeral text stream (Splunk/CloudWatch)	Immutable Event Ledger (Redis)
The Data	Piped to external SaaS clouds	Zero Egress (Your VPC Only)
The Payload	Opaque Containers (Black Box)	Hermetic & Signed (Images & Binaries)
The Audit	"Trust us, it ran."	"Here is the cryptographic proof."

Ready to see it in action?

Request a demo to see how the Blackboard Architecture transforms AI from a compliance risk into a strategic asset.

Request Platform Demo Verify Releases