Skip to content

Overview

What this is

The Clinical Agent Runtime Control Platform (CARC) is a control-plane service that sits between a clinical AI agent and the workflow it's allowed to affect. A healthcare AI company runs its own model — however it likes, on whatever infrastructure it likes — and hands the finished output to the Runtime Control Engine. The engine evaluates that output against:

  • Evidence — is every claim actually supported by a retrieved source?
  • Configurable policies — deterministic, data-defined rules (e.g. "any medication recommendation requires human review")
  • Runtime risk — a computed score derived from evidence and policy results

and returns one control decision: allow, require human review, or block. Every step is recorded on an immutable audit trail (the Decision Context Record) that can be fully replayed later.

What it does not do

  • It does not generate clinical text. There is no LLM call inside the engine's control path. Your agent produces the output; the engine only evaluates it.
  • It does not perform NLP or claim extraction. Agent output must arrive as structured data (claims, medication_recommendations, narrative) — see External Agent Runs.
  • It does not integrate with a real EHR or FHIR system yet. All clinical context in this version is synthetic. See Security for the honest list of current limitations.
  • It is not an authentication or authorization system yet. See Security before you build anything you intend to expose outside your own network.

Runtime control vs. model execution

Model execution (your agent)Runtime control (this platform)
Produces clinical textYesNever
Decides what to sayYesNever
Decides whether it's safe to act onNoYes — evidence + policy + risk evaluation
Owns the audit trailNoYes — immutable Decision Context Records
Requires clinical domain knowledge inside itYes (your model)No — policies are deterministic and data-defined

Agent-agnostic architecture

The engine has no built-in assumptions about which model, provider, or architecture produced an output. It is validated the same way regardless of origin:

  • Internal runs — the engine's own shipped reference adapter (used for demos and the Web Control Console's Case Workspace)
  • External runs — any third-party agent, submitted via POST /runtime/agent-runs

Both paths go through the identical evidence/policy/risk pipeline. Nothing about the control decision changes based on who executed the agent — see External Agent Runs for the full integration contract.

Next

  • Architecture — the object model and how the pieces fit together
  • Core Concepts — Runtime Session, Agent Run, Decision Context Record explained
  • Quickstart — run the whole lifecycle yourself

Developer Platform v1 — Clinical Agent Runtime Control Platform