Source/import runtime
Source mirror
Imported artifacts, provider snapshots, identity links, sync states, and source maps create the evidence substrate.
Regulatory compiler for SaMD teams
Cairn
A regulatory compiler and CI-for-compliance platform for SaMD teams that need traceable evidence, source freshness, and human-controlled quality decisions.
Start with read-only audit evidence, then graduate to gated workflow assistance after source, security, and legal posture are approved.
Compiler runtime
Compiler run
Deterministic catalog checks and cited findings produce reviewable compliance results.
Queue/output ledger
Validated output
Would-writes are prepared with replay artifacts and stay blocked until explicitly configured.
Compiler positioning
What Cairn Does
Compiler spine
Source -> tests -> findings
Artifact versions, bindings, source maps, citations, and package manifests stay linked.
Write posture
would-write first
External comments and tasks require trigger envelopes, deterministic validation, output records, idempotency, and replay.
Human floor
No AI approvals
AI can draft, detect, explain, and prepare evidence; humans control signatures and final dispositions.
Security and regulatory trust
Trust Commitments
| Area | Commitment | Proof surface |
|---|---|---|
| Data posture | Production exports default to metadata, hashes, artifact IDs, and redacted excerpts. | Trace redaction events and evidence package manifests |
| Security | Support access requires approval, session records, and audit events. | Support access grants, sessions, and auth events |
| Regulatory authority | Catalog fixtures and AI judgments route to consultant or human review until formally approved. | Catalog version, rubric snapshots, and review queue events |