The governed execution layer that makes any care site trial-capable. Runtime carries every Damaros run: protocol compile, evidence sync, deterministic screening, REVIEW routing, human adjudication, Replay, and governed agent tasks.
Community clinics and major centers share the same run model. A community site executes with NCI-grade rigor. A major center bolts governed execution onto whatever it already runs.
A run is not a chat, a dashboard refresh, or a model answer. It is a typed execution event with versioned inputs, policy scope, actor identity, output state, provenance, and replay linkage. Damaros does not ask institutions to trust AI. It asks them to inspect the run.
Clinical trials have systems of record. They do not have a system of execution.
CTMS, EDC, eTMF, and the EHR each hold a fragment. None owns the moment a patient meets the protocol.
Does this patient, at this site, under this protocol version, with this evidence, meet the criteria? That answer still gets rebuilt by hand. Damaros makes it a governed run.
The run is the atomic unit of Damaros. Every run carries a manifest.
| RUN_ID | Unique identifier for the execution event. |
| RUN_TYPE | Protocol compile, evidence sync, screening, review, replay, agent task, export, validation, or cutover check. |
| TENANT / ORG / TRIAL / SITE | The scope in which the run occurred. |
| ACTOR | Human user, service principal, system worker, or governed agent. |
| INPUT_MANIFEST | Protocol version, evidence snapshot, cohort snapshot, task contract, source references, or configuration inputs. |
| OUTPUT_MANIFEST | Criterion states, REVIEW queue, evidence artifact, Replay bundle, Console signal, mapping suggestion, or export artifact. |
| POLICY_SCOPE | The access, PHI, egress, model, and review policy governing the run. |
| VERSIONING | Protocol version, engine version, Trident artifact version, Luna task version, connector version, and prompt/template version where applicable. |
| REPLAY_LINKAGE | The chain needed to reconstruct what happened. |
Protocol → Evidence → Screening → Review → Replay. One governed run from protocol intent to inspectable proof.
Trident structures protocol language into executable eligibility logic and evidence expectations. Surfaces criterion structure, temporal windows, lab thresholds, mapping candidates, ambiguity flags, and amendment deltas. Trident does not screen patients or issue eligibility verdicts.
Forge and Node admit site-approved evidence. FHIR R4, Epic Backend Services, Cerner/Oracle Health FHIR, bulk FHIR where approved, REDCap, CSV/TSV/Excel, warehouse extracts, pathology and lab tables, site-approved file drops. Output is a protocol-scoped evidence snapshot, not a shadow chart.
The deterministic engine evaluates locked protocol logic against an admitted evidence snapshot. Same protocol version, same evidence snapshot, same engine version, same evaluation_as_of, same outcome. AI can assist upstream. The engine governs the decision state.
Router owns uncertainty. REVIEW is emitted when evidence is missing, stale, conflicting, ambiguous, unmapped, or judgment-dependent. Records reviewer identity, role, timestamp, criterion state, adjudication action, rationale, and Replay linkage. REVIEW is not failure, it is Damaros refusing to fabricate certainty.
Replay reconstructs protocol version, Trident compile lineage, evidence snapshot, screening run, engine version, criterion outcomes, REVIEW events, human adjudication, authorization, artifact hash, export lineage, and AI-origin metadata where relevant. Not a report, PDF, or model transcript.
Agents accelerate. Humans decide. The engine governs. Luna governs agent task runs through explicit task contracts.
| TASK_CONTRACT | Allowed inputs, forbidden inputs, PHI policy, model/provider policy, tool permissions, network permissions, output schema, human review requirement, retention policy, downstream eligibility, Replay binding, failure behavior. |
Patient evidence stays protocol-scoped. Damaros is read-only by default, does not request write scopes initially, omits Binary, keeps DocumentReference metadata only, excludes narrative content from deterministic screening, and PHI never reaches an LLM.
Damaros does not become a second EHR. Evidence enters as protocol-scoped execution material:
Node is where patient evidence is admitted, screened, reviewed, and confirmed. The clinic holds the reins.
Console receives permissioned, de-identified execution signals, not raw PHI by default.
| SPONSOR_VISIBILITY | Permissioned, de-identified by default, trial-scoped, site-governed where required, artifact-gated where required, contract-bound. |
Runs in Damaros Cloud, your cloud, institution-hosted Node, or air-gapped for federal and zero-trust environments. The run model stays the same. The boundary changes.
For early pilots, sponsor demos, retrospective validation, and deployments where Damaros-hosted execution is approved. Isolated tenant, tenant-scoped run store, Node and Console access, Trident compile runs, Luna task governance, Replay bundles, structured audit logs, integration configuration, environment separation.
Damaros deployed into the customer’s AWS, Azure, or GCP account. Best for health systems, large sponsor networks, academic medical centers, strict infrastructure review, expanded validation, federal-adjacent posture. Customer controls VPC, identity provider, key management, logging, egress, backup, retention, and security monitoring.
Node runs inside the institution-approved boundary. Best for strict PHI control, hospital security review, site-hosted validation, no-external-PHI deployments, and research networks with local data governance. Damaros Cloud can receive approved metadata, de-identified execution signals, and Replay artifact status depending on contract.
For federal networks, defense-adjacent deployments, VA/DHA-style posture, or highly controlled research environments. Deny-by-default egress, explicit allowlists, no public model calls, local-only task execution where approved, private package registries, customer-managed keys, manual artifact promotion, offline validation packs.
Every run is attributable. Server-side secrets, TLS, JWKS endpoints with public key material only, private PEM never in logs or public JSON, structured logs with non-PHI identifiers, time-bound sessions, RBAC, and retention by BAA/DPA.
| OBSERVABILITY | Run status, connector health, sync failure, mapping failure, REVIEW queue age, engine reproducibility checks, Replay completeness, blocked egress attempts, blocked PHI-to-agent attempts, export events, admin actions. |
Execution integrity, not clinical efficacy. Validation and production share the same eligibility engine, protocol compiler, and Replay model. Cutover is a credential/environment swap rather than a workflow rebuild.