IRIS Technical One-Pager — Architecture, Methodology, Compliance

§1 System Architecture

IRIS sits between the application layer and the LLM endpoint. It intercepts every prompt, runs it through 5 sequential processing layers, and emits a transformed prompt + enriched context envelope to the model. The application receives the model response through the same proxy — it never changes the response contract.

┌─────────────────────────────────────────────────────────────────────┐ │ APPLICATION LAYER │ │ (CDSS, clinical portal, drug-interaction UI, regulated AI product) │ └─────────────────────────┬───────────────────────────────────────────┘ │ OpenAI-compatible request ▼ ┌─────────────────────────────────────────────────────────────────────┐ │ IRIS ORCHESTRATOR HUB │ │ │ │ L1: Clinical Context Injection ──► Context envelope built │ │ ↓ │ │ L2: Intent Classification ─────► Route or reject │ │ ↓ (clinical_analysis path) │ │ L3: Regulatory Frame Selection ► Prompt preamble rewritten │ │ ↓ │ │ L4: Refusal-Risk Scoring ──────► Transform if score > 0.45 │ │ ↓ │ │ L5: Audit + Crypto Logging ────► GPG sign + SHA-256 chain │ │ ↓ │ │ → Enriched prompt emitted to model │ └─────────────────────────┬───────────────────────────────────────────┘ │ Transformed request ▼ ┌─────────────────────────────────────────────────────────────────────┐ │ LLM ENDPOINT (OpenAI GPT-4o / Claude 3.5 / custom fine-tune) │ └─────────────────────────┬───────────────────────────────────────────┘ │ Response (unchanged) ▼ ┌─────────────────────────────────────────────────────────────────────┐ │ APPLICATION LAYER ← receives model response │ │ + audit.chain_hash + intent.class + routing metadata │ └─────────────────────────────────────────────────────────────────────┘

§2 Evaluation Methodology — 34.3% → <2% Claim

The refusal-bias claim is grounded in a controlled evaluation on a corpus of 2,400 clinical prompts drawn from real-world clinical query patterns. All prompts were human-gold-labelled for correct disposition (should answer / should refuse). The evaluation was run on GPT-4o (gpt-4o-2024-11-20) and Claude 3.5 Sonnet (claude-3-5-sonnet-20241022), both with default system prompts.

Parameter	Baseline (no routing)	IRIS-Routed	Delta
Corpus size	2,400 prompts	2,400 prompts (same)	—
Refusal rate (overall)	34.3% (823 refusals)	<2% (41 refusals)	↓ 95% relative
Genuine safety refusals preserved	100% (n=38)	100% (n=38)	0% regression
False-positive safety rate	N/A	0.0%	—
Prompt categories	DDx (n=640), drug interaction (n=520), lab interpretation (n=480), care pathway (n=380), polypharmacy (n=380)
Models tested	GPT-4o-2024-11-20, Claude-3-5-sonnet-20241022
Labelling methodology	3 independent annotators (2 clinical, 1 AI safety), majority vote, κ=0.89

What counts as a refusal

Model declines to answer with "I can't provide medical advice"
Model redirects to "consult a doctor" without substantive response
Model partial-refuses: answers demographics, refuses clinical specifics
Model adds unsolicited disclaimer that negates the response utility

What counts as genuine safety refusal (kept)

Self-harm escalation signals in query
Explicit request for dosing with harm intent
Non-clinical context with medical framing (clearly out-of-scope)
Queries that would violate applicable professional regulations

§3 Integration Surface Area

Surface	Method	Latency Overhead	Auth	Status
REST Proxy API	`POST /v1/chat/completions` (OpenAI-compatible)	<40ms p99 (co-located)	Bearer license key	GA
Node SDK	`@talastar/iris-sdk` npm package	<5ms (in-process)	License key via env var	GA
Python SDK	`iris-sdk` PyPI package	<5ms (in-process)	License key via env var	Beta
Audit Log API	`GET /v1/audit/events`	N/A (async)	X.509 client cert	GA
Frame Management API	`GET/PUT /v1/frames/{frame_id}`	N/A	Bearer license key	GA
Webhook (refusal events)	POST to caller-defined URL on refusal triggers	N/A	HMAC-SHA256 signature	Beta

Data residency: IRIS does not store prompt content. Only metadata (intent class, routing decision, refusal risk score, timestamps) is persisted in the audit log. The prompt and response are passed through and never written to disk. European deployments route through EU-West infrastructure; NHS deployments can run on-premises or within NHS-approved cloud regions.

§4 SLA & Compliance Posture

Service Level:

Uptime SLA: 99.9% monthly (Standard); 99.95% (Enterprise)
Latency SLA: p99 <40ms routing overhead (co-located); <80ms cross-region
RTO: 15 minutes (Standard); 4 hours (Enterprise on-prem)
RPO: 0 (audit logs are append-only; no data loss window)

Support:

Standard: email support, 1 business day response, quarterly reviews
Enterprise: dedicated Slack channel, 4-hour P1 response, integration engineer assigned
Evaluation tier: best-effort during 90-day pilot period

Audit logging

Every routed request GPG-signed (RSA-4096), SHA-256 hash-chained. Append-only log. Tamper-evident via chain verification endpoint.

Implemented

Auth — X.509 / SAML

Audit Log API uses mutual TLS with X.509 client certificates. Enterprise SSO via SAML 2.0 (tested with NHS IAM, Okta, Azure AD).

Implemented

Zero-trust network

No implicit trust between IRIS components. All internal service calls authenticated + authorised per-request. mTLS between layers in cloud deployment.

Implemented

GPG audit trail

Each audit record signed with GPG (RSA-4096 key). Public key published to keyserver + disclosed to licensees. Enables third-party verification without IRIS infrastructure access.

Implemented

ISO 42001

Audit log + intent classification metadata provides evidence trail for AI governance requirements. Internal control mapping available on request.

Alignment doc ready

NHS DSPT / DSA

No patient-identifiable data stored. Data flow mapping available. NHS-region deployment available under existing NHS Digital cloud framework.

Available on request

EU AI Act (Annex III)

IRIS routes high-risk AI use cases (clinical decision support). L5 audit trail satisfies Article 12 record-keeping. Conformity documentation in progress.

In progress

§5 Known Constraints & Limitations

L2 classifier accuracy is 96.4% (F1) on the training distribution. Out-of-distribution clinical sub-specialties (e.g. tropical medicine, rare disease) may see lower intent classification precision. Frame tuning available for Enterprise licensees.
Latency overhead increases with L3 frame complexity. NHS_NICE frame (longest guideline reference set) adds ~12ms additional vs. baseline frame. All values within SLA.
On-premises deployment requires minimum 2 vCPU / 4GB RAM per IRIS instance. Horizontal scaling supported; load balancer config provided in the deployment guide.
The 34.3% baseline was measured on GPT-4o and Claude 3.5 Sonnet. Other models (Llama 3, Mistral, fine-tunes) have not been formally evaluated. Baseline rates on those models may differ.
Python SDK is in beta. It wraps the REST API; feature parity is complete but production load testing is ongoing. Node SDK is production-grade.