Skip to content

Security and assurance

Self-hosted, hardened, and designed against the rules your inspectors enforce.

MakerChecker runs inside your perimeter, on your own Postgres, air-gapped if validation requires it, and never phones home. The audit chain is hardened so the store underneath it is hard to quietly edit, and its controls map clause by clause to 21 CFR Part 11, ICH E2B(R3), ALCOA+, and EU GVP. We say designed against and produces evidence for, never compliant or validated for you.

Self-hosted by design

Your infrastructure, your database, your perimeter.

The governance layer that proves who was accountable cannot itself be a black box you have to trust. It runs where you run, and we are not in the data path.

Your perimeter

Runs inside your environment

The control plane runs on your infrastructure, inside your network. There is no MakerChecker cloud in the data path, and no tenant of ours sees your case data. You operate it the way you operate any internal service.

Your database

Your own Postgres

State and the audit chain live in a Postgres instance you own and manage, under your backup, encryption-at-rest, and access policies. We do not run a database for you and we do not hold a copy.

Air-gapped capable

Runs disconnected

It can run fully disconnected from the internet, the deployment mode validation teams often require. The audit verifier needs no network and no account, so the offline-verify story holds in an air-gapped enclave.

Never phones home

No telemetry out

The service does not call back to us. There is no usage beacon, no remote log shipping, and no hidden dependency on a hosted endpoint. What runs is what you read in the open-source repository.

Database hardening

The audit is only as trustworthy as the store beneath it.

An audit chain on top of a database anyone can quietly edit is theatre. These properties make a direct edit to the store detectable by the same verifier an inspector runs, and make write access to the database insufficient to forge a record.

  • Co-commitThe state change and its audit event commit in one database transaction. There is no application path that writes one without the other, so a partial write cannot leave an action unlogged.
  • Append-only chainEach audit entry commits the hash of the prior entry. An update or delete at the row level breaks every downstream hash, so direct database tampering is detected by the same verifier an auditor runs.
  • Signed chain headThe chain head is signed with an Ed25519 key. Holding write access to the database is not enough to forge a record, because a re-signed forgery fails against the published public key.
  • Least privilege by roleDeny-by-default grants mean an agent role can only do what it was explicitly granted, at one pinned skill version. The identity that processed a case is barred in code from signing it off.

See the offline verify break when one row changes →

Control-to-clause crosswalk

Each control maps to a clause your inspector already enforces.

We never say compliant or validated for you, and we never say certified. We say this: MakerChecker is designed against the requirements of these rules, and it produces the signed artifact each one asks for. The grants and the segregation of duties prevent the wrong action; the chain and the signature prove what happened.

This crosswalk is a map, not a certificate. It is meant to give your validation team a clear line from a control they can read in the code to a clause they have to satisfy.

  • 21 CFR Part 1111.10(e) audit trails and 11.50 signature meaning. The signed export carries the approver, the date and time, the signature meaning, and the verbatim reason. We produce the evidence Part 11 asks for; the hash chain goes beyond what it requires and we never claim it demands one.
  • ICH E2B(R3)The expedited-reporting data interchange standard for ICSRs. The engine binds every clock-affecting decision (seriousness, expectedness, expedited status, submission) to a named human and the awareness timestamp, so the record behind an E2B submission shows who owned each call and when.
  • ALCOA+Attributable, legible, contemporaneous, original, accurate, and the rest. Every action is bound to a named identity in an append-only record committed in the same transaction as the state change, so the trail an inspector reads is contemporaneous and attributable by construction.
  • EU GVPGood Pharmacovigilance Practices make a named QPPV personally accountable for the safety system. The engine does not transfer that accountability; it makes it provable, by holding every clock-affecting decision for a named, authenticated human who signs, and recording the segregation of duties in code.

How the primitives land for a GxP buyer →

Verify, don't trust

Read every line before it touches a case.

The layer that proves who was accountable should be the most readable thing you run. It is open source and self-hosted, so your security and validation teams read the gate and reverify the chain themselves, with us nowhere in the loop.

Read the source before you trust itRead the self-hosting guide

Keep reading

For financial services

AML triage, sanctions, reconciliation, the SAR decision kept off the agent that raised the alert.

Read →

For life sciences

Complaint and adverse-event triage, batch release, the reportability call stays a named officer’s.

Read →

The six primitives

Agents as employees, versioned grants, structural segregation of duties, gates, limits, signed audit.

Read →

Use cases

Where a governed agent must not act alone, every workflow has a one-way door.

Read →

Why now

No rules means no safe harbor. The predicate rules underneath are date-proof.

Read →

How it compares

Guardrails, gateways, observability, and the authorization layer only MakerChecker provides.

Read →

See it for yourself

Bring it to your security review. Read every line.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Book a demoRead the docs

Designed against the rules your auditors already enforce.