# Security Model: Wellness Trend Analysis Agent

This document describes the data flows, access boundaries, and consent model for the wellness trend analysis agent example.

## Data Access Summary

### What the Agent Read

| Resource | File | Records Read | Purpose |
|----------|------|-------------|---------|
| Heart rate | `wellness/heart-rate.ttl` | 30 daily readings (120-168 samples/day) | Primary trend analysis |
| Blood pressure | `wellness/blood-pressure.ttl` | 30 daily readings | Primary trend analysis |
| Activity | `wellness/activity.ttl` | 30 daily snapshots | Primary trend analysis |
| Sleep | `wellness/sleep.ttl` | 30 daily snapshots | Primary trend analysis |
| Conditions | `clinical/conditions.ttl` | 5 active conditions | Clinical context for interpretation |
| Medications | `clinical/medications.ttl` | 8 medication records | Clinical context for interpretation |

**Total: 6 files, ~133 records**

### What the Agent Did NOT Access

| Resource | File | Reason |
|----------|------|--------|
| Patient demographics | `clinical/patient-profile.ttl` | Not needed for trend analysis |
| Allergies | `clinical/allergies.ttl` | Not relevant to wellness trends |
| Lab results | `clinical/lab-results.ttl` | Not needed for device trend analysis |
| Immunizations | `clinical/immunizations.ttl` | Not relevant to wellness trends |
| Vital signs (clinical) | `clinical/vital-signs.ttl` | Focused on device data; clinical vitals not used |
| Insurance | `clinical/insurance.ttl` | Not relevant |
| Supplements | `wellness/supplements.ttl` | Not directly analyzed (noted as low-confidence data) |

### What the Agent Wrote

| Resource | Type | Provenance | Description |
|----------|------|-----------|-------------|
| BP trend observation | `cascade:AIObservation` | `cascade:AIGenerated` | Stable BP trend, controlled hypertension |
| Activity pattern observation | `cascade:AIObservation` | `cascade:AIGenerated` | Below-target exercise, weekend drop |
| Sleep pattern observation | `cascade:AIObservation` | `cascade:AIGenerated` | Weekly poor-sleep cycle |
| Weekly cycle observation | `cascade:AIObservation` | `cascade:AIGenerated` | Cross-stream lifestyle pattern |

**4 observations written**, all with `cascade:AIGenerated` provenance and `severity: informational`.

## Data Flow Diagram

```
+-------------------------------------------------------------------+
|                     LOCAL MACHINE ONLY                              |
|                                                                    |
|  +-------------------+        +----------------------------+       |
|  | Reference Patient |  READ  | AI Agent                   |       |
|  | Pod (filesystem)  |------->| (Claude Desktop or         |       |
|  |                   |        |  Claude Code)              |       |
|  | wellness/         |        |                            |       |
|  |   heart-rate.ttl  |        | 1. Parse time-series       |       |
|  |   blood-pressure  |        | 2. Compute statistics      |       |
|  |   activity.ttl    |        | 3. Detect trends           |       |
|  |   sleep.ttl       |        | 4. Cross-correlate         |       |
|  |                   |        | 5. Assess confidence       |       |
|  | clinical/         |        | 6. Generate observations   |       |
|  |   conditions.ttl  |        |                            |       |
|  |   medications.ttl |        |                            |       |
|  |                   | WRITE  |                            |       |
|  |                   |<-------| 4 AIGenerated observations |       |
|  +-------------------+        +----------------------------+       |
|                                                                    |
|  No data leaves this machine via Cascade tooling.                  |
|  LLM inference is the only network hop (Anthropic API).            |
+-------------------------------------------------------------------+
```

## No Data Left the Machine

This is a **local-first** operation:

1. **Pod storage:** Local filesystem. No cloud uploads.

2. **MCP/CLI:** All reads and writes are local filesystem operations via stdio (MCP) or direct file access (CLI). Zero network traffic from Cascade tooling.

3. **LLM processing:** Pod data (wellness time-series and clinical context) is sent to the Anthropic API for processing. This is the only network hop. Governed by Anthropic's data handling policies.

4. **Write-back:** The 4 trend observations are written to the local Pod filesystem. They do not leave the machine.

## Consent Model

### Read Consent

- **Scoped access:** This agent reads only wellness data (4 files) and clinical context (2 files). It does not access demographics, allergies, labs, immunizations, or insurance.
- **Patient-initiated:** The Pod owner explicitly invokes the agent by configuring the MCP server or running the CLI.
- **Minimum necessary:** The clinical context (conditions, medications) is read only to interpret wellness trends correctly, not to analyze clinical data directly.

### Write Consent

The agent writes 4 observations back to the Pod:

- **Explicitly requested:** The agent prompt instructs it to write trend observations.
- **Clearly provenance-tagged:** All observations carry `cascade:AIGenerated` provenance.
- **Non-destructive:** New observation records are appended. No existing data is modified.
- **Informational severity:** All observations are marked `severity: informational`, not clinical alerts.

### Audit Records Created

| Timestamp | Action | Resource | Agent |
|-----------|--------|----------|-------|
| T+0s | `pod_query` | `wellness/heart-rate.ttl` | Cascade Trend Analysis Agent |
| T+1s | `pod_query` | `wellness/blood-pressure.ttl` | Cascade Trend Analysis Agent |
| T+2s | `pod_query` | `wellness/activity.ttl` | Cascade Trend Analysis Agent |
| T+3s | `pod_query` | `wellness/sleep.ttl` | Cascade Trend Analysis Agent |
| T+4s | `pod_query` | `clinical/conditions.ttl` | Cascade Trend Analysis Agent |
| T+5s | `pod_query` | `clinical/medications.ttl` | Cascade Trend Analysis Agent |
| T+6s | `pod_write` | `observations/ai-trend-bp-20260220.ttl` | Cascade Trend Analysis Agent |
| T+7s | `pod_write` | `observations/ai-trend-activity-20260220.ttl` | Cascade Trend Analysis Agent |
| T+8s | `pod_write` | `observations/ai-trend-sleep-20260220.ttl` | Cascade Trend Analysis Agent |
| T+9s | `pod_write` | `observations/ai-trend-cycle-20260220.ttl` | Cascade Trend Analysis Agent |

All 10 audit entries persist in the Pod for patient review.

## Threat Model Considerations

| Threat | Mitigation |
|--------|-----------|
| False trend detection | Confidence ratings + disclaimer language; findings are informational only |
| Overinterpretation of 30-day window | Agent explicitly notes limitations of short observation period |
| Device data inaccuracy | Provenance-based confidence rating; medical-grade devices rated higher |
| Written observations treated as clinical truth | `cascade:AIGenerated` provenance clearly distinguishes from clinical data |
| Agent accesses unneeded clinical data | Access limited to conditions + medications for context only |
| Pod data sent to cloud LLM | Anthropic zero-retention policy; local LLM option for air-gapped use |

## Provenance Chain

The write-back observations create a clear provenance chain:

```
Device (Apple Watch / Omron Evolv)
  --> DeviceGenerated data in Pod (raw readings)
    --> AI Agent reads DeviceGenerated data
      --> AI Agent computes trends and correlations
        --> AIGenerated observations written to Pod
          --> Human reviews AIGenerated observations
            --> Physician makes clinical decisions
```

Each layer is provenance-tagged. No data is relabeled or overwritten. The chain is fully auditable.

## Summary

- **Data accessed:** 6 files (4 wellness, 2 clinical context), ~133 records
- **Data written:** 4 AI-generated trend observations
- **Network hops:** Zero for data retrieval; one for LLM inference (Anthropic API)
- **No PHI left the local machine** via Cascade Protocol tooling
- **Audit trail:** 10 entries logged in the Pod (6 reads + 4 writes)