Built on NovaGlyph Kit

The Health AI That
Physically Can't Share
Your Data.

Not a privacy policy. A mathematical guarantee.
Your health questions stay on your device until you cryptographically authorise otherwise.


💾

What it stores

Runs entirely on your device. The Baby AI holds only general medical facts — no patient records, no personal history.

  • General facts — first-aid responses, triage protocols
  • Your query log — stored in ~/.consent-health/log.jsonl, owner-only permissions
  • Your consent tokens — one per authorised query, in the same log
  • No network. No cloud. No subscription.
🔑

What can be shared

Nothing leaves your device unless you generate a sharing token. The sharing token is cryptographically bound to the recipient.

  • Sharing requires a second explicit AUTHORIZE
  • The sharing token names the specific recipient (Ed25519 pubkey)
  • Tokens expire after 24 hours
  • Every share is logged — the audit trail is append-only
  • A share without a token is detectable by auditors
🛡️

How sharing is controlled

The CONSENT mechanism: a human types AUTHORIZE, a token is signed, the token is verified before data moves. No token — no movement.

  • Token is query-specific — can't be reused for a different query
  • Token is time-bounded — 24h window, not open-ended
  • Token is signed — tampering invalidates the signature
  • Token identifies the approver device
  • Upgrade path to full Ed25519 for clinical deployments

The cryptographic architecture

ConsentHealth wraps any medical Baby AI — a small offline expert system compiled from a plain-text fact table using the NovaGlyph Kit. The Baby never connects to the internet and never stores your queries internally. The consent layer sits between you and the Baby.

When your query contains personal health markers — first-person language like "I have" or "my patient" — the wrapper pauses, shows you exactly what will be processed, and waits for you to type AUTHORIZE. If you do not type AUTHORIZE, the Baby never sees your query. If you type AUTHORIZE, a CONSENT token is generated and logged.

The CONSENT token is a signed JSON object. It contains a SHA-256 hash of your query (not the query itself), a timestamp, an expiry (24 hours), and an HMAC-SHA256 signature over all of those fields using a key that never leaves your device. The signature cannot be forged without that key. The hash binds the token to this exact query — a token for one question cannot be used to authorise a different question.

// Example CONSENT token — one of these is generated per authorised query
{
  "schema":      "consent-health/v1",
  "action_id":    "a3f8c21d09e45b7e1204f6a83c9d0012",  // 16 random bytes — unique per query
  "query_hash":   "7b2d4e9a1c3f...",                    // SHA-256 of your query text
  "template":     "first_aid",
  "scope":        "HEALTH_QUERY",
  "query_type":   "PERSONAL",
  "approved_at":  1748930400,                          // Unix timestamp — when you typed AUTHORIZE
  "expires_at":   1749016800,                          // 24 hours later — token is then void
  "approver_key": "e5a12f...",                            // fingerprint of your device key
  "signature":    "9c4d7e1f..."                            // HMAC-SHA256; forging this requires your device key
}
Honest limitations

The shell wrapper cannot prevent you from copying the log file or running the Baby binary directly. The guarantee is narrower and more useful: every time ConsentHealth processes a personal health query, a cryptographic record exists that a human explicitly authorised that specific query at that specific time. If someone shares health data without using the wrapper, there is no token — and that absence is detectable in the audit log. For multi-party clinical deployments, pair this with full-disk encryption and the Ed25519 upgrade path described in DESIGN.md.

1
You ask a question
The wrapper detects personal language and pauses before anything is processed.
2
You type AUTHORIZE
A CONSENT token is signed using your device key. The token is logged. Nothing has been answered yet.
3
The Baby answers
Your query is passed to the local Baby AI binary. No network call is made. The answer is printed to your terminal.
4
The log is updated
One JSON line is appended to ~/.consent-health/log.jsonl containing the timestamp, query hash, and token. The log is append-only.
5
Sharing requires a second AUTHORIZE
If you later want to share the result, a new sharing token is generated — bound to the specific recipient's Ed25519 public key and expiring in 24 hours.

Start building with consent.

ConsentHealth is included in the NovaGlyph Kit. Build on the templates,
or adapt the wrapper to any domain.

This is not a medical device. ConsentHealth and the Baby AI templates are information tools only. They do not diagnose, prescribe, or replace professional clinical judgment. Always consult a qualified healthcare professional for any medical concern.