Shipping
Jun 19Testing Platformknowledge_v2 baseline + ADR 0015 (MEDIC) build gate opens. Fri AM ran the first…Jun 19Testing PlatformFirst GUARDIAN-auto-surfaced legacy bug (F1). Fri AM: while diagnosing the OPI Classic…Jun 19Testing Platform4 knowledge_v2 prompt lessons encoded + verified stuck on first regen. Diagnosed Wed's 7…Jun 17Testing PlatformConfidence scoring fix — knowledge_v2 drafts can now bucket HIGH (commit 7117861).…Jun 17Testing Platform4 follow-on fixes from real-data SME ingest session (commit b89fa5e). (1) nginx 1MB…Jun 17Testing PlatformTESTGEN preview/expand UX (commit 08a800d). Two follow-on bugs spotted after knowledge_v2…Jun 17Testing PlatformKNOWLEDGE → TESTGEN loop closed end-to-end (commit 0dc4b1c). New knowledge_v2 generator +…Jun 17Testing PlatformKNOWLEDGE ingestion accepts files (not just paste-in text) — commit fc74962 + 62fccf1.…Jun 17Testing PlatformGUARDIAN Inbox drill-in restored — commit 99f3e6d. Tuesday's flow-first reshape removed…Jun 17Testing PlatformADR 0019 drafted: server-side exception ingestion (ELMAH → CODEX automatic). Replaces…Jun 19Testing Platformknowledge_v2 baseline + ADR 0015 (MEDIC) build gate opens. Fri AM ran the first…Jun 19Testing PlatformFirst GUARDIAN-auto-surfaced legacy bug (F1). Fri AM: while diagnosing the OPI Classic…Jun 19Testing Platform4 knowledge_v2 prompt lessons encoded + verified stuck on first regen. Diagnosed Wed's 7…Jun 17Testing PlatformConfidence scoring fix — knowledge_v2 drafts can now bucket HIGH (commit 7117861).…Jun 17Testing Platform4 follow-on fixes from real-data SME ingest session (commit b89fa5e). (1) nginx 1MB…Jun 17Testing PlatformTESTGEN preview/expand UX (commit 08a800d). Two follow-on bugs spotted after knowledge_v2…Jun 17Testing PlatformKNOWLEDGE → TESTGEN loop closed end-to-end (commit 0dc4b1c). New knowledge_v2 generator +…Jun 17Testing PlatformKNOWLEDGE ingestion accepts files (not just paste-in text) — commit fc74962 + 62fccf1.…Jun 17Testing PlatformGUARDIAN Inbox drill-in restored — commit 99f3e6d. Tuesday's flow-first reshape removed…Jun 17Testing PlatformADR 0019 drafted: server-side exception ingestion (ELMAH → CODEX automatic). Replaces…

Security & Data Handling

How I handle agency data, in plain language

Public-sector AI work succeeds or fails on trust. The principles below are the operational defaults across every system I build — not aspirations. Each is enforced in production today inside the Multnomah County AI Program.

Core Principles

The defaults I never override

Agency-Controlled Cloud

All processing runs inside the agency's own cloud tenant. For Multnomah County, every byte of document content, model call, and audit record stays within the County's GCP project. No data leaves the environment for AI processing, training, or storage.

Vendor & Model Neutrality

Model selection is driven by accuracy, cost, and data-residency requirements — not vendor preference. Vertex AI hosts Claude (via Anthropic) and Gemini (Google) under the agency's existing GCP agreements. Bedrock and Azure routing are available where existing contracts dictate.

Human-in-the-Loop by Default

Every system I build has explicit human checkpoints: reviewer approval before publication (A11yReady), SME confirmation before authoritative classification (UCR), Mounika briefing approval before agent actions take effect (Testing Platform). AI accelerates; humans remain accountable for the output.

Full Audit Trails

Every model call, every reviewer decision, every system mutation is logged with timestamp, actor, input, and output. Provenance flows from source artifact through extraction, validation, transformation, and publication. Procurement and compliance can reconstruct any decision.

Role-Based Access Control

All systems gate access by role and tenant. Multi-tenant systems use Row-Level Security keyed by tenant_id, per-agent service accounts, Identity-Aware Proxy gating, and Workload Identity Federation (no long-lived service-account JSON keys). Least-privilege is the default.

PHI / PII Guardrails

Two-stage PHI/PII classification (deterministic heuristic short-circuit + LLM second-pass) holds sensitive content for human review before ingestion. Verified post-hoc on real data: when the heuristic misses, the LLM catches; misses are purged, and the routing config is updated so they SKIP on re-ingest.

Lifecycle

How data moves through my systems

Six stages from intake to retention, with the controls at each stage. This is the operational reality, not a marketing diagram.

01

Intake

Documents and data arrive through agency-controlled storage (GCS buckets, Drupal-mounted volumes, or Drive folders authorized by the agency). No third-party staging. No off-cloud staging.

02

Processing

Vertex AI handles model calls inside the agency tenant. No request leaves the GCP project. Prompt + response logged for audit but never sent to external analytics services.

03

Validation

axe-core WCAG checks, numeric integrity validation, completeness checks, and cross-source reconciliation run before any output reaches a reviewer. Failures route to human triage, not auto-publish.

04

Human Review

Side-by-side comparison interfaces let reviewers approve, reject, or request fixes. Reviewer decisions feed back into deterministic correction directives — not consensus-based templates that can force-fit.

05

Publication / Action

Only reviewer-approved output is published or acted on. Where automated actions occur (e.g. social posting in Clearview Politics), guardrails enforce frequency, content type, and approval triggers.

06

Retention & Audit

All processing artifacts retained per the agency's retention schedule. Auditors can reconstruct any document's path from source to publication, including model versions and reviewer decisions.

Model Routing

No black-box AI

Every model selection decision is documented and reviewable. No 'we used AI' hand-waving.

Vision (page layout analysis)

Gemini 2.5 Flash (default) · Gemini 2.5 Pro (complex) — accessed via Vertex AI inside the agency's GCP tenant. Used for OCR, layout extraction, and visual fidelity verification against rendered HTML.

Text generation (content extraction, HTML, synthesis)

Claude Sonnet 4.5/4.6 (default) · Claude Haiku 4.5 (lightweight) — accessed via Vertex AI Model Garden inside the agency's GCP tenant. Used for structured extraction, HTML generation, and reasoning over multi-document contexts.

Embeddings (semantic search, clustering)

text-embedding-3-small · embedding-001 (Vertex) — stored as pgvector inside the agency's Postgres instance. Used for retrieval-augmented generation and duplicate detection.

Training data

None of your data is used for model training. Vertex AI enterprise APIs do not use customer data for foundation model training. Anthropic and Google contractually agree to this through GCP's enterprise data processing agreement.

Accessibility

What I build, I build accessibly

Because I sell accessibility automation work, my own deliverables — including this site — model WCAG conformance. If you find an accessibility issue, please report it through the Contact page and I will respond within 5 business days.

WCAG 2.1 Level AA Commitment

  • All systems I build are validated against WCAG 2.1 Level AA criteria using axe-core in CI
  • This site is built to meet WCAG 2.1 Level AA — accessibility issues can be reported via the Contact page
  • PDFs and rich documents published by client systems are tagged for screen readers, keyboard navigable, and free of color-only meaning
  • Forms include explicit labels, role attributes, and error guidance that screen readers can announce
  • Color contrast on all client deliverables meets or exceeds WCAG AA ratios (4.5:1 for body text, 3:1 for large text and UI components)

Incident & Disclosure

If something goes wrong

Plain-language incident response

If a system I built or operate causes a data exposure, accessibility regression, or compliance gap, I will: (1) notify the agency point-of-contact within 24 hours of discovery; (2) provide a written timeline within 5 business days; (3) deliver a written remediation plan with completion dates; (4) implement the fix on no-charge time until resolved.

For responsible vulnerability disclosure relating to this site or any deployed system I maintain, please email me directly. I treat all good-faith reports as friendly.

Questions

Need additional security documentation?

I can provide a written security questionnaire response, a data-flow diagram for your specific use case, or a sample architecture review. Most agencies receive this during the Discovery Engagement.

Schedule a Working Session Capability Statement

Last updated: June 2026 · Cossette Consulting LLC · This statement reflects current operational practice and is updated as systems evolve. Specific contractual security terms are documented in each engagement's Statement of Work.