12 — Security & Observability¶
Security Architecture¶
- Auth: Clerk JWT verification on every request
- RBAC: Organization-based tenant isolation via Clerk orgs
- Row-level security: PostgreSQL enforced via
tenant_idon every table - Field encryption: PII and PHI encrypted at rest (dedicated encryption service)
- Transport: HTTPS (TLS 1.3) on all API communication
- File access: Presigned URLs with 15-minute expiry, no public access
- Consent check: Every data access verifies active consent
- CORS: Allow only
app.curaway.ai+localhost(dev) - Headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
- MCP Server: Auth required, tenant isolation, consent checks
- Rate limiting (post-MVP): Redis-based per tenant per endpoint
- Security scanning: Bandit linter in CI pipeline
Observability Stack¶
| Layer | Tool | What It Tracks |
|---|---|---|
| Request-level | Events table (PostgreSQL) | agent_name, model, tokens, latency, cost, correlation_id |
| Trace-level | Langfuse | Full execution traces, nested spans, prompt/completion, cost per journey |
| Behavioral | PostHog | User flows, session recordings, feature adoption, funnels |
| Infrastructure | Grafana Cloud | Railway container metrics, PostgreSQL perf, Redis hit rates |
| BI / Reporting | Metabase OSS | Dashboards, corridor volume, provider analytics, LLM cost |
Key Metrics¶
| Metric | Target |
|---|---|
| LLM cost per patient journey | <$0.15 average |
| Agent TTFT (simple turns) | ~300ms |
| Agent TTFT (clinical reasoning) | 500–800ms |
| Async document parsing | 2–5s |
| Match accuracy | Measured by acceptance rate (post-MVP) |
| Intake completion rate | Track in PostHog |
| Document processing success | Track per OCR tier |
| Error rate by domain | Monitor AGENT_, FHIR_, MATCH_* |