SolaceSentry - Enterprise Security User Manual

Getting Started

1. Create Your Account

Visit solacesentry.com/signup. After account creation, select the Enterprise Security plan and your safety domains.

2. GPU Included at Checkout

Your Enterprise Security plan includes a dedicated H100 GPU -- no add-on required. For high-throughput workloads, contact support about multi-GPU configurations. Infrastructure is provisioned automatically during setup.

3. Complete Payment & Provisioning

After payment, the Setup Wizard provisions your isolated VPC, HA database, and compute resources. Your dedicated support engineer will contact you within one business day.

4. Get Your API Key

sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Important: Keep your API key secret. Rotate immediately if compromised.

Setup Wizard

The Enterprise Setup Wizard configures your fully isolated environment. It includes additional compliance and security steps compared to the Dedicated Domain wizard.

1

Domain & Compliance Configuration

Select domains, risk tiers, and enable HIPAA/SOC 2 compliance features. Specify if BAA is required.

2

VPC & Network Provisioning

Your isolated VPC is created with private networking, encryption at rest and in transit, and firewall rules.

3

HA Database Setup

Primary + standby PostgreSQL with automated failover, point-in-time recovery, and encrypted backups.

4

GPU & Compute Provisioning

Dedicated compute cluster with your selected GPU configuration is deployed within your VPC.

5

SSH & API Key Setup

Upload SSH keys for infrastructure access. Production and test API keys are generated.

Ready

Enterprise infrastructure is live. Your dedicated support engineer will reach out within 1 business day.

Your Enterprise Infrastructure

Isolated VPC

Private network with no shared components. All traffic encrypted in transit (TLS 1.3).

HA Database

Primary + standby with automated failover. Encrypted at rest (AES-256). Point-in-time recovery.

HIPAA & SOC 2

Built to HIPAA and SOC 2 standards. Full audit logging. BAA available upon request.

H100 GPU Included

Dedicated H100 provisioned automatically with your plan. Deployed within your VPC.

HIPAA Compliance

Enterprise Security Exclusive

HIPAA compliance is only available on the Enterprise Security tier.

HIPAA Safeguards

Administrative Safeguards

Role-based access control (RBAC) with audit logging
Workforce training requirements documented
Security incident response procedures
Regular risk assessments

Physical Safeguards

Isolated VPC -- no shared infrastructure components
Data center access controls (SOC 2 certified providers)
Hardware-level encryption

Technical Safeguards

Encryption at rest (AES-256) and in transit (TLS 1.3)
API key authentication with SHA-256 hashing
Complete audit trail for all data access
Automatic session management and access timeout
Record immutability (INV-7) prevents PHI tampering

SOC 2 Compliance

The Enterprise Security tier is architected following SOC 2 Type II trust service criteria:

S

Security

Isolated VPC, encryption, RBAC, API key hashing, firewall rules

A

Availability

99.9% SLA, HA database, automated failover, redundant compute

P

Processing Integrity

8 hard invariants, deterministic inference, record immutability, evidence grounding

C

Confidentiality

Data isolation, encryption at rest and in transit, no cross-tenant data access

P

Privacy

Data retention policies, right to erasure, audit trail for all data access

Business Associate Agreement (BAA)

A Business Associate Agreement is available for Enterprise Security customers who process Protected Health Information (PHI). The BAA covers:

Permitted uses and disclosures of PHI
Safeguards for PHI protection
Breach notification obligations
Return or destruction of PHI upon termination
Compliance with HIPAA Security Rule requirements

To request a BAA, contact your dedicated support engineer or email support@solacesentry.com. BAA execution typically takes 3-5 business days.

Isolated VPC Network

Your Enterprise Security infrastructure runs in a completely isolated Virtual Private Cloud. No network resources, storage, or compute are shared with any other tenant.

Network Architecture

Private subnets -- compute and database reside in private subnets with no direct internet exposure
Load balancer -- TLS-terminated at the edge; only HTTPS (port 443) accepted
Firewall rules -- ingress restricted to API endpoint; egress restricted to required services only
VPC peering -- available upon request for connecting your existing cloud infrastructure
IP allowlisting -- optional IP-based access restrictions for API access

High Availability Database

The Enterprise Security tier includes a high-availability PostgreSQL deployment:

Architecture

Primary + synchronous standby
Automated failover (< 30s RTO)
Connection pooling (pgBouncer)
Read replicas available

Data Protection

Encrypted at rest (AES-256)
Point-in-time recovery (30 days)
Daily automated backups
Cross-region backup optional

API Authentication

All requests require Bearer token authentication. API endpoint is the same for all tiers:

Authorization: Bearer sk_live_your_key_here

Base URL: https://api.solacesentry.com

API keys are hashed with SHA-256 before storage. The full key is shown only once during generation. Key prefixes: sk_live_ (production, billed), sk_test_ (testing, free), sk_dev_ (development, mock).

Submitting Observations

Using curl

curl -X POST https://api.solacesentry.com/v1/projects/{project_id}/observations \
  -H "Authorization: Bearer sk_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "payload": {
      "patient_id": "P-00412",
      "heart_rate": "142",
      "spo2": "88",
      "blood_pressure_systolic": "78",
      "domain": "clinical"
    }
  }'

Using Python SDK

from solace_sentry.sdk import SolaceSentryClient

client = SolaceSentryClient(
    api_key="sk_live_your_key_here",
    base_url="https://api.solacesentry.com"
)

obs = await client.observations.create(
    project_id="proj_abc123",
    payload={
        "patient_id": "P-00412",
        "heart_rate": "142",
        "spo2": "88",
        "domain": "clinical"
    }
)

Running Inference

result = await client.inference.create(project_id="proj_abc123")
print(result.classification)  # "veto", "concern", or "approve"
print(result.narrative)       # Human-readable explanation

# Full decision trace for audit
for verdict in result.decision_trace.judge_verdicts:
    print(f"  {verdict.judge}: {verdict.verdict} ({verdict.confidence:.2f})")

Understanding Results

VETO Critical violation -- stop and escalate immediately

CONCERN Potential issue -- human review recommended

APPROVE No violations -- safe to proceed

Every response includes a grounded narrative (INV-8), full decision trace with judge verdicts, and current evidence state. All decisions are auditable and explainable.

Evidence & Expectations

Evidence accumulates and never decays (INV-2). Set expectations to define data bounds; violations strengthen evidence weight. Use GET/POST on /v1/projects/{project_id}/evidence and /v1/projects/{project_id}/expectations.

On the Enterprise tier, all evidence access and expectation changes are logged in the full audit trail.

Python SDK

pip install solace-sentry

The SDK automatically handles authentication, retries, and rate limiting. Initialize with your sk_live_ key and the base URL https://api.solacesentry.com. See code examples in the Submitting Observations and Running Inference sections above.

Using the Interpreter

Access the Interpreter from your dashboard under each entitlement. All 25 domains supported with 12 query intents: assess_risk, explain_decision, compare_scenarios, list_violations, show_evidence, trace_decision, suggest_action, summarize_state, query_history, check_compliance, forecast_trend, and validate_data.

On the Enterprise tier, all interpreter sessions are logged in the audit trail for compliance purposes.

Full Audit Trail & Explainability

Enterprise Security Exclusive

Full audit trail is exclusive to the Enterprise Security tier.

What Is Logged

- API access -- every request with timestamp, user, endpoint, response status

- Observation submissions -- full payload (encrypted), observation ID, project context

- Inference decisions -- classification, all judge verdicts, tribunal outcome, narrative

- Evidence changes -- every evidence state transition with before/after weights

- Dashboard actions -- login, logout, key rotation, team changes, configuration updates

- Interpreter sessions -- all queries and responses with data references

Export audit logs from your dashboard in CSV format, or access via the API. Audit data is retained for a minimum of 7 years per HIPAA requirements.

Continual Learning

Your models improve continuously using EWC-based continual learning with Fisher Information Matrix regularization, replay buffers, and progressive networks. All learning happens within your isolated VPC. Safety invariants are enforced during learning -- any update that would degrade safety metrics is automatically rolled back.

Your data is never used to train models for other tenants. Continual learning events are logged in the audit trail.

H100 GPU (Included)

Your Enterprise Security plan includes a dedicated NVIDIA H100 GPU. No add-on required -- GPU compute is part of your base subscription. Infrastructure is provisioned automatically within your isolated VPC.

H100 80GB HBM3

80GB HBM3 memory
3-5ms inference latency
FlashAttention-2 + INT8 quantization
Continual learning on your domain data
100M tokens/mo included
Isolated HA cluster + VPC

Seat Management

The Enterprise Security tier includes unlimited seats. Manage team members from Profile in your dashboard with Admin, Developer, or Viewer roles.

Role	Dashboard	API Keys	Interpreter	Billing	Audit Logs
Admin	Yes	Yes	Yes	Yes	Yes
Developer	Yes	Yes	Yes	No	Yes
Viewer	Yes	No	Yes	No	No

Enterprise Security includes unlimited seats. Contact your dedicated support engineer for custom configurations.

Safety Domains

All 25 safety domains:

Healthcare

healthcare_ops

clinical

pharma

lab

Financial

revenue

financial

insurance

claims

fraud

Legal & Regulatory

legal

regulatory

government

Cyber & Security

cybersec

threat

incident

ai_governance

Industrial

manufacturing

supply_chain

energy

infrastructure

Transport & People

aviation

autonomous

safety_eng

hr

Hard Invariants

8 invariants enforced at all times -- never violated, fully auditable:

1. Sparse Gate

Fast-path bypass for trivial observations

2. No-Decay Evidence

Evidence weights never decrease

3. Lazy Staleness

Stale evidence detected lazily at read time

4. Fast Gate Before Planning

Planning only invoked if necessary

5. Planning Gated

Crisis check before any planning

6. Max 2 Narrative Attempts

Fallback used if generation fails twice

7. Record Immutability

Records cannot be modified after creation

8. Narrative Reads Record Only

Narratives always grounded in recorded evidence

Rate Limits

Enterprise rate limits -- highest available:

Endpoint	Rate Limit	Burst
Observations	600 requests/min	100
Inference	600 requests/min	100
Evidence / Expectations	1200 requests/min	200
Health Check	3000 requests/min	500

Custom rate limits can be configured by your dedicated support engineer for specific use cases.

SLA Guarantee

99.9%

Uptime SLA

Monthly uptime target 99.9%

Maximum monthly downtime 43 minutes

Scheduled maintenance window Announced 72h in advance

Incident response time < 15 minutes (P1)

SLA credit Pro-rated for downtime exceeding SLA

Billing & Usage

Pricing

$1.50 / 1M tokens

+ $5,500/mo base fee for enterprise infrastructure

What Is Included

Isolated VPC with private networking
HA PostgreSQL with automated failover
HIPAA and SOC 2 compliance
BAA available
Full audit trail (7-year retention)
Continual learning (EWC)
250 team seats
SSH access
99.9% uptime SLA
Dedicated support engineer
Custom rate limits
GPU configuration at checkout

API Reference

Base URL: https://api.solacesentry.com

Method	Endpoint	Description
POST	/v1/projects/{project_id}/observations	Submit an observation
POST	/v1/projects/{project_id}/infer	Run violation inference
GET	/v1/projects/{project_id}/evidence	Get current evidence state
GET	/v1/projects/{project_id}/expectations	Get expectations
POST	/v1/projects/{project_id}/expectations	Set expectations
GET	/v1/health	Health check

Support

Dedicated Engineer

Named support engineer assigned to your account. Direct communication channel.

Introduced within 1 business day

Email Support

support@solacesentry.com

P1: < 15 min. P2: < 1 hour.

Slack Channel

Dedicated Slack channel with your team and support engineer.

Set up during provisioning

FAQ

How quickly can my BAA be executed?

Typically 3-5 business days after request. Your dedicated support engineer will coordinate the process.

Can I connect my existing VPC via peering?

Yes. VPC peering is available upon request. Your support engineer will coordinate the network configuration.

What happens during database failover?

The standby is promoted automatically. Failover typically completes in under 30 seconds. Connections are rerouted transparently. You may see a brief increase in response latency during the transition.

How long are audit logs retained?

Audit logs are retained for a minimum of 7 years per HIPAA requirements. You can export logs at any time in CSV format from your dashboard or via the API.

Can I restrict API access by IP address?

Yes. IP allowlisting is available. Configure it from your dashboard under security settings or request it through your support engineer.

What SLA credits are available?

If uptime falls below 99.9% in a calendar month, pro-rated credits are applied to your next billing cycle. Credits are calculated based on the proportion of downtime exceeding the SLA.

Is my data ever used for other tenants' models?

No. Your data is completely isolated within your VPC. Continual learning only improves your own models. No data is ever shared, transferred, or used to benefit other tenants.

How does unlimited seating work?

Yes. Contact your dedicated support engineer for custom seat arrangements.