Version: 1.0 | Date: 2026-04-21 | Classification: Confidential — For Investor, Clinical, and Regulatory Review
---
2. System Architecture Overview
3. Modularity and Switchability of Models
5. Code Organization and Best Practices
6. Seamlessness and UX Philosophy
8. Pros and Cons of the Current Architecture
9. Roadmap and Decisions Awaiting Founder Approval
---
Silent Infinity (silentinfinity.com) is a contemplative AI chat application that uses large language models hosted on AWS Bedrock to act as a reflective mirror for users engaged in inner-work, self-examination, and psychological exploration. It is designed not as a productivity tool or a clinical intervention, but as a private, non-coercive space in which users can think, feel, and be witnessed by an AI that refuses to exploit them.
The product exists because the wellness AI industry has converged on a business model that is structurally misaligned with user wellbeing: streaks, push notifications, engagement scores, and dependency loops drive retention numbers that satisfy investors while actively harming the users those products claim to serve. The January 2026 Character.AI settlement — stemming from allegations that its product contributed to user harm — crystallized the risk of building in that tradition. Silent Infinity was built in direct response.
As of April 2026, the application has six active users, 189 logged conversations, and is publicly accessible at silentinfinity.com. The backend is fully deployed on AWS infrastructure. The crisis-detection module is open-sourced. A Feature Readiness Standard gates every capability on documented safety review before any user exposure. The system is CA SB 243 compliant.
Key differentiators:
---
Every architectural choice in Silent Infinity was made against three constraints: (1) cost must scale with value delivered, never with idle time; (2) latency must be imperceptible enough that the conversation feels present rather than transactional; and (3) the system must be operable by a solo founder without a dedicated infrastructure team.
These constraints ruled out containerized always-on compute, self-hosted model infrastructure, and bespoke WebSocket server farms. They pointed directly at a serverless-first, AWS-native design.
Frontend — Single-Page Application
The client is a single HTML file with no build step and no framework dependency. This is a deliberate choice. A SPA with zero compile-time dependencies deploys in seconds, loads in under one second on a 4G connection, and can be CDN-edge-cached globally without cache-invalidation complexity. The sensory layer — ambient audio, presence orbs, breath animations — is implemented in vanilla JavaScript and the Web Audio API, meaning it requires no third-party audio library and degrades gracefully when the browser lacks audio permission. WebSocket capability is present in the client but currently operates over SSE (server-sent events) through API Gateway HTTP streaming, which is simpler to operate and equally capable for token-by-token response streaming.
Backend — AWS Lambda (Python 3.12 ARM64)
Lambda was chosen for five specific reasons:
1. Zero idle cost. A Lambda function that handles zero requests costs zero dollars. For a product at 6 DAU, this is not a rounding error — it is existential. A comparable always-on EC2 instance would cost $30–80/month regardless of usage.
2. ARM64 price-performance. Graviton2 ARM64 Lambda functions cost approximately 20% less per compute-millisecond than x86 equivalents and typically execute 10–20% faster for Python workloads that are I/O-bound rather than compute-bound.
3. Managed scaling. Lambda scales from 0 to 10,000 concurrent executions without operator intervention. The team does not maintain a capacity model.
4. Python 3.12 ecosystem. Boto3, Pydantic v2, and the full scientific Python stack are available as Lambda layers. The team's AI and data expertise is in Python.
5. AWS-native integration. Lambda has first-class IAM, CloudWatch, X-Ray, and Bedrock integration without SDK translation layers.
Amazon API Gateway (HTTP API)
HTTP API (not REST API) was chosen for lower per-request cost ($1.00/million vs $3.50/million) and native Lambda streaming support, which enables token-by-token response delivery without WebSocket connection management overhead.
Amazon Bedrock
Bedrock provides managed inference for Claude Sonnet 4.6 (primary conversation model) and Claude Haiku 4.5 (Chat Sentinel / feedback monitor). Bedrock eliminates model-hosting infrastructure, provides enterprise SLAs, and includes managed Guardrails. The ConverseStream API is used rather than InvokeModel — it is model-agnostic, supports multi-turn conversation natively, and streams token-by-token in a consistent format regardless of which Anthropic model is invoked.
Amazon DynamoDB
Conversation history, user profiles, crisis archives, and rate-limiting state are all stored in DynamoDB. On-demand billing means zero cost at zero traffic. Point-in-time recovery (PITR) is enabled on all tables. Stack delete is set to RETAIN — tables survive infrastructure teardown, preventing accidental data loss.
Amazon CloudFront + Route 53 + ACM
CloudFront serves the static frontend globally from edge caches, providing sub-100ms load times worldwide and DDoS absorption at the CDN layer. Route 53 manages DNS. ACM provides TLS certificates at no additional cost with automatic renewal.
The following describes the complete path for a single user message:
User types message → browser sends HTTP POST to API Gateway endpoint
|
v
API Gateway (HTTP API, us-east-1) receives request
- validates API key or JWT if authenticated session
- routes to Lambda via proxy integration
|
v
Lambda handler.py (Python 3.12, ARM64, 512 MB)
- rate_limit.py checks per-IP and per-uid DynamoDB counters
- guardrails.py runs regex crisis-pattern matching on input
- conversation_store.py loads prior turns from DynamoDB
- user_profile.py fetches user language / interest profile
- system_prompt.py assembles final system prompt
- bedrock_client.py calls Bedrock ConverseStream API
|
v
Amazon Bedrock (us-east-1 or cross-region inference profile)
- Model: anthropic.claude-sonnet-4-6 (or us.anthropic.claude-sonnet-4-6 for failover)
- ConverseStream returns ContentBlockDelta events (streaming tokens)
|
v
Lambda streams tokens back via API Gateway chunked HTTP response
- Each token chunk → SSE event → browser EventSource listener
- guardrails.py concurrently monitors output for crisis signals
- crisis_archive.py writes hash to DynamoDB if crisis flag raised
- pricing.py calculates token cost and logs to CloudWatch EMF
|
v
Browser renders tokens in real-time with typing animation
- 3-dot filler displayed until first token arrives
- Presence orb animates during streaming
- Pentatonic ping sounds on turn completion
- Turn stored in DynamoDB conversation_store after full response
┌─────────────────────────────────────────────┐
│ silentinfinity.com │
│ Single-Page HTML Application │
│ Web Audio API │ SSE Client │ localStorage │
└────────────────────┬────────────────────────┘
│ HTTPS (TLS 1.3)
┌────────────────────▼────────────────────────┐
│ Amazon CloudFront (CDN) │
│ Global Edge Cache │ DDoS Absorption │
└────────────────────┬────────────────────────┘
│
┌──────────────────────────▼──────────────────────────┐
│ Amazon Route 53 (DNS) │ ACM (TLS) │
└──────────────────────────┬──────────────────────────┘
│
┌──────────────────────────▼──────────────────────────┐
│ Amazon API Gateway (HTTP API) │
│ Rate limiting │ JWT validation │ Chunked HTTP │
└──────────────────────────┬──────────────────────────┘
│ Lambda proxy
┌────────────────────────────────▼────────────────────────────────┐
│ AWS Lambda (Python 3.12, ARM64) │
│ handler.py → rate_limit → guardrails → conversation_store │
│ user_profile → system_prompt → bedrock_client → pricing │
│ feedback_monitor (async) → crisis_archive (conditional) │
└──────┬─────────────────────┬──────────────────────┬────────────┘
│ │ │
┌──────────▼──────┐ ┌──────────▼──────────┐ ┌───────▼──────────┐
│ Amazon Bedrock │ │ Amazon DynamoDB │ │ Amazon CloudWatch│
│ Claude Sonnet 4.6│ │ conversations table │ │ EMF metrics log │
│ Claude Haiku 4.5 │ │ users table │ │ X-Ray tracing │
│ (Chat Sentinel) │ │ crisis_archive │ │ Alarms │
└──────────────────┘ │ rate_limits │ └──────────────────┘
└──────────────────────┘
OpenTimestamps (Bitcoin blockchain anchoring — crisis hashes only)
---
The most expensive architectural decision in any LLM-backed product is coupling the product to a specific model. Silent Infinity was designed from the first commit to treat model identity as a runtime configuration variable, not a code constant. Every module that touches a model does so through an abstraction layer. No Lambda handler hard-codes a model ID. This is not an optimization — it is a safety property. The model landscape changes quarterly. Pricing changes without notice. Capability jumps happen overnight. A system that requires a code change to swap models is a system that will be slow to respond to all three.
pricing.py is a standalone module that holds one thing: a dictionary mapping model IDs to per-token input and output costs, updated from Anthropic's published Bedrock pricing page. Every part of the system that needs to calculate cost — logging, rate-limiting by token budget, per-user cost attribution — imports from this single module. There is no other place in the codebase where model pricing is expressed.
This matters operationally: when Bedrock pricing changes (as it did in December 2025), a single file update propagates correctly to all cost-dependent logic. It also matters for audit: a regulator or investor asking "how much does one conversation cost?" receives a deterministic, traceable answer sourced from one location.
feedback_monitor.py implements Chat Sentinel, a lightweight asynchronous monitor that reviews completed conversation turns for safety, quality, and sentiment signals using Claude Haiku 4.5. It runs as an independent module invoked after the primary response is delivered to the user — it adds no latency to the user-facing path.
The model used by Chat Sentinel is controlled entirely by an environment variable (SENTINEL_MODEL_ID). Swapping it to a different model — Haiku 3.5, a future Anthropic release, or a third-party Bedrock model — requires no code change, no redeployment, and no test suite modification beyond updating the expected token-cost ranges. The module is designed with the explicit assumption that the model it calls will change.
bedrock_client.py wraps all Bedrock API calls. It accepts a model identifier, a list of messages, and a parameter set, and returns a streaming response iterator. The handler never calls boto3's Bedrock client directly — it always goes through this abstraction.
The model identifier defaults to the value of the PRIMARY_MODEL_ID environment variable. Parameters (temperature, max tokens, top-p) are passed from a per-variant configuration object rather than from hard-coded constants in the handler. The abstraction layer handles:
us.* prefix for failover — see Section 3.6)pricing.py after each response completesThe /invoke endpoint accepts an optional ?v= query parameter (values A through F). Each variant maps to a distinct combination of model ID, system prompt version, temperature, and max-token budget. The mapping is held in a DynamoDB configuration table rather than in Lambda code, enabling runtime updates to variant definitions without redeployment.
Current variant definitions:
| Variant | Model | System Prompt | Temperature | Purpose |
|---------|-------|---------------|-------------|---------|
| A | claude-sonnet-4-6 | v1.0 (mirror) | 0.7 | Production default |
| B | claude-sonnet-4-6 | v1.1 (deeper probe) | 0.8 | Beta test variant |
| C | claude-haiku-4-5 | v1.0 (mirror) | 0.7 | Cost-efficiency test |
| D | claude-sonnet-4-6 | v1.0 + Constellation tags | 0.7 | Constellation M0 test |
| E | (reserved) | — | — | Future model evaluation |
| F | (reserved) | — | — | Future model evaluation |
Any user can be routed to any variant by appending ?v=X to the chat URL, enabling controlled rollout, A/B experimentation, and manual canary testing without infrastructure changes.
AWS Bedrock cross-region inference profiles (the us.* model ID prefix — e.g., us.anthropic.claude-sonnet-4-6) allow Bedrock to route inference requests across multiple AWS regions in the US geography when the primary region (us-east-1) is throttled or degraded. This provides automatic failover without requiring Lambda to manage multi-region routing logic.
bedrock_client.py checks a USE_CROSS_REGION_PROFILE environment variable. When enabled, model IDs are prefixed with us. before the Bedrock API call. The toggle is off in development (to avoid cross-region costs during local testing) and on in production. During a regional Bedrock degradation event, this single variable change re-routes all traffic to the cross-region profile within seconds of the environment variable update propagating.
The Feature Readiness Standard (see Section 5) applies to model variants as well as to UI features. A new model variant starts at ALPHA — it runs only for Harnoor and up to three designated test users. To reach BETA, it requires 100+ real-world sessions, no unresolved P0 safety findings from ECHO red-team review, and documented behavioral comparison against the production variant. To reach GA, it requires 1,000+ sessions, 30-day stable safety metrics, and clinical review if the variant's behavioral profile differs meaningfully from the GA variant in crisis-adjacent scenarios.
This gate prevents a situation where a new model is quietly deployed to all users because it "seemed better" in informal testing, without systematic evaluation of its crisis-adjacent behavior.
The planned model maturity ladder is as follows:
Rung 1 (current): Claude Sonnet 4.6 on Bedrock, general-purpose, system-prompt-customized. Cost-efficient. No training data required. Changeable by env var.
Rung 2 (6–12 months): Anthropic fine-tuning API (when available on Bedrock). Domain-specific fine-tune on Silent Infinity conversation corpus — user-consented, de-identified. Improves mirror stance consistency and reduces generic-assistant drift.
Rung 3 (12–24 months): Custom foundation model via AWS BedRock Custom Model Import. A model trained on a curated corpus of contemplative literature, therapeutic dialogue frameworks (CBT, ACT, IFS, motivational interviewing), and validated Silent Infinity sessions. Requires significant data infrastructure and compute budget.
Rung 4 (24+ months): Own foundation model, hosted privately. Full control over training data, alignment methods, and behavioral guarantees. This is the path to clinical-grade AI with defensible, auditable behavior.
Each rung requires the prior rung's Feature Readiness Standard evidence before migration. No rung is skipped.
All of the following are controlled by Lambda environment variables, updatable via AWS Console or CDK without a code deployment:
PRIMARY_MODEL_ID — the model used for all A-variant conversationsSENTINEL_MODEL_ID — the Chat Sentinel modelUSE_CROSS_REGION_PROFILE — cross-region inference toggleSYSTEM_PROMPT_VERSION — which version of the system prompt to loadCRISIS_PATTERNS_VERSION — which crisis pattern set to applyRATE_LIMIT_DAILY_TOKENS — per-user daily token budgetENABLE_CRISIS_ARCHIVE — toggle for OpenTimestamps archivingA model swap that requires zero downtime, zero code change, and zero test-suite re-run is achievable for any primary model change. The deployment path for a non-trivial model change (new fine-tune, new provider) goes through CDK but does not require a Lambda code change — only a CDK parameter update.
---
Silent Infinity's security design is governed by six explicit principles, each sourced from established privacy and security frameworks.
Ann Cavoukian's Privacy by Design framework, codified in GDPR Article 5(1)(c), establishes that systems should collect the minimum personal data necessary for their stated function. Silent Infinity applies this literally: in the Silver and Gold tiers of the data model, there is no PII. User identifiers are SHA-256 hashes of IP address plus a rotating daily salt. No name. No email. No phone number. No persistent device identifier.
The system knows a user by a session token and a hashed identifier. It cannot trace that identifier back to a natural person without the unhashed IP address, which is retained only in access logs for 7 days (the minimum required for abuse detection) and then purged. A user who does not register has no record in DynamoDB that could identify them in a data breach.
Email collection occurs only at registration (Gold tier), is stored separately from conversation data, and is never included in conversation records, crisis archives, or analytics tables.
In transit: All traffic is TLS 1.3 end-to-end. CloudFront enforces TLS 1.2 minimum (TLS 1.3 preferred) on the public-facing edge. API Gateway to Lambda traffic is encrypted within the AWS VPC. Bedrock API calls from Lambda are encrypted using AWS Signature Version 4 over TLS.
At rest: DynamoDB tables use AWS KMS-managed keys (AWS-managed CMK by default; plans to migrate to customer-managed CMK for the crisis archive table, enabling independent key rotation and revocation). S3 objects (static frontend, crisis archive exports) use SSE-S3 with AES-256. Lambda environment variables containing secrets (API keys, model IDs with authorization) are encrypted using KMS at rest.
Key rotation: KMS keys auto-rotate annually. The plan to introduce per-user CMKs at Scale tier (post-SOC 2 audit) would enable cryptographic data isolation — a user's conversation records would be encrypted with a key derived from their authenticated session, making their data unreadable even to an internal database administrator without that session.
Clickwrap modal: Every new session presents a modal requiring explicit affirmative action (checkbox, not pre-checked) acknowledging that: (a) this is an AI, not a therapist; (b) the service is for users 13 and older (COPPA attestation); (c) the user has read the privacy policy and terms of service; (d) the user understands the Beta disclosure and the known limitations of the service.
Opt-out paths: Users can delete their conversation history at any time from the settings drawer. The deletion is hard delete from DynamoDB — not a soft-delete flag — executed within 24 hours. Crisis archives are retained separately (and for longer, see Section 4.6) but are not linked to PII.
GDPR Art. 17 (Right to Erasure): The deletion path satisfies this right for EU users. A written request to harnoors@gmail.com triggers manual review and deletion of any records not covered by the automated deletion path within 30 days.
CA SB 243: The California law requiring mental health digital products to publish crisis resources and safety methodology is satisfied by: the /safety page (live), the crisis footer (persistent in all chat sessions, listing 911 / 988 / findtreatment.gov / findahelpline.com), and the published crisis-detection methodology.
The guiding principle is: safety systems must never block a user's path, but must always log and may always surface resources. A user in crisis who is shown a wall — "this session cannot continue" — is in a worse position than a user who is shown resources and can continue.
Implementation: Crisis detection runs in parallel with response generation. If a crisis signal is detected during input processing, the system: (1) injects crisis resources into the system prompt for this turn, causing the model to respond with both the mirror response and resource links; (2) writes a crisis archive record (Section 4.6); (3) sets a follow-up flag on the user's next session (gentle acknowledgment, not forced conversation). At no point does the user hit an error screen or a blocked interaction.
Guardrail failure mode: If the guardrails module throws an exception, the handler falls through to a safe default (proceed without guardrail — log the failure, alert via CloudWatch alarm). A guardrail failure does not block the response. An empty response is never acceptable; a response without active guardrails is preferable to silence.
OpenTimestamps + S3 Object Lock (planned): Crisis archive records are written to DynamoDB, then their SHA-256 hash is submitted to OpenTimestamps, which anchors the hash in a Bitcoin blockchain transaction. The Bitcoin transaction provides a cryptographically verifiable timestamp that cannot be forged retroactively. A regulator reviewing a crisis event from six months ago can verify that the record has not been altered since it was written.
S3 Object Lock (WORM mode) is planned for the crisis archive export pipeline. Once a month, a Lambda function exports all crisis archive records to S3, and the Object Lock policy prevents deletion or modification for 7 years. This satisfies the "tamper-evident" property required for a defensible audit trail in a regulatory inquiry.
This infrastructure was built not because we expect to be investigated, but because building something that is investigation-ready, from the first session, is the correct posture for a product operating in a safety-critical space.
Crisis-flagged sessions receive materially different treatment from ordinary sessions:
The Lambda execution role follows strict least-privilege:
bedrock:InvokeModel, bedrock:InvokeModelWithResponseStream on specific model ARNs only. No Bedrock management permissions.dynamodb:GetItem, dynamodb:PutItem, dynamodb:UpdateItem, dynamodb:DeleteItem, dynamodb:Query on specific table ARNs only. No dynamodb:Scan in production.kms:Decrypt, kms:GenerateDataKey on specific key ARNs used by DynamoDB tables. No kms:CreateKey.logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents — standard Lambda logging.ssm:GetParameter on specific parameter paths for secrets retrieval.There is no wildcard (*) in any IAM policy statement. Role boundaries are enforced by CDK resource-level policies. Any future permission expansion requires a CDK code change, which goes through code review.
Per-IP rate limiting: DynamoDB atomic counter, 60 requests per minute per IP. Requests above the limit receive HTTP 429. This prevents both denial-of-service via high-frequency requests and runaway token cost from automated scripts.
Per-uid token budget: Registered users have a configurable daily token budget (default: 100,000 input tokens + 50,000 output tokens). The budget is checked before each request. A user who exhausts their budget receives a friendly message; the session is not blocked but subsequent requests return a budget-exceeded response without a Bedrock call.
LLM-assisted moderation: For inputs that pass regex guardrails but trigger heuristic anomaly flags (unusually long inputs, repeated identical messages, messages in unexpected character sets), feedback_monitor.py is triggered synchronously to perform LLM-based moderation before the primary response is generated.
| Regulation | Applicability | Current Status |
|---|---|---|
| GDPR Art. 6 (Lawful Basis) | EU users — lawful basis is legitimate interest + consent | Consent modal covers. Privacy policy specifies lawful basis. |
| GDPR Art. 17 (Right to Erasure) | EU users | Deletion path live. 30-day manual review for edge cases. |
| GDPR Art. 25 (Privacy by Design) | EU users | Architecture satisfies Cavoukian PbD framework. |
| CCPA | California users | Privacy policy live. Opt-out path live. |
| COPPA | Users under 13 | 13+ attestation in clickwrap modal. No minor-targeted marketing. |
| CA SB 243 | California companion chatbot law | /safety page live. Crisis resources persistent. Compliant. |
| EU AI Act Art. 50 | AI system transparency | Explicit AI disclosure in chat UI and system prompt <your_nature> tag. Compliant. |
| FDA SaMD | Explicitly excluded — not a medical device | ToS §3 + /safety page language explicitly excludes medical claims. |
| SOC 2 Type II | Not yet — planned post-scale | Deferred. HIPAA-inspired hygiene (encryption, access controls) in place. |
---
The backend is organized as a flat module directory under backend/src/. Each module has a single, documented responsibility.
| Module | One-line purpose |
|--------|-----------------|
| handler.py | Lambda entry point; orchestrates all other modules per request |
| bedrock_client.py | Abstracts all Bedrock API calls; handles model routing, streaming, retries |
| guardrails.py | Regex + heuristic input/output safety checks; crisis pattern matching |
| pricing.py | Single source of truth for per-token Bedrock costs by model ID |
| feedback_monitor.py | Chat Sentinel — async LLM review of completed turns (Haiku 4.5) |
| conversation_store.py | DynamoDB read/write for conversation history; context window management |
| user_profile.py | User record management; language detection; interest capture; IP hash |
| crisis_archive.py | SHA-256 hashing + DynamoDB write + OpenTimestamps submission for flagged turns |
| schemas.py | Pydantic v2 models for all API request/response boundaries |
| rate_limit.py | Per-IP and per-uid DynamoDB atomic counters; 429 enforcement |
| system_prompt.py | System prompt assembly; version loading; variant suffix injection |
| crisis_resources.py | Static crisis resource registry (911, 988, findtreatment.gov, findahelpline.com) |
As of 2026-04-20, the backend test suite comprises 582 passing tests across three categories:
Drift-lock tests (majority): These tests encode the expected behavior of the system at a specific point in time. They are not unit tests in the traditional sense — they test behavioral invariants (the system prompt always contains <your_nature>, the crisis footer always includes 988, the rate limit always enforces 60 req/min). When a code change breaks a drift-lock, it is not a bug fix — it is a deliberate behavioral change that requires explicit acknowledgment before the test is updated. This pattern was chosen because wellness AI behavioral drift is a safety risk, not just a quality risk.
Unit tests: Pure function testing for pricing.py, schemas.py, crisis_resources.py, and the pure-logic portions of guardrails.py. These run in milliseconds and have no AWS dependencies.
Integration tests (mocked AWS): Tests for conversation_store.py, user_profile.py, crisis_archive.py, and rate_limit.py using moto (AWS mock library) to simulate DynamoDB and KMS without live AWS calls.
All 582 tests are required to pass before any commit merges to master. The CDK deployment pipeline does not proceed if tests fail.
All API boundaries are validated through Pydantic v2 schemas defined in schemas.py. Every incoming request body is parsed through a Pydantic model before the handler accesses any field. Every outgoing response is serialized through a Pydantic model. Type errors at API boundaries raise HTTP 422 responses with structured error detail rather than Python exceptions propagating to Lambda.
Pydantic v2 was chosen over v1 for performance (Rust-based core, 5-50x faster validation) and for its strict mode support, which prohibits implicit type coercion and enforces that data matches the declared schema exactly.
Internal function signatures use Python type annotations throughout. mypy strict mode is run as part of the pre-commit hook. No Any types are permitted in production modules.
All operational logging uses Amazon CloudWatch Embedded Metric Format (EMF). Rather than emitting free-text log lines and then querying them with CloudWatch Insights, every log statement that contains an operational metric (token count, response latency, crisis flag count, rate-limit hit count, cost per turn) is emitted as an EMF JSON payload. This means metrics are queryable as CloudWatch Metrics with no additional processing step, enabling dashboards and alarms from day one at zero additional cost.
Structured fields in every log line: session_id, user_id_hash, model_id, variant, input_tokens, output_tokens, cost_usd, latency_ms, crisis_flagged (bool), guardrail_triggered (bool). This schema is enforced by the schemas.py LogRecord model.
The infrastructure-as-code layer is AWS CDK TypeScript. The CDK stack defines 15 resources: API Gateway, Lambda function, DynamoDB tables (conversations, users, crisis archive, rate limits, variant config), CloudFront distribution, S3 bucket, Route 53 records, ACM certificate, KMS key, IAM roles, and CloudWatch log group. Local bundling compiles and zips the Python Lambda package on the developer's machine before upload, eliminating the need for CodeBuild or container-based build infrastructure.
The deployment is reproducible: cdk deploy from a clean checkout produces the same infrastructure as the current production environment, parameterized by environment variables (stage, model IDs, domain names). There are no manual console steps in the deployment path.
All commits use Conventional Commits format (feat:, fix:, security:, docs:, test:, chore:). Safety-critical changes use security: prefix and include a reference to the originating Rough-Asks-Log entry (e.g., security: add ALPHA tier badge to regex-crisis-guardrails [R0068]). This threading means any behavioral change is traceable from: user utterance → Rough-Asks-Log entry → git commit → deployed code. The chain is unbroken and auditable.
---
Silent Infinity's product stance is captured in one sentence on the homepage: "A mirror for what's alive in you." This is not marketing copy — it is a technical and behavioral specification that constrains every design decision.
A mirror does not advise. A mirror does not push back unless the reflection itself demands it. A mirror does not reward you for looking into it more often. A mirror does not send you a notification when you haven't looked at it lately. These are not features absent from the roadmap — they are features permanently removed from the design space.
The practical consequence is a list of things the product explicitly does not do, enforceable at code review:
In a contemplative AI product, latency is not a performance metric — it is a UX signal that either supports or undermines the sense of presence. A long pause before the first token arrives communicates absence. A stutter mid-sentence communicates fragility. A silent gap after the model completes communicates finality that may not be warranted.
The design addresses each:
3-dot filler: The moment the user sends a message, three pulsing dots appear in the mirror's response position. The dots are styled to feel like breathing — not like a loading spinner. They communicate that the mirror is present and considering, not that the server is busy. This appears before the first token arrives, typically within 300–800ms for Bedrock responses.
Presence orb: A subtle animated orb in the interface periphery pulses at the same rate as the 3-dot filler during streaming, and slows to a resting rhythm during user composition. This draws on research on social presence in human-computer interaction (Nass & Reeves, 1996) — humans respond to social cues in interfaces even when they know they are interacting with software.
Breath animations: Background elements in the UI animate at approximately 0.25 Hz — the frequency of slow, deliberate breathing. This is below the threshold of conscious attention but above the threshold of physiological effect (research on paced breathing and HRV — Lehrer & Gevirtz 2014).
Pentatonic ping: Each completed turn triggers a soft ping using a pentatonic tone (C major pentatonic, pure sine wave, 2.4-second exponential decay). The pentatonic scale has no dissonant intervals — every note pairing is consonant (Pythagorean ratios 3:2, 4:3, 5:4). Pure sine waves produce lower auditory-cortex arousal than complex tones (Terhardt 1974). The long exponential decay mimics a singing bowl, which psychoacoustic research links to parasympathetic activation (Koelsch 2014).
The sensory layer is an independent subsystem from the conversation engine. It can be fully disabled without affecting the core chat functionality. It persists independently in localStorage — audio preferences, ambient track selection, color mode settings survive browser refresh and are not tied to authentication.
Ambient sound bed: Four preset ambient tracks (rain, ocean, forest, silence) plus an Om drone bed (a sustained fundamental + fifth + octave, inspired by the Tibetan bowl / tanpura tradition). Volume is controlled independently from system volume via a dedicated slider. All tracks are CC0 / royalty-free.
Soap bubbles: A subtle visual particle system that renders translucent spheres drifting upward in the background when enabled. Particle density and speed are calibrated to stay below the threshold of distraction — the system's own visual design philosophy is "nothing jumps out at you; everything meets you."
Night mode: A one-tap toggle that shifts the color palette from warm-neutral to deep cosmic blue-black with liquid-gold accents. Night mode is auto-enabled after 9pm based on local time, with a manual override.
The drill-down menu presents a set of topic pills (e.g., "relationship," "purpose," "body," "grief," "creativity") that expand into themed sub-prompts. This is the product's concession to users who feel the blank text input is too open — not everyone arrives at a contemplative space knowing what they want to explore.
The sub-prompts are authored, not generated. They are not questions — they are invitations. The distinction is intentional: a question can be answered; an invitation can be declined. An invitation preserves the user's autonomy. The authoring process for sub-prompts follows the Feature Readiness Standard — each topic cluster goes through at least 10 internal sessions before it is user-facing.
The current implementation meets WCAG 2.2 AA on the following dimensions:
prefers-reduced-motion media query and disable all motion when the user's system accessibility setting requests reduced motion.role="log", aria-live="polite" for incoming messages, and aria-label attributes on all icon-only buttons.Every sensory feature degrades gracefully:
The conversation is the product. Everything else is environment.
---
| | Helpful | Harmful |
|---|---|---|
| Internal | STRENGTHS | WEAKNESSES |
| | Open-source crisis module | 6 users (very early) |
| | AWS Bedrock quality + reliability | Solo founder bandwidth |
| | PhD-grade strategy documentation | No full-time clinical advisor |
| | Non-exploitative monetization stance | Web-only (mobile in flight) |
| | Clinically-sourced crisis patterns | Single-region (us-east-1) |
| | Feature Readiness Standard gates | No SOC 2 yet |
| | Multi-platform architecture roadmap | No voice MVP yet |
| External | OPPORTUNITIES | THREATS |
| | Character.AI settlement market shift | BetterHelp/Calm/Headspace acquisition risk |
| | AFSP partnership path | Regulatory creep (FDA SaMD) |
| | AWS re:Invent 2026 talk slot | Bedrock pricing changes |
| | 501(c)(3) crisis-layer spin-off | Open-source copycats |
| | Patent: vibration-resistance voice analysis | Wellness industry contraction |
Open-source crisis module. Releasing the crisis-detection module under MIT license serves two strategic functions simultaneously: it signals the product's commitment to the public good in a way that cannot be faked (code is published, not stated), and it creates a reference implementation that positions Silent Infinity as the infrastructure standard for wellness AI safety. If the AFSP endorses the module, every developer who adopts it is also implicitly endorsing the Silent Infinity safety framework. Mitigation: maintain active development of the module; accept community contributions; publish a documented test suite.
AWS Bedrock quality and reliability. Claude Sonnet 4.6 is among the highest-quality general-purpose language models publicly available. Bedrock's managed infrastructure provides AWS enterprise SLAs, Guardrails, and streaming without self-hosting overhead. Mitigation: maintain the vendor abstraction layer (bedrock_client.py) so that an Anthropic pricing change or capability regression can be responded to within hours.
PhD-grade strategy documentation. The Feature Readiness Standard, Emergent Constellation Plan, Sound Science Modes document, and this audit document demonstrate an analytical rigor that most consumer wellness apps lack entirely. This documentation is the product's legal defense, its investor narrative, and its clinical credibility simultaneously. Mitigation: keep documentation current; assign quarterly review cycles.
Non-exploitative monetization stance. The business model does not benefit from session frequency. This is structurally unusual in consumer AI and is a genuine competitive differentiator — not a positioning statement. A user who uses the product once a month pays the same as one who uses it daily. This alignment between user value and revenue survives scrutiny at the board level, the regulatory level, and the press level. Mitigation: document the unit economics explicitly; ensure pricing page reflects the model.
Clinically-sourced crisis patterns. The crisis-patterns-v1.json file is grounded in real clinical literature (AFSP messaging guidelines, Columbia Suicide Severity Rating Scale language, Safe Messaging guidelines). This is not a list of keywords assembled from Reddit threads. Mitigation: pursue formal AFSP review; document the sourcing methodology for each pattern.
Feature Readiness Standard gates. The six-tier evidence-based maturity framework is the product's primary legal shield and the most sophisticated feature governance infrastructure in the consumer wellness AI space. Mitigation: enforce quarterly tier reviews; do not allow features to stagnate in BETA without active evidence accumulation.
Multi-platform architecture roadmap. The architectural principle — one Bedrock-backed service exposed via one API, with every form factor as a thin adapter — means voice, mobile, SMS, and browser forms share behavioral guarantees without code duplication. Mitigation: enforce the no-fork rule in code review; design voice and mobile adapters as wrappers, not forks.
Six users (very early). This is stated plainly in the press release and should be stated plainly in any investor conversation. Six users is not a signal of product failure — it is a statement about where in the build cycle the product is. But it means the system has no statistical behavioral data, no validated retention curve, no A/B test results, and no clinical observation cohort. Mitigation: launch the press release, pursue beta users aggressively, and build the analytics infrastructure to capture behavioral data from first real-scale use.
Solo founder bandwidth. One person cannot simultaneously operate the product, manage infrastructure, develop features, conduct clinical outreach, handle compliance, and pursue funding. The current development velocity is high precisely because the product is pre-scale and the founder is not managing other people. That equation inverts after a funding round. Mitigation: identify the first hire (likely: full-stack engineer or clinical advisor) before product-market fit milestone. Do not wait until bandwidth is fully exhausted.
No full-time clinical advisor. The crisis protocol, system prompt design, and content guidelines have been authored by the founder using published clinical frameworks (AFSP, Safe Messaging, CAMS). This is better than nothing; it is not equivalent to a licensed clinician's review. Mitigation: the AFSP partnership path is the highest-priority external relationship. A formal advisory relationship with one licensed mental health professional is the minimum required before voice mode ships.
Web-only. Mobile accounts for 63% of internet usage globally. A web app served through a mobile browser is viable but not native-quality. No home screen install, no background audio continuation, no system-level notifications (even the opt-in kind), no haptic feedback integration. Mitigation: Capacitor bridge is the path to a native mobile build without rewriting the web codebase. Flutter is the longer-term target. Timeline: 90 days.
Single-region (us-east-1). A us-east-1 regional outage affects 100% of users simultaneously. The cross-region inference profile mitigates Bedrock throttling, but Lambda, API Gateway, DynamoDB, and CloudFront origin are all single-region. Mitigation: Route 53 health checks + multi-region Lambda failover is the right architecture. Defer until DAU exceeds 1,000 and the infrastructure cost is justified.
No SOC 2 yet. Enterprise customers, clinical partners, and several categories of institutional investors require SOC 2 Type II. The current security posture is strong but unaudited. Mitigation: begin SOC 2 readiness at 1,000 MAU. Budget $15–40k/year plus 6-month preparation period.
No voice yet. Voice is the highest-engagement modality for contemplative products. Prosodic cues carry emotional information that text cannot. The roadmap includes voice, but it is not shipped. Mitigation: voice MVP using AWS Transcribe + Polly + Claude Sonnet 4.6 is the highest-priority next major feature. Must ship with clinical review of the crisis-detection voice extension before going to GA.
Character.AI January 2026 settlement. The settlement created documented, public-record evidence that AI companion products designed around engagement optimization can cause measurable harm to vulnerable users. This created a market window: users looking for an alternative, clinical advisors willing to engage with "safe" AI wellness products, and regulatory frameworks actively being written. Silent Infinity was built for this moment. Action: ensure the press release and any media coverage explicitly references this context without sensationalizing it.
AFSP partnership path. The American Foundation for Suicide Prevention has a documented history of partnering with technology products that meet their Safe Messaging guidelines. An AFSP endorsement of the crisis-detection module would be: (a) a clinically meaningful validation; (b) a regulatory shield; (c) a media story; and (d) a distribution channel to AFSP's network of 500+ chapters. Action: initiate formal contact with AFSP Technology Partnerships by Q3 2026.
AWS re:Invent 2026 talk slot. The open-source crisis-detection module combined with the blockchain-anchored safety archive is a genuine technical story that fits the re:Invent "builders building for good" track. A talk would provide: developer mindshare, AWS relationship capital, and credibility with enterprise buyers who attend. Action: submit a talk proposal by the August 2026 deadline.
501(c)(3) crisis-layer spin-off. The crisis-detection module, safety archive, and clinical pattern library can be spun off as a standalone non-profit entity. This creates: (a) structural separation between the for-profit product and the safety infrastructure (protecting the for-profit from liability for safety failures while maintaining the safety infrastructure as a public good); (b) eligibility for philanthropic funding for the safety work; (c) grant access for clinical research validation. Action: consult legal counsel on structure. Timeline: 12 months.
Patent: vibration-resistance voice analysis. The planned voice mode includes a feature for analyzing paralinguistic cues (speech rate, pitch variability, pause patterns) as signals for emotional state. A specific method for isolating these signals in the presence of ambient noise and device vibration is a patentable method. Action: file provisional patent application before voice mode ships publicly. Budget: $1,500–3,000 for provisional filing.
BetterHelp/Calm/Headspace acquisition risk. A well-resourced incumbent acquiring a direct competitor and replicating Silent Infinity's positioning is the standard startup threat. The mitigation is moving faster than acquisition can replicate, establishing the clinical relationships and regulatory reputation that make the product defensible, and building the community of users and developers around the open-source module. Mitigation: open-source is the moat. Features are copyable; a community of contributors is not.
Regulatory creep (FDA SaMD). If the product expands scope — claims therapeutic benefit, integrates with EHR systems, offers diagnostic support — it risks reclassification as a Software as a Medical Device under FDA guidance. The current ToS §3 and /safety page language explicitly exclude these claims. Mitigation: never add diagnostic claims. Never offer EHR integration without legal counsel review. Monitor FDA SaMD guidance quarterly.
Bedrock pricing changes. Anthropic has repriced Claude models multiple times. A significant price increase would materially affect unit economics. Mitigation: the vendor abstraction layer (bedrock_client.py) enables migration to a different model or provider within days. Maintain the pricing.py single source of truth. Budget for a 50% cost increase in all financial projections.
Open-source copycats. Releasing the crisis module as MIT-licensed invites forks. A fork that ships the module in a product with worse safety practices than Silent Infinity's uses the same module but harms users and could harm the module's reputation. Mitigation: publish a clear usage policy in the repository README specifying the intent. Pursue AFSP endorsement to create a quality signal that forks cannot claim without their own clinical review.
Macro wellness industry contraction. Consumer spending on wellness apps contracted in Q4 2025 as subscription fatigue increased. A macro contraction reduces willingness to pay for a new subscription product. Mitigation: the free tier must deliver genuine standalone value. The paid tier must be priced accessibly. Demonstrate the economics with 100 paying users before raising prices.
---
Cost per user at scale is excellent. At 1,000 DAU with average session length of 10 turns (approximately 5,000 input tokens + 2,500 output tokens per session), the Bedrock cost per user per day is approximately $0.09. Monthly: $2.70 per DAU. Total AWS cost including Lambda, DynamoDB, API Gateway, and CloudFront: approximately $3.00–3.50 per DAU per month. This is among the lowest per-user economics in the wellness AI category, driven by the serverless-native design and the elimination of idle infrastructure.
Zero idle cost. At six users, the monthly AWS cost is negligible — under $5. An always-on EC2-based architecture would cost $40–100/month in idle compute before serving a single request. The serverless design means cost scales with value delivered.
AWS-native reliability. Lambda, API Gateway, DynamoDB, and CloudFront each carry SLAs of 99.9% or higher. The system's availability is limited by the weakest link; in practice, Bedrock is the most variable component. CloudFront absorbs traffic spikes at the edge, protecting Lambda and DynamoDB from sudden load bursts.
Modular model swap (detailed in Section 3). The architecture can survive a model pricing change, a model quality regression, or an Anthropic service disruption with a single environment variable update and no code change.
Open-source crisis detection. The crisis module being public raises the quality floor for wellness AI across the industry. It also produces a reputational asset — "the team behind the MIT-licensed crisis module" — that is worth more than a comparable proprietary feature.
Lambda cold starts. A Lambda function that has not been invoked recently requires initialization before it can handle a request. Python 3.12 cold starts for the current function are approximately 800–1,200ms. For a contemplative chat product, an 800ms delay before the first token appears is acceptable; a 1,200ms delay is at the boundary of perceived unresponsiveness. Mitigation path: Lambda SnapStart (currently available for Java; Python support is planned in AWS roadmap) will reduce cold start latency to under 100ms when available. Interim mitigation: scheduled pings every 5 minutes via EventBridge to keep Lambda warm during anticipated usage hours.
Bedrock single-region failover risk. The cross-region inference profile mitigates Bedrock throttling but does not protect against a regional Lambda or API Gateway outage. A us-east-1 degradation would take the product offline for all users. Mitigation path: multi-region Lambda + Route 53 failover routing. Estimated implementation: 2 engineer-days. Deferred until DAU justifies the cost.
No SSO yet. Users who want to maintain conversation history across devices must manage a session token manually. The absence of Google and Apple SSO increases friction for users who want persistent sessions. Mitigation path: Cognito SSO integration is 30-day roadmap item. Google OAuth + Apple Sign-In via Cognito Identity Providers.
Observations table just created — no longitudinal history. The user behavior analytics infrastructure (the observations/events table that feeds the Emergent Constellation system) was created in the April 2026 sprint and contains no historical data. The constellation feature requires data that does not yet exist. Mitigation path: retroactive conversation tagging pipeline — a Lambda function that runs nightly and emits theme tags for existing conversations into the new table.
No formal SOC 2 audit trail yet. The security practices are sound, but they have not been validated by an external auditor. An enterprise customer or clinical partner asking for a SOC 2 report cannot be satisfied with "our practices are equivalent to SOC 2." Mitigation path: SOC 2 readiness at 1,000 MAU. Estimated timeline: 9–12 months from first paid enterprise customer inquiry.
---
| Item | Status | Owner |
|------|--------|-------|
| Voice MVP (AWS Transcribe + Polly + Claude Sonnet 4.6) | In design | FORGE |
| SSO: Cognito + Google OAuth + Apple Sign-In | Scoped | FORGE |
| Multi-chat threads with shared memory | Scoped | FORGE |
| Crisis pattern rewrite (plain-speech patterns replacing regex) | ALPHA → BETA in progress | FORGE + SCOUT |
| Clickwrap modal legal review | Pending legal review | Harnoor |
| Feature tier badges in UI (/safety/features page) | Spec complete | FORGE |
| Item | Status | Owner |
|------|--------|-------|
| Mobile app — Capacitor bridge to iOS + Android | Design | FORGE |
| Ultra-HQ ambient audio (Dispenza-aligned binaural tracks) | Research complete | FORGE |
| Dispenza frequency modes (theta binaural, solfeggio, Om drone) | Spec complete | FORGE |
| Analytics dashboard (/pm upgrade) | ALPHA | FORGE |
| Multi-region Lambda failover + Route 53 health checks | Design | FORGE |
| AFSP partnership initiation | Outreach | Harnoor |
| SOC 2 readiness gap analysis | Not started | External auditor |
| Item | Status | Owner |
|------|--------|-------|
| Clinical partnership — AFSP formal review of crisis module | Pending outreach | Harnoor |
| 501(c)(3) crisis-layer spin-off legal structure | Pending legal counsel | Harnoor |
| Patent provisional — voice prosodic analysis method | Pending | Harnoor + patent attorney |
| AWS re:Invent 2026 talk submission | Pending | Harnoor |
| Flutter native mobile rebuild | Post-Capacitor bridge | FORGE |
| Emergent Constellation M1 (visible user starfield) | Post-M0 tagging | FORGE |
| SOC 2 Type II audit initiation | Post-1,000 MAU | External auditor |
The following items are fully scoped and cannot proceed without explicit direction:
1. Founder-face commitment. Does Harnoor want to be the public face of Silent Infinity, or does the product launch under the brand alone? Impacts: social distribution strategy, media outreach approach, press release publication format.
2. Voice crisis-detection protocol. Voice mode introduces prosodic signals (speech rate, pitch variability, pauses) that text-based crisis detection cannot capture. Does the voice mode ship with text-only crisis detection initially (faster), or does it wait for a voice-specific pattern set reviewed by a clinical advisor?
3. Pricing tier structure. The current model is free + subscription. The specific price point, trial length, and paywall placement require Harnoor approval before implementation. Recommendation: $14.99/month, 7-day full-access reverse trial.
4. AFSP outreach owner. AFSP partnership initiation requires a person to own the relationship. Is this Harnoor directly, or is there a clinical advisory candidate who can make the introduction?
5. 501(c)(3) timing. The crisis-layer spin-off is strategically correct but legally complex. Does Harnoor want to pursue it now (before scale) or after first clinical partnership?
6. Beta user recruitment strategy. The product needs 100+ real-world users to move the chat feature from BETA to GA. What is the explicit recruitment channel? (Options: Harnoor's personal network, Reddit organic post, influencer outreach, ProductHunt launch.)
7. Multi-region architecture timing. The us-east-1 single-region risk is real. At what DAU threshold does multi-region failover become mandatory? Recommendation: 500 DAU.
8. Retroactive conversation tagging. The 189 existing conversations contain behavioral signal that the Emergent Constellation system needs. Does Harnoor authorize a retroactive tagging run that will process all existing conversations through the LLM theme-tagger? (Cost: approximately $0.50 for all 189 conversations. Privacy consideration: this is an internal processing operation on existing data, within the consented use case.)
---
1. AWS Bedrock Documentation — Model inference, ConverseStream API, Guardrails configuration, cross-region inference profiles. docs.aws.amazon.com/bedrock/
2. AWS Lambda Documentation — Python 3.12 ARM64, SnapStart (Java), local bundling with CDK. docs.aws.amazon.com/lambda/
3. Pydantic v2 Documentation — Strict mode, Rust-based validation core, API boundary enforcement. docs.pydantic.dev/
4. Cavoukian, A. (2010). Privacy by Design: The 7 Foundational Principles. Information and Privacy Commissioner of Ontario. — Foundational framework for Section 4.
5. GDPR (Regulation (EU) 2016/679). Articles 5 (Data Minimization), 6 (Lawful Basis), 17 (Right to Erasure), 25 (Privacy by Design). eur-lex.europa.eu/
6. NIST AI Risk Management Framework (AI RMF 1.0), 2023. National Institute of Standards and Technology. — Reference framework for the Feature Readiness Standard tier model.
7. EU AI Act (Regulation (EU) 2024/1689). Article 50 (Transparency for AI Systems). — Transparency compliance requirements for AI-generated content.
8. California SB 243 (2024). Mental health chatbot safety requirements. — Direct compliance requirement; /safety page and crisis resources satisfy.
9. CCPA (California Consumer Privacy Act, 2018). Opt-out rights, privacy notice requirements.
10. COPPA (Children's Online Privacy Protection Act, 1998). Age 13+ attestation requirement.
11. Anthropic Core Views on AI Safety (2024/2025). anthropic.com/research — Model alignment and safety philosophy underlying Claude's design.
12. American Foundation for Suicide Prevention (AFSP). Safe Messaging Guidelines. afsp.org/safe-messaging-guidelines — Framework for crisis-detection pattern sourcing.
13. Columbia Suicide Severity Rating Scale (C-SSRS). positivepsychology.com/c-ssrs/ — Severity classification framework referenced in crisis pattern design.
14. Deci, E.L. (1971). Effects of externally mediated rewards on intrinsic motivation. Journal of Personality and Social Psychology, 18(1), 105–115. — Foundational basis for the anti-gamification stance (Section 6 and Emergent Constellation).
15. Ryan, R.M. & Deci, E.L. (2000). Self-Determination Theory and the Facilitation of Intrinsic Motivation, Social Development, and Well-Being. American Psychologist, 55(1), 68–78. — SDT framework underlying UX philosophy.
16. McAdams, D.P. (2001). The psychology of life stories. Review of General Psychology, 5(2), 100–122. — Narrative identity theory underlying Emergent Constellation design.
17. Koelsch, S. (2014). Brain correlates of music-evoked emotions. Nature Reviews Neuroscience, 15, 170–180. — Neuroscience basis for sound design choices.
18. Pennebaker, J.W. (1986). Confronting a Traumatic Event: Toward an Understanding of Inhibition and Disease. Journal of Consulting and Clinical Psychology. — Basis for expressive writing mechanisms.
19. Neff, K.D. (2003). Self-compassion: An alternative conceptualization of a healthy attitude toward oneself. Self and Identity. — Basis for the no-streak policy.
20. Christensen, C.M. (1997). The Innovator's Dilemma. Harvard Business School Press. — Framework for understanding incumbent blindspots in the wellness AI market.
21. Christensen, C.M. et al. (2016). Know Your Customers' Jobs to Be Done. Harvard Business Review. — JTBD framework used in product positioning.
22. Kano, N. (1984). Attractive quality and must-be quality. Journal of the Japanese Society for Quality Control. — Feature prioritization framework referenced in the Feature Readiness Standard.
23. Fogg, B.J. (2019). Tiny Habits. Houghton Mifflin Harcourt. — Behavioral design ethics; basis for fail-soft safety principle.
24. Newport, C. (2019). Digital Minimalism. Portfolio. — Philosophical anchor for the anti-engagement architecture.
25. Kimball, R. & Ross, M. (2013). The Data Warehouse Toolkit, 3rd ed. Wiley. — Reference for the DynamoDB schema dimensional modeling approach used in the analytics tables.
---
This document is a living instrument of Silent Infinity's operational and strategic intelligence. It is intended for serious review by investors, clinical advisors, and regulatory reviewers who need a complete, unvarnished picture of the system. Nothing in this document is marketing. Gaps are stated as gaps. Risks are stated as risks. The standard does not move with the audience.
For technical questions, architecture walkthroughs, or compliance documentation: harnoors@gmail.com
For the published /safety page: silentinfinity.com/safety
For the open-source crisis module: github.com/silentinfinity/crisis-detection
---
Document version: 1.0
Authored by: SCOUT (TITAN research agent)
Reviewed by: HERALD
Date: 2026-04-21
Classification: Confidential