Private alpha — software creation for everyone, coming soon. Request access →

FDA-compliant event governance

Compliance events become reviewable evidence.

Gaia is designed to support FDA compliance workflows as governed event systems. Human actions and device signals are captured by type, routed through customer-defined logic, recorded with audit context, and assembled into evidence packages for qualified quality, compliance, and legal review.

Package this system Healthcare use case
typed device events decision routing audit trail compliance evidence package

Aspiration, not clearance

Designed to support FDA-related controls — not to replace compliance judgment.

Gaia does not claim FDA approval, clearance, certification, or automatic compliance. The goal is to help teams build validated, customer-specific workflows that preserve evidence for qualified quality, compliance, and legal review.

The model

Compliance workflows are an event graph.

Every meaningful action becomes a node. Every routing decision becomes an edge. The evidence package is not reconstructed later; it is generated from the same governed graph that ran the compliance workflow.

Diagram

From raw event to compliance evidence package.

The same chain renders as an operator dashboard, supervisor review queue, audit export, or compliance evidence package. The data path stays the same.

1

Human / device event

Typing, scan, sensor read, signature, override, login, measurement, or chain-of-custody action.

event_id + device_type
2

Gaia decision logic

Workflow state, SOP sequence, policy version, risk rules, identity, and review gates.

decision_id + route
3

Controlled record

Actor, device, prior values, reason codes, attachments, signatures, hashes, timestamps.

evidence_hash + audit_id
4

Compliance evidence package

Filtered case output with rule/SOP mapping, source records, investigation, sign-off, manifest, and export history.

case_id + evidence_line_id

Integration is the package

A barcode is not the whole story.

Batch IDs, SKUs, lots, serial numbers, case IDs, order numbers, and barcodes are tokens. Their meaning usually lives in vendor software, in-house systems, SOPs, and quality procedures. Gaia does not pretend a scan contains enough context by itself. The integration maps each token to the systems and rules that give it meaning.

System boundary Gaia connects to the defined process. It does not guess hidden proprietary data.

If the client system owns the product master, batch record, formula, case/order context, or vendor-specific workflow state, Gaia links to that source and records the decision trail around the interaction. The company defines the process; Gaia aspires to make it executable, auditable, and easier to review.

Synthesize the real process

Interview operators, reviewers, IT, vendors, and quality owners. Filter the noise into the actual workflow the company says it follows.

Bring paper into the system

OCR-assisted onboarding can scan SOPs, forms, labels, logs, and checklists into draft workflows for human verification instead of leaving paper teams behind.

Map tokens to source systems

Batch IDs, SKUs, lot numbers, serial numbers, barcodes, case IDs, and order identifiers stay linked to the proprietary systems that define their meaning.

Connect without replacing everything

Gaia integrates with vendor and in-house software, stores the visible event trail, and records where hidden context must be resolved by the client system.

Package the repeatable layer

The first implementation is services-heavy. What repeats becomes product: adapter patterns, event schemas, control matrices, review gates, and evidence templates.

Human process, coordinated

Gaia is not here to replace the people who know the work.

Most teams already know the process — it is just scattered across paper, spreadsheets, vendor screens, conversations, and tribal knowledge. Gaia captures that knowledge, turns it into governed workflows, and coordinates the handoffs so humans can focus on review, judgment, and improvement.

Explain the process

Teams describe how work really happens in plain language, interviews, forms, screenshots, and scanned documents.

Turn words into controls

Gaia turns that knowledge into human-readable wiki specs, skills, policies, routes, and review gates.

Coordinate the handoffs

People still approve, investigate, sign, and decide. Gaia keeps the queues, records, reminders, and evidence trail coordinated.

Improve by reuse

Repeatable pieces become reusable adapters, templates, metrics, and governance patterns that get easier to deploy next time.

Gaia control plane

The page is grounded in how Gaia runs work.

The FDA-compliance package uses the same Gaia shape: authenticated actors, kernel policy decisions, typed service calls, durable timelines, protected secrets, governed deploys, and observable operations.

Gaia Auth

verifies the person, organization, role, session, and signature context

Gaia Kernel

authorizes the action and records the policy decision before the route executes

Gaia SDK

carries typed events between compliance surfaces and Gaia services without ad hoc API shapes

Gaia Sessions

keeps the operational timeline readable across web, chat, phone, and API surfaces

Gaia Secrets

protects credentials, integration tokens, and classified operational secrets

Gaia Platform

ships the workflow with controlled deploys, health checks, logs, metrics, and traceability

How it works

One chain of custody for compliance workflows.

01

Capture the human event

Operators, reviewers, managers, field teams, and automated devices create typed events with actor, role, device type, location, and source context.

02

Route through Gaia logic

Gaia applies workflow state, policy, risk rules, SOP sequence, role authority, and review gates before the next action can happen.

03

Record the evidence

The event, decision, actor, device, rule version, evidence, signature, and outcome are recorded as an auditable chain of custody.

04

Generate the compliance evidence package

Events that need review are filtered into an evidence package: rule/SOP mapping, source records, investigation notes, signatures, attachments, and export history.

Device typing

The source determines the validation path.

A scanner, tablet, workstation, sensor, and chain-of-custody device do not carry the same context. Gaia uses device type to decide required fields, trust checks, routing, and evidence weight.

Operational workstation

Create, verify, review, override, release, and sign-off events tied to the active user session.

Barcode / label scanner

UDI, SKU, lot, serial, expiration, location, order match, mismatch, and retry events with device provenance.

Reviewer tablet

Supervisor review, approval, rejection, reason code, and electronic signature events.

Environmental sensor

Temperature, humidity, excursion, duration, affected inventory, quarantine, and disposition events.

Production / lab station

Procedure step, batch or case record, measurement, exception, and responsible-person events.

Chain-of-custody device

Handoff, failed delivery, return, receipt, and route exception events.

Routing logic

Rules turn activity into controlled decisions.

Each route writes its own explanation. A quality team can show why an event continued, paused, held inventory, opened CAPA, or entered reportability review under the customer-identified rule or SOP.

Continue

Expected action, expected user, expected state

Record the event and move the workflow forward.

Review

Override, mismatch, missing field, or unusual sequence

Pause the path and require supervisor review or second verification.

Hold

Product quality, excursion, security, or safety signal

Create a controlled case, preserve evidence, and start investigation workflow.

Escalate

Customer-configured reportability review

Generate a signed evidence package from source records and investigation evidence for qualified human review.

Severity logic

The same event can become a correction, hold, or field-action review path.

The customer-defined process determines the compliance path. Gaia records exactly where the event happened, what it affected, which rule evaluated it, and why the outcome stayed below product impact or escalated into product hold and reportability review.

Below product

Process correction / nonconformance review

The event can be corrected, documented, reviewed, and trended when the configured process and risk rules support that path.

At product

Quality hold / investigation

Affected lot, batch, serial, SKU, case, or inventory is held while Gaia preserves the evidence and routes the investigation to the responsible reviewers.

Above product

Field action / reportability review

The issue crosses a customer-configured product, safety, or quality threshold, triggering escalation, formal sign-off, and evidence package generation for compliance review.

Record integrity

Every evidence line opens back to source.

A reviewer can start at an evidence line and walk backward: package → filter decision → case → source event → actor → device → policy version → evidence hash.

event_idactor_idrole_scopedevice_iddevice_typelocation_idroute_decision_idpolicy_versionevidence_hashsignature_idcase_idevidence_line_id
Part 11-aligned record controls
  • computer-generated audit trail
  • actor, role, and authority check
  • device source validation
  • prior value preservation
  • signature meaning and record link
  • human-readable and electronic export

Compliance evidence controls

The package is designed around FDA-related record controls.

Gaia does not claim automatic compliance. It is designed to help produce controlled records, copies, audit trails, authority checks, device checks, signature links, retention evidence, and validation artifacts that qualified teams can review when a customer-identified rule requires a controlled record.

Rule/SOP mapping

each controlled record is tied to the customer-identified rule, SOP, or requirement that needs it

Validated workflow

requirements, route rules, and tests can show the configured system performs as intended

Audit trail

operator entries and actions are time-stamped, independent, retained, and reviewable

Access control

only authorized people can create, review, sign, export, or alter controlled records

Device checks

source devices are identified so the validity of each input path is visible

Signature linking

signatures include name, timestamp, meaning, and a link back to the exact record

Copies and export

records are available as human-readable output and electronic packages for review

Retention

records remain protected and retrievable for the customer-defined retention period

compliance evidence package

The package is a governed view over the event graph.

Gaia filters the controlled record stream into review queues, tracks review state, binds signatures, and exports the package with the source trail attached so qualified teams can use it in their own compliance process.

Packaging for quality teams

Explain it to operators, auditors, quality teams, and investors the same way.

Capture every event. Route it through explicit logic. Store the decision trail. Generate reviewable evidence outputs from the same source of truth.

Build the control package See how Gaia works