MSO Vault
An operational knowledge base that protects patient data with three-layer PII defense (OS sandbox + hooks + n8n gate) and flags violations in real time across 52 wiki pages and 12 medical-advertising regulations.
Internal operations tool — no public live URL. Below is the architecture diagram.
Overview
Running an AI-assisted knowledge base over real clinic operations in Korea's medical and beauty vertical creates two collision points that most internal tools ignore: patient PII must never leak out of the system, and every piece of marketing-adjacent content sits under the country's medical-advertising law. MSO Vault treats both not as policy reminders but as engineering constraints enforced in the runtime itself.
The defense is deliberately layered rather than trusting any single checkpoint. An OS sandbox sets the only real boundary, a PreToolUse hook screens activity before it executes, and an n8n ingestion gate vets data on the way in — with egress blocked so sensitive values cannot escape even if an earlier layer is bypassed. The hardest cases are the quiet ones: bare names with no other identifier, which a naive regex misses entirely. That blindspot is closed with test-driven detection that pulls real records into quarantine instead of letting them flow through.
What makes it engineering-notable is the schema-driven operationalization of the LLM itself — versioned operating rules covering prompt-injection defense, source immutability, and weekly automated linting — so the compliance corpus and its §56 mappings stay verifiable rather than drifting.
Highlights
- Three-layer PII defense (OS sandbox + PreToolUse hook + n8n ingestion gate) with egress blocking
- Medical-advertising-law §56 mapping + real-time violation flagging (52 wiki pages, 12+ regulations)
- Schema-driven LLM operationalization (CLAUDE.md v1.7) — prompt-injection defense, source immutability, weekly lint automation
- Name-only blindspot PII detection (§5-4, TDD 110 tests, 6 real patient records quarantined)