Structured workflows for conflict-zone evidence, digital twins, and public proof
Each module is a governed pipeline with declared inputs, system process, outputs, and a safety boundary. Approved organizations select modules under a mission contract and the release gate determines what may leave the workspace.
Compose Evidence-Bound Digital Twins
Stand up causally wired, source-traceable models of conflict-zone systems . health, displacement, infrastructure, command, narrative . that can be queried, branched, and stress-tested without leaving the evidence boundary.
- Theater scope
- Uploaded primary files
- Linked vector stores
- Twin archetype
- Time horizon
- Population segment
- Legal lens
- Humanitarian lens
- Release posture
- Twin state graph
- Branched scenario tree
- Evidence-to-node lineage map
- Risk bands per node
- Missing-proof register
- Replayable audit log
Twins are descriptive and analytical. They cannot output tactical targeting, weapons guidance, evasion instructions, private surveillance, or operational harm.
What can be authored end-to-end
Twelve forward-looking scenarios written as testable questions, not case studies. Each names the hypothesis, method, modules engaged, governance posture, expected outputs, and a hyper-optimization tip so a new operator reaches a defensible result faster.
Pattern-of-Practice Detection for Attacks on Healthcare
Are observed strikes on medical facilities consistent with isolated incidents, or do they form a temporally and geographically coherent pattern under IHL?
Geo-temporal clustering across OSINT and humanitarian feeds, Bayesian updating as new incidents arrive, contradiction-entropy decomposition across reporting channels, and a counterfactual baseline drawn from peer theaters.
- Verified media archive
- WHO Surveillance System for Attacks on Health Care (SSA)
- OCHA situation reports
- NGO field briefs
- Public legal filings
- Cluster map with confidence bands
- IHL alignment matrix
- Contradiction ledger
- Attorney-review packet
- Counsel review required
- Witness identifiers redacted
- Cleared lane only after release gate
Lock the date window early, set corroboration ≥ 3, and pin the SSA store as primary so claim-level ECS doesn't drift when narrative sources enter the corpus.
Counterfactual Aid Allocation Under Access Volatility
Given current corridor closures and last-mile constraints, which allocation of fixed humanitarian budget yields the largest expected reduction in preventable mortality across the next 90 days?
HyperMC ensembling over access-corridor states, severity-weighted utility maximization, sensitivity analysis on hostility and weather, and rare-event simulation for catastrophic-access collapse.
- Cluster needs assessments
- Partner logistics exports
- Access-incident database
- Public seasonal forecasts
- Allocation curve with uncertainty
- Top-five sensitivity drivers
- Falsifiers list
- Off-ramp playbook
- Internal use
- No beneficiary identifiers
- Donor-facing redaction profile
Run with three priors . optimistic, central, adversarial . and export the falsifiers panel to the donor brief. Letting reviewers see what would change the recommendation is what makes the brief defensible.
Forward-Looking Displacement Twin With Replayable Branches
How do displacement flows redistribute under three escalation envelopes, and which transit nodes become overcapacity first?
Causal graph of push/pull/route factors, agent-style population draws against IDMC and partner registration data, capacity-saturation thresholds per node, and per-branch DRI for replay.
- IDMC GIDD
- UNHCR ProGres exports (tenant-private)
- Border-crossing telemetry from public OSINT
- Health and WASH capacity registers
- Per-branch flow maps
- Saturated-node alerts
- Confidence bands on arrival timing
- Replay manifest
- Tenant-private
- Geographic generalization on outputs
- Ethics board for any external sharing
Pin the twin to a single contract ID, snapshot each branch, and use the missing-proof register as the brief's appendix . it converts gaps into a procurement list for the next round of OSINT.
Infrastructure Fragility & Cascading-Failure Mapping
Which civilian infrastructure dependencies (power → water → cold-chain → ICU) are one shock away from cascade failure, and where would protection investment yield the largest stability gain?
Dependency-graph construction from open utility and humanitarian data, percolation analysis, shock propagation under HyperMC, and structural-importance ranking with confidence intervals.
- Public utility filings
- WHO health-cluster registries
- Satellite-derived public outage indicators
- NGO partner asset registers
- Dependency graph
- Cascade probability ranking
- Protection-investment leaderboard
- Uncertainty atlas
- Internal
- No precise asset coordinates in outputs
- Counsel review if released externally
Tighten the reliability floor to 0.55 on this scenario . a noisy outage feed will dominate the graph otherwise. Use the contradiction ledger to flag conflicting outage reports for human triage.
Narrative Volatility & Cross-Channel Convergence Tracking
How do public narrative frames about a single incident converge or diverge across state media, NGO statements, and verified open-source documentation over time?
Frame extraction from public statements, divergence scoring per claim, source-stability index per channel, and time-windowed contradiction-entropy curves with falsifiers.
- State broadcaster transcripts
- NGO press releases
- Verified media archives
- Public think-tank commentary
- Convergence/divergence timeline
- Channel SSI scoreboard
- Disputed-claim register
- Public-proof annex
- Public-eligible after redaction
- No private accounts
- No targeting of individuals
Enable the 'state broadcaster' channel as a tagged narrative source . never as ground truth. The platform marks it automatically, but pinning the tag in the scope keeps reviewers from misreading the convergence chart.
Counterfactual Public-Health Burden Under Lost Access
What is the excess all-cause and disease-specific burden attributable to verified loss of healthcare access in a defined district over a defined window?
Synthetic-control construction from peer districts, Bayesian negative-binomial models for incident counts, and sensitivity analysis on underreporting and care-seeking shifts.
- MoH and WHO surveillance feeds
- DHIS2 partner exports
- Mortality registries where public
- Pre-event peer-district baselines
- Excess-burden estimate with credible intervals
- Synthetic-control fit diagnostics
- Sensitivity tornado
- Methods replay bundle
- Internal
- Statistical-disclosure controls before sharing
- Counsel review for attribution language
Always co-publish the falsifiers panel. Public-health attribution survives challenge only when reviewers can see exactly which assumption changes break the result.
Protected-Persons Risk Pathway Without Re-Identification
Which beneficiary cohorts face the highest compound risk of harm under current conditions, and which mitigation owes the most uplift . without re-identifying any individual?
Cohort-level aggregation, k-anonymity floor on every grouping, compound-risk index across protection domains, and mitigation-uplift ranking.
- Beneficiary intake aggregates
- Protection cluster guidance
- Field-team incident logs (de-identified)
- Cohort risk scoreboard
- Mitigation-uplift ranking
- Privacy-attestation log
- Public-safe summary
- Strict identifier scrubbing
- k ≥ 10 on every output cohort
- Ethics board for any external release
Set the redaction profile before ingestion, not after. The platform refuses to write a public-safe summary if k drops below floor . designing for that gate from the start saves a round of rework.
Portfolio Grant-Readiness Across Approved Applicants
Across an applicant portfolio, which proposals carry the strongest evidence base, the cleanest lineage, and the lowest duplication against currently funded work?
Per-proposal evidence-confidence scoring, claim-graph overlap detection against existing portfolio stores, and counterfactual marginal-impact estimation.
- Applicant narratives
- Logframes and budgets
- Existing portfolio reports
- Public sector landscape
- Readiness scoreboard
- Overlap heatmap
- Marginal-impact ranking
- Allocation memo draft
- Donor-internal
- Applicant data isolated per tenant
- No applicant-level details leave the workspace
Run readiness twice: once on narrative only, once on narrative plus partner evidence uploads. The delta is the cleanest signal of which applicant operationalizes evidence well.
Climate-Conflict Compound-Risk Surface
Where and when do climate stressors and conflict drivers compound to produce humanitarian crisis windows that neither lens detects alone?
Joint exposure modeling across public climate reanalyses and ACLED-style event corpora, copula-based compound-risk estimation, and rare-event simulation for tail crises.
- Public climate reanalyses
- Public conflict event corpora
- Food-security IPC phases
- Displacement registers
- Compound-risk surface
- Crisis-window forecasts with credible intervals
- Driver decomposition
- Methods appendix
- Internal
- External release requires lens-and-method appendix
Use the twin to lock the geography, then run the simulation across three plausible climate envelopes . the spread is the headline number, not the central estimate.
Adversarial Evidence Quarantine & Reinstatement
When sourcing is contested or actively manipulated, which evidence items should be quarantined, which can be reinstated after corroboration, and how does the case strength move in either direction?
Source-stability scoring under deliberate contamination, claim-level rollback simulation, and quarantine/reinstatement curves over time.
- Contested OSINT items
- Counter-narrative material
- Independent corroborators
- Forensic provenance signals
- Quarantine ledger
- Reinstatement candidates
- Case-strength delta over time
- Method-replay bundle
- Counsel review
- Append-only quarantine ledger
- No claim deletion . only state transitions
Never delete . always quarantine. The audit ledger's value is the trace of state changes, not the final state. Reviewers and counsel rely on that trace to defend the case.
Red-Team a Donor or Policy Brief Before Release
Before a brief leaves the workspace, what is the strongest defensible challenge to its central claim, and does the brief survive it?
Adversarial-prompt ensemble against the claim graph, contradiction sweep across linked stores, falsifier extraction, and release-gate dry run.
- Draft brief
- Underlying evidence register
- Linked external stores
- Audience class
- Red-team report
- Surviving challenges list
- Recommended brief edits
- Release-gate dry-run result
- Internal red-team
- Findings logged whether or not the brief is changed
Red-team before counsel review, not after. Counsel time is the most expensive resource . the platform's automated challenges resolve the cheap problems first.
Reproducible Method Replay for Peer Review
Given a published finding, can a peer reproduce the analysis byte-for-byte using only the public proof bundle, without access to private tenant data?
DRI-verified replay of every step in the released pipeline against the public-eligible subset of sources, with hash-chained inputs and deterministic seeds.
- Public-eligible source subset
- Released method manifest
- Deterministic seeds
- Replay environment
- Replay verification report
- Divergence diagnostics if any
- Peer-review-ready appendix
- No tenant data in replay
- Replay log appended to public proof
Treat the public proof as the unit of work. Author the finding so the replay manifest is its own deliverable . peer reviewers cite the manifest, not the prose.
Eight patterns that compound across every module
These patterns are recurrent across the scenarios above. Apply them as defaults and the platform behaves predictably under audit, peer review, and adversarial challenge.
Lock scope before ingestion
Decide region, date window, lenses, and redaction profile before a single file is uploaded. The release gate is far cheaper at the front of the pipeline than at the back.
Pin a primary store
Designate one source as the spine of the corpus. Secondary sources are scored against it. This keeps ECS stable when noisy channels enter later.
Run with three priors
Optimistic, central, adversarial. Report the spread. A single point estimate is brittle; the spread is what survives a hostile review.
Quarantine, never delete
Move contested evidence to the quarantine lane. The audit ledger's value is the trace of state changes, not the final state.
Falsifiers before findings
Author the falsifiers panel first. If you cannot describe what would change your mind, the finding is not yet ready for release.
Snapshot every branch
Twins and scenarios should be snapshotted per branch with a stable contract ID. Replay integrity is only meaningful against a frozen branch.
Treat redaction as design
Set the k-anonymity floor and identifier rules at scope-lock time. The platform will refuse to publish below floor . design for that gate, don't fight it.
Author the manifest, not the prose
Public proof is the unit of work. Peer reviewers, donors, and counsel cite the manifest. Write the manifest first; the prose is a wrapper.
Workflows by organization type
KRYOS-XS serves a defined population of approved organizations. Each audience uses a different mix of the ten mission modules under a shared governance perimeter.
- Field report upload and structured ingestion
- Program knowledge organization across years and theaters
- Donor reporting with evidence-backed narratives
- Civilian risk mapping bound to source provenance
- Duplication detection across partner programs
- Institutional memory preservation across staff turnover
For Legal Teams
Human-rights lawyers, accountability units, investigative counsel
- Fact matrices built from primary evidence
- Evidence registers with hashing and lineage
- Chain-of-custody view across uploads and captures
- Legal theory mapping and Rome Statute alignment
- Contradiction logs across witnesses and sources
- Attorney-review packets ready for counsel sign-off
- Policy briefs drawn from governed vector stores
- Comparative conflict research across theaters
- Scenario modeling with falsifiers and uncertainty
- Digital twins of conflict-zone systems
- Narrative-risk analysis with source confidence
- Conflict trend analysis with replayable methodology
For Intergovernmental Organizations
UN bodies, regional missions, treaty institutions
- Structured evidence review across partner submissions
- Multi-partner coordination under shared mission contract
- Audit-ready reporting with full lineage
- Cross-jurisdictional knowledge organization
- Conflict-zone monitoring with classification controls
- Public-proof releases that survive institutional review
For Research Organizations
Universities, research institutes, investigative units
- Dataset creation with citation registers
- Evidence classification across mixed-format corpora
- Citation-backed outputs ready for peer review
- Reproducible research via replay integrity
- AI-search-ready public reports with structured metadata
- Comparative methodology across conflict theaters
For Donors and Foundations
Grantmakers, family foundations, government funders
- Grant-readiness scoring across applicant portfolios
- Evidence-backed allocation memos
- Intervention risk analysis under scenario simulation
- Duplication detection across funded programs
- Impact reporting with evidence lineage
- Theater-level portfolio mapping and prioritization
Select your modules. Lock your mission contract. Begin governed work.
Every module above is provisioned under approval review. KRYOS-XS does not offer self-serve access. The mission contract defines theater, scope, retention, and release posture before any evidence is ingested.