1 · Build the domain
Run the /expand command on learn_facts to grow the subject's concept map — the type/class hierarchy that gives later facts a place to live. This maps how concepts relate; it's the scaffold, not the content.
Build on it · clinical · educational · over the API
The same validated memory, wired into your own product. Three worked examples — a teacher's AI aide grounded in a real curriculum, a student's personal agent with its own isolated memory, and a clinician's assistant that recalls patient history traceably and confidently. Every call below is real: learn_facts, remember_facts, recall_memory over MCP and the /v1 developer API.
Confidence = traceability. Every answer points back to a real stored row — or it tells you it has nothing. No fuzzy vector guess dressed up as a fact.
curl -s https://app.faultline.ca/v1/recall \ -H "Authorization: Bearer flu_…" \ -d '{"query":"what is the pKa of acetic acid?"}' → "Acetic acid has a pKa of 4.76." ← real row, traceable curl … -d '{"query":"what is the pKa of unobtainium?"}' → "No relevant facts found." it won't invent one
One engine, your product on top
FaultLine is "one brain, two doors — decisions live backend-side, transports consume." Models reach it over MCP (the recall_memory / remember_facts / learn_facts / retract_fact tools); your own apps reach the same validated engine over the versioned /v1 REST API. The three builds below use exactly those calls — nothing invented, nothing bolted on. Where a capability is early or in preview, we say so plainly.
Example 1 · education · grounded in the material
An AI aide is only as trustworthy as what it's standing on. Wire one to a general model and it will confidently paraphrase things the course never taught. FaultLine flips it: you teach the subject first, load the validated curriculum, and the aide answers by a deterministic walk of what's actually stored — every answer traceable to a fact you put in, and an honest "not covered" when it wasn't.
Run the /expand command on learn_facts to grow the subject's concept map — the type/class hierarchy that gives later facts a place to live. This maps how concepts relate; it's the scaffold, not the content.
Feed the real course material through ingest_document. Every unit is chunked, extracted, typed against the ontology, and committed through the write-validation gate — with a source_ref so recalled facts carry a citation.
recall_memory walks those stored rows to answer a student's question. It draws only on what was loaded — and returns a plain miss rather than a guess when the syllabus is silent.
Build the field, load a unit, then ask — over the /v1 API with the course account's key:
# 1 — grow the concept map for the subject (build the PLACE facts live in) POST /v1/learn Authorization: Bearer flk_… { "text": "/expand chemistry online" } ✓ ontology grown · concepts related, not memorized # 2 — load a validated curriculum unit (extracted + gated + cited) POST /v1/documents { "text": "Acetic acid is a weak acid with a pKa of 4.76 …", "source_ref": "CHEM-201 · Unit 4 · Acids & Bases" } ✓ stored · facts committed · validated # 3 — a student asks; the aide answers from a real row POST /v1/recall { "query": "is acetic acid a strong or weak acid, and its pKa?" } → "Acetic acid is a weak acid; its pKa is 4.76." ← traceable to CHEM-201 · Unit 4, not a paraphrase
Leans on: /expand to build the domain, ingest_document to load validated, cited material, and recall_memory's deterministic walk — it doesn't guess, it knows. Anything the curriculum didn't state comes back as a miss, so the aide never fills the gap with a plausible-sounding invention. (Illustrative course content — the point is the path: teach, load, recall.)
Example 2 · personal agent · their memory, their token
Deadlines, exam dates, the standing Tuesday lab, which courses they're taking — a personal agent is useful exactly when it holds all of it, privately. With FaultLine, the student's agent captures facts as they're mentioned and recalls them on demand, and the whole memory is walled off to that one seat: the connection token is the scope, so one student can never read another's schedule.
remember_facts takes the raw sentence — "my Chem 201 exam is May 3rd" — and the engine does all the extraction, typing, and date parsing itself. You pass the words verbatim; FaultLine grounds the fact and stamps the event date. No form-filling, no client-side triple-building.
The agent connects with the student's per-seat token (an flu_ bearer). It resolves to that seat's own schema and nothing else — the tenant is server-derived from the credential, never trusted from the request, so cross-student access is structurally impossible, not a filter you hope holds.
Two mentions captured, then a question — each request carries the student's own seat token:
# the agent captures what the student says, verbatim POST /v1/memories Authorization: Bearer flu_… (this seat) { "text": "My Chem 201 final exam is May 3rd." } ✓ committed · event_date resolved → 2026-05-03 POST /v1/memories { "text": "I have a physics lab every Tuesday at 2pm." } ✓ committed · recurring lab captured # later — the student asks; recall walks their own schema POST /v1/recall { "query": "when is my Chem exam and when's my next lab?" } → "Your Chem 201 final is on May 3rd, and you have a physics lab every Tuesday at 2pm." ← their rows only
Leans on: remember_facts with FaultLine's deterministic date/temporal capture, recall_memory for the grounded read-back, and per-seat schema isolation keyed off the connection token. Over MCP the same thing happens through OpenWebUI, which stamps the seat via the X-OpenWebUI-User-Id header. (A seat can be a person or an agent — same isolation either way.)
Example 3 · clinical · confident because it's traceable
This is where accuracy and isolation stop being nice-to-haves. A clinician's assistant has to recall a patient's history you can stand behind — grounded in what was actually recorded, traceable to the row it came from, and walled off so one patient's memory can never surface under another. FaultLine's clinical lane is built for exactly this, and it ships today as a billed add-on. Here's precisely what it does — and what it doesn't.
The clinical lane mints each patient into their own physically-separable faultline_<id> schema, addressed only by an opaque handle — never PHI. The search_path is bound with no public fallthrough, so a query resolves inside one patient's schema or it doesn't resolve at all. The wall is structural, not a WHERE clause.
A patient is minted with a provisioning key that carries the provision_patients scope, and every mint traces back to the doctor who holds it. The lane is fail-closed: no account entitlement, wrong scope, or an unverifiable check and the call is denied and never billed — never a silent success.
Every recorded fact passes the WGM write-gate — no unsupervised model writes. And because the SaaS runs CPU-only, each account's LLM endpoint is its own configured brain, encrypted at rest, bound per request; a missing brain fails closed with zero network call, never a surprise default.
A per-seat clinical response voice re-words how recall states its confidence — without moving any fact between certainty bands. The epistemic firewall stays locked: a stated fact is asserted, an inferred one is held as tentative, in every voice.
Mint an isolated patient seat, then address that patient's memory by the opaque handle — the app holds one elevated key; the clinician never does:
# 1 — mint an ISOLATED patient schema (opaque id — NEVER a name/DOB) POST /v1/patients Authorization: Bearer flk_… (provision_patients) { "external_patient_id": "chart-9F3A2" } ✓ 201 · patient_id issued · schema provisioning · attributed to doctor # 2 — record history INTO that patient (validated, addressed by handle) POST /v1/memories X-FaultLine-User-Id: <patient_id> { "text": "Patient reports a penicillin allergy; last A1C was 6.1%." } ✓ committed through the WGM gate · this patient's schema only # 3 — the assistant recalls, traceably, in the clinical voice POST /v1/recall X-FaultLine-User-Id: <patient_id> { "query": "any drug allergies on record, and the last A1C?" } → "On record: a penicillin allergy. Most recent A1C: 6.1%." ← each item traces to a real row; nothing on record → it says so
Physical schema-per-patient isolation is a compliance aid — it makes cross-patient separation demonstrable and auditable, which is exactly what an assessor wants to see. It is not, by itself, a BAA, a HIPAA/PHIPA certification, or a finished compliance program, and it doesn't replace encryption, access management, audit logging, or a signed agreement — those are separate work we scope with you. We'd rather say that plainly than let the word "secure" carry more than it should.
Leans on: the clinical elevated lane (a schema per patient, fail-closed provisioning, opaque handles), the WGM write-gate, search_path isolation without public, the per-tenant encrypted BYO brain, deterministic traceable recall, and the clinical recall voice. Confidence here is traceability plus isolation, not a slogan — every answer resolves to a real, walled-off row. See the clinical lane on the Business page for governance and pricing.
The surface you build against
Everything above rides the same tools past the transport boundary — a model over MCP, or your app over /v1, gets the byte-for-byte-equivalent validated result. Here's the map.
The live path: a model calls recall_memory, remember_facts, learn_facts, and retract_fact as tools (with an OpenWebUI REST shim: POST /recall_memory, /remember_facts, …). OpenWebUI stamps the seat with the X-OpenWebUI-User-Id header; connect Claude or any MCP-speaking model and the same validated memory comes back.
/v1 — for your app (preview)The developer API: POST /v1/memories to remember, POST /v1/recall to recall grounded prose, plus /v1/documents, /v1/learn, /v1/corrections, and the clinical /v1/patients lane. JSON in, JSON out. It's in preview and is an opt-in billable add-on — off by default, granted per-seat.
flk_account / control-plane key — the tenant & provisioning contextflu_per-seat token — what a client connects with, scoped to that seatThe connection is the identity: an flk_ key is the account/upstream/control-plane credential (mint seat tokens, provision, account ops); an flu_ token is what a seat connects with to read and write its own memory. Want the deeper architecture — validated writes, the epistemic firewall, the temporal dual-clock? That's the Geek page and the Research deep-dive.
/v1; swap the model without touching the truth.Grounded, traceable, isolated, validated — reachable over MCP and the /v1 API. Start free, or read the full architecture.