Provana AcuteCare: Clinical Copilot with Guardrails

Boston AI Tinkerers Generative UI Hackathon | May 9, 2026

What we built

A clinical AI copilot that detects acute care scenarios from natural language input, generates the appropriate workflow interface at runtime, and enforces clinical scope of practice through a governance layer.

Three protocols implemented: sepsis, stroke, and pediatric fever. Each protocol renders a dynamic card with patient-specific context (vitals, allergies, checklist items, medication orders). The system mutates protocols when patient data requires it. A documented penicillin allergy causes the sepsis card to cross out Pip-Tazo and substitute Meropenem, with cross-reactivity reasoning visible.

Built in six hours at the Boston AI Tinkerers Generative UI Hackathon with Sai Gopal Jarabana. I contributed the governance layer. Sai built the dynamic clinical UI generation and protocol engine.

My contribution: the governance layer

Role-based access control

Three clinical roles enforce scope of practice: Nurse, Doctor, and Attending. Every action attempt is checked against the role at the moment of execution, not at login. A nurse cannot order antibiotics (requires Doctor). Only an Attending can authorize tPA or activate massive transfusion protocol.

Four governance outcomes

• SERVE. Protocol renders with all checks passed. Clinician is authorized for the requested action.
• BLOCK. Clinician attempts an action outside their scope. Denied inline with reason shown. Logged.
• ROUTE. Clinician escalates an action to a higher role via the approval pathway. Audit shows ROUTED outcome.
• MUTATE. Patient context (allergies, contraindications) modifies protocol recommendations automatically. Penicillin allergy swaps Pip-Tazo for Meropenem with cross-reactivity reasoning visible.

Audit trail

Every governance decision is logged with role, action, timestamp, and reason. Append-only, tamper-resistant design pattern. Visible in the demo UI on demand.

Integration

Bootstrapped from my governed-incident-agent scaffold. Adapted the RBAC model from OHS workplace safety roles (operator, supervisor, admin) to clinical roles (nurse, doctor, attending). Wired the protocol card components to the governance action pipeline through a ProtocolRenderer bridge that passes governance hooks to each card type.

Why governance is portable

The governance architecture required zero structural changes to move from workplace safety to acute care medicine. The controller does not know whether it is governing a confined space rescue procedure or a sepsis antibiotic order. It knows roles, permissions, evidence thresholds, and outcomes. The domain lives in the data and the UI. The governance lives in the architecture.

This is the thesis behind Keystone AI: governed agents need a control loop that is independent of the domain.

Tech stack

• CopilotKit 1.56.5 (react-core, react-ui, runtime)
• Next.js 16
• TypeScript
• Zustand (governance event store)
• OpenAI GPT-4o (via CopilotKit runtime adapter)
• Tailwind CSS

Repos

• github.com/saigopaljarabana/provana-acutecare (team project)
• github.com/arnaldosepulveda/governed-incident-agent (solo project, governance scaffold source)