medharness

MedHarness is a Python framework that helps teams at medical software companies use AI coding assistants without violating health data privacy laws. It is built for companies in healthcare data that need to comply with HIPAA (the US health privacy standard) and PIPL (China's personal information protection law). The stated goal is to take a team from informal individual AI editor use to an auditable, enterprise-grade system in six months.

The core of MedHarness is a multi-step workflow that governs every piece of code a developer writes with AI assistance. There are two tracks: a 12-step full track for complex or sensitive changes, and a shorter 5-step micro track for small edits like documentation changes or test additions. The first step in the full track is a compliance check that classifies the data involved and confirms the AI model being used is on an approved list. The final step generates a tamper-evident audit archive with a hash chain, intended to be stored for six years to meet regulatory retention requirements.

The framework bundles 23 specialized skills and 8 MCP servers, which are modular tools that connect the AI coding environment to specific compliance capabilities such as patient data de-identification, audit logging, and test data generation. Raw patient identifiers are never allowed to enter a prompt directly; the system enforces a de-identification step before any AI interaction involving sensitive data.

There is a community edition under Apache 2.0 that includes the core architecture, skills, and MCP servers. A commercial edition adds a trained Chinese medical data detector, a managed cluster for audit storage, a dashboard, and 24/7 compliance support.

The README is primarily in Chinese, with code examples and architecture diagrams that are readable even without knowledge of the language. The project is at v0.1.0 alpha stage.