Pre-1.0 · API may change between minors · not yet on npm — use from source

Open-source SDK · Apache-2.0 · privacy is code

The second job caregiving never advertises.

Tracking authorizations before they lapse, chasing prescriptions, reading the insurer's fine print at midnight. kerkit is the SDK for that role — the tooling it has never had.

Read the source
Redaction boundary@kerkit/ai
On device
name
Marta Pérez
nationalId
12.345.678
diagnosis
Diagnóstico…
Sent to model
name
«NAME»
nationalId
«NATIONAL_ID»
diagnosis
⊘ omitido
no raw identifier reached the model
Domain model
encoded, not tribal knowledge
Privacy by construction
redaction before any model call
Calm interface
built for exhaustion

Eleven seconds, no setup

Run one command. Watch the DNI never leave the device.

No clone, no database, no API key. It prints the raw caretaker record beside the redacted projection the model actually receives, then proves the synthetic patient's identifier never reached the model.

kerkit — privacy demo
$ npx github:JuanseHevia/kerkit
Fetching JuanseHevia/kerkit · running privacy demo…
┌ RAW — what you store
│ name Marta Pérez
│ nationalId 12.345.678
│ diagnosis Diagnóstico de demostración
└ REDACTED — what the model receives
│ name «NAME»
│ nationalId «NATIONAL_ID»
│ diagnosis ⊘ omitido
✅ PASS — no raw identifier reached the model.

The gap

Between the hospital and the insurer sits a role no system was built for.

Hospital software

Serves the record.

Charts, orders, results — everything inside the hospital's four walls.

ends at the hospital door
The role no system serves

The caretaker

Holds both together.

Keeping the record and the claim in sync — on no budget, no training, usually under emotional weight that has nothing to do with software.

Insurer portals

Serves the claim.

Authorizations, coverage, fine print — everything the policy defines.

ends at the claim

Two systems, each complete. Neither one built for the person between them.

General-purpose AIanswers questions
Is the chemo authorization about to expire?
"In general, authorizations usually expire after 30–90 days — check with your provider."
Why that answer falls short
No domain model
can't tell which authorization is actually expiring
No structural privacy
to really help, it would need the raw DNI
No calm interface
a wall of generic text, at midnight
01

A domain model that already understands the problem.

02

Privacy enforced structurally, not promised.

03

An interface built for exhaustion.

kerkit closes that gap by refusing to treat it as acceptable. The tooling existed for insurers. It existed for hospitals. It did not exist for the person holding the two together — until this.

What it does

Three claims, each backed by something that runs.

Not something written — something you can execute.

01 · @kerkit/core

A domain model, encoded

Entities, Zod schemas, an authorization state machine, a care-event taxonomy — the logistics of caregiving written as types, not passed down as tribal knowledge. The state machine below is the real one, proven in production.

Pick a move. confirmed is terminal — nothing follows it.

From

To · green = reachable

isValidTransition('pending', 'confirmed' // true

Allowed — this move is in the graph.

02 · @kerkit/ai

Privacy by construction

Every field is classified at compile time. Direct identifiers become placeholder tokens before any model call; health fields pass only with an explicit opt-in written into your code; missing classifications fail safe. Toggle the view — the raw values never cross the boundary.

nameMarta PérezDirect identifier
nationalId12.345.678Direct identifier
credentialNumberDEMO-0001-00Direct identifier
diagnosisDiagnóstico de demostraciónSensitive health
treatmentPhaseEtapa IISensitive health
insurerId…-000000000010Logistics
createdAt2026-01-05T12:00ZPublic
raw record
03 · @kerkit/ui

Calm interface conventions

"Calm Confidence" design tokens and React Native components — designed against caregiving stress rather than around it. Green is reserved for forward progress; type never drops below a legible floor; nothing bounces. Shipping in waves.

forward
surface
pending
escal.
Source Serif
DM Sans · the UI voice, quiet and legible
JetBrains Mono · code & data

The privacy model, in full

For the reader who wants the mechanism.

Privacy is enforced in code, not documented in a paragraph — including, deliberately, the parts it does not guarantee.

Guaranteed, structurally
  • Classification enforced by CI. An unclassified field does not merge.
  • direct-identifier → token. The value becomes a placeholder before reaching a model. A structural guarantee, not a best effort.
  • sensitive-health → explicit opt-in. Passes only with a per-field opt-in written into the calling code.
  • Consent, export & deletion already exist in @kerkit/server — not roadmap items.
What is not guaranteed, said directly

Identifiers typed into free text are caught by a regex sweep plus known values — not by exhaustive detection. Recall on arbitrary input is measured, not assumed. A privacy claim that hides its own edges is worth less than one that states them.

Before
…Mamá (Marta Pérez, DNI 12.345.678) prefiere…
After · 2 caught
…Mamá («NAME», DNI «NATIONAL_ID») prefiere…

Full technical detail: docs/anonymization-testing-framework.md

Why Argentina first

Proven against one real system — structurally ready for the next.

Building for one real system first, instead of an abstract "global" one, was the only way the underlying claims could be tested against anything true. The authorization state machine, the entities, the email-signal patterns were proven against a real obra social, under real deadlines.

pack-argentina carries everything specific to that context — es-AR strings, the obra social model, DNI/CUIL redaction, Ley 25.326 guidance — kept structurally separate from the locale-neutral core · ai. That separation is the point: it is a template for what a locale pack looks like, not a boundary around what kerkit can become.

The path outward

core  ·  ailocale-neutral
pack-argentinaproven
pack-‹your-locale›the lane is open

Each region that adopts kerkit adds proof that the model holds outside the one system it was proven against — and a template that shortens the next builder's path. CONTRIBUTING.md already accepts Argentine insurer data rows without prior discussion; the same lane stands open for the pack that has not been written yet.

Get started

Two ways in.

Just evaluating

No install. The privacy claim, proven in eleven seconds.

$ npx github:JuanseHevia/kerkit

Building on it

Clone, build, test, then run the minimal caretaker server — no DB, no OAuth, no LLM key.

$ git clone github.com/JuanseHevia/kerkit
$ npm install
$ npm run build && npm run test
$ npm run dev -w examples/minimal-caretaker