AXIS BLUE
CONTROL THE WORK. CONTROL THE RECORD.
Doctrine

Metadata-first capture. Scan-first. Images transient.

AXIS collects signals, not photos. This doctrine governs capture, storage, and access across all tools.

Core principles

AXIS does not collect photos; it collects signals. Records are structured metadata, verified IDs, contextual signals, signed events, and derived attributes.

Non-negotiables
  • Scan-first: barcode / QR / NFC preferred; images last resort.
  • Metadata-first: structured identifiers are the record.
  • Ephemeral imagery: processed, extracted, discarded.
  • Operator as sensor: point, tap, confirm; no archives.
Image doctrine

Images exist only long enough to extract value, then are discarded unless explicit, time-bound exceptions are configured.

Allowed & enforced
  • Use fixed ratios, blur/luminance checks, edge detection.
  • Auto-crop/level/compress/analyze; no save dialogs.
  • Extract: IDs, facings, condition hints, timestamps, confidence.
  • Exceptions: legal/audit claims with TTL, encryption, logging.
Scan & event enforcement

Scans are signed events, client-scoped facts. No direct catalog overwrites; promotion follows thresholds and validation.

Priority order
  • Barcode/UPC → QR → NFC → derived metadata → human confirm → raw image (last resort).
  • NFC: high-trust, explicit confirm, auto-bind to store/client.
  • QR: program triggers, boundary unlocks, lean payloads.
Operator protection

No galleries, no surveillance feel, no visual judging. Operators contribute signals, not artifacts.

Experience rules
  • One intent per flow; visible constraints; silent enforcement.
  • Fast, consistent, context-rich, machine-first, ephemeral.
  • Least privilege, workspace isolation, permit/time/window enforced.
Legal posture

Metadata-only records reduce surveillance risk. Raw imagery is non-persistent by default.

Contract & compliance
  • “AXIS processes signals; raw inputs are transient.”
  • GDPR/CCPA aligned: data minimization, purpose limitation, TTL, signed events.
  • Client data separation; aggregation is non-identifiable.
Keyholder governance

Permits, not accounts. Scoped, revocable, logged. No lateral movement.

Controls
  • Permit fields: permit_id, client_id, workspace_id, role, start/end, allowed actions.
  • Routing via Keyholder Gateway; denial on any failed check.
  • Automatic expiration; immediate revocation; append-only logs.