Where did this file come from?
It is a simple question, and almost no scientific tool can answer it. Inflexa records the method, the parameters, the inputs, the content hash, and the model that reasoned about each step — mechanically, as the work happens. The record is not written by an AI. It is observed.
The AI does not write the provenance record.
This is the part people assume we get wrong, and it is the part we were most careful about. If an agent were asked to describe what it had just done, you would get a plausible summary, and a plausible summary is worthless as evidence. Models omit steps. They round numbers. They reconstruct a tidy narrative of a messy run. A provenance record written by a language model is a story about an analysis, not a record of one.
So the model is never asked. Provenance in Inflexa is emitted by the execution layer itself: when a command runs in the sandbox, the runtime observes what it read, what it wrote, the parameters it was given, and the hash of every file that went in and came out. Those facts are captured mechanically, at the moment they happen, by code that has no discretion about it.
The model is a subject of the record, not its author. Its identity is recorded by resolved name, so you know precisely which model made which call but it has no say in what gets written down, and no way to leave anything out.
Ask the agent to summarise its own work, and store that summary as the audit trail. It is easy, it demos well, and it is not evidence.
Instrument the execution layer, so the record is a mechanical consequence of the run. The same run produces the same graph, every time.
A closed vendor's record is still a favor.
Plenty of closed platforms will show you a provenance record. You have no way to check whether it is the whole story. The code that wrote the record is the code you cannot read, and the record describes the run you cannot inspect. What you are given is a claim about a claim, and your only recourse is trust.
Inflexa's provenance is written by code you can read, in a format anyone can parse, signed with a key you hold, and verifiable without us. If we disappeared tomorrow, the record would still verify. That is the difference between a vendor telling you your result is traceable and your result actually being traceable.
Three foundations of a reviewable result
Inflexa runs targeted PubMed queries against each finding's hub genes, transcription factors, and pathways. Every claim in the dossier links to its supporting PMID.
Each step is written once as it happens — input, method, parameters, output — into a hash chain signed with your Ed25519 key. Alter an entry after the fact and verification fails.
Every file is an entity keyed on its path and content hash. Ask where an output came from and Inflexa walks back through the commands that produced it to the inputs they read.
Written as it happens. Signed, so a later edit shows.
If a reviewer asks 'what ran, when, and with what inputs?', the answer is already recorded.
Every agent action is captured at the moment it occurs: tool call, command, parameter selection, intermediate decision. Entries are appended to a SHA-256 hash chain and signed with an Ed25519 key. Nothing stops someone with disk access from editing the file, but the signature will no longer verify, and inflexa prov verify will say so. The record is tamper-evident rather than tamper-proof, and the distinction is one we would rather state than blur.
- recommendation_summary.jsonT4S2/output4/19/26, 9:02:51 PMSyncedService7443274f
- final_recommendation.mdT4S2/output4/19/26, 9:02:51 PMSyncedService1eae4274
- summary_dashboard.pngT4S2/figures4/19/26, 9:02:51 PMSyncedService408b5e0d
- summary_dashboard.pdfT4S2/figures4/19/26, 9:02:51 PMSyncedServicee55ae0b4
- sar_structural_path.pdfT4S2/figures4/19/26, 9:02:51 PMSyncedService377a2c47
- molecule_grid_top_candidates.pngT4S2/figures4/19/26, 9:02:51 PMSyncedService28331cb7
- scaffold_ranking.csvT4S2/output4/19/26, 9:02:51 PMSyncedService492baa68
- comparison_table.csvT4S2/output4/19/26, 9:02:51 PMSyncedService47498e57
- integrated_recommendation_report.pyT4S2/scripts4/19/26, 9:02:51 PMSyncedServicef098653c
- Timestamp
- 4/19/26, 9:02:51 PM
- Action
- Synced
- Artifact
- molecule_grid_top_candidates.png
- Actor
- Service
- Size
- 91 KB
- Step
- T4S2
- Run
- 6382f44e-bcb3-464b-8c0b-ebee964415eb
- Synced
- ✓ Yes
- file id
- 019da6e8-d969-7eb4-9657-aabb1388d9…
Ask a file where it came from.
Files are keyed on path and content hash, so lineage merges across runs on its own.
Every command Inflexa executes records which files it read and which it wrote. Those records are the edges of a graph whose nodes are files, identified by path and content hash, which means a file produced in one run and consumed in another stitches the two runs together without anyone asking it to. Point inflexa prov lineage at an output and it walks backwards through the commands that produced it, to the inputs they read, as far back as the record goes.
Which model decided this?
When a language model chooses a normalization method or interprets an enrichment result, that choice is part of your analysis. A year later, when the finding is questioned, "an AI suggested it" is not an answer anyone can work with.
So Inflexa records the model as an agent in the provenance graph, by resolved name, not the alias you typed, but the specific model that answered. Every step it reasoned about is attributed to it, and the model itself is attributed to you: you remain the responsible party, and the record says so.
Nothing sensitive goes in. The record carries the model's identity, never your API key and never your prompts.
This is the claim a closed vendor structurally cannot make. They can tell you a model was involved. They cannot show you a record you are able to check.
"agent": {"inflexa:model/anthropic/claude-opus-4-8": {"prov:type": "prov:SoftwareAgent","inflexa:kind": "inflexa:Model","inflexa:name": "anthropic/claude-opus-4-8",},"inflexa:user/rt": {"prov:type": "prov:Person"}},"actedOnBehalfOf": {"_:d1": {"prov:delegate": "inflexa:model/anthropic/claude-opus-4-8","prov:responsible": "inflexa:user/rt"}}
Every claim, traced to a PMID.
For each programme or candidate it surfaces, Inflexa runs targeted PubMed queries against the relevant hub genes, transcription factors, and pathways. Queries are scoped to the finding (a CXCL13-centred search is not the same as a broad UC literature pull), and each query is logged as part of the analysis provenance.
Evidence chains are assembled from the literature tier by tier: basic biology first, then preclinical evidence, then clinical evidence where it exists. Each step in the chain is a distinct claim, and each claim carries a hyperlink to its supporting source. The chain is not a summary, it is a traceable argument.
The result is a defensible mechanism narrative: not "Inflexa says so", but "here are the papers that support each step of the chain, with PMIDs you can audit." When your biostatistician or external collaborator asks how a mechanism was grounded, the answer is in the dossier, not in a follow-up email.
- Basic biology
CXCL13 is expressed by T follicular helper cells and drives B-cell recruitment in inflamed tissue.
PMID 19620293 ↗ - Preclinical evidence
CXCL13 blockade reduces B-cell infiltration and attenuates colitis severity in murine UC models.
PMID 28842433 ↗ - Clinical evidence
Elevated CXCL13 serum levels associate with treatment non-response in paediatric UC cohorts.
PMID 36792466 ↗
Built for the review your team will get.
The version of you that has forgotten this analysis is the harshest reviewer it will get. Which parameters, which model, which input file — recorded at the time, not reconstructed from memory.
Send a CRO or academic partner the provenance document alongside the result. They verify the signature themselves, with a tool whose source they can read. Shared evidence, not shared trust.
Every claim carries its PMID, every figure carries the command that drew it, and the record is aligned with the W3C provenance standard rather than a format only we can read.
Ask your own files where they came from
Inflexa is free and open source under Apache 2.0. Install it, run an analysis, and export the provenance document.