Rōvn is the operating network for the healthcare workforce, verify a clinician once, reuse everywhere. One coherent agentic system, not twelve tools. AI operates the workflow. Source systems prove the facts. Humans make every regulated decision.
Target: take time-to-fill from ~78 days toward under 14 (a target, not a delivered result).
Today, workforce trust is rebuilt from zero at every facility, the same clinician is re-verified, re-credentialed, and re-cleared in parallel silos that share nothing. Rōvn owns the reusable layer underneath: verify once, and the source-receipted evidence, freshness clocks, and named human decisions carry across every facility instead of being re-paid for. That is the moat, every verified worker and every facility workflow compounds into a network that gets cheaper and faster for the next one, and the data flywheel turns on with the first pilot.
Product Overview: Ship State Ledger
Date: 2026-06-19 Posture: Pre-launch. Core rails live. 0 paying production traffic.
LIVE means deployed and smoke-tested against a synthetic 43-role / 51-jurisdiction corpus; no real roster, no paying PHI has run through it.
This document is the single source of truth for what Rōvn has actually shipped vs target-state. Every LIVE claim can be grep-verified against
app/main.pyor the migrations directory. Investors WILL pull on this in DD.
1. Truth Tiers
| Tier | Meaning |
|---|---|
| LIVE | Route registered in app/main.py, migration applied, smoke-tested in prod |
| PARTIAL | Schema and partial code exist, end-to-end workflow not yet wired |
| TARGET | Roadmap item, no shipped code yet (or scaffolding only) |
2. Capability Ledger
Worker Passport (rovn.to / passport.rovn.to)
| Capability | Status | Evidence |
|---|---|---|
Worker signup + intake (/start) |
LIVE | main.py:177-184, static/start.html |
Worker wallet UI (/wallet, /network) |
LIVE | main.py:187-205, static/worker-network.html |
| Worker auth v2 (Cognito-backed) | LIVE | nurse_auth.py + worker_auth.py routers + migration 073 |
| AuthKit integration | LIVE | worker_authkit.py router + migration 075 |
| Worker profile v2 schema | LIVE | Migrations 070, 071 |
Worker public profile /p/{slug} |
LIVE | public_verify.py + nurse_profiles.py |
| Identity verification (Persona IAL2) | LIVE | identity.py router + migration 006 |
| License catalog | LIVE | licenses.py + migration 008 |
| Document upload + immunization records | LIVE | documents.py, immunizations.py |
| Network apply (worker → facility) | LIVE | worker_network.py + migration 049 |
| Worker referral / network growth | LIVE | Migration 051 |
| Verification coverage map | PARTIAL | Source receipts exist; per-worker coverage UI in progress |
| Continuous monitoring (Nursys e-Notify) | PARTIAL | Account live, ingestion route shipped (migration 007), full subscription flow target |
| Renewal reminder workflow | PARTIAL | expirables_reminder_log (migration 057) exists, UX pending |
| Worker premium SKU ($9.99/$24.99) | TARGET | Post-launch upside, not in 5-year base case |
Pricing posture. Facilities enter paid at Readiness $2,500/mo (~$30K ACV; the dashboard is not free) → OperatorProduct surface04.3 Facility Workflow Memo · the facility-side AI workforce Operator pilot $12K/90d → Core $10K/mo → OperatorProduct surface04.3 Facility Workflow Memo · the facility-side AI workforce Operator $20K/mo → Platform $1M+; workers free. Full ladder in 02.2.
Source Authority Adapters
Live adapter modules in app/services/source_adapters/:
| Source | Status | Notes |
|---|---|---|
| NPDB (Continuous Query) | LIVE adapter | npdb.py adapter + npdb.py router + migration 052; account DBID 399700000147857 active, full QRXS integration in progress |
| DEA | LIVE adapter | dea.py adapter + dea_verification.py router + migration 063 |
| Nursys (e-Notify) | LIVE adapter | nursys.py adapter + Nursys e-Notify account LIVE |
| OIG LEIE | LIVE adapter | oig.py adapter + migration 005 exclusions table |
| SAM.gov | LIVE adapter | sam.py adapter |
| Verifiable (state board federation) | LIVE adapter | verifiable.py adapter + migration 067 |
| State licensure coverage (50 states plus DC) | LIVE coverage map / PARTIAL automation depth | 43 rolesRole coverage43 healthcare roles in the Rōvn workforce catalog · 07.7 + 11.3 coverage grid, 51 jurisdictionsJurisdictional coverage50 US states + DC = 51 jurisdictions · 11.3 coverage grid · 07.7 Source Authority Rail, 2,193 role/state cells, 0 unsupported cells. API/source-receipted where live; manual PSV where automation is not live. |
| ABMS (board certification) | TARGET | Roadmap; AMA / ABMS API integration scheduled Q3 2026 |
| AMA Physician Profile | TARGET | Roadmap Q3 2026 |
| CMS PECOS (payer enrollment) | PARTIAL | payer_adapters/ exists for Aetna, BCBS, Cigna, Humana, UHC; CMS PECOS direct API target |
Adapter count: 50-state plus DC verification coverage map + 6 federal/national sources + 5 payer adapters = source authority rails plus the 43-role, 51-jurisdiction coverage map live.
Hash-Chained Audit Log
| Capability | Status | Evidence |
|---|---|---|
| Hash-chain append + verify | LIVE | audit.py router with /events/recent, /chain/head, /chain-head; 2026_04_14_audit_log_harden.sql |
| Source receipts archive (per verification) | LIVE schema / PARTIAL ingest | Migration 032 (source_receipts_and_authority_policies), 062 (source_adapter_evidence), 068 (source_receipts_s3_artifact). Schema present, not yet fully populated across every verification path. |
| S3 Object Lock 7-year retention | LIVE infra | S3 bucket policy + Object Lock configured; ADR-006 documents pattern |
| Audit chain replay endpoint | LIVE | /audit/chain-head |
| Joint Commission / CMS surveyor/CMS audit packet builder | TARGET | Audit Trail Composer roadmap |
AI Trust Layer (Anthropic Claude)
| Capability | Status | Evidence |
|---|---|---|
| Claude executor (Haiku/Sonnet) | LIVE | Task definition :147 confirmed; app/services/ai_gateway.py; migration 029 (ai_trust_layer) |
| Opus 4.7 advisor tool (beta header) | LIVE | Task definition :110+; beta header advisor-tool-2026-03-01; ZDR-eligible |
ai_runs ledger |
PARTIAL | Schema in migration 029 + 031; advisor_calls + token cost capture per memory log; not every executor path wired |
| Document extraction OCR/LLM | LIVE | connect_ai_workbench.py + worker_ai.py routers |
| Anomaly flagger | PARTIAL | anti_fraud.py service + migration 064; full coverage in progress |
| Privileging packet builder | PARTIAL | privileging.py router + fppe_advisor.py service; migrations 042, 055, 059 |
Rōvn facility workflow layer (Facility Cockpit)
Layer note. facility workflow layer is the facility cockpit, it orchestrates facility-side workflow (demand, intake, triage, privileging committee, hire, onboard, active-staff roster) and reads the Rōvn network's verified output. Verification, credentialing, recredentialing, continuous monitoring, the source authority rails plus the 43-role, 51-jurisdiction coverage map, and the hash-chained audit log are Rōvn network functions (the "Source Authority Adapters", "Hash-Chained Audit Log", and "Privileging & Recredentialing" sections above). The facility workflow layer routes below, including the Credentialing Workbench and Active Staff Monitoring, are facility-side read/orchestrate surfaces over that engine, not separate per-facility verification engines.
OperatorProduct surface04.3 Facility Workflow Memo · the facility-side AI workforce Operator model. facility workflow layer is an AI operator, not a dashboard, it runs every applicant through the hiring pipeline autonomously and pauses only at the four human decision gates (interview, offer, hire, privilege). Every operator action carries a confidence score: high-confidence + low-stakes runs autonomously; low-confidence or any hiring, credentialing, privileging, or clinical stakes routes to a human. See the Facility Workflow Memo for the OperatorProduct surface04.3 Facility Workflow Memo · the facility-side AI workforce Operator surface and the Applicant Comparison Engine.
| Capability | Status | Evidence |
|---|---|---|
Hospital portal /portal |
LIVE | main.py:215-218; hospital-portal.html |
| Hospital SSO (WorkOS) | LIVE | sso.py router + migration 074 |
| Hospital auth (legacy + admin) | LIVE | hospital_auth.py, admin_auth.py |
| facility workflow layer command center | LIVE | rovn_connect_command.py + migration 033 |
| facility workflow layer overview / demand / talent | LIVE | connect_overview.py, connect_demand_talent.py |
| facility workflow layer pipeline (hiring) | LIVE | connect_pipeline.py + migration 038 |
| facility workflow layer AI workbench | LIVE | connect_ai_workbench.py + BUILD_DEPLOY_PROOF_2026-05-14_CONNECT_AI_WORKBENCH.md |
| facility workflow layer credentialing workbench | LIVE | connect_credentialing_workbench.py |
| facility workflow layer clearance / readiness | LIVE | connect_clearance.py, connect_readiness.py |
| facility workflow layer active staff monitoring | LIVE schema / PARTIAL ingest | connect_active_staff.py + migration 043 (monitoring_action_center); delta ingestion pending |
| facility workflow layer agency / binders / trust officer | LIVE | connect_agency.py, connect_binders.py, connect_trust_officer.py |
| facility workflow layer integrations retry workbench | LIVE | Migration 037 |
| facility workflow layer billing | LIVE | connect_billing.py + migrations 009, 010, 011 |
| facility workflow layer bulk operations | LIVE | connect_bulk.py |
| facility workflow layer worker view + audit hardening | LIVE | Migrations 045, 047, 048 |
Privileging & Recredentialing
| Capability | Status | Evidence |
|---|---|---|
| Privileging foundation | LIVE schema / PARTIAL workflow | privileging.py router + migration 042; production privileging committee workflows pending design-partner pilot |
| OPPE / FPPE | PARTIAL | oppe_fppe.py router + migration 055; oppe_outliers.py service; real-world workflows pending |
| Recredentialing cycles | LIVE schema | Migration 058 (recredentialing_cycles); recurring 90-day pre-build pending |
| Recredentialing export | LIVE | recredentialing_export.py |
Payer Enrollment
| Capability | Status | Evidence |
|---|---|---|
| Payer enrollment foundation | LIVE schema | Migrations 039, 040, 041, 056 |
| Payer adapter library (5 payers) | LIVE adapters | payer_adapters/, Aetna, BCBS, Cigna, Humana, UHC |
| CMS PECOS direct integration | TARGET | Roadmap |
| Coverage readiness | LIVE | coverage_readiness.py + migration 040 |
Workforce Catalog
| Capability | Status | Evidence |
|---|---|---|
| 43 healthcare roles | LIVE | workforce_catalog.py router + migration 072 (universal_healthcare_workforce_catalog) |
| Worker profile extras (per-role fields) | LIVE | worker_profile_extras.py |
| Clinician screens | LIVE | clinician_screens.py + migration 066 |
/experience Aggregator
| Capability | Status | Evidence |
|---|---|---|
Per-nurse aggregator (/experience/nurse/{id}) |
LIVE | experience.py:41 |
Per-hospital aggregator (/experience/hospital/{id}) |
LIVE | experience.py:197 |
MCP Server
| Capability | Status | Evidence |
|---|---|---|
MCP server at passport.rovn.to/mcp |
LIVE | mcp_server.py router + memory log project_rovn_mcp_server_live.md; task def 108; smoke green |
Zero-PHI tool lookup_rovn_passport |
LIVE | Single tool wired; outbound + inbound tokens in AWS Secrets Manager |
Consent / Ledger / Audit Tables (Truth)
| Capability | Status | Evidence |
|---|---|---|
ai_runs table |
PARTIAL | Schema migration 029; partially wired across executor paths |
source_receipts table |
PARTIAL | Schema migrations 032, 062, 068; partial population across verification paths |
consent_events table |
TARGET | Schema scaffolding present in worker_profile_v2-era migrations; user-facing consent UX pending |
| Audit log table (hash-chained) | LIVE | Hardening migration 2026_04_14_audit_log_harden.sql |
Universal Healthcare Workforce Catalog
| Capability | Status | Evidence |
|---|---|---|
| 43-role taxonomy | LIVE | Migration 072; BUILD_DEPLOY_PROOF_2026-05-13_UNIVERSAL_WORKFORCE.md |
| Per-role requirement matrix | LIVE | workforce_catalog.py |
3. What we explicitly do NOT claim
- ❌ Absolute PHI-breach-count claims, do not turn the absence of paying production PHI into a security claim. Say: pre-launchStage03.1 Company Overview · pre-launch by design, zero paying customers, zero signed pilots or design partners, PHI-minimized architecture, no known production PHI incidents, and no paying-customer PHI processed at scale yet.
- ❌ SOC 2 certified, SOC 2 Type II is in progress with Drata. Observation window open; report target Q3 2027. Not certified yet.
- ❌ NCQA CVO certified, alignment work in progress. Not filed, not certified.
- ❌ Joint Commission accredited, architecturally Joint Commission / CMS surveyor-readySurveyor posture06.7 Compliance Binder · surveyor-ready evidence chain; no Joint Commission survey performed against Rōvn directly. Customers carry their own Joint Commission accreditation; Rōvn provides the PSV evidence rail.
- ❌ N paying customers, as of 2026-06-19: no signed pilots, no design partners, no LOIs, pre-launchStage03.1 Company Overview · pre-launch by design, zero paying customers, zero signed pilots or design partners by design; outbound targeting underway.
- ❌ Pentest report available, pentest scheduled Q4 2026.
4. What we DO claim (and can prove)
- ✅ source authority rails plus the 43-role, 51-jurisdiction coverage map live (50-state plus DC verification coverage map + DEA + NPDB + Nursys + OIG + SAM + Verifiable + 5 payer adapters)
- ✅ 80+ API routers registered in
app/main.py - ✅ 75+ database migrations applied
- ✅ Hash-chained audit log with S3 Object Lock 7-year retention
- ✅ Anthropic Claude BAA executed; Opus 4.7 advisor tool live via beta header
- ✅ AWS HIPAA-eligible architecture with BAA executed
- ✅ Persona IAL2, Checkr, WorkOS, Drata, vendor contracts active
- ✅ MCP server live at
passport.rovn.to/mcpwith zero-PHI tool - ✅ Buyer wedge defined: CAH, ASC, multi-site provider groups, GA/Southeast first, zero signed pilots or design partners; pre-launchStage03.1 Company Overview · pre-launch by design, zero paying customers, zero signed pilots or design partners by design.
- ✅ platform engineering partnership under NDA in place
5. Cross-Reference for DD Auditor
Auditor can verify each LIVE claim by grepping:
# Verify a router exists
grep "app.include_router(<module>" C:/Users/gm4pr/Rovn/rovn-platform/app/main.py
# Verify a migration exists
ls C:/Users/gm4pr/Rovn/rovn-platform/migrations/ | grep <migration_number>
# Verify a source adapter exists
ls C:/Users/gm4pr/Rovn/rovn-platform/app/services/source_adapters/
End of product overview.