Data Flow

BaselineOS Data Flow

What data flows to the Anthropic API (and other LLM providers)

Note

BaselineOS is designed with data minimization and organizational sovereignty as core principles. This document maps every data flow to external LLM providers so operators can make informed decisions about deployment, compliance, and trust boundaries.

High-Level Architecture

flowchart TB
    subgraph Org["Organization Data (stays local)"]
        Config["baseline.config.ts\nVoice, terminology, authority"]
        Frame["Frame context\n6-dimension lens"]
        Persona["Persona definitions\nRole-specific behavior"]
        Vault["Credential Vault\nAPI keys, secrets"]
        Memory["Memory Store\nInteraction history"]
    end

    subgraph OS["BaselineOS Runtime (local)"]
        Orchestrator["Orchestrator"]
        LayerSweep["LayerSweep\n(7 layers)"]
        Studio["Studio\n(provenance + artifacts)"]
        Govern["Govern\n(compliance gate)"]
    end

    subgraph External["External Services"]
        Anthropic["Anthropic API\n(Claude models)"]
        OpenAI["OpenAI API\n(GPT models)"]
        Bedrock["AWS Bedrock\n(enterprise models)"]
        Tavily["Tavily API\n(web search)"]
    end

    Config --> Orchestrator
    Frame --> Orchestrator
    Persona --> Orchestrator
    Vault -.->|"Key resolution"| Orchestrator
    Memory --> Orchestrator

    Orchestrator --> LayerSweep
    LayerSweep --> Studio
    Studio -->|"Generate request"| Anthropic
    Studio -->|"Generate request"| OpenAI
    Studio -->|"Generate request"| Bedrock

    Anthropic -->|"Generated content"| Studio
    OpenAI -->|"Generated content"| Studio
    Bedrock -->|"Generated content"| Studio

    Studio --> Govern
    Govern -->|"Audit log + evidence"| Memory

Task Execution Flow

Path: Orchestrator → LayerSweep → ExecutionEngine → Anthropic API

sequenceDiagram
    actor User
    participant Orchestrator
    participant LayerSweep
    participant ExecutionEngine
    participant Anthropic

    User->>Orchestrator: baseline.run({ title, description, ... })
    Orchestrator->>LayerSweep: sweep(taskContext)

    LayerSweep->>LayerSweep: Lang (terminology check)
    LayerSweep->>LayerSweep: Frame (authority/context)
    LayerSweep->>LayerSweep: Experience (consent)
    LayerSweep->>LayerSweep: Autonomy (trust/scope)
    LayerSweep->>LayerSweep: Persona (role loading)

    LayerSweep->>ExecutionEngine: execute(task, context)

    ExecutionEngine->>ExecutionEngine: Build system prompt
    Note over ExecutionEngine: persona + frame + lang
    ExecutionEngine->>ExecutionEngine: Build user message
    Note over ExecutionEngine: task description + code + output

    ExecutionEngine->>Anthropic: POST /v1/messages
    Anthropic->>ExecutionEngine: { content, usage, stop_reason }

    ExecutionEngine->>ExecutionEngine: Verify output
    Note over ExecutionEngine: verifier prompt → Anthropic
    ExecutionEngine->>ExecutionEngine: Quality check
    Note over ExecutionEngine: quality prompt → Anthropic

    ExecutionEngine->>Orchestrator: result + artifacts
    Orchestrator->>Govern: audit(task, result)
    Orchestrator->>User: TaskResult

What Data Is Sent

To Anthropic (per messages.create call)

Field	Source	Sensitivity	Notes
system prompt	Persona + Frame + Lang + role prompts	Medium	Org voice, authority levels, terminology. Configurable per-deployment.
messages[].content	Task title, description, code, output	High	User-provided task data. Never logged to BaselineOS telemetry.
model	Config (claude-sonnet-4-6 default)	Low	Model version
max_tokens	Config (8000 default)	Low	Output limit
temperature	Config (0.3 default)	Low	Creativity setting

What Comes Back

• Generated text/code
• Token usage (input_tokens, output_tokens)
• Stop reason

Data That NEVER Leaves Your Infrastructure

Data	Location	Guarantee
API keys	Credential Vault (encrypted at rest)	Never sent to telemetry
Audit logs	Local .baseline/audit/	Append-only, signed
Evidence bundles	Local .baseline/evidence/	SHA-256 provenance
Memory / interaction history	Local store	User-controlled retention
Baseline config	baseline.config.ts	Local file only

Model Provider Options

BaselineOS supports multiple providers to match your trust boundary:

Provider	Model Prefix	Data Residency
Anthropic	claude-*	US-based
OpenAI	gpt-*	US-based
AWS Bedrock	bedrock-*	Region-specific (configurable)
Local (Ollama)	ollama-*, local-*	Fully local — no external calls
Mock	mock-*	No external calls — test responses

To run fully air-gapped:

const baseline = new Baseline({
  model: 'ollama-llama3.3',
});

Operational Metrics

Operators can audit all LLM calls via:

# List all tasks with token usage
baseline status

# Export evidence bundle (includes API call audit)
baseline evidence-export --format html

# Check governance status
baseline status --layers

Summary Table

Flow	Anthropic?	What Data	Configurable?
Task execution	Yes	Task description, code, system prompts	Model selection, prompt overrides
Streaming produce	Yes	System prompt, user message	Generator configuration
Research	Yes (optional)	Search query, web results	Tavily key optional
Verification	Yes	Generated output, criteria	Verifier prompt override
Quality gate	Yes	Generated output	Quality prompt override
Planning	Yes	Task description	Planner prompt override
Evaluations	Yes (test only)	Test cases	Test environment only