RayRay Documentation
Enterprise Intelligence Platform with Human-in-the-Loop AI
Mission Statement
RayRay bridges the gap between AI capabilities and government compliance requirements. The system enforces mandatory human verification of all AI-generated extractions before database commitment, ensuring full auditability and regulatory compliance with OMB M-25-21, NIST 800-53, and FedRAMP frameworks.
Core Capabilities
- Spatial Evidence Traceability — Every extraction links to source coordinates via bounding boxes, enabling 100% source verification
- Mandatory Human-in-the-Loop — LangGraph checkpoints enforce human review prior to any database write operation
- Immutable Audit Logs — Blockchain-style SHA-256 hash chains provide tamper-evident event history
- Labor Optimization Metrics — Automated time-savings calculation for ROI reporting to agency leadership
- Redundancy Validation — Pre-review quality checks flag low-confidence extractions for additional scrutiny
Compliance Posture
| Framework | Control | Implementation |
|---|---|---|
| OMB M-25-21 | Human Oversight | LangGraph checkpoint requires human review before commit |
| NIST 800-53 | AU-9 | Cryptographic hash chain protects audit log integrity |
| NIST 800-53 | AC-3 | Role-based access control (Observer, Analyst, Reviewer, Admin) |
| NIST 800-53 | IA-2 | OAuth 2.0 + TOTP MFA authentication |
| FedRAMP | Audit Trail | Append-only event log with SHA-256 checksums |
Quick Start
# Backend API
cd apps/api
pip install -r requirements.txt
uvicorn app.main:app --reload --port 8000
# Frontend (new terminal)
cd apps/web
npm install
npm run devAccess the application at http://localhost:3000. See Quick Start for demo credentials.
Documentation Index
| Section | Audience | Content |
|---|---|---|
| Introduction | All Users | System overview and capabilities |
| Quick Start | All Users | Installation and first document |
| Installation & Deployment | ISSOs, DevOps, SysAdmins | Prerequisites, Docker, production checklist, security hardening |
| Extraction Workflow | Analysts | Document processing and review procedures |
| Comparison & Scoring | Analysts, Decision Makers | Multi-criteria comparison, scoring profiles, exports |
| Spreadsheets | Analysts | Excel/CSV processing guide |
| Export & Briefing | Analysts, Reviewers | Decision memos, PPTX briefings, audit logging |
| API Reference | Developers | REST endpoints, authentication, error codes |
| Architecture | Architects | System design, data flow, security model |
| Authentication | Security Teams | OAuth 2.0 + TOTP MFA implementation details |
| MFA Setup | All Users | Step-by-step MFA enrollment guide |
| Audit System | ISSOs, Auditors | Immutable logging, hash chain integrity, verification |
| Compliance | ISSOs/ISSMs | NIST control mappings, M-25-21 alignment |
| Changelog | All Users | Version history and release notes |
| Glossary | All Users | Key terms and definitions |
| Troubleshooting | All Users | Common issues and resolutions |