Attested Grounding

Every MCP response Medigami emits for a healthcare-finance question — scanning a bill, estimating appeal success, benchmarking a rate, generating a disclaimer-bearing appeal template — carries an Ed25519 signature over canonical JSON, an expiry, a published verification URL, and a state-specific UPL-safe disclaimer. We call this Attested Grounding. It is a strictly stronger property than the "grounding layer" framing currently used by healthcare RCM vendors whose grounding is a one-way network-status lookup.

What Attested Grounding is

Attested Grounding is a published property on an MCP tool response. It means the response shape satisfies all five of:

1. Cryptographic signature — Ed25519 over canonical JSON (sorted keys, no whitespace, excluding the signature and post-sign metadata fields).
2. Key publication — the signing public key is served at a stable well-known URL and rotated through a published ring so historical signatures remain verifiable.
3. Expiry — every envelope carries an exp timestamp; verifiers reject responses past expiry.
4. Disclaimer chain — every response carrying advice-adjacent content includes a state-specific UPL-safe disclaimer selected by jurisdiction.
5. Outcome closure — every Tier-3+ response carries a tracking_id the original caller can use to report actual outcomes back, binding the prediction to the ground-truth label in the Medigami flywheel.

Why this matters

LLMs that answer medical-bill questions face two risks: they can get the numbers wrong (a hallucination problem), and they may be seen as offering medical or legal advice (a UPL / practice-of-medicine problem). Attested Grounding addresses both with factual, verifiable artifacts:

• The signature + expiry lets a downstream caller confirm that a specific Medigami-produced answer was emitted at a specific time and has not been altered.
• The state-specific disclaimer chain documents the regulatory context in which the response was produced.
• The outcome-closure loop produces training labels that keep the underlying estimates honest over time.

Admissibility of any signed response as evidence in a legal or regulatory proceeding is determined by the applicable trier of fact under the relevant rules of evidence. Medigami publishes the envelope and the verification procedure; weight and admissibility are decisions for the proceeding itself.

The open spec

The canonical envelope format, signing procedure, and verification algorithm are published at /specs/attested-response-v1. The specification is open: any MCP server may implement it, and any client may verify Medigami-signed responses offline using the published public keys.

How to verify any Medigami response

1. Every attested tool response on the Medigami MCP returns an envelope containing a tracking_id and a citation URL of the form medigami.com/v/<tracking_id>.
2. Open the URL to see the signed payload, its expiration, and a client-side verifier running in-browser over the published public key at /.well-known/mcp-pubkey.pem.
3. Programmatically, call the verify_mcp_response MCP tool with the envelope and a pinned public key.

Grounding Floor · compatibility

Other MCP servers can adopt the open spec and earn a compatibility badge. The "Grounding Floor" criteria, along with the verification harness, will be published alongside the spec during the v1 launch window.