How RAAgent handles your data and uses AI
RAAgent is built for the NSW Reconstruction Authority assessor workflow under the Disaster Recovery Funding Arrangements (DRFA). This page is the public record of how the platform handles council and claimant data and exactly where — and how — AI is used.
Government-grade information security
All assessment data is stored in a private, access-controlled database. Sign-in is domain-locked to authorised RHE Project Consulting staff and explicitly named NSWRA stakeholders. Anyone else is rejected at the door with HTTP 403.
AI cannot bypass security
The AI used by RAAgent has no access to your authentication, no ability to read other assessors' jobs, and no path to any external system. Its access is scoped to one specific task — extracting numbers from a single PDF when the assessor clicks the button.
The SQP makes every decision
RAAgent's tools surface options (Accept · RFI · Reject). The AI never marks an outcome on its own. The Suitably Qualified Professional clicks the verdict, and their click is what is written to the assessment artefact — never the AI's extraction.
Where your data lives, and who can see it
- Storage. Council submissions, assessor decisions, ledger workings, photo metadata, CET workings and verified-package snapshots are stored in a private MongoDB cluster scoped to the RAAgent application. There is no public read endpoint. Connection strings live in server-side environment variables, never in the frontend bundle.
- Access control. Sign-in requires an authorised email address. The list of approved addresses lives server-side (`ALLOWED_EMAIL_DOMAINS`, `ALLOWED_EMAIL_ADDRESSES`). Any other email returns 403 before the assessment UI is even loaded.
- Audit trail. Every assessor decision (per-DM verdict, per-line ledger override, scope confirmation, finalisation marker) is timestamped against the signed-in assessor's email. SLA timers (claim, in progress, completed) are persisted for every job. Nothing is silently changed in the background.
- No third-party analytics or tracking. RAAgent does not embed third-party analytics, marketing pixels or behavioural trackers. The only outbound calls from the backend are to (a) the assessor's database and (b) the AI provider for explicit, user-triggered PDF extraction.
- File retention. Uploaded ZIPs are processed into a private working directory. The verified-package layout is cached to the database so the preview survives disk pruning, but the raw uploads are not pushed to any external bucket.
The trajectory — from assistant to SQP
RAAgent today is an assistant. The DRFA Agent extracts, classifies, surfaces options and cites precedents — the SQP makes every decision and signs every assessment. That is the contract.
The DRFA Agent is also the endgame. Every decision an RHE assessor makes today feeds the precedent corpus. Every clarification, override, and free-text rationale becomes training signal — not for the model weights (we don't fine-tune), but for the retrieval-and-reasoning layer that wraps the model. As the corpus matures, the Agent will progressively assume more of the SQP role: first as a strong recommender (today), then as a default-decider on high-confidence, low-risk lines with the SQP signing the bundle, and eventually as the SQP itself for the categories where it has demonstrably outperformed the human baseline. The DRFA Agent will become the SQP — it will eventually feed every assessment process end-to-end, with the human in escalation / oversight rather than line-by-line decision-making.
AI extracts and classifies. Surfaces precedents and decision options. SQP decides every line. Audit trail on every click.
On high-confidence, low-risk lines the Agent picks a default verdict, the SQP confirms-or-overrides in a single click. SQP still signs the bundle.
For categories where the Agent demonstrably out-performs the human baseline against the precedent corpus, the Agent is the SQP. Humans handle escalations and audits.
Each phase shift is a governed milestone — not a silent upgrade. The phase the DRFA Agent is operating under is always visible at the point of decision, the assessor can always override and audit, and a phase change requires an explicit governance decision (Programme Director sign-off, NSWRA notification, statement update on this page). No phase change happens because of how this page is worded.
Exactly how — and where — AI is used
No mystery, no marketing waffle.
1. Where AI is used
AI is used in one place only: the "Extract defects from PDF" helper on the IngestJob page, which reads a SmartyGrants Form 306 claim form when the council uploads a PDF instead of the spreadsheet. The assessor explicitly clicks the button. Without that click, the AI is not invoked.
2. What the AI is allowed to do
The AI reads the one PDF the assessor uploaded and returns a structured list of candidate defects: damage ID, description, scope, ex-GST cost, completion date. The output lands in a review queue for the assessor. Nothing is persisted as an assessment outcome at this step.
3. What the AI is not allowed to do
- It does not access the assessor's database directly.
- It does not read other jobs, other councils, or anything outside the one PDF.
- It does not make any assessment decision (Accept / RFI / Reject) — those buttons exist for the SQP and only the SQP.
- It does not edit, sign or finalise any output artefact (the Assessment Spreadsheet, the Form 2, the Verified Package ZIP). Those are written by the platform using the SQP's recorded clicks.
- It cannot reach out to SmartyGrants, OneGMS, council systems, or any state-government system on its own.
4. Provider, model and key handling
Defect extraction uses Anthropic Claude (Sonnet 4.5) via the Emergent LLM gateway. The API key is held in a server-side environment variable (`EMERGENT_LLM_KEY`) and is never shipped to the browser. The prompt and the PDF go from the RAAgent backend → the gateway → the model, and the structured response comes back the same way. The model is invoked statelessly — there is no training, no retention beyond the gateway provider's standard terms, and no data shared between assessors.
5. SQP authority is absolute
Per the NSWRA DRFA assessor framework, the Suitably Qualified Professional (SQP) is the decision-maker. RAAgent encodes that hierarchy directly: AI is a research assistant, the tools (Ledger Checker · Photo Checker · CET Verifier · DRFA Expert) are advisors, and the SQP's click is the only thing that produces an assessment outcome. If the SQP overrides every AI suggestion, the assessment is the override.
Honest disclosures
- Cloud hosting. RAAgent runs on a managed cloud platform — not on on-premise government infrastructure. If your programme requires data residency inside a specific cloud region or government cloud, contact us before onboarding so we can scope the migration. The current preview environment is hosted in a region selected by the platform; production data handling is identical.
- AI provider. Anthropic Claude is the model used for PDF defect extraction. The model provider's standard terms apply for that single transaction. RAAgent does not opt the model into training on your data, and the prompt sent never includes other assessors' jobs.
- Authentication. The current MVP uses an email allowlist (RHE domain + explicit guest list). NSW Gov SSO is on the roadmap (P2) and will replace the allowlist when your organisation is ready.
- No silent learning — precedents are explicit and cited. RAAgent captures every assessor decision into a queryable corpus (the "precedent corpus", viewable in-app at /precedents). When the DRFA Expert is asked a question, matching precedents from this corpus are retrieved and inserted into the prompt with explicit citations ([Precedent 1], [Precedent 2]…) so the assessor knows exactly which prior decisions influenced the answer. The model is not fine-tuned on this data and the precedents are RHE-internal (institutional memory) — not shared with the AI provider for training, not shared across councils, not used to make decisions automatically. The SQP still decides.