Documentation

Read the spec.
Read the source.

CH VPN ships with a documented enterprise architecture, a normative wire-format specification, a published compliance posture, and operations runbooks. Documentation is treated as part of the product.

Architecture

Enterprise topology.

How CH VPN deploys at clinic scale. Federated hub-and-spoke with mesh bridges, three planes, six peer roles, geographic sharding. The authoritative reference for infrastructure engineering and clinical IT.

v1.0

Architecture

Topology, scaling, failover, observability. ~80 pages.

Protocol

Normative wire spec.

The CH-VPN/1.0 protocol. Handshake, data channel, tenant routing, authority protocol, rotation, replay/DoS defenses, state machine. The source of truth for every implementation: Go core, Android AAR, iOS framework, clinic-node daemon, Authority microservice.

v1.0

Protocol

Wire format, handshake, primitives. ~50 pages.

Compliance

Posture documented.

HIPAA §164.312(e)(1) alignment, BAA template, FIPS 140-3 mode, audit chain, key lifecycle. Reviewed quarterly.

Quarterly

Review cadence

Compliance docs reviewed every 90 days; updates published.

Runbooks

Operations playbooks.

Provisioning, rotation drills, emergency revocation, hub failover, gateway migration. One runbook per recurring operation.

API

Authority interfaces.

REST and gRPC interfaces to the CH Authority for cert issuance, peer enrollment, policy queries, and audit retrieval. OpenAPI spec published.

Roadmap

What's next.

Phase 2 (Q3 2026): SOC 2 Type II audit, FedRAMP Moderate baseline, HSM-backed corporate authority, post-quantum primitive evaluation. Phase 3 (2027): full FIPS 140-3 validation.

← Back to CH VPN Request the docs

Read the spec.Read the source.