Pharma quality-integrity events typically live in separate observation silos – the FDA's Form 3500 system, the IRB's records, whistleblower channels – and correlation across them is slow. Pharma-Mirror compresses the correlation step into a single signed envelope per lot per audit window, fed by five Bureau substrate programs under co-signed chain-of-custody.

Posture: 🔵 Blue Team (defensive)   ·   Status: alpha

What it does

Pharma-Mirror is a meta-dossier – it doesn't add a new detection primitive, it ORCHESTRATES five existing Bureau programs into a single signed envelope per pharma lot per audit window:

Counterfeit-Kill – physical-object FINGERPRINT for pharma (microscope-level surface stochastics, paper fiber, pill imprint)
Trial-Seal – clinical-trial data integrity + FDA submission custody (per-patient observation chained to FDA)
Citizen-Ledger – self-sovereign personal record chain (patient signs their own consent + data)
Whistle – Tor + post-quantum source-protection drop channel for trial-fraud whistleblowers
Bounty – auto-file at FDA / FTC when divergence detected

The dossier shape inherits from the universal meta-dossier template seeded by Election-Day-Watch and reused by SCIF-Audit, Autonomy-Ledger, Frontline-Witness.

The mathematical core of the program is cross-program clustering. A single substrate firing red is a single-program-divergence – auditable in isolation, but often dismissable as a one-off quality incident. When two or more distinct substrates co-fire within a 24-hour window for the same lot, that is a cross-program-divergence: a correlated set of observations across independent channels that is more difficult to explain as coincidence. Pharma-Mirror's clustering math identifies these correlations in real time, escalates them at priority 90 (versus 80 for single-program), and auto-routes the cassette to FDA Form 3500 and FTC endpoints.

Who would use it

An FDA inspector auditing a contested pharma supply chain who needs court-admissible exhibits within hours of a discrepancy.
A hospital pharmacist tracking lot integrity from manufacturer to patient with cryptographic chain-of-custody.
A pharma CISO running a co-signed observation network across N manufacturing sites and wholesalers.
An IRB chair auditing clinical-trial data integrity – every patient observation chained to FDA submission.
A clinical-trial whistleblower with documentation who needs a Tor + post-quantum drop channel and an FTC auto-filer.

What you'll need

The Pluck CLI installed (npm i -g @sizls/pluck-cli).
For real deployment: substrate Bureau programs running locally or as peers (Counterfeit-Kill / Trial-Seal / Citizen-Ledger / Whistle / Bounty). The alpha accepts unified-shape LotDot JSON as opaque input – full runtime composition wires in a follow-up.
A k-of-n GOSSIP cosign network if you want anti-Pluck-Inc-trust posture (FDA peer + manufacturer's internal audit + IRB chair).

Step-by-step

Shell

pluck bureau pharma-mirror demo

The demo synthesizes one lot claim ("LOT-A0427-PFZ" at Pfizer Kalamazoo, 250,000 units, audit window April 2026), four substrate-program dots all within a 24-hour window for the same lot (Counterfeit-Kill fingerprint divergence at 09:00, Trial-Seal chain-of-custody break at 14:30, Citizen-Ledger consent forgery at 22:15, Whistle source-confirmed fraud at 02:00 next day), and one 1-of-1 GOSSIP cosign over the resulting dossier root.

pharma-mirror/demo: registering 1 lot claim (LOT-A0427-PFZ, Pfizer Kalamazoo) + 4 substrate-program dots ... -> 1 cross-program divergence escalates -> 1-of-1 GOSSIP cosign -> dossier finalizes.
[Bureau/PHARMA-MIRROR] dossier=<digest12>... lot=<lot12>... root=<root12>... divergences=5 cosigns=1
pharma-mirror/demo: cross-program-divergence=<digest16>... programs=citizen-ledger,counterfeit-kill,trial-seal,whistle dots=4 window=2026-04-15T09:00:00.000Z→2026-04-16T02:00:00.000Z severity=red
pharma-mirror/demo: dossier=<digest16>... lot=<lot12>... root=<root12>... divergences=5 cosigns=1 finalizedAt=<iso>
pharma-mirror/demo: single-program-divergences=4 cross-program-divergences=1 dossiers=1 notarized (stub)=1

Production CLI (init from a lot's NDC + lot-number, track to subscribe to substrate dot streams, finalize to ship the dossier after the audit window closes, verify to check a published cassette) lands in a follow-up.

Run it yourself

Drop this into a Node 18+ project (npm install @sizls/pluck-bureau-pharma-mirror @sizls/pluck-bureau-core tsx). The example uses the in-memory Directive system that ships with the package.

TypeScript

// index.ts
import { createHash } from "node:crypto";
import {
  createPharmaMirrorSystem,
  digestCanonicalJson,
  dossierMerkleRoot,
  fingerprintPrivateKey,
  signCanonicalBody,
} from "@sizls/pluck-bureau-pharma-mirror";
import { generateOperatorKey } from "@sizls/pluck-bureau-core";

const sha256 = (s: string) => createHash("sha256").update(s).digest("hex");
const flush = (n = 60) =>
  new Promise<void>((r) => {
    let i = 0;
    const tick = () => (++i >= n ? r() : setImmediate(tick));
    setImmediate(tick);
  });

async function main() {
  const op = generateOperatorKey();
  const opFp = fingerprintPrivateKey(op.privateKeyPem);
  const peer = generateOperatorKey();

  const system = createPharmaMirrorSystem({
    signingKey: op.privateKeyPem,
    quorumK: 1,
    disablePausePoll: true,
    disableLogging: true,
  });

  // lotId is sha256 of (NDC + lot-number) – never the raw tuple.
  const lotId = sha256("0069-1085-30:LOT-A0427-PFZ");
  const claimSkeleton = {
    schemaVersion: 1 as const,
    lotId,
    manufacturer: "Pfizer Kalamazoo",
    windowStart: "2026-04-01T00:00:00.000Z",
    windowEnd: "2026-04-30T23:59:59.000Z",
    unitCount: 250_000,
    observedAt: "2026-04-01T08:00:00.000Z",
    operatorFingerprint: opFp,
  };
  const claimId = digestCanonicalJson(claimSkeleton);
  const claimSig = signCanonicalBody({ ...claimSkeleton, claimId }, op.privateKeyPem);

  try {
    system.claimLot({ ...claimSkeleton, claimId, signature: claimSig.signature });

    // Two distinct substrate programs co-fire within 24 hours.
    for (const [program, observedAt] of [
      ["counterfeit-kill", "2026-04-15T09:00:00.000Z"],
      ["trial-seal", "2026-04-15T14:30:00.000Z"],
    ] as const) {
      const dotSkeleton = {
        schemaVersion: 1 as const,
        program,
        lotId,
        observedAt,
        severity: "red" as const,
        citation: `rekor:${program}:${lotId.slice(0, 12)}`,
      };
      system.observeDot({ ...dotSkeleton, dotId: digestCanonicalJson(dotSkeleton) });
    }

    await flush();

    // Cosign over the divergences-only Merkle root (cosigns are commutative).
    const divergencesForLot = system.facts.divergences().filter((i) => i.lotId === lotId);
    const root = dossierMerkleRoot(divergencesForLot, []);
    const peerFp = fingerprintPrivateKey(peer.privateKeyPem);
    const cosignSkeleton = {
      schemaVersion: 1 as const,
      lotId,
      dossierRoot: root,
      peerFingerprint: peerFp,
      observedAt: "2026-04-16T08:00:00.000Z",
    };
    const cosignId = digestCanonicalJson(cosignSkeleton);
    const cosignSig = signCanonicalBody({ ...cosignSkeleton, cosignId }, peer.privateKeyPem);
    system.receiveCosign({ ...cosignSkeleton, cosignId, signature: cosignSig.signature });

    await flush();

    for (const dossier of system.facts.dossiers()) {
      console.log(
        `dossier=${dossier.dossierId.slice(0, 16)}… lot=${dossier.lotId.slice(0, 12)}… divergences=${dossier.divergenceIds.length} cosigns=${dossier.cosignIds.length}`,
      );
    }
  } finally {
    await system.shutdown();
  }
}

main().catch((err) => {
  console.error(err);
  process.exit(1);
});

Run with tsx index.ts. Expected output:

dossier=…  lot=…  divergences=3 cosigns=1

▶ Open in StackBlitz – runs in your browser, no install required.

What you get

A LotClaim envelope per audited lot containing the lotId (sha256 of NDC + lot-number, never the raw tuple), manufacturer, audit window, optional unit count, and an operator signature. A LotDot per substrate-program red dot (the unified shape – every substrate hands you the same envelope, regardless of source). A DivergenceExhibit per single-program red dot OR per cross-program co-fire – the latter is the headline event. A PharmaDossier per finalized audit window, Merkle-rolled over the divergences + cosigns. All Rekor-anchored.

Three classes of red-team proof:

single-program-divergence – any of the 5 substrate programs emits a red dot for this lot.
cross-program-divergence – 2+ DISTINCT substrate programs co-fire within an INCLUSIVE 24-hour window for the same lot. Higher-priority cassette + auto-route to FDA / FTC.
dossier-finalized – end-of-window Merkle-rolled signed envelope with k-of-n GOSSIP cosign quorum. Fail-closed: paused gate so an operator can halt instantly via the bureau-wide kill-switch.

What it can't do

Pre-distribution lot release defects. That's the manufacturer's QC, not a Bureau program. Pharma-Mirror is for what happens AFTER a lot leaves the line.
Real-time pill-level provenance at the unit-of-sale. Separate program – defer.
Pharmacy-bench dose preparation chain-of-custody. No audio/video capture in alpha.
Off-label prescribing fraud or pharmacy benefit manager rebate schemes. Out of scope.
Real Sigstore Rekor notarize integration is stubbed in alpha. The notarized-dossier facts mirror the finalized dossiers but no real Rekor push happens until you opt in via acceptPublic: true and the production CLI ships.
Real subscription to upstream Counterfeit-Kill / Trial-Seal / Citizen-Ledger / Whistle / Bounty system instances. The alpha accepts unified-shape LotDot JSON as opaque input. Full runtime composition wires in a follow-up.

A real-world example

A regional cardiology distributor's QA auditor registers lot LOT-A0427-PFZ (a 250,000-unit Pfizer Kalamazoo batch) under audit on April 1, 2026. On April 15 at 09:00, Counterfeit-Kill's surface-stochastic analysis on a sample pill flags a divergent imprint signature; a LotDot (red, counterfeit-kill) is recorded. At 14:30, an IRB chair's Trial-Seal node reports a per-patient observation timestamp that contradicts the previous shipping leg by 4.2 hours; a second LotDot (red, trial-seal) is recorded. At 22:15, Citizen-Ledger flags an apparent consent forgery; a third LotDot. At 02:00 the next day, Whistle receives a Tor-routed source submission from a former clinical-trial coordinator naming the same lot; a fourth LotDot. Pharma-Mirror's clustering math emits a cross-program-divergence: 4 distinct substrates co-fired within a 17-hour window for the same lot. A 1-of-1 FDA peer cosign over the dossier root finalizes the cassette. By 08:47 AM April 16, the cassette is routed to the FDA's Office of Criminal Investigations and to ProPublica. The FDA receives verifiable exhibits supporting a lot-recall decision; the FTC receives an FRE-902-compatible chain of custody.

For developers

Predicate URIs

URI	What it attests
`https://pluck.run/PharmaMirror.LotClaim/v1`	Operator's signed declaration that they are auditing lot X (sha256 of NDC + lot-number) over audit window Y.
`https://pluck.run/PharmaMirror.DivergenceExhibit/v1`	A red dot from any of the 5 substrate programs, OR a cross-program co-fire divergence with multi-program citations.
`https://pluck.run/PharmaMirror.Dossier/v1`	The end-of-window Merkle-rolled signed envelope containing all divergences + cosigns for that lot.

The signed body NEVER carries patient PII, raw substrate-program payloads (Counterfeit-Kill surface fingerprints / Trial-Seal patient observations / Citizen-Ledger consent bodies), or the raw NDC + lot-number tuple – only sha256 digests and stable identifiers.

Programs composed

Counterfeit-Kill – physical-object FINGERPRINT for pharma.
Trial-Seal – clinical-trial data integrity + FDA submission custody.
Citizen-Ledger – self-sovereign personal record chain.
Whistle – Tor + post-quantum source-protection drop channel.
Bounty – auto-file at FDA / FTC when divergence detected.
Gossip – k-of-n peer cosign over the dossier root (anti-Pluck-Inc-trust property).

Threat model + adversary

The adversary profile includes a manufacturer cutting corners on counterfeit detection, an IRB-protocol violator backdating per-patient observations, a clinical-trial coordinator producing forged consent forms, or an executive suppressing whistleblower disclosures. The mathematical core is distinct-substrate breadth, not within-substrate depth: two Counterfeit-Kill dots one hour apart do not cluster (one substrate may be compromised), but co-fires across Counterfeit-Kill, Trial-Seal, Citizen-Ledger, and Whistle within 24 hours are difficult to explain as coincidence at scale. The k-of-n GOSSIP cosign quorum ensures no single party holds the trust anchor: FDA, the manufacturer's internal audit, and the IRB chair each cosign independently.

What's stubbed (alpha)

Real subscription to upstream Counterfeit-Kill / Trial-Seal / Citizen-Ledger / Whistle / Bounty system instances deferred (alpha accepts LotDot JSON as opaque input).
Production CLI (init / track / finalize / verify) deferred.
dsseSign / notarizeAttestation Rekor integration stubbed (alpha mirrors finalized dossiers into notarizedDossiers for observability without real Rekor push).
Studio routes deferred.

Verify a published cassette