● Ravix Resolve — measured at VA scale: 9M veterans · synthetic, PHI-free

Connect the data you already have.

The answers are already in your systems — they just can't agree on who's who. We resolve the same person, facility, and contract across dozens of disconnected repositories, and surface the links between them — without moving or replacing anything. Then we validated it across a terabyte-scale campaign — 3.95 billion records, 5,329 independent runs.

See the partnership → See the terabyte proof No-cost CRADA · inside your boundary · data never leaves
1.10 TB
generated + resolved, cumulative
3.95 B
records
94.3%
accuracy (F1), flat
<3%
wrong-merge rate
The problem — what agencies keep telling us

You bought the platforms. The value is trapped in silos.

Federal agencies have accumulated the data and the systems — but decisions wait, because the same person, facility, and contract look different in every repository, and nothing connects across them.

"Don't build data silos. Build enterprise data with bridges across, so it can be used across the agency."— the enterprise-data mandate we keep hearing

Every vendor shows a beautiful front end. The hard part — the part nobody demos — is making the backend actually work the data: resolving identity across systems that share no common key, and proving each connection is right.

What it is

Ravix Resolve — a map over your systems, not another database.

Platform-agnostic. It sits on top of whatever you run — Oracle, SharePoint, cloud, mainframe — and deploys inside your security boundary. We don't migrate your data; we resolve across it where it lives.

Resolve identity across silos

Connect the same person / facility / provider / contract across systems that share no common ID — and prove every connection against evidence.

Correlate across domains

Which contracts touch a facility, its operational status, whether that tracks with care delivery — the enterprise question you can't answer today.

Data stays in place

Only the resolved links persist. No central copy, no rip-and-replace, no proprietary lock-in — open, standards-based, in-boundary.

Governed & auditable by design

Every resolution is inspectable and human-reviewable — the foundation a Chief AI Officer and data-governance role can build on.

The proof — measured, not asserted

A terabyte-scale campaign. The accuracy never moved.

The question any data person asks is "does it hold at scale?" So we didn't promise — we ran it: 3.95 billion records across 5,329 independently generated estates, each scored against its own answer key. Across the entire campaign, the score never drifted:

94.31% mean F1
93.5%
94.03 low
94.60 high
95.0%
5,329 partitions · 3.95 B records · standard deviation 0.081 · every score inside a ½-point band. Flat is the result.
1.10 TB
cumulative across 5,329 runs · peak disk <1 GB
94.3% F1
± 0.08 across the full TB
2.97%
wrong-merge — the dangerous error, held under 3%
linear
throughput scales with cores

Honest scope: synthetic, PHI-free estate. On the co-designed mess model these figures validate mechanics and per-layer lift; on a hold-out corruption vocabulary the matcher was never built for, F1 is 93% with precision held at 99.4% — unknown mess costs missed matches, never wrong ones. Live-data accuracy is what a CRADA validates. The campaign is 5,329 independent fixed-size runs totalling 1.10 TB of generated JSON (≈795 GB compact); single-population sharded resolution is built and validated — blocking-key partitioning reproduces the unsharded result exactly. One laptop, 19.5 hours, measured.

What the 1.10 TB is, precisely. It is the cumulative volume the pipeline generated and resolved — not a single corpus that sat on a disk. Each 50k-veteran population (~206 MB) was generated, resolved, scored against its own answer key, and discarded before the next one began; peak disk never exceeded ~1 GB and peak RAM was bounded the same way. A 1.10 TB estate never existed at any one moment, and we are not going to imply otherwise. That is a property of the design, not an apology for it: the pipeline is streaming and bounded, which is exactly why it runs on a laptop and why it scales linearly on a cluster. If what you want is one big population resolved as one problem, that is the 500,000-veteran flagship below — 1.6 M identity records in a single ~5.8 GB estate, every record eligible to match every other.

The obvious objection — answered

"That's 5,329 small problems. Not one big one."

Fair hit. Partitioning a terabyte into independent estates proves throughput, not that identity resolves across an enterprise. So we ran the hard version at the size of the actual problem: one 9,000,000-veteran population, resolved as a single problem — roughly VA's enrolled population, every record eligible to match every other, no partition walls to hide behind.

9,000,000
veterans — one population
1.57 B
candidate pairs evaluated
90.6% F1
cross-repo identity, on the messy estate (drifted keys)
4.9%
wrong-merge — and finding out why is the rest of this page
And here is what scale actually costs you. We resolved the same population at five sizes, a 180× range. We are going to show you the whole curve, including the part that gets worse, because it does get worse:
50k → 95.8%
recall 92.6% · wrong-merge 0.6%
500k → 94.9%
recall 90.7% · wrong-merge 0.6%
2M → 94.7%
recall 90.7% · wrong-merge 0.9%
9M → 90.6%
recall 86.5% · wrong-merge 4.9% · messy keys
We had a plateau. The 9M run killed it. Then we made the estate honest, and it got worse. The first 9M run used clean identifiers and scored 92.7% F1 at 2.5% wrong-merge. So we re-ran it on an estate that drifts the way real systems drift — six kinds of key corruption, machines tagged three ways, a dense care calendar — and it fell to 90.6% F1 at 4.9% wrong-merge. Roughly one in twenty asserted identity links was wrong. That number is unshippable, and we are showing it to you because we went and found out why.
Where it breaks — and why that matters to you

The degradation is not diffuse. It is one layer, and we can name it.

L1 — string matching
precision 99.1% · wrong-merge 0.9% · recall 74.8%
+ L3 — graph corroboration
precision 97.0% · wrong-merge 3.0% · recall 88.5%
At 9M, L1 alone still holds precision at 99.1%. It is L3, the graph layer we rely on to recover recall, that degrades: it buys +13.7 points of recall and triples the wrong-merge rate. Its corroboration signatures start colliding at population density. So the dangerous error is being introduced by the exact layer that makes the system useful. That is a design problem, not a tuning knob, and it is the first thing a CRADA would work on. If you need precision over recall today, L1-only gives you 99.1% precision at 0.9% wrong-merge, and you trade away recall to get it — a dial you control, not a surprise.

On the flagship: blocking-key partitioning is provably lossless here — on an identical estate, the partitioned and single-machine resolvers return the same F1, precision, and edges. The five-size curve is measured on true single populations (not independent shards), which is why it is the honest answer to the scaling question and the terabyte campaign is not. All five points measured on one engine and one generator. A caveat that cuts against us: this 9M estate carries 45,000 facilities. Real VA has on the order of 1,300 for a comparable population — roughly 35× fewer — and fewer facilities means more L3 signature collisions, so a realistically-proportioned estate would likely score worse than 92.7% / 2.5%, not better. We are treating this as an optimistic bound and saying so. The 1.10 TB campaign figures above predate a correction to the graph layer and now understate the engine; we publish the older, worse numbers rather than restate a campaign we have not re-run.

From identity to dollars — findings, not dashboards

Then we asked it what the mess is worth.

Resolving identity is the means. The deliverable is what a program office actually needs on a Monday: named discrepancies, with dollar figures, each with a stated basis and the evidence one click away. On the same synthetic estate (10,000 veterans, 12 systems, keys drifting the way real systems drift), the fabric volunteers:

+$39.6M
GL attribution recovered beyond exact joins — of $72.0M total flow, exact keys reach only $32.4M
$3.6M/yr
service coverage on machines another system says are decommissioned
$4.6M/yr
estimated exposure — operational machines with no coverage (priced at covered peers' median, labelled an estimate)
243
machines whose systems disagree about their state — no dollars claimed, flagged for ops
The machine problem — a person's problem, with the fields renamed

The same physical device, in three systems that never agreed on a tag. Nobody re-keys a machine on migration day:

AST-A-0000000
asset-cmdb · serial SN00000000 · "Dell PowerEdge R760"
BME-000000
biomed-inventory · NO SERIAL · "Dell PwerEEdge R760" (typo)
SVC-SN00000000
contract-registry · keyed off the vendor serial
The vendor serial is to a machine what the SSN is to a person — and one inventory doesn't record it (69% serial coverage in this estate). Result, measured: machine identity resolves at 65.1% precision (98.6% recall, F1 78.4%). So the engine does not auto-merge machines: the uncertain band goes to a human review queue, with the evidence laid out, and every adjudication is written back to the estate with an audit trail.
Why review-before-merge is a financial control, not a UX choice
A wrong merge doesn't just corrupt a record — it fabricates a finding. Fuse two machines and you "discover" phantom double-coverage; split one and you "discover" a coverage gap that isn't there. We measured it: of the 446 findings this estate volunteers under merge-everything, the answer key verifies 210 — the other 236 would be wrong findings in production. Identity precision is a financial number. The review queue is what makes the dollar figures above audit-defensible, and the program that staffs that queue — humans adjudicating with evidence, decisions logged — is precisely the data-governance function a CRADA stands up.

Honest scope: every dollar figure in this section is measured on the synthetic, PHI-free testbed estate against its answer key — they demonstrate the method and its honesty machinery, not VA's actual leakage. The attribution-recovery figure is flattered by synthetic GL lines posting claim amounts exactly; live ledgers split and adjust. What survives contact with real data is the shape: exact joins reach a fraction of your money, resolution recovers a large share of the rest, and the residual is queued for people rather than guessed. Sizing YOUR numbers is the first deliverable of a CRADA.

The console is real, and you can be shown it.

Everything above is browsable: the incident chains, the evidence behind every merge, the findings ledger, and the review queue where the engine hands a person what it will not guess. Access is by invitation while the product is in testbed.

Sign in to the console →
What we did about it

We found the layer that was lying, and made it stop.

Wrong-merge is the error that matters: it fuses two veterans into one record. So we instrumented the engine against the answer key and asked which layer produces it. The result was specific, and uncomfortable, and fixable.

100%
of the wrong merges came from pairs whose records actively disagreed about the person — different name, DOB, or sex
99.4%
came from one path: two people at the same clinic on the same day, neither record carrying a clock time
The graph layer was asserting "same person" at high confidence because two records shared a visit — while ignoring that the records disagreed about who the person was. Corroboration was overruling evidence instead of reinforcing it. The fix is a veto: a shared visit can support a match, but it can never override records that contradict each other. Where to draw that line is a measured question, not a matter of taste, so we swept it against the answer key and took the cut that kept 8,464 of 8,471 correct links while killing 156 of 157 wrong ones.
before 2.8%
wrong-merge from the graph layer · F1 94.5%
after 0.0%
wrong-merge · F1 95.8% · recall unchanged

Measured on the 10,000-veteran messy estate, where the engine's partitioned and single-process paths produce identical scorecards — the invariant that lets a small run predict a large one. The 9M confirmation run has not completed yet, and until it does this fix is measured, not proven at scale. When it finishes, that number goes on this page whatever it says. That is the same promise we kept when the last run made us look worse.

How it works — in plain terms

Weigh the evidence. Only compare what could match. Partition to scale.

Accuracy

Weigh the evidence

Every clue is weighted by how telling it is — a matching SSN is proof, a matching city is coincidence. The production engine (Splink) learns those weights from your data; our published figures use expert-set weights — the conservative baseline. Same statistical method national census bureaus use.

Speed

Only compare plausible pairs

Comparing every record to every other is impossible at scale. We only compare records that could plausibly match — so it stays fast from a laptop to a terabyte.

Scale

Partition & parallelize

Resolve bounded partitions in parallel — accuracy constant per partition, throughput linear in cores. A laptop measured 19.5 h for the campaign; server-class parallelism should cut that to about an hour — an extrapolation we'll validate.

Why us

We sell the answer — on top of what you already own.

The heavyweight platforms

IBM Data Fabric, Palantir Foundry, Snowflake — platforms you buy, marry, and migrate into. Big, slow, lock-in. Another store to move your data out of its systems and into theirs.

Metrics' fabric

Platform-agnostic, in-boundary, no lock-in — and we prove the hard part (resolution + correlation) on your data, fast. We can even ride on top of the platform you already bought. No rip-and-replace.

The partnership

A no-cost CRADA — prove it on your data, inside your boundary.

We're not asking you to buy anything or migrate anything. Through a Cooperative R&D Agreement (CRADA), we co-develop and validate the fabric on your data, in your environment — no funds exchanged, data never leaves.

Metrics provides

The data fabric, the engineering team, and the build — co-invested, at no cost to the agency.

The agency provides

Data access, environment, and domain expertise — inside your boundary; data never leaves.

1 · CDA

A short confidentiality agreement to scope feasibility and share safely.

2 · PII-CRADA

Co-develop & validate — synthetic → de-identified → real, under protections.

3 · Field it

Prove on real data; ready the enterprise rollout.

Prove a cross-silo capability you can't buy off the shelf.

On your own data, inside your boundary, with zero acquisition risk. The next step is a short conversation.

Email Metrics →
Phill Sieg · Business Development, Metrics, LLC · [email protected]