Governance & accountability

“The AI told me so”
is not a defense.

When an AI-assisted decision is challenged — by a board, a regulator, a counterparty, or a court — a conversation log with three confident paragraphs is not a defensible record. A Pilot5 deliberation is.

Standard AI — 12 months later, board review

“On what basis was that recommendation made? What risks were flagged? What alternatives were considered?”

“I have a conversation log. Three paragraphs. The model said it looked standard. There is no further record.”

Pilot5 deliberation — same question, same board

“On what basis?”

“Five independent analyses. Cross-critique. Confidence 6.8/10 — flagged as moderate, not high. The Contrarian identified the jurisdiction risk. Recommendation: proceed with clause modification. Full record here.”

Permanent Deliberation ID

Every deliberation is timestamped, archived, and retrievable by ID. The record exists before you need it.

5 independent positions documented

Not a unified AI answer. Five separate analytical positions — reviewable individually, with dissent explicitly preserved.

Calibrated confidence on record

The confidence score, dissenting position, and information gaps are all part of the archived record — not added after the fact.

What survives the room

Independence is enforced at the architecture level — not through prompting or instructions that could be ignored. In Round 1, the five AI models receive the brief via parallel async calls (asyncio.gather in pipeline.py). No perspective sees another’s response until all five have completed.

Every deliberation produces a SHA-256 cryptographic proof of sequential isolation — an R1_ISOLATION_PROOF event containing a hash of the exact context each persona received, archived alongside the telemetry. The independence is auditable.

What lands on the record: GO · PIVOT · NO GO — or INSUFFICIENT BASIS when grounding is too thin to recommend either direction — with confidence score, decision matrix, action plan (each step keyed by action, owner, deadline), information gaps, falsification conditions, and a preserved Minority Report when one perspective refuses to converge. It is not averaged. It is not diplomatically softened. It is the argument the deliberation could not refute.

What’s actually on the record

“Audit trail” isn’t a single document. It’s a structured event stream + persisted artefacts the orchestrator writes as the deliberation runs. Each line below is a real event type or table row, not marketing language.

  • event
    R1_ISOLATION_PROOF — SHA-256 hash of the brief each persona received, plus the dispatch strategy. Emitted once per deliberation, before any persona returns.
  • event
    SOURCED_TAGS_DOWNGRADED — emitted when the audit verifier rewrites a fabricated [SOURCED] claim to [INFERRED]. Fields: round, persona, count.
  • event
    MODEL_FALLBACK — emitted when a persona slot routes to its fallback model (rate limit, provider outage, model error). Tells you which model actually answered, not just which was scheduled.
  • status
    awaiting_feedback (Dream Team) — the deliberation halts at this status between rounds for HITL steering. Each pause is part of the record — including the user feedback that resumed it.
  • table
    deliberation_telemetry, response_telemetry — row per round / per persona, with cost, latency, token counts, fallback chain depth.
  • table
    content_filter_telemetry, cache_telemetry — what the safety guardrails flagged, what was served from cache vs. computed fresh.

How to retrieve a deliberation record

Every deliberation is keyed by a permanent UUID. Two endpoints return the record: one for the structured snapshot, one for the full event timeline.

  • GET /v1/deliberations/{deliberation_id}

    The full structured record — brief, all rounds, all persona responses, synthesis output, Minority Report. UUID key. Ownership-enforced: only the user who launched the deliberation receives the body.

  • GET /v1/deliberations/{deliberation_id}/events

    The full event timeline — every dispatch, every completion, every fallback, every audit downgrade. Ordered chronologically with timestamps. This is what a regulator, auditor, or counterparty actually wants to see.

  • POST /v1/deliberations/{deliberation_id}/outcome

    Submit observed outcomes against testable predictions the deliberation made. The verdict was not the end of the record — the predictions are testable later, and the outcome you log here closes the loop.

The defense exists before you need it. For board-level decisions, M&A diligence, regulatory exposure, contract review, capital allocation — any commitment that may be challenged later — the deliberation record is the documentation.

How it works →For legal & compliance →

Read also: AI decisions need an audit trail →