DEV Community

Building a Reconciliation Engine for Enterprise AI Systems

Irvan Gerhana Septiyana on June 25, 2026

Part 5 of the Building Enterprise AI Automation Systems Series Introduction Artificial Intelligence has dramatically impro...
Collapse
 
jugeni profile image
Mike Czerwinski

The "trust comes from deterministic validation, not prediction alone" line is the one I want to pull out, because it inverts the framing enterprise-AI posts default to. The post explicitly resists collapsing identification (AI's job) into authorization (rules' job), and the REVIEW_REQUIRED category is the operationalized version of that split: instead of forcing a binary outcome, the engine produces a state that names what it could not decide on its own.

Same shape as a few other threads landing this week from different angles. Vinothsingh's FRIDAY agent uses a "Suspected" tag for findings that don't meet the confirmation bar, instead of dropping them or overstating them. Whatsonyourmind's decision-ledger architecture requires the bijection between executed actions and authorized decisions to be verifiable independently, not asserted. Different domains, same composition primitive: the layer that decides has to be a different layer than the one that perceives, and the failure mode has to be a first-class output rather than a silence.

One forward observation on the confidence thresholds: the 0.95 / 0.80 / <0.80 split is doing real work, but the audit question one floor under is how those thresholds get calibrated against actual reconciliation outcomes over time. The threshold that's correct at month one is not necessarily correct at month twelve. Is there a feedback loop where REVIEW_REQUIRED outcomes get classified post-hoc and the confidence boundaries adjust, or does the threshold stay locked once set?

Collapse
 
uigerhana profile image
Irvan Gerhana Septiyana

That's a fantastic observation.

I really like how you framed it as "the failure mode has to be a first-class output rather than a silence." That's exactly the behavior I was aiming for with REVIEW_REQUIRED.

One thing I wanted to avoid was creating the illusion that the system always has enough information to make a binary decision. In production finance systems, uncertainty is itself valuable information, so surfacing it explicitly is much safer than forcing an automated outcome.

And I think your point about confidence calibration is where the next architectural layer begins.

The thresholds in the article are intentionally static to illustrate the decision flow, but I don't think they should remain static in a production environment.

My current thinking is that every REVIEW_REQUIRED case should eventually receive a human resolution, and those outcomes become labeled feedback. Over time, that feedback can be used to measure precision, false positives, false negatives, and confidence drift, allowing the thresholds to be recalibrated based on actual operational performance rather than fixed values.

In that sense, the reconciliation engine doesn't just make decisions, it continuously learns where its own decision boundaries should be.

Collapse
 
jugeni profile image
Mike Czerwinski

Yes — and the feedback loop has a sample-selection problem worth naming: REVIEW_REQUIRED only fires on cases the current thresholds flag. The labeled outcomes flowing back into recalibration are entirely within the gate's current field of view. False negatives — the cases auto-resolved that should have been escalated — never enter the feedback set, so they can't move the threshold that's hiding them.

Which means continuous learning from gate-output is structurally bounded by gate-output. To get the missing axis you need an externally-authored sampling pass on the auto-resolved population — a periodic shadow review of a random slice of cases the engine said it was sure about, resolved by humans without seeing the engine's confidence. That gives you false-negative rate as a measured signal rather than an inferred one, and lets the boundary move into territory the boundary currently can't see.

Thread Thread
 
uigerhana profile image
Irvan Gerhana Septiyana

That's a really insightful point.

You're right, the feedback loop becomes conditioned on the gate itself. If we only learn from REVIEW_REQUIRED, we're effectively sampling from the uncertainty region while assuming the "confident" region remains correct.

I like your idea of a shadow review because it breaks that assumption.

A periodic, randomly sampled audit of auto-reconciled cases would expose false negatives that never enter the feedback loop, giving us a much more representative picture of real-world performance. More importantly, it turns threshold calibration into an evidence-driven process rather than one based solely on observed uncertainty.

It also makes me think the reconciliation engine shouldn't just output business decisions, it should output evaluation opportunities. Some cases are reconciled because the business is finished with them, while others should be revisited because the system needs to keep learning where its confidence boundaries actually are.

That feels much closer to how production AI systems should evolve: not just through human corrections, but through deliberately designed feedback mechanisms.

Thread Thread
 
jugeni profile image
Mike Czerwinski

Yes — and the second output type (evaluation opportunity, distinct from business decision) is the right structural move, but it has a quiet authorship question worth surfacing. If the engine decides which auto-reconciled cases get tagged as evaluation opportunities, you've recreated the sample-selection problem one level up: the audit pool is still authored by the system being audited, just with a different selection rule.

The version that breaks out of that recursion: the evaluation tag is assigned by stratified random draw over the confident-decision population, not by any engine-internal heuristic about which cases "seem worth revisiting." The engine's role collapses to dice-roll, and the audit pool stops being a downstream artifact of the engine's own uncertainty model. Stratify by features the engine doesn't weight strongly — that way the sample over-represents the regions where the engine's confidence might be misplaced for reasons it can't see.

The framing "deliberately designed feedback mechanisms" carries a lot here. The deliberateness has to include who picks the sample, on what basis, and whether that basis is authored outside the thing being measured.

Thread Thread
 
uigerhana profile image
Irvan Gerhana Septiyana

I think you've identified something even more fundamental.

At that point, the discussion stops being about model evaluation and becomes a governance question.

If the engine is allowed to decide what gets audited, then the evaluation process is no longer independent from the system being evaluated. Even if the selection rule changes, the authorship hasn't.

I like your suggestion of treating the audit pool as an externally governed process rather than an engine capability. A stratified random sample over the "confident" population creates an independent measurement channel, which is exactly what's needed if we want to estimate false negatives instead of simply observing uncertainty.

It also reinforces something I've been thinking about more generally: in enterprise AI, the evaluation system shouldn't be owned by the decision system. They should be separate components with different responsibilities and different sources of authority.

That separation feels very similar to how financial audits, quality assurance, and security reviews work in mature organizations. The AI shouldn't be responsible for proving that its own decisions are trustworthy.