THE OPERATIONAL PROBLEM
Extraction is only the first decision.
A document can be readable and still be unsafe to process. Low confidence, missing fields, arithmetic mismatches, duplicates, and high-value items need explicit rules and accountable review before another system is allowed to act.
CONTROL PATH
Probabilistic input. Deterministic boundary.
- 01Extract
Return typed fields and field-level confidence from synthetic input.
- 02Check
Apply required-field, arithmetic, duplicate, and high-value rules.
- 03Review
Require a human decision and note when policy or confidence demands it.
- 04Stop
Record the decision locally and return
downstream_action: none.
VERIFICATION EVIDENCE
What was actually checked.
- 7 automated tests passHealth, extraction, mandatory review, low-confidence routing, mismatch detection, duplicate blocking, and local-only decisions.
- 5 scenarios are reproducibleClean extraction, low confidence, total mismatch, high value, and duplicate input.
- Interactive review was exercisedA total-mismatch case displayed its policy signal, accepted a reviewer note, and recorded local approval.
- Zero external actionsApproval does not pay, email, post to accounting software, or write to any external service.
- Reproducible packageFastAPI, SQLite, synthetic data, non-root Docker user, and a container healthcheck.
HONEST LIMITS
This proves a review boundary—not model accuracy.
Document Gate does not prove extraction accuracy on real documents, regulatory compliance, production security, or compatibility with a client system. Those require authorised representative data, calibrated evaluation, authenticated roles, safe file handling, tenant isolation, protected audit events, and a separately approved downstream connector.