System Architecture · Deep Technical Reference

Not an AI interface.
A transaction system.

CAIBots is a Policy-Constrained Autonomous Transaction System — architecturally closer to high-frequency trading infrastructure than to an AI assistant. Five planes. Closed execution loop. Hard policy enforcement. Deterministic, auditable writes to production systems of record — in Financial Services, Capital Markets, and Healthcare.

System Law: "Cognition decides · Orchestration plans · Execution acts · Governance controls · Measurement verifies"
The law is enforced by architecture — not by discipline, not by configuration, not by documentation.
Book a Technical Session ↗ Governance Architecture →
PCATS Classification Closed-Loop Execution Policy-Governed Autonomy Deterministic SOR Writes Audit-Native by Design
<90 days to production
65% decision cycle reduction
100% audit trail coverage
Zero missed compliance alerts
For the CCO
"What prevents the AI from executing something my governance policy prohibits?"
The Control Plane wraps every execution. Compliance rules are encoded as executable logic — not guidelines. The Control Plane cannot be bypassed by the Intelligence, Coordination, or Execution planes. This is enforced by the architecture, not by developer discipline.
For the COO
"What happens when one system is unavailable mid-execution?"
The Coordination Plane runs structured compensation workflows. If Step 3 fails, Steps 1 and 2 are reversed — with their own audit trail. There are no orphaned partial writes. Timeout states are deterministic. The system never hangs silently — it always has a defined next action.
For the CTO
"What does integration actually require from my infrastructure team?"
API credentials for each target system (Salesforce, SAP, Oracle, Epic, etc.), network connectivity, and an approved BAA or DPA. Connectors are native API — no browser automation, no screen scraping, no RPA middleware. Our team handles integration config. Your team approves access scopes and reviews governance matrix thresholds.
System Architecture

Five planes. One loop.
Zero ambiguity.

The animated flow shows how every execution moves through the system: Intent enters, Intelligence decides, the Policy Gate approves or blocks, Execution writes, Validation confirms, and the State Plane records everything — in a closed loop.

Policy-Constrained Autonomous Transaction System (PCATS) — Five-Plane Architecture
CONTROL PLANE INTELLIGENCE PLANE COORDINATION PLANE EXECUTION PLANE STATE PLANE 🛡 Policy Engine Compliance rules · Versioned · Immutable 📋 Audit Ledger Reconstructable · Tamper-proof 👤 HITL Oversight Configurable gates · SLA tracking 🔒 Cannot be bypassed Enforced by architecture · Not by policy 🧠 LLM + Rules Engine Probabilistic + deterministic hybrid 💾 Context Memory Entity history · Relationship graphs Decision Freezing LLM output snapshotted before policy eval Candidate Decisions Only Never triggers execution directly 🕸 DAG Runtime Stateful · Event-driven · Dependency mgmt 🔁 Compensation Logic Structured rollback for partial failures Timeout + Fallback States No deadlocks · Deterministic on failure 📋 Cannot write to systems Plans execution only ⟨/⟩ Native API Connectors SAP · Salesforce · Epic · Oracle · Workday 💾 Transactional Writes Idempotent · Tagged · Confirmed 🔂 Rollback Capability Full reversal with own audit record 🔍 Only plane that writes No other plane touches SOR System State Event Streams Identity & Access Execution Ledger Context Memory Decision Snapshots Policy Versions Autonomous Enterprise Execution CLOSED LOOP · POLICY GOVERNED INTENT trigger COGNITION decides POLICY governs EXECUTE writes SOR VALIDATE confirms candidate decision policy gate approved plan write confirmed feedback
"Cognition decides · Orchestration plans · Execution acts · Governance controls · Measurement verifies" — The system law is enforced by architecture, not by discipline
Formal System Definition

The system in
precise form.

The architectural guarantees can be expressed formally. For regulated enterprises, this matters: it means every execution variable is logged, every constraint is verifiable, and every examiner question has a deterministic answer.

Core System Loop — Formal Expression
State Evolution + Action Constraint
S(t+1) = S(t) + A(t)
Enterprise system state advances by one action at each execution event. Every write is a discrete, timestamped state change — not a continuous stream.
A(t) = f(Intent, Context, Policy, State)
Every action is a function of four inputs. Intent is the trigger. Context is the State Plane memory. Policy is the Control Plane governance matrix. State is S(t).
A(t)Allowed(Policy)
Hard constraint. No action outside the policy envelope executes — ever. This is not enforced by validation after the fact. It is enforced before A(t) is passed to the Execution Plane.
Feedback Loop + Controlled Adaptation
Feedback = Validate(S(t+1))
After every execution, the Validation Engine confirms that S(t+1) matches the expected state change. If it does not, anomaly detection fires and the human review gate opens.
System evolves: f → f' | PolicyPolicy'
Offline only. Model and policy updates happen under human review — never in-flight. This prevents policy drift and makes every past execution reconstruct-able against the policy version in effect at the time.
What this means for examiners: Every variable in this system is logged. S(t), A(t), the policy_hash at execution time, the Validation outcome, and the Feedback response are all immutable records in the State Plane. The answer to any regulatory question about a specific execution is in the audit ledger — not reconstructed after the fact.
System Planes — Deep Reference

What each plane owns.
What it cannot touch.

The architectural constraints are as important as the capabilities. Planes with hard boundaries produce systems that are auditable, debuggable, and governable. Planes that bleed into each other produce systems that are none of those things.

Control Plane
The only plane that can block execution. The only plane that cannot be bypassed.

The Control Plane wraps every execution in the system. It is the implementation of the governance matrix: compliance rules, risk thresholds, regulatory constraints, and business policies encoded as executable logic. The Policy Engine operates on versioned, timestamped rules — every execution is evaluated against a specific policy version, and that version is logged in the audit record. The HITL Orchestration component manages human-in-the-loop gates: which execution categories require human approval, who is authorized to approve, what the SLA is, and what happens when the SLA expires.

Policy Engine — SR 11-7, MiFID II RTS 22, HIPAA §164, DORA Art. 19, BSA/AML, Basel III — encoded as versioned executable logic, not configuration
Audit Ledger — immutable, reconstructable execution record: policy_hash, decision_snapshot, all SOR writes, HITL events
HITL Orchestration — configurable human approval gates with SLA tracking, escalation, and timeout handling
Versioned Policies — time-stamped policy versions prevent drift; historical reconstructions reference the exact policy in effect
✗ Cannot execute directly · ✗ Cannot be overridden · SR 11-7: model documentation produced automatically
Intelligence Plane
Decides what to do. Produces candidate decisions only. Never executes directly.

The Intelligence Plane is a hybrid: probabilistic reasoning (LLM inference, classification, extraction) and deterministic decision logic (rules engines, decision tables, thresholds). The critical architectural constraint is that LLMs in this plane produce candidate decisions — they never trigger execution. Candidate decisions are passed to the Control Plane's Policy Engine, which applies the governance matrix before any execution proceeds. Decision Freezing ensures that non-deterministic LLM outputs are snapshotted at the moment of decision — making the reasoning trace reproducible and auditable, regardless of subsequent LLM behavior.

Probabilistic Layer — LLM inference, classification, extraction; produces candidate decisions only
Deterministic Layer — rules engine, decision tables, thresholds; provides hard logic alongside LLM output
Decision Freezing — LLM output snapshotted before policy evaluation; snapshot is the auditable record
Context Memory — persistent entity context, relationship graphs, prior execution history across runs
✗ Cannot write to any system · ✗ Cannot override Control Plane · LLM outputs are never treated as executable commands
Coordination Plane
Sequences execution. Handles failure. Never reasons, never writes.

The Coordination Plane is a stateful, event-driven execution graph engine — not a "workflow tool". It receives an approved execution plan from the Control Plane and sequences it as a directed acyclic graph (DAG): step dependencies, retry policies, compensation workflows for partial failure, timeout handling with deterministic fallback states, and HITL gate insertion points. Every node in the DAG, every state transition, and every compensation event is logged. The execution plan is an auditable artifact — not a black box that ran and completed.

DAG Runtime — stateful, event-driven execution graph with full dependency management and parallel execution where safe
Compensation Logic — structured rollback for partial failures; every node has a defined compensation action
Timeout + Fallback — deterministic fallback states prevent orchestration deadlocks; no implicit hanging states
HITL Gate Insertion — pauses execution at Control Plane-configured thresholds; tracks SLA and escalates on expiry
✗ Cannot reason or plan · ✗ Cannot write to SOR · Compensation logic prevents DORA-reportable partial failures
Execution Plane
The only plane that writes to production. Every write is idempotent, tagged, and confirmed.

The Execution Plane is a transaction processor. It receives sequenced instructions from the Coordination Plane and executes system writes: Salesforce records, SAP entries, Oracle fields, Epic EMR updates, regulatory portal submissions. Every write is idempotent (safe to retry without duplicate state changes), tagged with execution_id, trace_id, and policy_hash, and confirmed before the next step proceeds. Rollback capability is maintained for the full execution lifetime — and rollback itself generates its own audit trail. The Execution Plane does not reason about what to write. It executes what it receives.

Native API Connectors — SAP BAPI/OData, Salesforce REST, Oracle Fusion, Workday WS, Epic FHIR R4, ServiceNow Table API, MS Graph
Idempotent Writes — every SOR write is safe to retry without producing duplicate or inconsistent state
Execution Tagging — every write carries execution_id, trace_id, policy_hash, and decision_snapshot for full lineage
Rollback Capability — full reversal available for execution lifetime; rollback generates its own audit record
✗ Cannot reason or plan · ✗ Cannot self-modify · Every write carries policy_hash for MiFID II / HIPAA reconstruction
State Plane — System Substrate

The State Plane is not a separate runtime — it is the persistent substrate that makes the system a closed loop rather than a one-way pipeline. All planes draw from and write to the State Plane: system state, event streams, context memory, decision snapshots, policy versions, and the execution ledger. Without the State Plane, CAIBots is a sophisticated pipeline. With it, the system is adaptive, reconstructable, and examiner-ready at any moment.

📦 System State
📜 Execution Ledger
📡 Event Streams
❄ Decision Snapshots
💾 Context Memory
🔒 Policy Versions
Separation of Concerns

What each plane
cannot do.

The constraints are as important as the capabilities. Planes that violate these boundaries produce systems that are non-auditable, non-governable, and non-debuggable — which is why every boundary in the table below is enforced by the architecture, not by convention.

Capability Control Intelligence Coordination Execution State
Block or halt execution✓ Only plane
Write to systems of record✓ Only plane
Reason and make decisionsPolicy only
Sequence execution steps
Trigger HITL approval gate✓ Only planeFlags only
Generate audit records✓ Policy events✓ Decision trace✓ Plan + transitions✓ Every write✓ All state events
Access persistent memoryPolicy store✓ FullPlan state onlyWrite confirm✓ Full
Update its own rules in-flight✗ Never✗ Never
Be bypassed by another plane✗ NeverReplaceableReplaceableConnector-levelSwappable
Architecture Comparison

CAIBots vs RPA vs AI Copilot
vs Workflow Automation.

The architecture comparison answers the question every CTO asks: "We already have UiPath/ServiceNow/Copilot — why is this different?" The answer is structural, not a matter of degree.

Architectural Property CAIBots RPA (UiPath) AI Copilot Workflow (ServiceNow)
Execution type Native API writes — direct to SOR Screen automation / UI scraping Recommendations only — human executes Workflow routing — human approves each step
Governance enforcement Architecture-level — cannot be bypassed Bot-level config — bypassable None — output is unstructured text Workflow config — bypassable
Audit trail Immutable per-execution ledger with decision rationale Activity logs — no decision rationale Chat history — not execution record Workflow history — no AI reasoning trace
AI reasoning included Intelligence Plane — domain-aware, policy-constrained None — rule-based execution only Yes — but no execution layer Limited — routing rules only
Human-in-the-loop gates Configurable per execution category — architecture enforced Exception-based — not configurable by execution type Human is always in the loop — by definition Yes — but no AI decision upstream
Partial failure handling Compensation workflows — structured rollback across systems Manual remediation — no compensation logic N/A — no execution to fail Retry — no cross-system compensation
SR 11-7 / MiFID II / HIPAA native Compliance frameworks encoded in Control Plane from day one Configurable — requires significant compliance work Not applicable — no execution layer GRC module available — separate configuration
Production timeline <90 days — guaranteed 3–12 months — dependent on process complexity Immediate — no integration required 6–18 months — implementation-heavy
Note on timeline: The <90-day figure applies to the Pilot tier (3–5 workflows). RPA 3–12 month range is industry average for complex regulated implementations. | The architectural position: CAIBots is not a replacement for UiPath or ServiceNow — it is architecturally upstream. In many deployments, the Execution Plane writes through ServiceNow or triggers existing RPA workflows. The differentiator is the Intelligence Plane (AI decision-making) and the Control Plane (governance enforcement) — which neither UiPath nor ServiceNow provide natively.
Live Execution Traces

The same architecture executing
across all three verticals.

Every execution follows the same five-plane loop regardless of vertical. These are production execution traces — showing exactly which plane handles which step, what system receives the write, what the policy gate evaluates, and what the validation engine confirms.

KYC / AML — Financial Services
MiFID II T+1 — Capital Markets
Prior Authorization — Healthcare
Financial Services — KYC Perpetual Screening · Ownership Change Event
Counterparty: Thornbridge Capital LLC · Trigger: beneficial owner registry update
Complete · 3m 41s
01
State
Context retrieval — entity history and risk profile assembled
State Plane serves: prior KYC score (MEDIUM, Nov 2025), UBO chain, watchlist status, adverse media history. Execution ID: EX-KYC-0041. S(t) ready for Intelligence Plane.
0:00–0:04
02
Intel
Probabilistic + deterministic ownership analysis
LLM analyzes new UBO (Marcus Reinholt, 52% interest). Rules engine cross-references OFAC, PEP databases. Candidate decision FROZEN: risk re-score MEDIUM→HIGH. SAR pre-file warranted. Decision snapshot logged — policy_hash: v2026.03.01.
0:04–0:18
03
Gov
Policy gate — BSA/AML KYC-08 applied
Control Plane: PEP involvement → compliance flag mandatory (KYC-08). Sanctions: NEGATIVE. Risk re-score >1 tier → CCO gate required. Execution APPROVED. HITL gate open (SLA: 4h). Policy evaluation: 4 seconds.
0:18–0:22
04
Coord
DAG sequenced — 4 systems, HITL gate at Step 4
Plan: Core KYC write → Salesforce case open → SAR pre-file generate → CCO notify. Compensation plan staged per node. SAR formal submission BLOCKED pending CCO acknowledgment.
0:22–0:28
05
Exec
Four transactional writes — all idempotent, all tagged
Core KYC: MEDIUM→HIGH (confirmed). Salesforce: Case #2026-KYC-0041 opened. RegTech: SAR-EX-0041 generated. CCO: Slack + email dispatched. Rollback available on all 4 writes.
0:28–3:41
06
State
Validation confirms — S(t+1) verified
Expected state changes confirmed: KYC=HIGH ✓, Salesforce=OPEN ✓, SAR=DRAFT ✓, CCO notified ✓. Audit ledger finalized. HITL gate tracking initiated.
3:41
Capital Markets — MiFID II T+1 Regulatory Reporting · Nightly Pipeline
Trigger: 23:45 CET scheduled · Trading day: 2026-04-09 · 1,247 trades to process
Complete · 13m 22s
01
State
Trade data retrieval — OMS, data warehouse, Bloomberg
State Plane serves full T-day trade universe: 1,247 records from OMS + Bloomberg BPIPE + data warehouse. LEI reference data loaded. S(t): raw trade dataset assembled. Execution ID: MR-MIF-2026-04-09-001.
0:00–0:12
02
Intel
Reportability analysis + exception identification
Intelligence Plane: classifies each trade (reportable / non-reportable / exception). Identifies 14 trades with data quality issues (missing LEI, jurisdiction edge cases). Candidate decision: 1,233 cleared for auto-submission, 14 for exception routing. Decision FROZEN.
0:12–2:18
03
Gov
MiFID II RTS 22 field validation — all rules applied
Control Plane: field-level validation against RTS 22 schema. 1,233 trades pass all 47 required fields. 14 exceptions: compliance flag + operations team notification required. Submission approved for 1,233. Exception handling plan approved.
2:18–2:26
04
Coord
Batch submission plan + exception routing DAG
Orchestration: batch 1,233 trades for ARM submission. Stage exception emails (14 trades, field-specific errors + remediation options). Post-submission: log to compliance system, archive submission record. ARM confirmation handling staged.
2:26–2:32
05
Exec
ARM submission + exception dispatch — all confirmed
ARM platform: 1,233 reports submitted at 23:58 CET. Confirmation: ARM-2026-04-09-44821. 14 exception emails dispatched to ops team. SAP compliance system updated. Submission log archived. Zero missed reports.
2:32–13:22
06
State
Validation: T+1 compliance confirmed
ARM confirmation verified ✓. Submission timestamp: 23:58 CET (within T+1 window) ✓. Exception routing confirmed ✓. DORA ICT event log entry created ✓. Audit record finalized: all 1,247 trades accounted.
13:22
Healthcare — Prior Authorization · End-to-End Submission
Patient: MRN anonymized · Procedure: CPT 27447 · Payer: Blue Shield · Physician: Dr. Chen
Complete · 47m
01
State
Clinical data retrieval from Epic EMR
State Plane: patient record retrieved — diagnosis codes (M17.11), procedure history, current medications, lab results, BMI (31.2), conservative treatment documentation (18 months). S(t) assembled. PHI access logged per HIPAA minimum-necessary. Execution ID: PA-2026-04-09-0441.
0:00–0:06
02
Intel
Clinical criteria matching — payer policy analysis
Intelligence Plane: patient criteria matched against Blue Shield policy for CPT 27447. All 6 required criteria confirmed: documented OA, conservative treatment ≥6mo, BMI recorded, functional limitation score documented, imaging evidence, age eligibility. Candidate decision: auto-submit (no physician review required for this case class). FROZEN.
0:06–0:22
03
Gov
HIPAA compliance check — PHI access audit + governance matrix
Control Plane: PHI handling within BAA scope ✓. Case classification: routine (all criteria met) → auto-submit permitted per governance matrix. No physician HITL gate required. All PHI access events logged with minimum-necessary annotation. Execution approved.
0:22–0:26
04
Coord
Submission package assembly + EMR update plan
Orchestration: clinical package assembled (diagnosis, procedure rationale, supporting labs, physician attestation). Formatted to Blue Shield API specification. Post-submission: EMR update queued (auth number, approval, expiry). Physician In-Basket notification staged.
0:26–0:35
05
Exec
Payer submission + EMR write — confirmed
Blue Shield API: prior auth submitted. Response: BS-AUTH-2026-04-09-882341 — APPROVED — 90 days. Epic EMR: auth number written, approval date, expiry, procedure confirmed (FHIR R4 write confirmed). Physician In-Basket notification dispatched.
0:35–0:47
06
State
Validation: auth received + state confirmed
Expected state: EMR auth field = BS-AUTH-882341 ✓. Epic status = APPROVED ✓. In-Basket = delivered ✓. PHI audit trail complete ✓. FDA 21 CFR Part 11 electronic record finalized. Total: 47 minutes vs 4.2 day average.
0:47
Failure Mode Design

Five failure modes
solved by architecture.

Enterprise AI systems fail in production for predictable reasons. These are not edge cases — they are the five categories every regulated environment will eventually encounter. The architecture has a structural answer to each.

Failure 01
Non-deterministic decisions
LLMs produce different outputs for identical inputs. Same trigger, different action — making audit reconstruction impossible and SR 11-7 model documentation meaningless.
Decision Freezing: LLM output is snapshotted before policy evaluation. The frozen snapshot — not the model — is the auditable record. Reproducibility is guaranteed regardless of subsequent model behavior.
Failure 02
Partial execution failure
Step 1 writes to Salesforce. Step 2 fails on SAP. Enterprise state is now inconsistent — CRM and ERP show different realities. Manual reconciliation follows, often discovered days later.
Compensation Workflows: Every execution node has a compensation action. If Step 2 fails, Step 1 is reversed — with its own audit record. Consistency is a design invariant, not a recovery procedure.
Failure 03
Policy drift
Compliance rules change. An execution permitted under Q1 policy is prohibited under Q3 policy. Without versioning, there is no way to know which rule governed a past execution — which is precisely what examiners ask.
Versioned Policies: Every execution references a specific, timestamped policy version. The policy_hash uniquely identifies the exact rules in effect. Historical reconstruction is always possible.
Failure 04
Orchestration deadlock
A multi-step workflow enters a state where no forward progress is possible — upstream system unavailable, timeout not handled, dependency cycle unresolved. The workflow hangs. Nobody knows.
Timeout + Fallback States: Every orchestration node has an explicit timeout with a defined fallback state. There are no implicit states. The system always has a deterministic next action when a timeout fires.
Failure 05
Silent execution failure
System executes, returns 200 OK, but the downstream SOR silently rejected or misapplied the write. No error raised. Enterprise state is wrong. Nobody knows until a human happens to check — days or weeks later.
Validation Engine: Every execution includes a post-write state validation confirming S(t+1) matches expectation. Anomaly detection flags unexpected patterns for human review before the execution record closes.
Design Principle
Execution reliability over intelligence accuracy
Most AI systems optimize for model accuracy. In regulated execution environments, the more important optimization is system behavior under failure conditions — partial data, unavailable systems, conflicting policies, high latency.
The architectural differentiation: not that CAIBots makes better decisions than alternatives, but that it behaves predictably, auditably, and recoverably when things go wrong — which they always do in production.
Execution Plane Connectors

Native API participants.
Not middleware wrappers.

Every connector is a first-class API participant in the target system — authentication, field-level access, write confirmation, and execution tagging. No browser automation. No RPA screen scraping. No middleware translation layer.

☁️
Salesforce
CRM · FSC · Service Cloud · Custom Objects
Lead records, compliance cases, opportunity management, custom workflow triggers. Native REST API with field-level write confirmation. Custom objects and Flow integration fully supported.
Execution Plane — REST API
🏭
SAP S/4HANA
ERP · SuccessFactors · BTP · BAPI
Financial entries, procurement records, workforce decisions, compliance filings. BAPI and OData connector — no middleware. Supports multi-step SAP transactions with native atomicity where available.
Execution Plane — BAPI / OData
🏥
Epic / Cerner
EMR · Clinical Systems · HL7 FHIR R4
Patient records, prior auth, care pathways, clinical alerts. HL7 FHIR R4 compliant. All clinical writes require physician review gate — enforced by Control Plane, not application logic. Zero PHI egress.
Execution Plane — HL7 FHIR R4
🔶
Oracle Fusion
ERP Cloud · Financial Cloud · HCM
GL entries, approval chains, procurement, regulatory reporting. Oracle REST API with SCIM-compliant identity management. Oracle Approval Management Engine integration for human workflow routing.
Execution Plane — Oracle REST
🟦
Workday
HCM · Finance · Planning · Prism Analytics
HR records, compensation decisions, compliance task routing, headcount writes. Workday Web Services and REST API. RAAS report integration for data retrieval alongside write operations.
Execution Plane — Workday REST
📊
Bloomberg / Refinitiv
Market Data · Regulatory Feeds · Reference Data
Real-time market data for credit and risk decisions. Bloomberg B-PIPE and BLPAPI. Refinitiv Elektron. Intelligence Plane reads these as Foundation substrate — Execution Plane never writes to market data systems.
Intelligence / Foundation — data feed
🟩
ServiceNow
ITSM · GRC · Risk · HR Service Delivery
Incident creation, GRC records, risk workflows, policy exception management. ServiceNow Table API. In many deployments, CAIBots Execution Plane triggers ServiceNow workflows — they work alongside each other, not in competition.
Execution Plane — Table API
📧
Microsoft 365
Outlook · Teams · SharePoint · Graph
Email dispatch, Teams notifications, document filing, approval routing. Microsoft Graph API with delegated and application-level permissions at granular scope. HITL gate notifications commonly route through Teams.
Execution Plane — MS Graph API
Technical Session

See the five planes
executing in your systems.

30-minute technical session. We walk through integration with your specific systems of record, demonstrate live writes with full audit trail, and scope the Control Plane governance matrix for your compliance framework — across your vertical.

Book a Technical Session ↗ Review Governance Architecture →
Princeton, NJ · contact@caibots.com · +1 (609) 721-2815
Compliance SR 11-7 GDPR SOC 2 FINRA / OCC HIPAA EU AI Act MiFID II DORA BSA / AML Basel III Dodd-Frank