🔁 Reconciliation & Anomaly · Solution

Two sources of truth stop drifting apart —
every break explained, every fix pre-drafted.

Match a ledger against its counterpart on a cadence, explain each variance in plain language, flag the breaks, and hand a human a ready-to-post correction — flow8 prepares the fix, a person commits it. Runs on your infrastructure, against your systems of record, with a full audit trail.

The business case

Two systems that must tie out quietly drift apart — and nobody is watching

The problem

Two systems that are supposed to agree quietly drift apart: the ledger says one thing, the bank says another; the order shipped but the invoice never matched; a decision was approved but the outcome never landed. Today a person finds the gap days or weeks later by eyeballing spreadsheets, then spends the rest of the day reconstructing why it broke and hand-typing the fix. The break is expensive precisely because nobody is watching the two sides on a cadence.

The moment you try to close that gap with an off-the-shelf "AI reconciliation agent," you hand a model the authority to mark items matched and auto-post journal entries and adjustments — to move money on its own judgement. That is exactly the authority you cannot hand a model.

Who feels it

  • Controllers and finance-close teams, AR/AP and treasury, revenue-operations and order-to-cash owners
  • Supply-chain and procurement reconcilers running the three-way match
  • Internal audit and the CFO who signs off on the close — anyone accountable for 'these two numbers must tie out'
Time to value

Fast — this is the most battle-tested shape on flow8, already running in production against a live ledger. A pilot points at your two sources with the kill-switch on and runs shadow-first, so you see explained variances and pre-drafted corrections before any reach a person — reconciling in days, not a quarter.

What you get

The break surfaces while it is still cheap to fix — not at close

The same pipeline serves every pair of sources that must tie out — one reconciliation or ten.

🔁

Continuous, not month-end

The two sides are re-matched every cadence — hourly to weekly — so a break surfaces while it is still cheap to fix, instead of being discovered days or weeks later at close.

🧾

Every variance arrives explained

Not a raw red cell but a classified break: kind (amount mismatch / missing counterparty / wrong account / timing), the signed delta, and a plain-language reason a reviewer can act on in seconds.

✍️

The correction is pre-drafted

The journal posting, the adjusting entry, the matched pair — rendered ready to review. The human approves in seconds instead of reconstructing the fix from scratch.

🔒

Nothing is ever auto-posted

Money and identity corrections are prepared as draft rows and flagged for a person. The audit trail shows 'flow8 prepared, a human committed' — nothing consequential fires on its own.

Exactly one open task per break

One human task per unhealthy unit, deduped against the database — no duplicate tickets on re-runs, and no break that slips because two people each thought the other had it.

📊

A self-healing dashboard, one digest

A live rollup of what's matched / unmatched / proposed / blocked, recomputed every run, with a single throttled digest when something alert-worthy crosses — one surface to watch, not ten inboxes.

How it works

One governed spine, from two sources of truth to human approval

The model proposes; a human executes; nothing touching money or identity ever auto-posts. It is the same secure spine every flow8 Solution runs — here worn as a continuous reconciler.

Every unit runs the identical sequence. The matching math is Code, never an LLM; the model is demoted to an advisor that only suggests a match and explains the gap. The consequential output is a proposed correction on a shared, tamper-evident actions ledger — not a posting.
01
📨
Cursored intake Only units newer than the stored watermark are pulled, plus their expected counterparts — never the whole table. IMAP · OCR
02
🧪
Injection pre-scan A deterministic Code heuristic treats every untrusted memo and reference as data, before any model sees it. data, not instructions
03
🧩
Extract & match The signed variance is computed in Code; a schema-locked LLM only suggests the counterpart and writes the plain-language reason. model suggests
04
⚖️
Code decides The binding matched / unmatched / proposed / blocked verdict is made in deterministic code, never by the model. Code authoritative
05
📝
Draft-not-act ledger Each correction is written as a proposed row on the shared actions ledger, keyed idempotently to the unit. draft, not act
06
🚦
Policy gate A deterministic rule layer classifies each row; a closed-period or debits≠credits breach blocks it, and money is capped at prepare-only. prepare-only
07
🙋
One human task Exactly one task is opened per unhealthy unit; a full evidence record is written before any side-effect. audit-before-effect
👤
Human reviews & commits A person approves in one click. The journal posting or adjusting entry commits under their authorship. human-gated
Safe output An explained variance and a prepared correction approved by a human · recorded on a signed ledger · reversible

Continuous Reconciliation watches two sources that must agree — a ledger and a bank feed, an order table and a fulfillment record, a decision log and its realized outcome — and re-matches them on a cadence. It pulls only new units since a stored cursor plus their expected counterparts, runs the injection pre-scan on every untrusted memo and reference, and computes the objective variance in deterministic Code. A schema-locked LLM then acts purely as a suggester — proposing the matched counterpart and explaining the gap — while the binding verdict is made in code.

Because the matching math is Code and never a model, because money corrections are capped at prepare-only by construction, and because the evidence row is written before any side-effect on a hash-chained, signed ledger, you get continuous reconciliation without ever handing a model the authority to post. A healthy-looking LLM score over failing evidence is forced to review, and a closed-period or debits≠credits rule blocks the entry regardless of what the model said. Off-the-shelf agents give a model authority first and bolt on guardrails later — flow8 makes the guardrail the architecture.

Why it's safe to run

Secure and efficient by construction — not by policy

Secure by construction

The guardrail is the architecture, so adding AI to the close stops being a risk-underwriting exercise.
  • Deterministic injection pre-scan. A Code heuristic (control / zero-width / bidi chars + imperative-override markers) runs on every memo and reference before any LLM. A flagged unit takes zero LLM passes and is quarantined — stored, not dropped. There is no security module pretended.
  • Never auto-post on money or identity. Every correction is a draft proposed row plus a flag, and a human commits the journal posting inside the action gate. The matching verdict is computed over fields the unit's owner cannot freely author, so an attacker-authored 'mark this matched' in a memo can never trigger a posting.
  • Audit before side-effect. The model id, prompt version, computed delta, evidence, and injection flag are recorded before any correction row or task fires — so a failed side-effect never loses the provenance.
  • Tamper-evident ledger. Each committed correction carries a per-actor hash chain plus an HMAC-SHA256 signature under a frozen canonicalization, and a read-only reconciliation sweep re-verifies the chain byte-identically to catch any committed-not-prepared money escape.
  • Sovereign and provider-swappable. State of record lives in your own f8db; the vector index is a rebuildable derived copy; the AI provider is a swappable setting. The whole flow runs on-prem with no egress — validated in a zero-egress sandbox before it ever touches production.

Efficient by construction

The same properties that make it safe make it cheap to run at volume.
  • Idempotent by construction. The unit key is the upsert conflict key, written before the side-effect, so re-running the same window double-writes nothing and a matched unit creates no action at all. Re-runs and overlapping cadences collapse to one row.
  • Draft-not-act removes rework. The correction arrives rendered and ready, so the human reviews-and-approves instead of re-deriving the fix — the expensive minutes are spent on judgement, not reconstruction.
  • Scoped, cursored intake. Each run drains only new units since the watermark with a hard query limit — a lost cursor degrades to a paged drain, never a full-table re-scan.
  • Deterministic where it counts. All the matching and variance arithmetic is pure Code, and the model is invoked exactly once per unit only to suggest a match and explain — the quantitative backbone never depends on an LLM, and model spend is minimized.
  • Self-healing dashboards. The matched-vs-proposed rollup recomputes every run ahead of the send-gate, so late data for a closed period re-aggregates automatically, and alerts are throttled to at most one per window.
Built from

Assembled from proven, hardened capabilities

Not rebuilt from scratch — composed from the same governed building blocks every flow8 Solution shares, so it ships in days.

The capabilities it composes
Cursored two-source intake Injection pre-scan Deterministic variance compute Schema-locked AI match & explain Code-authoritative verdict Neuro-symbolic compliance halt Draft-not-act correction ledger Tamper-evident audit trail
Connects to your stack
IMAP & Exchange mailboxes ERP & CRM systems of record Enterprise task & workflow queues On-prem vector store & knowledge base Bank, processor & settlement feeds Reporting & BI dashboards Any REST / OData API
Where it fits

The same process shape serves anything where two numbers must tie out

Any business whose work has two sources of truth that must agree — swap the two source schemas and the rule set, and the spine is identical.

Composes with

A draft from one solution is the clean upstream another consumes

Adopt this one and it plugs into the spine the others already speak.

Point it at your two sources. Kill-switch on. Shadow-first.

Watch a cadence of drift turn into explained variances and pre-drafted corrections your team approves in one click — drafts only, no postings, full audit trail. When you're ready, flip on the human-task queue and add the signed governance ledger or a three-way match on the exact same pipeline.

Book a demo →
All solutions