Independent Reconciliation

Independent reconciliation is a detective control, not an inline gate. Export decision ids and occurrence times from a separate system of record, then compare that set with rawctx answer-audit logs.

Each run binds the reference-set root, rawctx-set root, finding counts, period, app/environment, and reference-source commitment into a receipt anchored by the trust log. Raw decision ids are not exposed in the proof.

Answer audit guide OTel integrations PyPI

What it catches

Reference decisions missing from rawctx
rawctx records not present in the reference set
Backfilled records anchored after the allowed lag window

Good references

Use systems that are hard to rewrite in lockstep with answer logs: LOS, ATS, provider usage exports, or auditor-owned extracts.

Public-safe boundary

The request payload carries raw ids, but persisted findings and proofs are commitment-oriented. The source key appears in proof material only as a commitment. Do not put secrets, API keys, raw customer exports, raw PII, or private system URLs in payload metadata.

Reference payload

Scope the run by app, environment, period, and join key

v1 assumes short-period set reconciliation. Each decision_id should match the selected key_field value.

{
  "source_key": "los-daily-export",
  "source_type": "business_system_export",
  "period_start": "2026-06-12T00:00:00Z",
  "period_end": "2026-06-13T00:00:00Z",
  "application_key": "loan_review_bot",
  "environment": "production",
  "key_field": "idempotency_key",
  "allowed_lag_seconds": 3600,
  "reference_records": [
    {
      "decision_id": "loan-review:app-123",
      "occurred_at": "2026-06-12T09:13:00Z"
    }
  ],
  "metadata": {
    "export_period": "daily-close"
  }
}

CLI

Run reconciliation and verify proof

rawctx reconcile run reconciliation.json --json
rawctx reconcile findings RUN_ID --json
rawctx reconcile proof RUN_ID --output reconciliation-proof.json
rawctx trust verify reconciliation-proof.json --online

Python SDK

Use the same flow from automation

import rawctx

run = rawctx.create_reconciliation_run(
    source_key="los-daily-export",
    source_type="business_system_export",
    period_start="2026-06-12T00:00:00Z",
    period_end="2026-06-13T00:00:00Z",
    application_key="loan_review_bot",
    environment="production",
    key_field="idempotency_key",
    reference_records=[
        {
            "decision_id": "loan-review:app-123",
            "occurred_at": "2026-06-12T09:13:00Z",
        },
    ],
)

findings = rawctx.list_reconciliation_findings(run["id"])
proof = rawctx.proof_reconciliation(run["id"])

Operating sequence

Start without forcing an inline gateway

Align the decision id stored in the business system with one of the rawctx answer-audit keys: idempotency_key, external_trace_id, or external_message_id.

1. Propagate a key

When a decision is made, write the same decision key to the business system, model-call trace, and rawctx answer-audit log.

2. Export by period

Export only decision ids and occurrence timestamps from the reference system by day or close period.

3. Review findings

Review missing, unexpected, late, duplicate, and unanchored findings, then fix the operational gap.

Honest boundary

It sees only what the reference can see

The strength of reconciliation is bounded by the independence of the reference source.

It focuses on near-period detection and evidence, not prevention.
Completeness weakens if a tenant can rewrite every reference source in lockstep.
Run it repeatedly with narrow app/environment/period scope, then share the proof after it is covered by an STH.

Check answer-log completeness against an external reference

Scope the run by app, environment, period, and join key

Run reconciliation and verify proof

Use the same flow from automation

Start without forcing an inline gateway

It sees only what the reference can see