Reference architecture

The production AI pattern: governed access, controlled workflows, full audit

A repeatable architecture for putting AI into real operations. Your systems stay the source of truth, a governed gateway controls every tool call, controlled AI workflows take structured action, and an operator layer plus end-to-end audit keep the whole system accountable.

The pattern

Five layers, one controlled path from system of record to AI action

Most AI projects stall between a convincing demo and a system you can actually run. The gap is rarely the model — it is everything around it: identity, permissions, approvals, redaction, idempotency, recovery, and the audit trail that lets a regulated organization trust an automated action.

We close that gap with a layered pattern. Existing systems stay authoritative. Nervora governs every tool call. Controlled AI workflows orchestrate retrieval, agents, and rules into structured, inspectable actions. Operanto gives operators a place to work alongside the AI. And audit, monitoring, and review wrap the whole system so nothing happens off the record.

The production AI pattern
  1. Fiscora · Personora · Existing systems

    Finance · HR · ERP · CRM · Legacy apps

  2. Nervora

    Identity · RBAC · Tools · Approval · Redaction · Idempotency · Audit

  3. Controlled AI workflows

    RAG · Agents · Rules · Structured action

  4. Operanto

    Inbox · Workflow · Quote · CRM · Human-in-the-loop

  5. Audit · Monitoring · Review

    Every action logged, traceable, and reviewable

Layer by layer

What each layer is responsible for

Each layer has a single, clear responsibility — together they form one controlled path from your system of record to a safe AI action.

Layer 01

Existing systems

System of record

Finance, HR, ERP, CRM, and legacy applications stay authoritative. Fiscora and Personora show how even legacy institutional platforms become API-first, audit-ready systems the AI layer can safely build on.

  • Your databases and apps remain the source of truth
  • Access happens through governed APIs, not direct AI reach-in
  • Legacy systems are modernized into stable, documented interfaces
Layer 02

Nervora — governed gateway

Identity · RBAC · Audit

Nervora is a secure MCP / OpenAPI gateway. Every tool the AI can call passes through authentication, permission checks, approval, redaction, and idempotency — with a full audit record on each call.

  • OIDC identity and role-based access control on every tool
  • Human approval gates for sensitive or irreversible actions
  • Redaction of sensitive data and idempotency to prevent double-execution
  • Every tool call is logged and attributable
Layer 03

Controlled AI workflows

RAG · Agents · Rules

Retrieval, agents, and business rules run inside durable workflows — not as a free-roaming agent. State is persisted, steps are inspectable, and the system takes structured actions rather than unconstrained ones.

  • Durable workflow state with routing, retries, and recovery
  • RAG over your documents and data, with evaluation
  • Rules and structured outputs constrain what the AI can do
  • Human-in-the-loop steps wherever judgment is required
Layer 04

Operanto — operator surface

Inbox · Workflow · Human

Operanto turns the controlled workflow into something a team can operate: a multi-channel inbox, quoting, CRM, scheduling, and approvals — the place where humans and AI work the same process together.

  • Unified inbox and AI assistant over a config-driven workflow engine
  • Quoting, scheduling, CRM, and document AI in one operating layer
  • Human approvals and overrides built into the flow
Layer 05

Audit, monitoring & review

Accountability

Every action — model call, tool call, and human decision — is logged, traceable, and reviewable. Monitoring and observability make behavior visible in real time; review closes the loop on quality, cost, and compliance.

  • End-to-end audit trail across AI, tools, and people
  • OpenTelemetry-based observability and operational visibility
  • Review workflows for quality, cost, and compliance

Sovereignty layer

The Inovativi Sovereignty Layer

We design AI systems that remain operational when providers, prices, regulations, or geopolitical conditions change. Our architecture combines self-hosted and open-weight models for control and continuity, European model providers and infrastructure for data sovereignty, premium frontier APIs for the most demanding tasks, and deterministic business logic, audit trails, human approvals, and manual fallback paths.

  • Self-hosted and open-weight models for control and continuity
  • European model providers and infrastructure for data sovereignty
  • Premium frontier APIs for the most demanding tasks
  • Deterministic business logic, audit trails, human approvals, and manual fallback paths

Models are replaceable components — not operational dependencies.

Explore AI resilience
Vendor-independent execution flow
  1. Business application

    Your product or operational system

  2. Inovativi AI Gateway

    One vendor-independent control plane

  3. Policy · routing · data classification · audit · fallback

    Every request is governed before a model sees it

  4. Premium APIs · European models · self-hosted open-weight models

    Interchangeable model backends

  5. Deterministic services & human approval

    Continuity when models are unavailable

Why this pattern

The principles that make AI safe to run in production

These are the non-negotiables behind every system we put into production.

Systems stay the source of truth

AI augments your systems; it does not replace or bypass them. The system of record stays authoritative and consistent.

Controlled, not autonomous

The AI operates inside durable workflows with rules and structured actions — predictable behavior over open-ended autonomy.

Human-in-the-loop by design

Sensitive and irreversible actions pass through explicit human approval, not implicit trust in a model.

Audited by default

Every model call, tool call, and decision is logged and attributable — auditability is built in, not bolted on.

Idempotent and recoverable

Workflows survive failures, retries are safe, and actions are never silently executed twice.

Cost and access under control

Permissioning, redaction, and monitoring keep data exposure and model spend within deliberate bounds.

Next step

Bring this pattern to your systems

Tell us about your systems, data, and the workflow you want to put into production. We will respond with an architecture path from a bounded first step to a governed, audited AI workflow.