AI Proof

AI as an auditable assistant, not an invisible approver.

TwentyCore AI should help users analyze, draft, summarize, and prioritize. Posting, approval, submission, and overrides stay controlled by users and configured workflows.

Review AI controls

Principles

The buyer-facing AI control model.

Tenant-scoped context

AI prompts should use only the active tenant data needed for the task.

Human confirmation

AI can draft, explain, and summarize, but sensitive actions require user acceptance.

Minimum necessary data

Prompt context should avoid unrelated records and sensitive payloads.

Provider disclosure

AI provider, retention, and training terms must be confirmed per deployment.

Demo prompts

Prompts tied to the seeded demo tenant.

  • Summarize open sales orders and production risk for this tenant.
  • Which customer orders should I review first this week?
  • Explain why PRD-2026-0001 may affect SO-2026-0201.
  • Draft a follow-up note to Customer A about delivery status.

Evidence

What reviewers can ask to see.

  • tasks/artifacts/ai_endpoint_audit_2026-04-29.md
  • backend/tests/regression/test_ai_tenant_context.py
  • backend/tests/regression/test_ai_prompt_no_hardcoding.py
  • docs/sales/ai-proof-methodology.md