Demo Walkthrough

Operator submits an operator scenario query through a local interface. No cloud routing. The query is parsed into structured retrieval intents with source-attribution requirements and an explicit uncertainty budget. Queries that exceed the budget or request unavailable source types are refused at intake — the system halts rather than fabricating.

The query is dispatched against a registered corpus. Each source is tagged with provenance metadata: origin, date, classification, export-control posture, and retrieval authorization. Unregistered sources are never queried. Retrieval is bounded by a configurable document-count cap to prevent context-window saturation.

Retrieved passages are assembled into a structured response. Every factual claim in the output carries a source citation with document ID, passage offset, and retrieval timestamp. The composer refuses to generate claims that lack supporting passages — abstention is the default when evidence is thin.

The system emits a per-claim confidence signal: grounded (multi-source, consistent), single-source (one passage only), thin (passage exists but relevance is marginal), or abstain (no supporting passage found). Thin and abstain results are surfaced prominently — the operator sees the gap, not a smoothed-over answer.

The final output is a structured report: query, retrieved sources, cited answer, uncertainty map, and a full audit receipt. The report is self-contained — portable, verifiable, and readable without the live system. Output format is designed for inclusion in an operator decision workflow.

Every query run produces a tamper-evident receipt: query hash, source manifest with retrieval timestamps, composer version, confidence signals, and a content-addressed output hash. Receipts are verifiable independently of the live system — the evidence chain survives the runtime.