Core. The extraction is a probabilistic vision read, so it is never assumed correct. Each contract-critical field carries a confidence score. If any falls below threshold, the document becomes AMBER and goes to a human โ it is never auto-approved on an uncertain read.
# Every contract-critical field carries a per-field confidence score.
critical = [extracted.amount_conf, extracted.type_conf, extracted.period_conf]
if min(critical) < THRESHOLD:
status = "AMBER" # uncertain read -> human review
elif verdict == "MATCH":
status = "GREEN" # confident AND in-tolerance
else:
status = "RED" # confident mismatch
# AMBER is the honest path: uncertainty surfaced, not buried.This is the honest center of the pipeline. A false GREEN releases payment on a non-compliant waiver; the confidence gate is what makes that failure mode something you measure and contain instead of something that surprises you in production.
Integrity seal = unchanged from ingestion forward. Confidence gate = no uncertain machine read auto-clears payment.