> ## Documentation Index
> Fetch the complete documentation index at: https://docs.uselayerup.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Confidence Engine

> The confidence engine is the backbone of every Layerup AI Agent recommendation — a multi-signal, evidence-grounded scoring system that governs whether a case is resolved, flagged, or escalated to a human underwriter.

# 11 — Confidence engine — multi-signal scoring, threshold-governed escalation & audit-grounded reproducibility.

Every output the Layerup AI Agent produces carries a confidence score. That score is not
cosmetic. It is the operative signal that determines whether a case is auto-resolved, surfaced
for underwriter review, or mandatorily escalated — and it is the primary control that prevents
the agent from making a consequential recommendation it is not entitled to make.

The confidence engine is designed around a single governing principle: **an artificially high
confidence score is more dangerous than an artificially low one.** A suppressed score triggers
a human review. An inflated score allows a case through that should not have passed. If
confidence scores cannot be trusted to reflect genuine evidential quality, the agent's
recommendations cannot be trusted — and the product's value proposition collapses with them.

This section is addressed to your Underwriting Governance, Information Security, and Internal
Audit teams. It describes how the confidence score is computed, what suppresses it, how
thresholds govern agent behavior, and how the architecture addresses the legitimate enterprise
concern about score reproducibility.

***

## 11.1  How the confidence score is computed

The confidence score is not a single number returned by a foundation model. It is a **weighted
composite** assembled from independently evaluated signal streams — one for each evidence
domain the agent is configured to assess. Each stream produces its own sub-score. Those
sub-scores are aggregated, normalized, and evaluated against your configured threshold tiers
before any output is assembled.

The evidence domains evaluated in every case are:

| domain                          | what the engine assesses                                                                                                                                                     |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **AOP Coverage**                | Whether every material fact in this case has an applicable, unambiguous rule in the Agent Operating Procedure.                                                               |
| **Document Extraction Quality** | The OCR and text-extraction confidence across all submitted documents, weighted by how critical each document is to the recommendation.                                      |
| **Cross-Evidence Consistency**  | Whether the extracted facts across all documents, application form, and third-party data sources are internally coherent — no conflicting values for the same material fact. |
| **Inference Quality**           | The foundation model's own uncertainty signal across reasoning steps, plus any guardrail interventions that introduced gaps in the reasoning context.                        |
| **External Data Alignment**     | Whether third-party data sources (MIB, Rx history, motor vehicle records) are reconcilable with the submitted document set.                                                  |

Each domain score is independently computed and independently logged. The composite confidence
score is the weighted aggregate of these domain scores, with detractor penalties applied for
each identified signal of ambiguity, conflict, or unresolvable uncertainty.

<Warning>
  The confidence score is never a direct LLM opinion about how confident it feels. It is the
  output of a structured detractor model: a defined set of signals, each with a logged value,
  an evidence citation, and a weighted contribution to the composite. Every suppression is
  attributable. Every attribution is auditable. The engine is designed so that the reasoning
  behind a score of 68 is as legible as the recommendation itself.
</Warning>

***

## 11.2  Confidence detractors — exhaustive taxonomy

The confidence engine operates on a detractor model. The theoretical maximum score for any
case is 100. From that maximum, the engine applies suppression penalties for every identified
signal of ambiguity, conflict, or unresolvable uncertainty. The composite score is what
remains after all applicable detractors are applied.

Any factor that prevents the agent from reaching a high-evidence, internally consistent,
AOP-grounded conclusion about a material fact is a detractor. The detractors are grouped into
four families below.

***

### AOP & Configuration Detractors

These detractors fire when the agent's operating configuration itself is the source of
uncertainty — either because the AOP does not cover the scenario presented, or because the
AOP contains internal contradictions that prevent a deterministic evaluation.

<CardGroup cols={2}>
  <Card title="AOP Gap — Undefined Scenario" icon="circle-question">
    The case presents a material fact or combination of facts for which no applicable rule
    exists in the AOP. Rather than fabricating an evaluation, the agent explicitly surfaces
    the gap and flags it as unresolved. The absence of a rule is treated as a confidence
    suppressor, not a licence to extrapolate. This is by design: an AOP gap is a signal that
    human underwriting judgment is required.
  </Card>

  <Card title="Intra-AOP Rule Conflict" icon="arrows-split-up-and-left">
    Two or more clauses in the AOP produce contradictory evaluations of the same material
    fact. For example, the occupation section classifies a role as Class 3, while the financial
    documentation standards section applies thresholds appropriate for Class 2. The engine
    cannot produce a coherent recommendation when the configuration itself is internally
    inconsistent — both the conflict and the affected rules are logged in full.
  </Card>

  <Card title="Out-of-Scope Edge Case" icon="compass">
    The case involves a pattern that the AOP does not define any coverage for — not a gap
    within a covered dimension, but an entire scenario type outside the AOP's scope. This is
    distinct from an AOP gap: the AOP has not been configured to evaluate this scenario at all
    rather than having an incomplete rule for a scenario it covers. The agent does not
    extrapolate beyond its configured scope under any circumstances.
  </Card>

  <Card title="Missing Escalation Routing" icon="route">
    The AOP specifies that certain conditions should trigger escalation to a named role, team,
    or queue that is not found in the configured routing table. The agent cannot complete
    output assembly without a valid escalation target, and the configuration omission itself
    suppresses confidence on the affected case dimensions.
  </Card>
</CardGroup>

***

### Document Extraction Detractors

These detractors fire when the quality of the raw document set — or the agent's ability to
extract structured data from it — is insufficient to support a high-confidence evaluation of
the material facts contained within.

<CardGroup cols={2}>
  <Card title="OCR Confidence Below Extraction Floor" icon="eye-slash">
    The OCR pipeline cannot extract readable text from a document page at or above the
    configured confidence floor. Common causes include poor handwriting, degraded scan quality,
    fax artefacts, dot-matrix printing, and over-compressed image files. The agent does not
    attempt to reason over content it cannot extract with sufficient confidence — the affected
    field is marked as unresolved and contributes a suppression proportional to that field's
    evidentiary weight.
  </Card>

  <Card title="Unsupported or Corrupted Document Format" icon="file-circle-xmark">
    The submitted document is in a format the extraction pipeline cannot parse, or the file
    itself is structurally corrupted. This includes proprietary medical record formats, certain
    legacy EDI document types, and files where the binary structure does not match the declared
    MIME type. Corrupted documents are flagged in the `unprocessed_attachments` list, and any
    material facts expected from those documents are treated as unresolved.
  </Card>

  <Card title="Password-Protected or Rights-Managed Document" icon="lock">
    The document is encrypted, password-protected, or subject to DRM controls that prevent
    the extraction pipeline from reading its content. The agent logs the document identifier,
    the protection type, and the expected material facts it cannot access. These cases require
    the submitting party to resubmit in an unprotected format.
  </Card>

  <Card title="Stale or Superseded Document Version" icon="clock-rotate-left">
    The document's issue date predates a known SOP revision, regulatory update, or product
    line change that the AOP was built to reflect. Content from a superseded document may
    apply outdated standards, schedules, or classification tables — using it without flagging
    this discrepancy would introduce silent error. The agent logs the document date, the
    relevant revision date, and the specific fields potentially affected.
  </Card>

  <Card title="Translation or Language Extraction Uncertainty" icon="language">
    The submitted document is in a non-primary language and requires machine translation
    before extraction. Translation confidence and OCR confidence compound: a document with
    90% OCR accuracy and 90% translation accuracy produces data points with an effective
    extraction confidence of approximately 81% before any further uncertainty is applied.
    Material facts extracted from translated documents carry a compounded confidence
    penalty proportional to both error rates.
  </Card>

  <Card title="Incomplete Page Set" icon="file-circle-minus">
    The submitted document references pages, exhibits, or attachments that are not present
    in the intake packet. The agent can identify this in documents that contain explicit page
    counts, continuation references, or exhibits lists. The missing content is treated as an
    unresolved evidence gap and contributes a suppression proportional to the expected
    materiality of the missing pages.
  </Card>
</CardGroup>

***

### Cross-Evidence Consistency Detractors

These detractors fire when the agent successfully extracts data from multiple sources but
finds that those sources cannot be reconciled into a coherent, internally consistent picture
of the material facts. Consistency is evaluated across all document pairs, not just against
the application form.

<CardGroup cols={2}>
  <Card title="Cross-Document Data Discrepancy" icon="not-equal">
    Two or more source documents state different values for the same material fact. Examples
    include a date of birth that differs between the application form and the APS, an annual
    income figure that differs between the employer letter and the tax return, or a diagnosis
    date that differs between two treating physician reports. The agent logs the specific field,
    the conflicting values, and the source documents for each — it does not resolve the
    conflict by choosing the value it deems more credible.
  </Card>

  <Card title="Applicant-Stated vs. Document-Evidenced Mismatch" icon="person-circle-question">
    The facts stated on the application form cannot be corroborated by — or are directly
    contradicted by — the supporting document set. This is one of the highest-weight
    detractors in the engine, because an irreconcilable mismatch between stated and evidenced
    facts on a material underwriting dimension is a standalone underwriting concern independent
    of any other finding.
  </Card>

  <Card title="Conflicting Occupation Representations" icon="briefcase">
    The applicant's occupation is described differently across sources: the job title on the
    application, the narrative in the Attending Physician Statement, the employer letter, and
    the duty questionnaire cannot be aligned to a single resolved occupation class. Occupation
    class is a primary underwriting driver — irreconcilable occupation representations
    prevent the agent from applying the correct risk thresholds and duty mix requirements.
  </Card>

  <Card title="Inconsistent Income Timeline" icon="chart-line">
    The YTD income figures, annualised projections, prior-year tax documents, and employer
    letters cannot be arithmetically reconciled within the tolerance bands defined in the AOP.
    This includes cases where the implied YTD run rate is implausible relative to the stated
    annual income, and cases where income figures across different document types diverge
    beyond the AOP's defined reconciliation tolerance.
  </Card>

  <Card title="Medical History Timeline Inconsistency" icon="timeline">
    Treatment dates, prescription fill dates, procedure dates, and the narrative timeline
    in the Attending Physician Statement cannot be aligned into a coherent chronological
    sequence. Timeline inconsistencies in medical documentation are material underwriting
    findings in their own right — the agent logs each inconsistency with the specific dates,
    the documents each date was sourced from, and the nature of the conflict.
  </Card>

  <Card title="Third-Party Data Conflict" icon="database">
    A third-party data source — MIB record, prescription drug history report, motor vehicle
    report, or equivalent — contains information that is inconsistent with the applicant's
    stated history or the submitted supporting documentation. The agent logs the specific
    conflicting data points, their source (third-party vs. submitted), and the severity of
    the discrepancy under the AOP's defined conflict-severity rubric.
  </Card>

  <Card title="Implausible or Anomalous Value" icon="triangle-exclamation">
    An extracted value — income, age at diagnosis, treatment duration, claim amount — falls
    outside the range of statistically plausible values for the applicant's stated occupation
    class, age, or condition profile as defined in the AOP's reference tables. The agent does
    not reject the value — it flags it as requiring human scrutiny and applies a suppression
    proportional to the degree of departure from the expected range.
  </Card>

  <Card title="Reinsurance Treaty Boundary Case" icon="scale-balanced">
    The case characteristics place it on or near a boundary defined in the applicable
    reinsurance treaty — for example, a benefit amount or occupation class that sits at the
    edge of a treaty's automatic acceptance limits. The treaty boundary is explicitly
    configured in the AOP; cases within the defined margin of that boundary receive a
    confidence suppression because the correct treaty disposition cannot be determined
    without direct reinsurer consultation.
  </Card>
</CardGroup>

***

### Inference & Reasoning Detractors

These detractors fire when the reasoning process itself introduces uncertainty — either from
the foundation model's own internal signal quality, from guardrail interventions that created
gaps in reasoning context, or from structural ambiguities in the case that prevent the agent
from reaching a deterministic conclusion under its configured rules.

<CardGroup cols={2}>
  <Card title="Model Uncertainty Signal" icon="waveform-lines">
    The foundation model's own inference uncertainty indicator — expressed as response hedging,
    low-confidence phrasing, or explicit qualification in the reasoning chain — falls below
    the configured floor for a given reasoning step. This is not the composite confidence
    score: it is the model's internal signal about its own output quality on a specific
    sub-question. When the model is uncertain about a conclusion, the engine treats that
    uncertainty as a first-class signal rather than discarding it.
  </Card>

  <Card title="Guardrail Partial Intervention" icon="shield-exclamation">
    An Amazon Bedrock Guardrail or Azure AI Content Safety policy redacted or modified part of
    an inference input or output during a reasoning step. Even where the guardrail did not
    block the step entirely, a partial intervention creates a gap in the reasoning context:
    the model completed its reasoning on a modified version of the input, and the agent cannot
    determine with certainty what was altered. The intervention is logged in full; the
    affected reasoning step carries a confidence suppression.
  </Card>

  <Card title="Incomplete Duty Mix Resolution" icon="list-check">
    The available evidence is insufficient to break down the applicant's occupational duty
    mix — the percentage split between manual, supervisory, and clerical functions — to the
    granularity the AOP requires for the applicable occupation class. Duty mix is a primary
    driver of disability risk classification; an unresolved duty mix prevents the agent from
    applying the correct thresholds and results in a confidence suppression on the occupation
    analysis dimension.
  </Card>

  <Card title="Unresolvable Requirement" icon="circle-xmark">
    The agent determines that a specific piece of documentation is required under the AOP
    to reach a recommendation on a material dimension, but that document cannot be obtained
    through any available channel — for example, an Attending Physician Statement from a
    treating physician whose practice has closed. The requirement is surfaced explicitly;
    the agent does not substitute alternative evidence for a document the AOP designates
    as mandatory.
  </Card>

  <Card title="Multi-Jurisdiction Complexity" icon="globe">
    The case involves material facts — licensing, occupation classification, regulatory
    limits, benefit amounts — that span multiple states or countries where applicable rules
    differ and the correct jurisdiction cannot be determined from available documentation.
    The agent logs each jurisdictional ambiguity and the specific rules that conflict; it
    does not apply a single jurisdiction's rules to a case where that selection is itself
    unresolved.
  </Card>

  <Card title="Compounded Uncertainty Cascade" icon="diagram-project">
    Multiple individually moderate detractors, when combined, produce a cascading suppression
    that is materially larger than the sum of their individual penalties. The engine detects
    when detractors are correlated — for example, an OCR confidence issue on the primary
    income document combined with a cross-document income discrepancy — and applies a
    cascade multiplier that reflects the compounded evidentiary weakness rather than treating
    each detractor as independent.
  </Card>
</CardGroup>

***

## 11.3  Confidence engine architecture

```mermaid theme={null}
flowchart LR
  subgraph signals [Signal Streams]
    AOP[AOP Coverage<br/>Gap · Conflict · Scope]
    DOC[Document Extraction<br/>OCR · Format · Completeness]
    XEVID[Cross-Evidence<br/>Consistency · Discrepancy · Anomaly]
    INF[Inference Quality<br/>Model Signal · Guardrail · Duty Mix]
    EXT[External Data<br/>MIB · Rx · MVR Alignment]
  end

  subgraph engine [Confidence Engine]
    AGG[Weighted Signal<br/>Aggregator]
    DET[Detractor<br/>Normaliser]
    CMP[Composite Score<br/>0 – 100]
  end

  subgraph routing [Threshold Routing]
    THR{Score vs.<br/>Configured Tiers}
    AUTO[Auto-Resolve<br/>Full Recommendation]
    SOFT[Soft Review<br/>Partial + Flags]
    HARD[Hard Escalation<br/>Senior Underwriter]
  end

  AOP --> AGG
  DOC --> AGG
  XEVID --> AGG
  INF --> AGG
  EXT --> AGG
  AGG --> DET
  DET --> CMP
  CMP --> THR
  THR -->|"High tier"| AUTO
  THR -->|"Mid tier"| SOFT
  THR -->|"Below floor"| HARD

  classDef stream fill:#fafafa,stroke:#111,color:#111;
  classDef core fill:#f4f4f2,stroke:#111,color:#111;
  classDef outcome fill:#fafafa,stroke:#111,color:#111;
  class AOP,DOC,XEVID,INF,EXT stream;
  class AGG,DET,CMP core;
  class AUTO,SOFT,HARD outcome;
```

*Fig. A12.1 — Confidence engine architecture. Five independently evaluated signal streams
feed a weighted aggregator. Detractor penalties are applied by the normalizer before the
composite score is evaluated against your configured threshold tiers. Each stream's
contribution and each detractor's penalty are individually logged against the case.*

***

## 11.4  Threshold configuration & escalation tiers

The confidence engine evaluates the composite score against **two configurable thresholds**
defined in the AOP: a high threshold and a low threshold. These two values divide the
score range into three tiers, each with a distinct agent behavior.

| tier                | score range                                   | agent behavior                                                                                                                                                                                                                                                               |
| ------------------- | --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Auto-Resolve**    | ≥ high threshold (e.g., ≥ 90)                 | Full or partial recommendation issued with evidence citations. No mandatory human review. Flags are included for any dimension with a non-zero detractor, but the recommendation is considered actionable by the underwriter at their discretion.                            |
| **Soft Review**     | Between low and high thresholds (e.g., 75–89) | Partial recommendation with explicit flags issued. The case is surfaced in the underwriter's review queue for optional but encouraged human review. All detractor signals and their evidence are visible in the case record.                                                 |
| **Hard Escalation** | \< low threshold (e.g., \< 75)                | No recommendation is issued. The case is mandatorily routed to a senior underwriter with the full confidence signal breakdown, escalation reasons, open questions, and all available evidence citations. The agent does not produce a recommendation under these conditions. |

<Note>
  Threshold values are set in the AOP, not in the container image. This means different product
  lines, distribution channels, or regulatory jurisdictions can carry different threshold
  configurations under separate AOP versions — all managed through your standard AOP governance
  workflow (see 9). The escalation logic that enforces these thresholds is hard-coded in the
  agent's output assembly layer and cannot be bypassed by AOP configuration.
</Note>

<Warning>
  A critical data point failure — where a material underwriting dimension cannot be evaluated
  at all due to document absence, total OCR failure, or irreconcilable inconsistency — triggers
  hard escalation regardless of the composite confidence score. The score threshold is the
  floor; a critical extraction failure is an unconditional ceiling. See 8 for the full
  escalation gate protocol.
</Warning>

***

## 11.5  Score reproducibility — two structural features

Enterprise customers consistently raise a legitimate question: if the confidence score is
produced by a reasoning workload that incorporates a foundation model, how can it be trusted
to be reproducible and auditable?

This concern deserves a precise answer. Nondeterminism in the context of confidence scoring
conflates two distinct phenomena that require different responses:

* **Score variance from changing inputs** — the AOP is updated, a new document is added,
  the model version changes, or the case facts are genuinely different. Score variance in this
  case is *correct and expected*. A system that produces the same score regardless of input
  changes is the more dangerous product.

* **Score variance from identical inputs** — the same case, the same AOP version, the same
  model version, the same document set produces materially different scores across runs. This
  is the legitimate concern.

The confidence engine addresses the second phenomenon through two structural features.

***

### 11.5.1  Confidence signal lineage report

Every case output includes a `confidence_signal_breakdown` object alongside the composite
score. This object decomposes the composite into its constituent signal contributions —
showing not just the final number, but every suppression that produced it.

```json theme={null}
{
  "confidence_signal_breakdown": {
    "composite_score": 72,
    "signals": [
      {
        "domain": "cross_evidence_consistency",
        "domain_score": 61,
        "weight": 0.30,
        "detractors": [
          {
            "type": "cross_document_data_discrepancy",
            "severity": "high",
            "affected_field": "annual_income",
            "suppression_applied": 22,
            "sources": [
              { "document": "tax_return_2024.pdf", "page": 1, "extracted_value": "142000" },
              { "document": "employer_letter.pdf", "page": 1, "extracted_value": "118500" }
            ]
          }
        ]
      },
      {
        "domain": "document_extraction_quality",
        "domain_score": 84,
        "weight": 0.20,
        "detractors": [
          {
            "type": "ocr_below_extraction_floor",
            "severity": "moderate",
            "affected_field": "attending_physician_signature",
            "suppression_applied": 11,
            "sources": [
              { "document": "aps_dr_chen.pdf", "page": 4, "ocr_confidence": 0.61 }
            ]
          }
        ]
      }
    ]
  }
}
```

Every detractor in the breakdown is evidence-grounded: it names the source document, the
page, the extracted value (or the OCR confidence), and the suppression it contributed. A
score of 72 is not a black box — it is the precise, traceable sum of every ambiguity the
engine identified.

This means:

* If two runs of the same case produce different scores, the lineage report shows exactly
  which signal changed, which detractor fired differently, and which source document drove
  the difference.
* Your internal audit team can reconstruct the full scoring rationale for any historical case
  — at the signal level, not just the recommendation level — without re-running the agent.
* Regulatory examiners reviewing a historical decision have access to the complete chain of
  evidence from raw OCR confidence to composite score to recommendation.

<Note>
  The signal lineage report is written to both the output payload and your CloudWatch / Azure
  Monitor audit log simultaneously. It is not a separate query or a post-hoc report — it is
  a first-class output artefact logged at the same time as the recommendation (see 7).
</Note>

***

### 11.5.2  AOP-anchored reproducibility validation

The CI/CD test harness (see 10) runs the agent against a versioned set of historical
validation cases before any AOP promotion. For confidence scoring specifically, the harness
does not only check whether the binary recommendation matches the historical outcome — it
captures the **full score distribution** across the validation case set and compares it
against the certified baseline distribution established at AOP certification.

Before any AOP version is promoted to production, the harness must confirm that:

1. The composite score distribution across the validation set falls within the defined
   tolerance band relative to the certified baseline (configurable; default: ± 3 points on
   mean, ± 5 points on p10/p90).
2. No individual validation case produces a score that deviates by more than the defined
   per-case tolerance from its baseline (configurable; default: ± 8 points).
3. The proportion of cases in each tier — auto-resolve, soft review, hard escalation —
   does not shift by more than the defined tier-distribution tolerance (configurable;
   default: ± 5 percentage points per tier).

A failure on any of these checks blocks the AOP promotion and generates a structured
review report itemising each out-of-tolerance case, the detractors that changed, and the
AOP delta responsible for the change.

The certified baseline distribution is stored as a version-controlled artefact in your
source control system alongside the AOP itself. It is updated only when a new AOP version
is explicitly certified by your underwriting governance lead — it is never auto-updated
by the harness.

<Warning>
  A score distribution that is consistently concentrated in the high tier is not evidence of
  a well-calibrated AOP — it may be evidence of a permissive configuration that is failing to
  suppress scores for genuinely ambiguous cases. Layerup's implementation team reviews the
  certified baseline distribution as part of every white-glove AOP update and will flag any
  distribution that shows implausible concentration above the high threshold.
</Warning>

***

## 11.6  Confidence score in the output payload

The confidence score and its signal lineage are surfaced in two locations within the output
payload (see 6 for the full output schema).

| field                         | location in payload                             | description                                                                                                                                                                                                                                                                               |
| ----------------------------- | ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `confidence_score`            | `ai_recommendation.confidence_score`            | 0–100 integer. The composite score after all detractor penalties are applied. Cases below the configured low threshold receive `Escalate to Senior Underwriter` as the `decision` value.                                                                                                  |
| `confidence_signal_breakdown` | `ai_recommendation.confidence_signal_breakdown` | Decomposed signal breakdown object. One entry per evaluated domain, each with domain score, weight, and detractor array with source citations.                                                                                                                                            |
| `escalation_reasons`          | `escalation_flag.escalation_reasons`            | Structured list of the specific detractors that contributed to escalation, cross-referenced to the signals in `confidence_signal_breakdown`. Where the escalation was triggered by a critical data point failure rather than a threshold breach, the specific failure is enumerated here. |

The relationship between these three fields forms the complete audit chain for any individual
case decision: the composite score is explained by the signal breakdown, and the escalation
reasons reference the specific signals that crossed the escalation threshold — giving your
underwriting team, your compliance officers, and your internal auditors a single coherent
artefact that traces from raw document evidence to final recommendation disposition.
