The Autonomous Quote-to-Cash  /  Page 04

Delivery & Product Design
SAFe Solution Train · Personas · FRD · HITL Specification

Two questions answered on one page. How does the Autonomous Quote-to-Cash get delivered across teams — the SAFe delivery governance layer. And what does each team actually build — the product design layer that bridges architecture to implementation.

SAFe 6.0 · Solution Train 4 Agile Release Trains 5 Buyer Personas 8 Functional Requirements 11 HITL Checkpoints

§1 SAFe 6.0 · Solution Train

TOGAF defines what to build. SAFe defines how teams build it.

The TOGAF ADM produced the architecture. The SAFe Solution Train is the delivery governance model that organises the teams that implement it. They are complementary frameworks operating at different altitudes — architecture defines the target state, SAFe defines the cadence, coordination, and cross-team dependency management that gets the enterprise there.

TOGAF ADM
Architecture layer

Defines the target state — what systems, what data model, what technology choices, what principles. Produces Phase D artifacts that become the architecture runway for each ART.

SAFe Solution Train
Delivery layer

Organises four ARTs across the capability domains. Coordinates cross-cutting enablers. Manages dependencies across team boundaries. Aligns delivery cadence to migration horizons from TOGAF Phase F.

Architecture Runway
The connection

TOGAF Phase D artifacts — GCP reference architecture, canonical data model, ADRs — are delivered as architecture runway features at the Portfolio level. Each ART in this Solution Train pulls from the runway as needed, eliminating architecture-as-blocker.

§2 ART Topology

Three Agile Release Trains. One Solution Train: Quote-to-Cash.

Quote-to-Cash is a Solution Train — a system of systems collecting multiple ARTs into a single coordinated delivery — within The Autonomous Enterprise Platform's Portfolio. Each ART below owns one capability domain from the Phase B Business Architecture. The platform's shared enablers (HITL, XAI, data fabric, security) are owned at the Portfolio level, consumed here as dependencies, not rebuilt inside this Solution Train.

Figure 1
Three ARTs, capability domains, and Portfolio enabler consumption
Sales Agent ART
Qualification & CPQ
CCAI Sales Agent
Qualification · Config · CPQ · Escalation
Horizon 3 · WP-08
Depends on:HITL Framework (Portfolio) · Salesforce REST API
ContractGuard ART
Contract Intelligence
ContractGuard
Clause scoring · Risk · Legal HITL
Horizon 2 · WP-05
Depends on:HITL Framework (Portfolio) · Document AI · Gemini 1.5 Pro
RevRec ART
Revenue & Risk
RevRec AI
ASC 606 · SHAP · Finance HITL · SAP write
Horizon 2 · WP-05
FinRisk Sentinel (pillar-level)
Anomaly detection · Real-time alerts
Horizon 2 · WP-06
Depends on:XAI Layer (Portfolio) · HITL Framework (Portfolio) · SAP integration
Where This Solution Train Sits in the Portfolio
The Autonomous Enterprise Platform is the Portfolio. It runs four Solution Trains in parallel — Quote-to-Cash (this Solution Train), Procure-to-Pay, Finance Operations, and Supply Chain — plus the Platform-level shared enablers (Data Governance, HITL Framework, XAI Layer, GreenOps) that every Solution Train consumes but none of them owns. This page does not drill into the other three Solution Trains' own ARTs — each is documented in its own pillar's design portfolio.
PI Cadence — Aligned to TOGAF Phase F Migration Horizons
9 Programme Increments · 10 weeks per PI (8 delivery sprints + 1 Innovation & Planning sprint) · Total: ~90 weeks / 18 months · Aligns to H3 completion
PI-1
Foundation
PI-2
Compliance
PI-3
Core modules
PI-4
Asset + RevRec
PI-5
FinRisk + MLOps
PI-6
Sales Agent
PI-7
GreenOps
PI-8
Dashboard
PI-9
Cert. readiness
Horizon 1 — Foundation & Compliance (PI-1–2 · Wks 1–20)
Horizon 2 — Core Modules (PI-3–5 · Wks 21–50)
Horizon 3 — Full Solution Train (PI-6–9 · Wks 51–90)

§3 PI Planning Artifacts

PI Objectives & cross-ART dependency board.

These are the artifacts a Solution Train Architect produces at PI Planning — the PI Objectives committed to by each ART for the foundation horizons, and the cross-ART dependency board that makes integration blockers visible before they become integration failures. Both are notional at design phase; they become the live planning artifacts at the first PI event.

PI Objectives Summary — PI-1 & PI-2 (Horizon 1 · Foundation & Compliance)
PI-1 · PortfolioWeeks 1–10
GCP Foundation & Security Baseline
Terraform-provisioned GCP project operational — all resources reproducible from terraform apply
VPC-SC perimeter configured and validated — data residency enforced at infrastructure layer
CMEK key management provisioned — ClaraVis holds key custody, 90-day rotation configured
IAM + Workload Identity Federation live — no service account key files in any environment
Cloud Build CI/CD pipeline operational — all subsequent deployments gated through pipeline
BigQuery datasets provisioned: audit, features, ml — CMEK-encrypted, europe-west3
Pub/Sub topics created: asset-events, q2c-events, hitl-events — schema validation enabled
Stretch objective: Salesforce Developer Edition REST API integration demo-ready — Opportunity read/write validated against standard objects.
PI-2 · PortfolioWeeks 11–20
HITL Framework, XAI Layer & EU AI Act Compliance
Firestore-backed HITL state machine live — state machine contract published to all ARTs as shared interface
SHAP explanation pipeline operational — TreeExplainer/LinearExplainer per model type, written to BigQuery before downstream action
HITL Approval UI deployed — named approver queue, SHAP chart, confidence score, decision options with reason code
Model Cards completed for all 3 existing production models — versioned in Vertex AI Model Registry
XAI retrofitted on 3 existing models — SHAP explanations live, audit log entries verified
Unified asset telemetry ingestion pipeline live — all 6 regional systems publishing to Pub/Sub with validated schema
Stretch objective: EU AI Act Annex III compliance status dashboard showing green across all 3 retrofitted models — evidence package ready for Q2 2026 regulatory review.
PI-1 · Sales Agent ARTWeeks 1–10
Salesforce Integration & Architecture Runway Consumption
Salesforce Developer Edition integration operational — Opportunity, Quote, Contract objects mapped to canonical data model entities
ContractGuard agent skeleton deployed to Cloud Run — GCS document ingestion pipeline validated end-to-end
Clause taxonomy draft reviewed with General Counsel (S-07) — 200+ clause types confirmed against ClaraVis contract corpus
ADR-001 integration pattern validated in demo environment — REST API read/write demonstrated
Stretch objective: First end-to-end ContractGuard demo — contract uploaded, clauses classified, HITL queue populated — using the HITL Framework published at the Portfolio level in PI-2.
PI-2 · ContractGuard ARTWeeks 11–20
Clause Classification & Legal HITL Go-Live
Gemini 1.5 Pro clause classification live on full contract corpus — 200+ clause types, 1M token context window validated against ClaraVis's longest contracts
XGBoost risk-scoring model trained and versioned — Model Card complete, evaluation metrics documented
Legal HITL queue operational — named approver routing, SHAP-explained risk score, redline suggestion surfaced before any counter-proposal drafts
Vector Store populated with ClaraVis's prior contract precedents — similarity search validated against General Counsel's manual precedent lookups
Stretch objective: First end-to-end ContractGuard demo on a live ClaraVis contract — non-standard liability clause flagged, routed to Legal HITL, precedent surfaced, decision logged.
Cross-ART Dependency Board — PI-1 & PI-2
Features that one ART needs from another · Supplier · Consumer · Risk classification · PI Planning output
Feature neededSupplier ARTConsumer ART(s)Needed byRiskResolution / mitigation
HITL state machine contract
Platform · PI-2
PortfolioCommercial Financial OperationsStart of PI-3HighThe Portfolio commits to publishing the shared HITL interface contract by week 16 of PI-2. All ARTs in this Solution Train stub against the interface in PI-2 so they can build HITL integration in PI-3 without waiting for full implementation.
SHAP explanation pipeline
Platform · PI-2
PortfolioFinancial OperationsStart of PI-3HighXAI layer must be live before RevRec AI can produce compliant EU AI Act inferences. The Portfolio's PI-2 stretch objective covers initial integration — the RevRec ART validates against it in PI-3.
Pub/Sub topic schema
Platform · PI-1
PortfolioCommercial OperationsWeek 8 of PI-1MediumEvent schema for q2c-events must be published before this Solution Train's ARTs begin publishing. The Portfolio commits to schema publication at week 8. Changes after this point require an ADR amendment.
Salesforce REST API integration
Commercial · PI-1
Sales Agent ARTFinancial PlatformStart of PI-2MediumRevRec AI triggers on Salesforce contract signed event via Pub/Sub. The RevRec ART depends on the Sales Agent ART's Salesforce integration being live and publishing events before RevRec AI can be end-to-end tested.
Vertex AI Feature Store entities
Platform · PI-1
PortfolioFinancial OperationsStart of PI-3LowFeature Store entity definitions (Contract, Device, Transaction feature groups) must be provisioned before domain ART ML models can write or read features. Entity schemas agreed cross-ART at PI-1 Planning; provisioning in PI-1.

§4 Cross-cutting Enablers

Four enablers every ART depends on — owned by Platform.

Cross-cutting concerns that span multiple ARTs must be explicitly owned and explicitly governed. In the Quote-to-Cash Solution Train, these four enablers live in the Platform ART backlog and are released as shared capabilities before the dependent ARTs can build. This is what makes the Solution Train coherent rather than independent teams building in parallel and discovering integration problems at the end.

Enabler 01
HITL Framework
The Firestore-backed state machine that every agent uses for human oversight checkpoints. Defines the state machine contract, the presentation interface, the decision record schema, and the timeout and escalation behaviour. No agent can implement a HITL checkpoint without this enabler being available.
All ARTs depend on this
Sales Agent ARTContractGuard ARTRevRec ART
→ AR-02 · ADR-004 · EU AI Act Art. 14
Enabler 02
XAI Layer
The SHAP explanation pipeline that every ML model in the Autonomous Quote-to-Cash uses to produce human-readable feature attributions at inference time. Implements the explanation contract for each model, writes SHAP values to the BigQuery audit dataset before any downstream action executes, and generates the explanation object surfaced in the HITL UI.
ContractGuard + RevRec ARTs
ContractGuard ARTRevRec ARTSales Agent ART
→ AR-01 · ADR-005 · EU AI Act Art. 13
Enabler 03
Data Fabric
The BigQuery data fabric, Pub/Sub event bus, and Vertex AI Feature Store that all modules share. Defines the canonical schema for the six shared entities (Contract, Transaction, Device, Asset Event, Agent Action, HITL Event), the event topic structure, and the feature store entity definitions. The shared data model that makes cross-module intelligence possible.
All ARTs depend on this
All ARTsAll Modules
→ AR-11 · ADR-006 · Phase C · Integration Catalog
Enabler 04
Security & Compliance
VPC-SC perimeter, CMEK key management, IAM policy baseline, and Workload Identity Federation configuration. Provisioned via Terraform before any other ART begins building. No module deploys to production without the security baseline in place. Includes the Organisation Policy constraints that enforce data residency at the infrastructure layer.
All ARTs — pre-condition for build
Portfolio — H1 · WP-01
→ P-06 · P-11 · AR-06 · AR-07
Product Design Layer — Personas · User Journey · FRD · HITL Specification

§5 Buyer Personas

Five personas. The same people as the stakeholders — described as users.

The stakeholder register on Page 02 captured who has sign-off authority. These persona cards capture who actually uses the Autonomous Quote-to-Cash day-to-day — their goals, frustrations, and what success looks like for them. Every user story in the FRD is written for one of these five people.

EA · S-08
The Architect
Enterprise Architect · IT & Digital Transformation
"I need to know that every design decision has a documented reason — and that I can trace any running component back to an architecture artifact."
Goals
Maintain a coherent architecture across Salesforce, SAP, and the Autonomous Quote-to-Cash without creating a third system of record
Ensure every GCP resource is provisioned via Terraform — no manual console state
Have a complete ADR index available for every architectural review
Frustrations
Architecture decisions made verbally in sprint planning meetings with no documentation
Integration point failures discovered at system test, not at design time
Compliance audits that require manual reconstruction of infrastructure state
Success with the Autonomous Quote-to-Cash
Every ADR is linked from the Architecture Explorer on the portfolio site — accessible in seconds during a review
terraform plan produces a complete infrastructure diff — no undocumented state
The TOGAF Phase D diagrams on Page 03 answer every integration question before it is asked
Architecture ExplorerADR IndexLayer 04 InfraTOGAF Page 03
CO · S-02
The Compliance Officer
Chief Compliance Officer · Legal & Regulatory
"When an auditor asks me to show them the reasoning behind a revenue recognition decision made last March, I need that answer in under five minutes — not five days."
Goals
Bring all three production ML models into EU AI Act Annex III compliance before the Q2 2026 review
Demonstrate a documented human oversight mechanism for every high-risk AI decision
Produce a complete audit trail for any AI-informed decision on demand
Frustrations
Production ML models with no explanation capability — a legal liability the team has been avoiding addressing
Human review happening informally via email with no timestamped record
Compliance audits that require a week of manual evidence gathering
Success with the Autonomous Quote-to-Cash
A BigQuery query returns the complete SHAP explanation and HITL approval record for any inference in under 30 seconds
The EU AI Act compliance dashboard shows green status across all active models
The next regulatory review uses the audit trail as the evidence package — no manual reconstruction
XAI Explanation ViewerHITL Audit DashboardRevRec AIContractGuard
FC · S-03
The Finance Controller
Head of Revenue Accounting · Finance · reports to CFO
"I'll approve the ML classification — but I need to see exactly which contract terms drove that decision before I let it post to the GL."
Goals
Review and approve every ASC 606 classification with full feature attribution before it posts to SAP
Reduce month-end close from 12 days by eliminating manual classification bottlenecks
Maintain a complete, immutable record of every revenue recognition decision and the human approval that preceded it
Frustrations
Manual classification of every MRI transaction — error-prone and time-consuming at quarter-end
No visibility into which contract terms are driving recognition decisions — the model is a black box
Revenue restatements caused by incorrect upfront classification discovered post-close
Success with the Autonomous Quote-to-Cash
Every classification arrives in the HITL queue with the top 5 contract features highlighted and a confidence score — the approval takes 90 seconds, not 90 minutes
Month-end close accelerated because classifications are done continuously, not in batch at period end
Override decisions are recorded with a mandatory reason code — creating a feedback dataset for model improvement
RevRec AIHITL Approval UIXAI ViewerFinRisk Sentinel
AE · S-04
The Account Executive
Senior Account Executive · Global Sales · reports to VP Sales
"By the time our quote reaches the hospital's procurement committee, the competitor has already been evaluated. I need the first response to be same-day."
Goals
Receive a complete briefing document from the CCAI agent before entering any commercial conversation — qualification done, configuration validated, pricing estimated
Close the time-to-first-response gap that currently costs deals to competitors with faster processes
Know exactly when the agent has reached its autonomy boundary and why it is handing off
Frustrations
Spending the first three calls on qualification and configuration questions that a well-designed system could handle automatically
No visibility into where an inbound inquiry is in the qualification pipeline until it lands in their Salesforce queue
CPQ configurations that require Applications Engineering review before pricing — a 5-day delay that kills deal momentum
Success with the Autonomous Quote-to-Cash
The escalation notification from the CCAI agent includes a complete deal brief — hospital profile, clinical requirements, suggested configuration, estimated price range, and the conversation transcript
Configuration validation is done by the agent before escalation — the AE enters the conversation knowing the BOM is clean
The Salesforce Opportunity is already created and staged correctly when the AE first touches it
CCAI Sales AgentSalesforce IntegrationContractGuard
FS · S-06
The Field Service Manager
Regional Field Service Manager · Operations · reports to VP Field Service
"A failed MRI scanner in a hospital is a patient care emergency and a €180K dispatch. I need 72 hours of warning — not a phone call at 2am."
Goals
Receive predictive maintenance alerts with enough lead time to schedule planned interventions — not emergency dispatches
Understand which sensor features are driving a failure prediction before committing a field engineer to a site visit
Have a unified view of all units in their region — not six different regional system logins
Frustrations
Reactive maintenance that costs 3.2× more than planned interventions — and disrupts hospital operations
No cross-regional visibility — a failure pattern appearing in EMEA-North units has already appeared in APAC units but the two systems never talk
Warranty reserve that covers worst-case scenarios because failure probability cannot be modelled
Success with the Autonomous Quote-to-Cash
Asset IQ surfaces a RUL alert for a Munich hospital unit 96 hours before the predicted failure window — with the top 3 sensor features and a confidence score — enough time to schedule a planned intervention
A pattern detected across 14 units in three regions is surfaced as a fleet-level anomaly in the Asset IQ dashboard before it becomes a recall conversation
Every maintenance work order created by the system has a SHAP explanation attached — the Field Engineer knows why they are there before they arrive
Asset IQHITL Approval UIXAI ViewerStrategy Dashboard

§6 User Journey

One deal. Five personas. End to end.

An MRI deal for ClaraVis — from first hospital inquiry to revenue posted in SAP. Five journey stages. Every persona's touchpoint at each stage. The module handling it. The HITL checkpoint where human judgment is required.

Figure 2
End-to-End Journey — MRI-7T Sale to University Hospital Munich
Persona01 · Inquiry & Qualification02 · Config & CPQ03 · Contract & Legal04 · Revenue Recognition05 · Field & Post-Sale
Account Executive Receives briefing from CCAI Agent after turn 11 escalation Reviews validated CPQ configuration, Agent-prepared Commercial terms negotiation — human judgment required
General Counsel HITL CheckpointHITL — reviews flagged clauses, approves / escalates
Finance Controller HITL CheckpointHITL — reviews ASC 606 classification + SHAP explanation
Field Service Manager Receives asset onboarding — RUL baseline established, DHR record created
Module at this stage CCAI Sales Agent Config Agent + CPQ ContractGuard RevRec AI Asset IQ + Dashboard
Sentiment arc Frustrated Responsive Reviewing Approved Proactive
Immutable audit trail written to Firestore + BigQuery at every stage transition — full journey queryable on demand.

§7 Functional Requirements

Eight user stories. Each traceable to architecture.

Every user story maps to a Page 02 requirement, a Page 03 ADR, an EU AI Act obligation, a Work Package from Page 03 Phase F, and a HITL or XAI specification. These are the handover documents from the architecture engagement to the development teams — precise enough to build from, not so prescriptive they constrain implementation choices.

FRD-01
CCAI Sales Agent
As an Account Executive, I need the CCAI agent to qualify, configure, and price an inbound MRI inquiry autonomously through the first eleven conversation turns, so that when the deal escalates to me it comes with a complete briefing document and a validated CPQ configuration.
Acceptance Criteria
Agent handles qualification (budget, authority, need, timeline) without human intervention for turns 1–8
BOM validation runs against the product catalogue before any pricing estimate is given
Escalation triggers a Salesforce Opportunity creation and a briefing document generation in parallel
The briefing document contains: hospital profile, clinical requirements, suggested SKUs, estimated price range, and full conversation transcript
Escalation state transition is logged immutably in Firestore before the notification is sent
Source Req.BR-07 · BR-01
ADR ReferenceADR-001 (SFDC)
EU AI ActLimited risk · Art. 52
ARTSales Agent ART · H3
Work Package: WP-08 — CCAI Sales Agent, GreenOps & Strategy Dashboard · Horizon 3 · Depends on WP-04, WP-05, WP-06, WP-07
HITL: Turn 11 escalation is a designed HITL state transition. Agent pauses, generates briefing document, notifies the Account Executive. No further autonomous action until AE confirms engagement.
FRD-02
ContractGuard
As the General Counsel, I need ContractGuard to analyse every inbound contract at clause level, score non-standard terms against a risk model, and present flagged clauses with precedent references before I am asked to review, so that my review time is spent on judgment — not extraction.
Acceptance Criteria
Full contract ingested via GCS → Document AI pipeline within 30 minutes of upload
Every clause classified against 200+ clause type taxonomy
Non-standard clauses (risk score above threshold) surfaced in HITL queue with: clause text, risk score, top 3 precedent contracts, draft counter-position
HITL queue shows approve / request revision / escalate to external counsel — each with mandatory reason code
Complete clause-level analysis and HITL decision record written to audit log before any counter-proposal is drafted
Source Req.BR-05 · AR-02
ADR ReferenceADR-005 (SHAP)
EU AI ActHigh risk · Annex III
ARTContractGuard ART · H2
Work Package: WP-05 — ContractGuard & RevRec AI Modules · Horizon 2 · Depends on WP-03 (HITL Framework)
HITL: Every clause with risk score above configured threshold routes to Legal HITL state. Agent waits. 24-hour timeout triggers escalation to General Counsel's manager. No counter-proposal generated without HITL approval on record.
XAI: Risk score explanation shows top features driving the classification: clause length deviation, liability cap ratio vs contract value, governing law mismatch, indemnification asymmetry.
FRD-03
RevRec AI
As the Finance Controller, I need every MRI transaction to be classified under ASC 606 by the ML model with a full SHAP explanation, and to route through my approval queue before posting to SAP, so that every GL entry has both an ML basis and a documented human approval.
Acceptance Criteria
Classification produced within 5 minutes of Salesforce contract signed event via Pub/Sub trigger
SHAP explanation identifies top 5 contract features with directional effect on the classification
HITL queue presents: classification result, confidence score, SHAP chart, similar historical transactions, and one-click approve / override with reason code
SAP GL write executes only after HITL approval record is committed to Firestore
Performance obligation tags written to Transaction entity at classification time — not retrospectively at period end
Source Req.BR-04 · AR-08
ADR ReferenceADR-005 · ADR-006
EU AI ActHigh risk · Annex III
ARTRevRec ART · H2
Work Package: WP-05 — ContractGuard & RevRec AI Modules · Horizon 2 · Depends on WP-03 (HITL + XAI), WP-04 (Salesforce events)
HITL: All classifications route to Finance Controller HITL — no exceptions. 4-hour SLA. Timeout escalates to CFO. Override creates a labelled training example for the next model version.
XAI: SHAP values computed at inference time using TreeExplainer or LinearExplainer per model type. Written to BigQuery shap_explanations table with transaction_id FK before any downstream action.
FRD-04
Asset IQ
As the Field Service Manager, I need Asset IQ to predict unit failures with enough lead time to schedule planned interventions, and to explain which sensor readings drove the prediction, so that I can make an informed dispatch decision rather than reacting to failures.
Acceptance Criteria
All 6 regional telemetry systems publish to a unified Pub/Sub topic with validated common schema within Horizon 1
RUL model produces a prediction and confidence score for every active unit on a configurable cadence (default: daily)
Predictions below confidence threshold route to FSM HITL queue — agent does not create work orders below threshold without human confirmation
SHAP explanation identifies top 3 sensor features driving the RUL prediction for every alert
Fleet-level anomaly detection surfaces cross-regional patterns — not just unit-level signals
Source Req.BR-03 · AR-11
ADR ReferenceADR-006 (Pub/Sub)
EU AI ActHigh risk · Annex III
ARTPortfolio dependency · H2
Work Package: WP-06 — Asset IQ & FinRisk Sentinel · Horizon 2 · Depends on WP-03 (HITL + XAI), WP-04 (telemetry pipeline)
HITL: Work orders above confidence threshold created autonomously. Below threshold: FSM HITL queue with prediction, confidence score, and SHAP sensor attribution. FSM approves, rejects, or requests on-site verification.
XAI: SHAP values computed over sensor time-series features. Top features presented as: feature name, current value, baseline value, directional contribution to RUL reduction.
FRD-05
FinRisk Sentinel
As the Finance Controller, I need FinRisk Sentinel to monitor the financial event stream in real time and surface anomalies — unusual payment patterns, revenue posting discrepancies, warranty reserve movements — with context before they compound into material issues.
Acceptance Criteria
Streaming anomaly detection operates on BigQuery financial event stream with sub-5-minute latency
Every anomaly alert includes: event type, magnitude, Z-score vs 90-day baseline, affected entity, and recommended action
High-severity anomalies (above configured threshold) route to CFO + Finance Controller HITL simultaneously
SHAP explanation available for every anomaly score above the alert threshold
False positive feedback from HITL decisions feeds back into the anomaly detection model baseline
Source Req.BR-01 · AR-01
ADR ReferenceADR-005 · ADR-006
EU AI ActHigh risk · Annex III
ARTRevRec ART · H2
Work Package: WP-06 — Asset IQ & FinRisk Sentinel · Horizon 2 · Depends on WP-03 (XAI layer), WP-02 (BigQuery event stream)
HITL: High-severity anomalies pause automatic escalation and route to Finance HITL. Controller can acknowledge, investigate, or escalate to CFO. All decisions logged immutably.
FRD-06
GreenOps Platform
As the CTO, I need GreenOps to schedule compute-intensive workloads to align with low-carbon electricity grid windows and produce auditable ESG metrics for EU CSRD reporting, so that the platform itself contributes to ClaraVis's sustainability commitments.
Acceptance Criteria
Carbon intensity data from GCP's Carbon Footprint API feeds scheduling decisions for batch ML training jobs
Carbon savings per workload calculated and written to ESG metrics dataset in BigQuery
Monthly ESG report generated automatically — Scope 3 emissions for cloud operations, carbon savings from scheduling, and year-on-year trend
All metrics tagged with the GCP resource label taxonomy for FinOps and ESG cross-referencing
Source Req.BR-08 (CTO)
ADR ReferenceP-12 (FinOps)
EU AI ActMinimal risk
ARTPortfolio dependency · H3
Work Package: WP-08 — CCAI Sales Agent, GreenOps & Strategy Dashboard · Horizon 3 · Depends on all core module WPs
FRD-07
Data Governance
As the Enterprise Architect, I need every data record entering the data fabric to be validated against the canonical schema, lineage-tagged with its source system, and quality-scored before it reaches any ML model, so that model predictions are never based on undocumented or unvalidated data.
Acceptance Criteria
Schema validation runs on every Pub/Sub message before it is written to BigQuery — malformed records are quarantined, not dropped
Every record carries a lineage tag: source system, ingestion timestamp, schema version, and quality score
Quality score below configured threshold triggers a data steward alert — records below threshold are excluded from ML feature pipelines until reviewed
Data lineage is queryable via BigQuery — trace any feature value back to its source event
Source Req.AR-11 · AR-12
ADR ReferenceADR-006
EU AI ActMinimal risk
ARTPortfolio dependency · H1
Work Package: WP-02 — Data Fabric & Event Bus · Horizon 1 · Depends on WP-01 (GCP Foundation)
FRD-08
Strategy Dashboard
As the CTO and CFO, I need a single real-time dashboard that unifies pipeline health, fleet status, revenue recognition posture, and EU AI Act compliance status, so that the executive team can make informed decisions without pulling data from four separate systems.
Acceptance Criteria
Dashboard powered by a single BigQuery dataset that aggregates from all 8 modules — no module-specific logins required
EU AI Act compliance status shows green / amber / red per model — based on HITL checkpoint completion rate and SHAP explanation coverage
Pipeline health panel pulls directly from Salesforce via Pub/Sub integration — reflects real-time Opportunity stage distribution
Fleet status panel shows RUL distribution across all active units — colour-coded by risk tier
Dashboard data refreshes on a configurable cadence — default 15 minutes for operational panels, daily for financial panels
Source Req.BR-08 · BR-02
ADR ReferenceADR-006
EU AI ActMinimal risk
ARTPortfolio dependency · H3
Work Package: WP-08 — CCAI Sales Agent, GreenOps & Strategy Dashboard · Horizon 3 · Depends on all core module WPs live

§8 HITL Specification

Eleven checkpoints. Every one specified.

The complete HITL specification for the Autonomous Quote-to-Cash — the artifact that satisfies EU AI Act Article 14 documentation requirements. Every checkpoint with its trigger condition, the agent action that precedes it, what the human reviewer sees, their decision options, the SLA, and the audit record format. This table is the contract between the architecture and the EU AI Act compliance team.

IDModuleTrigger ConditionWhat Human SeesDecision OptionsSLATimeout Action
HITL-01CCAI Sales AgentTurn 11 reached OR commercial terms enteredDeal brief: hospital profile, clinical requirements, validated configuration, estimated price range, conversation transcript
Engage dealReturn to agent
4 hoursEscalate to VP Sales
HITL-02ContractGuardClause risk score above Legal threshold (configurable)Clause text, risk score, top 3 similar precedent contracts, draft counter-position, SHAP feature attribution
Approve as-isRequest revisionExternal counsel
24 hoursEscalate to GC's manager
HITL-03ContractGuardGoverning law non-standard for ClaraVis jurisdictionGoverning law clause, jurisdiction risk summary, ClaraVis standard terms comparison
AcceptCounter-proposeLegal review
48 hoursPause contract progression
HITL-04RevRec AIAll ASC 606 classifications — no threshold exceptionClassification result, confidence score, SHAP chart (top 5 features), 3 similar historical transactions, one-click approve or override
Approve → SAPOverride + reason
4 hoursEscalate to CFO
HITL-05RevRec AIMulti-element arrangement detected — split requiredProposed performance obligation split, ASC 606 rule applied, SSP references, contract line items
Approve splitManual split
8 hoursEscalate to CFO
HITL-06Asset IQRUL prediction confidence below configured thresholdUnit ID, predicted failure window, confidence score, top 3 SHAP sensor features, current sensor readings vs baseline
Schedule maintenanceDismiss with reasonOn-site verify
8 hoursAuto-schedule preventive
HITL-07Asset IQFleet-level anomaly detected (cross-regional pattern)Affected units, pattern description, region distribution, severity score, recommended fleet action
Fleet alertIsolated incidentsRecall review
2 hoursAuto-escalate to VP Field
HITL-08FinRisk SentinelAnomaly score above high-severity thresholdEvent type, magnitude, Z-score vs 90-day baseline, affected entity, SHAP explanation, recommended action
Acknowledge + actFalse positiveCFO escalation
1 hourAuto-escalate CFO + audit
HITL-09RevRec AIModel confidence below minimum threshold (any classification)Transaction detail, model confidence score, reason for low confidence, request for manual classification
Manual classifySenior review
4 hoursHold transaction, alert CFO
HITL-10ML PlatformDrift detected above threshold — retraining triggeredDrift metric, baseline vs current distribution, proposed retraining scope, estimated timeline, Model Card diff
Approve retrainHold and investigateML Engineer review
24 hoursHold model in production
HITL-11ML PlatformNew model version ready for production promotionModel Card diff (previous vs new), evaluation metrics comparison, bias analysis results, SHAP baseline comparison
Promote to prodReturn to staging
48 hoursModel stays in staging
EU AI Act Article 14 — Human Oversight Compliance Statement
This HITL specification satisfies EU AI Act Article 14 by defining: (1) the specific conditions under which human oversight is triggered for each high-risk AI system, (2) the information presented to the human reviewer at each checkpoint, (3) the decision options available and the action each triggers, (4) the SLA and escalation path, and (5) the immutable audit record format written to Firestore before any agent proceeds. All eleven checkpoints are implemented as first-class state machine nodes — not process notes or informal review steps.

§9 Next in the Portfolio

Product design complete. Agent design follows.

The FRD and HITL specification on this page are the inputs to the Agent Swarm Architecture. Page 05 takes every HITL checkpoint above and expresses it as a formal state machine node in the ADK agent definition — the technical design that implements what was specified here.