We’ve been building agentic AI for manufacturing ERPs and quickly realized the biggest hurdle isn't model reasoning—it's the "Write-Access" problem.
Most "agentic" demos today are just fancy read-only RAG. But in a factory, an agent is only useful if it can actually do something: reschedule a work order, update a reorder point, or flag a non-conformance. The moment you give an LLM write-access to a production database, you face a massive safety and trust gap.
We built an "Action Layer" to sit between the LLM and the ERP. It uses a three-tier approval model and a deterministic "Action Gateway" that validates every intent against hardcoded business rules before execution.
I'm curious how others here are handling:
State Drift: How do you validate that ERP conditions haven't changed between the LLM's "thought" (T0) and the Gateway's "execution" (T1)?
Idempotency: Ensuring a hallucinated re-try doesn't result in double-ordering or duplicate transactions.
Auditability: We started logging the model's reasoning string alongside the data diff. For those in regulated industries (FDA/ISO), is that enough to satisfy a human auditor?
Happy to dive into our JSON rule schema or the static analysis we’re doing on action primitives.
We’ve been building agentic AI for manufacturing ERPs and quickly realized the biggest hurdle isn't model reasoning—it's the "Write-Access" problem.
Most "agentic" demos today are just fancy read-only RAG. But in a factory, an agent is only useful if it can actually do something: reschedule a work order, update a reorder point, or flag a non-conformance. The moment you give an LLM write-access to a production database, you face a massive safety and trust gap.
We built an "Action Layer" to sit between the LLM and the ERP. It uses a three-tier approval model and a deterministic "Action Gateway" that validates every intent against hardcoded business rules before execution.
I'm curious how others here are handling:
State Drift: How do you validate that ERP conditions haven't changed between the LLM's "thought" (T0) and the Gateway's "execution" (T1)?
Idempotency: Ensuring a hallucinated re-try doesn't result in double-ordering or duplicate transactions.
Auditability: We started logging the model's reasoning string alongside the data diff. For those in regulated industries (FDA/ISO), is that enough to satisfy a human auditor?
Happy to dive into our JSON rule schema or the static analysis we’re doing on action primitives.
[dead]