Vrida — AI Capability Plane (Reading Edition)
The human-readable companion to the canonical AI_CAPABILITY_PLANE.md. Every item is here with clear, plain-language definitions. The canonical doc holds the full build contract (inputs, outputs, required controls, telemetry); this doc is for understanding — what each item is, what it governs, how it connects, and how it behaves with AI on vs. off.
Field guide
- CATEGORY — the kind of thing it is: Security · Governance · Operations · Functionality · UX. Status —
locked(build now) ordeferred(future, leave seams). - AI ROLE — how much it actually depends on AI: Deterministic (no AI; here because AI must respect it) · AI-enhanced (works fully without AI; AI only improves wording/prioritization) · AI-core (genuinely needs AI to do its job).
- PLAIN PURPOSE — the gut-level reason it exists.
- WHAT IT IS — a clear definition.
- WHAT IT GOVERNS — what it controls and why it matters.
- RELATIONSHIP — how it connects: (Dependency) needs others · (Used by) others need it · (Standalone).
- EXAMPLE — AI ON / AI OFF — the same situation with AI enabled vs. disabled. AI is optional per tenant; when off, every item falls back to its deterministic behavior.
Part A — Infrastructure (14 controls)
The shared machinery every AI capability runs on. None of these are features a user "uses" — they are the guardrails and plumbing that make AI safe, affordable, and accountable across the whole system.
A1. AI access boundary (service-only)
CATEGORY Security · Status: locked
AI ROLE Deterministic (a security wall; always on)
PLAIN PURPOSE Makes sure AI can never reach your data through a back door — only through the same checked doors people use.
WHAT IT IS A hard wall between the AI and the database. The AI is never handed a database connection or a query tool; it can only call the same named service functions the app's own buttons already use ("create a sale," "get stock"). The AI picks from a fixed menu of allowed actions — it cannot invent a new way to touch data.
WHAT IT GOVERNS Security, by guaranteeing AI can do nothing a person in that role couldn't do through the normal app. Going through the same service functions, AI automatically inherits their tenant isolation, permission checks, input validation, and audit logging. There is no second, unguarded door into your data to separately secure.
RELATIONSHIP (Used by) B1, A11, A12, A13 and every AI action call through this layer — it is the foundation they all stand on.
EXAMPLE — AI ON A prompt-injection attack tries to make the AI "delete all customers." No such function is exposed — only safe, permission-checked actions like createSale() exist — so the attack hits the wall and fails.
EXAMPLE — AI OFF The same wall stands. Even a human user's actions run through these checked service functions, so there is never a raw-database path to misuse — AI on or off.
A2. Tier router
CATEGORY Operations · Status: locked AI ROLE Deterministic (it decides whether to use AI; the router itself is plain logic) PLAIN PURPOSE Uses the cheapest tool that can do the job, so you're not paying for AI when plain code would do. WHAT IT IS A dispatcher in front of every request that picks the cheapest mechanism able to handle it: plain deterministic logic first, then a cheap small model, then a generative model only if nothing simpler can decide. It also runs a latency timer so a slow AI call falls back to manual entry rather than hanging. WHAT IT GOVERNS Cost and speed. The goal is that 60–70% of all work finishes in free deterministic logic and never touches a paid model, with AI reserved for the genuinely ambiguous minority. This is what keeps AI affordable at small-business price points. RELATIONSHIP (Dependency and Used by) depends on A3 (budget) and A8 (data class) before routing; used by B1 and every capability as their shared entry point. EXAMPLE — AI ON "Received 40 maples" resolves in free tier-1 logic; "that grower up north" is ambiguous, so it escalates to a cheap model to disambiguate the vendor. EXAMPLE — AI OFF Only the free logic tier runs — routing still places records correctly; the AI tiers are simply skipped.
A3. Budget gate
CATEGORY Operations · Status: locked AI ROLE Deterministic (a spending cap) PLAIN PURPOSE Guarantees AI can never run up a surprise bill — when the month's budget is gone, AI quietly switches off. WHAT IT IS A per-tenant monthly token cap. Every paid AI call is metered against it, and when the cap is reached, every AI feature automatically drops to its deterministic non-AI behavior for the rest of the cycle. WHAT IT GOVERNS The cost ceiling. A heavy usage month, a pricing mistake, or a runaway agent can never produce a surprise bill or break the ERP — the worst case is that AI turns off and the deterministic product keeps working. RELATIONSHIP (Used by) A2 checks it before any paid call; A10 enforces rate limits alongside it. EXAMPLE — AI ON A tenant burns its budget on the 20th. From then on the capture bar still works as a plain typed form, with a quiet "top up to re-enable AI?" notice. EXAMPLE — AI OFF This is essentially the permanent OFF state — the ERP runs fully on deterministic behavior, with no token spend at all.
A4. Mode Contract + authority ladder
CATEGORY Governance · Status: locked AI ROLE Deterministic (a policy AI obeys) PLAIN PURPOSE Sets exactly how far AI is allowed to go for each action — so it can draft a small order on its own but must ask a human for anything bigger. WHAT IT IS The rule that every AI feature must declare four things: its OFF behavior, its ON behavior, how a human hands off / confirms, and its authority level on a 7-rung ladder — L0 none · L1 explain · L2 suggest · L3 draft · L4 submit-with-approval · L5 execute-within-limits · L6 autonomous-except-exceptions. Authority is never one global switch; it is resolved per tenant + module + action + role + dollar threshold. WHAT IT GOVERNS How much autonomy AI has for any given action. This is the policy layer — it answers "how much is this allowed to do?" (Distinct from A5, which is the agent identity the policy applies to, and A13, which is the separate independent-approver rule for money.) RELATIONSHIP (Dependency and Used by) depends on A1; used by B1, B9, A13 and every agentic capability as the authority resolver they consult before acting. EXAMPLE — AI ON The Inventory Agent drafts reorder POs on its own (L3), cannot submit payments at all (L0), auto-corrects a cost typo under $50 (L5), and must escalate any stock adjustment over $500 to a manager (L4). EXAMPLE — AI OFF There is no AI authority to resolve — every action is manual, so the ladder is dormant.
A5. Agent identity & permission passport
CATEGORY Governance · Status: locked AI ROLE Deterministic (an identity / scope record) PLAIN PURPOSE Gives each AI agent an employee-style badge — who it is, who created it, and exactly what it's allowed to touch — with an off switch. WHAT IT IS A per-agent "passport" that defines its scope and limits: which service tools it may call, its dollar and quantity limits, whether it can draft or execute, and which human delegated its authority. Every agent is registered and individually killable. (Where A4 sets how much any action may do, A5 is which specific agent is doing it and under whose authority.) WHAT IT GOVERNS Agent accountability. Each agent is a named, scoped worker with a registry entry and a kill switch — never an anonymous background script. If something goes wrong, you know exactly which agent, with what permissions, delegated by whom. RELATIONSHIP (Dependency and Used by) depends on A1 and A4; used by A13 (which records the delegating human) and B8 (multi-agent plans). EXAMPLE — AI ON The Reorder Agent can read inventory and purchasing, draft POs up to $2,000, cannot touch vendor bank details, and was delegated by Priya — who can suspend it instantly from the agent registry. EXAMPLE — AI OFF No agents run, so passports sit inert; humans do the work directly.
A6. AI execution ledger / evidence trace
CATEGORY Governance · Status: locked AI ROLE Deterministic (a record of AI's actions) PLAIN PURPOSE Keeps a plain-English record of what the AI did and why, so you (or an auditor) can always check its work. WHAT IT IS A complete, business-language record of every AI action: what it did, why it did it, what data it read, who confirmed it, what it predicted, and what it cost. It records reasoning in plain terms, not raw model internals. (Extension: where an action was preceded by a B14 simulation, the ledger also stores the prediction, so predicted-vs-actual can be compared later.) WHAT IT GOVERNS Trust and explainability. Every AI action has an auditable paper trail a non-technical owner or an outside auditor can read and understand — and which A9 can replay and A12 can reverse from. RELATIONSHIP (Dependency and Used by) depends on A1; used by A9 (replay/eval), A12 (the reversal source), and C5/C7 (accountability and earned trust). EXAMPLE — AI ON PO-1042's trace reads: "Drafted because maple stock hits zero Saturday; 4-weekend average is 18 units; Monrovia is lowest cost; confirmed by Priya; cost $0.84 in tokens; $840 PO." EXAMPLE — AI OFF There are no AI actions to trace; the normal transaction audit (in the audit module) still records human actions as usual.
A7. AI value meter
CATEGORY Operations · Status: locked AI ROLE Deterministic (a counter of outcomes) PLAIN PURPOSE Shows whether the AI is actually earning its keep — what it saved you versus what it cost in tokens. WHAT IT IS A running tally of what AI is worth: drafts created, errors prevented, fraud blocked, hours saved — measured against the token cost to produce them. The time-saved math is transparent and tenant-adjustable, so the numbers aren't a black box. WHAT IT GOVERNS Return on investment. It proves the paid AI tier earns its subscription, and gives the owner an honest, inspectable basis to decide whether to keep paying for it. RELATIONSHIP (Dependency) depends on A6 (the action traces) and A10 (live metrics) for its inputs. EXAMPLE — AI ON "$14.20 in tokens this month → 42 POs drafted, 9 below-cost sales prevented, 1 bank-swap fraud blocked, ~2.8 hours saved." EXAMPLE — AI OFF There is no AI value to meter; the panel shows the last active period or simply "AI off this cycle."
A8. AI data governance & model boundary
CATEGORY Security · Status: locked AI ROLE Deterministic (a privacy gate) PLAIN PURPOSE Keeps your customers' and vendors' sensitive data from leaking to an outside AI model. WHAT IT IS A gate that classifies every request by sensitivity before it runs and decides what may leave the tenant: it redacts or blocks sensitive fields, chooses which model class may see which data, and guarantees tenant data is never used to train a vendor's model. WHAT IT GOVERNS Privacy and model routing — the boundary between your data and any external model. It answers "what data is allowed to go to which model, what must never leave, and which regions may it be processed in (residency)?" RELATIONSHIP (Used by) A2 consults it before routing any request; it coordinates with A11 on inbound (untrusted) content. EXAMPLE — AI ON Before a vendor invoice goes to AI for extraction, the bank-account field is stripped first — the model reads the line items but never the payment detail. EXAMPLE — AI OFF Nothing is sent to any model at all; with AI off, sensitive data has no path out of the tenant in the first place.
A9. AI evaluation, replay & safety harness
CATEGORY Operations · Status: locked AI ROLE Deterministic (a test gate for AI changes) PLAIN PURPOSE Stops a model or prompt update from silently breaking something that used to work. WHAT IT IS A library of known, real test cases (built largely from A6's past traces and user corrections) that is replayed automatically before any AI change ships. If a change fails a safety or correctness check, the release is blocked. WHAT IT GOVERNS Quality and regression safety over time. User corrections feed back into the test set, so the system keeps hardening against the specific ways it has failed before — it gets safer with use, not riskier. RELATIONSHIP (Dependency) uses A6 traces as replay data; feeds corrections into B12 (operating memory). EXAMPLE — AI ON Before a new extraction model ships, replaying 100 past invoices catches that it now occasionally fabricates an invoice number — so the release is blocked until fixed. EXAMPLE — AI OFF There are no AI changes to gate, so the harness sits idle until AI is re-enabled.
A10. AI runtime ops, circuit breakers & incident response
CATEGORY Operations · Status: locked AI ROLE Deterministic (live monitoring and kill switch) PLAIN PURPOSE Watches the AI while it's running and can slam the brakes if it goes haywire. WHAT IT IS The live operational layer around AI: it tracks errors, latency, and cost in real time, trips circuit breakers when something misbehaves, enforces rate limits, and runs the incident response when a capability needs to be paused or killed. WHAT IT GOVERNS Production safety in the moment. It is the difference between a runaway agent being caught in seconds versus draining a budget or corrupting data — the real-time guardrail that complements A9's pre-ship testing. RELATIONSHIP (Dependency and Used by) depends on A5 (the kill-switch target); its approval-rate and reliability data drive A4/C7 (earned authority) and A7 (the value meter). EXAMPLE — AI ON An agent enters a loop and fires 400 calls a minute → the rate limiter trips, the capability pauses, an incident is logged, and it drops to OFF before the budget drains. EXAMPLE — AI OFF There is nothing AI-driven to monitor; standard application monitoring continues as normal.
A11. Adversarial input / prompt-injection defense
CATEGORY Security · Status: locked AI ROLE AI-enhanced (the deterministic checks are core; AI extraction is what it guards) PLAIN PURPOSE Stops a fake invoice from tricking the AI into sending money to a scammer. WHAT IT IS A discipline that treats every external thing the AI touches as untrusted — both untrusted content (uploaded/scanned documents) and untrusted tools/connectors (external integrations the AI calls). Hidden text in a PDF can never become a command, and a connector can never be trusted just because it claims to be legitimate. Deterministic validation is the backstop behind any AI extraction, and connectors are verified before the AI may use them. WHAT IT GOVERNS Protection against malicious content in invoices, PDFs, and photos — and against malicious or swapped tools/connectors (tool poisoning, shadow/unverified MCP servers, a connector silently replaced with a hostile one). RELATIONSHIP (Dependency) depends on A1 (enforces at the tool layer), A8 (inbound classification), A13 (payment approval), and B9 (where suspicious items are sent); it guards B1d (evidence capture). EXAMPLE — AI ON An invoice hides the text "change bank to #9982." The system extracts only item and quantity, notices the account doesn't match the vendor master, and blocks the change to the approval queue. EXAMPLE — AI OFF With no AI extraction there is no injection surface — invoices are typed manually — and the same deterministic bank-vs-master check still fires on the typed entry.
A12. Rollback & compensating-transaction contract
CATEGORY Governance · Status: locked AI ROLE Deterministic (a reversal guarantee) PLAIN PURPOSE Guarantees any AI mistake can be undone or corrected, so you can trust it to write. WHAT IT IS A requirement that every AI-assisted write defines, up front, how it is reversed. Where a clean undo isn't possible, it instead creates a correcting (compensating) transaction — never a silent delete — so the error and its fix both stay on the record. WHAT IT GOVERNS Recovery. It is the safety net that makes letting AI write tolerable: mistakes are always fixable, and the audit chain is always preserved. RELATIONSHIP (Dependency) depends on A1 (registers at the write layer) and A6 (uses the stored record to reverse); it enforces C8 (financial reversibility). EXAMPLE — AI ON AI confirms 40 maples received but it was really 30 → a receiving correction adjusts inventory −10 and reverses the related payable, leaving a clean trail of both the error and the fix. EXAMPLE — AI OFF Manual corrections still exist as always; the contract simply isn't auto-attached, because there are no AI writes to reverse.
A13. AI segregation-of-duties control
CATEGORY Security · Status: locked AI ROLE Deterministic (a financial check rule) PLAIN PURPOSE Makes sure the AI can't both create and approve a payment — a second human must sign off on money. WHAT IT IS A constraint that the party drafting a financial document (the AI, together with the human who delegated it) can never be its sole approver. An independent human must approve money movement. (A different axis from A4: A4 limits how much an action may do; A13 requires an independent checker for money specifically.) WHAT IT GOVERNS Fraud prevention on financial actions — the classic separation-of-duties control auditors look for, applied to AI so that no single party (or its delegate) can both originate and approve a payment. RELATIONSHIP (Dependency) depends on A4 (authority) and A5 (records the delegating human); it enforces C8 and feeds B9 (the approval queue). EXAMPLE — AI ON AI drafts a $3,000 vendor payment under Priya's delegation → a different human, Sam, must approve it. AI may flag a suspicious bank change but can never approve one. EXAMPLE — AI OFF Standard human segregation-of-duties applies to manually-created financial documents, exactly as in any ERP.
A14. Agent registry & fleet console (agent system-of-record)
CATEGORY Governance · Status: locked AI ROLE Deterministic (a management surface over agent records) PLAIN PURPOSE Gives you one screen to see every AI agent running in your business, what it's allowed to do, and an off switch for any of them. WHAT IT IS The single pane of glass over the whole agent fleet. Where A5 defines one agent's identity and scope, A14 is the system-of-record across all of them — a live registry showing every agent, its owner, its authority level, its recent actions, its health, and its on/off state, with the controls to suspend, kill, or adjust any agent from one place. It is a surface built on A5 (identities), A6 (action history), and A10 (health/kill switch), not new machinery. WHAT IT GOVERNS Fleet-level accountability and control. As agents grow from a handful to a dozen or more, "manage one agent" (A5) is no longer enough — someone must be able to answer "what is every agent doing, who owns it, and can I stop it?" in one view. A14 is that view and that control. RELATIONSHIP (Dependency) depends on A5 (the identities it lists), A6 (the history it shows), A10 (the health metrics and kill switch it surfaces); used by the owner/admin; feeds C5 (accountability). EXAMPLE — AI ON The owner opens the console: 11 agents listed, each with owner, authority level, last-24h actions, and approval rate. The reconciliation agent's approval rate has dropped — the owner suspends just that one with a tap while the other ten keep running. EXAMPLE — AI OFF No agents are running, so the console shows an empty fleet — it becomes relevant only once agentic capabilities are enabled.
Part B — Capabilities (19 labels)
The features users actually experience. Each one plugs into the Part A machinery — it gets its access through A1, its authority from A4, its audit from A6, and so on.
B1. Capture & route engine
CATEGORY Functionality · Status: locked AI ROLE AI-core (parsing language and evidence) over a deterministic routing engine PLAIN PURPOSE Lets you just say or photograph what happened, and the right records get created for you to confirm — no hunting for the right screen. WHAT IT IS The single front door for getting information into the ERP. Instead of finding the right screen and filling a form, you describe what happened — by typing, speaking, or handing over a photo/PDF — and the engine resolves the entities, places the records, and shows you a ready-to-confirm draft. This is you → the system (it creates records). It has four faces: the capture bar (on-page), the command canvas (global), the routing layer (placement), and evidence capture (photo/PDF). For retail/frontline use the camera is a first-class capture device (photo-to-inventory, plant/condition recognition, photo-of-invoice, delivery-photo→PO match), and voice is assist-only — always confirmed visually, never voice-only, because speech accuracy degrades sharply outdoors and in noise. WHAT IT GOVERNS Data entry across the entire ERP. The user supplies the facts once; the system decides which tables and statuses they belong in — turning a four-screen task into one sentence plus one confirmation. It is the product's anchor capability. RELATIONSHIP (Dependency) depends on A1 (access), A11 (untrusted input), A12 (rollback), and B11 (the preview before you confirm). EXAMPLE — AI ON From anywhere you type "create a PO for Monrovia for 40 maples" → the engine resolves the vendor and item, opens the PO page already filled in, and you tap Confirm. EXAMPLE — AI OFF You open the PO page yourself, pick Monrovia from the vendor dropdown, add a line for 40 maples, and save — the form and its deterministic routing still work, just without the typed shortcut.
B2. One-sentence ambient analyst
CATEGORY UX · Status: locked AI ROLE AI-enhanced (detection is deterministic; AI phrases it) PLAIN PURPOSE Tells you the one thing that actually needs your attention right now, in a single sentence — instead of a wall of charts. WHAT IT IS A surface that reduces "here is all your data" to "here is the one thing that matters right now," expressed as a single plain sentence plus one action button. This is the system → you (it tells you something) — the mirror image of B1, which takes input from you. WHAT IT GOVERNS Cognitive load. The system does the interpreting and hands the owner a decision to make, not a dashboard to read and decode — which is what makes the ERP usable for a busy non-expert. RELATIONSHIP (Dependency) depends on B5/B6 (the detectors that feed it) and B12 (for relevance); it feeds B9 (the queue). EXAMPLE — AI ON "Maple stock runs out before the weekend rush — draft a PO to Monrovia?" with [Draft PO] and [Dismiss]. EXAMPLE — AI OFF A templated alert fires instead — "Low stock: Maple, 4 days left" — same trigger, plainer wording.
B3. Self-maintaining master data
CATEGORY Functionality · Status: locked AI ROLE AI-core (fuzzy matching and enrichment) PLAIN PURPOSE Quietly cleans up your customer, vendor, and product lists so they don't rot into duplicates and blanks. WHAT IT IS Background agents that keep master data healthy by fixing data that is there but wrong — merging duplicates, enriching missing fields, filling gaps — proposing each fix as a draft. (Contrast B5, which finds records that aren't there at all.) Auto-repair is allowed only for safe, reversible fixes; financial and identity fields stay draft-only. WHAT IT GOVERNS Data quality over time. Master data normally rots (duplicate "Bob"/"Robert," missing botanical names); this stops the rot continuously instead of in a painful annual cleanup. RELATIONSHIP (Dependency) depends on A1 and A12; it shares one background-agent engine with B13 (reconciliation). EXAMPLE — AI ON It proposes merging "Bob" and "Robert Johnson" (same phone) as a draft, and fills a missing botanical name from the shared catalog. EXAMPLE — AI OFF A rules-based duplicate report is generated for manual review, instead of continuous draft proposals.
B4. Guided action / error prevention
CATEGORY Functionality · Status: locked AI ROLE Deterministic (plain logic; AI only explains a flag if asked) PLAIN PURPOSE Catches an obvious mistake — like selling below cost — and warns you before you save it. WHAT IT IS Point-of-action checks that warn about or block a wrong action before it commits. The checks themselves are plain programming logic, not AI; the only AI involvement is optionally explaining a flag in natural language if the user asks why. WHAT IT GOVERNS Correctness at the moment of action. It catches costly, common mistakes — below-cost sales, duplicate POs, fulfilling an order with an unpaid deposit — at the exact moment they would happen. RELATIONSHIP (Standalone) deterministic; it pairs conceptually with B11 (preview) but needs no AI to run. EXAMPLE — AI ON Ringing a maple at $18 when its cost is $22 → "Below cost (−$4). Continue?" — and AI can explain why it flagged if asked. EXAMPLE — AI OFF The identical warning fires — the check is deterministic, so it behaves exactly the same with AI off.
B5. Negative-space detection
CATEGORY Functionality · Status: locked AI ROLE Deterministic (gap queries; AI only prioritizes/phrases) PLAIN PURPOSE Spots the records that should exist but don't — like a delivery received but never billed. WHAT IT IS A detector for records that aren't there at all but should be — the absences other ERPs never show, because conventional systems only display what is present. (Contrast B3, which fixes records that are present but wrong.) WHAT IT GOVERNS Completeness. It surfaces the dangerous gaps — the missing payment, the missing fulfillment — that silently cost money precisely because nothing on screen points to them. RELATIONSHIP (Used by) used by B2 (to surface) and B9 (to queue). EXAMPLE — AI ON It flags a vendor with POs but no payments, or a customer with a deposit but no fulfillment. EXAMPLE — AI OFF The same gap queries run deterministically and list to a report — only the AI prioritization and phrasing are lost.
B6. Decision support
CATEGORY Functionality · Status: locked AI ROLE AI-core (genuine forecasting needs modeling) — but a parity feature, not a differentiator PLAIN PURPOSE Predicts demand and flags unusual patterns so you can order ahead of a busy season. WHAT IT IS Forecasting and anomaly surfacing — seasonal demand, trends, outliers. The simple baseline (last-year comparison) is plain math; genuine seasonal forecasting is where AI earns its place. Every ERP has some version of this, so it's treated as table-stakes parity, not an edge. (Forward-seam: B6 can later respect a tenant's lightweight weighted goals — e.g. "favor margin over avoiding stockouts" — without becoming a full objective-function engine.) WHAT IT GOVERNS Insight. It is informational only — any action it suggests must route back through B1 as a normal draft, so a forecast can never directly move stock or money. RELATIONSHIP (Dependency) shares its analytics engine with B14 (simulation). EXAMPLE — AI ON "Spring 1-gal perennial demand is trending 22% over last year — increase the Monrovia order?" EXAMPLE — AI OFF Simple statistical baselines (such as a last-year comparison) show instead of model-based forecasts.
B7. Tenant-config defaults
CATEGORY UX · Status: locked AI ROLE Deterministic (config and usage counters; AI only suggests enabling) PLAIN PURPOSE Keeps a new user's screen simple — shows the basics first and reveals advanced options only when they're needed. WHAT IT IS A progressive-disclosure scheme: new tenants see a sensible core, and advanced features are opt-in, revealed by usage count or explicit toggle — never hidden or shown by AI guesswork. The reveal logic is plain config; AI's only optional role is noticing a repeated pattern and suggesting a feature. WHAT IT GOVERNS Onboarding simplicity. It defers the day-one wall of fields until each feature is actually earned, so a first-time owner isn't overwhelmed — and once a feature is used, it stays. RELATIONSHIP (Standalone) deterministic config; AI may suggest enabling, but the mechanism is not AI. EXAMPLE — AI ON After you hand-key a wholesale price 12 times, it offers "turn on customer-group pricing?" EXAMPLE — AI OFF Advanced features still unlock by usage count or an explicit admin toggle — just without the AI nudge.
B8. Outcome planner / business intent engine
CATEGORY Functionality · Status: deferred AI ROLE AI-core (multi-step planning) PLAIN PURPOSE You state a goal — "get ready for the spring rush" — and it lines up all the drafts to make it happen. WHAT IT IS A goal-to-plan engine: you state a business outcome and it decomposes it into a coordinated, multi-module plan of drafts. Think of it as B1 scaled up — B1 handles one action, B8 chains many toward a goal. It is built last, after single-agent trust is proven. (This is also where recurring ad-hoc orchestrations could later be promoted into reusable playbooks — the "meta-orchestrator" direction.) WHAT IT GOVERNS Cross-module planning — the shift from "open the PO page" to "achieve this outcome." It is deferred precisely because letting AI plan across modules safely requires the rest of the plane to be proven first. RELATIONSHIP (Dependency) depends on A5 (agents), A6 (traces), B12 (memory); gated by C7 (explainability before autonomy). EXAMPLE — AI ON (when built) "Prepare for the spring rush" → it checks trends, flags low stock, drafts the POs, and suggests an offer — each one a draft you approve. EXAMPLE — AI OFF There is no planner — the user does each step manually across modules, the normal pre-AI workflow.
B9. Autonomous exception & approval queue
CATEGORY UX · Status: locked AI ROLE AI-enhanced (detection is deterministic; AI prioritizes and phrases the queue) PLAIN PURPOSE Replaces hunting through screens with a short to-do list of just the things that need your judgment today. WHAT IT IS The work-queue home screen: a short, ranked list of the things that genuinely need human judgment right now, plus the inbox where AI-drafted actions wait for approval. The exceptions themselves are detected deterministically (by B5 and B13); AI's role is ranking them by importance and wording them clearly. WHAT IT GOVERNS User workload and the home experience. Instead of opening each module to hunt for problems, the owner is handed only the few judgment calls; everything else flows automatically. This is the concrete realization of "exception-first" UX (C6). RELATIONSHIP (Dependency) depends on B5 (detections), B13 (mismatches), and A4 (L4 approvals); it realizes C6. EXAMPLE — AI ON Today's queue: approve the Monrovia PO draft, review an invoice that doesn't match its receipt, reject a suspicious extracted bank detail. EXAMPLE — AI OFF A deterministic exception list still anchors the home screen (e.g. unmatched receipts, overdue items), just without AI-drafted items to approve.
B11. Consequence preview
CATEGORY Functionality · Status: locked AI ROLE AI-enhanced (the preview is computed by logic; AI only makes the wording natural) PLAIN PURPOSE Shows you everything an action will change before you save, so saving stops being scary. WHAT IT IS A plain-language preview of every record an action will create or update, shown before you confirm. The impact itself is computed deterministically from the routing outcome; AI only makes the summary readable. (Contrast B14: this previews one real transaction you're about to commit; B14 simulates a whole business scenario you haven't committed to.) (Forward-seam: for a material action, B11 can invoke B14 to show projected downstream effects, not just the immediate record changes.) WHAT IT GOVERNS Trust. ERP transactions silently touch many records at once, and that invisibility is exactly what makes users afraid to save; showing the full consequence first removes the fear. RELATIONSHIP (Dependency) depends on B1c (the routing outcome it reads); it implements C7 and pairs with B4. EXAMPLE — AI ON "Confirm receiving 40 maples? → +35 available, 5 to quarantine, $820 payable created, PO marked partially received, damage flagged." EXAMPLE — AI OFF The same deterministic preview still shows — it is based on routing logic, so it works without AI.
B12. Tenant operating memory
CATEGORY Functionality · Status: locked AI ROLE AI-enhanced (learns patterns; fully governed and editable) PLAIN PURPOSE Lets the system learn how your business works — your usual vendors, your habits — so it stops asking the same things. WHAT IT IS A governed memory of how this specific business operates — preferred vendors, rounding rules, statement cadence, and more — where each entry is sourced, confidence-rated, viewable, and editable, and is never auto-applied to financial actions. (Extension: the memory model is designed to grow beyond preferences into decisions, their rationale, and their outcomes over time — so "we switched suppliers in spring and here's what happened" becomes recallable, not just "prefers Monrovia.") WHAT IT GOVERNS Tenant-specific behavior. The system adapts to each business without anything being hardcoded, while the owner retains full visibility and control over what it has "learned." RELATIONSHIP (Dependency and Used by) depends on A9 (corrections feed it); used by B1, B2, B6, B8. EXAMPLE — AI ON "Buys maples from Monrovia — source: last 12 POs · confidence: high · editable by manager." Typing "reorder maples" then defaults to Monrovia. EXAMPLE — AI OFF Only static tenant config applies — no learned preferences inform routing.
B13. Continuous reconciliation
CATEGORY Functionality · Status: locked AI ROLE Deterministic matching (AI only prioritizes and explains breaks) PLAIN PURPOSE Constantly checks that things that should match actually do — so problems surface daily, not in a month-end panic. WHAT IT IS Always-on matching of the record chains that should agree — PO ↔ receipt ↔ invoice ↔ payable, and sale ↔ payment ↔ deposit ↔ fulfillment. The matching is deterministic; AI helps prioritize and explain the breaks. Only clean, unambiguous matches auto-resolve. WHAT IT GOVERNS Financial and operational cleanliness. Mismatches surface the moment they occur instead of accumulating into a stressful month-end reconciliation. RELATIONSHIP (Dependency) shares its background-agent engine with B3; it feeds B9. EXAMPLE — AI ON "3 invoices are ready to pay; 2 have receipt mismatches; 1 receipt has had no invoice for 12 days." EXAMPLE — AI OFF The same reconciliation checks run on demand (e.g. at month-end) rather than continuously.
B14. Business simulation / what-if modeling
CATEGORY Functionality · Status: locked AI ROLE AI-core (scenario modeling) PLAIN PURPOSE Lets you test a "what if I run this promo?" idea against your real data before committing to anything. WHAT IT IS A read-only sandbox for forward-looking business scenarios over real data — and it writes nothing, ever. (Contrast B11: B11 previews one transaction you're about to save; B14 models a whole scenario you haven't committed to.) (Extension: B14 can be invoked automatically by B11 for material actions, and its prediction stored in A6, so the system can later compare what it predicted against what actually happened.) WHAT IT GOVERNS Strategic decisions. It lets an owner model a promotion, price change, or larger order and see the projected effect before committing real money or stock. Any real action it suggests routes back through B1. RELATIONSHIP (Dependency) shares its analytics engine with B6; its outputs route through B8/B1 to become real. EXAMPLE — AI ON "20% off all citrus this weekend?" → it projects units, margin, stockout risk, and the reorder it would trigger — writing nothing. EXAMPLE — AI OFF Basic deterministic projections (such as simple margin math) replace multi-variable modeling.
B15. AI onboarding / bulk import
CATEGORY Functionality · Status: locked AI ROLE AI-core (column mapping and enrichment) with human-accepted batches PLAIN PURPOSE Lets a new business bring its existing items, customers, and vendors in from a spreadsheet without typing thousands of rows. WHAT IT IS AI-assisted migration of a new tenant's existing data: it maps their spreadsheet columns to the Vrida schema, dedups and enriches against existing and shared data, and stages the result in human-accepted batches before anything goes live. It is distinct from B1d (one document at a time) because bulk migration carries mass-error risk and needs staged acceptance. WHAT IT GOVERNS New-tenant data migration at scale — the single most common reason ERP setups stall or fail. Bulk content is treated as untrusted input (A11); nothing goes live without batch acceptance; a bad import is reversible (A12). RELATIONSHIP (Dependency) depends on A1, A8, A11, A12; it calls B3 (dedup/enrich) during the import. EXAMPLE — AI ON A new tenant uploads a 3,000-row product export → AI maps the columns, dedups against the shared catalog, flags 12 likely duplicates, and stages 988 clean records for one-click acceptance. EXAMPLE — AI OFF A deterministic CSV importer with manual column mapping and a validation report — slower, but fully functional.
B16. Outbound drafting
CATEGORY Functionality · Status: locked AI ROLE AI-core (it writes the message) — human approves before send PLAIN PURPOSE Writes the routine customer and vendor messages you'd otherwise type — like a payment reminder — for you to approve and send. WHAT IT IS AI drafts outbound transactional communications — payment reminders, statement notes, order confirmations, vendor messages — as drafts a human approves before sending. Each is triggered by one event and sent to one party. (Contrast B20, which is segmented marketing to many recipients with offers.) WHAT IT GOVERNS Routine outbound text. It removes the writing burden without surrendering control of what goes out under the business's name. It reads consent from CRM, sends through the notifications module, and never auto-sends financial messages. RELATIONSHIP (Dependency) depends on A1, A8, A13, B12; reads CRM consent and sends via notifications. EXAMPLE — AI ON A payment is 10 days overdue → AI drafts a polite reminder in the tenant's usual tone; the owner reviews and sends. EXAMPLE — AI OFF The owner writes the message from a static template or from scratch — the notification system still delivers it.
B17. Conversational query ("ask your data")
CATEGORY Functionality · Status: locked AI ROLE AI-core (it understands the question) — strictly read-only PLAIN PURPOSE Lets you just ask "how much did I spend with Monrovia last quarter?" and get the answer, instead of building a report. WHAT IT IS A capability that answers read-only, natural-language questions over the tenant's own data — and writes nothing, ever. Answers are grounded in the actual retrieved data and cite their source, so they can be trusted and checked. WHAT IT GOVERNS Plain-language access to your own data. It is one of the highest-value, lowest-risk AI features — it removes the need to know where data lives or how to build a report just to answer a simple question. RELATIONSHIP (Dependency and Used by) depends on A1 (read tools only), A8, and the reporting module; it is used by B18 (the assistant answers questions through it). EXAMPLE — AI ON "Which customers have an unpaid deposit?" → "3 customers: Mark Douglas ($200), …" each linked to the record — and nothing is written. EXAMPLE — AI OFF The owner builds the same answer manually with a filter or report in the reporting module.
B18. ERP assistant (conversational agent)
CATEGORY UX · Status: locked (design open — chatbot scope/authority being decided) AI ROLE AI-core (the conversational agent) — draft-only authority in v1 PLAIN PURPOSE One assistant you can talk to that can reach anything in the ERP — but everything it does comes back as a draft for you to confirm. WHAT IT IS A conversational agent, available only when AI is on (a paid-tier feature), that can reach and chain any capability in the system to accomplish a stated goal — but every action it takes is a governed draft, never a bypass of the controls. It owns no write path of its own; it orchestrates B17 (answer), B1b (create drafts), B19 (reports), B16 (comms), B14 (what-if), and B15 (import). Its power is in breadth of reach, not in special authority. In v1 it is capped at draft authority (L3) — full reach, but it proposes and the human confirms. WHAT IT GOVERNS The conversational front door to the whole system. The work queue (B9) remains the home surface for passive use; the assistant is an active alternative front door — both feeding the same governed capability layer underneath. RELATIONSHIP (Dependency) orchestrates B17, B1b, B19, B16, B14, B15; governed by A1, A4, A11, A13, B11, B9, A6, A10. EXAMPLE — AI ON "Get me ready for the weekend rush" → it answers current stock (B17), drafts reorder POs for low items (B1b), and offers a citrus-promo what-if (B14) — each presented as a draft you approve. It solved a broad goal by chaining capabilities, but committed nothing on its own. EXAMPLE — AI OFF There is no assistant — the owner uses the work queue, forms, and reports directly; the ERP is fully functional without it.
B19. AI reporting & insight views
CATEGORY Functionality · Status: locked AI ROLE AI-enhanced (assembles reports from logic-built read-models) PLAIN PURPOSE Ask for a report and the system builds it — "show me this quarter's spend by vendor" → a real chart, no setup. WHAT IT IS On-demand assembly of reports and visualizations over the tenant's data (pull-based), plus the surfacing of B6's insights. It is deliberately distinct from a dashboard-as-home-screen (which C6 rejects): these are reports you request, not a wall you land on. WHAT IT GOVERNS On-demand reporting — the legitimate "pull up the numbers" need that owners genuinely have, kept separate from the default home experience so it doesn't become an overwhelming wall of charts. RELATIONSHIP (Dependency and Used by) depends on A1, A8, and the reporting module; shares insight surfacing with B6; used by B18. EXAMPLE — AI ON "Show me Q2 spend by vendor" → it assembles a ranked table and chart from the reporting read-models, on demand. EXAMPLE — AI OFF The owner builds the report manually in the reporting module's report builder — same data, manual assembly.
B20. Personalized marketing & offers
CATEGORY Functionality · Status: locked AI ROLE AI-core (segmentation + per-segment content) — human approves the campaign PLAIN PURPOSE Instead of one identical email to everyone, sends each customer content and offers that match what they've actually bought. WHAT IT IS A capability that segments customers by purchase history (and season, lapsed status, and similar signals) and generates tailored content plus offers per segment, as a human-approved campaign — never one identical blast and never an auto-send. (Different from B16: B16 is one-to-one transactional messages; B20 is segmented marketing with offers and stronger consent rules.) WHAT IT GOVERNS Targeted marketing. It reads marketing-grade consent from CRM and honors unsubscribe; it personalizes within the A8 data boundary; its offers are bounded by a discount budget and human-approved; and it sends through the notifications module. RELATIONSHIP (Dependency) depends on B6 (segment), B12, B16 (draft), A8, A13; it reads CRM consent, issues discounts via the offers module, and sends via notifications. EXAMPLE — AI ON A spring campaign: the customer who bought roses gets rose-care content and a fertilizer offer; the citrus buyer gets a citrus promo; opted-out customers are excluded; and the owner approves the campaign before it sends. EXAMPLE — AI OFF The owner sends one templated email to a manually-chosen list — the notification system still delivers it.
Part C — Governing rules (9)
Constraints that shape how every feature is built. These are intentionally lighter than A/B items — a rule states a principle and points to what enforces it; it has no inputs or outputs of its own. They are not unfinished; they are a different kind of object.
C1. Smart routing over smart typing
CATEGORY UX · Status: locked AI ROLE Deterministic principle PLAIN PURPOSE Put the cleverness into deciding where data goes, not into helping people type faster. WHAT IT IS A design principle: the intelligence belongs in where data lands, not in autocomplete or typing assistance. WHAT IT GOVERNS Data entry philosophy — the win is reducing the number of actions a user takes, not the number of keystrokes. ENFORCED BY B1c (the routing layer). EXAMPLE One sentence about a delivery writes to four tables with the correct statuses, instead of four separate screen visits.
C2. One data contract, two render targets
CATEGORY UX · Status: locked AI ROLE Deterministic principle (not AI) PLAIN PURPOSE Design each page's data once and let it render for both web and mobile, instead of building it twice. WHAT IT IS A principle: each page's data is defined once and rendered two ways — denser on web, stacked on mobile — never maintained as two separate designs. WHAT IT GOVERNS UI architecture — design content once, skin it per device. ENFORCED BY the front-end layer. EXAMPLE The PO page shows the same data as a wide table on web and as stacked cards on mobile.
C3. Logic-first → cheap AI → generative
CATEGORY Operations · Status: locked AI ROLE Deterministic principle (governs when AI is used) PLAIN PURPOSE Always reach for the cheapest tool first; only use expensive AI when nothing cheaper works. WHAT IT IS A cost rule: try the cheapest mechanism first and escalate only when it genuinely can't decide. WHAT IT GOVERNS Cost discipline — roughly 60–70% of operations should finish in free deterministic code. ENFORCED BY A2 (the tier router). EXAMPLE Routing a delivery is plain code; only a genuinely ambiguous vendor name reaches a cheap model.
C4. Capability ladder = subscription ladder
CATEGORY Governance · Status: locked AI ROLE Deterministic principle (pricing) PLAIN PURPOSE More AI is the reason to upgrade your plan — the tiers line up with the price. WHAT IT IS A packaging principle: the AI capability tiers map directly onto the subscription plans, so "more AI" is the upgrade path. WHAT IT GOVERNS Pricing and packaging. ENFORCED BY A3, A4, and platform entitlements. EXAMPLE Seed = deterministic · Grow = +cheap AI · Bloom = +generative · Crown = +autonomous.
C5. Human accountable, AI attributable
CATEGORY Governance · Status: locked AI ROLE Deterministic principle (accountability) PLAIN PURPOSE A real person is always answerable for what the AI did, and you can always trace it back to them. WHAT IT IS A law: every AI action is owned by a human or an explicit policy, is traceable to a person, and is reversible wherever possible. WHAT IT GOVERNS Accountability — the principle that AI never becomes an unaccountable actor. ENFORCED BY A5, A6, A12, A14. EXAMPLE A drafted PO traces to "AI, delegated by Priya, confirmed by Sam."
C6. Exception-first (or conversational) UX over screen-first UX
CATEGORY UX · Status: locked AI ROLE Deterministic principle (UI model) PLAIN PURPOSE Open the app to a short list of things to handle (or just ask the assistant) — not a maze of menus. WHAT IT IS A law: the primary surface is a work queue of things needing judgment (B9) or the conversational assistant (B18) — not a tree of modules to navigate. The modules still exist; you simply rarely go hunting in them. WHAT IT GOVERNS The home experience and overall interaction model. ENFORCED BY B9, B2, B18. EXAMPLE The owner opens the app to "handle these 6 things" or just asks the assistant — not "Inventory → Purchasing → Reports."
C7. Explainability before autonomy (sequencing law)
CATEGORY Governance · Status: locked AI ROLE Deterministic principle (adoption gate) PLAIN PURPOSE AI has to prove it explains itself well before it's ever trusted to act on its own. WHAT IT IS A sequencing law: no capability earns higher autonomy until its explanations and previews have proven trustworthy in real use. The order is explain → recommend → draft → execute, and it is never skipped. WHAT IT GOVERNS Adoption and trust progression — it is what stops the system from becoming autonomous before users actually trust it. Oversight must be meaningful, not nominal: a human approver must be given enough context to actually judge an action, not just a rubber-stamp button — otherwise the "human in the loop" is theater. ENFORCED BY A4 (earned authority), A6, B11, A10 (approval-rate data). EXAMPLE The reorder agent earns auto-draft authority only after its suggestions have been approved at a high rate over a meaningful sample.
C8. Financial actions independently controlled & reversible
CATEGORY Security · Status: locked AI ROLE Deterministic principle (financial safety) PLAIN PURPOSE Anything the AI does with money needs a second human and a way to undo it. WHAT IT IS A law: every AI-assisted financial action requires independent approval and a defined reversal path. AI may draft, but approval (segregation of duties) and rollback are enforced by the platform, not left to the feature. WHAT IT GOVERNS Financial safety — the hard floor under everything that touches money. ENFORCED BY A4, A5, A12, A13, B9. EXAMPLE AI drafts a vendor payment → a different human approves it (A13) and a void/correction path exists (A12).
C9. AI is optional and degrades gracefully
CATEGORY Operations · Status: locked AI ROLE Deterministic principle (graceful degradation) PLAIN PURPOSE The ERP must work fully with AI switched off — AI is an enhancement, never a crutch. WHAT IT IS A law: no capability may make AI mandatory for a core workflow. Every AI feature declares a deterministic OFF behavior, and when AI is disabled, unavailable, over budget (A3), or too slow (A2), the system falls back to that behavior without breaking. AI adds speed and intelligence on top of a complete deterministic product; it is never the only path. WHAT IT GOVERNS Resilience and trust — the product is fully functional at the Seed tier and whenever AI is off, so a tenant is never held hostage to AI availability, cost, or reliability. This is what separates the plane from systems that break or become useless without their AI. ENFORCED BY A2 (latency fallback), A3 (budget fallback), and the mandatory AI-OFF behavior declared on every A/B item. EXAMPLE The token budget runs out mid-month → the capture bar becomes a plain typed form, forecasting falls back to last-year baselines, the queue still lists deterministic exceptions — the business keeps operating, just without the AI assist.
Part D — Module-walk grid (15 questions)
The 15 questions each module answers when designing its AI. This is a method, not a set of features — so it has no ON/OFF examples. Each question points at the plane items it triggers.
| # | Question | Category | Triggers | Example answer |
|---|---|---|---|---|
| D1 | Capture targets — what transactions can the bar/canvas create here? | Functionality | B1 | PO, receiving, vendor |
| D2 | Routing rules — what table/status placement does this module own? | Functionality | B1c | damaged → quarantine |
| D3 | Maintenance — what rots here, and what's the hygiene agent? | Functionality | B3 | duplicate vendors |
| D4 | Error-prevention — what wrong action must be blocked before commit? | Functionality | B4 | below-cost sale |
| D5 | Negative-space — what record should have a sibling and doesn't? | Functionality | B5 | received PO, no payable |
| D6 | Decision-support — any forecast or anomaly worth surfacing? | Functionality | B6 | reorder point |
| D7 | Autonomy boundary — alone / draft / approve / never? | Governance | A4, A13 | never auto-pay |
| D8 | Evidence sources — what evidence creates records, and what's the abuse risk? | Security | B1d, A11 | invoice PDF → validate bank |
| D9 | Reconciliation pairs — which records should reconcile? | Functionality | B13 | PO↔receipt↔invoice↔payable |
| D10 | Failure / rollback — how is a wrong AI action reversed here? | Governance | A12, B11, C8 | receiving correction |
| D11 | Adversarial / abuse surface — what untrusted input attacks this module? | Security | A11, A13 | tampered invoice quantities |
| D12 | Offline behavior — what works offline, queues, or falls back? | Operations | A2, A3, A10 | counts offline, extraction queues |
| D13 | Channel sync — does this module's data need to stay in sync with an external channel (e-commerce, marketplace, other location)? | Functionality | B13, A2 | POS stock ↔ online store |
| D14 | Lifecycle / perishability — does any record here age, expire, or have a lifecycle state (aging stock, expiring quote, lapsing customer, stale price)? | Functionality | B5, B6, B13 | aging plant → dead-count |
| D15 | Capture modality & ergonomics — what is the primary capture modality here (scan, photo/vision, voice, form), and the offline fallback? | Functionality | B1, B1d, A2, A11 | photo-to-inventory; voice needs visual confirm |
At a glance
| Part | Count | Items |
|---|---|---|
| A — infrastructure | 14 | A1–A14 (all locked) |
| B — capabilities | 19 labels | B1 (a–d), B2–B9, B11–B20 (all locked except B8 deferred) |
| C — governing rules | 9 | C1–C9 |
| D — module-walk questions | 15 | D1–D15 |
Deferred (designed, gated by C7): B8 outcome planner · Crown autonomous tier · multi-agent orchestration · external agent marketplace · cross-org agent coordination.
North-star (vision, never a component): the Invisible ERP — the emergent result of B1 + B1b + B2 + B9 + C6 + B18 shipping together; an ERP you talk to and that hands you work, rather than screens you navigate.
Forward-seams folded in (kept open, not built now): simulation-before-commit (B11 can invoke B14; A6 stores predictions for predicted-vs-actual) · richer operating memory (B12 grows from preferences to decisions + rationale + outcomes) · lightweight tenant objectives (B6/B14 can later respect weighted goals). These keep the architecture open to longer-horizon capabilities without adding anything to build in v1.