Most "agentic" demos today are just fancy read-only RAG. But in a factory, an agent is only useful if it can actually do something: reschedule a work order, update a reorder point, or flag a non-conformance. The moment you give an LLM write-access to a production database, you face a massive safety and trust gap.
We built an "Action Layer" to sit between the LLM and the ERP. It uses a three-tier approval model and a deterministic "Action Gateway" that validates every intent against hardcoded business rules before execution.
I'm curious how others here are handling:
State Drift: How do you validate that ERP conditions haven't changed between the LLM's "thought" (T0) and the Gateway's "execution" (T1)?
Idempotency: Ensuring a hallucinated re-try doesn't result in double-ordering or duplicate transactions.
Auditability: We started logging the model's reasoning string alongside the data diff. For those in regulated industries (FDA/ISO), is that enough to satisfy a human auditor?
Happy to dive into our JSON rule schema or the static analysis we’re doing on action primitives.