Workflow

From upload to signed delivery in eight steps

Every question goes through a structured review sequence: source auditing, multi model stress testing, conflict analysis, and named human sign off. Every step is logged in a tamper evident audit trail.

01

Client / Project Profile

Before anything runs, you configure the workspace for the client or project. Set the voice, define what's off-limits: words to avoid, topics that are legally sensitive, brand rules, competitor references to flag. Every client/project can have its own ruleset. Qonera applies those rules as a filter across the entire workflow.

02

Upload your files

Drag in the documents, data exports, or research that the analysis should be grounded in. Every file you upload is indexed into your Evidence Base, the verified source set that all models work from.

This is your Evidence Base

Every model in the workflow runs its analysis against this verified source set. Not the internet. Not training data. Your files. Keep it current and every answer that follows is grounded in what you actually know.

03

Data Integrity: Source Audit

Before any model runs, Qonera audits your documents. File versions are checked, timestamps are compared, and internal conflicts between documents are surfaced. Stale files are flagged. Contradictions are identified. The source set has to be clean before any analysis begins.

04

Instructions / Question

Give your instructions or pose your question. You can ask analytically, request a draft, or set a specific task. Qonera routes everything to your selected model ensemble with the client profile rules and clean source set already applied.

05

Default path

Multi Model Stress Test

Three independent models receive the same question and the same vetted evidence at the same time. They cannot see each other's answers. Each model forms its own view. The logic is tested from every angle.

06

Conflict Heatmap generated

Every claim is tagged Green, Orange, Red, or Outlier based on how the three models agree or diverge, with per-claim citations. Only the Multi Model path produces a heatmap, because only the Multi Model path has multiple outputs to compare.

05

Alternative path

Single Model + Peer Review

One model produces the answer. From there, you can route any answer to another named model for a peer-review turn, as many times as needed. When the chat has source documents attached, the peer reviewer sees the same evidence the original answer was grounded in and can re-check cited claims against it.

No Conflict Heatmap

A heatmap compares multiple parallel answers, which the Single Model path does not produce. The peer review itself acts as the second perspective. Both paths converge at step 7 below.

07

Answer generated with citations

Qonera synthesizes one reviewed answer from the model outputs. Every finding is linked back to your Evidence Base, citing the specific file and section. Every claim is traceable. No unsupported conclusions reach the reviewer.

08

Reviewer sign off & signed output delivered

The named supervisor reviews flagged claims, approves, annotates, or sends back for revision. Once approved, the signed answer is delivered with the complete audit trail. Nothing leaves without a named sign off.

Chat modes

Qonera vets the input data.
You choose how the AI answers.
Every output is reviewed and audited.

Source integrity runs on every question, automatically. What you choose is how the answer gets produced: three models in parallel, or one model with the option of a named peer.

Three-zone diagram showing source integrity (always on), the user's choice between Multi Model Stress Test and Single Model with Peer Review, and the shared review and audit shell

Always on

Source integrity

Before any model runs, your documents are vetted for staleness, contradictions, and quality. This is the foundation: the AI works only with data that's current, internally consistent, and fit for the question. Source integrity is not an option to enable. All data is checked when you upload it, and re-verified before any AI runs.

Always on

Review and audit shell

Whichever mode produced the answer, the sign-off workflow is the same. A named reviewer approves before delivery. Every inference, every model, every peer turn is recorded in the tamper evident audit trail. Governance is not a mode option.

Default mode

Multi Model Stress Test

Three independent models receive the same question and the same vetted evidence at the same time. They cannot see each other's answers. A judge model then compares all three and returns one synthesised, judged answer with per-claim citations. A Conflict Heatmap shows where the models agreed, partially aligned, or disagreed. This is the default for client-facing work.

Optional

Single Model + Peer Review

One model produces the answer. From there, you can route any answer to another named model for a peer-review turn, as many times as needed. When the chat has source documents attached, the peer reviewer sees the same evidence the original answer was grounded in and can re-check cited claims against it. Each peer turn is saved as its own message, attributed by model name, and added to the same audit trail.

Multi Model Stress TestSingle Model + Peer Review
What runsThree models in parallel, judge synthesisesOne model, user opts in to additional peer review turns
Best forHigh-stakes work where disagreement is itself a signalFaster turnaround, or when you want a specific named model to second-guess another's answer
What you seeOne synthesised, judged answer plus a Conflict Heatmap showing where the models agreed, partially aligned, or disagreedThe original answer plus each peer's review of it, attributed by model name
Audit trailEach model's inference logged independently, plus the judge synthesisThe original answer and each peer turn logged as separate inferences with model attribution
When to useDefault for client-facing work, regulatory documents, investment notesInternal drafts, follow-up scrutiny, second opinions from a specific named model

Audit Trail

Every decision recorded. Every record tamper evident.

The audit trail isn't a log file. It's a hash chain verified, append only record of every AI inference, every risk screening result, every source check, and every human sign off.

What gets recorded

  • Model identifier and provider
  • Token counts and cost
  • System prompt hash
  • Risk screening verdict
  • Reviewer identity and timestamp

How it's protected

  • Hash chain integrity verification
  • Append only (no edits, no deletions)
  • Database-level update trigger prevention
  • SHA-256 row hashing
  • Previous-hash linking for tamper detection

How you use it

  • Export as CSV for data analysis
  • Export as PDF for compliance review
  • Filter by date, organisation, or model
  • Compliance dashboard for administrators
  • Ready for regulator disclosure

EU AI Act alignment

How each workflow step maps to what the EU AI Act pushes toward

Qonera doesn't guarantee compliance. It builds the practical review controls that align with the governance principles the regulation is driving toward.

Steps 1-3

Source audit & workspace setup

Art. 9 — Risk Management

Structured source integrity checks before any AI analysis runs. Workspace-level rules catch sensitive topics and brand risks. Risk is managed before output is generated, not after.

Step 5 (both paths)

Every inference logged — Multi Model and Single Model + Peer Review

Art. 12 — Record Keeping

Every AI inference is logged with model identifier, token counts, cost, provider, region, and system prompt hash. The same record format applies whether the answer came from the parallel Multi Model run, a single-model invocation, or a peer-review turn. Each model invocation is captured independently. These records form the foundation of the tamper evident audit trail.

Step 6

Conflict Heatmap (Multi Model) and named peer attribution (Single Model)

Art. 13 — Transparency

Multi Model path: the Conflict Heatmap makes model agreement and disagreement visible per claim, with citations. Single Model path: each peer-review turn is saved as its own message and attributed to the named reviewing model, so the user can see who said what and how the peer's analysis differs from the original answer. Both mechanisms make AI involvement visible to the reviewer at the point of decision.

Step 8

Named sign off before delivery

Art. 14 — Human Oversight

A named human reviewer approves every output before it reaches a client. The sign off is recorded with identity and timestamp. No AI output bypasses human review.

Continuous

Automated risk screening

Art. 9 — Risk Management

Every AI response passes through heuristic and AI-based risk screening for PII disclosure, fabricated citations, prescriptive advice, and security-sensitive content. High-risk detections trigger incident reports automatically.

Continuous

Incident reporting

Art. 73 — Incident Reporting

Manual and automated incident reporting with admin triage, severity classification, and full audit trail. All records available for regulator disclosure.

Qonera supports governance processes and internal controls. It does not provide legal advice and does not guarantee compliance with the EU AI Act or any other regulation.

From confidently wrong
to verifiably right

See Qonera running on your own documents.

Get early access →Schedule a demo