Claims Automation Solution Pack

Automate the claim. Gate the payout.

A signed, versioned Solution Pack for property & casualty claims: intake, fraud triage, and payout approval as governed actions. Payouts at or above $5,000 route to a human before a dollar moves, every triage decision is explained, and the whole outcome is sealed in the Trust Ledger — imported into your tenant with its hash and signature checked at the door.

payout ≥ $5,000 → human approval (409 without it) · representative targets · verifyPack(hashOk + signatureOk)

insurance-claims · v1.8
Insurance Claims Automationinsurance-claimsCertified
ontologyTypes3
policies5
actions4
agents3
HMAC-SHA256 · 0x9f3a…c1signatureOk:true
packs ▸ canonicalize → sha256 contentHash → HMAC signature
What this pack governs

One signed artifact — the whole governed solution.

The Claims pack governs the path from a filed claim to a paid (or denied) outcome. It bundles the claims ontology (claim, policyholder, payout), the policies that cap autonomous payouts and force fraud holds, the Action Fabric actions that approve or deny a payout, and three curated agents — so claims automation ships as one provable artifact with the money-moving step always under human control.

Representative targets

The targets the pack is tuned to.

Illustrative targets for this use-case, configurable per deployment — the gates that enforce them ship in the pack.

~70%
Straight-through rate
Representative target — low-risk claims auto-cleared under cap.
100%
Triage explanation
Every triage decision carries an explanation and evidence.
≥ $5,000
Payout approval
Hard threshold — payouts at/above route to human approval.
What's inside

Four governed sections, one signed bundle.

A pack is a contents bundle plus its integrity envelope. The bundle carries the definitions; the envelope — canonicalize → sha256 contentHash → HMAC signature — is what makes it portable and provable.

ontologyTypes×3
  • Claim — claimNo, lossType, amount, status, fraudScore
  • Policyholder — name, policyNo, ssn (PII, restricted)
  • Payout — amount (restricted), method, approvalState
policies×5
  • Payout ≥ $5,000 → require human approval
  • fraudScore over threshold → hold for investigation
  • ssn is restricted — read denied outside intake
  • Deny requires a cited reason code (no silent denials)
actions×4
  • approvePayout — riskTier: high, approval-gated ≥ $5k
  • denyClaim — riskTier: medium, cited reason required
  • requestDocuments — riskTier: low, auto-executed
  • flagFraud — riskTier: medium, opens an investigation
agents×3
  • Claims Intake — structures the FNOL into the ontology
  • Fraud Triage — scores risk, cites the signals it used
  • Payout Approver — proposes payout, routes ≥ $5k to human
What it does

Governed agents, mapped to real Cortex controls.

Every capability in this pack is enforced by a runtime control you can audit — identity, policy, action approvals, and a sealed Trust Ledger. The pack configures them; the platform enforces them.

The $5,000 line is a hard gate
  • approvePayout is a high-risk Action Fabric action: at or above $5,000 the agent can only propose — a human approves before the money moves. Below the cap, low-risk claims clear straight through.
Fraud triage that shows its work
  • The Fraud Triage agent scores each claim and cites the signals it used. No black-box denial: every hold and flag carries an explanation a reviewer (or regulator) can read.
Denials need a reason code
  • denyClaim won't execute without a cited reason — policy forces every adverse decision to name the rule it rests on, so the claimant and the examiner both get an answer.
A receipt on every outcome
  • Approve, deny, or compensate — each executed action mints a signed receipt into the hash-chained Trust Ledger, so a disputed payout has a verifiable record behind it.
Policyholder PII stays locked
  • ssn and payout amount are restricted properties: read-denied outside the agents that need them, keeping sensitive claimant data out of prompts that shouldn't see it.
Watch the fleet, pause on demand
  • Every claims agent reports into the Control Tower with live state — pause a misbehaving agent, disable a tool, or arm the kill switch across the whole fleet.
$5,000Payout approval threshold (human-gated)
100%Triage decisions with an explanation
3Governed agents in the pack
10-hopProvenance on every payout decision
Install & verify

See what changes, verify the signature, then apply — to your tenant only.

Importing a pack is a verify-first, two-step flow. importPreview gives you a per-section diff against your live definitions; importApply re-checks the hash and signature, then idempotently upserts. Tamper with the contents and verifyPack returns hashOk:false — and any apply returns a 409 with no partial write.

  • canonicalize → sha256 contentHash → HMAC signature — deterministic bytes, re-checkable offline
  • verifyPack checks hashOk and signatureOk before a single row is written
  • importPreview diff: added / changed / unchanged per section
  • Tampered contents → hashOk:false importApply 409, always your own tenant
packs · verify + import
Intact pack{ hashOk:true, signatureOk:true }valid:true
Payout under capapprovePayout $240 → auto-executed200 OK
Payout at thresholdapprovePayout $5,000 → proposed, awaits human409 hold
Tampered contentshashOk:false → importApply409 blocked
importApply verifies first ▸ 409 if invalid · upserts into your tenant only
From registry to running

How this pack gets into your tenant.

Cross-tenant distribution works because the HMAC signature is over the content hash with the deployment's signing secret — a pack published by one tenant verifies and installs cleanly for another, and install always targets the caller's own tenant.

  1. 01

    Browse & preview

    Find the signed pack in the registry on a stable or beta channel. importPreview shows verifyPack plus a per-section diff against your live ontology, policies, and actions — nothing is written yet.

  2. 02

    Verify the signature

    importApply re-checks hashOk and signatureOk first. A tampered bundle or a wrong secret fails closed with a 409 — there is no partial application, ever.

  3. 03

    Apply & operate

    On a valid pack, ontology types, policies, and actions idempotently upsert into your own tenant. Agents are captured for reference; the registry/licensing flow owns agent creation. Then operate the fleet from the Control Tower.

Governance included

The pack ships the controls your auditors already cite.

The ontology permissions, fail-closed policies, approval gates, and sealed Trust Ledger map directly to the frameworks this use-case reports against. Aligned with — never claiming a certification you don't hold.

NAIC Model Acts · claims handlingGDPR · claimant dataSOC 2 · auditISO 42001 · AI recordsEU AI Act · logging

Ship claims automation that keeps the payout under control.

Import the signed Claims pack, verify it, and automate the claim while every dollar over $5,000 still stops for a human.