Why architecture matters here
Provenance failures cost trust. An LLM confidently cites a source that doesn't exist. A generated document is passed off as human-written. An auditor asks for the origin and no one has it. The architecture matters because each piece addresses a specific gap.
Citations link spans to retrieved sources. Watermarks let you detect model-generated text later. Audit records let compliance reconstruct what happened. Verifier tools let others check.
With the pieces in place, LLM outputs become defensible.
The architecture: every piece explained
The top strip is the generation path. Prompt + retrieval stores what the model saw. Model output includes citation tokens (e.g., [doc-3, span-42]). Citation extractor parses tokens into structured references. Watermark embed introduces subtle statistical bias so outputs can be detected as AI-generated.
The middle row is verification + display. Audit record keeps the full trail. Verifier tool lets anyone check if text was watermarked. Provenance UI shows citations inline and expandable. Anti-tamper uses signed hashes to detect edits.
The lower rows are policy + ops. Policy requires citations for factual claims. Metrics track coverage (% claims cited) and accuracy (% citations correct). Ops handles retention, user consent, and legal compliance.
End-to-end flow
End-to-end: user asks a research question. RAG retrieves 5 docs. Model generates with inline citations. Citation extractor parses. Watermark embedded. Audit record stored with hash. User sees UI with expandable citations; each links to the source paragraph. Later, a suspicious document arrives; verifier tool detects it as LLM-generated with 90% confidence. Compliance asks about a past decision; audit shows what sources the model was given and what claims it made.