What exactly is mocked, and what is real?
The three source systems (PMS, processor, OTA) are in-repo mocks: MCP servers over a seeded, ground-truth-labeled month with real reportlab-rendered PDFs. Everything downstream is real — the matcher, the adjudication schema, the expected-loss gate, the Ed25519-signed Merkle chain, the replay, and the 404-test suite. The --live flag swaps the deterministic FakeQwen transport for real qwen3-vl-plus / qwen3.7-max calls.
Does it really run offline with zero keys?
Yes. innkeeper seed, run, replay, verify-chain, bench, and the full pytest suite need no network and no API keys — scripts/verify_offline.py even socket-guards the proof. Only --live touches the network, behind DASHSCOPE_API_KEY.
How does the gate math actually work?
A mismatch auto-clears only when confidence ≥ 0.85 ∧ materiality ≤ $50 ∧ class ≠ true_error — generalised as E[loss] = amount × (1 − confidence) ≤ τ. Two constraints are absolute: a true_error classification and a two-pass extraction disagreement always queue, no matter the confidence. That's why the $310 walk-in at 0.60 confidence lands in the morning queue and the $5.67 commission at 0.94 clears itself.
How do I run it?
python3.12 -m venv .venv && source .venv/bin/activate, then
pip install -e ".[dev]",
innkeeper seed --nights 30, and
innkeeper run --night 2026-07-04. The full copy-paste script — including the tamper-detection and benchmark beats — is in
DEMO.md.
What happens to the transactions it won't clear?
They arrive in the owner's morning report (innkeeper report --night N) carrying competing hypotheses with probabilities — e.g. "room sold at the terminal, never posted" at 0.60 vs "mis-keyed deposit" at 0.40 — plus evidence citations from at least two systems, each bound by sha256. The agent tells you what it doesn't know.
What's the license?
MIT — the whole repo, including the three seedable MCP mock servers, which are reusable for anyone building reconciliation agents. © 2026 Edy Cu.