Governance-layer swarm · Governance-decision-router agent · Routing-audit-trail skill · Build pillar · Published July 12, 2026

How to build routing audit trails for AI-output governance

Operators running multi-model multi-regime AI swarms work above a strong LLM + LLM-observability + AI-safety + policy-as-code + vector-store + WORM-storage + workflow primitives layer (OpenAI + Anthropic + Google + Mistral + Cohere + Meta + AWS Bedrock + Azure OpenAI + Vertex AI for LLMs; LangSmith + Weights & Biases + Arize + WhyLabs + Helicone + Langfuse for LLM observability; Lakera Guard + Robust Intelligence + HiddenLayer + CalypsoAI for AI safety; OPA Rego + AWS Cedar + Casbin + Cerbos + Oso + Styra DAS + Permit.io for policy-as-code; Pinecone + Weaviate + Qdrant + Chroma + Milvus + pgvector for vector stores; AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel for WORM storage; Temporal + AWS Step Functions + Apache Airflow + Dagster + Prefect + n8n for workflow — each vendor ships sophisticated primitives that the orchestration sits above). The orchestration that sits above those primitives — a per-decision routing-capture layer that records the full set of identifiers and parameters that determine an AI-output decision, a per- decision policy-engine-trace layer, a per-decision prompt- completion-snapshot layer with PII/PHI detection-redaction, a per-decision reviewer sign-off layer with operator-counsel- approved roles, a multi-LLM pre-publish check, a feedback loop, and a per-decision compliance gate that ties decisions to EU AI Act Articles 13/14/15, NIST AI RMF, ISO 42001, FTC AI disclosure + substantiation, and SOC 2 + ISO 27001 anchors — is operator- side architecture. Single-vendor LLM logs answer the question of what the model produced; routing audit trails answer the question of why a decision was made, by whom, with what evidence, and under which policy, at audit grade. This guide explains how to architect the routing-audit-trail skill on the governance-decision-router agent end-to-end.

Start with the AI Readiness Assessment Explore Fractional CMO with AI Swarm Take the 3-question fit quiz

What you will build

A per-decision routing-capture layer that records route pointer, model pointer (across the operator- chosen LLM vendor lineup), prompt-template version, system- message snapshot, tool-call trace, RAG retrieval snapshot, vector-store pointer, embedding-model pointer, sampling parameters (temperature, top-p, max tokens, seed), completion snapshot, tokens-in/out, cost, latency (p50/p95/p99), confidence tier, and explainability.
A per-decision policy-engine-trace layer that records every policy decision (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io), policy version pointer, allow/deny log, explainability surface, circuit-breaker state, fallback rule, and handoff to versioned-history-regulatory- defense.
A per-decision prompt-completion-snapshot layer with SHA-256 prompt and completion fingerprints, bitemporal storage handoff, immutable WORM storage (AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel), CCPA/CPRA DSAR tagging, GDPR DPIA tagging, and PII / PHI detection-redaction at write time (name, email, phone, SSN, credit card; HIPAA-scope PHI).
A per-decision reviewer sign-off layer with operator-counsel-approved reviewer roles (marketing, legal, compliance, security, clinical, financial), authentication (Auth0, Okta, AWS IAM, Azure AD, Google Cloud IAM, Keycloak), authorization via policy-as-code, sign-off state (pending, approved, rejected, escalated), reviewer comments, SLA tracking, audit trail, and escalation to operator-controlled incident channels (PagerDuty, Opsgenie, Slack, Microsoft Teams).
A multi-LLM pre-publish check (operator chooses across OpenAI, Anthropic, Google, Mistral, Cohere, Meta) that cross-checks routing decisions, policy decisions, and reviewer decisions with confidence scoring, self- consistency cross-check, and chain-of-thought extraction.
A feedback loop comparing realized vs projected outcome, reviewer approval vs LLM approval, policy decision vs LLM decision, with routing-decision pattern learning, policy-rule drift detection, prompt-template drift detection, model drift detection, completion drift detection, cost-vs-budget tracking, latency-vs-SLO tracking, reviewer- SLA tracking, circuit-breaker recalibration, and emerging failure-mode detection.
A per-decision compliance gate anchored on EU AI Act Articles 13/14/15, NIST AI Risk Management Framework, ISO 42001 AI Management System, FTC AI disclosure + FTC substantiation doctrine, and SOC 2 Type II + ISO 27001, extended to NIST SP 800-218A + NIST SP 800-53 + HIPAA PHI + PCI DSS 4.0 + FedRAMP + FDA AI/ML SaMD + FINRA Rule 2210 + CFPB UDAAP + CCPA/CPRA + GDPR + LGPD + DPDP + PIPEDA + CASL + FDD Item 12/17/19 via policy-as-code (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io) that operator counsel reviews.
Cross-skill handoffs and an audit trail to siblings on the governance-decision-router agent and broader swarm, with audit trail to operator-controlled WORM storage at per-statute retention windows operator counsel sets.

Where the orchestration above LLM, observability, policy-engine, and WORM-storage primitives compounds at multi-model scale

The vendor primitives are strong. LLM vendors ship per-account per-completion logs. LLM-observability vendors ship per- completion telemetry. AI-safety vendors ship per-completion prompt-injection and hallucination detection. Policy-engine vendors ship authorization decisions. Vector-store vendors ship RAG retrieval. WORM-storage vendors ship immutable retention. The orchestration above those primitives is what compounds at multi-model multi-regime governance scale.

The shared mechanism behind the operationally distinctive compliance anchors: an AI-output decision that lacks an audit-grade record at the moment of decision can convert an operational governance question into a regulatory enforcement exposure. The per-decision gate ties the routing record to the regulatory anchors at every layer.

The first distinctive constraint is EU AI Act Articles 13, 14, and 15. Article 13 requires transparency for high-risk AI systems. Article 14 requires human oversight. Article 15 requires accuracy, robustness, and cybersecurity. The per-decision gate emits evidence at every step so the operator can produce an audit-grade record on demand.

The second distinctive constraint is NIST AI Risk Management Framework. The Govern, Map, Measure, and Manage functions structure the AI-risk lifecycle. The per-decision gate emits per-function evidence into the audit trail so the attestation has a defensible factual basis.

The third distinctive constraint is ISO 42001 AI Management System (published 2023). ISO 42001 specifies an AI management system with policies, processes, controls, and continuous improvement. The per-decision gate emits the control-evidence record that surveillance audits consume.

The fourth distinctive constraint is FTC AI disclosure plus FTC substantiation doctrine. When AI outputs surface as claims to customers, the FTC substantiation doctrine (Pfizer 1972 plus the Reasonable-Basis Doctrine) applies. The FTC has signaled enforcement attention to AI-generated content, AI-disclosure obligations, and AI-driven dark patterns. The per-decision gate ties every published AI output to the routing record, the policy decision, and the reviewer sign- off so substantiation evidence is preserved.

The fifth distinctive constraint is SOC 2 Type II + ISO 27001 incident-management and audit-trail controls. SOC 2 Common Criteria CC7 (system operations) and CC8 (change management) require audit-grade records. ISO 27001 Annex A.16 requires information-security incident management. The per-decision gate emits the SOC 2 and ISO 27001 evidence record at every step.

Beyond the five anchors, the per-decision gate also covers NIST SP 800-218A secure AI development; NIST SP 800-53 control objectives when federal scope; HIPAA PHI handling under 45 CFR 164.308 + 164.312 when PHI flows through prompts; PCI DSS 4.0 when cardholder data flows through prompts; FedRAMP when federal customer data touched; FDA AI/ML Software as a Medical Device when outputs touch clinical contexts; FINRA Rule 2210 communications with the public when investment-grade operators publish AI-derived content; CFPB UDAAP when AI outputs drive consumer-finance decisioning; CCPA/CPRA DSAR + GDPR DPIA + LGPD + DPDP + PIPEDA + CASL privacy; FDD Item 12/17/19 when AI outputs surface to franchisees. The gate is policy-as-code; operator counsel reviews rule updates.

The real ecosystem the orchestration sits above

LLM, LLM-observability, and AI-safety primitives

OpenAI, Anthropic, Google, Mistral, Cohere, Meta, AWS Bedrock, Azure OpenAI, Vertex AI for LLMs; LangSmith, Weights & Biases, Arize, WhyLabs, Helicone, Langfuse for LLM observability; Lakera Guard, Robust Intelligence, HiddenLayer, CalypsoAI for AI safety. Strong primitives. The per-decision routing-capture, prompt-completion- snapshot, and multi-LLM pre-publish layers sit above this layer.

Policy-engine, vector-store, and embedding primitives

OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io for policy-as-code; Pinecone, Weaviate, Qdrant, Chroma, Milvus, pgvector for vector stores; OpenAI text- embedding-3-large, Cohere embed-v3, Voyage, Jina, Nomic, BGE for embeddings. Strong primitives. The per-decision policy-engine-trace layer and the RAG-retrieval-trace handoff sit above this layer.

Identity, workflow, and WORM-storage primitives

Auth0, Okta, AWS IAM, Azure AD, Google Cloud IAM, Keycloak for identity-and-access; Temporal, AWS Step Functions, Apache Airflow, Dagster, Prefect, n8n for workflow orchestration; AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel for WORM storage; PagerDuty, Opsgenie, Slack, Microsoft Teams for incident channels. Strong primitives. The reviewer sign-off layer and audit-trail layer sit above this layer.

Compliance-tooling primitives

Hyperproof, Drata, Vanta, Thoropass for SOC 2 / ISO control evidence; OneTrust, TrustArc, Ketch, Securiti, BigID for privacy program tooling. Strong primitives. The per- decision compliance overlay coordinates them via a policy- as-code gate that operator counsel reviews.

How the architecture is built

Routing-capture substrate. Subscribe to LLM- vendor webhooks and observability-vendor APIs. Land per- decision events in the operator data warehouse (Snowflake, Databricks, BigQuery, Redshift, Postgres) at the per-decision canonical-ID grain.
Routing-capture record. Record route pointer, model pointer, prompt-template version, system- message snapshot, tool-call trace, RAG retrieval snapshot, vector-store pointer, embedding-model pointer, sampling parameters, completion snapshot, tokens-in/out, cost, latency, confidence tier, and explainability.
Policy-engine-trace record. Record every policy decision (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io), policy version pointer, allow/deny log, explainability surface, circuit-breaker state, fallback rule, and handoff to versioned-history-regulatory-defense.
Prompt-completion-snapshot record. Compute SHA-256 prompt and completion fingerprints. Store in bitemporal storage. Land in immutable WORM storage. Tag for CCPA/CPRA DSAR and GDPR DPIA. Run PII (name, email, phone, SSN, credit card) and PHI (HIPAA-scope) detection and redaction at write time.
Reviewer sign-off workflow. Authenticate reviewers (Auth0, Okta, AWS IAM, Azure AD, Google Cloud IAM, Keycloak). Authorize via policy-as-code. Track sign-off state. Record reviewer comments. Track SLA. Emit audit trail. Escalate via PagerDuty, Opsgenie, Slack, or Teams.
Multi-LLM pre-publish check. Ensemble multiple vendor LLM APIs (operator chooses across OpenAI, Anthropic, Google, Mistral, Cohere, Meta) for routing- decision cross-check, policy-decision cross-check, and reviewer-decision cross-check. Run self-consistency checks. Extract chain-of-thought to the audit trail.
Per-decision compliance gate. Express the gate as policy-as-code on OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, or Permit.io. Encode the five distinctive anchors (EU AI Act Articles 13/14/15, NIST AI RMF, ISO 42001, FTC AI disclosure + substantiation, SOC 2 + ISO 27001) plus the broader compliance surface. Operator counsel reviews every rule update.
Feedback loop. Compare realized vs projected outcome, reviewer approval vs LLM approval, policy decision vs LLM decision. Recalibrate routing-decision patterns, policy-rule drift, prompt-template drift, model drift, completion drift, cost-vs-budget, latency-vs-SLO, reviewer- SLA performance. Surface emerging failure-mode detection.
Cross-skill handoffs. Hand off to siblings on the governance-decision-router agent and broader swarm.
Audit trail. Emit a per-decision canonical audit record to operator-controlled WORM storage (AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel) with per-statute retention windows operator counsel sets (IRS 7yr, FTC 7yr, HIPAA 7yr, SOX 7yr, SEC 6yr).

Frequently asked

What does a routing audit trail for AI-output governance do that an LLM vendor log dashboard does not?

LLM vendors (OpenAI, Anthropic, Google, Mistral, Cohere, Meta, AWS Bedrock, Azure OpenAI, Vertex AI) ship strong primitives for per-account per-completion logs. LLM-observability vendors (LangSmith, Weights & Biases, Arize, WhyLabs, Helicone, Langfuse) ship strong primitives for per-completion latency, cost, and prompt-completion telemetry. AI safety vendors (Lakera Guard, Robust Intelligence, HiddenLayer, CalypsoAI) ship strong primitives for per-completion prompt-injection and hallucination detection. Policy-engine vendors (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io) ship strong primitives for authorization decisions. Vector-store vendors (Pinecone, Weaviate, Qdrant, Chroma, Milvus, pgvector) ship strong primitives for RAG retrieval. WORM-storage vendors (AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel) ship strong primitives for immutable audit retention. Routing audit trails sit above this layer for multi-model multi-regime governance operators, and add: a per-decision routing-capture layer that records route pointer, model pointer (across the operator-chosen vendor lineup), prompt-template version, system-message snapshot, tool-call trace, RAG retrieval snapshot, vector-store pointer, embedding-model pointer, sampling parameters (temperature, top-p, max tokens, seed), completion snapshot, tokens-in/out, cost, latency (p50/p95/p99), confidence tier, and explainability; a per-decision policy-engine-trace layer that records the policy-as-code decision (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io), policy version pointer, allow/deny log, explainability surface, circuit-breaker state, fallback rule, and handoff to versioned-history-regulatory-defense; a per-decision prompt-completion-snapshot layer with SHA-256 prompt and completion fingerprints, bitemporal storage handoff, immutable WORM storage, CCPA/CPRA DSAR tagging, GDPR DPIA tagging, and PII/PHI detection-redaction (name, email, phone, SSN, credit card, HIPAA PHI); a per-decision reviewer sign-off layer with operator-counsel-approved reviewer roles (marketing, legal, compliance, security, clinical, financial), authentication, authorization via policy-as-code, sign-off state (pending, approved, rejected, escalated), reviewer comments, SLA tracking, audit trail, and incident handoff (PagerDuty, Opsgenie); a multi-LLM pre-publish check (operator chooses across OpenAI, Anthropic, Google, Mistral, Cohere, Meta) that cross-checks routing decisions, policy decisions, and reviewer decisions with self-consistency and chain-of-thought extraction; a per-decision compliance gate (covered in the next answer); a feedback loop comparing realized vs projected outcome, reviewer approval vs LLM approval, policy decision vs LLM decision, with routing-decision pattern learning, policy-rule drift detection, prompt-template drift detection, model drift detection, completion drift detection, cost-vs-budget tracking, latency-vs-SLO tracking, and emerging failure-mode detection; and a per-decision canonical audit record to operator-controlled WORM storage at per-statute retention windows.

What are the operationally distinctive compliance anchors for routing audit trails, and how does the per-decision compliance gate cover them?

Five anchors sit at the operational center of routing audit trails for AI-output governance, and the dedup mechanism behind them is shared: an AI-output decision that lacks an audit-grade record at the moment of decision can convert an operational governance question into a regulatory enforcement exposure. Anchor 1 — EU AI Act Articles 13, 14, 15. Article 13 requires transparency for high-risk AI systems, including instructions for use that explain the system characteristics, capabilities, and limitations. Article 14 requires human oversight, including the ability to oversee operation, monitor functioning, and intervene. Article 15 requires accuracy, robustness, and cybersecurity, including evidence that the system performs as intended and is resilient to errors and adversarial conditions. The per-decision gate emits evidence at every step of the routing pipeline so the operator can produce an audit-grade record on demand. Anchor 2 — NIST AI Risk Management Framework. The Govern, Map, Measure, and Manage functions structure the AI-risk lifecycle. The per-decision gate emits per-function evidence into the operator audit trail so the NIST AI RMF attestation has a defensible factual basis. Anchor 3 — ISO 42001 AI Management System (published 2023). ISO 42001 specifies an AI management system with policies, processes, controls, and continuous improvement. The per-decision gate emits the control-evidence record that ISO 42001 surveillance audits consume. Anchor 4 — FTC AI disclosure plus FTC substantiation doctrine. When AI outputs surface as claims to customers (advertising, sales collateral, content), the FTC substantiation doctrine (Pfizer 1972 plus the Reasonable-Basis Doctrine) applies. The FTC has signaled enforcement attention to AI-generated content, AI-disclosure obligations, and AI-driven dark patterns. The per-decision gate ties every published AI output to the routing record, the policy decision, and the reviewer sign-off so substantiation evidence is preserved. Anchor 5 — SOC 2 Type II + ISO 27001 incident management and audit-trail controls. SOC 2 Common Criteria CC7 (system operations) and CC8 (change management) require audit-grade records of operations and changes. ISO 27001 Annex A.16 requires information-security incident management. The per-decision gate emits the SOC 2 and ISO 27001 evidence record at every step. Beyond the five anchors, the per-decision gate also covers NIST SP 800-218A secure AI development; NIST SP 800-53 control objectives when federal scope; HIPAA PHI handling under 45 CFR 164.308 + 164.312 when PHI flows through prompts; PCI DSS 4.0 when cardholder data flows through prompts; FedRAMP when federal customer data touched; FDA AI/ML Software as a Medical Device (SaMD) when outputs touch clinical contexts; FINRA Rule 2210 communications with the public when investment-grade operators publish AI-derived content; CFPB UDAAP when AI outputs drive consumer-finance decisioning; CCPA/CPRA DSAR + GDPR DPIA + LGPD + DPDP + PIPEDA + CASL privacy; FDD Item 12/17/19 when AI outputs surface to franchisees. The gate is policy-as-code on OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, or Permit.io, with operator counsel reviewing rule updates.

How do the routing-capture layer, policy-engine-trace layer, and prompt-completion-snapshot layer actually work?

The routing-capture layer records the full set of identifiers and parameters that determine an AI-output decision. Route pointer identifies the workflow node. Model pointer identifies the specific LLM (across the operator-chosen vendor lineup spanning OpenAI, Anthropic, Google, Mistral, Cohere, Meta, AWS Bedrock, Azure OpenAI, Vertex AI, plus fine-tuned models and RAG-retrieval-augmented variants). Prompt-template version captures the operator-maintained template at decision time. System-message snapshot captures the immutable system message. Tool-call trace records every tool invocation. RAG-retrieval snapshot records the retrieved chunks. Vector-store pointer and embedding-model pointer identify the retrieval infrastructure used. Sampling parameters (temperature, top-p, max tokens, seed) record the determinism profile. Completion snapshot, tokens-in/out, cost, and latency (p50/p95/p99) record the outcome. Confidence tier and explainability surface accompany every record. The policy-engine-trace layer records every policy decision made by OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, or Permit.io — the policy version, the allow/deny outcome, the explainability surface, the circuit-breaker state, the fallback rule used, and the handoff to versioned-history-regulatory-defense. The prompt-completion-snapshot layer computes SHA-256 fingerprints over the prompt and completion, stores them in bitemporal storage with handoff to versioned-history-regulatory-defense, lands the immutable record in operator-controlled WORM storage (AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel), tags the record for CCPA/CPRA DSAR and GDPR DPIA, and runs PII (name, email, phone, SSN, credit card) and PHI (HIPAA-scope) detection and redaction at write time.

How does the reviewer sign-off layer, multi-LLM pre-publish check, and feedback loop coordinate with the rest of the swarm?

The reviewer sign-off layer supports per-role reviewers (marketing, legal, compliance, security, clinical, financial) with operator-counsel-approved role definitions, authentication (Auth0, Okta, AWS IAM, Azure AD, Google Cloud IAM, Keycloak), authorization via policy-as-code, sign-off state (pending, approved, rejected, escalated), reviewer comments, SLA tracking, and audit-trail emission. Escalation routes to operator-controlled incident channels (PagerDuty, Opsgenie, Slack, Microsoft Teams). The multi-LLM pre-publish check ensembles multiple vendor LLM APIs (operator chooses across OpenAI, Anthropic, Google, Mistral, Cohere, Meta) to cross-check routing decisions, policy decisions, and reviewer decisions, with confidence scoring, self-consistency cross-check, and chain-of-thought extraction. The feedback loop compares realized vs projected outcome, reviewer approval vs LLM approval, policy decision vs LLM decision, and recalibrates routing-decision patterns, policy-rule drift, prompt-template drift, model drift, completion drift, cost-vs-budget, latency-vs-SLO, and reviewer-SLA performance, surfacing emerging failure-mode detection. The skill hands off to siblings on the governance-decision-router agent (policy-as-code management, prompt-template version management, model version management, reviewer workflow, PII/PHI redaction, vector-store version management, RAG-retrieval trace) and across the broader swarm (audit-trail software commercial pillar, AI routing-decision audit trail commercial pillar, versioned history for regulatory defense, integration health monitoring, attribution rollup, per-location metric ingestion, POS receipt integration, versioned product history for recall traceability, brand-voice management, forbidden-phrase library, customer data graph).

What does Completions report on a Tier 3 engagement that covers routing audit trails for AI-output governance?

Tier 3 engagements report against a pre-engagement baseline that the Tier 1 assessment establishes for the operator stack. The reporting cycle covers six workstreams: (1) per-decision routing-capture coverage observed across the operator LLM + observability + safety surface, with per-source ingestion completeness reported; (2) per-decision policy-engine-trace surface observed across the policy-as-code gate (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso, Styra DAS, Permit.io), with per-policy decision-log diagnostics reported; (3) per-decision prompt-completion-snapshot surface observed across bitemporal storage + WORM retention + PII/PHI detection-redaction layers, with per-redaction-class precision and recall diagnostics reported; (4) per-decision reviewer sign-off surface observed against operator-counsel-approved reviewer roles and SLA targets, with per-role escalation diagnostics reported; (5) multi-LLM pre-publish check surface observed against operator-labeled holdouts, with per-LLM-vendor confidence diagnostics reported; (6) per-decision compliance gate pass rate observed across EU AI Act Articles 13/14/15 + NIST AI RMF + ISO 42001 + FTC AI disclosure + FTC substantiation + SOC 2 Type II + ISO 27001 + NIST SP 800-218A + NIST SP 800-53 + HIPAA + PCI DSS 4.0 + FedRAMP + FDA AI/ML SaMD + FINRA Rule 2210 + CFPB UDAAP + CCPA/CPRA + GDPR + LGPD + DPDP + PIPEDA + CASL + FDD Item 12/17/19 scope. Caveats: LLM-vendor rate limits + LLM-vendor model deprecation cycles + observability vendor API rate limits + policy-engine evaluation latency + vector-store availability + per-statute retention windows shifting with operator counsel policy + EU AI Act high-risk-system designation updates sit outside Completions control and are reported alongside observed performance; attorney-client privilege on counsel-reviewed reviewer-workflow rules, FDD Item 12/17/19 disclosure rules, and SOC 2 + ISO 27001 + ISO 42001 audit findings is preserved through every layer. Completions does not commit to fixed numeric SLAs on capture coverage, policy-trace completeness, snapshot retention, reviewer-SLA, or compliance pass rate when those KPIs depend on vendor performance, regulatory cadence, or counsel policy decisions.

Engage Completions

Start with the AI Readiness Assessment (Tier 1, 2-3 weeks, $10k). If the operation is ready to absorb the routing-audit- trail skill on the governance-decision-router agent, the assessment hands off to the AI Swarm Setup Sprint (Tier 2, 4-8 weeks, $25-50k). If the operation needs ongoing orchestration after Tier 2 hand-off, the skill continues under Fractional CMO with AI Swarm (Tier 3, 6-month minimum, $15-25k/month, 1-2 days/wk embedded). Operator owns every artifact at every tier. Operator can in-house at any time.