QuorumGate
Confidential Multi-Reviewer Risk Desk

Stop invoice fraud before the payment is approved.

QuorumGate reviews invoices, supplier emails, and payment requests on the finance team's own devices — flagging changed bank details, look-alike senders, and abnormal amounts before money moves. High-risk cases get a four-eyes second review over peer-to-peer local inference. No cloud. No external AI API.

Watch the demo View on GitHub Run it locally
No cloud, by design. Invoices, IBANs, and payment history never leave the company-controlled device perimeter. All inference runs locally through the QVAC SDK — the remote-call disclosure ships empty.

The problem

The most valuable review is the one finance teams can't send to a cloud AI.

Business Email Compromise drove $2.77 billion in reported U.S. losses in 2024 — the second-costliest cybercrime that year (FBI IC3). It works through a spoofed supplier email, a changed bank account, a rushed wire. The defense is to review every payment in the moment before it's signed — but invoices, bank details, and payment history are confidential and can't go to a cloud LLM. That's exactly what local AI solves.

How it works

Code decides. The model explains and can only tighten. A human approves.

LAYER A

Deterministic checks

Eight risk checks run in plain, auditable code — IBAN change, look-alike domain, duplicate invoice, abnormal amount, and more — and decide a verdict floor.

LAYER B

Local reasoning

A local model (via the QVAC SDK) writes an explainable memo and proposes a verdict. It can only make the verdict more conservative than the floor — never loosen it.

LAYER C

Four-eyes over P2P

High-value cases are delegated to a second reviewer's device over peer-to-peer local inference. An independent model returns its own verdict; only a minimal, masked bundle ever crosses.

A human makes the final decision (Approve / Hold / Escalate → Block), recorded with name and timestamp, and the desk exports an audit-evidence bundle.

Evidence

Measured on real hardware, reproducible from the repo.

4 / 4
cross-device four-eyes runs reached the peer (Linux ↔ Windows 11, LAN)
~7.5 tok/s
Qwen3-4B Q4_K_M via the QVAC SDK on an i5-13420H / 15 GB laptop
0 calls
remote-call disclosure — empty by design, all inference is local
91 tests
passing, with a zero-dependency core engine

The audit-evidence bundle masks the IBAN and records the checks, both reviewers' verdicts, and the human's decision — no raw documents. Security invariants are encoded as tests: a high-severity finding can never produce an approval, and a prompt injection in the invoice text cannot loosen the verdict.

Run it locally

The offline review reproduces on one machine — no model download, no network.

# clone, install, and run the test suite
git clone https://github.com/LevCey/QuorumGate
cd QuorumGate && npm install
npm test

# review the synthetic BEC-trap sample (offline, deterministic)
node packages/ui/src/desk-cli.js examples/sample-data/request-bec-trap.json

For a real local model, add --model <instruct-gguf>; for the four-eyes second review across two devices, add --peer <key>. Full quickstart in the README.

Demo

A 3-minute walkthrough: the trap, the local catch, the four-eyes split-screen, the block.

Demo video coming soon — meanwhile, run the offline review or read the source.