Every number on a Coriven Proof finding carries one of three confidence tags. This page is the published definition of what each tag means, what produces it, and how a CFO can audit it.
Coriven Proof tags every figure with one of three confidence levels — Verified, Calculated, or Estimated — so the person reading the report knows exactly how much weight to put on it. The tag is not marketing copy. It is a code-enforced contract.
The set of three tags is pinned by an automated test in our codebase. The same enum that drives the badge color on a finding row drives the row in this matrix. When a tag is added, removed, or renamed, this page updates first; the test fails until it does.
A Verified figure is the strongest tier. The dollar amount, seat count, or token total was pulled from a system of record — a vendor billing API, a corporate card export, a signed contract, an SSO directory — without re-derivation, modeling, or interview. If we put a Verified tag on it, we have the receipt.
A Calculated figure is one rigorous step removed from Verified. Every input to the formula is itself Verified or Calculated; the arithmetic is published; the formula is the same one a board member could execute by hand. Confidence drops one tier from Verified because the computation itself is a layer of inference, however small.
An Estimated figure tells you that a published industry assumption (or a customer-supplied input we couldn't independently verify) is part of the calculation. We disclose every assumption explicitly in the methodology footnote. An Estimated tag is not "we guessed" — it is "we did the math and the math depends on an assumption you can challenge."
The tag a record carries depends on what the underlying source can actually prove — not on whether we have a connector. A vendor billing API proves dollars (Verified). A vendor usage API proves token counts but the dollar figure is computed from a pricing-page rate (Calculated). A discovery source — SSO sign-in logs, DNS, CASB activity, network egress — proves the tool was used but does not prove the license count or cost; both sides are observation-based, so the spend record is Estimated. Below is the actual matrix the shipped connectors emit — pinned to the code, not aspirational.
| Ingest Source | Tag (as actually emitted) | Why |
|---|---|---|
| api_import — spend-tool connectors Ramp, Brex, SAP Concur, Expensify, QuickBooks, Anthropic Claude Code analytics |
Verified | Pulled from a system that holds the actual invoice, transaction, or seat-billing record. The dollar figure is what the customer was billed, not a derivation. Source citation on every record names the API and the pull window. |
| api_import — LLM cost APIs (billing-tier) AWS Cost Explorer (Bedrock), Azure Cost Management (Azure OpenAI), Google Cloud Monitoring (Vertex AI when billing price exposed), OpenAI Admin API + Anthropic Admin API when cost data is present |
Verified | The cloud-billing or vendor-admin API exposes the actual billed cost — not just token usage. AWS Cost Explorer and Azure Cost Management always do; OpenAI and Anthropic Admin APIs include a cost field when billing access is granted; Google Vertex returns it when a billing price is available. When the cost field is present, the record is Verified. |
| api_import — LLM usage APIs (compute-tier) OpenAI / Anthropic when only usage data is exposed, OpenTelemetry, LangFuse / LiteLLM as fallback |
Calculated | The API exposes token counts and request volumes (Verified-grade) but no cost field; the dollar figure is computed from the vendor's published per-token pricing. The arithmetic is what drops the tag from Verified to Calculated. LangFuse and LiteLLM upgrade to Verified when the proxy emits a billed cost field; otherwise they default to Calculated. |
| api_import — RevOps platforms Clari, Gong |
Estimated | The vendor API exposes seat counts and activity, but not the per-seat cost the customer pays. We compute the spend figure using an industry-typical seat-cost assumption — disclosed in the methodology footnote — and tag the record accordingly. Upgrade to Verified by connecting the customer's actual billing source. |
| sso_discovery Identity providers: Okta, Microsoft Entra, Google Workspace CASB / DNS / network: Cisco Umbrella, Netskope, Palo Alto Prisma SaaS, Microsoft Defender for Cloud Apps, Zscaler |
Estimated | These sources prove a tool was observed being used by your organization — via SSO sign-ins, network egress, CASB activity, or DNS queries. They do NOT give us the licensed-seat count or the cost. The count we record (seat_count) is whatever the connector observed: distinct active users for Okta / Entra / Google Workspace, identities for Cisco Umbrella, accounts for Palo Alto Prisma SaaS, observed users for Netskope / Defender / Zscaler. The dollar figure is inferred from vendor pricing pages. Both sides of the spend record (count + cost) are observation-based, which is why the tag is Estimated. Upgrade by connecting a billing source for the same tool — that produces a Verified or Calculated record that supersedes the discovery one. |
| csv_upload | Calculated | Parsed from a customer-provided spreadsheet. Server-attested provenance (uploader email, filename, row index, timestamp) is captured at upload. The data IS what the customer claims they were billed; the tag reflects that we received it as a flat extract rather than a live system-of-record connection. |
| browser_plugin | Calculated when token usage is captured · Estimated when only sessions are observed | The Coriven Proof Sensor authenticates the tenant and observes which AI tool is active in a tab (sensor-reported, not server-attested — see citation wording on each record). When the Sensor captures real token-level API usage, the cost figure is computed from that — Calculated. When only session activity is observed without API usage, cost is inferred from blended industry rates — Estimated. |
| manual_entry | Estimated | Entered by a Coriven analyst from interview, observation, or operator note. The lowest-confidence ingest path; always recommended to upgrade by connecting the underlying source. |
Confidence is not static. As you connect more sources, individual figures get re-tagged automatically — without a meeting, a request, or a manual override. The doctrine is simple: better data wins.
An Estimated finding becomes Calculated the moment its underlying assumption is replaced with a Verified input. A Calculated finding becomes Verified when both the input data and the formula step are read directly from a system of record (rare — typically the formula step IS the inference, so most calculations stay Calculated by definition).
A Verified figure stays Verified unless the source connection breaks (stale credentials, revoked API access). When that happens, the tag downgrades and the finding is flagged for re-pull rather than silently aging out as truth.
Every retag event is recorded in the tenant's audit log so a CFO can ask "when did this become Verified?" and get a timestamp, not a guess.
Every tag on a finding row is challengeable. Click the badge, and Coriven shows you the full chain: the source citation (where the data came from), the methodology footnote (the formula that produced the dollar figure), and the rule threshold (the trigger condition). That's the audit. No black box, no proprietary opacity.
src/lib/ai-spend/schema.ts as CONFIDENCE_TAGS = ["verified", "calculated", "estimated"] and pinned by the contract test DEF-5 in defensibility-schema.test.ts. Any change to the tag set must update this page in the same commit; the test fires when the doc and code drift.