What this page is
A working prototype gives an honest reading of itself. This page summarises the gaps between what CADi does today and what a production deployment would require. The canonical inventory lives in the docs/PRODUCTION-GAPS.md file in the public GitHub repository.
What's prototype, what would be production
CADi is a working prototype. Inputs are simulated, scoring weights are hand-tuned, and each causal claim is labelled with its current rigor level. What works is the architecture: a decision-governance control layer with a 9-step pipeline, four analytical lenses, hash-chained audit, and a robustness gate that refuses to automate fragile decisions.
The short version
CADi is a working prototype with 2,745 tests, a 9-step decision pipeline, session-scoped governance and audit behaviour, simulator tooling, and a passing local quality gate (lint, test, build). Everything works as a prototype. Nothing should be treated as production-ready without the controls listed below.
Where the gaps are
- 01
All weights are hand-tuned
Lens weights, lambda weights, SCM edge weights, and safeguard thresholds were chosen by domain knowledge, not estimated from outcome data. The formulas are sensible; the numbers are guesses.
- 02
Rigor levels are heuristic, not validated
Every method declares its rigor level. Most lens scores and confidence values are labelled `heuristic`. Cinelli-Hazlett sensitivity and the Cholesky copula are `analytical_approximation`. Nothing in the codebase is labelled `statistically_defensible` or `production_grade`.
- 03
The causal graph is assumed
The 13-node, 12-edge SCM was defined by domain knowledge. No causal discovery (PC, FCI, GES) was run on observational data. Plausible but unvalidated.
- 04
Session-scoped state resets on reload
Audit records, SCM edge updates, decision-monitoring metrics, and cultural-drift scores live in memory. Datasets and templates persist; the in-memory state does not. A regulated deployment needs tamper-evident, persistent audit trails.
- 05
No production infrastructure
No authentication, no rate limiting, no CI/CD, no APM, no alerting, no error tracking, no automated backups, no environment isolation. Public API routes currently have no access control.
- 06
Synthetic data is not real data
The 10k records are generated by a known-formula outcome generator. Running causal estimators on it would estimate what we coded, not discover anything. The pipeline is ready for real data; only the source changes.
- 07
Advanced causal estimators not yet built
Advanced causal estimators (DML, TMLE, AIPW) are specified but not built. They could be implemented as analytical approximations on synthetic data for demo purposes; production deployment needs the full ML pipeline.
- 08
The cost model is hardcoded
The per-contact cost model (PROTECT £8.20, AUGMENT £4.10, AUTOMATE £0.35) is fixed in code today. A production system would make business logic like this customer-configurable.