ALL SYSTEMS · NOMINAL
UTC --:--:--
Docs·API reference·POST /v1/decision

Personalized go / no-go agent

One step beyond a verdict — a personalized recommendation per pseudonymous user, blending the deterministic score with that user's learned behavioral preferences, archetype priors, and a recent-cohort signal of who else is going.

POSThttps://api.goable.io/v1/decision

Pro plan and above. Inherits the per-tenant LLM token budget. Hard physics gates always win — a lightning warning forces no-go regardless of the user's tolerance.

What it is

Where /v1/score is "what's the modelled suitability?", /v1/decision is "should THIS user go?". The engine combines four signals:

  • Calibrated score — the deterministic verdict.
  • Personal behavioral model — a small per-user MLP trained nightly from the user's outcome history. Activates once they have ≥30 outcomes.
  • Archetype model — per (archetype × spot-tier) priors from k-anonymous aggregates. Activates as soon as ≥10 distinct users contribute per cell.
  • Recent-cohort signal — operator outcomes from the same spot + window in the last 2 hours (k≥2 distinct, n≥3 floor).

Request

{
 "pseudonym": "u_abc123...", // user id you assigned
 "location": { lat, lng },
 "activity": "kitesurfing",
 "window": { from, to },
 "userArchetype": "intermediate"
}

Response: recommendation (go / wait / switch_spot / skip), reasoning (LLM-generated narrative bounded to 300 chars), key_factors (which signal drove the call), alternatives (up to 3 nearby suggestions if the recommendation is switch_spot).

Personalization blend

For brand-new users with no outcome history, the call falls back to the deterministic score + archetype priors. As outcomes accumulate per pseudonym, the personal model's blend weight ramps linearly from 5 outcomes (0% personal) to 30 outcomes (50% personal); above 30, the blend caps at 50/50 against the calibrated score.

Hard physics gates always win

Lightning, hazardous AQI and storm gates short-circuit the entire decision pipeline. The LLM never sees the request when a gate fires — the response is forced to skip with a deterministic safety message. Personalisation cannot override safety.

Privacy + deletion

Pseudonyms are tenant-private — you assign them, the engine never learns the underlying user id. GDPR Article 17 deletion is available at DELETE /v1/decision/user-data/:pseudonym; it scrubs every personally-attributable row (behavioral model, decision-runs, non-aggregate audit) and returns receipt headers (X-Anonymized-Rows, X-Receipt) for your compliance log. Recital 26 anonymous aggregates survive.