Here’s a request that lands on a lot of engineers’ desks, in one form or another. A company has a big pile of help documentation, product guides, policies, FAQs, troubleshooting steps, and they want a chatbot that answers customer questions from those docs. Accurately. With links to the source. And, above all, without confidently inventing a refund policy that doesn’t exist.

That last part is the whole challenge. If you just hand a raw AI model your question, it’ll answer from its general training, which knows nothing about your specific return window or your shipping rules, and it will happily make something up that sounds right. For a support bot, a made-up answer isn’t a cute mistake. It’s a promise your company now has to honor, or an angry customer, or worse.

So let me walk through how I’d actually design this system, thoroughly. I’ll lay out every approach with its honest pros and cons, build up the real pipeline piece by piece, and, at the very end, show how two big companies, DoorDash and LinkedIn, actually built theirs, with links to their own write-ups so you can read the primary sources. Because the interesting engineering is entirely in the details that stop it from making things up.

First, what does “good” mean here?

Before any architecture, pin down what success looks like, because it drives every decision:

  • Grounded. Every answer comes from the company’s actual docs, not the model’s imagination.
  • Sourced. The bot can show which document it used, so a human can verify it.
  • Honest. If the docs don’t cover the question, it says “I don’t know, let me get a human,” instead of guessing.
  • Fast and affordable. Customers won’t wait ten seconds, and the company won’t pay a fortune per chat.
  • Safe. No leaking private data, no answering things it shouldn’t, no showing one customer another customer’s info.

Hold those five. We’ll judge every choice against them.

The four ways you could approach this

Before diving into one design, it’s worth seeing the whole menu, because people often grab the wrong option. Here are the four real approaches, each with its honest pros and cons.

1
Just the raw model
the trap
Send the question straight to an AI model and show whatever it says. Zero setup.
+ trivial to build, instant
knows nothing about your docs, invents policies, no sources
2
Fine-tune a model on your docs
wrong tool
Retrain a model on all your help content so it "knows" your policies.
+ answers feel native, no lookup step
expensive, goes stale the moment a doc changes, can't cite sources, still hallucinates
3
Basic RAG (retrieve then answer)
good start
Find the relevant doc chunks at question-time, hand them to the model, answer from them.
+ grounded, sourced, cheap, updates when docs do
one-shot; no quality check, so weak retrieval still produces confident wrong answers
4
Production RAG (retrieve, rerank, gate, guard)
what I'd ship
Basic RAG plus reranking, a confidence gate that refuses when unsure, guardrails, and constant evaluation.
+ reliable, honest, safe, measurable, the version that survives real customers
more moving parts to build and maintain
Four approaches, and the naming ("basic to advanced") is misleading, the right lens is which one meets the five criteria. Approach 1 fails all of them. Approach 2, fine-tuning, is the one people most often reach for wrongly: it bakes facts into the model that go stale instantly and can't be cited (I dug into why in my fine-tuning-vs-RAG post). Approach 3 is genuinely good and where you start. Approach 4 is what production actually needs. Let me build up to it.

Notice why fine-tuning is the classic wrong turn here. It feels like “teach the model our business,” but policies change weekly, and a fine-tuned model can’t tell you which document an answer came from, so a customer can’t verify it and you can’t audit it. Facts belong in retrieval, where you can swap a document and the answer updates instantly. Fine-tuning is for changing behavior (tone, format), not for teaching facts. That single distinction rules out approach 2 for this job.

The naive version, and why grounding is the fix

The first instinct is approach 1: paste the question in, show the answer. Here’s the fix that separates a toy from something real.

Naive: model answers from memory

Customer asks, the raw model answers from its general training. It doesn't know your policies, so it invents plausible-sounding ones. No source, no way to check.

confident, unsourced, often wrong

Grounded: answer from your docs

Before answering, the system finds the relevant passages from your actual docs and makes the model answer only from those, with a citation.

accurate, sourced, checkable
The core move behind every reliable AI answer: don't let the model recall from fuzzy memory, make it read the real document first. That's RAG (retrieval-augmented generation), the backbone of this design. But basic RAG alone (approach 3) still isn't enough for production, and the gap is exactly what we fill next.

The shape of the system: prepare once, answer live

There are two distinct phases, and keeping them separate is the first design insight. One happens once, ahead of time (getting the docs ready to search). The other happens every time a customer asks.

Prep phase (once, offline)

take all the help docs
split them into small chunks
turn each chunk into a searchable form
store them in a searchable index

Answer phase (every question)

find the chunks relevant to the question
rerank them, keep the best few
check they're actually good enough
answer from them, with a citation
The expensive "read and index all the docs" work happens once, offline. The live path only does a quick search plus one model call, which is why it can be fast and cheap. Get this split wrong, re-indexing everything on every question, and your bot is slow and expensive for no reason.

The live path, step by step

Here’s what happens the moment a customer types a question. Six steps, and each one earns its place.

1
Understand the question. Turn "how long do I have to return something?" into a search the system can run over the docs. In a multi-message chat, first condense the whole conversation into the real underlying issue.
2
Retrieve candidates. Pull the most relevant chunks from the index, say the top 20. Cast a wide net first; precision comes next.
3
Rerank. A sharper (slower) model re-scores those 20 and keeps the best 3 to 5. Fast-but-rough retrieval finds candidates; careful reranking picks the winners.
4
Confidence gate. Are the top chunks actually relevant? If they're weak, stop here and say "I don't know" or hand off to a human, instead of forcing a bad answer.
5
Generate, grounded. Hand the few good chunks to the model with strict instructions: answer only from this text, and cite it. Nothing invented.
6
Answer with a source. Return the reply plus a link to the doc it came from, so the customer (and the company) can trust and verify it.
Six steps, and the ones people skip are 3 and 4. Basic RAG jumps from "retrieve" straight to "answer." The reranking and the confidence gate are exactly what turn a flaky demo into something you'd let touch real customers. Let me unpack the two choices that matter most, and weigh their trade-offs.

Choice #1: how you search, and the trade-off

You’d think “search by meaning” (using embeddings, which match on concepts not exact words) is all you need. It’s powerful, it treats “return something” and “send an item back” as the same idea. But it has a blind spot: exact terms. A customer typing a specific error code, a product SKU, or an order number needs an exact keyword match, which pure meaning-based search can fumble.

Meaning searchmatches concepts and synonyms. Great for "how do I get a refund?"
+
combine
Keyword searchmatches exact terms. Great for "error E-4021" or an order ID.
The robust answer is hybrid search: run both and combine. Pro: meaning-search catches paraphrases, keyword-search catches exact codes the other misses, together they cover far more questions. Con: it's a bit more to build and tune than a single method. The trade is almost always worth it, because "the bot couldn't find it" is one of the most common real failures, and hybrid quietly fixes a whole class of it.

Choice #2: the confidence gate, the anti-hallucination valve

This is the single most important part of the design, and the one that separates a trustworthy bot from a dangerous one. After retrieval, before generating, ask one question: are the documents we found actually relevant enough to answer from?

Are the retrieved docs strongly relevant to the question?
weak / nothing good
Don't force an answer. Say "I couldn't find that, let me connect you to a person." Honest beats wrong.
strong match
Go ahead and answer, grounded in those docs, with a citation. This is the safe case.
The confidence gate is the valve that stops the bot from making things up. Pro: it converts "confidently wrong" into "honestly escalated," which is exactly the behavior that builds trust. Con: tuned too strict, it refuses questions it could have answered and annoys customers; tuned too loose, hallucinations slip through. Finding that threshold is real work, but a support bot that occasionally says "let me get a human" is trustworthy; one that never admits it doesn't know is a liability.

The safety layer you cannot skip

For a real support bot touching real customers, a few guardrails aren’t optional extras, they’re the line between shippable and reckless.

who-can-see
Access controlsTag each doc with who's allowed to see it, and filter retrieval by the user. A customer must never get an answer built from another customer's data, or an internal-only doc.
privacy
PII handlingStrip or protect personal data (emails, card numbers) so it doesn't leak into prompts or logs. Support chats are full of it.
stay-on-topic
Out-of-scope refusalPolitely decline questions outside its job (medical advice, competitor comparisons, anything off-policy) instead of improvising.
no-tricks
Injection defenseGuard against users trying to trick the bot into ignoring its rules or revealing its hidden instructions. Treat user text as untrusted.
The unglamorous parts that never show up in a demo but decide whether the thing can go live. Access control especially: getting retrieval to respect "who is allowed to see what" is a real engineering task, and skipping it is how companies leak data.

How you know it’s working: evaluation

Here’s what separates people who’ve actually shipped these from people who’ve only read about them: you cannot improve what you don’t measure. A support bot needs a way to tell, continuously, whether it’s getting better or quietly regressing.

QuestionHow you measure it
Did retrieval find the right doc?Test on known question-answer pairs, check if the right source shows up
Is the answer faithful to the source?Score whether the answer actually matches the cited doc (no invention)
Are customers happy?Thumbs up/down, escalation rate, resolved-without-a-human rate
Is it fast and affordable?Track response time and cost per conversation over time
Did a change make it worse?Re-run the test set before every change; catch regressions early
Evaluation turns "it seemed fine in the demo" into "we know it's good and we'll know the instant it breaks." A quiet truth: human review still beats automated scoring for judging real answer quality, so the best setups keep a human reviewing a sample of real conversations. Without measurement, you're flying blind, and as you'll see next, the companies that got this right invested heavily here.

Start simple, add only what you need

One more piece of judgment, because it’s easy to over-build. You don’t start with all of this on day one. You start with the simplest thing that could work, ship it, watch where it fails, and add complexity only where the failures are.

Add this......only when
Basic retrieve-then-answerAlways. This is the starting point.
RerankingRetrieval keeps surfacing near-misses; answers feel slightly off.
Hybrid (keyword) searchCustomers ask about exact codes, IDs, product names the bot misses.
Confidence gateBasically always for support, it's your anti-hallucination valve.
Access controlsThe moment any doc is not meant for every user. Usually day one.
The discipline: don't bolt on reranking, agents, and elaborate pipelines before you've seen the actual failure modes. Ship the simple version, measure it, and let the real problems tell you what to build next. Over-engineering on day one is how simple projects die slowly.

How real companies actually built this

Everything above isn’t theory, it’s close to what large companies have published about their own production support bots. Here are two, in their own words, with links to their official write-ups so you can read the primary sources.

DoorDashhallucinations down ~90%compliance issues down ~99%

DoorDash built a RAG support system for their delivery drivers ("Dashers"). When a Dasher reports a problem, the system first condenses the whole conversation into the core issue (exactly step 1 above), then retrieves similar past resolved cases plus the relevant help articles, and generates a grounded answer.

The part worth stealing: they wrapped it in two extra layers. An LLM Guardrail that checks every answer is actually grounded in the retrieved docs and doesn't violate policy (the confidence-gate idea, taken further), and an LLM Judge that scores quality across five aspects (retrieval correctness, response accuracy, coherence, and more) to catch regressions. Those two layers are what drove the 90% and 99% drops.

Official write-up: DoorDash Engineering, "Path to high-quality LLM-based Dasher support automation"

LinkedInresolution time down ~28.6%deployed ~6 months

LinkedIn's customer-service team took a clever twist on the retrieval step. Instead of treating past support tickets as a flat pile of text, they built a knowledge graph from them, capturing the structure inside each ticket and the relationships between tickets. When a question comes in, they retrieve the relevant piece of that graph, not just loose text chunks.

The payoff: because the retrieval understands how issues relate, answers are better grounded. They reported a 77.6% jump in a retrieval-quality metric and, deployed in their real support team for about six months, a 28.6% cut in median time to resolve an issue. It's a great example of the idea that better retrieval, not a fancier model, is usually the biggest lever.

Official paper: Xu et al., "Retrieval-Augmented Generation with Knowledge Graphs for Customer Service Question Answering" (LinkedIn, SIGIR 2024)

Two real production systems, two lessons. DoorDash's is "wrap generation in verification layers", a guardrail and a judge, and hallucinations collapse. LinkedIn's is "the retrieval step is where the real wins hide", structure your knowledge better and everything downstream improves. Both validate the same spine this whole post is built on: ground it, check it, measure it. Read their write-ups; they're clear and detailed.

The takeaway

A support chatbot that “answers from our docs” sounds like a weekend project, and the naive version is. But the version that won’t embarrass the company is a careful little pipeline: prepare the docs once, then for each question, search (by meaning and by keyword), rerank to the best few, check that they’re actually good enough, and only then answer, grounded, with a source, wrapped in guardrails that respect who can see what, and measured constantly so you know it’s working.

And notice what the real companies confirm: DoorDash’s biggest wins came from verification layers, not a bigger model; LinkedIn’s came from better retrieval, not a bigger model. The lesson underneath the whole thing is the one that runs through all of this, the model is the easy part. The engineering is everything around it, the retrieval, the reranking, the honesty gate, the safety, the measurement, that makes it trustworthy enough to put in front of a real customer. Get the model to read the docs and admit when it can’t find the answer, and you’ve solved 90% of what makes these systems either wonderful or dangerous.

← Back to blog