Decision Record
Immutable visual receipt of a human approval decision to counteract Responsibility Diffusion.
Install
npx ax-depute@latest add decision-recordpnpm dlx ax-depute@latest add decision-recordyarn dlx ax-depute@latest add decision-recordbunx ax-depute@latest add decision-recordThe Audit Triad
DecisionRecord is one of three audit-layer components. Each captures a different moment in the accountability chain:
| Component | Scope | Records | Question it answers |
|---|---|---|---|
| Decision Record | Per-approval | Who approved, why, and under what policy | "Who authorized this?" |
| Transaction Receipt | Per-action | What the machine did, with verification hash | "What actually happened?" |
| Session Overview | Per-session | Semantic rollup of everything the agent touched | "What was the total blast radius?" |
Use all three together for full audit coverage: DecisionRecord captures the human side, TransactionReceipt captures the machine side, and SessionOverview captures the session-level summary.
Basic usage
Use <DecisionRecord /> to log a human's active oversight of an agentic workflow. While the agent executes actions, you need an immutable record of who authorized it and why.
import { DecisionRecord } from "@/components/DecisionRecord";
export function AuditLog() {
return (
<DecisionRecord
decision="approved"
approver={{
name: "Alice Engineering",
role: "DevOps",
timestamp: new Date()
}}
agentContext={{
intent: "Restart production API gateway",
policyInvoked: "INFRA-001"
}}
humanReasoning="Verified metrics on Datadog. Latency spike requires restart."
/>
);
}Props
| Prop | Type | Default | Description |
|---|---|---|---|
decision | 'approved' | 'rejected' | 'modified' | — | The final human decision |
approver | { name: string, role?: string, timestamp: Date | string } | — | The human who made the decision |
agentContext | { intent: string, policyInvoked?: string } | — | The agent intent and policy at the time |
humanReasoning | string | — | Optional human reasoning for the decision |
The component intentionally requires strict object shapes to ensure the audit log is semantically complete for role-based access control (RBAC) environments.
Solution Patterns
The Responsibility Terminal
Embed the DecisionRecord at the end of every ApprovalGate flow. If the user clicks "Approve", the final screen rendered should be the immutable receipt.
Action Propsed → [Approval Gate] → (Approves) → [Action Executes] → [Decision Record]This closes the "Execution Amnesia" loop by confirming to the user that their identity is now bound to the output.
Design rationale
Why not just use TransactionReceipt?
A TransactionReceipt logs what the machine did (e.g., "Deployed smart contract 0x123 at block 8841"). A DecisionRecord logs what the human did (e.g., "Alice approved the contract deployment because the Q/A tests passed").
In enterprise and high-compliance environments, "Responsibility Diffusion" happens when humans blindly click approve because they aren't explicitly reminded that their identity is being audited. By forcing an explicit, formal, visual receipt of their decision, we heighten their scrutiny on the next request.