Agent governance: policy enforcement vs decision evidence

[xsa520]

I've been exploring governance layers for AI agents.

Many current approaches focus on:

• policy enforcement
• runtime sandboxing
• audit logs

However I'm curious whether governance should also treat
the decision itself as a first-class artifact.

For example:

Intent → Policy → Decision → Evidence → Execution

Where the decision and evidence are sealed and replayable.

Curious whether the toolkit models governance decisions
in this way or focuses mainly on enforcement.

Experiment repo:
https://github.com/xsa520/guardian

[imran-siddique]

@xsa520 — good question, and the answer is yes, partially.

The toolkit already models decisions as structured artifacts:

• PolicyDecision (Agent OS) and PolicyDecision (AgentMesh) both include: allowed, matched_rule, action, reason, evaluation_ms, and an audit_entry dict with a context snapshot and timestamp
• The AuditChain in AgentMesh uses hash-chained entries (append-only, tamper-evident), so the sequence of decisions is verifiable
• The flight recorder captures full execution traces for replay

What we don't do yet is treat the decision as a sealed, independently verifiable artifact in the way you describe. Your Intent -> Policy -> Decision -> Evidence -> Execution pipeline is a useful framing — right now the decision and evidence are embedded in the audit trail rather than being first-class objects you can pass around or verify externally.

The closest thing to what you're describing is the AuthorityDecision model from our recently merged reputation-gated authority proposal — it includes the decision, effective scope, narrowing reason, and trust tier, which makes it somewhat self-describing.

Would be interested to see how your guardian repo approaches the sealed evidence part. Is it cryptographic (signed decisions) or structural (decision logs with integrity chains)?

[xsa520]

Thanks for the detailed explanation — that helps clarify how the toolkit models decisions.

What I was exploring with Guardian is slightly different from traditional policy enforcement logs.

Instead of treating the decision as part of the audit trail, the idea is to treat the decision itself as a first-class artifact.

The flow becomes:

Intent → Policy → Decision → Evidence → Execution

Where the decision record includes the evaluated intent, policy outcome, and metadata, and is then written into a hash-chained evidence ledger.

That allows the system to:

• replay decisions deterministically
• verify ledger integrity
• detect tampering between policy evaluation and execution

So the governance object isn't just "policy enforcement", but a verifiable decision artifact that can be replayed later.

The Guardian prototype is exploring this direction here:
https://github.com/xsa520/guardian

Still early, but curious whether modeling the decision as a sealed artifact might complement the toolkit’s current audit model.

[xsa520]

We opened a discussion here to explore this further:

xsa520/guardian#2

The issue summarizes two governance evidence models:

• execution-receipt-centric governance
• decision-artifact-centric governance

Interested to hear perspectives from other governance implementations.