“The agent sent the email. Placed the order. Who approved that?”

Logs tell you what happened — not what the agent was ALLOWED to do, who approved the policy, or that nothing was changed afterwards. Ordinary logs can be altered by whoever owns them and don't hold up as strong evidence; the US standards body has itself named the missing record: who approved, under which policy, when, with what outcome.[F7] That is our receipt — field by field.

Example: a procurement agent

May act alone

Orders ≤ €2,500 with approved suppliers, max €10,000/week; book meetings; answer supplier questions with source citations.

With limitation

Orders €2,500–5,000 — released with mandatory supporting evidence attached in the receipt.

Always a human

New supplier; contract changes; anything above €5,000; payment to a new account; personal data leaving the system.

Budgets

An error budget (the agent steps itself down past the cap), a spending budget, an escalation cap — your reviewers never drown.

You don't write it alone: a template library per agent type plus a guided questionnaire — and during onboarding we propose limits from the agent's MEASURED behavior (“1,243 actions last month — here's the distribution, here are our proposed limits”). You approve — and the approval becomes the chain's first receipt.

Audit in minutes, not weeks

Every action is receipted, signed and chained; anyone can verify the chain without access to our systems. Audit in minutes: this month's chain — 1,243 decisions, 3 escalated, 0 limit breaches. Financial regulation already requires archiving the approver's name and date[F1] — we turn the binder into a cryptographic receipt.

The EU bonus: transparency duties from August 2026, full evidence duties for high-risk AI by December 2027 at the latest — a date the EU can move earlier.[F8] The receipts are generated anyway, from day one. When the requirement lands, you're already done.

We certify the decision, not just the event

New tools seal WHAT happened — timestamps, hardware attestations. Good: they certify the event. We certify the DECISION — taken under an approved policy and a stated error cap. Their seals fit as fields inside our receipt.

The Flight Recorder, over time

Today

Policy in plain language, every action signed and chained, offline verification, your approval as the chain's first receipt.

Next

Template libraries per agent type, third-party attestations (timestamps, hardware) carried as fields inside the receipt, and export packs your auditor can verify without us.

Long term

The receipt as the common language between your agents, your auditor and your insurer — handoffs between agents and humans carried end-to-end, ready for the EU's evidence duties.

Developers: receipts verify offline

Want to check one yourself?