Episode 1 established the accountability gap. Now we open the box. A Decision Receipt is not a log entry or a dashboard metric — it is a five-layer cryptographic proof. This episode dissects each layer: the sealed evidence bundle, the deny-by-default policy enforcement record, the competing hypotheses, the Ed25519 signature, and the deterministic replay capability that transforms a record into a proof.
By the end of this episode, you will understand exactly what is inside a Decision Receipt, why each layer exists, and how deterministic replay turns an accountability claim into an independently verifiable proof — all without exposing patent-sensitive internals.
| Claim | Risk | Status | Evidence |
|---|---|---|---|
| A Decision Receipt is a five-layer cryptographic proof comprising a sealed evidence bundle, policy enforcement record, competing hypotheses, Ed25519 signature, and deterministic replay capability. | medium | approved | 1 |
| The evidence bundle is sealed at decision time, capturing the actual inputs the system considered — not a reconstruction or log entry generated after the fact. | medium | approved | 2 |
| Deny-by-default policy enforcement means no decision proceeds without a documented policy evaluation, and the receipt records competing hypotheses that were considered alongside the selected outcome. | medium | approved | 1 |
| Ed25519 cryptographic signatures enable any party with the public key to independently verify a receipt's integrity without contacting the issuing system, while deterministic replay allows re-execution from the sealed evidence bundle to confirm the recorded outcome. | low | approved | 2 |
| Deterministic replay transforms a Decision Receipt from a record of what happened into a reproducible proof — the critical distinction between accountability claims and accountability evidence. | medium | approved | 2 |
This is a Decision Receipt. Not a log entry. Not a dashboard metric. Not an explanation generated after the fact. It is a portable, cryptographically signed proof that a specific AI-assisted decision was made through a documented process. It has five layers, and today we are going to open each one.
Layer one: the evidence bundle. When a decision is evaluated, every input the system considers is sealed into an immutable bundle at that exact moment. Not reconstructed from logs later. Not approximated from telemetry. The actual evidence, frozen at decision time. This is the foundation everything else builds on — if you cannot prove what inputs existed when the decision was made, you cannot prove anything about the decision.
Layer two: deny-by-default policy enforcement. Every decision must pass through a policy gate before a receipt is generated. The system does not log which policy was consulted — it records the enforcement outcome: allow, deny, or escalate. No policy evaluation, no receipt. This is not paper compliance. This is operational proof that policy was enforced at the moment the decision was made.
Layer three: competing hypotheses. The receipt does not just record the winning outcome. It records every alternative the system considered and why the selected outcome prevailed. This matters because accountability is not about showing what was decided — it is about showing what else could have been decided and why it was not. A decision without alternatives is not a decision. It is an assertion.
Layer four: the Ed25519 cryptographic signature. Each receipt is signed with an Edwards-curve digital signature that covers the entire payload — evidence bundle, policy record, competing hypotheses, decision outcome, everything. The signature is 64 bytes. The public key is 32 bytes. And here is the critical property: any party with the public key can verify the receipt independently. No phone home. No API call. No trust required in the issuing system. The math either checks out or it does not.
Layer five: deterministic replay. This is the layer that changes everything. An audit log tells you what happened. An explainability tool generates a new guess about why. Deterministic replay lets you take the sealed evidence bundle, re-execute the decision process, and confirm that the same inputs produce the same outcome. Every time. This is not a record. It is a proof. The same way a reproducible build proves software integrity, deterministic replay proves decision integrity.
And this maps directly to the NIST gap we identified in Episode 1. Govern: the policy enforcement record. Map: the sealed evidence bundle. Measure: deterministic replay. Manage: the portable signed receipt. Five layers, four NIST functions, one artifact. That is what was missing from every tool in the landscape.
So now you know what is inside. A sealed evidence bundle, a policy enforcement record, competing hypotheses, a cryptographic signature, and deterministic replay. Five layers that turn an accountability claim into an accountability proof. Next episode, we go behind the system that generates these receipts — nine agents, one codebase, and the architecture that makes it work. Check the source appendix for the full cryptographic verification primer, then visit decrec.summitcognitive.ai to verify a real receipt yourself. This has been Warrant, Season One, Episode Two.