Interesting. One pattern we’ve run into is that the hardest part of post incident analysis isn’t the action log, it’s reconstructing the state of authority and context at execution time.
A defensible execution record usually ends up needing a bundle like: input context, delegated identity/permissions, policy version in force, intended action, actual outcome, and a cryptographic link to the previous step in the workflow.
Without sealing that bundle at execution time, you’re left playing mix and match with logs and systems later. This isn’t really practical if you’re trying to produce an audit grade reconstruction of the decision chain.
Specifically the pre-chain window — the inputs the agent saw, the logic it applied, and why it chose to act or hold before any state transition hit the chain.
On-chain proves what happened. I'm trying to understand how people are handling proof of why the decision was made. Curious whether anyone has solved this or is just living with the gap.