Most systems prove that an action happened. This plays one governed decision's signed chain backward — from the recorded outcome to the originating request — and lets you verify each link independently.
The rule this page obeys: every node shows only what it can prove for this decision right now. 1 verified just now against an ephemeral demo key; 2 recorded server-side (not independently re-checkable); 6 honestly marked not-applicable, roadmap, or unattested. A walk where every node turns green is the one to distrust.
An AI agent (refund_bot_v3) attempted billing.issue_refund for $4,200.
It was HIGH-risk and exceeded the agent's autonomy, so Strix required human approval (cfo@acme) before it could execute. Below is that decision's signed chain, replayed backward — verify any link yourself.
Would prove inclusion in an append-only transparency log (roadmap).
Strix-CT STH / inclusion proof
Strix-CT is reference-impl only (not production-wired).
Would bind the actual tool execution to this decision (CP-K-001 — roadmap).
execution_receipt_v1 (CP-K-001)
execution_receipt_v1 (CP-K-001) is not production-wired; rendered, never greened.
This record is linked into the tenant's append-only hash chain.
proofChainHash (signed field) + chain walk
This demo record is a chain genesis (no prior link).
artifact: demo-ev-0004
The executed billing.issue_refund ($4,200) was recorded as a signed evidence record.
DecisionEvidence — SE v1, 13-field canonical, Ed25519, proofChainHash
Verify it yourself: <strix-verify> WebCrypto · /api/public/verify · npx @strixgov/verifier <id> · Python
Verified now against the ephemeral demo key (strix-demo-ephemeral-2026-06) — real Ed25519 over the canonical payload.
artifact: demo-ev-0004
A single-use token was issued for the refund tool call, then redeemed once.
execution_token — HMAC-SHA256, single-use, atomic redemption (tokens.ts)
HMAC keyed by a server secret — recorded server-side, no public per-decision artifact.
Approved by cfo@acme — separation of duties (approver ≠ requesting agent).
SalesApprovalArtifact — Ed25519, chain-hashed (sequenceNum + previousArtifactHash)
This demo records the approval gate as a signed decision record, not a separate chain-hashed SalesApprovalArtifact. Mint a quorum decision (Mode A) for a verifiable approval chain.
The action was matched to a content-addressed policy version at decision time.
content-addressed sha256 of the ruleset (policy.ts)
The content-addressed policy version is bound on the approval artifact; this demo mints none. Mode A surfaces it.
Evaluated as HIGH-risk → human approval required → approved → executed.
DecisionService PROPOSED→EVALUATED→APPROVED→EXECUTED audit trail
Recorded server-side (audit trail), not a public-key artifact.
refund_bot_v3 (agent) requested billing.issue_refund for $4,200.
decision intent + actorClass block
actorClass reads CLASS_UNATTESTED — actor attestation (AA-1) is dormant; no claim about which agent acted under whose authority.
Signed + verified the moment this page loaded with an ephemeral demo key (strix-demo-ephemeral-2026-06) — never the production key. This proves the mechanism; the panel below verifies a real production record the same way.
The walk above runs on a demo key so it works with no setup. Here is the identical check against a real production evidence record, resolved against the public key set — not by us, by you.
Production evidence record 5686, re-checked live in your browser against the public verification API.
Don't take our word for it — run the same check
npx @strixgov/verifier@latest 5686Open-source verifier, standard Ed25519 + JWKS primitives, zero Strix dependencies. The signature is checked against the public keys at /.well-known/strix-jwks.json— the math doesn't require us to be in the loop.
npx @strixgov/verifier@latest 5686npx @strixgov/verifier@latest quorum <decisionId>