Skip to main content

Decision Proof for Agents

AI agents make decisions faster than humans can review them. Without a proof layer, every agent action becomes an audit liability — “Why did the agent approve this?” has no answer six months later. Cronozen agents produce a Decision Proof Unit (DPU) for every action: a sealed bundle that captures inputs, model reasoning, applied policy, and approval chain into a hash-linked record.

Why Agents Need DPU

Without DPUWith DPU
”The agent approved it""Approved on 2026-05-28T03:14Z, policy v2.3, inputs hash a7f3…, model claude-opus-4-7, confidence 0.91”
Cannot reproduce decisionRe-run with stored snapshot reproduces output
Cannot detect tamperingChain hash mismatch detected immediately
Cannot prove policy at timePolicy snapshot stored with each DPU

What Goes Into an Agent DPU

Input Evidence

Hash of all data the agent saw — documents, structured records, prior conversation context.

Policy Snapshot

Frozen copy of the policy version applied at decision time. Even if policy changes later, the original is verifiable.

Model Reasoning

Model ID, version, prompt, raw output, confidence score, and any tool calls invoked.

Approval Chain

Who reviewed the agent’s output, when, and on what evidence. Human-in-the-loop or human-on-the-loop both supported.

Lifecycle

1. Agent invoked

2. Inputs collected → hash computed → input_hash

3. Policy snapshot loaded → policy_hash

4. Model call → output + confidence + tool_calls

5. (Optional) Human review → approver_id + decision

6. DPU sealed: { input_hash, policy_hash, model_output, approval, prev_chain_hash }

7. SHA-256 over the bundle → chain_hash → stored, linked to prev

Sealing a Decision

import { CronozenClient } from '@cronozen/sdk'

const cronozen = new CronozenClient({ apiKey: process.env.CRONOZEN_API_KEY })

const decision = await cronozen.agents.decide({
  agentId: 'grant-review-agent-v3',
  inputs: {
    applicationId: 'app_8x2k',
    documents: [/* document refs */],
  },
  policyId: 'subsidy-policy-v2.3',
  requireHumanApproval: true,
})

// decision.dpu contains the sealed proof
console.log(decision.dpu.chainHash)
// → "a7f3d8e2c1...b4f9"

Verifying a Past Decision

Anyone with the DPU and the source data can re-verify: 
const verification = await cronozen.dpu.verify({
  dpuId: 'dpu_a7f3d8e2',
})

// {
//   chainIntact: true,
//   inputHashMatches: true,
//   policyHashMatches: true,
//   approvalChainValid: true,
//   reproducedOutput: { ... }
// }
If any input data has been modified after the decision, inputHashMatches returns false — the auditor sees this immediately.

Decision Modes

Autonomous

Agent decides without human review. DPU captures full reasoning for post-hoc audit. Best for high-volume, low-risk actions.

Human-on-the-Loop

Agent decides, human can intervene within a window. DPU captures both agent output and human override (if any).

Human-in-the-Loop

Human approves before action. DPU captures agent recommendation + human decision + reasoning. Required for high-risk decisions.

When to Require Human Approval

Set requireHumanApproval: true for decisions that meet any of these criteria:
  • Financial impact > organizational threshold
  • Affects a regulated population (vulnerable individuals, etc.)
  • Policy explicitly requires manual review
  • Confidence score below configured floor (e.g., 0.85)
  • Novel input pattern (out-of-distribution detection)

Integration with DPU Engine

Every agent DPU is a regular DPU under the hood — same chain, same verification surface, same audit export format. Agent DPUs and human DPUs interleave in the same chain, providing a unified decision history across all operations. For the underlying DPU architecture, see DPU Engine. For chain-level guarantees and integrity proofs, see Proof Pipeline.

See Also