Concept

What is Decision Admissibility?

Logs record what happened. Admissibility proves it should have.

The problem

Autonomous agents produce outputs. They do not produce proof.

AI agents are writing code, merging pull requests, deploying infrastructure, and modifying production systems. Devin writes features. Codex refactors libraries. Jules triages bugs. Copilot suggests changes that ship the same day.

Most of these agents produce zero proof that the action should have been allowed. They produce outputs. They produce logs. They do not produce evidence that the decision was sound, authorized, and reproducible.

Today, when an autonomous agent merges a pull request, the best you get is a log entry: "PR #4712 merged by bot at 14:32 UTC." That tells you what happened. It tells you nothing about whether the merge was evaluated against your security policy, whether the evidence the agent relied on was authentic, or whether a second run with the same inputs would produce the same decision.

This is the gap where liability lives. Where compliance failures originate. Where trust erodes — not in a single dramatic failure, but in thousands of unverified decisions compounding daily.

Five distinctions

How admissibility differs from what you already have

Decision admissibility is not a replacement for observability, guardrails, audit logs, governance, or explainability. It is the layer that was missing underneath all of them.

01 / Observability

Observability tells you what happened. Admissibility proves it should have.

Observability tools collect metrics, traces, and logs from running systems. They answer: did the agent run? How long did it take? Did it error? They do not answer: was this action evaluated against policy before it executed? Observability is necessary. It is not sufficient.

02 / Guardrails

Guardrails filter bad outputs. Admissibility verifies the decision chain.

Guardrails intercept obviously harmful outputs — toxic content, malformed code, out-of-scope responses. They operate on the output. Admissibility operates on the decision process: was the right evidence consulted? Was the policy applied correctly? Was the chain from input to decision to action intact and verifiable?

03 / Audit Logs

Audit logs record events. Admissibility replays them deterministically.

An audit log is a ledger. It records that something happened at a certain time. Admissibility goes further: it captures enough context that the decision can be replayed — given the same inputs, the same policy, and the same evidence, the system produces the same result. A log says "this happened." Admissibility says "this happened, and here is the proof that it had to happen this way."

04 / Governance

Governance documents policy. Admissibility enforces it at runtime.

Governance frameworks define what should be allowed — approval matrices, compliance rules, risk thresholds. But a documented policy that is not enforced at the moment of decision is a suggestion, not a control. Admissibility closes the gap between "we have a policy" and "the policy was applied to this specific action, and here is the signed proof."

05 / Explainability

Explainability generates reasons. Admissibility proves reproducibility.

Explainability tools produce human-readable rationales for AI decisions. These rationales are useful but unfalsifiable — they describe why the model says it decided, not whether the decision is reproducible. Admissibility requires that the decision can be independently replayed and verified, not just narrated.

Three pillars

All three must hold for a decision to be admissible

Pillar I

Evidence Provenance

Was the evidence authentic and complete at decision time? Every decision rests on inputs — source code, configuration, policy documents, prior decisions. Evidence provenance means capturing what the agent saw, when it saw it, and whether it was the real thing — not a stale cache, not a partial fetch, not a hallucinated reference. This is the chain of custody for decision inputs.

Pillar II

Deterministic Replay

Does the same input produce the same output? A decision is reproducible if, given identical inputs and policy, the system arrives at the same conclusion. Deterministic replay means capturing enough state that any independent party can re-run the decision logic and verify the result. This is what separates a proof from a claim.

Pillar III

Authority Attestation

Was this action authorized by policy — not just permitted by access control? Access control answers: does this agent have credentials? Authority attestation answers a harder question: should this agent perform this action, given the current policy, the specific context, and the evidence at hand? Having the key to the door is not the same as being authorized to walk through it.

Why now

Autonomous agents are scaling faster than the infrastructure to hold them accountable

Twelve months ago, AI assistants suggested code in an IDE and a human decided whether to accept it. Today, agents independently write code, open pull requests, review changes, run deployments, and modify production infrastructure — with decreasing human oversight at each step.

The accountability infrastructure has not kept pace. The tools we have — logging, monitoring, access control, policy documents — were designed for a world where humans made decisions and machines executed them. When the decision-maker is an AI agent, that question has no answer unless you built the proof into the system.

Liability

When an autonomous action causes harm, who is accountable? Without admissibility, the answer is unclear — and unclear is the most expensive answer in a legal proceeding.

Compliance

Regulated industries require demonstrable controls. Policy never enforced at runtime creates compliance exposure with every action.

Trust

Engineering and security teams lose confidence in systems they cannot verify. This slows adoption and eliminates the efficiency gains that justified the investment.

Legal analogy

Borrowed deliberately from evidence law

Three legal standards map directly to the three pillars. These standards exist because courts learned, over centuries, that unverified evidence leads to wrong outcomes. The same principle applies to autonomous AI decisions.

FRE 901

Authentication

Before evidence is admitted in court, someone must establish that it is what it claims to be. This is evidence provenance: the requirement that decision inputs are genuine, not assumed.

Daubert Standard

Reliability + Reproducibility

Can the methodology be tested? Is it reproducible? This is deterministic replay: the requirement that a decision process can be independently verified, not just asserted.

Chain of Custody

End-to-End Integrity

Physical evidence must be tracked from collection to courtroom. Any break in the chain can render it inadmissible. This is the requirement that connects provenance, replay, and attestation into a single verifiable record.

These standards exist because courts learned, over centuries, that unverified evidence leads to wrong outcomes. The same principle applies to autonomous AI decisions. The stakes are different. The logic is identical.

Decision Receipt

Admissibility as a product

Decision Receipt by Summit Cognitive is the first product built to enforce decision admissibility for autonomous AI agents. For every agent action, it evaluates the decision against policy, verifies evidence provenance, confirms deterministic reproducibility, and issues a cryptographically signed receipt.

The receipt is not a log entry. It is not a report generated after the fact. It is a pre-execution proof: issued before the action affects production, signed so it cannot be altered, and structured so it can be independently verified by any party at any time.

Try in Playground Get API Key