Forensic Decision Record

When a decision is questioned,
logs are not enough.

Your AI is making decisions right now. So is your rules engine. So are your people. ProjectLedger records each commitment as it happens, seals the record, and gives you something legal, compliance, and auditors can independently verify when the decision is questioned.

Book a Discovery CallSee the API →
Artifact 5 / Sealed
✓ VERIFIED
"id": "6VOlW4GccA2s1dEke3ax", "manifestRootHash":
"f3cf212859f08d...",
"authorityMap": { "human_led": 4210,
"human_in_the_loop": 3187, "agent_autonomous": 4948 },
"actors": { "human": 4210, "agent": 4948,
"service": 3187 },
"signedBy": { "provider": "gcp-kms",
"exportable": false }
The Gap

So you spent six figures on an evaluation,
and your auditor still can't get an answer?

Governance platforms monitor your AI. They score risk, flag drift, and generate dashboards. But when legal asks about a specific decision on a specific date, they cannot answer.

Evaluation firms spend 90 days reviewing policies and interviewing your team. They give you a report about what your AI probably did.

Neither one keeps a record. That is the gap. ProjectLedger fills it.

Who authorized this decision?
ProjectLedger records the actor, the authority mode, and the timestamp at the moment of commitment. Human, agent, or service.
Was a human actually in the loop?
Not documented after the fact. The record is written when it happens. That is the only version that holds up.
Can you prove this record was not edited?
SHA-256 per entry. KMS asymmetric-signed artifact. The private signing key is non-exportable and remains inside Google Cloud KMS. Independently verifiable with just the public key. No access to our infrastructure required. Any modification to any entry breaks the hash. Any modification to the artifact breaks the signature.
Does this work for our rules engine too?
Any system that can make an HTTP POST. Same API, same sealed record. Your pricing engine, your coverage logic, your fraud detection.
What ProjectLedger Covers

What gets sealed in the record.

The question is always the same: what happened, who committed it, and can you prove the record was not changed later? ProjectLedger answers that with an append-only record, a sealed artifact, and independent verification.

At Decision Time
Record the commitment
Call promote() when the decision is made. Store the actor, authority mode, summary, and timestamp in an append-only ledger.
At Seal Time
Generate Artifact 5
Close the evaluation and generate a signed bundle containing the ordered record, manifest hash, and KMS-backed seal.
When Questioned
Prove what happened
Hand legal, compliance, or an auditor a deterministic record they can verify independently without needing your internal systems.
Decision Types

The API does not care who or what is deciding.

Hook it up to any decision process. The sealed record works the same way regardless of who or what is calling promote().

agent_autonomous
Actor: agent
AI Autonomous
The agent acts on its own. Recorded automatically when it happens.
Fraud detection. Content moderation. Automated underwriting.
human_in_the_loop
Actor: agent + human
Agent Proposes, Human Approves
The agent recommends. A human commits. Both actions are recorded.
Clinical AI. Trade approvals. Loan decisions.
agent_autonomous
Actor: service
Deterministic Software
A rules engine calls promote() on every decision. Zero human involvement.
Pricing engines. Coverage logic. Risk scoring systems.
human_led
Actor: human
Human Decision
A person presses the promote button overlaid on your existing software.
Prior auth. Legal sign-offs. Policy exceptions.
How We Are Different

Other tools tell you what your systems are doing. We record what they did.

Governance platforms monitor behavior. Evaluation firms write reports. Neither produces a record that holds up when someone asks a specific question about a specific decision.

CapabilityMutable LogsGovernance Platforms90-Day EvaluationsProjectLedger
Records decisions in real timeSometimes Always
Works for AI decisionsSometimes MonitoredReviewed Recorded
Works for deterministic softwareSometimes Any HTTP caller
Works for human decisionsInterviewed Promote button
Produces a sealed decision record Artifact-backed proof
Independently verifiable record Public key only
Append-only enforcementDoc only Two-layer
DeliverableLog fileDashboardReportSealed artifact
Time to first recordN/AWeeks90 daysMinutes
Approximate cost$0 + risk$50K+ per year$150K to $500K$15K to $60K
Integration

Four calls. Runs forever.

No schema changes. No database migrations. Any system that can make an HTTP POST can start recording decisions to the ledger.

01
create_evaluation()
Open a decision window. Set the context and owner. This is your audit boundary and the system enforces it.
02
promote()
Record a decision. Actor type, authority mode, summary. Called by a human button, an AI agent, or a service. Sealed the moment it lands.
03
close_evaluation()
Hard-close the window. Any promote() after this returns HTTP 409. Enforced by code, not process.
04
generate_artifact()
Export the sealed record. KMS asymmetric signing. Private key non-exportable. Verifiable offline by anyone with the public key. No access to our infrastructure required.
pricing-engine.ts
// Rules engine. Zero human involvement.
// Same four calls. Same sealed record.

const ev = await ledger.create_evaluation({
  context: "daily-pricing-2026-02-25",
  owner:   "pricing-engine-v2"
});

await ledger.promote({
  evaluationId:  ev.id,
  authorityMode: "agent_autonomous",
  actor: {
    type: "service",
    id:   "pricing-engine-v2"
  },
  summary: "Set WIDGET-123 price to $49.99"
});

await ledger.close_evaluation(ev.id);

const artifact = await ledger
  .generate_artifact(ev.id);

// 50,000 decisions today.
// Every one is on the record.

Built for enterprise procurement

Every security claim is independently verifiable. We document what is complete and what is in progress because transparency is the posture.

Review full security posture →
Tenant separation
KMS asymmetric signing. Non-exportable key.
Append-only enforcement
Fail-closed production
CI security scanning
API key hashing at rest
30-Day Evaluation

A live record.
Not a report about
what probably happened.

Other evaluations spend 90 days and give you a document. We instrument your actual decision surface and give you a sealed record of what it did. Scoped to your operation. One decision surface or twenty, the evaluation covers what you need.

30-day fixed scope engagement
$15K to $60K, evaluation only. Scoped to your operation.
Sealed Artifact 5 bundle on delivery
Works for AI, human, and deterministic workflows
No schema changes on your end
Most evaluations roll into yearly coverage
Active pilots running in FinTech, Gaming, and Insurance. The evaluation is open to any industry where decisions carry accountability.
Get Started

Start with one decision surface and leave with a sealed record you can prove.

A 30-minute call to scope the engagement. Thirty days later you have a sealed artifact and a decision record legal, compliance, and auditors can verify independently when questions come up.

Book a Discovery CallReview Security