Decision Passport: An Audit Layer for AI Agent Execution Governance

What Decision Passport Addresses

The recent Claude Code source leak discussion on r/LocalLLaMA highlights a critical architectural gap in AI agent systems. As agents gain capabilities like tool access, browser access, memory handling, background execution, and multi-step workflows, the governance question shifts from "can the agent do useful work?" to accountability questions.

The Governance Gap

The source identifies key questions that current logging and observability tools don't fully address:

• Who authorized this action?
• Under what policy?
• What execution context existed at the time?
• What changed?
• What was blocked?
• Whether that record can still be trusted later outside the original runtime

The author notes: "Logs help you inspect. Proof helps you defend."

Decision Passport Features

The tool provides:

• Append-only execution records
• Portable proof bundles
• Offline verification
• Tamper-evident chains
• Verifier-first design

The author clarifies this doesn't "solve" sandbox escape or agent safety by itself, but makes the governance gap more visible and provides stronger answers to what happened, in what order, under what permission, with what evidence, and whether anyone can verify it later without trusting the original platform.

Available Repositories

The project is open source with two main components:

• Core: https://github.com/brigalss-a/decision-passport-core
• OpenClaw Lite: https://github.com/brigalss-a/decision-passport-openclaw-lite

Discussion Points

The source raises questions for the community to consider:

• Is this just better observability?
• A missing audit/proof layer?
• Overengineering for most agent workflows?