Proof Pack Schema
Proof Packs preserve enough evidence to reconstruct a governed action while redacting sensitive payload details.
Required public-safe fields
proof_idledger_entry_idrefund_idagent_idactiondecisionamountandcurrencywhen safereason_codelatency_msproof_statussignature_statusredaction_statushash
Forbidden public fields
Do not expose customer names, emails, card numbers, PANs, raw payment references, raw order payloads, tenant secrets, raw tenant IDs, raw policy IDs, approval IDs, API keys, passwords, tokens, or internal operator notes.
Sample
A sanitized sample is available at /verify/sample-proof-pack.json.
Hash and redaction discipline
A Proof Pack should be useful without being leaky. Store enough structured evidence to reconstruct the decision path, but publish only safe labels, hashes, sanitized reason codes, and redaction status. A public hash proves continuity of evidence without turning the public website into an internal ledger browser.
Implementation notes
Keep the HaltState call as close as possible to the side effect. The agent may plan and draft freely, but the wrapper around the actual action should be the place where authority is checked. That wrapper should send only the context required for policy evaluation: safe identifiers, normalized amounts, action names, risk flags, schedule windows, and redaction status. Raw customer payloads and secrets should stay in the business system or protected operator tooling.
Operational evidence
For each action, preserve the decision, the worker outcome, the idempotency key, safe resource references, latency, proof status, and redaction status. This evidence supports incident response and control narratives because it shows what the system did at runtime rather than only describing what the policy document intended. HaltState supports alignment work; it is not a substitute for legal advice or a compliance certification.