Decision Chain Proofs

Decision Chain Proofs extend VaultCrux's existing proof infrastructure from answer-level receipts to full decision-level chains. The existing Proof Pages (available at proof.vaultcrux.com) show that an answer existed and was verified - they are answer-focused. Decision Chain Proofs show the complete sequence: constraint checked, evidence retrieved, confidence scored, action taken, outcome recorded. This is the artefact that matters for agent-native service interoperability - not just "was this answer correct?" but "was this decision made responsibly?"

Each Decision Chain Proof Page is a stable, public URL that renders the full causal chain for a specific agent decision in a human-readable format. The page shows the decision identifier and timestamp, the verification receipt from verify_before_acting (if the decision was pre-verified), each check source and its result (Shield clearance, Engine sufficiency, Watch alert status, Constraint matching results), the evidence sources used (artifact IDs, not content), the outcome, and any supersession events that followed.

What the proof page deliberately does not show is any underlying content. It does not disclose artifact text, query text, tool parameters, or the specific details of the decision. The proof page proves that the chain existed and was verified - it does not reveal what was decided about. This is safe-by-construction for external sharing: a vendor, auditor, or counterparty can verify that your organisation's agent followed a responsible decision process without gaining access to your proprietary knowledge base.

The cryptographic verification data on each proof page includes the BLAKE3 hash of the full decision chain, the Ed25519 signature via Vault Transit, and the receipt chain linking this decision to its evidence sources. Any party with the public key can verify the signature independently. The receipt chain is navigable - from the decision receipt, you can traverse to the retrieval receipts for the evidence, and from there to the ingestion receipts for the source documents. Each link in the chain is independently verifiable.

Cross-platform receipt anchors make this verification portable beyond the VaultCrux boundary. A receipt anchor is a compact, self-contained proof token that can be embedded in external systems - a contract management platform, a compliance database, a vendor portal - without requiring those systems to understand VaultCrux's internal data model. The anchor contains the decision hash, the signature, and a verification URL. The external system stores the anchor; verification happens against VaultCrux's proof infrastructure on demand.

The capability discovery tool (get_platform_capabilities) completes the external surface by providing a machine-queryable manifest of available tools, required trust tiers, and credit costs. This enables agent-to-service evaluation: an agent running on one platform can programmatically determine what VaultCrux offers, what it costs, and whether its current trust tier permits access - without reading documentation or making speculative API calls. This is the infrastructure layer for the agent-native web thesis: services that describe themselves in machine-readable terms so agents can compose workflows across platform boundaries.