Request Access
← Blog

If You Can't Replay the Decision, It's Not Governance

· Art Harol

Every governance system claims to evaluate actions before execution. Few can prove that any specific evaluation actually occurred.

An auditor asks: “Was this action authorised?”

You present the evidence. They replay the decision with the recorded inputs.

They get a different answer.

At that moment, governance has already failed.

The decision depended on something that was not recorded — runtime state, model inference, ambient configuration. That dependency makes the decision unreconstructable. And a decision that cannot be reconstructed is not governance. It is an assertion with a timestamp.

For autonomous AI systems, this is not a theoretical concern. Every governance decision about every consequential action must be independently reconstructable. If it cannot be replayed, no auditor can verify it — and unverifiable governance is indistinguishable from no governance at all.

Determinism is not a property of good governance. It is a precondition for governance to exist at all.

The verification problem

Governance decisions must be independently verifiable. Not “verifiable by the system that produced them” — independently verifiable. A third party, with access to the evidence record, the policy, and the delegation artefacts, must be able to reconstruct the decision and arrive at the same outcome.

This is the difference between “trust us, we checked” and “here are the inputs — verify it yourself.”

If the decision cannot be reconstructed, it cannot be audited. If it cannot be audited, it cannot be proven. If verification depends on the originating system, governance has collapsed into trust. And governance that cannot prove itself is indistinguishable from ungoverned operation.

The purity requirement

For a decision to be independently verifiable, the evaluation function must be pure. A pure function produces its output from its declared inputs alone — nothing else influences the result, and the function changes nothing outside itself.

The evaluation takes three inputs. The canonical action — the fully specified description of what is being attempted, including an evaluation timestamp anchored to an authenticated time source. The delegation artefacts — the authority under which the action is claimed. The policy identity — the exact rules in effect at evaluation time.

That is all. If anything else enters the function, determinism is broken.

No ambient state. No runtime configuration that varies between deployments. No model calls. No probabilistic classification. No database queries. No network lookups. No inference.

Given the same canonical action, the same delegation artefacts, and the same policy identity, the evaluation must produce the same decision. Every time. On any machine. At any point in the future. Byte-identical inputs must produce byte-identical outputs — decision and evidence record alike.

This is not aspirational. It is a requirement that follows directly from the need for independent verification.

Two phases, one boundary

A governance evaluation involves I/O. Delegation chains must be validated. Revocation status must be checked. The canonical action must be assembled from the raw request. These operations touch the outside world — they read state, make network calls, verify signatures.

How does this reconcile with purity?

By separating two phases.

Resolution is the I/O phase. It fetches revocation status, validates delegation chains, assembles the canonical action representation, and determines which policy — at which immutable version — governs the evaluation. Resolution may involve mutable state, network calls, and fallible operations. Resolution produces integrity-protected inputs for the next phase.

Evaluation is the pure phase. It takes the resolved inputs — canonical action, delegation artefacts, policy identity — and produces a decision. No further I/O. No further state. The function is deterministic.

Both phases produce evidence. The resolution phase records what was fetched and how it was validated. The evaluation phase records what was decided and why. Together, they form a complete evidence record that a third party can examine.

The boundary between the two phases is the boundary between I/O and purity. If evaluation depends on unresolved or mutable state, determinism is lost — and with it, verifiability.

What determinism enables

Independent verification becomes possible. Any party with access to the evidence record can reconstruct the decision. The originating system does not need to be available. The decision is proven by the evidence, not by the system that produced it.

Third-party audit becomes possible. A regulator, an auditor, or a counterparty can take the recorded inputs, apply the recorded policy, and verify the outcome. The governance claim is falsifiable — and falsifiability is what separates governance from assertion.

Decision reconstruction becomes possible. For any action, at any point in the future, the decision can be reconstructed from the evidence record. Policy changes do not retroactively alter previous decisions, because each decision is recorded with the policy identity under which it was evaluated.

Temporal integrity becomes possible. Historical decisions remain interpretable under their original policy. No silent upgrades. No retroactive reinterpretation. The evidence record is a permanent, immutable attestation of what was decided, when, and under what rules.

This is why governance must be evaluated before execution — and why that evaluation must be deterministic.

The test

The test for deterministic governance is simple.

Take an evidence record from any governance decision. Extract the inputs: canonical action, delegation artefacts, policy identity. Feed them through the evaluation function. Compare the output to the recorded decision.

If they match — every time, on any machine, at any point in the future — the decision is governance.

If they don’t, it is not governance. It is a decision you cannot prove.