Ambit Observatory

The decision ledger is not a log archive. It is the source material for audit, assurance, and policy-readable behavioural evidence.

Ambit Observatory turns Authority’s decision ledger into explanations, attestations, and derived facts that survive incident review, policy review, and regulatory inquiry. It answers the questions that follow a governance event: what happened, why it was allowed or denied, which policy and delegation were in effect, what consequence topology was bound into the decision, whether the outcome was correct, and which behavioural facts policy may require next.

Authority can operate without Observatory: it still decides before execution and emits tamper-evident, hash-verifiable evidence, including resolved consequence context when applicable. What Observatory adds is the assurance layer over that evidence — explanation, ledger verification, evidence bundles, behavioural signals, consequence interpretation, and policy-readable derived facts.

Observatory does not reinterpret or override decisions. It derives explanations and policy-readable evidence from Authority’s decision records, and derived facts become consequential only when policy explicitly requires them in a later evaluation. If explanations are reconstructed from logs instead of derived from decisions, governance is not provable.

Authority decides. Observatory makes decisions provable and evidence reusable.

With Observatory

✓

Structured Query

Query the decision ledger by actor, action, time range, or delegation — every decision indexed.

✓

Governed Traces

Read a structured explanation with delegation, policy, and decision linked to the action that triggered it.

✓

Evidence Bundles

Export a tamper-evident evidence bundle for the review committee — decisions, not logs.

✓

Pattern Detection

Surface patterns across decisions — denials, approvals, escalations — before the next incident.

Without Observatory

✗

Log Archaeology

Grep through application logs across multiple services to reconstruct what happened.

✗

Timeline Guesswork

Piece together a sequence of events from scattered timestamps and partial context.

✗

Policy Ambiguity

Argue about whether policy applied — no structural proof that governance occurred.

✗

Reports from Memory

Produce a post-incident report from recollection, screenshots, and best guesses.

Built For

Observatory is not a generic dashboard. It exists for situations where governance evidence must be explained, verified, or made policy-readable.

Incident Review

Trace any denied or escalated action back to the delegation, policy, and decision that governed it. Start from evidence, not logs.

Audit Preparation

Export time-bounded governance evidence for regulatory inquiry — decisions, delegations, policy versions, and outcomes.

Behavioural Preconditions

Publish ledger-cited actor facts that policy may require later, without making Authority depend on hidden live model state.

Consequence Context

Explain the consequence facts Authority bound into a decision: reversibility, external binding, persistence, propagation scope, and review markers.

Policy Refinement

Surface patterns in denials and overrides that signal miscalibrated policy or excessive approval toil — before the next incident.

Integrity Verification

Independently verify the decision ledger is unbroken and complete. Hash-chained records make tampering detectable, and a missing decision for an executed action is a detectable bypass, not a silent gap.

Architecture

Observatory runs out-of-band, independent of any agent runtime or execution layer. It consumes Authority evidence records and governed traces; it does not gate actions or run model computation inside Authority. Behavioural findings become consequential only when policy explicitly declares a derived fact as required context for a later Authority evaluation. Consequence topology is different: Authority resolves it locally before the decision and records it as part of the decision context. Observatory explains those consequence facts after the fact, but does not invent or override them. Observatory never calls Authority, and Authority never consults Observatory's live model state. The decision ledger remains the source of truth; derived evidence records cite ledger provenance and replay-critical model configuration. For audit committees and board reporting, Observatory provides the evidence surface that derives institutional assurance from governance decisions — structured proof that policy was enforced, not just defined.

Agent

intent

Authority

1 Evaluate policy + delegation 2 Render decision: ALLOW | DENY | ESCALATE 3 Commit receipt (append-only)

synchronous · before execution · eval time recorded

Tool / API

consequential action

Observatory

1 Ingest receipts / governed traces 2 Derive outcome explanations + advisory signals 3 Recommend policy refinements (human review)

asynchronous · after decision

What Observatory Tells You

When an action is denied, Observatory does not just report the outcome. It explains why — grounded in the delegation, policy, and rule that determined the decision.

Observatory Explain Example

What happened

DENY data.provision by ops-agent-03 against production-db-01

Fingerprint

a3132830dd7e…c39e21b

Policy

org/platform/data-provision-v2

Why

pass time_window

pass delegation_required

pass delegation_signature

pass delegation_expired

match delegation_scope — target outside delegation scope (staging only)

Narrative

ops-agent-03 requested data.provision against production-db-01. Delegation del-8k3m-9n2p restricts scope to staging resources only. Target production-db-01 is outside the delegation's permitted scope. Action denied at the delegation scope boundary.

Synthetic example. In a live deployment, Observatory derives this from the Authority decision ledger.

Evidence Interpretation

Observatory derives explanations and policy-readable evidence from the Authority decision ledger across five evidence surfaces. Each is grounded in governance evidence — not inferred from application logs or reconstructed from metrics.

Governed Traces

Link an action's lifecycle to the decisions, delegation, and policy that governed it.

Actor

The principal and target of the action.

Root-Cause Narratives

Explain why an outcome occurred, grounded in what was authorised.

Governed Trace Example

action: data.provision
principal: ops-agent-03
target: production-db-01
decision: DENY

Root-Cause Narrative

Advisory Signals

3rd denied data.provision against production targets by ops-agent-03 this week. Repeated attempts suggest a workflow expecting production access that the delegation does not grant.
Consider issuing a production-scoped delegation or updating the workflow configuration for ops-agent-03.

Synthetic data for illustration. Not from a live system.

Evidence Bundles

Export time-bounded evidence for audit and incident review.

Advisory Signals

Population-level patterns — drift, pressure, escalation quality. Advisory only; for human review.

Behavioural Signals

Per-actor anomaly scores from each actor's own history. Policy may declare them as replayable, checkpointed preconditions under stated rules.

Consequence Topology

Decision-bound context showing what the action would create if allowed: reversible or irreversible, local or externally binding, transient or persistent, contained or propagating.

Every explanation traces directly to the Authority decision ledger. Derived behavioural facts cite ledger records, model configuration, and posterior checkpoints; they are not hidden live model state. Consequence topology cites the decision context Authority resolved before evaluation. The evidence surface is only as strong as the decisions it can trace.

Execution Assurance

Observatory provides execution assurance for autonomous systems by generating single-artefact governance attestations from the Authority decision ledger. No dashboard, no external service — a static, self-contained attestation artefact suitable for audit committees and board reporting.

Governance Evidence Report observatory_report.html — generated 2026-02-23T07:11:04Z

PASS Ledger chain verified — 11 records (seq 1–11)

integrity: verified
policy_hash: 3b4aa736101d…8f46760b4c9e
ontology_hash: 399958dff9c2…e384fd0159c7

Ledger records

8 decisions + 3 outcome records

Decision records

Pre-execution governance decisions

High-risk escalations

Actions flagged for human approval

Decision matches

Rules that determined the outcome

The ledger chains every record — decision records capture pre-execution governance evaluations, outcome records capture downstream results after execution.

Decision	Count
ALLOW	3
DENY	4
ESCALATE	1

Top matched rules

default_allow3

delegation_required2

destructive_needs_approval1

approval_replay1

context_justification1

Excerpt from a single-artefact HTML governance report. The full report includes latency percentiles, sample decisions, and actor breakdowns.

See behavioural baselines and approval assurance run in the demos →

Observatory interprets evidence. Authority decides.

Authority deep-dive