What Was Known When It Was Decided

Your AI agent deleted 47 personal data records under GDPR Article 17 — the right to be forgotten. Six months later, the regulator asks why.

You can prove the action was authorized. You have the signed token, the policy evaluation, the hash-chained ledger entry. The enforcement layer did its job.

But the regulator doesn't ask was it authorized?

They ask: what did the agent know when it made that decision?

Which data subject request triggered it? What retention policies were in scope? Was the legal hold check current or stale? Did the agent have access to the updated guidance from Tuesday, or was it operating on last week's context?

You don't know. Because your governance system recorded the decision, but not the knowledge state behind it.

The gap nobody's talking about

The AI governance landscape is crowded with guardrails, policy engines, and observability platforms. They solve real problems:

Guardrails filter what goes in and comes out

Policy engines decide yes or no

Observability records what happened

Enforcement proves it was authorized

None of these answer the harder question: was the decision made against the right knowledge state?

Authorization without epistemic integrity is formally compliant — and substantively wrong.

An agent can be fully authorized to act, operating within policy, with a clean audit trail — and still make a decision based on stale, incomplete, or contaminated context. Today's governance systems would record that decision as compliant.

That's a structural gap, not a feature request.

Epistemic attestation: a new governance surface

We're introducing a concept we call epistemic attestation — binding the knowledge state of an agent to its decision record at the moment of decision, deterministically, cryptographically.

At decision time, the governance layer captures:

This attestation is included in the signed decision record. It becomes part of the governance ledger — immutable, hash-chained, replayable.

At replay time, you don't re-run the search. You don't hope the vector database returns the same results. You retrieve the original documents by ID, recompute their hashes, and verify they match what was committed. Deterministic. No BLAS sensitivity. No float ordering drift.

The replay proves: the agent committed to this epistemic state when it decided. Not that the retrieval engine would behave the same today.

That distinction matters.

Why this isn't RAG observability

RAG observability tools record retrieved chunks, similarity scores, and prompt context for debugging. That's useful for development. It's not useful for governance. The differences are structural:

Observability tells you what the retrieval pipeline did. Attestation proves what the agent was committed to when governance signed the decision.

What epistemic attestation is — and isn't

It does not prove the agent was right. It proves what the agent was committed to when it decided.

That's a critical distinction. Epistemic attestation does not guarantee correctness. It guarantees attributable epistemic state. The agent may have retrieved outdated documents. The embedding model may have ranked poorly. The knowledge store may have been incomplete. All of that is visible in the attestation — and all of it is verifiable after the fact.

The attestation binds to state, not to retrieval behavior.

The canonical schema

The schema is minimal by design:

The enforcement point is the governance session, not the kernel. If a policy requires epistemic attestation and the attestation is missing, the decision is denied. Fail-closed. Same principle as every other governance surface we've built.

The category expansion

Before epistemic attestation, governance answers: was this action authorized?

After: was this action authorized, given what was known?

That distinction will define the next phase of autonomous systems.

Every enterprise deploying autonomous AI will eventually face this question: what did your system know when it decided to act?

The organizations that can answer it — deterministically, cryptographically, without re-running any pipeline — will deploy. The ones that can't, won't.

As autonomous systems move from assistants to actors, accountability must move from narrative to structure.

Authorization was the first step. Epistemic attestation is the second.

AmplefAI is building the constitutional layer for autonomous AI. Epistemic attestation is live — every governed decision now carries cryptographic proof of what was known when it was decided.