DECISION RECEIPT PACK (2026) Use this to govern AI assistants and system agents without banning them. 1) Decision Receipt (one per meaningful change) Paste into PRs, tickets, or incident channels. - Intent (1 sentence): What outcome are we trying to produce for a user or the business? - Scope (systems touched): List systems and boundaries: e.g., “GitHub repo X (read/write via PR only), Jira (write: labels only), Zendesk (draft only).” - Evidence (links only): Ticket/issue link: Docs/spec link: Logs/transcript link (agent run): Dashboard/metric link (if relevant): - Risk notes (1–2 bullets): Name specific failure modes: security exposure, customer misstatement, cost blow-up, data integrity. - Owner (name): The person accountable for outcomes. - Approver (name): The person who must sign off (can be same as owner for low-risk work). - Rollback plan (1–2 lines): How to undo or mitigate quickly. 2) Approval Ladder (apply to any agent action) A) Read-only - Allowed: search/summarize/pull metrics - Controls: scoped read tokens; PII redaction rules - Audit: prompt + tool calls + sources retrieved B) Draft - Allowed: draft PRs/emails/customer replies - Controls: human approval before send/merge - Audit: diff + reviewer sign-off + linked ticket C) Low-risk write - Allowed: tagging issues, scheduling, status fields - Controls: rate limits; reversible operations - Audit: change log + agent identity D) High-risk write - Allowed: refunds, access changes, production config - Controls: two-person approval; step-up auth; explicit runbook - Audit: approval record + before/after snapshot E) Irreversible/regulated - Allowed: none autonomously - Controls: dedicated workflow; compliance/legal review - Audit: formal ticketing + retention + escalation trail 3) “Monday Morning” Checklist (fast start) - Choose one high-blast-radius workflow (refunds, permissions, prod config, customer promises). - Assign an agent identity (no shared bot accounts). Scope credentials to the minimum. - Add the Decision Receipt to the place work already ships (PR template, Jira issue template, runbook). - Require human approval for any write action beyond low-risk writes. - Ensure logs exist: tool calls + retrieved sources + final action. - Do one dry run: can you reconstruct what happened in under an hour? If you can’t answer who approved what, based on which evidence, you don’t have an agent system. You have a liability.