CertifiedData.io
Technical Specification · Decision Log

Decision Log Specification

A decision log is a structured, machine-verifiable record of an AI system's inputs, outputs, and execution context — designed to enable traceability, auditing, and reproducibility across the AI lifecycle.

CertifiedData implements decision logs as cryptographic artifacts: SHA-256 fingerprinted, Ed25519-signed, and organized in a tamper-evident hash chain. This document is the normative schema reference.

Dual-chain architecture

CertifiedData maintains two parallel chains for every decision:

Internal chain

Full fidelity — actor identity, entity references, raw context, PII-containing fields. Access restricted to authenticated account holders.

Public chain

Sterilized — PII removed, governance-relevant fields retained. Publicly readable at /api/decision-log.

Schema — V1

{
  // Required
  "decision_id": "uuid",
  "timestamp": "ISO-8601",
  "record_hash": "sha256:...",     // SHA-256 of RFC 8785 canonical payload
  "previous_hash": "sha256:...",   // null for genesis record
  "selected_option": "string",
  "reason_codes": ["string"],
  "signature": "ed25519:...",

  // Optional — present when provided at ingestion
  "actor": { "type": "human|agent|system", "id": "string" },
  "model": { "name": "string", "version": "string", "provider": "string" },
  "policy": { "id": "string", "version": "string", "name": "string" },
  "artifact_reference": {
    "artifact_id": "string",
    "cert_id": "string",
    "artifact_type": "string"
  },
  "rationale_summary": "string",   // sterilized in public chain
  "evidence_refs": ["string"],
  "human_override": false,
  "approval_required": false,
  "certificate_id": "cert_..."     // links to CertifiedData artifact
}

Required fields

Field
Type
Description
decision_id
UUID
Unique identifier for the decision record
timestamp
ISO-8601
Execution time, embedded in signed payload
record_hash
SHA-256
Hash of the canonicalized decision payload (RFC 8785)
previous_hash
SHA-256 | null
Hash of the preceding record — null for genesis
selected_option
string
The decision outcome or action taken
reason_codes
string[]
Machine-readable structured codes explaining the decision
signature
Ed25519
Cryptographic signature of the canonical payload

Optional fields

Field
Type
Description
actor
object
{ type: human|agent|system, id: string }
model
object
{ name, version, provider } — AI model used
policy
object
{ id, version, name } — policy applied to the decision
artifact_reference
object
{ artifactId, certId, artifactType } — links to certified artifact
rationale_summary
string
Human-readable explanation (sterilized in public log)
evidence_refs
string[]
References to supporting evidence or context
human_override
boolean
Whether a human manually overrode the system decision
approval_required
boolean
Whether the decision required prior human approval
certificate_id
string
Links to a CertifiedData certified artifact

Canonicalization and signing

Before hashing, the decision payload is canonicalized using RFC 8785 JSON Canonicalization Scheme. This ensures deterministic hashing across all platforms and runtimes — the same payload always produces the same hash, regardless of key ordering or whitespace.

  1. 1. Serialize decision fields using RFC 8785 canonical JSON
  2. 2. Compute SHA-256 of the canonical bytes → record_hash
  3. 3. Append previous_hash from the preceding record
  4. 4. Sign the canonical payload with Ed25519
  5. 5. Store record + signature in the chain

API reference

POST
/v1/decisions

Ingest a single decision record. Auth: Bearer JWT or x-api-key.

POST
/v1/decisions/batch

Ingest up to 100 records in one request.

GET
/v1/decisions/search

Search internal records by actor_id, cert_id, date range.

GET
/v1/decisions/export

JSONL export of decision records (streaming).

GET
/api/decision-log

Paginated public chain (sterilized). No auth required.

GET
/api/decision-log/:id

Single public record by decision_id.

GET
/api/decision-log/:id/verify

Verify record hash + signature. Returns chain position.

GET
/api/decision-log/checkpoints/latest

Most recent sealed checkpoint of the public chain.

Log checkpoints

Periodic sealed checkpoints are created over the public chain. Each checkpoint contains: record count, latest record hash, previous checkpoint hash — signed with Ed25519. Third parties can verify log continuity by checking checkpoint hashes without reading every individual record. Checkpoints are created on a scheduled basis viaPOST /api/decision-log/checkpoints/create(CRON_SECRET gated).

Comparison to traditional logging

Traditional logs

  • • Mutable application records
  • • Internal-only — not independently auditable
  • • No cryptographic proof of integrity
  • • Inconsistent schema across systems

CertifiedData decision logs

  • • SHA-256 + Ed25519 signed — tamper-evident
  • • Public chain — independently auditable
  • • Hash-chained — chain breaks on tampering
  • • Normative schema — this document
Transparency Log UIDecision LineageEU AI Act Article 12Certificate SpecVerify a record

Start logging decisions

Ingest decision records via API. Each record is cryptographically signed and published to the public transparency chain.

Get API access →View public log