If an AI agent affected you, ask for the receipt.
If an AI agent changed a record, blocked a workflow, accessed a file, triggered a decision, or caused operational harm, the first question is not whether the agent seemed reasonable. The first question is: where is the record?
The receipt turns governance into something inspectable.
A Governed Action Receipt is a signed record of one governed action. It can show what was attempted, which policy applied, what the outcome was, who or what authorized it, when it happened, and whether the record still verifies.
The affected person may not have been in the approval loop. That is exactly why the receipt matters.
Use plain questions.
Was a receipt created?
Ask for the receipt for the action that affected you, and the public key needed to verify it.
Who authorized it?
Ask whether the outcome came from policy, a named human, the gate, or timeout.
Was the action routed?
Ask whether the action crossed the governed boundary, and whether a coverage report exists.
Can you provide the receipt for the AI-agent action that affected me?
Can you provide the public key needed to verify it?
What policy version and rule applied?
Was the action authorized by a human, allowed by policy, denied, or timed out?
Was this action inside the governed boundary, and is there a coverage report?VALID means intact. It does not mean correct.
A valid receipt means the record has not been changed since it was signed by the relevant key. It proves a governance event was recorded. It does not prove the decision was good, fair, lawful, complete, or wise.
If the receipt says the action was denied, but the action still happened, the boundary may have been bypassed or the receipt may not describe the action that affected you.
Disclosure
This page is general information about ZLAR's receipt concept, not legal advice. Rights, remedies, and access obligations depend on the organization and jurisdiction involved.