Reading the results
The Receipt corpus is the artifact. Three questions, two outcomes, one Phase 2 path.
The corpus structure
At day 30, the chain of Receipts is the deliverable. Each Receipt records one decision. The chain is hash-linked, so every modification to a historical Receipt invalidates every Receipt downstream.
Each Receipt references one SDC instance, populated by the team from the template the on-ramp produced, validated on import, and resident in the generated app's knowledge graph.
The receipt_hash is computed using RFC 8785-aligned canonical JSON: keys sorted, no whitespace, comma-colon separators, UTF-8 with no ASCII escaping. This makes the corpus reproducible across implementations: any verifier following the same canonicalization can recompute and confirm the chain.
The three audit questions
1. Which decisions had complete provenance?
Every ProvGov field the rule needed was present (provenance activity, party role, attestation status, classification, validation hashes). Every dimension checked. No errors. status_code OK. Count these. They are the baseline for compliance documentation. If most of the corpus answers yes, you have evidence of de facto governance.
2. Which had gaps?
Missing ProvGov fields the rule expected, INDETERMINATE outcomes, dimensions that should have been checked but were not, missing attestation, validation hash mismatches, errors. These are the governance gaps you found before they became audit findings. List them by rule and by frequency.
3. Which would have been refused under enforcement?
The DENY rules that fired during the observation period tell you what production would have stopped. This is the strongest signal for Phase 2 scope: the structural enforcement work that converts observation into prevention.
The two outcomes
Gap-free
The decision flow has the provenance you assumed. The Receipt corpus becomes your compliance documentation.
Next steps: set the baseline. Instrument continuous monitoring. Move on to the next decision flow you want documented.
Gap-found
You have a specific list of decision flows where structural enforcement would have prevented the gap.
Next steps: that list scopes Phase 2. Convert observation to prevention on the gaps that matter most. The audit gave you the empirical case.
Phase 2 in plain terms
Phase 2 is structural enforcement on the specific flows the audit flagged. Same architecture, different operating mode: sdcgovernance moves from observation to gating. A DENY now refuses the decision instead of just logging the would-be refusal.
Phase 2 is scoped. It is not a switch you flip across all flows. The audit identified which specific flows benefit from enforcement, and Phase 2 implements enforcement on those flows only. Same procurement-defensible discipline as the audit.
The architectural framing the audit makes visible
The substrate-and-monitor architecture works because the substrate is observable. What makes it observable is the ProvGov layer riding alongside the domain data, anchored to public standards (W3C PROV-O, W3C VC 2.0, OMG DMN, W3C DPV, W3C SCXML). Most governance frameworks treat governance as an output filter, an additional layer that watches what the model does and intervenes after the fact. That works the way clamping a number after the fact works: as theater. The cost stays at the runtime layer, where it compounds with every decision.
SDC's inversion is to put the constraint in the data, not in the filter. The model reads from a substrate that has boundaries, semantics, and governance evidence already in it. The constrained output is the only output in the distribution. The audit makes that visible. The Receipt corpus is what observation looks like when the substrate is real.
Ready for the Phase 2 conversation?
Bring your gap-found list. We will scope the structural enforcement work to the specific flows that benefit from it.
contact@axius-sdc.com