centaur-lang

Why AXR

The Shift

AI systems used to generate text. Now they act.

They book appointments. They approve loan applications. They reject insurance claims. They modify databases, trigger payments, send legally binding communications, and make decisions that affect real people — often without a human in the loop.

This is not a future scenario. This is the current state of production AI infrastructure in 2026.

The Gap

When a human employee makes a decision, there is a paper trail: emails, notes, approvals, signatures. When a human employee makes a mistake, there is someone to ask.

When an automated workflow makes a decision, what exists afterwards?

A log line that can be edited.
A dashboard that shows a summary.
A database row that can be overwritten.
A Slack message that says “booking confirmed.”

None of these answer the hard questions:

What exactly happened? Not what the dashboard says happened. What actually happened, byte for byte.
Which system made the decision? Not “the backend.” Which specific workflow, which version, which logic.
What input did it receive? The actual input, not a reconstructed approximation.
Was the record modified afterwards? Can anyone prove it wasn’t?
Why was a customer told “no”? Not “the system rejected it.” What was the specific reason, and was that reason computed from the actual input?

Logs don’t answer these questions. Logs are mutable. Dashboards don’t answer them. Dashboards show aggregates. Database records don’t answer them. Database records get overwritten.

The gap is not logging. The gap is proof.

What Proof Looks Like

HTTPS solved a similar problem for web traffic. Before HTTPS, there was no way to verify that the data you received from a server hadn’t been modified in transit. HTTPS introduced cryptographic certificates that made tampering detectable.

AXR does the same thing for automated decisions.

Every decision-relevant step in a workflow produces a receipt — a signed JSON object that records:

What the step received as input (hashed)
What the step produced as output (hashed)
Which agent, workflow, and logic version executed
When it happened
What decision was made

Each receipt is:

Signed with Ed25519 — the receipt was produced by the holder of the private key, and changing any byte invalidates the signature
Chained via SHA-256 hashes — each receipt links to the previous one; removing or reordering a receipt breaks the chain
Precise — in AXR 0.2, each step hashes its own actual input, not a uniform copy of the workflow’s initial payload
Independently verifiable — anyone with the public key can verify the entire log, offline, with a single command

No blockchain. No token. No central registry. No per-call fees. Just cryptography applied to the problem of execution accountability.

Why Not Just Logs?

Logs record what a system says it did.

Receipts prove what a system actually did.

The difference matters when:

A customer disputes a rejection and you need to prove the decision was computed from the correct input
A regulator asks whether your automated booking system has ever silently dropped a request
An operator needs to verify that a workflow change didn’t retroactively alter historical records
A client asks how you can guarantee that the AI agent acting on their behalf did what it claimed

Logs can be edited. Receipts cannot — or more precisely, editing a receipt produces detectable evidence of the edit. Two independent mechanisms (signature invalidation and hash-chain breakage) catch the same tampering.

Evidence from Production

AXR is not theoretical. The 0.2 specification was written after — not before — deploying the protocol on a real production workflow.

During the 0.2 deployment on a home-services booking workflow, AXR uncovered three pre-existing bugs. None were caused by AXR. All had been silently misinforming customers for weeks:

Bug B. The workflow was firing all three response branches — success, error, and conflict — on every single run, regardless of outcome. A customer whose booking was rejected for geographic incompatibility still received a “booking confirmed” admin email. The receipts made this contradiction visible: a ZONE_INCOMPATIBLE receipt cannot coexist with a success email.

Bug C. Rejected customers received a response body of {"error": "unknown_error", "message": "<their own form message>"}. The actual rejection reason was computed correctly by the decision logic — the receipts recorded it — but the response node was reading from the wrong data source.

Bug D. Recheck conflicts produced HTTP 200 responses with empty bodies. The workflow executed perfectly internally — the receipt chain was a valid 5-step conflict chain — but the customer received nothing. An n8n template-engine quirk silently swallowed the response.

Three bugs. All invisible without receipts. All discovered because the receipts produced an honest record that contradicted what the workflow was telling its customers.

An accountability layer is also a diagnostic layer. This was not the design intent. It was the practical consequence.

What AXR Is Not

AXR is not a chatbot. It does not talk to customers.

AXR is not an orchestration engine. It does not run workflows.

AXR is not a workflow builder. It does not design automation.

AXR is not a blockchain. It uses cryptography, not consensus.

AXR is not an AI governance framework. It does not define policy.

AXR is not an attempt to slow down autonomous systems.

AXR is an attempt to make them accountable.

The Question That Matters

The future will not merely ask:

Can AI systems act?

It will ask:

Can they prove what they did?

AXR is an early answer to that question.

This site is open source. Improve this page.