A structured standard for capturing, enforcing, and auditing AI agent decisions — at the code layer, at runtime, and everywhere between. Open source. Deterministic. Governance without overhead.
AI coding agents have increased development velocity. They have also increased untraceable architectural decisions, undocumented AI influence, review ambiguity, and governance gaps. Most engineering teams cannot answer: why does this code exist? Was AI involved? Who approved it? What risk was acknowledged?
The same problem applies to production AI agents. They act quickly, but without a structured record of what was decided, why, and by whom, accountability is impossible after the fact.
Velocity without accountability is fragile.
Structured Decision Evidence Objects (DEOs) are created for every AI-assisted change — capturing intent, risk, and the agent or human responsible. Stored in the repository alongside the code.
Three levels — Light, Standard, Regulated. Configure governance depth per team or per environment. Rules are YAML. Evaluation is deterministic.
Pull request hooks enforce the standard at merge time. Missing decisions fail validation. Unapproved decisions block merge. The gate is configurable.
AI may propose. Humans approve. Every decision — made by agent or engineer — is recorded, signed, and attributable. The record does not depend on memory.
ProvenanceCode Standard operates at the pull request layer — AI coding agents (GitHub Actions, GitHub App, Cursor, Claude Code) submit DEOs with every change. Agent OS operates at the execution layer — any AI agent acting in production is intercepted, evaluated against policy, and recorded before it can touch infrastructure.
Together they form a complete provenance chain: from the first AI-assisted line of code, through review and merge, to every agent action in production. Decision Evidence Objects and runtime provenance records share the same schema. One audit trail, end to end.
A Decision Evidence Object (DEO) is the structured record created whenever an AI agent or engineer makes a consequential architectural or implementation decision. It captures intent, risk acknowledgement, alternatives considered, and who approved it.
DEOs are stored in the repository alongside the code they describe. They are versioned, diff-able, and auditable. They do not replace code review — they make code review defensible.
DEC-PROJ-CORE-000001
v1.0: DEC-000001 (also supported)
Map DEOs to specific workspaces and sub-projects within monorepos.
Automatic project and component linking for teams using Jira as a source of record.
Project / subproject / component — DEOs mirror your engineering org structure.
v1.0 format fully supported. Migration to v2.0 is optional and incremental.
The ProvenanceCode Standard is Apache 2.0. Read the specification, implement the GitHub Action, or deploy Agent OS for runtime governance — pick the layer that fits where you are today.