Approval is not the default
Approve, Override, and Dismiss carry equal visual weight on every card. For consequential decisions, Approve is gated until the strategic context has been opened — preventing rubber-stamping by design.
AI AGENT ACCOUNTABILITY FRAMEWORKYour agents make decisions.
Your agents make decisions.
You make them defensible.
The interface human decision-makers use to approve, override, or dismiss AI agent proposals — and produce an immutable record that satisfies the EU AI Act Articles 12, 13, and 14 at the moment of decision.
EU AI ActArt. 12 / 13 / 14
IBM CarbonDesign system
Manifest-versionedEvery record
SHA-256 sealedRecords immutable
Overview · 46s · narrated · unmute for sound
DESIGN TENETS
Built for the regulator and the operator — at the same time.
The brief is immutable
The exact proposal shown to the approver is captured verbatim and sealed in a SHA-256 hash. Six years later, the record renders the same — what they saw, what they decided, what was executed.
Manifest-versioned, not vibes-versioned
Every decision records the manifest version it was made against. When rules change, you can prove which rules applied to a given decision. No retroactive reinterpretation.
Multi-agent attestation
TX-1, SS-1, and Swarm Lite all submit through the same schema. Records carry witness hashes from each system that corroborated the proposal at decision time.
PRODUCT TOUR
From inbox to immutable record in under five minutes.
1 · Inbox
Proposals arrive from TX-1, SS-1, and Swarm Lite into a single inbox. Accent strips telegraph decision type before the user reads a word. Urgent expiries surface in red.
2 · Card with gate
Approve is greyed and locked. The strategic context block must be opened first. This is the mechanism that prevents rubber-stamping on consequential decisions.
3 · Context reviewed, approve unlocked
Manifest priorities, triggered risk flags, and affected accounts surface. Sensitive accounts carry visible badges. Reviewed flips green. Approve activates.
4 · Override, don't reject
Modify the action values, capture rationale, acknowledge conflicts. Both the original proposal and the modified one survive in the record. The agent is not punished for being wrong — both states are useful.
5 · Decision summary
Card transitions to an immutable summary. Agent proposed vs. executed, side-by-side. Rationale captured. The decision record is sealed with a SHA-256 hash.
6 · Forensic record
Six years later, audit opens the record. Brief as presented. Reasoning. Alternatives. Risk flags. Decision. Rationale. Action executed. Outcome. EU AI Act articles satisfied at decision time.
BUYER SCENARIO
Rachel Torres has ten days.
Head of Procurement Operations at a mid-market manufacturer. Her AI agents make supply-chain decisions every hour. Her CFO needs a board-ready governance narrative — not a log file — by the quarterly review.
I have agents making thousands of routing decisions a day. The board doesn't want a stack trace — they want to know that when a decision affected a Tier-1 contract, a person looked at it and chose.
When the auditor asks why did you approve this, I need to open one document. Not seventeen Slack threads.
I don't want to slow my agents down. I want to slow myself down — but only on the decisions that actually matter.
Two ways to dig in.
Watch the auto-driven walkthrough first to see the full flow in about forty seconds — or jump straight into the live app and run the Chicago Bottleneck scenario yourself. No signup required for either.