Audit a Decision End-to-End

routing bitemporal compliance For: governance & audit

This guide threads the whole Briefcase lifecycle through a single decision: a triage agent routes a support ticket, and six months later someone asks you to prove what happened. By the end you will have a sealed artifact that reconstructs the decision, the evidence it used, and the exact policy version in effect — and verifies it was not altered.

Install the extras used here:

pip install briefcase-ai[routing,bitemporal,compliance]

Record the evidence the decision depends on

Evidence lives in an append-only bitemporal store. Each record carries valid time (when the fact was true) and transaction time (when you learned it), so corrections never overwrite history.

from datetime import datetime, timezone
from briefcase.bitemporal import BitemporalRecord, InMemoryBitemporalStore

store = InMemoryBitemporalStore()
now = datetime.now(timezone.utc)

evidence = BitemporalRecord.new(
    key="config:max_retries",
    valid_time=now,
    value=3,
    source="config-service",
)
store.append(evidence)

Define the policy that governs the decision

A PolicyVersion is a set of rules published to a registry. Publishing is an append, so “the policy as of date X” always returns exactly the rules that were active then.

from briefcase.routing import PolicyRegistry, PolicyVersion, PolicyRule

registry = PolicyRegistry()
policy = PolicyVersion(
    policy_id="ticket-routing",
    version="1",
    rules=[
        PolicyRule(
            rule_id="high-priority",
            condition={"priority": "high"},
            choice="senior-queue",
            rationale="High-priority tickets go to the senior queue.",
        ),
    ],
    default_choice="standard-queue",
)
registry.publish(policy, valid_from=now)

Make the routing decision

The AgentRouter evaluates the context against the active policy and returns a decision that references the evidence it used.

from briefcase.routing import AgentRouter

router = AgentRouter(registry, use_case="ticket-routing", policy_id="ticket-routing")
decision = router.route({"priority": "high"}, evidence_refs=[evidence.record_id])

print(decision.selected)         # "senior-queue"
print(decision.matched_rule_id)  # "high-priority"
print(decision.policy_version)   # "1"

Seal a tamper-evident bundle

An ExaminerBundle joins the decision, the bitemporal evidence, and the policy version in effect, then seals the whole thing with a SHA-256 content hash. verify() raises if a single byte changes.

from briefcase.compliance import ExaminerBundle, BundleIntegrityError

bundle = ExaminerBundle.build(decision, store, registry)
print(bundle.content_hash)   # "sha256:..."
bundle.verify()              # raises BundleIntegrityError if tampered

Transport it and re-verify

The bundle serializes to JSON, so it can leave your system and be checked anywhere — the hash makes it self-validating.
```
restored = ExaminerBundle.from_json(bundle.to_json(indent=2))
restored.verify()
```
Reconstruct what was known at the time

Months later, the underlying config may have changed. Because evidence is append-only, you can reconstruct the store as of the decision’s moment and read exactly what it saw.
```
from briefcase.bitemporal import AsOfView

view = AsOfView(store, transaction_time=now)
print(view.as_of("config:max_retries").value)   # 3, as it was at decision time
```

Where this fits

This guide stitches together four building blocks. Go deeper on each:

Bitemporal Storage Two time axes and append-only corrections — the evidence layer.

Versioned Routing Policy Time-travelable policies and the rule that fired.

Audit Bundles Sealing and verifying the full record.

Govern Agent Actions Add controls that run before the action, not just after.