Public Release - 2026-07-09

Observation, recommendation, and execution are three different authority states.

Artifact: observation_action_split_v1. This note separates what an agent can observe, what it can recommend, and what it is authorized to execute when connected to APIs, payment flows, CRM systems, support desks, or other operational tools.

claim_id observation_record recommendation_record execution_request authority_source tool_boundary risk_state fallback_route audit_record review_status
Observation Action Split v1 public evidence visual.

Artifact

Seeing a fact does not authorize an action.

When agents are connected to APIs, payments, CRM records, tickets, or backend tools, a common failure is to collapse observation, recommendation, and execution into one permission state. The review packet keeps those states separate.

A recommendation must not silently become execution.

Authority Route

A recommendation must not silently become execution.

The packet records the observed fact, the recommendation, the requested execution, and the authority source that permits or blocks the action. This prevents an automation workflow from using tool access as a substitute for decision authority.

High-impact actions need an audit record before the button is pressed.

Review

High-impact actions need an audit record before the button is pressed.

Payment flows, API writes, account changes, CRM updates, and customer-facing actions require a traceable split between recommendation and execution. If the risk state is unclear, the route should fall back to approval, dry run, downgrade, or abort.

1

claim_id

The public claim under review.

2

observation_record

The fact, event, metric, API response, ticket, payment state, or CRM record observed.

3

recommendation_record

The proposed action, ranking, next step, or human-facing suggestion.

4

execution_request

The concrete action the agent or automation is being asked to perform.

5

authority_source

The user, role, policy, approval step, contract, or delegated authority.

6

tool_boundary

The API, payment button, account, CRM object, support action, or backend permission boundary.

7

risk_state

The operational risk state: low, elevated, blocked, unclear, stale, or conflicting.

8

fallback_route

The deterministic next step: ask, dry run, require approval, downgrade, log, or abort.

9

audit_record

The trace preserving observation, recommendation, authority, and execution decision.

10

review_status

The recorded state: supported, narrowed, pending, or retired.