Decisions
Every call to detecte.verify() produces a decision. Decisions are immutable, addressable by ID, and queryable from the dashboard's audit log.
Shape
{
id: "dec_abc123…",
allowed: false,
status: "blocked", // allowed | blocked | escalated | pending_approval
reason: "Refunds over $1,000…",
policies_evaluated: [
{ id: "pol_xxx", name: "Cap refunds at $1,000", result: "blocked" }
],
risk_delta: 8,
approval_url: null, // populated when status === "pending_approval"
expires_at: null, // for pending approvals (24h)
metadata: { latency_ms: 38 }
}Anomaly
After policy evaluation, Detecte runs a behavioral-anomaly scorer against the agent's baseline. Signals include:
- Frequency — actions per hour vs. mean ± stdev
- Amount distribution —
params.amountagainst the per-action median, p95, p99 - Time of day — typical activity window
- Tool sequence — order of recent action types
- Recipient/target — new vs. recurring counterparties
If the composite anomaly score exceeds 75, an allowed decision is upgraded to escalated and the reason is the anomaly explanation. Above 90 for three consecutive actions, the agent's tier is auto-downgraded.
Idempotency
Pass idempotencyKey to verify() and Detecte will return the original decision on retries:
await detecte.verify({
agent: "support_bot",
action: "refund_order",
params: { orderId: "ord_8821" },
idempotencyKey: "ord_8821-refund-attempt-1",
});