What counts as a receipt in Threada?

Each governed action records the actor, the inputs, the evidence it relied on, the policy that allowed it, and the outcome. Together those fields are the receipt for that step.

Does this slow operators down?

Receipts are produced by the runtime as a by-product of normal work, not as a separate logging task. Operators approve and act; the record assembles itself.

Can AI actions leave receipts too?

Yes. Agent actions, comments, and approvals appear as explicit actor events distinct from human users, so a timeline shows who or what did each step.

Why Every Action Should Leave a Receipt

Most software remembers what changed. Far less software remembers why a change was allowed, who or what decided it, and what evidence the decision stood on. That gap is where trust quietly erodes. An operations team can usually answer “what is the state now”; it often cannot answer “show me how we got here, and prove we were allowed to.”

Threada is built so that the second question is always answerable. Every governed action leaves a receipt.

What a receipt actually contains

A receipt is not a log line. A log line says “something happened.” A receipt says enough to reconstruct and defend a decision later. In Threada, a governed action records:

The actor. A human operator or an AI participant, recorded as distinct actor events. An agent’s approval never masquerades as a person’s.
The inputs. The WorkItem, its extracted entities, the requester identity, and the source channel the request arrived on.
The evidence. The citations, retrieval trace, and — when context was insufficient — the explicit fallback reason. Work cannot be created without either citations or a recorded fallback reason.
The policy. Which policy set was active, at what version, and whether it applied tenant-wide or to a narrowed pack, workflow, channel, or requester group.
The outcome. Whether the action was proposed, approved, rejected, executed, succeeded, or failed — with the linkage back to the external record it touched.

Read those fields together and you have a defensible account of a single step. Read them across a WorkItem’s lifecycle and you have its full history.

Auditability as a default, not a feature you bolt on

The temptation in most systems is to add audit later: ship the feature, then wrap it in logging when a customer asks for SOC 2 evidence or a regulator comes calling. That ordering is backwards. Audit added afterward is always partial, because the system was never asked to carry the context at the moment the decision was made.

Threada inverts the order. The runtime emits structured events at every meaningful transition — work_item_created, approval_requested, approval_decided, action_proposed, action_executed, fallback_triggered — because the act of doing the work is the same act that records it. There is no separate “turn on auditing” step, because there is no moment where work happens off the record.

This is what we mean when we say the model is records-and-receipts. The record is not a report you generate; it is the residue of doing the work correctly.

Why receipts change how teams operate

A receipt is useful to the auditor at the end of the quarter. But its quieter value is to the operator in the middle of a Tuesday.

When every action carries its evidence and its policy basis, three things get easier:

Review becomes fast and honest. An approver does not have to reconstruct context from memory or chase the requester for the original ask. The evidence sits beside the action. Confidence, reversibility, and clarity are visible at the point of decision, so reviewers optimize for reviewability rather than speed alone.
Reversal becomes safe. Because the receipt names the policy version and the inputs, rolling an action back is a defined operation, not an archaeology project. You know what you are undoing and why it was done.
Accountability stops being adversarial. When the record assembles itself, “who approved this” is not an accusation — it is just a field. Separation of duties between builder, approver, and governance roles is enforced and visible, so the question of accountability is answered before anyone has to ask it.

High-risk work stays human, on the record

Receipts do not mean everything is automated. They mean everything is accountable. High-risk automations follow an explicit human-in-the-loop progression — proposed, then approved, then executing — and only auto-execute where a policy explicitly allows it. The receipt records which of those paths a given action took. Automation and approval are not in tension; they are both just steps that leave a trace.

The result is a system you can hand to an auditor and to a new operator with the same confidence. The auditor sees that the controls held. The operator sees how the last person handled the case in front of them. Both are reading the same receipts.

That is the bet underneath Threada: that the cheapest time to capture why a decision was allowed is the moment you make it, and that a team which never works off the record is a team that can always answer the second question.