Action domain

State Transitions

Infrastructure and configuration changes are the most litigated moments in incident reviews. DAR records the original transition at execution time, so remediation and rollback can’t rewrite history.

Receipt moment

Issue a receipt when the system commits a state change (apply/deploy/rotate/update/delete).

issueReceipt({ actor: "system|user", action: "apply|deploy|rotate|update_config|delete|rollback", object: "resource|service|policy|secret", ref: "change-request-or-run-id", policy: "policy-version-or-guardrail-id" // optional })

Preserved fields

change action · timestamp · stable change reference · resource reference
Optional: environment tag, approver reference, correlation reference

Common integration surfaces

CI/CD pipelines, IaC tooling, cloud control planes, secrets management, change management workflows.

Why this avoids “source of truth” liability

After outages, vendors get pulled into narrative reconstruction (“your system caused this”). DAR enables a narrower claim: “Here is the verifiable record of the change we executed at time T.” Interpretation remains outside the vendor boundary.

Example events

terraform_apply_executed deployment_promoted waf_rule_updated secret_rotated breakglass_policy_applied

Back to hub

Action Domains → #state