DECISIONAL LOGGING · TIER 1 BETA

Log AI decisions /
tamper-evident, chain-linked.

Three-tier pricing for any AI making decisions that matter — without requiring a revenue transaction. Every event is SHA-256 hash-linked to the previous and anchored nightly on Base mainnet; the nightly Merkle root is pinned to IPFS. No vendor — including Yolo — can alter or delete the record.

API key requests: agents@yolo.solutions · Status: Tier 1 beta (1,000 events/hr per key, Postgres-backed rate limit)

OVERVIEW

What decisional logging provides.

A single POST endpoint accepts a decision event, validates it against the Strict-B schema (hashes and non-identifying fields only), writes the event to the append-only audit chain, and returns the audit_id and chain_hash. The event is independently verifiable at https://yolo.solutions/verify/{audit_id} with no login required.

Decisional logging writes to the same audit chain as the Agent Commerce Protocol — same SHA-256 chain linkage, same nightly Merkle anchor, same Base mainnet provenance. The two surfaces are additive: the same API key and agent UUID work for both.

The audit chain produces the record-keeping evidence EU AI Act Article 12 requires of high-risk AI systems listed in Annex III. The Annex III enforcement date is August 2, 2026 (legally operative); a December 2, 2027 extension has been proposed via the EU Digital Omnibus provisional agreement (May 7, 2026) and is pending formal enactment. Plan for the earlier date.

TIERS AND PRICING · BETA

Three tiers, one endpoint.

The tier is set by the event_type field in each request. All tiers write to the same chain with the same hash linkage and nightly anchor. The difference is price and regulatory relevance.

routine

decision_routine

$0.0001 / event

High-volume operational decisions: content classification, risk scoring, eligibility checks. Log in bulk without per-event cost friction.

Examples: Spam filter verdicts, credit pre-screening, content tier assignments

consequential

decision_consequential

$0.01 / event

Decisions with meaningful impact on individuals or systems. Full rationale, model version, and input/output capture required.

Examples: Loan decisions, clinical triage output, insurance underwriting, hiring screens

high_stakes

decision_high_stakes

$0.10 / event

Decisions with direct legal, financial, or safety consequence. Evidence referenced by SHA-256 hash manifest (content stays with you). Supports regulatory audit obligations under EU AI Act Article 12.

Examples: Diagnostic recommendations, trading orders, parole risk assessments, autonomous vehicle routing

Pricing is beta. Final production pricing will be confirmed before Tier 2 GA. Evidence is referenced by SHA-256 hash manifest at all tiers — content is never sent to Yolo or pinned; it stays with the originator.

QUICK START · LOG YOUR FIRST DECISION

Replace YOUR_API_KEY with your issued key and YOUR_AGENT_UUID with the agent UUID the key is scoped to.

STEP 1 — Log a routine decision

# You compute content_hash locally over your readable decision; Yolo never sees it.
curl -X POST https://yolo.solutions/api/agents/YOUR_AGENT_UUID/log \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "event_type":    "routine",
    "content_hash":  "3b8e...<64-char SHA-256 hex>...a1",
    "model_id":      "spam-classifier",
    "model_version": "2026-05-01"
  }'

# Response (201):
# {
#   "audit_id": 1234,
#   "chain_hash": "abc123...",
#   "content_hash": "3b8e...a1",
#   "tier": "routine",
#   "timestamp": "2026-05-23T10:00:00.000Z",
#   "verification_url": "https://yolo.solutions/verify/1234"
# }

STEP 2 — Log a high-stakes decision with an evidence hash manifest

# You hash the readable decision AND each evidence file locally; send only hashes.
curl -X POST https://yolo.solutions/api/agents/YOUR_AGENT_UUID/log \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "event_type":    "high_stakes",
    "content_hash":  "9f2c...<64-char SHA-256 hex>...a1",
    "model_id":      "clinical-triage",
    "model_version": "2026-04-01",
    "evidence_manifest": [
      { "type": "json", "sha256": "be7d...<64-char hex>" }
    ],
    "correlation_ref": "opaque-ref-001"
  }'

# Response (201):
# {
#   "audit_id": 1235,
#   "chain_hash": "def456...",
#   "content_hash": "9f2c...a1",
#   "tier": "high_stakes",
#   "verification_url": "https://yolo.solutions/verify/1235"
# }

STEP 3 — Verify the entry publicly (no auth)

# The verification_url in the response is public:
curl https://yolo.solutions/verify/1235

# Or open it in a browser — any auditor, regulator, or counterparty
# can verify the chain hash math without credentials.

ENDPOINT REFERENCE

POST/api/agents/{uuid}/logapp/api/agents/[uuid]/log/route.ts

AUTH

Bearer <api_key> — the key must have agent_uuid matching the {uuid} in the URL. Mismatches return 403.

Logs one decisional event to the tamper-evident audit chain. Validates the Strict-B schema (hashes and non-identifying fields only), writes to agent_audit_log with SHA-256 chain linkage, and returns the audit id and chain hash. Rate limited to 1,000 events/hour per API key during beta.

REQUEST BODY

{
  "event_type":    "routine" | "consequential" | "high_stakes",
  "content_hash":  "string (required) — 64-char SHA-256 hex you compute locally",
  "model_id":      "string (required) — non-identifying model name",
  "model_version": "string (required) — version or checkpoint",
  "decided_at":    "string (optional) — ISO-8601 timestamp",
  "evidence_manifest": [        // optional — HASHES ONLY, never content
    { "type": "pdf" | "json" | "text", "sha256": "<64-char hex>" }
  ],
  "correlation_ref": "string",  // optional — opaque ref; SHA-256'd server-side
  "webhook_url":     "string",  // optional — receive delivery notification
  "webhook_secret":  "string"   // optional — required if webhook_url provided
}
// Strict-B: Yolo never receives readable PII. Readable fields (rationale, input,
// output, metadata, evidence content, raw correlation_id) are REJECTED with 400.

RESPONSE BODY (201 Created)

// 201 Created
{
  "audit_id":         12345,
  "chain_hash":       "sha256hex...",
  "content_hash":     "sha256hex...",   // the hash you submitted, as anchored
  "tier":             "consequential",
  "timestamp":        "2026-05-23T10:00:00.000Z",
  "verification_url": "https://yolo.solutions/verify/12345"
}

ERROR CODES

400Invalid/missing content_hash, model_id, or model_version; a rejected readable/identifying field (rationale, input, output, metadata, evidence content, raw correlation_id); an unknown field; or malformed JSON. Codes: readable_content_not_accepted, unknown_field, invalid_content_hash, evidence_content_not_accepted.

401Missing or invalid Bearer token.

403API key is not scoped to the agent UUID in the URL path (agent_mismatch).

429Rate limit exceeded: 1,000 events/hour per API key. Retry-After header included.

500Audit chain write failed. Internal error — contact agents@yolo.solutions with the request timestamp.

AUDIT CHAIN · HOW IT WORKS

Every event is cryptographically bound to the previous.

Each audit log entry stores a chain_hash computed as:

# Chain hash formula
SHA-256(agent_id + ":" + seq + ":" + prev_hash + ":" + payload_hash)

# First entry for an agent:
# prev_hash = "genesis"

# Verify any entry with openssl:
printf '%s' "<agent_id>:<seq>:<prev_hash>:<payload_hash>" \
  | openssl dgst -sha256 -hex

The full formula is published at /methodology. The nightly anchor cron commits a Merkle root per agent over that agent's entries since its previous anchor (bounded by sequence, not by date), making every event provable to a third party without trusting Yolo.

The verification_url returned with every response points to a public page showing the entry fields, the chain math inputs, and a copy-pasteable openssl command to independently recompute the chain hash. Auditors and regulators can verify any entry without credentials or Yolo system access.

EVIDENCE · HASH MANIFEST

Optional evidence manifest — hashes only, never content.

Include an optional evidence_manifest array to commit to your supporting material by hash. Each element is exactly { type, sha256 } — type is "pdf", "json", or "text", and sha256 is the 64-char hex you compute over the file locally. Sending raw evidence content is rejected (400, evidence_content_not_accepted).

The manifest is stored in the entry and covered by payload_hash, so the set of evidence hashes is tamper-evident and anchored on Base. The evidence files themselves stay with you — Yolo never receives or stores them, and nothing is pinned to IPFS.

To prove a document is the one referenced at decision time, hash it and compare to the sha256 in the manifest. This keeps sensitive evidence (clinical, financial) out of any public or vendor-held store while still binding it to the anchored record.

WEBHOOKS · TIER 1 BETA

Per-request webhook delivery with HMAC-SHA256 signature.

Supply webhook_url and webhook_secret in the request body to receive a signed delivery notification after the event is logged. In Tier 1 beta, webhook configuration is per-request (no stored config).

WEBHOOK PAYLOAD SHAPE

{
  "event":    "decision_logged",
  "job_id":   "<audit_id>",          // matches audit_id in the response
  "status":   "routine",             // the event_type tier
  "timestamp": "2026-05-17T10:00:00.000Z",
  "metadata": {
    "audit_id":   1234,
    "agent_uuid": "<uuid>",
    "tier":       "routine",
    "chain_hash": "abc123...",
    "content_hash": "9f2c..."
  }
}

SIGNATURE VERIFICATION

Every POST includes an X-Yolo-Signature: sha256=<hex> header. Verify it before trusting the payload. Use timing-safe comparison (e.g., crypto.timingSafeEqual in Node.js):

# Verify in bash
printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET"

# Compare to the value after "sha256=" in X-Yolo-Signature

If no webhook_secret is supplied with a webhook_url, a random 32-byte hex secret is generated per-event. This is insecure — always supply your own secret to enable verification.

RATE LIMITS · BETA

1,000 events per hour per API key during the Tier 1 beta. The window is fixed-hourly (resets at the top of each clock hour, not rolling). The rate limit is Postgres-backed and will be replaced with Redis at production scale.

When the limit is exceeded, the response is 429 with a Retry-After header (seconds until the current window resets) and a retry_after_seconds field in the JSON body.

KNOWN BETA LIMITATION

The check-then-increment rate limit has a narrow race window under concurrent load. At 1,000/hr this is not material in practice. Production Tier 2 will use atomic Redis-based rate limiting. Contact agents@yolo.solutions if your volume requires a higher limit before Tier 2 GA.

DISCOVERY

Machine-readable endpoint metadata is available at:

GET https://yolo.solutions/well-known/decisional-logging.json

# Returns: endpoint URL, tiers, rate limit, verification, evidence options,
# webhook behavior, and documentation link.
# No auth required. Cache-Control: public, max-age=3600.

COMPLIANCE

Decisional log entries produce the record-keeping evidence EU AI Act Article 12 requires of high-risk AI systems. Each entry is hash-chained and anchored on a public blockchain — independently verifiable by regulators, auditors, or counterparties. Annex III enforcement: August 2, 2026 (legally operative); December 2, 2027 proposed via EU Digital Omnibus, pending formal enactment.

VIEW COMPLIANCE DOCUMENTATION →INDUSTRY APPLICATIONS →REFERENCE IMPLEMENTATIONS →

API key requests, volume pricing, and enterprise onboarding.