# Sample DecisionTrace Explainer

## Purpose
Explain the fields in the sample decision trace and why they matter for the PDP-backed governed runtime review path.

## Audience
- Operators
- Security and risk reviewers
- Enterprise evaluators

## Field Notes
- `traceId`: unique identifier for the governed decision event
- `contractId`: identifies the runtime-governance contract used
- `contractVersion`: records the contract version in force
- `policyPackVersion`: identifies the pack or policy version used
- `decision`: governed outcome returned by SDE
- `reasonCode`: stable machine-readable explanation for the outcome
- `confidenceState`: reliability posture used in the decision
- `request`: relevant runtime request context
- `constraints`: restrictions returned instead of a simple allow
- `evidence`: review-path metadata used for governance operations
- `timestampUtc`: event timestamp for ordering and audit review

## Why This Matters
A decision trace should tie the runtime outcome back to the governing contract, policy version, reason code, and review posture. That is what makes the result explainable and operationally reviewable.

## Scope Note
This sample trace represents the paid governed mode, not the standalone free local-hardening mode. In standalone mode, reviewers should validate the configured allowlist posture and blocked-tool behavior rather than expect a full PDP decision trace.
