Diligence
Legal scenarios for signed receipts.
This matrix explains the software boundary in five common buyer-review scenarios. AgentGuard records technical receipts. Customers operate their agents and choose their review process.
| Scenario | Likely named party | Legal theory | AgentGuard role | Mitigation |
|---|---|---|---|---|
| A. Agent sends incorrect customer communication | Customer operating the agent | Misstatement, contract, consumer protection | Receipt shows model, cap, posture, and policy decision at time of call | Use capability tiers, reviewer cascade for high-impact messages, and blocked-send policies |
| B. Receipt presented in regulator review | Customer presenting the record | Record weight and evidentiary challenge | Verifier checks hash chain and signature only | Export vendor due-diligence file and preserve raw local logs |
| C. Foreign-origin model used after opt-in | Customer account owner | Vendor diligence and procurement review | Consent receipt records opt-in, models, outcomes, and signer | Compliance posture blocks by default. Standard posture requires signed consent |
| D. Regulated workflow uses unsupported provider route | Customer configuring route | BAA, retention, residency, or vendor-review gap | Provenance block records hosting, jurisdiction, BAA field, and retention field | Use Bedrock, Azure OpenAI, Vertex, or enterprise direct routes where contracts support the workflow |
| E. Signing-key compromise alleged | Key custodian and affected operator | Authenticity challenge | Public key and chain hash enable independent detection of forged or missing links | Rotate keys, pin JWKS, store chain checkpoints, and verify receipt ranges |