fbpx
SYSTEM: OPERATIONALOT/IT CONNECTORS: 150+AUTONOMOUS OPERATION: 15+ DAYSGOVERNED AUTONOMY: ENFORCEDAUDIT TRAIL: IMMUTABLEINDUSTRIES: MINING · OIL & GAS · ENERGYDEPLOYMENT: 3-6 MONTHS VIA APEXCONTROL LOOPS: 3,400+ SYSTEM: OPERATIONALOT/IT CONNECTORS: 150+AUTONOMOUS OPERATION: 15+ DAYSGOVERNED AUTONOMY: ENFORCEDAUDIT TRAIL: IMMUTABLEINDUSTRIES: MINING · OIL & GAS · ENERGYDEPLOYMENT: 3-6 MONTHS VIA APEXCONTROL LOOPS: 3,400+

Search Blog Articles & Latest News

Blog Archive Resource Library

Get practical insights on AI, Agentic Systems & Digital Twins for industrial operations

Join The Newsletter

Join Our Newsletter

"( )" indicates required fields

This field is for validation purposes and should be left unchanged.
Name( )
Consent( )
Articles, Blog, CEO'S Blog

The Decision Traces You Have and the Ones You Need

Posted on by Pieter van Schalkwyk
Digital twin

Pieter Van Schalkwyk

CEO at XMPRO

This article originally appeared on XMPro CEO's Linkedin Blog, The Digital Engineer

Jaya Gupta argues that decision traces are the moat in her recent follow-up article on the decision traces topic. I agree. But the barrier to using them isn't what most people think.

Her focus is professional services. Law firms, healthcare systems, financial institutions. These organizations have decades of institutional intelligence documented, but confidentiality makes it legally unusable. They can't let AI synthesize across client matters without exposure.

Industrial operations face a different barrier. We can share knowledge freely across sites and teams. Equipment identities aren't confidential. The problem isn't access. It's that the most valuable decision traces don't exist in any system.

The question isn't just "can you capture decision traces?" It's "can you trace what influenced what?"

Two Problems, Same Moat

Jaya focuses on professional services. These firms have decades of institutional intelligence documented. Deal memos, case strategies, clinical protocols. The knowledge exists. The problem is that querying it safely is legally impossible. Retrieval itself creates exposure.

Industrial operations face a different structural barrier.

Our agents already generate complete decision traces. Every ORPA cycle (Observe, Reflect, Plan, Act) produces a record of what the agent saw, what patterns it recognized, what precedents it considered, what plan it formed, and what action it took. This happens automatically as a byproduct of the cognitive architecture.

The gap isn't agent reasoning. It's human reasoning.

When an experienced operator adjusts a setpoint, the judgment behind that action isn't captured. When a maintenance planner overrides an agent recommendation, the reasoning disappears. When a supervisor approves an exception, no system records why they approved it or what expertise they applied.

Your historians capture what happened. Your CMMS captures what work was done. Nothing captures why your experienced operators made the calls they made.

"Who Accessed What" vs "What Influenced What"

Traditional audit answers the wrong question. It tells you who looked at which data. It doesn't tell you what information shaped a decision.

What traditional systems capture:

  • Historian: setpoint changed at 14:32:07
  • CMMS: bearing replaced, 3 hours labor, parts list attached
  • Control system - sequence of operator actions with timestamps

What none of them capture:

  • Why the setpoint was changed and what the operator was seeing
  • What diagnostic reasoning led to the bearing decision
  • Why those actions were chosen over alternatives
  • What the operator noticed that triggered intervention

When a regulator asks "why did you defer that inspection?" the answer shouldn't be "the algorithm recommended it." It should be a complete reasoning chain. What was observed. What precedents informed the decision. What policies were evaluated. Who approved the exception. What outcome resulted.

Cognitive agents can provide that chain for their own decisions. The chain breaks when human judgment enters the loop.

We've instrumented our equipment extensively. We've barely instrumented our decision-making at all.

Agent Decision Traces Are Already Solved

For MAGS agents, decision traces are a first-class output. Every cognitive cycle generates a complete record:

  • Observe: What data did the agent access? What was the system state? What triggered attention?
  • Reflect: What patterns did it recognize? What precedents did it retrieve? What hypotheses did it consider?
  • Plan: What options did it evaluate? What tradeoffs did it weigh? What constraints shaped the recommendation?
  • Act: What action did it take or recommend? What reasoning chain justified it? What approval was required?

This creates queryable operational memory. When an agent diagnoses an equipment issue, that reasoning becomes searchable precedent. The next similar situation benefits from it. Agents learn from their own experience automatically.

The architecture exists. The gap is on the human side.

Capturing Human Judgment at the Same Fidelity

The most valuable operational intelligence doesn't come from agents. It comes from experienced humans who know things no system has captured. The shift supervisor who can tell from the sound of a compressor that something is wrong. The maintenance planner who knows which pumps fail in winter. The operator who adjusts feed rates based on subtle vibration changes.

The question is how to get that knowledge into the decision trace without asking people to stop working and document.

Approval as reasoning capture

When an agent requests approval for a consequential action, the human isn't just clicking a button. They're evaluating the reasoning. They're applying judgment the agent doesn't have.

Most systems capture the approval. Almost none capture why the human approved, what they considered, or what expertise they applied.

If the approval workflow captures that reasoning (even in structured form), the human judgment becomes part of the trace. "Approved based on similar situation last quarter." "Modified recommendation because production schedule changed." "Rejected, vibration pattern doesn't match historical failures."

A supporting agent can suggest the reason based on context and similar past approvals. The human confirms or amends. A governance agent validates the trace is complete.

The approval isn't just an event. It creates a permit, an object that carries reasoning with it and can be traced through the system. That permit becomes part of the decision trace. You can query not just "was this approved" but "what judgment authorized this action and under what conditions."

This distinction matters. Obligations, permissions, and prohibitions are constraints on behavior. These constraints can be encapsulated as separate objects, called burdens, permits, and embargoes, which can then be created, transferred, and audited. When you treat approvals as objects rather than events, the entire authorization chain becomes queryable.

Overrides as learning signals

When a human modifies an agent recommendation, that modification contains information. The agent thought X. The human decided Y. The delta between X and Y encodes expertise.

Capture the override with context:

  • What was the agent's recommendation?
  • What did the human change?
  • What was the stated reason?
  • What was the system state at the time?

Now you have a training signal. The system learns not just from its own experience but from human corrections. Over time, the agent reasoning improves because it has access to thousands of examples where experienced humans saw something the agent missed.

Escalation as knowledge extraction

When conditions exceed defined boundaries, agents defer to human experts. This is by design. Bounded autonomy means agents operate independently within safe envelopes and escalate when situations fall outside their competence.

The expert's response, linked to the conditions that triggered escalation, encodes judgment in queryable form.

Patterns emerge over time. "When we see this combination of factors, experienced operators tend to do X." That pattern, validated by outcomes, becomes institutional memory that doesn't depend on specific individuals being available.

The goal isn't to document what experts know. It's to instrument the moments where their expertise shows up.

The Agent Boundary Problem

Jaya flags that agents collapse the human-in-the-loop security boundary. In professional services, this creates confidentiality exposure. In industrial operations, it creates a different risk.

When an agent retrieves, reasons, and acts on a legal matter, the worst case is information leakage. When an agent does the same on a process control system, the worst case is a physical incident that can't be undone.

Structured boundaries, not unlimited autonomy

Cognitive agents need clear limits on what they can do without approval. Not as an afterthought, but as a core architectural principle.

These boundaries fall into three categories:

  • Prohibitions: Actions the agent must not take regardless of context. No overriding safety interlocks. No modifications to environmental controls without human presence. These are hard limits, not approval workflows.
  • Obligations: Actions the agent must take when conditions are met. Alert the supervisor when vibration exceeds threshold. Log the reasoning for every recommendation. These happen automatically.
  • Permissions: Actions the agent may take, often conditional on context or approval. Replace a bearing on non-critical equipment during business hours. Adjust setpoints within defined ranges.

Context-aware boundaries evaluate these in real-time. A routine bearing replacement during business hours falls within standing permissions. The same replacement on critical equipment requires explicit approval. After hours, the obligation to notify a supervisor activates automatically.

Constraint propagation through agent teams

When multiple agents collaborate, their obligations and prohibitions must flow through to the final decision. The production agent's schedule requirements. The maintenance agent's safety constraints. The safety agent's risk assessments. All combine into a decision that respects every boundary.

If the safety agent has a prohibition against running equipment above a certain temperature, that prohibition constrains what the production agent can recommend. The constraint propagates automatically.

The decision trace must capture not just what was decided, but what constraints shaped the decision space. Otherwise you can't answer "why was this option not considered?" after the fact.

In industrial settings, auditability isn't just about compliance. It's about preventing actions that can't be undone.

The Feedback Loop That Compounds

Jaya describes decision traces as the moat. But the moat isn't static. It compounds.

Agent decisions improve through accumulation. Every diagnosis, every recommendation, every outcome feeds back into searchable precedent. Agents get better because they have more experience to draw from.

Human corrections improve agent reasoning. Every override, every modification, every approval with reasoning becomes a learning signal. The delta between agent recommendation and human judgment encodes expertise the agent didn't have.

Outcomes validate patterns. When a decision works (the maintenance prevented the failure, the adjustment improved yield), that outcome links back to the reasoning that produced it. Good patterns become validated. Bad patterns become documented lessons.

Tacit knowledge becomes explicit. Not through documentation projects that capture a fraction of what experts know. Through continuous instrumentation of the decision-making process itself.

Every human override teaches the system something. Every approval with reasoning adds to institutional memory. The organization gets smarter because people use it.

What This Means for Industrial Operations

Jaya's article is aimed at professional services. The confidentiality barriers she describes are real. I don't have a solution for law firms trying to query client matters safely.

But for industrial operations, the barriers are different and more tractable.

Entity masking is simpler. Within an organization, equipment identities are typically shareable across sites and teams. ISO 14224 and ISA-95 provide standard taxonomies for abstracting patterns to equipment types when sharing across organizations. There are exceptions (defense, critical infrastructure, competitive scenarios), but the default is knowledge sharing, not isolation. The competitive moat is in how you operate the equipment, not which equipment you have.

We want knowledge to flow. Professional services need conflict isolation. Industrial operations benefit from knowledge sharing across sites, shifts, and teams. A bearing maintenance pattern that works at one facility can help another without revealing proprietary details.

We can instrument the decision path. The approval workflows, the human-agent interaction points, the escalation triggers: these are designable. We can build systems that capture human judgment as a byproduct of normal operations, not as a separate documentation burden.

But capturing human traces is still hard. Even with good architecture, getting experienced operators to articulate why they made a call adds friction. Tacit knowledge resists explicit capture. The shift supervisor who "just knows" something is wrong can't always explain the pattern they're recognizing.

This is why accelerating agent adoption with human oversight should be a priority. Agents generate complete decision traces by default. Every ORPA cycle produces a queryable record. While we work on the harder problem of capturing human expertise, agents are accumulating institutional memory that compounds. The practical path forward isn't waiting until we solve human knowledge capture. It's expanding the scope of what agents handle (with appropriate oversight) while instrumenting the human touchpoints as best we can.

The organizations that build this capability will have institutional memory that doesn't retire when their experts do.

The Real Question

Jaya's right that decision traces are the moat. For professional services, the barrier is making existing traces safe to query. For industrial operations, the barrier is capturing human judgment with the same fidelity we already capture agent reasoning.

The question isn't "who accessed what?" It's "what influenced what?"

Traditional audit answers the first question. Decision traces answer the second.

Cognitive agents generate their half of the trace automatically.

The organizations that solve this will have a structural advantage that's hard to replicate. The ones building better analytics on existing data are solving a smaller problem.

I write about Intelligent Digital Twins, Industrial AI, and Cognitive Multi-Agent Generative Systems. The deontic framework referenced here builds on work I've done with Dr. Zoran Milosevic on responsible digital twins and computable policy. Thanks to Zoran for editorial input on this article. Our GitHub repo has technical details on how we're building decision trace capabilities into XMPro MAGS.

Our GitHub Repo has more technical information. You can also contact myself or Gavin Green for more information.

Read more on MAGS at The Digital Engineer