The whole story
Who or what acted, what triggered it, the reason and the policy behind it, the before-and-after state, exactly which items were touched — and how to undo it.
Every app you use does mysterious things — a message vanishes into a folder, a rule fires, something gets archived — and the honest answer to "why?" is usually a shrug. SwarmMarshal makes that question answerable by construction: every consequential action runs one mandatory lifecycle and leaves a durable receipt, and the assistant answers "why did you do that?" from those receipts — never from a guess.
Ask the assistant why a message moved, why a rule fired, why something was filed — and it queries the decision ledger, collapses the action's lifecycle to its causal receipt, and tells you what actually happened.
Who or what acted, what triggered it, the reason and the policy behind it, the before-and-after state, exactly which items were touched — and how to undo it.
The answer comes only from durable receipts. If no receipt exists, the assistant says it doesn't know — it will not reverse-engineer a plausible cause from your current settings, because a plausible cause and the real cause are not the same thing.
Because receipts record the before-state and the touched items, "put it back" is a data operation, not an archaeology project.
This isn't logging bolted onto features — it's a single action framework every consequential operation must run through. The base lifecycle owns every ledger transition; a feature module only supplies the factual plan and the domain work.
Each action takes a durable single-owner claim before applying, so a retried or duplicated request can't perform the same physical action twice.
If the process dies mid-action, the lifecycle is closed as unknown for reconciliation — the system checks what actually happened rather than blindly re-applying. An email is never moved twice because a write timed out.
Failures and skips get receipts too. The ledger records what the app tried and didn't do — which is often exactly what you're asking about.
When a plan says "the user approved this," that claim must come from a real authority — the approval that you actually clicked flows through the agent's turn context into the action as evidence. A feature module cannot fabricate its own permission, so the receipt trail is trustworthy end to end: the same chain that gates the action is the chain that explains it later.
SwarmMarshal used to answer "what has the app been doing?" with separate diagnostic surfaces — an autonomy log, an auto-email management view, an agent diagnostics page — each reading its own store. Those are gone. The decision ledger is now the single source for plans, authorizations, outcomes, explanations, and undo, and the conversational explain tool is the front door. You don't hunt through admin pages; you ask.
Receipts explain actions; provenance explains answers. Together they make the whole system accountable.