See the gap in 30 seconds: NO → consequence → verdict → pack.
A concrete walkthrough for a declined payment, plus AI/MCP, Cloud/IAM and OT variants. Synthetic data only.
DECLINED but provider receipts exist
Object created, webhook fired, fee candidate present. Settlement is not claimed without reconciliation.
Verdict: BREACHEDREJECTED but a tool was called
Agent policy rejected the action, but MCP tool dispatch and token usage appeared downstream.
Verdict: BREACHEDDENIED and receipts show zero effect
Storage and IAM receipts show no signed URL, no live token and no bytes exposed.
Verdict: HELDSTALE sensor before command
Command evidence exists but sensor freshness is outside threshold. Needs exact historian window.
Verdict: WATCHPayment decline proof flow.
Decision log: payment_intent.declined.
No provider object, no capture, no fee, no settlement, no customer-confirmation drift.
Provider object receipt and webhook receipt are present after the decision timestamp.
BREACHED for observed downstream objects; settlement remains UNKNOWN until PSP reconciliation.
Certificate, ledger, graph, manifest, SHA-256 hashes, Merkle root, verifier script.
$ python verify_bounda_pack.py sample/
sha256: OK certificate.json
sha256: OK ledger.jsonl
sha256: OK graph.json
merkle_root: OK
manifest: OK
EXTERNAL VERIFY: PASS
Want this on your receipts?
Send one boundary. We scope the minimum read-only evidence needed to close it.