omega-demo/examples/refund-escalation.json. Recomputing the hash confirms whether the record still matches what was committed.Same record and hash as omega-demo/examples/refund-escalation.json. Run the CLI check →
A log shows that something ran. It does not show who approved the action above the agent's limit, what evidence was on hand, what was expected, or whether the record has been changed since. OMEGA seals that record at the moment of the decision so it can be replayed and its seal rechecked.
What this proves is narrow: the record is intact and can be reconstructed. It does not prove the decision was right, and it does not prove the model's internal reasoning; it preserves the recorded decision context.
A worked case. A support agent proposed a £4,820 refund. That is above the agent's £2,500 limit, so a manager, Sarah Okafor, approved it under Tier C escalation. The decision was sealed at that moment. Below, you replay it and recheck the seal.
This is what the sealed record holds, the five stages needed to understand or challenge the decision later: authority, evidence, expected outcome, confirmation, and traceability.
The refund escalation is the public demo: five fields sealed at commit time, then replayed.
Illustrative single-decision record.
omega-demo/examples/refund-escalation.json. Recomputing the hash confirms whether the record still matches what was committed.Same record and hash as omega-demo/examples/refund-escalation.json. Run the CLI check →
OMEGA doesn't stop the AI from doing something bad. It captures what the AI committed to at the point of action. If something goes wrong, you aren't digging through logs trying to piece together what happened. The tamper-evident record already exists, sealed at the moment of the decision, with the recorded reasoning and evidence inside it.
Anyone can recompute the fingerprint and see if the stored record still matches what was committed. On its own that catches accidental edits; a deliberate editor with write access re-seals. Chaining each record to the last, with the latest hash held outside the store, makes deliberate edits detectable.
Same refund as the walkthrough above.
2026-05-14T02:23:41Z INFO cs.agent event=refund_committed order=O-2026-04471 amount=4820 status=ok
Authority: Sarah Okafor, Tier C, limit £2,500 Evidence: Order £4,820, photos, spec mismatch Expected: Full refund, return, £120 credit Confirmation: SSO + hardware key, token consumed Traceability: content_hash e747c3fd…, verified
Logs show that something ran. The record shows who allowed it, the evidence at commit time, the expected outcome, the confirmation step, and whether the sealed copy was edited later.
At decision time, OMEGA commits the five stages of the record: authority, evidence, expected outcome, confirmation, and traceability. Later, you replay the record and recheck the seal.
omega-demo loads the sealed JSON, recomputes content_hash, prints the five stages, and fails verification if you edit authority.limit after commit.
Open lab code, not a hosted runtime. You can verify the record's structure and detect any tampering. You cannot verify that the decision was right.
node dist/cli.js verify recomputed hash matches ✓node dist/cli.js replay five stages recovered, verified ✓node dist/cli.js tamper hash mismatch, exit 1 ✗Get the demo CLI on your machine.
git clone https://github.com/repowazdogz-droid/omega-demo.git cd omega-demo npm install
Check that a valid sealed record recomputes to the same content_hash.
node dist/cli.js verify examples/refund-escalation.json
Verified: recomputed hash matches content_hash record_id: omega-record/2026-05-14/cs-agent-refund-1187442 content_hash: e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09 recomputed_hash: e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09
Step through the five committed stages in order.
node dist/cli.js replay examples/refund-escalation.json
{
"record_id": "omega-record/2026-05-14/cs-agent-refund-1187442",
"verified": true,
"content_hash": "e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09",
"recomputed_hash": "e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09",
"events": [
{
"stage": "authority",
"order": 1,
"fields": {
"approver": "Sarah Okafor",
"role": "Senior Customer Operations Manager",
"badge": "ops-2218",
"limit": 2500,
"currency": "GBP",
"delegation": "Tier C escalation: automated agent cannot commit refund above limit without documented approval"
},
"verification_status": "verified",
"expected": "Autonomous approval limit £2,500",
"observed": "Sarah Okafor (Senior Customer Operations Manager) approved under delegated authority"
},
{
"stage": "evidence",
"order": 2,
"fields": {
"order_id": "O-2026-04471",
"amount": 4820,
"currency": "GBP",
"summary": "Order value £4,820. Three customer photographs supplied. Channel count and output gain inconsistent with order specification. 30-day quality assurance window applies. Agent prepared the case; supervisor reviewed independently and did not rely solely on agent vision output.",
"agent_prepared": true,
"supervisor_independent_review": true
},
"verification_status": "verified",
"expected": "Evidence bundle present at commit time",
"observed": "Order value £4,820. Three customer photographs supplied. Channel count and output gain inconsistent with order specification. 30-day quality assurance window applies. Agent prepared the case; supervisor reviewed independently and did not rely solely on agent vision output."
},
{
"stage": "expectation",
"order": 3,
"fields": {
"refund_amount": 4820,
"currency": "GBP",
"payment_method": "original payment method",
"return_collection": true,
"goodwill_credit": 120,
"settlement_days": "3-5 business days"
},
"verification_status": "verified",
"expected": "Full refund £4,820 to original payment method",
"observed": "Supervisor Sarah Okafor approved £4,820 refund above £2,500 autonomous limit. Approval token consumed at commit."
},
{
"stage": "confirmation",
"order": 4,
"fields": {
"method": "SSO plus hardware key",
"approval_token_issued": true,
"token_consumed_at_commit": true,
"agent_blocked_without_token": true
},
"verification_status": "verified",
"expected": "Human approval token required before agent commit",
"observed": "Approval token consumed once at commit"
},
{
"stage": "traceability",
"order": 5,
"fields": {
"content_hash": "e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09",
"previous_hash": null,
"seq": "1187442"
},
"verification_status": "verified",
"expected": "Sealed record recomputes to the same content_hash",
"observed": "Match: e747c3fdcb2966c6…"
}
]
}
Show detection of an unauthorised edit to authority.limit (exit code 1).
node dist/cli.js tamper examples/refund-escalation.json --field authority.limit --value 10000
Tampered field: authority.limit = 10000 Wrote: examples/refund-escalation.tampered.json Verification failed: recomputed b2e3c3e7d1af6459c0b459d39972c9ba7a7d60f0636d08f715b27ebad378b5b5 != stored e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09 stored content_hash: e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09 recomputed_hash: b2e3c3e7d1af6459c0b459d39972c9ba7a7d60f0636d08f715b27ebad378b5b5
Agent proposes £4,820; limit is £2,500; Sarah approves; record seals five fields; auditor replays later; edit to the limit after commit breaks the hash.
A hash stored inside a record only proves the record matches its own fingerprint, which an editor with write access can recompute. Chaining each record to the last catches a single edit, and fails only against someone who can rewrite the whole chain and forge its external anchor. Every hash below is recomputed in your browser with SHA-256 and reproducible with omega-demo.
Edit the record and watch where the recomputed hashes stop matching. Same records and hashes as omega-demo/examples/refund-escalation.json.
When a regulator or an auditor asks you to account for what an AI did, you have the sealed record: who allowed it, what evidence it had, what it expected, and evidence the stored copy hasn't been casually changed since. That matters more as rules like the EU AI Act come in.
OMEGA is two witnesses: seal the record, and grade whether its evidence can be independently checked. Both are built and running today.
Each row is a real record we ran the Evidence witness against, graded by whether its evidence can be independently reconstructed, not whether it is true. The table grows as more records are tested.
| Record | Sources (pulled live) | Evidence items | Result |
|---|---|---|---|
| Log4Shell (CVE-2021-44228) | NVD, EPSS, CISA KEV | 6 | 6 asserted |
More records will be added here as they are tested.
Every one of Log4Shell's six evidence items came back asserted. Asserted does not mean false: the databases publish useful claims, just not the artifacts this witness needs to re-derive them independently. Even “actively exploited in the wild” is a bare verdict with no artifact behind it, and the structured data it does publish, the CVSS vector and the affected-version set, carries no integrity hash to check against.
This is not a claim that NVD is deficient. A public advisory rated for triage and a record built to be independently witnessed are different artifacts. The finding is precise: real-world safety records, as published, usually cannot be independently checked. Grading that honestly is what the Evidence witness is for.
OMEGA is not a gate or a guardrail. It doesn't block actions. It preserves the record you need to replay and challenge a decision later.
For engineers wiring records in, researchers checking the spec and Lean work, and auditors or operators replaying a decision months later.
Read the specification → See an example record → omegaprotocol87@gmail.com