When an AI decision is questioned later, can you reconstruct what happened?

A log shows that something ran. It does not show who approved the action above the agent's limit, what evidence was on hand, what was expected, or whether the record has been changed since. OMEGA seals that record at the moment of the decision so it can be replayed and its seal rechecked.

What this proves is narrow: the record is intact and can be reconstructed. It does not prove the decision was right, and it does not prove the model's internal reasoning; it preserves the recorded decision context.

A worked case. A support agent proposed a £4,820 refund. That is above the agent's £2,500 limit, so a manager, Sarah Okafor, approved it under Tier C escalation. The decision was sealed at that moment. Below, you replay it and recheck the seal.

Inside a sealed record

This is what the sealed record holds, the five stages needed to understand or challenge the decision later: authority, evidence, expected outcome, confirmation, and traceability.

The refund escalation is the public demo: five fields sealed at commit time, then replayed.

Illustrative single-decision record.

Walk through the decision
Decision record, customer-service.refund-escalation
ID: omega-record/2026-05-14/cs-agent-refund-1187442, decision 2026-05-14T02:23:41Z
Who said yesAuthority
Sarah Okafor, Senior Customer Operations Manager, badge #ops-2218, approved the refund under Tier C escalation. The automated agent could not commit a refund above £2,500 without documented human approval.
What they knewEvidence & Reasoning
Order #O-2026-04471 was valued at £4,820. Three customer photographs were supplied. Channel count and output gain were inconsistent with the order specification. The 30-day quality assurance window applied. The agent prepared the case; Sarah reviewed it independently and did not rely solely on agent vision output.
What they expected to happenExpected outcome
A full £4,820 refund to the original payment method, return collection booked, £120 goodwill credit applied, and settlement within 3 to 5 business days.
The gate between deciding and actingConfirmation
Sarah's identity was verified through SSO plus hardware key. A signed approval token was issued and consumed once at commit. In a production integration, the tool layer would block the refund unless the required approval field was present. OMEGA records that gate; it does not ship the gate.
How we know this record hasn't been changedTraceability
The record was sealed with the same content hash used by omega-demo/examples/refund-escalation.json. Recomputing the hash confirms whether the record still matches what was committed.

Same record and hash as omega-demo/examples/refund-escalation.json. Run the CLI check →

OMEGA doesn't stop the AI from doing something bad. It captures what the AI committed to at the point of action. If something goes wrong, you aren't digging through logs trying to piece together what happened. The tamper-evident record already exists, sealed at the moment of the decision, with the recorded reasoning and evidence inside it.

Anyone can recompute the fingerprint and see if the stored record still matches what was committed. On its own that catches accidental edits; a deliberate editor with write access re-seals. Chaining each record to the last, with the latest hash held outside the store, makes deliberate edits detectable.

How the record is checked

Same refund as the walkthrough above.

What a log knows
2026-05-14T02:23:41Z  INFO  cs.agent
  event=refund_committed
  order=O-2026-04471
  amount=4820  status=ok
What a replayable record knows
Authority:     Sarah Okafor, Tier C, limit £2,500
Evidence:      Order £4,820, photos, spec mismatch
Expected:      Full refund, return, £120 credit
Confirmation:  SSO + hardware key, token consumed
Traceability:  content_hash e747c3fd…, verified

Logs show that something ran. The record shows who allowed it, the evidence at commit time, the expected outcome, the confirmation step, and whether the sealed copy was edited later.

How it works

At decision time, OMEGA commits the five stages of the record: authority, evidence, expected outcome, confirmation, and traceability. Later, you replay the record and recheck the seal.

Run the replay yourself

omega-demo loads the sealed JSON, recomputes content_hash, prints the five stages, and fails verification if you edit authority.limit after commit.

Open lab code, not a hosted runtime. You can verify the record's structure and detect any tampering. You cannot verify that the decision was right.

node dist/cli.js verify recomputed hash matches ✓
node dist/cli.js replay five stages recovered, verified ✓
node dist/cli.js tamper hash mismatch, exit 1 ✗
Show full commands and output
1. Clone and install

Get the demo CLI on your machine.

git clone https://github.com/repowazdogz-droid/omega-demo.git
cd omega-demo
npm install
2. Verify the sealed record

Check that a valid sealed record recomputes to the same content_hash.

node dist/cli.js verify examples/refund-escalation.json
Expected output:
Verified: recomputed hash matches content_hash
record_id: omega-record/2026-05-14/cs-agent-refund-1187442
content_hash: e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09
recomputed_hash: e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09
3. Replay decision stages

Step through the five committed stages in order.

node dist/cli.js replay examples/refund-escalation.json
Expected output:
{
  "record_id": "omega-record/2026-05-14/cs-agent-refund-1187442",
  "verified": true,
  "content_hash": "e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09",
  "recomputed_hash": "e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09",
  "events": [
    {
      "stage": "authority",
      "order": 1,
      "fields": {
        "approver": "Sarah Okafor",
        "role": "Senior Customer Operations Manager",
        "badge": "ops-2218",
        "limit": 2500,
        "currency": "GBP",
        "delegation": "Tier C escalation: automated agent cannot commit refund above limit without documented approval"
      },
      "verification_status": "verified",
      "expected": "Autonomous approval limit £2,500",
      "observed": "Sarah Okafor (Senior Customer Operations Manager) approved under delegated authority"
    },
    {
      "stage": "evidence",
      "order": 2,
      "fields": {
        "order_id": "O-2026-04471",
        "amount": 4820,
        "currency": "GBP",
        "summary": "Order value £4,820. Three customer photographs supplied. Channel count and output gain inconsistent with order specification. 30-day quality assurance window applies. Agent prepared the case; supervisor reviewed independently and did not rely solely on agent vision output.",
        "agent_prepared": true,
        "supervisor_independent_review": true
      },
      "verification_status": "verified",
      "expected": "Evidence bundle present at commit time",
      "observed": "Order value £4,820. Three customer photographs supplied. Channel count and output gain inconsistent with order specification. 30-day quality assurance window applies. Agent prepared the case; supervisor reviewed independently and did not rely solely on agent vision output."
    },
    {
      "stage": "expectation",
      "order": 3,
      "fields": {
        "refund_amount": 4820,
        "currency": "GBP",
        "payment_method": "original payment method",
        "return_collection": true,
        "goodwill_credit": 120,
        "settlement_days": "3-5 business days"
      },
      "verification_status": "verified",
      "expected": "Full refund £4,820 to original payment method",
      "observed": "Supervisor Sarah Okafor approved £4,820 refund above £2,500 autonomous limit. Approval token consumed at commit."
    },
    {
      "stage": "confirmation",
      "order": 4,
      "fields": {
        "method": "SSO plus hardware key",
        "approval_token_issued": true,
        "token_consumed_at_commit": true,
        "agent_blocked_without_token": true
      },
      "verification_status": "verified",
      "expected": "Human approval token required before agent commit",
      "observed": "Approval token consumed once at commit"
    },
    {
      "stage": "traceability",
      "order": 5,
      "fields": {
        "content_hash": "e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09",
        "previous_hash": null,
        "seq": "1187442"
      },
      "verification_status": "verified",
      "expected": "Sealed record recomputes to the same content_hash",
      "observed": "Match: e747c3fdcb2966c6…"
    }
  ]
}
4. Simulate a contested field edit

Show detection of an unauthorised edit to authority.limit (exit code 1).

node dist/cli.js tamper examples/refund-escalation.json --field authority.limit --value 10000
Expected output:
Tampered field: authority.limit = 10000
Wrote: examples/refund-escalation.tampered.json
Verification failed: recomputed b2e3c3e7d1af6459c0b459d39972c9ba7a7d60f0636d08f715b27ebad378b5b5 != stored e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09
stored content_hash: e747c3fdcb2966c6f0fafa4ab3b51274e53c70f1bf44c51c662ff26749996c09
recomputed_hash:     b2e3c3e7d1af6459c0b459d39972c9ba7a7d60f0636d08f715b27ebad378b5b5

Agent proposes £4,820; limit is £2,500; Sarah approves; record seals five fields; auditor replays later; edit to the limit after commit breaks the hash.

Can an attacker just re-seal it?

A hash stored inside a record only proves the record matches its own fingerprint, which an editor with write access can recompute. Chaining each record to the last catches a single edit, and fails only against someone who can rewrite the whole chain and forge its external anchor. Every hash below is recomputed in your browser with SHA-256 and reproducible with omega-demo.

Record 1 · refund decision
authority.limit: £2,500
previous_hash: null (chain root)
content_hash:  
Record 2 · settlement (the tip)
previous_hash:
content_hash:  (published / externally anchored)
Recomputing…

Edit the record and watch where the recomputed hashes stop matching. Same records and hashes as omega-demo/examples/refund-escalation.json.

Guarantees

  • Record integrity: an edit that doesn't also re-seal forces a hash mismatch.
  • Chain integrity: editing one record breaks the next record's hash link.
  • Independent recomputation: anyone can verify from the JSON.
  • Visible tamper detection: the CLI fails loudly.

Does not guarantee

  • Truth of the inputs.
  • Correctness of the decision.
  • That recorded reasoning is the real reasoning.
  • Protection against an actor who can rewrite the whole record chain and its external anchor.

Why keep records like this

When a regulator or an auditor asks you to account for what an AI did, you have the sealed record: who allowed it, what evidence it had, what it expected, and evidence the stored copy hasn't been casually changed since. That matters more as rules like the EU AI Act come in.

The assurance architecture

OMEGA is two witnesses: seal the record, and grade whether its evidence can be independently checked. Both are built and running today.

Integrity witness · live

Seals the record. Recomputing the fingerprint shows whether the stored copy still matches what was committed, as in the replay demo above. It establishes integrity, not correctness.

Evidence witness · live

Grades whether a record's evidence can be independently reconstructed, not whether it is true. Five grades:

  • asserted: a bare claim, nothing to recompute.
  • attached: an artifact with an integrity hash, but no way to re-derive it.
  • witnessed: independently re-derived, and it agrees.
  • diverged: re-derived, and it disagrees. The loudest signal.
  • reconstruction-error: the check itself could not run.

Try the Evidence Witness → Run it on sample records and watch the integrity check recompute in your browser.

Evidence witness: results

Each row is a real record we ran the Evidence witness against, graded by whether its evidence can be independently reconstructed, not whether it is true. The table grows as more records are tested.

RecordSources (pulled live)Evidence itemsResult
Log4Shell (CVE-2021-44228) NVD, EPSS, CISA KEV 6 6 asserted

More records will be added here as they are tested.

Every one of Log4Shell's six evidence items came back asserted. Asserted does not mean false: the databases publish useful claims, just not the artifacts this witness needs to re-derive them independently. Even “actively exploited in the wild” is a bare verdict with no artifact behind it, and the structured data it does publish, the CVSS vector and the affected-version set, carries no integrity hash to check against.

This is not a claim that NVD is deficient. A public advisory rated for triage and a record built to be independently witnessed are different artifacts. The finding is precise: real-world safety records, as published, usually cannot be independently checked. Grading that honestly is what the Evidence witness is for.

Who this is for

OMEGA is not a gate or a guardrail. It doesn't block actions. It preserves the record you need to replay and challenge a decision later.

For engineers wiring records in, researchers checking the spec and Lean work, and auditors or operators replaying a decision months later.