Evidence Witness · Built and running

Can a record's evidence be independently reconstructed?

The Evidence Witness grades a record by one question: can its evidence be re-derived independently, or do you have to take the record's word for it. It grades reconstructibility, not truth. It does not decide whether the record is true, the decision was correct, or the control was adequate.

This is the second of OMEGA's two witnesses. The first seals a record and rechecks the seal, as in the replay demo. This one grades whether the evidence inside a record can stand on its own.

What it grades, and what it does not

It grades whether a record's evidence can be independently reconstructed, not whether it is true, the decision correct, or the control adequate. A top grade means the record is faithful to an independent re-derivation, not that the recorded fact is real.

Asserted does not mean false. Asserted means a claim was recorded with no artifact to re-derive it. The claim can be perfectly true; it just cannot be checked from the record alone.

A record cannot witness itself. The top grade, witnessed, requires an independent external reference to re-derive the evidence against. A record that only points at itself cannot reach it.

The grading ladder

Six tiers, worst to best. A tier is assigned only by running the relevant check, never by trusting a field. The presence of a hash is not integrity; the presence of a reconstruction path is not a reconstruction. Both must actually run.

Two checks, and only one of them can run in your browser

Each record below is graded in two parts. Read the two chips carefully, because they are not the same kind of claim.

This split is the honest one: everything the browser can decide on its own (is there an artifact, does its hash verify) is live; everything that needs an independent reference is a replay.

What the grader has actually been run on

Every row is a real run of the grader. The reconstruction verdicts are replays, as above; new rows are added as more records are tested. No row is a projection.

DomainSourceKindRecordsResult

Log4Shell is the headline. The most documented vulnerability on record, CVE-2021-44228, pulled from NVD, EPSS and CISA-KEV, graded six for six as asserted. Asserted does not mean false: the databases publish useful claims, just not the artifacts this witness needs to re-derive them independently. Even the actively-exploited flag is a bare verdict with no artifact behind it. This is not a claim that NVD is deficient. A public advisory rated for triage and a record built to be independently witnessed are different artifacts. The finding is precise: real-world safety records, as published, usually cannot be independently checked.

These rows were graded offline against their trusted references. The page does not re-fetch NVD, EPSS or CISA and does not re-run the tiering here, so the table is a replay, not a live check. The only live computation on this page is the integrity recompute in the section above.