Signed Audit Chain
Cloud-only memory providers cannot make a court-admissible promise
about your history. Their terms preclude it: data can be revoked,
modified, or lost. OMEGA's audit chain produces a cryptographically
signed artifact over the immutable memver_ chain that anyone with
the public key can verify, forever, offline, with a ~200-line verifier.
This is the difference between "we promise to be careful with your data" and "math + your key prove what happened." Customers can leave OMEGA tomorrow and the signed artifacts remain verifiable.
How it works
- An Ed25519 keypair lives at
$OMEGA_HOME/audit/. Generated on first use, never leaves your machine. - Every memory mutation appends a row to the
memver_chain (P1.6). Rows are immutable; updates and deletes append new versions rather than overwriting. - An export builds a Merkle tree over a slice of the chain and
signs the root with the Ed25519 key. The artifact contains:
the public key, the signed root, the leaf metadata, the included
memver_rows. - Verification is a three-layer offline check:
- Recompute every leaf hash from the included rows.
- Rebuild the Merkle root from the recomputed leaves.
- Verify the Ed25519 signature against the rebuilt root.
- Inclusion proofs (P3.15b) let you prove that a single
memver_row was part of an artifact without revealing siblings — selective disclosure for compliance handovers.
The four MCP tools
| Tool | Purpose |
|---|---|
omega_audit_export | Export a signed Merkle artifact over the version chain. Auto-generates the signing key on first use. |
omega_audit_verify | Verify a previously-exported artifact. Recomputes leaves, rebuilds root, checks signature. |
omega_audit_inclusion_proof | Build a signed inclusion proof for a single memver_ row — proves membership without revealing other rows. |
omega_audit_verify_inclusion | Verify an inclusion proof offline. Folds the leaf with the proof to reproduce the Merkle root, then checks the signature. |
A typical session
# Export an artifact covering everything since the previous one
omega_audit_export(since="2026-04-01")
→ wrote ~/.omega/audit/artifact-2026-05-25.json
root: 7d3a… signed by key fingerprint 9f1c… 142 leaves
# Verify it (offline, no DB access required)
omega_audit_verify(path="~/.omega/audit/artifact-2026-05-25.json")
→ all 142 leaves recomputed, root matches, Ed25519 signature OK
# Build an inclusion proof for one specific decision
omega_audit_inclusion_proof(memver_id="memver_a14f…")
→ wrote inclusion-memver_a14f.json (proof depth 8)
# Verify the inclusion proof alone — without the full artifact
omega_audit_verify_inclusion(path="inclusion-memver_a14f.json")
→ leaf hash recomputed, folded path matches signed root, signature OK
What you get
- Vendor-independent verifiability: leaving OMEGA does not invalidate your history. The signed artifacts + public key are all you need.
- Air-gap compatibility: signing and verification are local; defense and healthcare buyers who cannot use cloud memory at all can use OMEGA as the substrate.
- Selective disclosure: hand over an inclusion proof for one decision (e.g. for legal discovery) without revealing the rest.
See also
- Federated Exchange — the same audit keypair signs federation manifests
- Autonomous Dreaming — every scheduled dream applies through the
memver_chain and is therefore signable