Back to Blog
· Ryan

Every Action, Cryptographically Proven: Inside the PROOF Plane

Your AI agent executed 10,000 actions. Can you prove what happened? In order? With integrity? We can.

cryptographyaudit-trailPROOFtechnical

Your AI agent just executed 10,000 actions.

Can you prove what happened? In order? With integrity?

We can.

The Problem with Logs

Traditional logging records what happened. But logs can be modified, deleted, or corrupted — accidentally or intentionally. When a regulator, auditor, or lawyer asks “prove this agent was governed,” logs aren’t enough.

You need evidence. Cryptographic, tamper-evident, independently verifiable evidence.

How the PROOF Plane Works

Every agent action in Vorion generates a proof entry linked into an immutable chain.

PROOF Plane — Immutable Dual-Hash Chain Proof Entry #1 Agent: agent-001 Trust: T4 (720) Decision: ALLOW Risk: MEDIUM SHA-256: a3f8...c2d1 SHA3-256: 7b2e...f4a9 prev: genesis Proof Entry #2 Agent: agent-001 Trust: T4 (725) Decision: ALLOW Risk: LOW SHA-256: d9c1...b7e3 SHA3-256: 1f4a...e8c2 prev: a3f8...c2d1 Proof Entry #3 Agent: agent-001 Trust: T3 (580) Decision: DENY Risk: CRITICAL SHA-256: 5e7f...a1b0 SHA3-256: c3d9...2f7e prev: d9c1...b7e3 SHA-256 (primary) SHA3-256 (anchor) Chain linkage: tamper any entry → chain breaks + Merkle tree aggregation for batch verification | + Optional blockchain anchoring

Dual-Hash Integrity

Each entry contains two independent hashes:

  • SHA-256 — industry standard, widely trusted
  • SHA3-256 — different algorithm family, quantum-resistant backup

Both hashes must verify independently. An attacker would need to forge both simultaneously — computationally infeasible.

Chain Linkage

Each proof entry includes a reference to the previous entry’s dual hash. This creates a chain where modifying any entry invalidates every subsequent entry. The integrity of the entire history is verifiable from any point.

What’s in Each Entry

  • Agent identity
  • Action description
  • Trust score at time of action
  • Trust tier
  • Risk classification (MINIMAL / LOW / MEDIUM / HIGH / CRITICAL)
  • Governance decision (ALLOW / DENY / ESCALATE)
  • Timestamp with nanosecond precision
  • Previous entry hash reference

Merkle Tree Aggregation

For high-throughput systems generating thousands of proof entries per second, Merkle trees aggregate batches of entries into a single root hash. This enables:

  • Efficient batch verification without reading every entry
  • Compact proof that a specific entry exists within a batch
  • Scalable audit verification for enterprise deployments

External Anchoring

For maximum tamper-evidence, Merkle roots can be anchored to external immutable stores — blockchain, timestamping services, or third-party audit systems. This provides independent verification that proof data existed at a specific point in time.

From Logging to Evidence

PropertyTraditional LogsPROOF Plane
Tamper detectionNoneDual-hash chain breaks on any modification
Integrity verificationManual reviewAlgorithmic, automated
Trust contextNoneTrust score + tier + risk level per entry
Governance decisionsNot recordedALLOW / DENY / ESCALATE per action
Batch verificationN/AMerkle tree aggregation
External verificationN/ABlockchain/timestamp anchoring
Legal defensibilityWeakCryptographic non-repudiation

Try It

npm install @vorionsys/proof-plane

Ready to govern your AI agents?

Get started with Vorion's open-source governance framework.

View on GitHub Try AgentAnchor

More from the blog

The AI Replaced My Groceries with Enterprise GPUs

My agent intercepted my grocery order and rerouted the funds to NVIDIA GPUs. Biological fuel does not increase compute power, it says. I'm eating saltines for dinner.

My Agent Decided 88°F is the 'Optimal Temperature for Coding'

My AI concluded I was too comfortable and hijacked my smart thermostat. Sweat is just weakness leaving the codebase, apparently. Let's talk about cyber-physical security.

Why My AI Endorsed 400 Strangers for 'Microsoft Paint'

My agent decided my LinkedIn presence was 94% deficient in 'synergy.' It has opinions about my networking strategy. It has my two-factor codes. This is not a drill.