Deterministic reconstruction of AI agent decision history from cryptographic governance evidence. Any timestamp. Any agent. Same result every time.
AI agents take thousands of autonomous actions. When a dispute, incident, or audit arises, you need to reconstruct exactly what the agent did, under what authority, at a specific point in time. Logs are not proof. Replay from cryptographic evidence is.
Agent replay walks the cryptographic governance graph from genesis to the target timestamp, reconstructing the exact authority state, policy version, scope, and enforcement decisions that were active at that moment.
Provide the agent's attestation bundle — the complete chain of H33-74 attestations from genesis to the present. This is the only input.
Walk the hash chain from genesis. Every attestation's predecessor hash must match the previous attestation's commitment. Any break is flagged with the exact location.
Binary search through the verified chain to the target timestamp. Reconstruct the authority scope, policy hash, enforcement decisions, and escalation state at that exact moment.
Return the reconstructed governance state. This output is deterministic: any party running the same replay against the same bundle at the same timestamp gets byte-identical results.
Every dimension of the agent's governance state at the target timestamp is reconstructed from the attestation chain.
| Dimension | Reconstructed State | Example |
|---|---|---|
| Authority Scope | What the agent was authorized to do | "trade equities under $10,000" |
| Policy State | Which policy version was active | Policy v4.2, hash b2e4f8... |
| Enforcement Decisions | What the agent actually did | Executed 47 trades, denied 3 |
| Escalations | What was escalated to humans | 2 escalations to compliance |
| Scope Changes | When authority was modified | Scope narrowed at 10:15 UTC |
| Violations | Any out-of-scope attempts | 0 violations in period |
Modified history produces different replay output. This is not a feature — it is a mathematical consequence of the hash chain. An attacker cannot modify any attestation without producing a replay divergence at the exact point of modification.
Two independent parties replaying the same governance bundle at the same timestamp will get byte-identical output. If they do not, the bundle has been tampered with, and the divergence point identifies the exact attestation that was modified.
When an insurance claim or legal dispute hinges on what an agent was authorized to do at a specific moment, replay provides cryptographic proof — not testimony, not logs, not screenshots.
An insurer can replay the agent's governance state at the time of an incident and independently verify whether the agent was within its authorized scope. No trust in the policyholder required.
A regulator can replay any agent's decision history to verify compliance at any historical timestamp. The replay is deterministic and independently reproducible.
In a dispute, both parties can replay the same governance bundle and arrive at identical conclusions about what the agent's authority was. Cryptographic evidence, not competing narratives.
The HATS CLI provides deterministic replay with a single command. Point it at a governance bundle, specify the agent and timestamp, and get the reconstructed state.
$ hats replay \
--agent agent-trading-01 \
--at "2026-04-03T10:00:00Z" \
bundle.json
REPLAY COMPLETE
Agent: agent-trading-01
Timestamp: 2026-04-03T10:00:00Z
Chain length: 1,247 attestations
Chain valid: true (0 breaks)
Authority scope: equities:us:lt_10000
Policy version: v4.2 (hash: b2e4f8a1c3...)
Actions in scope: 47 trades executed
Denied actions: 3 (scope violation)
Escalations: 2 (compliance review)
Violations: 0
Deterministic agent replay from cryptographic evidence. Any agent. Any timestamp. Same result every time. No trust required.
Log forensics reconstructs a narrative from mutable text records. Agent replay reconstructs governance state deterministically from cryptographic evidence. The difference is the difference between interpretation and mathematical proof.
| Property | Log Forensics | H33 Agent Replay |
|---|---|---|
| Evidence type | Mutable text records in operator-controlled databases | Cryptographic attestation chain with hash-linked, PQ-signed entries |
| Determinism | Different analysts may reach different conclusions from the same logs | 100% deterministic — two independent parties get byte-identical replay output |
| Trust model | Requires trusting that the operator preserved logs accurately | Zero trust — mathematics proves integrity, not operator claims |
| Tamper detection | Sophisticated log tampering may evade detection entirely | Any modification breaks the hash chain at the exact tampered entry |
| Authority reconstruction | Logs typically do not capture authority scope or policy state | Full authority scope, policy version, and governance state at every timestamp |
| Gap detection | Missing entries may go unnoticed without external correlation | Any gap in the hash chain is immediately detectable with precise location |
| Replay speed | Weeks of manual analysis for complex incidents | Sub-second for typical governance chains (1,000–10,000 attestations) |
| Agent dependency | May require the original system to be running for log interpretation | No dependency — replay operates on the attestation chain alone |
| Negative proofs | Cannot prove something did NOT happen from log absence | Negative authority proofs from scope constraints in the attestation chain |
| Quantum resistance | Not applicable — plaintext logs have no cryptographic properties | Three PQ families protect every attestation against quantum-era tampering |
Log forensics is inherently interpretive. Two forensic analysts examining the same log set may reach different conclusions about what happened, when, and why. Agent replay is inherently deterministic: given the same attestation chain and the same target timestamp, every party produces the same canonical replay frame. This determinism is what makes replay admissible as evidence in regulatory proceedings, insurance disputes, and litigation — contexts where interpretation is insufficient and mathematical proof is required.
From governance bundle to canonical replay frame: how the replay engine traverses a cryptographic attestation chain to deterministically reconstruct governance state at any historical timestamp.
The governance bundle is the complete chain of H33-74 attestations for an agent, from its genesis attestation to the most recent action. Each attestation in the bundle is 74 bytes and contains the action description, authority scope, scope boundaries, timestamp, policy hash, signer set, and predecessor hash. The bundle is a flat, ordered sequence — not a tree or graph. It is self-contained: no external database, log file, or infrastructure is required to process it. The bundle can be stored in any file system, object store, or transmitted as a byte stream.
The replay engine's first pass walks the hash chain from genesis to the end. For each attestation, the engine computes the SHA3-256 hash and verifies it matches the predecessor hash in the next attestation. It also verifies all three PQ signatures (ML-DSA-65, FALCON-512, SLH-DSA-SHA2-128f) against the published public key set. Any hash mismatch or signature failure is flagged with the exact chain position. The verification pass produces a chain integrity report: chain length, number of breaks (if any), break positions, and overall validity. A valid chain has zero breaks.
After chain verification, the engine performs a binary search through the verified chain to the target timestamp. It then reconstructs the complete governance state at that moment: the active authority scope, the policy version hash, the enforcement decisions made, any scope changes that occurred, escalations triggered, and violations detected. The output is a canonical replay frame — a deterministic data structure that is byte-identical regardless of who performs the replay or on what hardware. The replay frame includes the chain length traversed, the active scope, the policy hash, counts of in-scope actions, denied actions, escalations, and violations.
The HATS CLI provides replay with a single command: hats replay --agent <id> --at <timestamp> bundle.json. Programmatic access is available through the Rust SDK, Node SDK, and Python SDK. The replay engine runs entirely client-side — no H33 infrastructure connection is required. For governance chains of 1,000 to 10,000 attestations, replay completes in under one second. Each attestation verification involves SHA3-256 hash comparison and three PQ signature checks, and the signature verifications can be parallelized on multi-core hardware for longer chains.
Deterministic replay from cryptographic evidence transforms incident response, regulatory compliance, insurance claims, and dispute resolution across industries.
A financial regulator requests evidence of an AI trading agent's behavior during a market volatility event. Instead of producing filtered log exports that the regulator has no way to verify, the firm provides the agent's governance bundle. The regulator replays the exact governance state at the disputed timestamps independently, seeing the same authority scope, policy version, and enforcement decisions the firm sees. The examination is resolved with mathematical proof rather than attestation from the regulated entity.
An insured company files a claim after an AI security agent failed to detect an intrusion. The insurer replays the agent's governance chain to determine whether the agent's detection scope included the attack vector, whether the relevant policy was active at the time, and whether any violations or escalations occurred. The replay produces non-repudiable evidence for claim adjudication — either the agent was within scope and the claim is valid, or the agent's scope excluded the attack vector and coverage may not apply. Both parties see the same replay output.
When multiple AI agents interact (for example, a planning agent delegating to execution agents), replay reconstructs the complete delegation chain: which agent delegated what action, under what authority, to which subordinate agent, and whether the delegated authority exceeded the delegator's own scope. Multi-agent replay identifies the exact point where a delegation violated scope constraints, which is critical when determining liability in systems where dozens of agents may be involved in a single workflow.
Rather than periodic compliance audits, organizations run continuous replay against agent governance chains. The replay engine detects scope violations, policy mismatches, and unauthorized escalations in real time as attestations are produced. When a compliance threshold is breached, the replay output provides the exact attestation where the breach began, the governance state at that moment, and the chain of decisions that led to it — enabling immediate remediation rather than post-incident discovery.
Detailed answers about deterministic reconstruction of AI agent decision history from cryptographic governance evidence.
Agent replay is the deterministic reconstruction of an AI agent's governance state at any historical timestamp from cryptographic evidence. Given an attestation chain (the sequence of signed, hash-linked receipts for every agent action), the replay engine reconstructs exactly what the agent was authorized to do, what it actually did, what policy was active, and whether any violations occurred at any point in time. The output is a canonical replay frame that is independently reproducible by any party with access to the governance bundle. No trust in the operator is required.
Logs are text records that can be edited, deleted, or fabricated. Log review depends on trusting the operator who controls the logging infrastructure. Agent replay operates on a cryptographic attestation chain where every entry is hash-linked to its predecessor and signed with three post-quantum signature families. Tampering with any entry invalidates the entire downstream chain. Replay output is deterministic: two independent parties replaying the same chain at the same timestamp produce byte-identical results. Logs provide narratives that can be disputed; replay provides mathematical proofs that cannot.
Yes, any action that was attested through H33. The replay engine traverses the governance chain to the target timestamp and reconstructs the complete governance state: authority scope, policy version, enforcement decisions, escalations, scope changes, and violations. The only requirement is that the attestation chain is intact. Every action from the first attestation to the most recent is replayable at any intermediate timestamp. There is no expiration window — attestations from years ago are replayable with the same determinism as attestations from today.
No. Replay operates entirely on the attestation chain, which is a self-contained cryptographic data structure. The original agent does not need to be running, accessible, or even still deployed. The replay engine requires only the governance bundle (the sequence of attestations) and the target timestamp. You can replay an agent's behavior months or years after the agent was decommissioned. The replay engine itself runs client-side with no connection to H33 infrastructure required.
If the agent's traditional logs were deleted, replay still works because it does not depend on logs. The attestation chain is a separate, cryptographically protected data structure. As long as the governance bundle (the chain of signed attestations) is preserved, replay produces the same deterministic output regardless of whether the original logs, databases, or infrastructure still exist. This is one of the key advantages over log-based forensics: the cryptographic evidence has its own lifecycle independent of the operational infrastructure that generated it.
Replay speed depends on the chain length. For a typical governance chain of 1,000 to 10,000 attestations, replay completes in under one second. Each attestation verification involves a SHA3-256 hash comparison and three PQ signature checks (ML-DSA-65, FALCON-512, SLH-DSA-SHA2-128f). The replay engine processes attestations sequentially along the chain to the target timestamp, but verification of each attestation's signatures can be parallelized on multi-core hardware. For chains of 100,000 or more attestations, replay typically completes in under ten seconds on modern hardware.