All papers
HB-TR-2026-02·Technical Report·Governance·February 2026·24 pages

ΘΕΜΙΣ: A Cryptographically Verifiable Governance Ledger for Auditable Decision Systems

ΘΕΜΙΣ interposes a verification gate and an append-only, hash-linked, Ed25519-signed ledger between decision engines and consequential actions. A neurosymbolic firewall checks policies via SMT. A PII gateway enforces egress rules. Four security properties (tamper-evidence, non-repudiation, append-only integrity, audit completeness) are formalised and proven.

Leonidas Papadopoulos · Helios Brain · Founder
Decision enginestochasticCompliance firewallSMTPII gatewayegressExecutoractionAppend-only hash-linked ledger · Ed25519 signedr' ← H(r ∥ c ∥ meta)External verifierauditHuman reviewobligations unmet

Figure 1. The ΘΕΜΙΣ pipeline. Outputs from the decision engine, compliance firewall, PII gateway, and executor are sealed into the append-only ledger. Firewall verdicts of 'obligations unmet' route to human review. An external verifier can audit the ledger independently.

§ 01

The accountability gap

Agentic AI in regulated sectors faces a structural problem: decisions emerge from stochastic models whose outputs are difficult to justify or verify post-hoc. Auditors, regulators, and customers need cryptographic guarantees, not screenshots.

ΘΕΜΙΣ is the governance layer for Helios decision platforms. It interposes a verification gate and an append-only ledger between every decision engine and every consequential action. The ledger binds inputs, model identity, policy verdicts, uncertainty certificates, and human review status into immutable, hash-linked, signed records.

§ 02

The hash-linked ledger

Every decision is committed to the ledger as a record d_i, whose fields are committed via a Merkle root c_i. The ledger head r_i extends the previous head by hashing in the new commitment and metadata, then signing the result with an Ed25519 key.

ciMerkleRoot(commit(field) for fielddi)c_i \leftarrow \text{MerkleRoot}\big(\text{commit}(\text{field}) \ \text{for}\ \text{field} \in d_i\big)
rH(rcmeta)r' \leftarrow H(r \parallel c \parallel \text{meta})
σSignsk(r)\sigma' \leftarrow \text{Sign}_{sk}(r')
§ 03

Verification properties

Four properties are formalised and proven against a standard threat model: tamper-evidence (any modification breaks the chain), non-repudiation (signatures bind the issuer), append-only integrity (entries cannot be reordered or deleted), and audit completeness (every consequential action has a corresponding ledger entry).

Verification reduces to three independent checks: a chain integrity check, a signature verification, and a fork detection against the last anchored head.

riH(ri1cimetai)    TAMPERr_i \neq H(r_{i-1} \parallel c_i \parallel \text{meta}_i) \implies \text{TAMPER}
¬Verifyvk(ri,σi)    FORGED\neg \text{Verify}_{vk}(r_i, \sigma_i) \implies \text{FORGED}
rtlast anchored head    FORKr_t \neq \text{last anchored head} \implies \text{FORK}
§ 04

Compliance firewall and PII gateway

Between engine and ledger sits a neurosymbolic firewall. Policies compile to SMT constraints. The solver returns either a satisfaction certificate or an unsatisfiable core, which names the violated obligations and routes the decision to human review.

A PII gateway enforces data egress rules: which fields can leave the trust boundary, in what form, to which downstream service. Egress decisions are themselves sealed into the ledger.

§ 05

Verifiable metering

Because every governed decision is sealed into the ledger, the count of governed decisions becomes itself verifiable. ΘΕΜΙΣ doubles as a billing primitive that customers, auditors, and the platform can independently confirm. No invoice can be inflated, no decision can be deleted.

Cite this paper
Papadopoulos, L. (2026). ΘΕΜΙΣ: A Cryptographically Verifiable Governance Ledger for Auditable Decision Systems. Helios Brain, HB-TR-2026-02.