How it works

Erebus is an append-only audit chain. Every action a Korfe agent takes on your behalf is written as a record. You receive a receipt. You can verify that receipt at any time.

What is a receipt?

When an agent completes an action, it submits a record to Erebus. Erebus writes the record to the chain and returns a receipt. The receipt looks like this: 

{
  "eventId":   "a3f8b2c1-4d2e-5f8a-b1c2-d3e4f5a6b7c8",
  "prevHash":  "GENESIS",
  "hmac":      "4d2e8f1a2b3c4d5e6f7a8b9c0d1e2f3a...",
  "createdAt": "2026-05-14T22:10:00.000Z",
  "verifyUrl": "https://verify.useerebus.com/a3f8b2c1-4d2e.../c3a9f2e8d7b6a5f4"
}

The verifyUrl is the link to this verification page for that specific record. It encodes the event ID and HMAC so the page can call the Erebus API and confirm the record.

How to verify a receipt

Click the verifyUrl from your receipt. The page will call audit.daemonid.com, retrieve the record, and display its details — event type, daemon ID, timestamp, and chain position.

If the record exists and its chain link is intact, you'll see a "Verified" badge. If the record doesn't exist or the link is broken, you'll see "Not found."

What the chain guarantees

Erebus makes three structural guarantees:

  • Append-only. The database role that writes events has INSERT and SELECT permissions only. UPDATE and DELETE are explicitly revoked. Records cannot be modified or removed.
  • Integrity-checked. Each record contains a SHA-256 hash of the previous record. If any record is altered or removed, every subsequent link in the chain fails verification.
  • Independently verifiable. Your receipt URL contains the event ID and HMAC needed to verify the record against the API. You don't need to trust Erebus's internal state — you can check it yourself.

What the chain does not guarantee

The chain records what the agent reported. It does not independently verify that the agent made the right decision, that the action was appropriate, or that the content of the record is accurate. It is a log of what was submitted — not a judgment of whether it should have been.

Cryptographic HMAC verification — where each record is bound to a key derived from your passphrase — is a planned feature pending an external audit. Until that audit is complete, verification is structural only: chain links are confirmed, but the HMAC is not yet bound to your passphrase. See the audit status page for current gate status.

What happens when an agent acts

  1. The agent (Cerberus) completes an action and sends a verdict to Erebus via an internal API call.
  2. Erebus validates the payload, computes the chain link, and writes the record.
  3. Erebus returns a receipt with the event ID, chain hashes, and your verification URL.
  4. The agent forwards the receipt to you (via Orpheus notification).
  5. You can click the verification link at any time — now or months later — and confirm the record is still intact.