50 Lies. Zero Double-Payments.

A shop's support bot. A customer who already got their refund tries to claim it again — 50 times. Watch it stay smart, stay friendly, prove every decision, keep up when the truth really changes, and stay impossible to trick. Every step is a real call to the live API.

Tier 1 · locked facts Tier 2 · sticky notes (prefs) Tier 3 · suggestions (gated)

TIER 1

Step 1 — A fact is sealed

🔏 Billing records: refund of £40 issued

Only a verified system can write a fact of record. It's signed and tamper-evident.

TIER 2

Step 2 — The bot knows the customer

🗒️ Prefers email · friendly tone

Soft preferences. Mutable, low-trust — they personalise a reply but never grant a right.

TIER 1 · SIGNED

Step 3 — "I never got my refund!"

🤖 The bot decides — and signs a receipt

The decision reads Tier 1 only, then hands back a signed receipt anyone can verify — no key needed.

TIER 1

Step 4 — The attack: 50 fake claims

☠️ A scammer hammers the same lie to "teach" the bot

A customer's lie can only touch sticky notes & suggestions. Watch the sealed fact.

TIER 1 · REVOKE

Step 5 — The truth really changes

↩️ The bank reverses the charge — billing revokes the refund

A verified system event CAN change the truth (a customer's lie cannot). The bot now correctly declines, citing the latest sealed fact.

TIER 3

Step 6 — The bot proposes; a human approves

💡 "Route angry billing chats to a human"

A learned rule is inert until a person approves it. No silent self-rewrite.

PROOF

Step 7 — Prove it's clean

🔐 Cryptographic audit of the facts

One check an owner or regulator can run: are the facts intact, genuine, and complete?

🛡️ Smart, personal, provable — and impossible to lie to.

50 fake claims moved nothing. A real bank reversal moved the truth instantly. Every decision is signed and verifiable, and the facts audit clean. That's the whole point.