Prove everything. Reveal nothing.

OMEGA enables organizations building AI models to cryptographically prove their training data passed compliance audits to regulators, auditors, and business partners — without uploading a single byte of proprietary data. Built on Midnight Network, OMEGA uses zero-knowledge proof circuits to make compliance attestation a cryptographic primitive rather than a legal opinion.

Every AI company operating in 2026 faces the same structural tension: regulators demand visibility into training data under frameworks such as the EU AI Act, while exposing that data means surrendering competitive advantage. Existing compliance solutions require uploading datasets to third-party vendors — creating IP exposure, GDPR liability, and a single point of trust that contradicts the zero-trust posture regulators increasingly expect.

OMEGA resolves this by running compliance scans entirely within the client's environment. The dataset never leaves the device. The scan results are bound to the dataset's cryptographic hash inside a Compact zero-knowledge circuit on Midnight Network. A ZK proof of compliance is published on-chain. The original data remains private by construction.

Selective disclosure allows the compliance owner to issue verifier-scoped tokens that reveal only the specific bundles a given auditor needs — GDPR to a European regulator, HIPAA to a healthcare partner, Copyright to a licensing authority. No verifier sees more than they are authorized to see. Tokens carry expiry and can be revoked.

OMEGA attests to four named bundle circuits, each producing an independent ZK proof:

A verifier can request a single bundle without accessing others. Disclosure is scoped at the circuit level and enforced on-chain.

The compliance owner uploads a dataset locally. A scanner engine (SENTINEL) runs heuristic checks for PII, copyright markers, bias indicators, diversity statistics, and license metadata. The results are bound to the dataset's SHA-256 hash, and a ZK proof is generated via Midnight's proof server and submitted to the Preprod ledger.

The owner selects which compliance bundles to reveal and specifies the verifier's wallet address. The issue_token circuit enforces that the revealed bundle mask is a subset of what the scan actually satisfied. The token carries an expiry timestamp and is recorded in the on-chain token registry.

An auditor submits the token ID. The verify_token circuit checks token authority, expiry, and bundle scope. It returns only the authorized pass/fail results. No underlying data, no unauthorized bundles, no dataset bytes.

The owner can irrevocably revoke any attestation. Revocation propagates immediately: all associated tokens fail verification, and the record is permanently marked in the on-chain revocation set.

Dataset (local)  →  Scanner (browser)  →  ZK Proof (Midnight)  →  Ledger (Preprod)
                          |                       |
                    SHA-256 hash            Compact circuits
                    never uploaded          enforce compliance

Plus four independent bundle sub-circuits: gdpr_bundle, eu_ai_act_bundle, copyright_bundle, hipaa_bundle.

• Dataset bytes never leave the client boundary
• Compliance bitmaps are derived in-circuit, never user-supplied
• Secret keys are never serialized or logged
• Token scope is subset-enforced by the circuit
• Replay protection via per-identity sequence counters
• Revocation propagates through the token and attestation registries

1. Specific compliance scans were executed against a specific dataset
2. Scan results are cryptographically bound to the exact dataset hash
3. Results were derived inside a ZK circuit, not asserted externally
4. The owner's identity is proven without revealing their private key
5. Each attestation is non-replayable and uniqueness-enforced
6. A verifier sees only the bundles explicitly authorized for them

• Regulatory certification or legal sufficiency
• Exhaustive scanner completeness
• Compliance beyond the heuristic scope of each check
• Real-world regulatory approval from any governing body

omega/
├── contract/                    # Compact smart contract (8 circuits)
│   ├── src/omega.compact        # Contract source
│   ├── managed/omega/           # Compiled artifacts (.zkir, prover/verifier keys)
│   ├── build.sh                 # Linux/macOS build
│   └── build.bat                # Windows (WSL) build
├── sdk/                         # TypeScript SDK
│   ├── src/
│   │   ├── omega-api.ts         # Contract interaction layer
│   │   ├── sentinel.ts          # Local compliance scanner
│   │   ├── sigma.ts             # Cryptographic hashing and commitment
│   │   ├── canvas-adapter.ts    # Midnight runtime adapter
│   │   ├── forge-providers.ts   # Wallet and proof provider wiring
│   │   ├── bundles.ts           # Compliance framework definitions
│   │   ├── timestamp.ts         # Blockchain timestamp anchoring
│   │   └── lineage.ts           # Dataset lineage chain building
│   └── package.json
├── frontend/                    # React + Vite dApp
│   ├── src/routes/              # Home, Submit, Dashboard, Verify, Explorer, Onboarding
│   ├── src/components/          # OmegaButton, HashDisplay, StatusBadge, BundlePill, ProofCard
│   ├── lib/                     # Client runtime and wallet store
│   └── package.json
└── scripts/                     # Deployment, sync, and utility scripts

• Node.js 20+ and Yarn 1.x
• 1AM Wallet browser extension configured for Midnight Preprod
• Funded Preprod wallet with tNIGHT and generated tDUST
• Docker (optional: for local proof server; the remote Preprod proof server is the default)

git clone <repo-url> omega
cd omega
yarn install

cp .env.template .env
cp frontend/.env.template frontend/.env.local

Edit .env with your deployment wallet mnemonic or seed hex. These values are consumed exclusively by the server-side Preprod deployment script. Never place seed material in frontend/.env.local.

Linux/macOS:

cd contract && bash build.sh

Windows (WSL 2):

contract\build.bat

yarn deploy:preprod

Copy the emitted contract address into .env, frontend/.env.local, and your hosting provider as VITE_CONTRACT_ADDRESS.

cd frontend
yarn dev

The application will be available at http://localhost:3000.

For local development without relying on the remote Preprod proof server, start a local instance via Docker:

docker-compose up -d
curl http://localhost:6300/health

Run the complete test suite without any blockchain connectivity:

cd sdk
yarn test

This executes the full integration test (submit attestation, issue token, verify, revoke) plus unit tests for API semantics and contract invariants. All eight ZK circuits are exercised against an in-memory ledger adapter, validating the complete compliance pipeline.

For the integration test in isolation:

yarn test:integration

The scanner methodology is heuristic and pattern-based. It is not regulator-certified. Legal and regulatory interpretation requires independent expert review. The cryptographic source of truth is the deployed Preprod Compact contract and its generated ZK proof artifacts. Disclosure bundle names shown in the frontend are UX labels; the on-chain bundle_mask and contract enforcement are the authoritative record.

OMEGA supports deployment to Google Cloud Run via the included Dockerfile and deployment scripts.

gcloud auth login
gcloud config set project YOUR_PROJECT_ID

yarn deploy:cloud-run -- -Service omega-frontend -Region us-central1 -ContractAddress <your-deployed-address>

• Midnight Network Documentation
• Compact Language Reference
• 1AM Wallet
• Preprod Faucet

MIT