Downloads

1. The demo bundle

claim_84711.json — the claim_84711 v0.2 preview bundle. Self-contained JSON. Open in any text editor to read the structure; run it through the verifier to get a verdict.

This is a preview bundle. Signatures are deterministic placeholders for demonstration; production bundles carry real PQ signatures from customer-controlled HSMs. The EC schema fields, hash chain ordering, sidecar structure, and verifier output shape are accurate to v0.2 substrate alpha.

2. The H33 Portability Verifier (CLI)

The verifier is a single Rust binary that takes a VES bundle and produces a verdict. Apache 2.0 open source. Static-linked Linux build, native macOS arm64 build, native Windows x86_64 build.

Install (one line)

curl -fsSL https://h33.ai/downloads/install.sh | bash

Auto-detects platform, downloads the binary, verifies its SHA-256 against the published manifest, installs to /usr/local/bin/h33-verify or ~/.local/bin/h33-verify.

Want to inspect first? curl -fsSL https://h33.ai/downloads/install.sh -o install.sh && less install.sh.

Or download the binary directly

Full checksum manifests: SHA256SUMS, SHA512SUMS.

Checksum maturity — honest scope. The published SHA-256 and SHA-512 manifests verify download integrity (your client got the bytes H33 published). They are not cryptographically signed. A signed checksum manifest is deferred to the production key ceremony (9A) or a documented preview signing key. No preview signing key has been created. Treat these checksums as integrity proofs, not provenance proofs, until the 9A ceremony lands.

Versioned URL pinning. Procurement and reproducible-build pipelines that need a version-stable URL can pin the /downloads/v0.2-alpha-preview/ path instead of /downloads/. Same bytes, same SHA-256, same SHA-512 — the versioned path will not be overwritten when v0.2-alpha-preview ships its next preview drop.

• ↳ v0.2-alpha-preview/h33-verify-darwin-arm64
• ↳ v0.2-alpha-preview/h33-verify-linux-x86_64
• ↳ v0.2-alpha-preview/h33-verify-windows-x86_64.exe
• ↳ v0.2-alpha-preview/SHA256SUMS · v0.2-alpha-preview/SHA512SUMS

Manual install (macOS / Linux):

curl -O https://h33.ai/downloads/h33-verify-darwin-arm64
curl -O https://h33.ai/downloads/SHA256SUMS
shasum -a 256 -c SHA256SUMS --ignore-missing
chmod +x h33-verify-darwin-arm64
mv h33-verify-darwin-arm64 /usr/local/bin/h33-verify

Manual install (Windows PowerShell):

Invoke-WebRequest https://h33.ai/downloads/h33-verify-windows-x86_64.exe -OutFile h33-verify.exe
Invoke-WebRequest https://h33.ai/downloads/SHA256SUMS -OutFile SHA256SUMS
Get-FileHash h33-verify.exe -Algorithm SHA256   # compare to SHA256SUMS
.\h33-verify.exe claim_84711.json

Expected output (verified 2026-06-06)

═══════════════════════════════════════════════════════════════
  H33 Portability Verifier — Verdict
═══════════════════════════════════════════════════════════════

  Bundle ID:  9170985d5e1f…
  Profile:    commercial
  Substrate:  VES v0.2

  OVERALL: PASS WITH WARNINGS

  Eight evidence controls evaluated:

    ✓ EC-3 Time-Bound Authority              PASS
    ✓ EC-1 Pre-Execution Policy Bind         PASS
    ✓ EC-5 Pipeline DAG Receipt              PASS
    ✓ EC-6 Corpus Identity Bind              PASS
    ✓ EC-2 Decision-Time Model Fingerprint   PASS
    ✓ EC-7 Evidence Attestation              PASS  (3 evidence chunks)
    ✓ EC-8 Result-Citation Bind              PASS  (3 citations)
    ⚠ EC-4 Calibrated Abstention Bind        PASS WITH WARNINGS
        (CALIBRATION_UNVERIFIED, vendor_self_attested)

  H33 was not contacted during this verification.
  Verifier: h33-verify v0.2-alpha-preview
  Reproducible with: h33-verify bundle.json --mode summary

  Same bundle. Two independent verification paths. Same result.
═══════════════════════════════════════════════════════════════

This output is what the Trust Card renders client-side too. The CLI verifier and the JavaScript trust-card render produce equivalent verdicts. Run the verifier on your own machine, and the trust card on your browser, and confirm they match.

Same bundle. Two independent verification paths. Same result.

Build from source (fallback)

If your platform is unsupported by the prebuilt binaries, build from source. Requires Rust 1.78+:

git clone https://github.com/H33ai/h33-verifier
cd h33-verifier
cargo build --release
./target/release/h33-verify claim_84711.json --mode summary

Reproducible build (deterministic — bytes match the published binaries)

The published binaries above were produced by the verifier source tree's build-reproducible.sh recipe, with rustc/cargo pinned by rust-toolchain.toml and every dep pinned by Cargo.lock. Two independent runs of the recipe produce byte-identical binaries.

To reproduce and confirm:

git clone https://github.com/H33ai/h33-verifier
cd h33-verifier
./build-reproducible.sh verify    # builds twice, asserts byte-identical
shasum -a 256 dist-reproducible/_run_a/h33-verify-*
# compare against https://h33.ai/downloads/SHA256SUMS

Determinism levers used by the recipe: pinned rust-toolchain.toml (channel 1.93.1), --locked --frozen to enforce Cargo.lock with no network access, SOURCE_DATE_EPOCH=0 to fix embedded timestamps, --remap-path-prefix to erase absolute build paths from debug info, -C strip=symbols to remove symbol tables, CARGO_INCREMENTAL=0, and a per-target CARGO_TARGET_DIR to prevent cross-target state bleed.

Caveat: reproducibility is currently demonstrated on a macOS arm64 host. A platform-independent (Docker-based) reproducible recipe is a follow-up. The current claim is: any third party with an identical host + this source tree produces byte-identical binaries. Anyone with a different host can still verify integrity via the published SHA-256 manifest.

Federal profile enforcement (verifier-side, Locks 1, 3, 4, 5)

When the bundle declares cryptographic_profile: "federal", the verifier additionally enforces the CNSA 2.0 alignment locks documented in the Federal SKU definition (Lock 1, 3, 4, 5). Violations emit PROFILE_MISMATCH with explicit remediation text and exit code 3. Commercial and HighAssurance bundles are unaffected — verifier output is byte-identical to prior builds.

• Lock 1 — every .algorithm field is ML-DSA-65 or SLH-DSA-SHA2-128f.
• Lock 3 — hash hex values at canonical-surface fields are 96 chars (SHA3-384).
• Lock 4 — the outer envelope is co-signed by both ML-DSA-65 AND SLH-DSA-SHA2-128f.
• Lock 5 — FALCON algorithms are forbidden anywhere.

Honest scope: Locks 2 (ML-KEM-1024 envelope), 6 (FIPS 140-3 Level 3+ HSM custody), and 7 (customer-held keys) are sign-side commitments and are not verifier-enforced today. Those are Phase 3 work behind the production key ceremony.

Output modes

• --mode summary — executive verdict. Plain text, ASCII-box layout. One screen.
• --mode report — structured Markdown report with per-EC sections and evidence references. Default. Court-admissible appearance.
• --mode forensic — full JSON output with binary artifact catalog and cryptographic verification log. For Federal evaluators.

3. Published conformance vectors

Conformance vectors live under h33.ai/conformance/v0.2/. Each canonical surface (canonical-json, chain-frontier, corpus-manifest, etc.) has a vector-manifest.json listing input → expected canonical output → SHA3 digest. Independent implementations are conformant if and only if they produce byte-equal outputs.

Available v0.2 vector sets:

• canonical-json/ — RFC 8785 (JCS) reference vectors. (Digest pin pending Alpha-1 close.)
• chain-frontier/ — H33-74 chain ordering vectors. (Output pin pending Alpha-1 close.)
• canonicalize-model-weights/, canonicalize-stage-descriptor/, canonicalize-corpus-manifest/, canonicalize-answer-citations/ — queued for Alpha-2.

4. The substrate source

The 14-crate VES v0.2 substrate alpha is on GitHub:

• github.com/H33ai/h33-ves — 14 Rust crates, 151 tests, Apache 2.0.
• github.com/H33ai/h33-verifier — the verifier source (binary name is h33-verify, crate is h33-verifier).

5. Per-evidence-control product design memos

Memos for each Evidence Control are published at h33.ai/docs/v0.2/:

• EC-3 Time-Bound Authority (DRAFT, review)
• EC-1 Pre-Execution Policy Bind (DRAFT)
• EC-5 Pipeline DAG Receipt (DRAFT)
• EC-6 Corpus Identity Bind (DRAFT)
• EC-2, EC-7, EC-8, EC-4 (queued)
• 9B Revocation Architecture (LOCKED v0.2 2026-06-06)

6. Auditor questionnaire (procurement)

The H33 Release Trust Chain Auditor Questionnaire is the binary-answer evidence package for enterprise procurement review. Available on request — contact sales.