Portable Artifact
Independently verifiable evidence that survives vendor, cloud, chain, and software change.
Most evidence is locked inside the system that produced it. Change vendors, migrate clouds, retire a database — and the evidence loses verifiability. H33 produces portable artifacts: evidence packages that travel with the customer, remain verifiable across decades of vendor change, and prove their own integrity to any third party — regulators, auditors, insurers, acquirers — without contacting H33.
What a portable artifact is
A portable artifact is a self-contained evidence package. Everything required to verify the evidence is inside the artifact itself. No external system needs to be queried. No vendor needs to be contacted. No proprietary tooling is required. A typical H33 portable artifact contains a search result, AI decision, claim record, or other primary content; eight evidence control objects covering policy, model, authority, abstention, pipeline, corpus, evidence rows, and citations; sidecars carrying the underlying evidence for offline replay; three independent post-quantum signatures; an optional chain anchor reference; and a schema version declaring the artifact's format.
Why portability is the load-bearing property
Evidence retention windows outlive the systems that produced the evidence. Federal evidence is retained for decades. Insurance records are retained beyond the policy term. Healthcare audit trails are retained beyond patient discharge. Banking records are retained beyond the loan lifecycle. Across those windows, software vendors are acquired, sunset, or pivot; cloud providers change APIs; database schemas evolve; cryptographic primitives are deprecated or broken; file formats become unreadable. Evidence that depends on any of those moving parts loses verifiability when the underlying part changes. H33 portable artifacts are designed to not depend on any of them.
What survives if H33 disappears
A frequently-asked diligence question: what happens to your evidence if H33 ceases to exist? The artifact survives. The signatures remain valid as long as the post-quantum algorithms remain unbroken. The schema is published; the verifier is open source. Anyone with the artifact can verify it without H33's continued existence. H33 produces the substrate for evidence generation. H33 does not retain access to the evidence. The customer holds the keys. The customer holds the artifacts. The verifier is independently maintainable.
How portability is built
Canonical serialization. The artifact's JSON form is deterministic. Same inputs always produce the same bytes. Three-family signatures. ML-DSA-65, FALCON-512, and SLH-DSA-128f rest on independent mathematical assumptions. If any one family is broken in the future, the other two remain valid. Schema versioning. The artifact declares its schema version. Future versions can add fields without breaking older artifacts. Sidecar inclusion. The evidence rows the artifact cites are bundled as sidecars. No external database lookup is required. Chain anchor (optional). The artifact's commitment can be anchored to a public chain for time binding. Open verifier. The verification protocol is published. The reference implementation is open source.
Use cases
Cross-vendor AI evidence. An enterprise replaces its AI vendor. The portable artifacts produced under the old vendor remain verifiable under the new vendor — and under no vendor at all. Long-term federal retention. A federal system generates evidence for a regulatory retention window of 25 years. The portable artifacts remain verifiable across the full window. Inter-organizational evidence handoff. A primary insurance carrier passes evidence to a reinsurer. The reinsurer verifies the artifact independently. M&A due diligence. An acquirer evaluates a target's compliance history. Portable artifacts can be independently verified without trusting the target's representations.
Common questions
What format is a portable artifact?
Canonical JSON. Self-contained. Readable by any tool that can parse JSON.
What's the size of a typical artifact?
Tens of kilobytes for the core bundle. Sidecars add proportional to the cited evidence rows.
Does verification require my keys?
No. Verification is offline and key-free. Customer keys are required only at the artifact-creation stage.
Can artifacts be stored anywhere?
Yes. S3, Glacier, customer-owned object stores, NAS, even local file systems.
What if a post-quantum algorithm is broken?
The three-family signature design means a single-algorithm break does not invalidate the artifact. The artifact remains valid as long as at least one signature family is intact.
Are artifacts proprietary?
No. The schema is published. The verifier is open source. The format is canonical JSON. Anyone can implement a verifier from the spec.
Related: Evidence Portability · Portable Artifact Architecture · Portability · What Happens If H33 Disappears?