Independently reconstructable evidence.
Every proof here is a real customer, a real authority grant, a real replay, a real receipt, a real anchor, and a real artifact returned to the caller. No synthetic identities, no test credentials, no simulated paths.
Evidence Binder — verify a case without ever speaking to us.
Each Evidence Case bundles signed evidence + verifier instructions + runbook. "No regulator should need to understand H33 to verify H33 evidence." First case live: Claim #84711 — $4.2M credit default.
What happened? · Who had authority? · How was authority reconstructed? · What state was produced? · What artifact was returned? · How can a third party verify it? — if every proof answers the same six in the same order, readers recognize the machine, not the page. Read the frame →
First Asset Lineage — "What touched the asset? Who owned the consequences?"
The chain that pulls the entire corpus into one asset-centric walk: Authority → Responsibility → Decision → Asset → Consequence → Risk → Evidence. Two queries Eric LOCKED as a pair: show_asset_lineage(asset_id) = "what touched the asset?" and show_asset_responsibility(asset_id) = "who owned the consequences?". On Claim #84711's asset: 1 asset owner, 5 OTHER principals bore responsibility — including the credit officer (Actor + Supervisor + Approving Authority + Delegated From) and the AI risk agent (Actor). Money quote (LOCKED): Asset ≠ Responsibility. Fund owns asset, manager made decision. SPV owns asset, GP approved transaction. Bank owns loan, underwriter approved risk. Token holder owns position, protocol governor changed policy.
First Reality Gap Detection — "What changed without authorization?"
The first proof you sell tomorrow morning. show_reality_gap_report(tenant_id) walks the canonical event log + the reconstructed snapshot and finds four classes of mismatch: Shadow Authority · Undocumented Delegation · Policy Bypass · Responsibility Drift. Demo tenant lands at exactly Eric's locked output: 12 gaps in the 3/4/2/3 split. Canonical continuity tenant: 0 gaps — clean baseline. Money quote (LOCKED — fifth in the corpus pattern): Policy ≠ Reality. Buyer audience is the simplest in the corpus — auditors and the people who answer to them.
First Independent Replay Verification — "Verified ≠ True"
The Phase E lock closes here. A new L9.1 tenant lands at 3/3 events verified (ML-DSA-65 + FALCON-512 + SLH-DSA-SHA2-128f all agree). The canonical continuity tenant stays untouched — state_ids are sacred — and the verifier honestly reports its pre-L9.1 12 events as "structurally replayable, cryptographically unverifiable." Hybrid storage means either the DB or the evidence package independently produces the same verification result. The corpus pattern is now four lines deep: Institutional Memory ≠ Legal Truth · Influence ≠ Causation · Reproducibility ≠ Justification · Verified ≠ True.
First Decision Reproducibility — "Can we reproduce the outcome?"
The second proof on the orthogonal axis, and the verb shifts. Replay is evidence. Reproduce is computation. reproduce_decision(decision_loan_84711_recommendation) returns the structured replay object PLUS a measured confidence score — five components × 20 points = 100 total. The canonical continuity tenant scores 82/100 today (Inputs 12 + Policy 10 + Model Influence 20 + Responsibility 20 + Outcome 20). Money quote (LOCKED): Reproducibility ≠ Justification. The audience is the simplest one in the corpus: auditors. Their first question — "Can you reproduce this?" — has its first signed, scored, byte-identically replayable answer.
First Model Influence Replay — "Why did the model matter?"
The first proof on H33's orthogonal axis. The five-line ladder asks "What survives change?" — this proof asks "Why did the computation happen?" show_model_influence(decision_loan_84711_recommendation) returns the prediction score (0.84), the threshold (0.75), the 5-feature attribution, and 3 counterfactual probes — all signed at decision time, reconstructable 4 years post-dissolution. Money quote (LOCKED): Influence ≠ Causation. The first proof a regulator, internal model governance team, or AI fairness auditor reads and immediately understands the value of, without needing to know what H33 does.
First Institutional Death Replay — "Does evidence survive the institution itself?"
The customer enterprise dies in 2031. The court trustee replays the chain in 2035 — four years post-death. Claim #84711 still reconstructs. state_id at T=2035 is byte-identical. No H33. No vendor. No company. No employees. No systems. Just signed events and a verifier. The 5th and final line of the H33 continuity ladder is earned: Evidence survives institutions. The strongest proof concept in the corpus — the first where a board member, judge, regulator, or trustee immediately understands the value.
First Inherited Risk Replay — "What did we just inherit?"
PE acquirers, insurers, reinsurers, fund administrators, boards, and regulators don't buy acquisitions — they buy reductions in unknown inherited risk. Acquisition #001 closes. Five years later, show_inherited_risk(acquisition_001) returns 5 open consequences inherited from the acquired enterprise — 2 losses, 1 lawsuit, 1 regulatory action, 1 operational failure — totaling $18,400,000. Every inherited consequence tagged with origin_enterprise_id. Consequences survive organizational boundaries.
First Replayable Insurance Claim — "Why did we lose $4.2M?"
Claim #84711, $4.2M credit-default. Five years later, replay reconstructs the full loss lineage from signed canonical events alone — claim → loss → asset → decision → model → policy → authority → responsibility. The first proof where all 7 abstractions become money. show_loss_lineage(claim_84711) returns 23 typed entries in one query.
First Replayable Responsibility — "Responsibility survives authority"
A $50M decision approved on AI recommendation. A $20M loss. Two years later the supervisor's authority is revoked. Five years later, replay reconstructs the full responsibility chain at the moment of decision. Seven responsibility types queryable: EXECUTION · SUPERVISION · POLICY · MODEL · APPROVAL · ASSET · OVERSIGHT. Authority was revoked. Responsibility remained.
First Authority Lifecycle Replay — "every authority has a reconstructable lifecycle"
Grant → Use → Suspend → Reinstate → Use → Revoke / Expire. Two authorities, six distinct phase state_ids, three rogue decisions flagged by name. The new lifecycle confidence check catches what most systems miss: decisions made after someone should have lost access. The substrate Replayable Responsibility (#14.1) rides on.
First Replayable Enterprise — a permanent institutional memory layer for enterprises
"Most enterprises can tell you who is authorized today. H33 can reconstruct who was authorized, why, under what policy, with which AI model, and why a decision occurred years later — even if H33 no longer exists." The category-creating composition over twelve underlying proofs. Not agent governance. Not AI governance. Not compliance. Institutional memory.
First Catastrophic Vendor Failure — it's 2031, H33 is gone, reconstruct anyway
A buyer-facing scenario: the company is gone, SCIF is gone, the database is gone, Netlify is gone, Auth1 is gone, AWS is gone. The auditor has a 3.5 KB tarball and a verifier source archive. She reconstructs the chain anyway. Five state_ids matched byte-for-byte. Attacks vendor risk and evidence loss — two of the seven buyer pains every CISO and insurer is paying to eliminate.
First Independent Replay — H33 was removed from the process and the organization replayed identically
A standalone binary reconstructs the L5 time-travel state_ids byte-identically — at five distinct T values — with no database, no SCIF backend, no network. Run under env -i. The verifier's linker scope is the proof: it cannot call infrastructure it doesn't import. The moat almost nobody else can demonstrate.
First Time Travel Replay — what did it look like when this decision was made?
Five replays. Five distinct moments in time. Five distinct state_ids. Each captures the exact model versions, policy versions, and decisions in effect at T. Replays at the same T are byte-identical forever. Decisions carry causal lineage. Replay confidence is scored honestly — 72/100 names the open Phase E signature gap directly.
First Tenant-Scoped Agent Hierarchy + Authority Search Language v1
9-principal tenant tree (5 levels) reconstructed from signed canonical events, plus the first query language over the authority graph: descendants, leaves, capability/policy lookup, authority path, blast radius. 14 ASL queries asserted. Per Eric: the surface that turns H33 into an operating system for agent governance, not an AI company.
First Agent Supervisor Chain — agents supervising agents
Three-level sequential supervision: Human → AI Reviewer → AI Risk Agent. The risk agent's authority traces THROUGH the reviewer THROUGH the human to root — agent-to-agent supervision encoded in the canonical event log. Human-only approval. Leaf agent cannot delegate further.
First Agent Authority Envelope — what was the agent allowed to do?
The agent's envelope is in signed canonical events — not policy text, not runtime config. Every IN capability present; every OUT capability denied. Three years later, reconstructed from the event log alone. The bridge proof for transfer agents, fund administrators, insurers, and AI governance buyers.
First AI-Assisted Transfer Approval with Replayable Delegation
A human delegates a constrained review capability to an AI. The AI's authority traces to root through the human — in the canonical event log itself. AI scope is review-only; the human retains final approval. The delegation chain is the proof.
First Tokenized Asset Transfer with Replayable Authority
The same canonical-auth chain that produced the V101 first bundle reconstructs an approve_transfer authority for a tokenization tenant. Byte-identical determinism. Forensic explanations included. For Ondo, Securitize, Kinexys, transfer agents, fund administrators.
Multi-Tenant Isolation #001 — Two Tenants, One Database, Zero Leakage
Two tenants sharing the same database, same code, same signing keys. Distinct state_ids. Zero cross-tenant identifier leakage. Injection attack returns ProvenanceBroken with zero active grants.
Regulator Replay #001 — Three Years Later, Reconstructed Byte-Identical
Given the canonical event log and target T = 1780359626000, the platform reconstructs the authority state that justified the V101 first-bundle decision. state_id is byte-identical across replays. Every authority comes with a forensic explanation.
First anchored V101 Content Bundle
H33-CANONICAL-AUTH-v1 proven in operation end-to-end. Real customer (princ_customer_9), real Auth1 Bearer, real replay against canonical event log, real H33-74 anchor on h33-substrate-v1, real V101 manifest persisted to Netlify Blobs.
Independent Verification Kit (v1.0)
Reproduction package for external security teams, auditors, and researchers. Eight-step guide, machine-readable artifact manifest, PGP-signable attestation template. No NDA, no proprietary tooling. CC-BY 4.0.
Open the Verification Kit →Every published H33 proof follows the same shape.
Nine sections, three claims, brutally honest limitations, public artifacts an independent party can fetch. The shape is the credibility.
Open the Proof Template →