H33
L9 · the moat · June 2, 2026

First Independent Replay.
The moat.

"H33 was removed from the process and the organization still replayed identically."

A standalone binary reads an exported evidence package (events + manifest) and reconstructs the L5 time-travel snapshots byte-identically — at five distinct T values — with no database, no SCIF backend, no network. Run under env -i (sanitized environment). The binary's linker scope is the proof: it cannot call infrastructure it doesn't import.

Download the evidence package (3.5 KB) L5 source → ← Markdown report
Auditors Regulators Insurance Underwriters Enterprise Architects CISOs · Risk PE · M&A Anyone evaluating H33 as evidence
What was proven · 10-second read

Almost nobody else can demonstrate this.

01
Five replays at five T values reconstruct byte-identical state_ids.
02
No database. No SCIF. No network. Verified under env -i.
03
The binary's linker scope is the proof. It cannot call what it doesn't import.
Reading any H33 proof · the six questions

Same six answers. Different scope. The reader recognizes the machine.

  1. 1What happened?

    A standalone CLI binary (h33-independent-canonical-replay) was run on an exported package of 11 canonical events plus 5 manifests, and reconstructed the L5 time-travel state_ids byte-identically.

  2. 2Who had authority?

    The original L5 tenant: princ_customer_9 (human supervisor), princ_ai_underwriter_001 (AI), all delegations from root. The independent verifier does not need to trust H33 to verify any of it.

  3. 3How was authority reconstructed?

    replay_until running inside the standalone binary, reading only events.json and a per-T manifest.json from disk. No DB, no SCIF, no network.

  4. 4What state was produced?

    Five state_ids — 1890b20c… · 70fdc855… · deb7f04a… · b07974ae… · 0f0e51dd… — all matching the L5 published values byte-for-byte.

  5. 5What artifact was returned?

    The evidence-package.tar.gz tarball + five per-T JSON verifier reports. Reproducible from source at scif-backend SHA 178bd2f08.

  6. 6How can a third party verify it?

    Clone scif-backend at SHA 178bd2f08, build h33-independent-canonical-replay, run it against the downloaded evidence package's manifests. Expect exit code 0 and state_id_comparison.matches: true.

01What was not available when the verifier ran

Database
no PostgreSQL · no $PG* env
SCIF Backend
no h33-gateway · no Auth1
Network
no HTTP · no AWS SDK
H33 Service Creds
no secrets · no tokens

The verifier was invoked under env -i HOME=$HOME PATH=/usr/bin:/usr/local/bin:/opt/homebrew/bin — a sanitized environment with no DB credentials, no AWS keys, no H33 service variables. Its only inputs were two local files: events.json and a per-T manifest.json.

02Why the binary scope is the proof

The verifier is a Rust binary. Rust binaries can only call functions they import. Here are the verifier's complete use declarations:

use clap::Parser;
use h33_xeon_api::agent_zero::astate_replay::{
    replay_until, AuthEvent, ReplayConfidence, ReplayResult, ReplayVerdict,
};
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use std::process::ExitCode;
No sqlx. No reqwest. No aws-sdk. No tokio runtime spinning up. No auth1. No h33_auth. The linker won't let it call something it doesn't import. That's the proof of independence — not a marketing claim, a structural fact verifiable by reading the binary's symbol table.

02Five independent replays · five matches

Snapshot
Expected = Computed (state_id)
Match
Exit
T5
1890b20c61daa91ed6079b0215f3c99c5b61d1e7031f9d8fc3ddeb91b72b0025
0
T6
70fdc855447623918c2ee1b5cdfd3550ca20273a4116a3cd4bd33892508b91e8
0
T8
deb7f04a0e6bbf48cf3e68817a1aece75c7849da0380b3cc992eaa62f928eb60
0
T10
b07974aed797856dc47ca07f423124804a1096cb892294c57fb902db149cde50
0
T∞
0f0e51dd8c35d13d53de9b49c7e72f1926160b19f8f5d5e1b55f0c7cd1770c97
0

Every state_id is byte-identical to the value L5 (First Time Travel Replay) originally published. The L5 source was running against the production database; this verifier was running against a local JSON file with the database offline. Same state_ids. That's the moat.

03The honest scope (v1 vs L9.1)

v1 verifies

Every event parses · every event has a 148-hex signature · the replay engine reconstructs the snapshot byte-identically · the reconstructed state_id matches the manifest's expected value · the verdict matches.

v1 does NOT yet verify (and we say so out loud)

Full ML-DSA-65 + FALCON-512 + SLH-DSA-128f signatures. The 148-hex on each event is a binding commitment (32-byte signing_message ‖ 42-byte CompactReceipt) — the receipt binds the message to a hash of the actual PQ signatures + public keys, but the full PQ signatures are not carried in the 148-hex. Without them, the verifier can confirm structure but not raw cryptography.

L9.1 closes that gap. It introduces a parallel full-signature archive alongside the canonical event log. When the archive is present, this same verifier checks every event's three PQ signatures independently against published public keys. The single failing check in the Replay Confidence Score (signatures_verified_at_replay) flips from ✗ Critical to ✓ Critical, and the score climbs from 72/100 to 100/100. v1 is the moat; v2 (L9.1) is the bolted titanium gate.

04The evidence package

FileWhat / SHA-256
evidence-package.tar.gz 3.5 KB tarball · 39833b1c3d4c612646ec263d6032d5f75e85b116eefb148478908b2239663f32
events.json 11 canonical events for the L5 tenant · 14ebe6d22143e72d675ce7454c83371e6684f4c9b4009e1af7d6ed75732a9b1e
manifests/manifest_T5.jsonreplay at T = 1780440005000, expected 1890b20c…0025
manifests/manifest_T6.jsonreplay at T = 1780440006000, expected 70fdc855…91e8
manifests/manifest_T8.jsonreplay at T = 1780440008000, expected deb7f04a…eb60
manifests/manifest_T10.jsonreplay at T = 1780440010000, expected b07974ae…cde50
manifests/manifest_TInf.jsonreplay at T = 1800000000000, expected 0f0e51dd…0c97
VERIFICATION-INSTRUCTIONS.mdReproduce-yourself instructions

05To reproduce yourself

  1. Clone scif-backend at commit SHA 178bd2f08.
  2. Build: cargo build --bin h33-independent-canonical-replay
  3. Download evidence-package.tar.gz and extract.
  4. Run, optionally under env -i: 
    env -i HOME=$HOME PATH=/usr/bin:/usr/local/bin:/opt/homebrew/bin \
  target/debug/h33-independent-canonical-replay \
    --events-file evidence-package/events.json \
    --manifest-file evidence-package/manifests/manifest_T10.json
  5. Expect exit code 0 and state_id_comparison.matches: true. Repeat for the other four manifests.

06Why this changes the conversation

Eric, June 2, 2026

"The biggest remaining question isn't 'Can you replay?' — it's 'Can you replay if H33 disappears?' The day you demonstrate that, the conversation changes from software to infrastructure. That's the moment auditors, insurers, and regulators start viewing the system as evidence rather than as a vendor."

This proof earns that pivot. The verifier was a standalone Rust binary, reading two JSON files, with the database offline and the SCIF backend not consulted. The organization replayed identically. H33 was structurally absent from the process and the result was byte-for-byte the same.

07Known limitations

  1. Full PQ signature verification deferred to L9.1. Explained in section 03.
  2. The binary builds from scif-backend at SHA 178bd2f08. That repo isn't fully public yet. L9.2 follow-up forks the standalone verifier into a public sibling repo.
  3. The evidence package is small. Real packages will carry hundreds or thousands of events plus the full-signature archive.
  4. No on-chain anchor verification in v1. H33-74 anchor verification is its own layer.
  5. AuthEvent.signature not verified at replay ingestion (Phase E lock; same as L5; closed in L9.1).

08Evidence appendix

FieldValue
Demonstration tenanttenant_time_travel_44962d9b-25f5-5622-bd9a-98d5580bb8a2 (L5)
Event count in package11
Manifests verified5 (T5 / T6 / T8 / T10 / T∞)
State_ids matched5 of 5 (100%)
Verifier binaryh33-independent-canonical-replay (scif-backend @ 178bd2f08)
Verifier binary SHA-256 (local dev build)fb8e2be10d844cad5067e93fb29a7a286ee8ef30ab9dacd5464a16da1898bcfe
Tarballevidence-package.tar.gz (3.5 KB)
Tarball SHA-25639833b1c3d4c612646ec263d6032d5f75e85b116eefb148478908b2239663f32
Source L5 prooffirst-time-travel-replay

09Where this proof sits

L5
Time Travel Replay. first-time-travel-replay
proven
L9 v1
Independent Replay — the moat. Standalone binary reconstructs L5 state_ids with no DB, no SCIF, no network. This proof.
proven now
#13
First Replayable Organization (meta) — now that the moat is in, the marketing reframe earns it.
next
L9.1
Full PQ signature verification (parallel full-signature archive · closes Phase E)
roadmap
L9.2
Standalone verifier in a public sibling repo (anyone can clone + build)
roadmap
#14
Cross-Tenant Governance Replay
roadmap
#15
Asset Lineage (schema work lands first)
roadmap
#16
Regulator Mode
roadmap
#17
Counterfactual Replay
roadmap

10Readiness determination

Determination

First Independent Replay (L9, v1 structural): PROVEN IN OPERATION for one tenant, 11 events, 5 T-value snapshots, state_ids byte-identical to L5 published values, verifier run under sanitized environment with no DB/SCIF/network.

What this unlocks: the category claim — H33 is evidence, not a vendor. A regulator/insurer/auditor can run the verifier years from now without needing H33 present. The pricing conversation shifts from SaaS to infrastructure.

What this does not unlock: full PQ signature verification in v1 (L9.1); public buildability without scif-backend access (L9.2); any real customer running their own independent replay yet (the artifact is ready — operator action.)

Issued by H33, Inc. · Eric Beans, CEO · 2026-06-02

Independently reconstructable. Inputs: scif-backend @ 178bd2f08 · evidence-package.tar.gz · instructions.