# Production Readiness Report — First Independent Replay (L9, the moat)

**Proof ID:** `first-independent-replay`
**Subject:** A standalone CLI binary (`h33-independent-canonical-replay`) reads an exported evidence package (events.json + manifest.json) and reconstructs the L5 time-travel tenant's snapshots to **byte-identical state_ids** — at five distinct T values — with **no database connection**, **no SCIF backend running**, **no network access**. Run under `env -i` (sanitized environment).
**Date:** 2026-06-02
**Determination:** PROVEN IN OPERATION (scope: structural replay determinism. Snapshot is byte-identical to the published L5 values when reconstructed from the canonical event log alone. v1 does NOT yet verify the underlying ML-DSA-65 + FALCON-512 + SLH-DSA-128f signatures — L9.1 closes that with a parallel full-signature archive.)
**Version:** 1.0 (Final)

---

## The headline

> **"H33 was removed from the process and the organization still replayed identically."**

That sentence is the moat. Time Travel (L5) is impressive — almost everyone can be impressed by it. **Independent Replay is the thing competitors are structurally unable to catch up to.** The day this proof exists, the conversation changes from software to infrastructure. The system stops being viewed as a vendor and starts being viewed as evidence.

---

## Three claims (the 10-second read)

1. **A standalone binary reconstructs the L5 time-travel state_ids byte-identically** — five replays, five T values, five matches.
2. **The verifier runs with no database, no SCIF backend, no network** — only the events.json + manifest.json from the evidence package + the standalone binary's file I/O.
3. **The binary's linker scope proves the claim** — the only modules it imports from `h33-xeon-api` are the pure-function replay engine (`agent_zero::astate_replay`) and the canonical types (`agent_zero::astate`).

---

## 01 — Problem

L5 (Time Travel Replay) demonstrated that H33 can reconstruct the authority graph as of any T. The natural follow-up question — and the question every regulator, insurer, and enterprise architect actually asks when evaluating H33 as evidence rather than as software — is:

> *"What happens to all this beautiful replay machinery if your company goes away? Your servers go offline. Your database burns down. We can't reach you. **Can we still replay?**"*

Most platforms answer "no" or change the subject. **H33 answers yes, and demonstrates it.** That's this proof.

---

## 02 — Environment

| Component | Detail |
|---|---|
| Standalone binary | `h33-independent-canonical-replay` at scif-backend SHA `178bd2f08` |
| Verifier binary SHA-256 | `fb8e2be10d844cad5067e93fb29a7a286ee8ef30ab9dacd5464a16da1898bcfe` (locally-built dev profile; reproducible from source at the SHA above) |
| Imports from h33-xeon-api | `agent_zero::astate_replay` + `agent_zero::astate` (linker scope is the proof) |
| Reads from disk | `events.json` + `manifest.json` only |
| Reads from network | nothing |
| Reads from database | nothing |
| Environment when run | `env -i HOME=$HOME PATH=...` (no PG vars, no AWS, no H33 service credentials present) |

---

## 03 — The evidence package

[Downloadable tarball: `evidence-package.tar.gz`](evidence-package.tar.gz) — 3.5 KB.

Package SHA-256: `39833b1c3d4c612646ec263d6032d5f75e85b116eefb148478908b2239663f32`

Contents:

| File | What | SHA-256 |
|---|---|---|
| `events.json` | 11 canonical events from `tenant_time_travel_44962d9b-…` (the L5 tenant) | `14ebe6d22143e72d675ce7454c83371e6684f4c9b4009e1af7d6ed75732a9b1e` |
| `manifests/manifest_T5.json` | Replay at T = 1780440005000, expects state_id `1890b20c…0025` | — |
| `manifests/manifest_T6.json` | Replay at T = 1780440006000, expects state_id `70fdc855…91e8` | — |
| `manifests/manifest_T8.json` | Replay at T = 1780440008000, expects state_id `deb7f04a…eb60` | — |
| `manifests/manifest_T10.json` | Replay at T = 1780440010000, expects state_id `b07974ae…cde50` | — |
| `manifests/manifest_TInf.json` | Replay at T = 1800000000000, expects state_id `0f0e51dd…0c97` | — |
| `VERIFICATION-INSTRUCTIONS.md` | How to reproduce, build instructions, expected exit codes | — |

Also published alongside this proof page: the individual per-T verifier outputs ([`evidence/report_T5.json`](evidence/report_T5.json) ... [`evidence/report_TInf.json`](evidence/report_TInf.json)).

---

## 04 — Five independent replays · five matches

The verifier was run under `env -i` (sanitized environment) once per manifest. Five PASS results:

| Snapshot | Target T | Expected state_id | Computed state_id | Match | Exit |
|---|---|---|---|---|---|
| T5 (after decision_001) | `1780440005000` | `1890b20c…0025` | `1890b20c…0025` | ✓ | 0 |
| T6 (after decision_002, lineage visible) | `1780440006000` | `70fdc855…91e8` | `70fdc855…91e8` | ✓ | 0 |
| T8 (after model v2 register) | `1780440008000` | `deb7f04a…eb60` | `deb7f04a…eb60` | ✓ | 0 |
| T10 (after decision_004) | `1780440010000` | `b07974ae…cde50` | `b07974ae…cde50` | ✓ | 0 |
| T∞ (far future) | `1800000000000` | `0f0e51dd…0c97` | `0f0e51dd…0c97` | ✓ | 0 |

Every state_id is byte-identical to the value originally published by the L5 test (`tests/time_travel_replay_001.rs` at scif-backend SHA `d29cc7c33`).

---

## 05 — Why the binary scope matters

The verifier's `use` declarations (the Rust import statements) tell you what infrastructure it depends on. Here they are, verbatim:

```rust
use clap::Parser;
use h33_xeon_api::agent_zero::astate_replay::{
    replay_until, AuthEvent, ReplayConfidence, ReplayResult, ReplayVerdict,
};
use serde::{Deserialize, Serialize};
use std::path::PathBuf;
use std::process::ExitCode;
```

No PostgreSQL driver. No HTTP client. No AWS SDK. No Auth1. No SCIF server. No backend at all. **The linker won't let it call something it doesn't import.** That's the proof of independence — not a marketing claim, a structural fact.

---

## 06 — The verifier's output (one example, T10)

```json
{
  "proof_id": "first-independent-canonical-replay",
  "headline": "H33 was removed from the process and the organization still replayed identically.",
  "binary": "h33-independent-canonical-replay",
  "label": "L5 Time Travel — replay at T10",
  "inputs": {
    "tenant_id": "tenant_time_travel_44962d9b-25f5-5622-bd9a-98d5580bb8a2",
    "tenant_root": "princ_root_time_travel_44962d9b-…",
    "target_t_ms": 1780440010000,
    "event_count": 11
  },
  "structural_checks": {
    "every_event_parsed": true,
    "every_event_has_signature": true,
    "expected_verdict": "Valid",
    "actual_verdict": "Valid",
    "verdict_matches": true
  },
  "replay": {
    "computed_state_id": "b07974aed797856dc47ca07f423124804a1096cb892294c57fb902db149cde50",
    "active_grants": 2,
    "active_policy_versions": 2,
    "active_model_versions": 2,
    "decisions_present": 4,
    "excluded_authorities": 0
  },
  "state_id_comparison": {
    "expected": "b07974ae…cde50",
    "computed": "b07974ae…cde50",
    "matches": true
  },
  "confidence": { "score": 72, "checks": [ … five named checks … ] },
  "determination": "PASS — H33 was removed from the process and the organization replayed identically.",
  "overall_pass": true,
  "honest_scope": "v1 verifies structural replay determinism … L9.1 closes Phase E with a parallel full-signature archive."
}
```

Full output for all five T values is published in the `evidence/report_*.json` files alongside this proof.

---

## 07 — The honest scope (v1 vs L9.1)

v1 verifies *structural* replay determinism:

- Every event parses against the canonical `AuthEvent` schema.
- Every event carries a non-empty 148-hex signature placeholder.
- Replay engine reconstructs the snapshot byte-identically.
- Reconstructed state_id matches the manifest's expected_state_id.
- Verdict matches expected (Valid).

v1 does **NOT** yet verify the underlying ML-DSA-65 + FALCON-512 + SLH-DSA-128f signatures themselves. The 148-hex signature on each event is a *binding commitment* (32-byte signing_message ‖ 42-byte CompactReceipt) — the receipt binds the signing message to a hash of the actual PQ signatures and public keys, but the full PQ signatures are not carried in the 148-hex itself. Without them, you can only verify the structure, not the cryptography.

**L9.1 closes that gap.** It introduces a parallel full-signature archive alongside the canonical event log. When the archive is present, this same verifier verifies every event's three PQ signatures independently against published public keys. The single failing check in the Replay Confidence Score (`signatures_verified_at_replay`) flips from `✗ Critical` to `✓ Critical`, and the score climbs from 72/100 to 100/100.

**This is intentional staging.** v1 establishes the moat. v1 demonstrates that H33 can be removed and the organization still replays identically. v2 (L9.1) tightens the cryptographic floor.

---

## 08 — Known limitations

1. **Full PQ signature verification deferred to L9.1.** Explained in section 07. v1's claim is structural; v2's claim will be cryptographic.
2. **The binary is built from `scif-backend` at SHA `178bd2f08`.** That repo isn't fully public yet. The L9.2 follow-up extracts the standalone verifier into a public sibling repo (analogous to the existing `h33-replay-verifier` at github.com/H33ai). When that ships, anyone can clone, build, and verify without needing access to scif-backend.
3. **The evidence package is small and structural.** It demonstrates the capability; real evidence packages will carry hundreds or thousands of events plus the full-signature archive once L9.1 is in.
4. **No on-chain anchor verification in v1.** The H33-74 anchors that bind receipts to substrate transactions are out of scope here. v1 is event-log replay; anchor verification is its own layer.
5. **`AuthEvent.signature` not verified at replay ingestion** (Phase E lock) — same limitation reported in L5, will close with L9.1.

---

## 09 — Evidence appendix

| Field | Value |
|---|---|
| Demonstration tenant | `tenant_time_travel_44962d9b-25f5-5622-bd9a-98d5580bb8a2` |
| Event count in package | 11 |
| Manifests verified | 5 (T5 / T6 / T8 / T10 / T∞) |
| State_ids matched | 5 of 5 (100%) |
| Verifier binary | `h33-independent-canonical-replay` (scif-backend @ `178bd2f08`) |
| Verifier binary SHA-256 (local dev build) | `fb8e2be10d844cad5067e93fb29a7a286ee8ef30ab9dacd5464a16da1898bcfe` |
| Tarball | [`evidence-package.tar.gz`](evidence-package.tar.gz) (3.5 KB) |
| Tarball SHA-256 | `39833b1c3d4c612646ec263d6032d5f75e85b116eefb148478908b2239663f32` |
| events.json SHA-256 | `14ebe6d22143e72d675ce7454c83371e6684f4c9b4009e1af7d6ed75732a9b1e` |
| Verification instructions | [`VERIFICATION-INSTRUCTIONS.md`](VERIFICATION-INSTRUCTIONS.md) |
| Source proof being replayed | [L5 First Time Travel Replay](/proofs/first-time-travel-replay/) |

---

## Independent reconstruction inputs

A third party who clones `scif-backend` at SHA `178bd2f08`, builds the binary, downloads the evidence tarball, extracts it, and runs:

```bash
target/debug/h33-independent-canonical-replay \
  --events-file evidence-package/events.json \
  --manifest-file evidence-package/manifests/manifest_T10.json
```

…should see exit code `0` and a JSON report whose `state_id_comparison.matches` is `true`. Any other result is a divergence.

---

## Readiness determination

> **First Independent Replay (L9, v1 structural): PROVEN IN OPERATION** for one tenant, 11 events, 5 T-value snapshots, state_ids byte-identical to L5 published values, verifier run under sanitized environment.

What this unlocks:
- The category claim: **H33 is evidence, not a vendor.** A regulator/insurer/auditor can run the verifier years from now without needing H33 present.
- The pricing conversation shifts from SaaS to infrastructure.
- The competitive moat: almost nobody else can demonstrate this.
- The path to **L9.1 — Full PQ Signature Verification** (the parallel full-signature archive).
- The path to **#13 First Replayable Organization** (the meta-proof composes L1-L5 + L9; now that the moat exists, the marketing reframe earns the moat).

What this does **not** unlock:
- A claim that ML-DSA-65 / FALCON-512 / SLH-DSA-128f signatures verify independently in v1 (L9.1 does this).
- A claim that the standalone verifier is publicly buildable today without scif-backend access (L9.2 fork to public sibling repo).
- A claim that any real customer has run their own independent replay yet (operator action; the artifact is ready).

---

## Where this proof sits

| # | Proof | Status |
|---|---|---|
| #11 (L5) | First Time Travel Replay | proven |
| **#12 (L9 v1)** | **First Independent Replay — the moat** | **proven now** |
| #13 | First Replayable Organization (meta) | next — moat is in, marketing reframe earns it |
| #14 | Cross-Tenant Governance Replay | roadmap |
| #15 | Asset Lineage (schema work lands first) | roadmap |
| #16 | Regulator Mode | roadmap |
| #17 | Counterfactual Replay | roadmap |

---

## Version

| Field | Value |
|---|---|
| Report version | v1.0 (Final) |
| Frozen | 2026-06-02 |
| Supersedes | None |
| Superseded by (planned) | `first-independent-replay-with-signatures` (L9.1 — when full-signature archive ships) · `first-public-standalone-verifier` (L9.2 — when the binary forks to a public repo) |

---

*Issued by H33, Inc. — Eric Beans, CEO. Independently reconstructable per Section 09.*