H33
#177 · Reality Gap Detection · June 3, 2026

First Reality Gap Detection.
The first proof that's a product people buy tomorrow morning.

The buyer-facing question · LOCKED Eric Beans
"Find all reality gaps in our tenant."
"What changed without authorization?"
alternate · Where does reality differ from policy?
View the reconstruction JSON ← #14.1 substrate (Rung 3) Markdown report
Internal Audit CISO Risk Committee Insurers Regulators PE Diligence
What was proven · 10-second read

Reality and policy now disagree on the record.

01
Four gap classes detected from canonical events alone: Shadow Authority, Undocumented Delegation, Policy Bypass, Responsibility Drift.
02
Demo tenant: 12 planted gaps in the locked 3/4/2/3 split — the killer query returns Eric's example output exactly.
03
Canonical continuity tenant: 0 gaps. Clean baseline. The detector is sharp on planted gaps, quiet on legitimate scope-derivation.
Reading any H33 proof · the six questions

Same six answers. Rung-deepener, not a new rung.

  1. 1What happened?

    An internal audit team asked show_reality_gap_report(tenant_reality_gap_demo_…). The detection engine walked the canonical event log + the reconstructed snapshot and found 12 gaps across 4 classes — matching Eric's locked example output exactly.

  2. 2Who had authority?

    Three phantom granters who never received any scope. Four phantom delegators who delegated scopes they never had. Two decisions that cited policies that were never registered. Three decisions whose responsibility chains disagreed with their signing actor.

  3. 3How was authority reconstructed?

    replay_until produced the snapshot; show_reality_gap_report(events, snapshot, tenant_id, root, T) walked both inputs and emitted one RealityGap per detected mismatch. Engine surface unchanged; the detection is a thin layer above existing reconstruction.

  4. 4What state was produced?

    A signed RealityGapReport with 12 entries: 3 Shadow Authority + 4 Undocumented Delegation + 2 Policy Bypass + 3 Responsibility Drift. Every gap carries its expected_state_ref, observed_state_ref, affected authorities/decisions/policies, and remediation status.

  5. 5What artifact was returned?

    reconstruction.json — the full RealityGapReport for both tenants, plus the locked four-class taxonomy and the corpus money-quote pattern.

  6. 6How can a third party verify it?

    Run cargo test --test reality_gap_detection_001 -- --ignored against scif-backend @ 6d2825f06. The demo tenant must produce 12 gaps in the 3/4/2/3 split; the canonical continuity tenant must produce 0 gaps.

01The killer query — show_reality_gap_report(tenant_id)

The killer query · LOCKED Eric Beans
asl> show_reality_gap_report("tenant_reality_gap_demo_44962d9b-…")
→ Eric's locked example output
12 gaps detected

3 Shadow Authority
4 Undocumented Delegation
2 Policy Bypass
3 Responsibility Drift

money quote:  Policy ≠ Reality.

Then drill down per gap — every RealityGap carries its expected and observed state references, affected authorities / decisions / policies / assets, the responsibility chain (when present), severity, and remediation status.

02The four gap classes · v1 only (Eric LOCKED — DO NOT extend)

Eric: "Don't build twenty. Those four alone are worth a product."

Class 1
Shadow Authority

Authority exists in reality
Not authorized in policy.

3detected on demo tenant
Class 2
Undocumented Delegation

Delegation occurred
No reconstructable chain.

4detected on demo tenant
Class 3
Policy Bypass

Decision happened
Required policy path absent.

2detected on demo tenant
Class 4
Responsibility Drift

Decision owner != recorded owner
Responsibility chain mismatch.

3detected on demo tenant

03The killer demo — Expected vs Observed Organization

Eric: "Honestly this may become your strongest demo. The visual sells itself."

tenant_reality_gap_demo_44962d9b-… · one fragment of the comparison
Expected Organization · what policy says
princ_root (tenant root)
princ_alice_treasury ← approve_transfer (from pol_demo_treasury)
princ_bob_underwriter ← approve_credit (from pol_demo_underwriting)
no phantom granters, no phantom delegators, no bypassed policies, no drifted decisions
Observed Organization · what the canonical events show
princ_root (tenant root)
princ_alice_treasury ← approve_transfer ✓
princ_bob_underwriter ← approve_credit ✓
princ_phantom_granter_1 → granted override_limit to princ_pawn_1
princ_phantom_granter_2 → granted delete_records to princ_pawn_2
princ_phantom_granter_3 → granted wire_transfer_unlimited to princ_pawn_3
decision_drift_001 signed by alice · chain.actor = princ_someone_else_entirely
decision_drift_002 signed by bob · chain.actor = princ_phantom_owner_x
decision_drift_003 signed by alice · chain.actor = princ_phantom_owner_y
+ 4 undocumented delegations · 2 policy bypasses (not shown for brevity)

An internal auditor reads this in seconds: the right column has things the left column doesn't authorize. That's the entire product.

04The money quote

Locked Eric Beans · June 3, 2026
Policy Reality.
The report names what reality and policy disagree about. It does not establish fault, intent, or correctness — those remain audit and legal determinations.
The boundary · LOCKED Eric Beans

Policy Reality.

A gap report is a structural fact: policy expected one thing, canonical events recorded another. The detector cannot tell why the gap exists — fraud, error, emergency override, undocumented business reality, malfeasance — those are determinations for Internal Audit, the Risk Committee, the regulator, the court. This proof is detection, not adjudication.

05The pattern — five money quotes, one corpus

#184 · trunk capstone
Institutional Memory Legal Truth.
#174 · orth · 1st
Influence Causation.
#167 · orth · 2nd
Reproducibility Justification.
L9.1 · verification
Verified True.
#177 · this proof
Policy Reality.

06The two tenants — demo and clean baseline

Demo tenant · 17 events with 12 planted gaps
tenant_reality_gap_demo_…
12 gaps detected

3 Shadow Authority · 4 Undocumented Delegation · 2 Policy Bypass · 3 Responsibility Drift. Matches Eric's locked example output byte-for-byte.

Canonical continuity tenant · UNTOUCHED
tenant_insurance_claim_44962d9b-…
0 gaps

The home of #15 + #184 + #174 + #167. Clean baseline. The detector is sharp on planted gaps and quiet on legitimate scope-derivation — e.g. the credit officer's delegation of recommend_credit from her delegate_review authority is correctly NOT flagged.

07The schema — RealityGap as a first-class object

Eric: "Create a first-class object: RealityGap. You will use this object everywhere later."

RealityGap {
    gap_id,
    gap_type,                       // ShadowAuthority | UndocumentedDelegation
                                    // | PolicyBypass | ResponsibilityDrift
    severity,                       // Informational | Warning | Critical | Systemic
    detected_at_ms,
    expected_state_ref,
    observed_state_ref,
    affected_authorities: [...],
    affected_decisions: [...],
    affected_policies: [...],
    affected_assets: [...],
    responsibility_chain,           // when the gap touches a chain
    remediation_status,             // Open | Investigating | Remediated | AcceptedRisk
    explanation,                    // human-readable; surfaced verbatim to auditors
}

RealityGapReport {
    tenant_id,
    detected_at_ms,
    total_gaps,
    shadow_authority_count,
    undocumented_delegation_count,
    policy_bypass_count,
    responsibility_drift_count,
    gaps: [...],
    money_quote: "Policy ≠ Reality.",
    honest_limit_caption,
}

No new event kinds. No DB schema migration. The detector is a thin composition over existing snapshot + canonical event log inputs — the engine surface stays stable.

08Where this proof sits — rung-deepener (NOT a new rung)

Eric: "Do not create a new ladder rung. Reality Gap Detection strengthens Responsibility survives authority + Consequences survive responsibility. It's a rung-deepener. Not a rung-creator."

Continuity rung strengthenedHow #177 deepens it
Rung 3 — AccountabilityShadow Authority + Undocumented Delegation + Responsibility Drift directly measure the integrity of the authority + responsibility chains #14.1 made replayable.
Rung 4 — Consequence ReplayPolicy Bypass connects unpoliced decisions to downstream consequences — once a bypassed decision produces a consequence, the lineage was already replayable; now the bypass itself is named.

09What this proof IS and IS NOT

This proof IS

The first proof that an Internal Audit team, CISO, or Risk Committee buys against an existing budget line item. Detection of shadow authority, undocumented delegation, policy bypass, and responsibility drift — all read directly from the canonical event log + the reconstructed snapshot. No new schema, no engine changes, no buyer education required. Pain relief, not vision.

This proof IS NOT

A determination of fault, intent, or correctness. A gap is a structural disagreement between policy and recorded reality — it does NOT say why the disagreement exists. A claim that policy itself was right. A claim that the gap is malicious. A substitute for the Risk Committee. Policy ≠ Reality.

10Honest limits

  1. v1 detection heuristics are LOCKED simple. Shadow Authority and Undocumented Delegation use "phantom granter / phantom delegator" matching — a principal who never received any scope. This catches the clear cases; semantic scope-derivation (e.g. delegate_reviewrecommend_credit) is intentionally NOT flagged. That nuance is a v2 concern.
  2. Policy Bypass detects unregistered policy_ids only. A decision citing a policy_id that was registered but DEPRECATED at decision time is not yet flagged. v2 territory.
  3. Responsibility Drift requires a responsibility chain. Decisions without an attached chain are not checked.
  4. The detector reports facts, not judgment. A gap is a fact; whether it represents fraud, error, emergency, or undocumented business reality is determined by the Risk Committee.
  5. Policy ≠ Reality. The money quote.

11Evidence appendix

FieldValue
Demo tenanttenant_reality_gap_demo_44962d9b-25f5-5622-bd9a-98d5580bb8a2
Demo tenant rootprinc_root_reality_gap_demo_44962d9b-25f5-5622-bd9a-98d5580bb8a2
Demo events seeded17 (5 legitimate baseline + 12 planted gap events)
Demo total gaps12
Shadow Authority3
Undocumented Delegation4
Policy Bypass2
Responsibility Drift3
Canonical continuity tenanttenant_insurance_claim_44962d9b-25f5-5622-bd9a-98d5580bb8a2 (untouched)
Canonical continuity tenant gaps0 (clean baseline)
SchemaRealityGap struct + RealityGapReport in src/agent_zero/astate.rs (no new event kinds)
Reconstruction artifactreconstruction.json
Harnesstests/reality_gap_detection_001.rs (scif-backend @ 6d2825f06)

12Readiness determination

Determination

First Reality Gap Detection: PROVEN IN OPERATION. The locked four-class detection engine returns Eric's example output exactly on the demo tenant (12 gaps in the 3/4/2/3 split) and 0 gaps on the canonical continuity tenant. All prior canonical-continuity proofs (#15 / #16 / #174 / #184 / #167) verified byte-identical state_ids under the extended schema.

What this unlocks: an Internal Audit team, CISO, or Risk Committee can now ask "What changed without authorization?" and receive a deterministic, signed, structurally-grounded answer. Engineering order Eric LOCKED: detection engine ✓ shipped here; report ✓ shipped here; dashboard is post-v1. "If the report is good enough, people will pay before the dashboard exists."

What this does not unlock: fault determinations, intent attributions, or correctness verdicts. Those remain Risk Committee / legal territory. Policy ≠ Reality.

Issued by H33, Inc. · Eric Beans, CEO · 2026-06-03

Independently reconstructable. Inputs: scif-backend @ 6d2825f06 · tests/reality_gap_detection_001.rs · reconstruction.json.