H33
Reconstructed · June 2, 2026

First Tokenized Asset Transfer
with Replayable Authority.

The same canonical-auth chain that produced the V101 first bundle reconstructs an approve_transfer authority for a tokenization tenant. Byte-identical determinism. Forensic explanations included. Same chain. Different use case.

View the reconstruction JSON The V101 first proof (same chain) Markdown report
Ondo Securitize Kinexys Transfer Agents Fund Administrators Regulated Transfer Brokers
What was proven · 10-second read

No new primitive. No new schema. Same chain, different use case.

01
The canonical-auth chain handles tokenized transfer authority with no new primitive.
02
The transfer approver's authority is reconstructable from the canonical event log, byte-identically.
03
A live transfer receipt would carry the same 74-byte H33-74 anchor as V101's first bundle.
Reading any H33 proof · the six questions

Same six answers. Different scope. The reader recognizes the machine.

  1. 1What happened?

    A tokenization tenant's approve_transfer authority was reconstructed deterministically from signed canonical events. Same chain as V101; different use case.

  2. 2Who had authority?

    princ_approver_001 via auth_e5f1d6f9-…_transfer_approval rooted at princ_root_tokenize_e5f1d6f9-….

  3. 3How was authority reconstructed?

    replay_until(events, T=1800000000000, tenant_tokenize_…, root) against the canonical event log signed with production three-PQ keys.

  4. 4What state was produced?

    state_id = cc0d4369…b9b3, verdict Valid, 1 active grant authorizing approve_transfer, 0 excluded authorities.

  5. 5What artifact was returned?

    reconstruction.json — snapshot, per-authority explanations, determinism check, live-anchor upgrade path.

  6. 6How can a third party verify it?

    Run scif-backend tests/tokenized_transfer_001.rs at SHA 4bd62815b against the canonical event log; expect identical state_id.

01The transfer workflow

Transfer chain · same canonical-auth substrate
Transfer request Authority chain Policy evaluation Approval Receipt H33-74 anchor 3-year replay

A tokenization platform — Ondo, Securitize, Kinexys, a transfer agent, a fund administrator — processes asset transfer requests every day. Each request requires an authorized approver to sign off. The platform records the approval. Three years later, a regulator asks: who approved this transfer, under what authority, against what policy, and can you reconstruct the answer from independently verifiable evidence?

Most platforms have a database row that says "Approver X approved at time Y." That's a record-keeping claim. H33 replaces that with reconstruction. Given the canonical event log and the moment of approval T, anyone can rebuild the authority state that justified the decision. Same chain, same yardstick, same forensic outputs as the V101 first proof — different use case.

02The reconstructed state_id

Tokenization tenant — reconstructed at T = 1800000000000
cc0d43699213235daf9454504cbb5de6d6fa8c0dc50500c96c31b3b553dba9b3
Determinism: r1 == r2 · Self-consistency: verify_state_id() = true · Verdict: Valid · Active grants: 1

03The transfer approval authority

FieldReconstructed value
authority_idauth_e5f1d6f9-d9f8-5f48-8d94-8a5f7253398a_transfer_approval
granted_byprinc_root_tokenize_e5f1d6f9-d9f8-5f48-8d94-8a5f7253398a
granted_toprinc_approver_001
effective_expiry_at_ms1811906586749 (≈ 2027-04-01 UTC)
capability (scope)["approve_transfer"]
policy_basispol_transfer_approval_v1

Forensic explanation

{
  "authority_id": "auth_e5f1d6f9-…_transfer_approval",
  "included": true,
  "reason": "Granted by princ_root_tokenize_e5f1d6f9-… to princ_approver_001;
             policy pol_transfer_approval_v1; chain to root verified."
}

The full reconstruction artifact: reconstruction.json.

04Why this matters for tokenization

Three years from now, a regulator asks "who approved this transfer?". With H33, the answer is reconstructable from the canonical event log alone — same approver principal, same authority grant, same policy basis, byte-identical state_id, every time. The platform does not have to trust its own database migration. The auditor does not have to trust the platform.

For tokenized assets specifically, this answers the four questions a regulator most cares about:

05Live anchor (pending operator action)

Status

Reconstruction-only currently. No live receipt has been issued via the V101 bundle-issue endpoint against this tokenization tenant. The architecture is unchanged from the V101 first proof; the upgrade requires one operator action (Bearer minting for princ_approver_001) and one curl call.

The upgrade path:

  1. Auth1 mints a fresh EdDSA Bearer with sub = princ_approver_001, aud = substrate-receipts — standard 15-min canonical-token flow.
  2. The Bearer is presented to POST https://api.h33.ai/api/v1/h33-auth/v101-bundle-issue with the tokenization tenant ID, requested_capability = approve_transfer, and a transfer-flavored decision_description (asset ID, holder, recipient).
  3. H33SubstrateAnchorSink produces a 74-byte H33-74 receipt over the IssuedReceipt commitment — the same format and the same anchor chain (h33-substrate-v1) as V101's first bundle.

The receipt would carry authority_id = auth_e5f1d6f9-…_transfer_approval, policy_basis = pol_transfer_approval_v1, and a source_jti tying the receipt to the approver's specific Bearer. Anchored. Reconstructable three years later.

06Known limitations

  1. Reconstruction-only, not live anchor. Authority is real, events are signed with production keys, reconstruction is byte-identical — but no live receipt issued yet. Live anchor earns its own promotion to "first-tokenized-transfer-anchored."
  2. Structural tokenization tenant, not a real platform. Ondo / Securitize / Kinexys / a transfer agent has not yet integrated. When the first one does, this proof gets superseded by "first-real-tokenization-platform-transfer."
  3. One transfer scenario, not a corpus. Single grant, single approver, single policy. Multi-approver flows, quorum approvals, limits-based escalation are not yet tested.
  4. No transfer-instance receipt schema. Receipt format is the generic IssuedReceipt; tokenization platforms may want richer wrapping (asset ID, settlement reference). That belongs in a v2 spec.
  5. AuthEvent.signature not verified at replay ingestion (Phase E lock).

07Evidence appendix

FieldValue
state_idcc0d43699213235daf9454504cbb5de6d6fa8c0dc50500c96c31b3b553dba9b3
Replay-until T (ms)1800000000000
Tenant IDtenant_tokenize_e5f1d6f9-d9f8-5f48-8d94-8a5f7253398a
Tenant rootprinc_root_tokenize_e5f1d6f9-d9f8-5f48-8d94-8a5f7253398a
Approver principalprinc_approver_001
Authority IDauth_e5f1d6f9-…_transfer_approval
Policy IDpol_transfer_approval_v1
Capabilityapprove_transfer
Source policy_register at_ms1780370585749
Source grant at_ms1780370586749
Grant effective_expiry_at_ms1811906586749
creator_uuid derivationuuid5(NS_H33_CREATORS_V1, "88001") = e5f1d6f9-…
Reconstruction artifactreconstruction.json
Harnesstests/tokenized_transfer_001.rs (scif-backend @ 4bd62815b)
Upstream proof (same chain)V101 first proof

08Deployment commit SHAs

ComponentSHA
scif-backend (tokenized-transfer harness)4bd62815b — proof(canonical-auth): #5 First Tokenized Asset Transfer reconstruction test
scif-backend (runtime)99756176c — fix(canonical-auth): background JWKS refresh
auth1 (deployed)2f49d0a — Auth1 Phase 2 canonical-token endpoint
V101 (deployed)68034b1 — V101 Content Bundle endpoint (handles transfer-flavored decision_description)

09Readiness determination

Determination

First Tokenized Asset Transfer (reconstruction): PROVEN IN OPERATION for one structural tokenization tenant; live anchor pending operator-side Bearer mint.

What this unlocks: conversations with Ondo, Securitize, Kinexys, transfer agents, fund administrators, and regulators about whether the canonical-auth chain handles their transfer-approval flow. The answer is the reconstruction artifact. Live anchor follows in one operator step.

What this does not unlock: a claim that any production tokenization platform has integrated; a claim that the chain handles multi-approver / quorum / corridor flows; a claim that transfer-instance schemas are finalized.

Strict wording

Tokenization tenant here is structural, not a real platform. When the first tokenization platform integrates, this proof gets superseded by first-real-tokenization-platform-transfer against their real customers. The reconstruction property being proven is structural; promotion to a real-platform proof earns its own yardstick.

Issued by H33, Inc. · Eric Beans, CEO · 2026-06-02

Independently reconstructable. Inputs: V101 first proof · canonical event log access · harness at scif-backend @ 4bd62815b.