# Independent Verification Attestation > **Verifier:** _Your name, your organization, your role_ > **Date verified:** _YYYY-MM-DD_ > **Kit version verified against:** 1.0 > **Subjects verified:** > - V101 first-proof (https://h33.ai/proofs/v101-first-operational-proof/) > - Regulator Replay #001 (https://h33.ai/proofs/regulator-replay-001/) > - Multi-Tenant Isolation #001 (https://h33.ai/proofs/first-multi-tenant-proof/) --- ## Method I followed the H33 Independent Verification Guide v1.0 (`/proofs/independent-verification-kit/VERIFICATION-GUIDE.md`). I performed the steps below independently, without H33's assistance during execution. --- ## Step-by-step findings ### Step 1 — Fetch the bundle - [ ] `bundle_id` matched expected value (`d9adcfb0-…`) - [ ] `schema` matched (`v101-bundle-v1.1`) - [ ] `creator_uuid` matched (`44962d9b-…`) - [ ] `h33_74_receipt.status` was `anchored` - [ ] `anchor_ref.chain` was `h33-substrate-v1` - [ ] `tx_reference` was 148 hex chars - [ ] `commitment_hex` was first 64 hex chars of `tx_reference` _Result:_ _PASS / FAIL / PARTIAL — describe._ ### Step 2 — Verify the SHA3-256 commitment - [ ] Recomputed SHA3-256 of the canonical JSON - [ ] Matched expected `ff770fc838fde707d91f35248946d6928b0a3a999dbd28a2906ce4f0274745e7` _Result:_ _PASS / FAIL — describe._ ### Step 3 — Verify Auth1 published the EdDSA public key - [ ] JWKS at `https://auth.h33.ai/.well-known/jwks.json` contained `kid-eddsa-prod-active-2026-06-01-d31134fbc177` - [ ] `kty` was `OKP`, `crv` was `Ed25519`, `alg` was `EdDSA` _Result:_ _PASS / FAIL — describe._ ### Step 4 (optional) — Verify a fresh Bearer's signature _Did you perform this step?_ _Yes / No_ If yes: - [ ] `alg = EdDSA` - [ ] `iss = https://auth.h33.ai` - [ ] `aud` was a published receipt-issuing audience - [ ] Signature verified against JWKS public key _Result:_ _PASS / FAIL / SKIPPED — describe._ ### Step 5 — Verify the 74-byte H33-74 receipt decomposition - [ ] `tx_reference` decomposed cleanly into `signing_message ‖ CompactReceipt` - [ ] `version` byte was `0x01` - [ ] `algorithm_flag` was `0x07` (all three families) - [ ] `verified_at_ms` was within issuance window _Result:_ _PASS / FAIL / PARTIAL — describe._ _Note:_ Per the guide, raw PQ signatures are summarized into the verification_hash; direct signature verification requires the `h33-verifier` binary (roadmap item #8). ### Step 6 — Regulator Replay determinism _Did H33 provide read access to `canonical_auth_events`?_ _Yes / No_ If yes: - [ ] Ran the harness at scif-backend SHA `d310d8134` - [ ] Captured `state_id`: _______________ - [ ] Matched expected `96a29047010a201dfa2a5254897a664ee2c20b9ac437406f61609f7144beae4a` _Result:_ _PASS / FAIL / SKIPPED — describe._ ### Step 7 — Multi-Tenant Isolation If yes: - [ ] Captured `state_id(A)`: _______________ - [ ] Captured `state_id(B)`: _______________ - [ ] Injection verdict was `ProvenanceBroken`, `active_grants = 0` _Result:_ _PASS / FAIL / SKIPPED — describe._ --- ## Findings ### Confirmed claims _List every claim verified end-to-end._ ### Gaps observed _List every claim that could not be verified (e.g., raw PQ signatures, source code, scale)._ ### Issues _List every value mismatch, every failed assertion, every concern._ --- ## Overall assessment _Choose one and explain in 2-4 sentences:_ - **Confirmed.** Every verified claim matched the expected value. - **Confirmed with gaps.** Most claims verified; some required additional access H33 has not yet published. - **Partial.** Some claims confirmed, some required follow-up. - **Not confirmed.** Material divergences observed; described above. --- ## Signature _Your signature mechanism here. PGP, Sigstore, S/MIME, corporate letterhead — your choice._ PGP example: ``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (full text of this attestation above) -----BEGIN PGP SIGNATURE----- (signature block) -----END PGP SIGNATURE----- ``` --- ## Permissions By signing this attestation you grant H33, Inc. permission to link to it from `/proofs/independent-verification-kit/` with attribution. You retain authorship and may publish the attestation on your own surface (LinkedIn, blog, GitHub, company site, etc.). H33 will publish negative findings unchanged. We will respond with the fix or the gap; we will not argue. --- *Template version 1.0 · 2026-06-02 · H33, Inc.*