H33
Reconstructed · June 2, 2026

Three years from now,
we can still tell you why.

Given the canonical event log and a target time T, the platform reconstructs the exact authority state that justified a past decision. Byte-identical. Deterministic. Every authority in the snapshot comes with a forensic reason.

View the reconstruction JSON The original V101 decision Markdown report
What was proven · 10-second read

Three claims, the same yardstick.

01
Authority can be reconstructed at any later time from canonical history.
02
Two replays of the same events at the same T produce a byte-identical state_id.
03
Every authority comes with a forensic explanation — included or excluded.
Reading any H33 proof · the six questions

Same six answers. Different scope. The reader recognizes the machine.

  1. 1What happened?

    At T = 1780359626000 the platform reconstructed the exact authority state that justified the V101 first-bundle decision — twice, byte-identically.

  2. 2Who had authority?

    Same chain as the V101 first proof: princ_customer_9 via auth_44962d9b-…_v101_export rooted at princ_root_v101_44962d9b-….

  3. 3How was authority reconstructed?

    Two independent calls to replay_until(events, T=1780359626000, …) against the canonical event log; result compared byte-for-byte.

  4. 4What state was produced?

    state_id = 96a29047…be4a, verdict Valid, zero excluded authorities, snapshot.verify_state_id() = true.

  5. 5What artifact was returned?

    snapshot.json — the reconstructed authority state at T plus per-authority forensic explanations (included/excluded with reason).

  6. 6How can a third party verify it?

    Run scif-backend tests/regulator_replay_001.rs at SHA d310d8134 against the canonical event log; expect identical state_id. Any other value is a divergence.

01Problem

A regulator, auditor, fund administrator, or insurer asks the question that defines their job: "Three years from now, can I independently reconstruct why this decision happened?"

Most platforms record a decision and then trust the database. H33 reconstructs it. Given the same canonical event log and the same target T, the platform deterministically rebuilds the authority state that existed at T. Same events, same T, byte-identical state_id. That capability is the one regulated buyers actually pay for. This proof exercises it against the V101 first-bundle decision.

02The reconstructed state_id

Reconstructed authority state_id at T = 1780359626000
96a29047010a201dfa2a5254897a664ee2c20b9ac437406f61609f7144beae4a
Determinism check: r1 == r2 == this value · Self-consistency: snapshot.verify_state_id() = true

This 64-hex string is the cryptographic summary of every active authority at the moment the V101 first-bundle was issued. Recompute it from the same canonical event log and the same T — you get the same string. Recompute it tomorrow, next year, three years from now — same string. That's the proof.

03Active authority at T

FieldReconstructed value
authority_idauth_44962d9b-25f5-5622-bd9a-98d5580bb8a2_v101_export
granted_byprinc_root_v101_44962d9b-25f5-5622-bd9a-98d5580bb8a2
granted_toprinc_customer_9
effective_expiry_at_ms1811825726633 (2027-03-27 UTC)
policy_basispol_v101_exporter_v1
scope (on source event)["export_content_bundle"]

Per-authority explanation (forensic field)

Every authority in the snapshot ships with a one-sentence inclusion reason. Every authority excluded from the snapshot ships with an exclusion reason. The reader does not have to ask "why?" — the snapshot tells them.

{
  "authority_id": "auth_44962d9b-…_v101_export",
  "included": true,
  "reason": "Granted by princ_root_v101_44962d9b-… to princ_customer_9;
             policy pol_v101_exporter_v1; chain to root verified."
}

The full reconstruction artifact: snapshot.json.

04Why this is different

Most "audit trail" systems store rows in a database and trust that the database will return them when asked. That's a record-keeping claim, not a reconstruction claim. Three years later the database has been migrated, the table schema has evolved, the row order has changed, the indexer has been replaced.

H33's authority replay is a function of the canonical event log alone. The function is deterministic. The function is pure. The function does not depend on database row order, on index health, on the schema version. The same events plus the same T always produce the same state_id. Three years from now, six years from now — that's still true. The only way to break the claim is to lose the canonical event log itself, which is what disaster-recovery proof (Proof #7) exists to address.

05Independent reconstruction

A third party with the following can reproduce this proof and verify the state_id matches:

H33_TEST_PG_URL='postgres://…?sslmode=require' \
  cargo test --test regulator_replay_001 -- --ignored --nocapture

Expected state_id: 96a29047010a201dfa2a5254897a664ee2c20b9ac437406f61609f7144beae4a. Any other value is a divergence — either in the third party's event log, their environment, or the replay engine version. The harness emits the full reconstruction JSON to a file path of the operator's choosing.

06Known limitations

  1. One decision, one tenant. Reconstructs the state behind bundle d9adcfb0-… for tenant tenant_v101_44962d9b-…. Arbitrary T for arbitrary tenants is not yet exhaustively tested.
  2. No third-party reconstruction yet. Two replays were run by the same process against the same database. Proof #4 (Independent Verification) closes this by having an external party re-run.
  3. AuthEvent.signature not verified at replay ingestion. Source events ARE signed with production keys; replay treats signatures as opaque metadata. Phase E (locked).
  4. Not tested across an upgrade. Determinism within SHA d310d8134. Cross-version determinism is a separate claim.
  5. Anchor preservation not proven. Reconstructing state_id does not yet re-derive the original commitment_hex of a fresh receipt issued at T. That's a subproof of #7.

07Evidence appendix

FieldValue
Reconstruction state_id96a29047010a201dfa2a5254897a664ee2c20b9ac437406f61609f7144beae4a
Replay-until T (ms)1780359626000 (2026-06-02T00:20:26Z UTC)
Tenant IDtenant_v101_44962d9b-25f5-5622-bd9a-98d5580bb8a2
Tenant rootprinc_root_v101_44962d9b-25f5-5622-bd9a-98d5580bb8a2
Source Grant event at_ms1780289726633
Source PolicyRegister at_ms1780289725633
Original V101 bundled9adcfb0-…692b ↗
Original commitment_hexff770fc838fde707d91f35248946d6928b0a3a999dbd28a2906ce4f0274745e7
Original anchor chainh33-substrate-v1
Reconstruction JSONsnapshot.json
Harness sourcetests/regulator_replay_001.rs (scif-backend @ d310d8134)

08Deployment commit SHAs

ComponentSHA
scif-backend (harness)d310d8134 — proof(canonical-auth): #2 Regulator Replay reconstruction test
scif-backend (runtime)99756176c — fix(canonical-auth): background JWKS refresh
auth1 (deployed)2f49d0a — Auth1 Phase 2 canonical-token endpoint
V101 (deployed)68034b1 — V101 Content Bundle endpoint

09Readiness determination

Determination

Regulator Replay: PROVEN IN OPERATION for one decision, one tenant, deterministic at the moment of issuance.

What this unlocks: regulator, auditor, fund-administrator, and insurer conversations can move from "we record decisions" to "we reconstruct decisions, byte-identical, at any later time, with forensic-grade explanations." The artifact (snapshot.json + the explanations field) is the regulator deliverable.

What this does not unlock: reconstruction across tenants (Proof #3), reconstruction by an external party (Proof #4), arbitrary-T-arbitrary-decision reconstruction, cross-version determinism, or post-restore reconstruction (Proof #7).

Strict wording

This is the first reconstruction proof. It is not "shipped." It is not "production-ready at scale." It is not "deployed for all customers." Every next reconstruction earns the same proof against the same yardstick. Determinism is a property; it gets tested, not advertised.

Issued by H33, Inc. · Eric Beans, CEO · 2026-06-02

Independently reconstructable. Inputs: the original V101 bundle · canonical event log access · harness at scif-backend @ d310d8134.