26 canonical test vectors. Frozen format. Cross-language parity. Independent verification without H33 infrastructure. Reproduce our outputs byte-for-byte, or build your own verifier from scratch.
HATS is a publicly available technical conformance standard for continuous AI trustworthiness; certification under HATS provides independently verifiable evidence that a system satisfies the standard's defined controls. The conformance suite makes that verification machine-testable.
Every vector includes: input bundle, expected output, transcript hash, replay integrity classification, and requirement references. No ambiguity. No interpretation.
HATS capability profiles define progressive levels of protocol support. Each tier includes all capabilities of the tiers below it. Implementations declare which profile they target.
Basic governance graph construction and receipt verification. The minimum viable HATS implementation.
Adds deterministic replay with frame hash matching. Required for audit-grade verification.
Adds policy enforcement and severity level classification. Required for compliance-critical deployments.
Adds cross-domain quorum verification. Required for multi-organization governance topologies.
Adds AI agent lineage tracking and model attestation. Required for AI trustworthiness certification.
Every vector is a self-contained JSON file with input, expected output, and metadata. Grouped by verification domain.
| Vector ID | Description | Profile |
|---|---|---|
| Graph Verification | ||
HATS-TV-001 | Minimal valid governance graph with single policy node | Core |
HATS-TV-002 | Multi-node governance graph with sequential policy chain | Core |
HATS-TV-003 | Governance graph with branching policy hierarchy | Core |
HATS-TV-004 | Receipt verification with valid governance receipt | Core |
HATS-TV-005 | Transcript hash derivation from canonical field ordering | Core |
HATS-TV-006 | Graph verification with expired policy node | Core |
HATS-TV-007 | Domain separator isolation across governance boundaries | Core |
| Replay Determinism | ||
HATS-TV-008 | Deterministic replay of valid governance frame | Replay |
HATS-TV-009 | Frame hash matching across independent verifier runs | Replay |
HATS-TV-010 | Canonical replay frame construction with ordered fields | Replay |
HATS-TV-011 | Replay integrity classification: deterministic pass | Replay |
HATS-TV-012 | Replay integrity classification: deterministic rejection | Replay |
HATS-TV-013 | Multi-frame sequential replay with chained hashes | Replay |
HATS-TV-014 | Policy enforcement with severity level: critical | Enforcement |
HATS-TV-015 | Policy enforcement with severity level: warning | Enforcement |
HATS-TV-016 | Requirement reference binding in rejection output | Enforcement |
HATS-TV-017 | Cross-domain quorum verification: 3-of-5 threshold | Federation |
HATS-TV-018 | Cross-domain quorum verification: threshold not met | Federation |
HATS-TV-019 | AI agent lineage graph with model attestation | AI-Gov |
| Error Handling | ||
HATS-TV-020 | Malformed governance graph: missing root node | Core |
HATS-TV-021 | Invalid receipt signature: tampered governance receipt | Core |
HATS-TV-022 | Transcript hash mismatch: field ordering violation | Core |
HATS-TV-023 | Expired policy enforcement with structured rejection | Enforcement |
| Edge Cases | ||
HATS-TV-024 | Maximum-depth governance graph (256 nodes) | Core |
HATS-TV-025 | Empty policy set with valid governance structure | Core |
HATS-TV-026 | Concurrent replay frames with independent transcript derivation | Replay |
Run the reference verifier against any HATS bundle. Three ways to get started.
$ cargo install hats-verifier
$ hats verify bundle.json
$ docker run h33/hats-verifier verify bundle.json
# .github/workflows/hats-verify.yml
name: HATS Conformance
on: [push, pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install hats-verifier
run: cargo install hats-verifier
- name: Run conformance suite
run: hats verify --suite vectors/ --profile core
HATS Conformance Suite v1.0
Profile: core
Vectors: 26/26
PASS HATS-TV-001 Minimal valid governance graph
PASS HATS-TV-002 Multi-node governance graph
PASS HATS-TV-003 Branching policy hierarchy
...
PASS HATS-TV-026 Concurrent replay frames
Result: 26/26 PASS
Transcript: a3f8c1d2e4b5...
Status: CONFORMANT
The conformance suite is designed for independent reimplementation. No H33 SDK required. No proprietary runtime. Just JSON vectors and deterministic expected outputs.
The reference implementation is Rust. But HATS conformance is defined by outputs, not by implementation. If your verifier produces byte-identical results for all 26 vectors, it is conformant.
| Language | Implementation | Vectors | Status |
|---|---|---|---|
| Rust | H33 Reference | 26/26 | Reference |
| TypeScript | hats-verify-ts | 26/26 | Conformant |
| Python | hats-verify-py | 26/26 | Conformant |
| Go | hats-verify-go | 19/26 | In Progress |
| Your language | — | — | Register |
Contact standard@h33.ai to register your implementation for the compatibility matrix.
Published test vectors are permanent. This is a binding commitment to implementations that depend on deterministic expected outputs.
| Change Type | v1.x Policy |
|---|---|
| Add new test vector | Allowed |
| Modify existing vector input | Forbidden |
| Modify existing vector output | Forbidden |
| Rename vector ID | Forbidden |
| Remove vector from suite | Forbidden |
| Change transcript derivation | Breaking (v2 required) |
| Change hash algorithm | Breaking (v2 required) |
| Add optional metadata fields | Allowed |
HATS conformance is defined by outputs, not by code. The reference implementation is Rust, but any language that produces byte-identical results for all 26 canonical vectors is equally conformant. No SDK dependency. No runtime requirement. No vendor lock-in.
The test vector format is portable JSON. Every vector contains its own expected output, transcript hash, and replay integrity classification. Clone the repository, run the vectors against your implementation, and compare. That is the entire conformance process.
Clone the vectors. Run the reference implementation. Or build your own from scratch. The standard is the proof.