Verification Walkthroughs

Version: 1.0.0
Status: Production
Last Updated: 2026-05-23
Editor: Eric Beans, H33.ai, Inc.
Canonical URL: https://h33.ai/verification/

1. Scope

This section provides six reproducible walkthroughs that demonstrate the HATS verifier's behavior against governance bundles in distinct states: valid, tampered, chain-broken, signature-invalid, and replay-deterministic. Each walkthrough specifies the exact JSON input, the CLI command to execute, the expected verifier output, and the verification logic that produces that output.

These walkthroughs are intended for implementors building independent verifiers, auditors validating HATS deployments, and operators performing acceptance testing. Each walkthrough is self-contained and can be executed against any conformant HATS verifier implementation.

2. Definitions

Governance Bundle: A JSON structure containing an ordered sequence of governance nodes, each representing an attested action within a session. Nodes are linked by predecessor hashes, forming a hash chain. The bundle is the unit of verification.
Verifier: An independent implementation that consumes a governance bundle and produces a deterministic verification result. A conformant verifier MUST produce identical output for identical input regardless of execution environment.
Verification Result: A structured output containing the overall status (VERIFIED, FAILED, CHAIN_BREAK), the number of nodes checked, per-node status, and, in failure cases, the specific node index and field that caused the failure.
Hash Chain: The sequence of SHA3-256 predecessor hashes linking consecutive governance nodes. Each node's predecessor_hash field contains the SHA3-256 digest of the preceding node's canonical serialization. The first node's predecessor hash is the null hash (32 zero bytes).
Canonical Replay Frame: The deterministic byte representation of a governance node used as input to hash and signature computations. Field ordering, encoding, and whitespace normalization are defined in the HATS specification.
AND-Gate Verification: The requirement that all post-quantum signature families present in an attestation must independently verify. A single invalid family causes the entire attestation to fail. This is not a threshold scheme.

3. Walkthrough Index

The following walkthroughs cover the five primary verification scenarios. Each is a separate page with full JSON input, CLI commands, expected output, and detailed explanation.

3.1. Valid HATS Bundle Walkthrough

A complete valid governance bundle with 3 nodes. Step-by-step verification procedure producing a VERIFIED result. Demonstrates correct hash chain linking, signature verification across three PQ families, and temporal ordering validation.

Expected: VERIFIED (3/3 nodes)

3.2. Tampered Receipt Detection

A valid bundle with one node's action_type field modified after signing. Demonstrates hash mismatch detection: the verifier identifies the specific node and field that diverged from the signed content.

Expected: FAILED at node 2

3.3. Broken Chain Detection

A bundle with a deleted node producing a gap in the predecessor chain. The verifier detects the chain discontinuity by comparing the expected predecessor hash against the actual preceding node's digest.

Expected: CHAIN_BREAK at position 2

3.4. Invalid PQ Signature Detection

A bundle containing a corrupted ML-DSA-65 signature on one node while FALCON-512 and SLH-DSA remain valid. Demonstrates the AND-gate requirement: one invalid family invalidates the entire attestation.

Expected: FAILED (ML-DSA-65 invalid, node 1)

3.5. Replay Determinism Verification

The same bundle replayed at the same timestamp across 100 iterations. Demonstrates byte-identical frame hash output. Confirms that the verifier is a pure function of its inputs with zero environmental dependency.

Expected: 100/100 deterministic (100.0%)

4. Prerequisites

All walkthroughs assume the HATS Verifier CLI is installed and available on the system PATH. The CLI is distributed as a statically-linked binary for Linux (x86_64, aarch64) and macOS (Apple Silicon).

Install the verifier: brew install h33ai-postquantum/tap/hats-verifier (macOS) or download from the H33 GitHub releases.
Verify installation: hats version should print the verifier version and linked cryptographic library versions.
All JSON inputs in these walkthroughs use the HATS Governance Bundle Schema v1.0. Schema validation is performed by the verifier before cryptographic checks.

5. Reproducibility

Each walkthrough specifies exact JSON inputs and expected outputs. A conformant verifier implementation MUST produce byte-identical output for the same input. The SHA3-256 digests and verification results in these walkthroughs serve as conformance test vectors.

If your verifier produces different output for any walkthrough input, the implementation is non-conformant. See the Conformance Suite for the full test vector set.

Related Specifications & Resources

H33-74 Specification Conformance Suite HATS Standard Conformance Vectors Benchmarks Verifier CLI