Every system tells a story after something happens.
H33 makes that story independently verifiable.

▶ verify a bundle in your browser — no install

$ h33-verify receipt.json $ h33-replay-verify case-bundle.json

PASS — exit 0 — all 10 checks passed

schema_parse schema v0.1 + metadata consistent
timeline_ordering ordering OK across 3 entries
receipt_commitments chain integrity OK across 2 action entries
frame_refs_resolve all frame refs resolve across 1 frames
continuity_consistency continuity_hash matches
no_orphans no orphans
hash_algorithms_known verifier refs all recognized
same_scope_isolation all rows same-tenant + same-case
substrate_bindings bindings recompute correctly
merkle_roots (skipped — provide --payloads for full check)

⬇ h33-replay-verify v0.2.0 — macOS Apple Silicon ⬇ example case-bundle.json ⬇ example signed-report.json

What PASS proves

The bundle is internally consistent. Every hash, every chain reference, every scope boundary recomputes correctly. The case story is bit-identical to what H33 recorded at export time. Tenant isolation is structurally enforced within the bundle — no cross-tenant rows.

What PASS does NOT prove

Completeness

A bundle may be a truthful subset (e.g., a date-range export). PASS does not assert "this is every event the case ever had."

Signature validity

The 74-byte H33 receipts are validated by h33-verify, not h33-replay-verify. Use both for full coverage.

On-chain anchor

If the bundle was anchored to Polygon / Bitcoin / Solana, this verifier does not look up the anchor transaction. Pair with the chain-specific verifier.

Time of attestation

Timestamps are checked for monotonicity but not against a trusted clock. For time-anchored proofs, pair with an attestation-time service.

How it works

The verifier reads a JSON bundle, runs ten deterministic checks, and writes a JSON report. No network calls. No daemon. No trust in H33. Two invocations against the same input produce byte-identical reports.

# Single-shot verification $ h33-replay-verify case-bundle.json $ echo $? 0 # Full audit mode (Merkle root recompute on sealed payloads) $ h33-replay-verify case-bundle.json --payloads ./blobs/ --strict # Pipe verdict into jq for tooling $ h33-replay-verify case-bundle.json | jq '.checks[] | select(.passed == false)'

Sign the verdict — verifiable operational evidence

PASS is a verdict. A signed PASS is institutional evidence. Pass --sign and the verifier wraps its verdict in an ML-DSA-65 signature bound to a persistent verifier identity. Any third party — a regulator, an auditor, an opposing counterparty — can verify that signature offline with any conformant ML-DSA-65 library. No H33 in the loop. No trust required in our distribution channel.

# First run auto-creates an ML-DSA-65 identity in ~/.h33-replay-verify/keys/ $ h33-replay-verify case-bundle.json --sign > signed-report.json # Anyone, anywhere, verifies the signed verdict offline: $ h33-replay-verify --verify-transcript signed-report.json # Plus bundle cross-check — confirms the transcript describes THIS exact bundle $ h33-replay-verify case-bundle.json --verify-transcript signed-report.json

SIGNED VERDICT — exit 0 — ML-DSA-65 (NIST Level 3) — bundle hash matches

verifier_public_key_fingerprint_hex d07f1f6d…ebc2a71711
bundle_sha3_256_hex …matches the file you have in hand
verifier_version 0.2.0
passed true (10/10 checks)
signed_at 2026-05-26T12:34:56Z
signature_algorithm ML-DSA-65 (FIPS 204)

Operators wanting institutional trust register their verifier's public-key fingerprint with relying parties out of band — the fingerprint is printed on every signed transcript and is stable across runs. Relying parties enforce an allow-list. The trust model is the verifier identity, not the distribution channel.

Full envelope spec: docs/specs/h33-signed-verify-report-v0.1.md

Try it now

The two downloads above are everything you need: the macOS Apple Silicon binary + a real exported case bundle.

$ curl -L -o h33-replay-verify https://h33.ai/dl/h33-replay-verify/v0.2.0/h33-replay-verify-v0.2.0-darwin-arm64 $ curl -L -o case-bundle.json https://h33.ai/dl/h33-replay-verify/v0.2.0/example-case-bundle.json $ chmod +x h33-replay-verify $ ./h33-replay-verify case-bundle.json # expect: exit 0, JSON report with passed=true

For Linux / Windows, install from source while pre-builts are pending:

$ cargo install --git https://gitlab.com/drata5764111/h33/scif-backend.git --bin h33-replay-verify

Two layers, one story

h33-verify — the atom

Verifies a single 74-byte H33 receipt. Confirms the post-quantum signature bundle (ML-DSA + FALCON + SLH-DSA) over a specific computation. One receipt, one cryptographic proof.

h33-replay-verify — the story

Verifies a case bundle: timeline, chain hashes, replay frames, substrate bindings, tenant isolation. Ten deterministic checks across the whole operational history.

Read the spec

Full v0.1 specification: docs/specs/h33-replay-bundle-v0.1.md · 13 sections, deterministic verification algorithm, the 10 checks defined precisely, what PASS proves and does not prove.

Why this matters

AI agents act. Insurers pay claims. Regulators audit. Autonomous systems make decisions. Every one of these eventually produces a question: what actually happened, and can I prove it without trusting the operator?

The answer used to be logs. Logs require trust. The new answer is replayable evidence: a downloadable bundle anyone can verify offline, with a deterministic algorithm and no operator dependency. That's the layer this binary represents.

Every system tells a story after something happens.H33 makes that story independently verifiable.