H33  ·  verify-the-story  ·  playground  ·  v0.4

Verify a story in your browser.
No server. No daemon. No trust required.

Drop a replay bundle or a signed verification report. Both get checked locally — the bundle by the same Rust verifier the CLI runs (compiled to WebAssembly), the signed report by a standards-conformant ML-DSA-65 signature check in pure JS. Zero network calls after this page loads.

Trust boundary: Replay verification runs in WebAssembly — the exact same Rust core that drives h33-replay-verify. Signed-transcript verification runs in JavaScript against the published ML-DSA public key embedded in each transcript; any FIPS-204-conformant verifier produces the same answer.
Drop a replay bundle or signed report JSON file here
…or click to choose. Or paste JSON below.

What this proves

Replay bundle (WASM)

Same 10-check protocol as h33-replay-verify. Schema parses, timeline orders, every chain hash recomputes, frame refs resolve, continuity is consistent, no orphans, hash algorithms recognized, no cross-tenant rows, substrate bindings recompute. Bundle is bit-identical to what H33 recorded at export time.

Signed report (JS)

ML-DSA-65 (FIPS 204) detached signature over the embedded canonical payload, verified locally against the public key shipped inside the transcript. Confirms a specific verifier identity (by SHA3-256 fingerprint) ran vverifier_version against a specific bundle hash at a specific time and produced exactly the stated per-check verdicts.

What this does NOT prove

Completeness

A bundle may be a truthful subset (e.g., date-range export). PASS does not assert "this is every event the case ever had."

Receipt validity

The 74-byte H33 receipts inside the bundle are validated by h33-verify, not the replay verifier. Use both for full coverage.

On-chain anchor

If the bundle was anchored to Polygon / Bitcoin / Solana, this playground does not look up the anchor transaction. Pair with the chain-specific verifier.

Verifier identity

A signed transcript proves some verifier with this public-key fingerprint produced this verdict. Whether that fingerprint belongs to whom you think it does is established out of band (allow-list, registry).

Run it yourself in the terminal

This playground is a thin wrapper. The same Rust core ships as a CLI — install once, verify anywhere:

$ curl -L -o h33-replay-verify https://h33.ai/dl/h33-replay-verify/v0.2.0/h33-replay-verify-v0.2.0-darwin-arm64
$ chmod +x h33-replay-verify
$ ./h33-replay-verify case-bundle.json --sign > signed-report.json
$ ./h33-replay-verify --verify-transcript signed-report.json
The verification layer should survive chain migrations, vendor changes, operator failure, and future infrastructure shifts.