A Companion to Deterministic Verification — 2026

Counterparty Guide

AI-Assisted Deterministic Verification of Settlement Packets

This guide provides instructions for using advanced large language models with code-execution capabilities to independently audit and verify Sovrient settlement packets.

Security Note: Only upload settlement artifacts to approved, enterprise-tier AI tenants with zero-data-retention agreements if the packet contains confidential or proprietary data.

VERSION: 1.1 · LAST UPDATED: 2026-03-02 UTC · PATH: /docs/counterparty-guide

Theoretical foundation: Deterministic Verification — On the Canonical Property of Conformant Verifiers

I
Pre-Execution Warning
“The manifest knows no aliases; it knows only paths.”

Do not modify archive contents or internal paths. Preserve distributed filenames unless your verifier explicitly remaps sidecars.

While renaming the outer upload file may be permissible depending on your toolchain, renaming any in-packet path will instantly break the SHA256SUMS.txt manifest and the specification path bindings, triggering an immediate Fail-Closed state.

Boundary: outer archive filename → mutable (toolchain-dependent). Inner paths referenced by SHA256SUMS.txt and verification_spec → immutable. Violation → deterministic FAIL, not undefined.
II
Gather the Artifacts
“Download the specific operational artifacts for the target date.”
Artifact 1 — Required

The Packet Archive

nonsovi_packet_public_<DATE>.tgz

The compressed settlement packet containing all claims, manifests, and measurement artifacts for the target date. Example: nonsovi_packet_public_2026-02-27.tgz

Artifact 2 — Required

The Sidecar Hash

nonsovi_packet_public_<DATE>.tgz.sha256

Cryptographic integrity sidecar. The SHA-256 digest of the packet archive, used to verify anchorage before extraction.

Artifact 3 — Required

The Verification Specification

verification_spec_v1.json

Machine-readable specification defining must_checks, field schemas, and terminal-state adjudication rules.

Artifact 4 — Required if Profile Separate

The Verification Profile

VERIFICATION_PROFILE_V1.md

Required if your flow separates the spec and profile. The mode policy and boundaries live here. The AI evaluator needs this to know which terminal states are permitted for the declared verifier_mode.

III
The Golden Prompt
“Upload, execute, adjudicate.”

Upload the artifacts to your chosen frontier model (e.g., Gemini Advanced, ChatGPT Plus, Claude Opus). Ensure the model’s code-execution sandbox is enabled. Copy and paste the following prompt exactly as written, replacing <MODE> with the applicable mode (e.g., public_packet or intraday_delta).

You are an adversarial cryptographic auditor. Your objective is to evaluate the attached Sovrient settlement packet against the attached verification specification and profile. You must operate as a strict, stateless fail-closed deterministic verifier. You know no opinion; you know only bytes. 

Execution Directives:

1. No Oracle Calls:
   You must strictly evaluate the local, uploaded bytes.
   Do not make external network calls to resolve
   dependencies or fetch keys during this audit.

2. Code Execution Only:
   Do not guess or hallucinate. You must execute the included
   verifier tooling when provided (e.g., Python/Rust), or
   write and run an equivalent deterministic script in sandbox.

3. Verify Anchorage:
   Calculate the SHA-256 hash of the .tgz archive and
   assert that it perfectly matches the declared string
   in the .sha256 sidecar.

4. Archive Safety Gate First:
   Run bounded-extract checks in archive-scan-only mode before
   extraction. If archive safety fails, emit FAIL immediately.

5. Verify Manifest:
   Only after archive-scan PASS, extract the archive and
   validate every file against internal SHA256SUMS.txt.

6. Execute Spec:
   Evaluate the extracted JSON payloads strictly against
   the must_checks defined in the verification specification.

Output exactly one session outcome. If execution cannot start because required bytes or tooling are unavailable, emit ENVIRONMENTAL_BLOCKER (pre-execution; no terminal state). Otherwise, emit exactly one terminal state allowed by the uploaded spec/profile for the declared verifier_mode=<MODE>. Precedence order, highest to lowest:

Precedence Outcome Condition
1 (highest) ENVIRONMENTAL_BLOCKER Pre-execution blocker: required inputs or execution tooling unavailable (evaluation did not run)
2 FAIL Any MUST check failure, signature mismatch, or chronology violation
3 HOLD / INPUT_UNAVAILABLE Only if spec/profile explicitly allows for this mode and exact criteria are met
4 (lowest) PASS All MUST checks pass seamlessly

Precedence is strict. ENVIRONMENTAL_BLOCKER is pre-execution only; otherwise the output must be a terminal state from spec/profile policy.

  1. Session Outcome. Emit ENVIRONMENTAL_BLOCKER only for pre-execution blockers. Otherwise emit one terminal state allowed for the declared verifier_mode.
  2. Check Matrix. Provide a table keyed explicitly to the spec’s must_checks IDs, with the status (PASS / FAIL / NOT_EVALUATED / N/A) and the exact byte or JSON field path used as evidence. Use NOT_EVALUATED for checks not reached due to a prior blocker condition. Use N/A for checks not applicable to the declared verifier_mode.
  3. Raw Execution Log. You must print the exact script and/or verifier command(s) executed, followed immediately by raw STDOUT/STDERR. No paraphrasing. No summarizing. The raw log is the evidence.
IV
Verify the Verifier
“Do not blindly trust the AI’s narrative summary.”

Review the Raw Execution Log provided at the end of the AI’s response. The narrative text preceding it is the model’s interpretation. The log is the computation.

Your internal engineering team can run the included verifier(s), or copy the executed script, against the same artifacts to guarantee that the deterministic terminal state is reproducible outside of the AI’s sandbox.

This is the confluence property in practice: if the verifier logic is deterministic and the inputs are identical, the terminal state must be identical—regardless of where it executes. The AI is one verifier. Your local machine is another. If they disagree, investigate.

For the theoretical foundation of this property, see Deterministic Verification — On the Canonical Property of Conformant Verifiers.

“You know no opinion; you know only bytes.”
A state machine manual for counterparties who verify rather than trust.