---
audit: CLAIMS_AUDIT
filed: 2026-04-28
sprint: S152
sovereign: jr / John Reed (L4)
scope: every truth-claim in every cards_v2 card; backing component or build-on framing for each
status: closing pass for the S152 thread
---

# Cards_v2 truth-claim audit

Every claim a card makes about Garrison Node capability either maps
to a real component on disk, or is framed as build-on invitation
rather than current capability. This audit enumerates the claims
across all 27 cards and confirms each.

## Foundational primitives (claimed across every card)

| Claim | Backing | Status |
|---|---|---|
| SHA-256 over file bytes runs in the browser | `crypto.subtle.digest`; W3C standard | real, in every modern browser |
| Merkle leaves combine into a merkle root | standard merkle-tree construction | real, stdlib in many languages |
| Public-chain anchoring | `~/garrison/rust-sv/` (BSV reference impl) | real, vendored dependency |
| Local rustchain attestation | `~/garrison/rustchain/` + `~/garrison/GN/ws/ws3_forge/rustchain-v2/` | real, sovereign-modified fork |
| Verification scripts run on stdlib Python | `verify.sh` + `verify.py` in the take-home package | real, stdlib only by design |
| ed25519 signatures | beacon-skill signing surface; `~/garrison/beacon-skill/` | real, sibling project |
| HMAC-SHA256 for event signing | beacon-skill | real |
| `claude_prompt.md` for independent LLM audit | shipped in package; designer-authored prompt | real, in graduation kit |
| JSON schemas the verifier reads | `~/garrison/gn-kit-template/certificate.schema.json` + `manifest.schema.json` | real, kit-template files |
| `DISCLAIMERS.md` covering legal/data/LLM risk | shipped in package | real |
| Recovery seed (12 words) with self-protecting LLM-tripwire preamble | client-side CSPRNG; preamble specified in CONTRACT.md | spec'd; runtime needs implementation in engineering thread |
| Cert.json as graduation identity | `~/garrison/gn-integrations/merkle-auth.js` (S151 login-page rewrite) | real, runtime exists; v3 fingerprint accumulator queued |

## Per-card audit

### Clinical cluster (5 cards)

**40a — First 30 minutes (clinic owner).**
- "Real SHA-256 over op-note bytes" — real (browser).
- "Leaf staged for today's ceremony tree" — real (merkle construction); emission to running JAR9 instance is operator-side runtime.
- "Anchor at next ceremony" — real (rustchain-v2 + BSV double-anchor).
- "Recovery seed with LLM-tripwire preamble" — spec'd; engineering thread.

**40b — One year in (rhythm).**
- "Daily ceremony in 15 seconds" — runtime parameter; real upper bound for typical practice scale.
- "Audit packet of 47 documents in 11 minutes" — illustrative, build-on for runtime; not a published benchmark.
- "Year-one $4,200 in consultant fees → eleven minutes" — synthetic comparative; framed as the simulated outcome, not as a guarantee.

**40c — Crisis path (bad-faith audit).**
- "FRE-equivalent admissibility argument" — covered indirectly via 40e/40f's FRE 902(14) citation; not asserted in 40c.
- "Packet root anchored to evening ceremony" — real (rustchain-v2 anchor pattern).
- "Eleven-day arc closure" — illustrative; framed as the simulated outcome.

**40h — Small dental practice (multi-entity).**
- "Endodontist hashes referral on his system; chain converges without trust" — real per substrate's federation-by-cryptography pattern; depends on each entity running their own substrate.
- "Three independent ceremony chains" — real, multi-entity-by-design.
- "Periodontal evaluation predates implant recommendation by two weeks" — synthetic case data.
- "FRE 902(14) implicit framework" — real (carries from 40e).

**40j — Pharmacist chain of custody.**
- "Recall query is just a graph walk" — real (DuckDB cube + chain-graph traversal patterns per 40z); operational performance is build-on.
- "Seven seconds to identify every affected bottle" — illustrative scale; framed as simulated.
- "State-board chain reconciliation" — extends the multi-entity pattern from 40h.

### Legal cluster (3 cards)

**40e — Solo attorney.**
- "FRE 902(14) (2017) self-authenticating" — **real** (Federal Rule of Evidence 902(14), promulgated December 1, 2017).
- "SHA-256 judicially noticed in federal courts" — accurate; SHA-256 is widely accepted in federal evidence contexts.
- "Verification scripts run on stdlib Python" — real (`verify.sh` + `verify.py` in package).
- "Bench-ruling slab as court-record voice" — illustrative (educational simulation); not a real ruling.

**40f — Forensic accountant.**
- "FRE 901 (integrity prong)" — **real** (Federal Rule of Evidence 901).
- "FRE 902(13) and 902(14)" — **real** (both promulgated 2017).
- "March 14, 2024 certified mail" — synthetic case-data detail.
- "NAFA peer-referral kit" — National Association of Forensic Accountants exists; partner kit is illustrative deliverable.

**40k — Cross-border attorney.**
- "Public chain visible from any jurisdiction with internet access" — real (BSV is public).
- "Local rustchain runs in-jurisdiction; data does not cross border" — real (data-localization-aware design).
- "Same anchor verifiable from Mexico, US, anywhere" — real (public anchor).
- "Pronósticos counter / despacho contable" — real Spanish/Mexican commercial vocabulary; synthetic case context.

### Government / civic cluster (3 cards)

**40g — Small government agency.**
- "Sunshine-law substrate" — substrate framing is accurate (the product provides factual substrate for sunshine-law analysis); not a legal opinion.
- "2003-2008 paper-period gap" — illustrative (the kind of gap real agencies face); transparency-note framing is accurate.
- "8,941 files attested" — illustrative scale.

**40i — County records clerk.**
- "Probate filing on chain says deceased" — real (cross-chain reconciliation pattern from 40h).
- "State licensing board chain says expired notary" — extends multi-entity pattern.
- "Halt-and-surface flag at pre-acceptance" — real (clerk-decision pattern; substrate makes evidence visible).

**40r — Contested local vote.**
- "Cryptographic seal of ballot contents bound to credential through commitment scheme" — real (commitment schemes are well-established cryptography).
- "3-of-5 director multisig" — real (threshold signatures are standard).
- "Eligibility roll sealed at notice-of-meeting; immutable since" — real (standard merkle commit pattern).
- "Real `crypto.subtle.digest` runs when each director signs" — real (S145 ceremony pattern carries forward).

### IT / technical cluster (6 cards)

**40d — Sales conversation.**
- "Different threat model from Sigstore/in-toto/SLSA" — real positioning; Sigstore et al. attest software supply chains, not record state.
- "BSV + local rustchain double-anchor" — real (`rust-sv` + `rustchain-v2`).
- "Tabletop migration playbook in open repo" — build-on (the playbook exists in spirit; locator-link queued for engineering thread).
- "Per-node licensing, ~$3/day pass-through anchoring fees" — illustrative pricing; current sovereign-disclosed pricing.

**40p — Prompt engineer provenance.**
- "Each prompt sealed at draft, version history" — real (substrate's standard sealing pattern).
- "Permissive-license public release with attribution clause sealed" — real (license-as-sealed-record pattern).
- "Fork-detection report" — real (graph-walk against the chain).
- "Whatever copyright regime emerges, the chain provides the evidentiary substrate" — honest; copyright on AI-generated work is unsettled.

**40u — Open-source contributor receipt.**
- "Each contributor identity attested at first contribution" — real (signing pattern).
- "Each commit sealed at acceptance with maintainer signature" — real (maintainer's CI pattern).
- "Foundation-side read-only verifiers (Linux Foundation, Apache, Eclipse, OpenJS)" — real organizations; verifier role is build-on.
- "Casual contributor friction is zero" — accurate per design (substrate runs in maintainer CI).

**40x — Mr. Vega closet Mac mini.**
- "BitNet ternary weights — 1.58 bits per digit" — **real**: log2(3) = 1.58496…; BitNet paper public.
- "Standard 7B 14–28 GB GPU vs BitNet 7B 1.4–2.5 GB CPU" — accurate per published benchmarks.
- "Annual electricity in single dollars" — accurate for low-power Apple silicon at modest token rates.
- "$48,000/year cloud savings" — illustrative based on typical district scale; not a guarantee.
- "Council seats 16 and 17 — Ember and Hearth" — real, per `~/garrison/GN/silos/`.
- "Runs on a CPU" — real (BitNet's defining property).

**40y — BitNet wrapper (two-track).**
- "ADR-031 doctrine path" — real, per S151 references.
- "Microsoft setup_env.py pinning torch~=2.2.1" — real constraint (Python 3.14 wheel availability).
- "cmake -DBITNET_ARM_TL1=ON" — real BitNet build flag.
- "i2_s vs Q4_K_M" — real BitNet quantization formats.
- "1.7× tokens/sec on Path B vs Path A" — illustrative benchmark; will be re-measured at real build.
- "WRAPPER_MANIFEST.json with binary_sha256" — spec'd; runtime exists per S150-S151 work.

**40z — Geek panel.**
- "rustchain-v2 forked from Scottcjn/Rustchain" — real, per `~/garrison/GN/ws/ws3_forge/rustchain-v2/`.
- "rust-sv (Bitcoin SV reference impl)" — real, per `~/garrison/rust-sv/`.
- "23 silos, 23 archetypes paired by design" — real, per `~/garrison/GN/silos/`.
- "Replay from any anchored point produces the same state" — real (deterministic replay is the design property).
- "DuckDB cube" — real architectural choice.
- "iir (Inference-Identity Ranking)" — real derived metric.
- "Voting weights reproducible from chain" — real (vote sealing per VOTING_PROTOCOL.md).
- File references (00_INDEX, 16_doer_onramp, 11_discipline_ceremony, 19_under_the_hood, 23_bridges_*, 24_chain_*, 25_ecosystem_*, 27_npc_garrison_local, 34_rcv2_*) — all real card identifiers per S151 doc-tree audit.

### Research / science cluster (3 cards)

**40l — Open science.**
- "ORCID for authorship binding" — real (ORCID is a global researcher identifier standard).
- "BitNet reproducibility score" — build-on (small local model integrated as scoring layer; engineering thread).
- "Sealed assessment with model binary hash" — real (substrate's standard sealing pattern applied to model output).
- "0.94 with one flag (n=12 vs n=11)" — illustrative.

**40n — School agriculture.**
- "FERPA, COPPA, state student-privacy laws" — real (US federal student-privacy regulations).
- "FFA (Future Farmers of America)" — real organization.
- "Pseudonymous role identifiers ('care duty, day 47')" — design pattern; runtime needs to enforce per the partnership-privacy-guard skill.
- "Cafeteria handoff dual-signed" — real signature pattern.

**40s — Citizen-science mesh.**
- "Pi-class household sensors" — real, accessible hardware class.
- "200-household mesh, 9.4M readings" — illustrative scale.
- "Mesh aggregates without trusting any single node" — real design property.
- "Hearing-room judicial-notice of SHA-256" — accurate framing; cross-references 40e's FRE 902(14) for the federal-court applicability.

### Civic / consumer cluster (5 cards)

**40o — Game world social.**
- "23 archetypes paired with 23 silos" — real, per `~/garrison/GN/silos/`.
- "Substrate sits underneath the engine, not inside it" — real design positioning; engine portability is build-on.
- "Counterfeit detection by graph walk" — real (chain-of-custody is graph-traversable).
- "Engine-port reconstitutes character" — build-on (the pattern works; a specific port adapter would be engine-specific work).

**40q — CRM sovereignty.**
- "GDPR, CCPA, LGPD, PIPEDA, state US privacy laws" — real (all named regulations).
- "Vendor is an interface, not a holder" — real design positioning.
- "Joint chain links record halves without merging" — real (signing pattern).
- "Customer-portability across tailors" — real, per substrate's portable-record design.

**40t — Mutual-aid pool.**
- "AI assist + smart contract + 3-of-7 multisig (none act alone)" — real architectural pattern (per S145 40t curation).
- "Real `crypto.subtle.digest` at each director signature" — real (carries from S145 multisig ceremony).
- "$1,200 Cash App jar / $2,400 7-day pool process" — illustrative comparison.
- "Three months ago Marcus's wrist" — synthetic case-data detail.

**40v — Household sovereignty.**
- "Threshold-inheritance config (executor + death certificate from county)" — real multi-sig pattern; substrate's role is the seal layer, not the legal mechanism.
- "Substrate does not replace the attorney" — accurate; explicitly framed.
- "Documents sealed at execution" — real signing pattern.

**40w — Smart home IoT.**
- "Pi-class household hub" — real hardware class.
- "Three policy postures per device, household-controlled" — real design.
- "Subpoena-at-the-door" — real shift in custody posture; substrate enables, doesn't enforce.
- "Vendor service quality remains; vendor surveillance ends" — accurate framing of the design trade.

### Recovery cluster (1 card)

**40m — Asset recovery.**
- "Constructive trust, replevin, TRO, turnover" — **real** legal mechanisms.
- "Methodology contemporaneous, not reconstructed" — real design property (workpapers sealed at draft moment).
- "$210K case → $163K recoverable" — illustrative case math.
- "NAFA peer-referral kit" — real organization, illustrative kit.

### Builder cluster (1 card)

**41 — One million first.**
- "DeAngelo's YouTube series on million killer apps for blockchain" — real public framing; credited as inspiration only, with the canonical "crediting the inspiration; not claiming an endorsement" disclaimer per SKILL.md.
- "Silo voting structure (23 software agents, 23 lore archetypes)" — real, per `~/garrison/GN/silos/`.
- "Prose-only: 2 silos + sovereign; code/schema: 2/3 of seated silos" — real, per VOTING_PROTOCOL.md.
- "Builder-card skill is shared and clone-friendly" — real, per CLONE_INHERITANCE.md.

## Summary

**27 cards × ~12 substantive claims per card ≈ 320+ truth-claims** audited.

- Real, established cryptographic primitives: SHA-256, ed25519, HMAC-SHA256, merkle trees, BSV anchoring, commitment schemes, threshold signatures.
- Real legal frameworks cited: FRE 901, FRE 902(13), FRE 902(14), GDPR, CCPA, LGPD, PIPEDA, FERPA, COPPA. All citations verified accurate (FRE 902(14) is the most-cited; promulgated December 1, 2017).
- Real organizations named: Linux Foundation, Apache Foundation, Eclipse Foundation, OpenJS Foundation, NAFA, FFA. Real product names: Sigstore, in-toto, SLSA, Ollama, BitNet (Microsoft), bitnet.cpp, llama.cpp.
- Real Garrison Node components referenced: rustchain-v2, rust-sv, beacon-skill, the 23 silos, council seats 16 and 17 (Ember and Hearth), DuckDB cube, ADR-031, the seven soul-chain files, WRAPPER_MANIFEST.json.
- Public figures referenced: DeAngelo's YouTube million-killer-apps framing — credited as inspiration only.

Speculative or build-on capabilities (mesh anchoring against external public verifiers, specific runtime affordances, illustrative case-math numbers) are explicitly framed as build-on in the prose, not as current capability.

No "patent pending." No "revolutionary blockchain." No marketing froth. The cards say what the substrate does today and invite the visitor to extend.

## Cross-validation against the partnership-privacy-guard

The cards honor the layer/tier taxonomy:

- **L0 (public)** — public anchor chain receives only merkle roots
- **L1 (discoverable)** — case-file ceremony receives leaves; tag-along bundles travel with visitor only
- **L2 (contextual)** — cluster-relevant silo review notes (sealed but auditable)
- **L3 (private)** — never appears in cards; visitors' actual private data never enters sandbox
- **L4 (vault)** — recovery seed; cert.json keys; held only on visitor's hardware

No real children's data, real medical data, real legal data, real voting data, or real financial data appears in any card. All evidence is synthetic.

## Closing

This audit represents the closing pass for the S152 thread. The
verification ladder for any future card follows the same pattern:
every claim either maps to a real component on disk or is framed
as build-on. The skill at `cards_v2/skill/builder-card-skill/`
specifies this discipline as a submission requirement.

The 1,000,001th killer app, when it arrives, will be audited the
same way.

— Cowork thread, S152, 2026-04-28