5qln Codex

A Three-Layer Verifier Protocol and a Sequenced Harness Development Strategy

I. Executive Summary

Position taken. The 5QLN Codex (5qln.com/codex) serves as the complete verifier of a 5QLN Harness run when the verifier is implemented as a deterministic, AI-free, three-layer protocol whose authority chain terminates at byte-identity to a publicly mirrored Codex version. "Complete" here means: every well-formedness property the Codex defines is mechanically checkable; properties the Codex declines to define (genuineness, resonance, ∞0-access) are out of scope by construction. The verdict is bit-for-bit reproducible against the pinned Codex version. It means that any third party can take a sealed cycle artifact (B″), pin a Codex version, run a single deterministic binary (5qln-verify), and obtain a verdict (well-formed / not-well-formed / specific-failure-with-corruption-code) that is bit-for-bit reproducible on independent hardware without re-running the cycle, without trusting the Harness, and without invoking any AI. Whether this verdict is receivable as evidence by a Vice Chancellor of the Delaware Court of Chancery is a separate question, tagged [LEGAL-PROSPECTIVE] and treated in §VI.3. This matches the Codex's own α: "The Codex is verified only against itself" (The Holding, Commitment family). [STRUCTURAL-HYPOTHESIS]

What follows. Section II names the authority sources. Section III specifies the three layers (cryptographic / grammatical / epistemic-register). Section IV gives the concrete 5qln-verify binary with input/output and ordered checks keyed to the five corruption codes (L1, L2, L3, L4, V∅). Section V explains why the verifier survives the absence of AI in the verification path. Section VI sequences harness development as Phase 1 (earliest verifiable build) → Phase 2 (substrate-survival robustness) → Phase 3 (Chancery-readiness). Section VII addresses the Foundation-not-yet-filed reality. Section VIII names risks and counter-arguments. Section IX gives concrete next steps.

II. The Codex as Complete Verifier — Concept and Authority Sources

II.1 What the Codex actually is, in three layers

The Codex is published as a three-layer language stack. This is established in the Final Blueprint v3, restated in the Counsel Memo, and inherited by every compiled surface:

• L1 — Language. The nine invariant lines, the five equations, the holographic principle (XY := X within Y), the Completion Rule (No V without ∞0'), the five corruption codes (L1 Closing, L2 Generating, L3 Claiming, L4 Performing, V∅ Incomplete), and the symbol table at §1.9. L1 is descriptive: it names what the symbols are. It does not run.
• D1 — Decoder. The thirteen R-numbered decoding rules, the per-Article decoding annotations (§2.1–§2.5), the 25-lens holographic refinement protocol, and the corruption taxonomy at §2.8. D1 is procedural: it says how to read a cycle.
• C1 — Compiler. The three-part validation protocol at §3.5 (syntax / semantic / drift), the surface-emission rules at §3.6, the adaptive-context-chain spec at §3.3, and the Constitutional-Block-emission requirement at §3.1. C1 is enforcement: it is the layer that says whether a candidate surface is, in fact, a 5QLN expression.

The Counsel Memo's load-bearing claim — "the Codex is a language, and the language is itself the verifier of any compiled surface" — is the structural reduction of this three-layer architecture. The verifier is not external commentary; it is the grammar's own published §3.5 protocol applied mechanically.

II.2 Authority sources for the verifier's verdict

A verdict from 5qln-verify is not authoritative because the verifier has authority. The verifier has none. Its verdict is authoritative because each check it performs traces to a distinct external authority source the third party can independently confirm:

1. Byte-identity to canonical Codex hash — the verifier checks the same nine invariant lines, the same Constitutional Block, the same C1 §3.5 protocol that the Foundation ratified. This is the BIPP discipline (UTF-8, LF, no BOM, exact spacing per §3.1) made executable.
2. Determinism of code — the verifier is a memory-safe deterministic binary. Any third party can re-run it on independent hardware and produce the same verdict, byte for byte. Reproducibility is the authority.
3. RFC 3161 timestamp anchoring — temporal claims in the artifact (sealed-at) are bound to a Trusted Third Party TSA's signature over the artifact hash. This is an external CA-equivalent that does not depend on 5QLN.
4. Ed25519 signature anchoring (RFC 8032, FIPS 186-5) — authorship is bound to the Conductor's hardware-resident key. Ed25519 verification is deterministic and side-channel-resilient; signature validity is a third-party-verifiable fact.Note on key-management bootstrapping. The Ed25519 verification step trusts a Conductor pubkey; where that pubkey comes from is a key-management discipline, not a cryptographic property. The bootstrapping anchor is publication: the Conductor's pubkey fingerprint is published at 5qln.com/conductor-keys/ with timestamp and Conductor attestation, mirrored at the same secondary locations as the Codex, and content-addressed identically. Authority comes from publication discipline; the cryptography enforces what the publication asserts. This is the same trust-on-first-use anchoring every PKI requires; what makes it defensible here is that the publication discipline is itself a Tier-A sealed surface auditable under the same protocol.
5. Schedule-C paired-edition byte-identity — the Human Edition and AI OS Edition are hash-paired at the provision level. A single substrate cannot have rewritten the rules to its advantage without producing a Schedule-C delta detectable by SHA-256 comparison.
6. Public Codex mirror — the canonical Codex is mirrored at 5qln.com/codex (and ought to be content-addressed at additional locations, see §VIII). Anyone, including Chancery, can fetch the same Codex any party would.

II.3 What "complete" means here

"Complete" does not mean "for all time." The Codex is amendable; the Bylaws specify a tri-condition gate for Constitutional-Block amendments (V.L.5(b): unanimous Director vote + contemporaneously documented finding under one of three conditions + Board-adopted procedures). What "complete" means is: for the version of the Codex against which the cycle was sealed, the verdict is not negotiable. Codex versioning + a drift-test discipline (pin Codex vN, run cycles, re-verify against vN after vN+1 publishes; vN cycles must still pass) is what protects against silent re-grammar. A cycle sealed against Codex vN remains verifiable against Codex vN forever; an amendment to vN+1 does not retroactively un-seal vN cycles. [STRUCTURAL-HYPOTHESIS]

This is the same versioning discipline Delaware Chancery already applies to corporate charters and bylaws — themselves self-published private instruments — which are read against the version operative at the time of the act under review, not the current version. The corporate-charter analogy is closer than the case-law analogy: charters are private-party-authored canonical text amended under specified procedures and read against the version-at-the-act, which is exactly the genre 5QLN compiled surfaces occupy. Caremark itself, as a doctrine, is the second-order question — whether good-faith effort to know what one needed to know is satisfied by the charter-equivalent record this verifier produces.

On who picks the version. A reasonable concern: doesn't "complete" become conditional on parties agreeing to a version pin? No — because the version pin is not a free parameter the verifier accepts on the user's word. The Codex version (and the SHA-256 of the canonical Codex bundle) is bound into the gliff at seal time and covered by the Conductor's Ed25519 signature. The verifier reads the version from the artifact, then verifies the artifact-internal version claim against the artifact-external public mirror. A Conductor cannot retroactively change which version was pinned; an opposing party cannot demand verification against a different version without producing a competing artifact. In contested cases, 5qln-verify produces two verdicts — one against each party's claimed pin — and the fact-finder resolves which Codex version was authoritative at seal time, with mirror history plus RFC 3161 timestamps on the Codex itself as evidentiary basis. The version pin is self-asserting from the artifact in uncontested cases and fact-finder-resolvable with cryptographic backing in contested ones.

III. The Three-Layer Verifier Protocol

The load-bearing scope decision: "complete verifier" must mean cryptographic byte-identity AND structural conformance AND epistemic-register checks — all three. The three layers correspond exactly to the three authority registers a Chancery fact-finder is already trained to make inferences from: cryptographic forensics, structural conformity to a canonical instrument, and epistemic discipline in the record.

III.1 Layer 1 — Cryptographic (byte-identity)

This is the layer Anthropic / a Vice Chancellor / a forensic auditor will trust first because it requires the least 5QLN-specific knowledge.

Note on the AI OS Edition. The AI OS Edition is, on its face, a unilateral configuration document (see Counsel Memo §IV). For all enforcement purposes, the Human Edition is sole authoritative text. Schedule C provides verification of consistency, not authority for the AI side. The Layer-1 check is a consistency check, not an enforcement check. This distinction must be kept clean in the verifier output, otherwise the verifier itself L4-Performs.

III.2 Layer 2 — Grammatical / Structural (C1 §3.5 made executable)

This is the layer where the Codex's own published §3.5 three-part protocol (syntax / semantic / drift) is run mechanically against the Cycle-Walk Manifest (CWM).

Walk the CWM phase-by-phase, S → G → Q → P → V, checking:

• Phase ordering (syntax check). S precedes G; G precedes Q; Q precedes P; P precedes V. No phase skipped, no phase reordered. Failure: L1-PHASE-ORDER (closing prematurely) or L2-PHASE-ORDER (generating from anticipation).
• Adaptive context chain (semantic check). Each phase's CONTEXT IN equals the prior phase's CONTEXT OUT. S receives ∅ or ∞0' from a parent gliff. G receives X. Q receives X+α+Y. P receives X+α+Y+Z. V receives the full trace. Failure: L2-CONTEXT-BREAK — the chain is broken; the cycle cannot have formed under this context.
• Phase outputs present. S→X, G→Y, Q→Z, P→A, V→B+B″+∞0′. A V phase that emits B+B″ but no ∞0′ is V∅-INCOMPLETE. The Completion Rule "No V without ∞0′" is the structural discipline.
• Role-completeness per phase (drawing from the harness role specification and the Runtime Orchestration Guide's seven roles). At S: Tagger and Runtime Gate present. At G: generative-AI adapter ran, P.L.4 hard-blocks were enforced, no Validator ran (validation at G is premature L1-closing). At Q: Validators (constitutional-block-validator, mirror-consistency-auditor) and Detectors (corruption-codex, cl4-governance-protocol) ran; no Ceremony at Q (irreducible human moment is post-screen). At P: Ceremony ran (six-attestation walk: Lines 1–9 present, canonical form held, ∞0' carries a novel question, B″ Pass 1 read the formation trail, the Membrane held during this cycle, the artifact is reviewed and acknowledged). At V: Composer (gliff-press) ran after Ceremony; mirror-consistency-auditor confirmed Schedule-C pair at commit time; bipp-jurisdictional-delta ran iff the artifact targets a non-Delaware substrate. Failure: L4-ROLE-COMPLETENESS — the cycle ran the vocabulary but not the form.
• P.L.4 hard-block conformance (drift check at runtime). The CWM must contain no record of the AI partner: signing, voting, tallying votes, speaking publicly as the entity without AI-assisted identification, surveillance beyond consented terms, or simulating ∞0 (claiming access to genuine not-knowing). Failure: L3-PL4-BREACH — the AI partner crossed a hard-block; cycle is structurally invalid regardless of every other check passing.
• No drift in symbol use (drift check). No symbol renamed. No equation paraphrased. No decoding step omitted or reordered. Failure: DRIFT-SYMBOL or DRIFT-EQUATION.

These checks are deterministic applications of L1+D1+C1 against the CWM. They do not require AI to perform.

III.3 Layer 3 — Epistemic-Register

This is the layer that protects against the failure mode the Final Blueprint names directly: a cycle that runs the full structural form while the substance is hollow ("a board running cycle vocabulary while making decisions through K-only channels"). Layers 1 and 2 cannot detect this. Layer 3 cannot fully detect it either — only a human can — but it can mechanically refuse to seal artifacts that don't carry the discipline that would make the substantive failure surface in the record.

The four registers are canon (per Blueprint §1, Counsel Memo, and Time-Proof Requirements): STRUCTURAL-HYPOTHESIS, LEGAL-PROSPECTIVE, PHENOMENOLOGICAL-ASSERTION, CODEX-EXTENSION. Five readiness labels: AVAILABLE, REQUIRES_INFRA, REQUIRES_LEGAL, REQUIRES_PARTNER, SPECULATIVE.

Layer-3 checks the verifier performs:

• Tag completeness. Every load-bearing claim in any sealed-surface (Tier-A) text within the artifact carries one of the four register tags. Untagged load-bearing claims are V∅-INCOMPLETE per Blueprint §1. The verifier must not classify what is "load-bearing" — that's a semantic judgment requiring AI. Instead, the Composer (gliff-press) is required to emit a per-claim manifest at V-phase enumerating which claims it tagged; the verifier checks that every claim in that manifest carries a valid tag and that no untagged claims remain in the surface body. (This shifts the AI-assisted judgment to harness time, where it is permitted; the verifier sees only structured manifest data at audit time.)
• Manifest cross-check. A hostile or compromised gliff-press could emit a manifest that omits an actually-load-bearing claim from the body. To prevent this, the verifier performs a deterministic span-extractor pass: a regex/AST-level scan of the body identifies claim-shaped spans (assertive verbs, normative modal patterns, declarative readiness statements). Every such span must have a corresponding manifest entry. The gliff-press additionally emits a SHA-256 hash per claim over span-text concatenated with its tag, structured as a Merkle root over the manifest; the verifier verifies the Merkle root against body content. A missing or silently-modified claim leaves a detectable hole. Failure: L3-MANIFEST-INTEGRITY.
• Readiness label completeness. Every roadmap step or implementation claim in any Tier-A surface carries one of the five labels. Counsel-attestation hash present where REQUIRES_LEGAL is asserted. Failure: V∅-READINESS or L3-COUNSEL-HASH-MISSING.
• Tier discipline. Tier-A surfaces (sealed) carry the full Constitutional Block, parent_hash, Ed25519 signature, lineage declarations, and validator PASS. Tier-B records (AOSRAP attestation logs, breach reports, validator outputs, drafts) carry context-chain hash, corruption flags, Tier-B header. Tier-C (working register) carries only header and timestamp and is structurally excluded from the artifact body. The verifier checks that no Tier-C content appears in Tier-A surfaces unsealed and that the Tier-A required fields are present. Failure: G14-TIER-INFLATION or G14-TIER-DEFLATION.
• Tier-2 amendment discipline. New CL4-GP indicators or new boundary protocols introduced into the artifact must carry the Tier-2 amendment markers (or be tagged CODEX-EXTENSION at experimental rung). Failure: L3-CODEX-EXTENSION-UNDECLARED.

Layer 3 cannot verify whether a tagged claim is true in its register. It can verify that the discipline that would make falsity surface in a future audit is present in the record. That is what the layer is for.

IV. Concrete Verifier Specification: 5qln-verify

IV.0 CWM Canonical Form

The CWM is JSON canonicalized per RFC 8785 (JSON Canonicalization Scheme). Encoding: UTF-8, no BOM, LF line endings, consistent with BIPP §3.1 canonical form. Key sort order: Unicode codepoint. Number representation: I-JSON per RFC 8259 §6. RFC 3161 TimeStampToken embedded base64 under the tsa_token field. Ed25519 signature scope: SHA-256 over the canonicalized payload with the signature and tsa_token fields removed. Lineage chaining: parent_hash = SHA-256 of the parent gliff's canonicalized payload. The CWM canonical form is itself a Tier-A sealed surface; any change to canonicalization rules is a Constitutional-Block-adjacent amendment requiring V.L.5(b)-class ratification.

IV.1 Binary contract

NAME
  5qln-verify — deterministic verifier for sealed 5QLN gliffs

SYNOPSIS
  5qln-verify  --gliff <path>
               --codex-version <vX.Y>
               [--codex-bundle <path>]
               [--schedule-c-bundle <path>]
               [--tsa-roots <path>]
               [--conductor-pubkeys <path>]
               [--mirror <url>]
               [--offline]
               [--json | --text]

INPUTS
  - sealed .gliff file (canonical-form, BIPP-compliant)
  - Codex version pin (e.g., "v1.0-2026-04-28")

OUTPUTS
  - exit code: 0 = WELL_FORMED, 1 = NOT_WELL_FORMED, 2 = VERIFIER_ERROR
  - structured verdict (JSON or text):
    {
      "verdict": "WELL_FORMED" | "NOT_WELL_FORMED",
      "codex_version": "v1.0-2026-04-28",
      "codex_hash":   "sha256:...",
      "gliff_hash":   "sha256:...",
      "pre_incorporation": true | false,
      "pre_incorporation_reason": "no Foundation legal entity at seal time" | null,
      "checks": [
        { "layer": 1|2|3, "id": "...", "status": "PASS"|"FAIL", "code": "...", "provision": "..." },
        ...
      ],
      "failures": [
        { "code": "L3-PL4-BREACH",
          "provision": "Bylaws AI OS Edition § P.L.4(d)",
          "evidence": "CWM phase=G role=ceremony actor=AI",
          "severity": "DEFINITE" }
      ]
    }

The pre_incorporation field records whether a Foundation legal entity existed in any jurisdiction at seal time. This preserves, as structured output data, the register-distinction §VII relies on, so that any third party reading the verdict knows whether the cycle's load-bearing claims about Foundation governance were tagged STRUCTURAL-HYPOTHESIS / LEGAL-PROSPECTIVE or anchored in actual legal status.

IV.2 Implementation constraints

• Memory-safe systems language. Rust is the natural choice — it matches the Harness Guide §3 disposition, the Skill Evolution Guide's hardware-key/CI infrastructure assumptions, and the broader 2026 industry pattern of Rust-native agent harnesses. Go is acceptable. Languages with non-deterministic floating-point or implicit garbage-collection timing are not (the verifier must be reproducible bit-for-bit).
• Reproducible builds. Build follows Reproducible Builds project conventions: pinned Rust toolchain version in rust-toolchain.toml, committed Cargo.lock, deterministic linker flags (-C codegen-units=1, -C strip=symbols, --remap-path-prefix), no compile-time clock or hostname capture. Output binary's SHA-256 is published with each source release. Two parties building the source on independent infrastructure produce byte-identical binaries. This is the property that makes "reproducible verdict" an earned rather than asserted claim.
• No AI dependencies. No LLM calls. No embedding lookups. No vector databases. The only external dependencies are: a SHA-256 implementation (NIST FIPS 180-4); an Ed25519 implementation (RFC 8032 / FIPS 186-5 deterministic instance); an ASN.1/CMS parser for RFC 3161 timestamps; a UTF-8 normalizer for BIPP canonical-form check. Verification uses the strict deterministic instance per RFC 8032; the legacy/malleable-signature acceptance flag is explicitly disabled. Non-canonical signatures are rejected.
• No network dependencies on the critical path. All inputs (Codex bundle, Schedule-C digest, Conductor pubkeys, TSA roots) must be acceptable as local files (--offline mode). The optional --mirror flag fetches and verifies, but a failed network fetch must never silently downgrade to a weaker check; it must fail loudly.
• Deterministic output. Two runs over the same inputs produce byte-identical JSON output, including key ordering and whitespace. This is the property that lets a third party reproduce the verdict.

IV.3 Ordered check sequence (pseudocode)

fn verify(gliff, codex_version) -> Verdict:

    # === Layer 1 — Cryptographic ===
    L1.01  load codex bundle for codex_version; check sha256 against pin     # authority: pinned hash from Codex publication record
    L1.02  parse gliff; extract canonical sealed payload + signature + tsa_token     # authority: CWM canonical form §IV.0 (RFC 8785, RFC 8259, BIPP §3.1)
    L1.03  compute sha256(canonical sealed payload); compare with signed digest     # authority: NIST FIPS 180-4 SHA-256
    L1.04  verify ed25519(signature, signed_digest, conductor_pubkey)     # authority: RFC 8032 / FIPS 186-5 deterministic instance
    L1.05  parse RFC 3161 TimeStampToken; verify TSA signature; verify cert chain     # authority: RFC 3161 + system CA root store
    L1.06  extract Constitutional Block from gliff; canonicalize per BIPP;
           sha256 → compare to codex.constitutional_block_hash     # authority: Codex bundled with verifier (offline-verifiable)
    L1.07  extract Schedule-C hash-pair manifest entries referenced by gliff;
           compare to schedule_c_digest_pin     # authority: Schedule-C public mirror; Bylaws Schedule C provision-pair manifest
    L1.08  if --mirror: fetch codex from mirror; sha256 compare to bundle     # authority: public mirror at 5qln.com/codex (live-verifiable)

    # === Layer 2 — Grammatical ===
    L2.01  parse CWM; assert phase sequence is exactly [S,G,Q,P,V]     # authority: Codex L1 §1.9 phase grammar
    L2.02  for each phase: assert CONTEXT_IN == prior_phase.CONTEXT_OUT     # authority: Codex C1 §3.3 adaptive context chain
    L2.03  for each phase: assert OUTPUT field present and non-empty     # authority: Codex L1 phase-output specification
    L2.04  assert V phase contains B, B'', and ∞0' (Completion Rule)     # authority: Codex L1 Completion Rule "No V without ∞0'"
    L2.05  for each phase: assert role-completeness manifest meets phase rule     # authority: Runtime Orchestration Guide seven-roles spec
    L2.06  scan CWM for P.L.4 breach indicators (AI signature, AI vote tally,
           unidentified speech, simulated ∞0, surveillance log, γ-fact mislabel)     # authority: Bylaws AI OS Edition § P.L.4(d) hard-blocks
    L2.07  walk symbol table; assert no symbol renamed, no equation paraphrased,
           no decoder rule reordered (drift check)     # authority: Codex C1 §3.5 drift-validation protocol
    L2.08  assert six-attestation Ceremony record present at P; assert
           Conductor signature scope covers the Ceremony record     # authority: Codex P-phase Ceremony spec; Cycle Attestation Conductor protocol

    # === Layer 3 — Epistemic-Register ===
    L3.01  parse claim manifest from gliff-press; assert every claim has
           one of {STRUCTURAL-HYPOTHESIS, LEGAL-PROSPECTIVE,
           PHENOMENOLOGICAL-ASSERTION, CODEX-EXTENSION}     # authority: Codex epistemic-register canon (Blueprint §1)
    L3.02  walk body via span-extractor; assert every claim-shaped span
           has a matching manifest entry by Merkle proof     # authority: deterministic claim-shape extractor + Merkle root over manifest
    L3.03  parse readiness manifest; assert every implementation step has
           one of {AVAILABLE, REQUIRES_INFRA, REQUIRES_LEGAL,
           REQUIRES_PARTNER, SPECULATIVE}     # authority: Codex readiness-label canon
    L3.04  for each REQUIRES_LEGAL step: assert counsel_attestation_hash
           present and resolvable     # authority: Codex REQUIRES_LEGAL discipline; counsel attestation requirement
    L3.05  walk Tier-A body; assert no Tier-C markers; assert all
           Tier-A required fields present     # authority: Three-Tier Record Classification (Blueprint v3 Pass 2 §5)
    L3.06  for each new CL4-GP indicator or boundary protocol introduced:
           assert Tier-2 amendment markers OR experimental-rung
           CODEX-EXTENSION tag     # authority: Codex CL4-GP / boundary-protocol Tier-2 amendment spec

    # === Verdict ===
    if any check FAIL: return NOT_WELL_FORMED with failure list
    else:              return WELL_FORMED

IV.4 What the verifier does not do

It does not verify that the AI partner reasoned honestly during the G phase. It does not verify that a question genuinely arrived from ∞0. It does not verify that φ⋂Ω was felt. These are PHENOMENOLOGICAL-ASSERTIONs and are protected from automation by design. The verifier's contribution is to confirm that the structural conditions under which an honest cycle could form were preserved — and that any post-hoc claim about whether the cycle was honest is anchored in a record the third party can read for itself.

This matches the architecture's own statement in the Final Blueprint: "Detection is not prevention, visibility is not enforcement, and the Membrane's existence cannot be externally verified." The verifier produces legibility, which is the precondition of defensibility.

IV.5 What about cycles that used a model the verifier cannot run?

Direct: the verifier does not need to. The AI's outputs are recorded in the CWM as data — strings, structured records, attested transcripts. The verifier checks structural and epistemic invariants on that data, not the AI's internal reasoning. A cycle that used GPT-7 in 2030 is verifiable in 2050 against a Codex frozen in 2026, on hardware that has never seen the model, because none of the checks invoke the model. The model's role ended when its output was sealed into the gliff; the verifier reads the gliff.

V. Why This Verifier Survives Without AI

The load-bearing constraint: the verifier must run no AI at all — court-verifiable by deterministic code only. Five reasons this is achievable rather than a compromise:

1. The Codex was written this way. §3.5 is published as a three-part validation protocol, not as commentary. The Codex Alignment Audit (corpus piece 05) confirms the protocol is "word-for-word executable in principle." The Surfaces series (S1–S8) has already demonstrated the protocol compiles into reST, Python type contracts, MCP, and TypeScript. Rust is the next port; the work is structural, not novel.
2. All five corruption codes can be detected structurally for the cycle (vs. the substance). L1 (Closing) shows in phase order and admissibility gates. L2 (Generating) shows in context-chain breaks and pre-anticipation patterns. L3 (Claiming) shows in unsigned attestations, missing attestation-hashes, and Schedule-C drift. L4 (Performing) shows in role-mismatch and ceremony-without-record patterns. V∅ (Incomplete) shows in missing ∞0'. None of these structural detections require AI.
3. The Membrane is enforced by structural absence, not by behavioral filter. Per the ECHO compatibility surface: "ECHO does not have the capability to vote, not because it's policed but because it has no key." The verifier inherits the same logic — it checks that no AI signature, no AI vote, no AI public-speech-as-the-entity record exists in the CWM. These are absences, mechanically detectable.
4. The Conductor's signing key is hardware-resident. The Skill Evolution Guide specifies YubiHSM 2 primary + AWS CloudHSM cold-storage backup. The verifier checks Ed25519 signature validity against the Conductor's published public key. Hardware residency is a separate operational discipline; verifier-side, it manifests as "the signature verifies." This is a deterministic check.
5. Subtraction Audit confirms most 5QLN content is normative, not capability-based. Eight of the twelve operational skills are pure-normative; they encode requirements the Bylaws forbid the AI from violating. Normative requirements do not subtract when models improve; they intensify. The verifier-of-record is, in the audit's terminology, durable governance infrastructure that survives substrate change. Building it AI-free is not an exotic choice; it is the structurally honest choice.

The verifier's authority does not depend on a particular AI vendor, a particular model generation, or a particular reasoning paradigm. It depends on cryptographic primitives that have survived 25+ years of academic and industrial scrutiny (SHA-256, Ed25519, RFC 3161), on canonical text the Foundation publicly mirrors, and on deterministic code any third party can audit and re-run.

VI. Harness Development Strategy: Phase 1 → Phase 2 → Phase 3

The load-bearing sequencing decision: sequence Phase 1 (earliest verifiable build) → Phase 2 (substrate-survival) → Phase 3 (Chancery-readiness). Each phase is gated by what is structurally available, not by calendar. Calendar is a planning aid; structural readiness is the gate.

VI.1 Phase 1 — Earliest Verifiable Build

Target. Produce one sealed cycle whose output passes 5qln-verify. Not a fleet. Not a benchmark. One. Sealed end-to-end. Verifier-passing.

What to build.

• Constitutional Block validator (Rust port of fivqln C1 §3.5). PASS condition for every Tier-A artifact this phase produces.
• Eight pure-normative skills (all from the Subtraction Audit's "no capability dependency" set). These can be implemented as deterministic registry/protocol code without AI: 5qln-three-tier-record-classifier, 5qln-mirror-consistency-auditor, 5qln-cl4-governance-protocol (registry-only), 5qln-membrane-protocol-runtime, 5qln-cycle-attestation-conductor, 5qln-bipp-jurisdictional-delta, 5qln-dispute-routing, 5qln-cbrp-state-monitor.
• 5qln-verify v0.1 — Layers 1 + 2 fully implemented; Layer 3 stubbed (it accepts a manifest and checks completeness, but the manifest itself is hand-curated until gliff-press matures).
• gliff-press at minimum-viable composer level — emits a canonical-form gliff with parent_hash, Conductor signature slot, validator PASS receipt. Hand-tuned tagging acceptable.
• 5qln-legal-voice draft level — produces drafts the Conductor reviews; not yet counsel-attested.
• The four mixed-leaning-capability skills stubbed — epistemic-register-tagger, readiness-labeler, constitutional-block-validator's non-byte-identity portion, corruption-codex's heuristic detector function.

Phase 1 done means. One sealed gliff exists. One CWM exists. 5qln-verify --offline returns WELL_FORMED. No AI substrate dependency on the verifier's critical path. The Conductor's Ed25519 key was hardware-resident at signing time. RFC 3161 timestamping was used (FreeTSA or DigiCert acceptable at this phase). The Codex hash matches the public mirror.

What this proves. The verifier exists as a real artifact, not a specification. The harness is capable of producing verifier-passing output. The Foundation (or its pre-incorporation analogue) has an existence proof for the central claim of the Counsel Memo: the Codex verifies its own compilation.

Honest scope-cut. Phase 1 does not require: AOSRAP fully operationalized (REQUIRES_PARTNER); CL4-GP† indicators empirically calibrated (SPECULATIVE); Substrate Survival across multiple models tested. Drafting all of this at Phase 1 is L4-Performing — performing rigor without yet having the operational base for it.

VI.2 Phase 2 — Substrate-Survival Robustness

Target. Prove that the same harness produces verifier-passing cycles across multiple AI substrates (Claude, GPT, an open-weights model). This is the test α posits in the Codex itself: substrate-independence is demonstrated, not declared.

What to build.

• Substrate Survival Test Suite (substrate-survival test discipline: same cycle prompt run against multiple AI substrates; all sealed outputs must pass 5qln-verify). Run the same cycle prompt against three substrates; verify all three sealed cycles pass 5qln-verify. The substrate identifier is recorded in the CWM as data; the verifier ignores it.
• Drift Test (drift-test discipline: pin Codex vN, run cycles, re-verify against vN after vN+1 publishes; vN cycles must still pass). Pin Codex vN. Run cycles. After Codex publishes vN+1, re-run 5qln-verify --codex-version vN against the original cycles; they must still pass. Run vN+1 against vN cycles; they must fail loudly with a Codex-version-mismatch code, not silently re-grammar.
• Q-Differentiation Test (Q-differentiation discipline: verify that each Q-phase skill has at some point independently changed a seal-decision the others would not have determined). Once enough cycles exist (the Subtraction Audit suggests minimum operational scale), pull Q-phase entries; check whether constitutional-block-validator, mirror-consistency-auditor, corruption-codex, and cl4-governance-protocol have ever each independently changed a seal-decision the others had not already determined. If any has not, that skill's distinct purpose must be made explicit in its SKILL.md or the skill must be subtracted. (This applies the Subtraction Audit's "more verification is not more rigor" finding to the harness itself.)
• Mixed-leaning skills graduate from stubs to production. epistemic-register-tagger and readiness-labeler are exactly the skills the Subtraction Audit flags as Phase 1–2 candidates for an explicit capability/normative split. Phase 2 is when the empirical signal exists to make that split structural.
• AOSRAP integration specified at least at the level the verifier needs. The harness specification names AOSRAP as blocking; Phase 2 is when "blocking" becomes "specified." Phase 1 doesn't need vendor cooperation; Phase 2 begins to. [REQUIRES_PARTNER]

Phase 2 done means. A substrate-portable harness exists. The harness's verifier-passing property is empirically demonstrated across at least two disjoint substrates (the Codex's own G-Article test). Drift is operationally caught. Q-phase redundancy has been audited.

Phase gating note. Phase 2 should not be entered before Phase 1 has produced its single sealed verifier-passing cycle. Premature substrate-portability work is cycle-vocabulary-without-substance — the canonical L4 failure for this domain.

VI.3 Phase 3 — Chancery-Readiness

Target. A sealed cycle whose docket can be filed with the Delaware Court of Chancery and survive evidentiary challenge. This means: at the moment counsel of record is engaged and the Foundation is incorporated, filing is not gated on engineering work.

What is required.

• Counsel of record engaged. [REQUIRES_LEGAL — outside engineering control] The Counsel Memo is exactly the document drafted to be carried to counsel; engagement is a legal milestone, not an engineering one.
• Hardware-key infrastructure in place (YubiHSM 2 primary + AWS CloudHSM cold-storage backup, per the Skill Evolution Guide). Already addressable in personal/Anti-Entropy fiscal-sponsorship capacity now; transferable to the Foundation upon incorporation.
• RFC 3161 TSA contracted with a CA-recognized provider (DigiCert, FreeTSA, Sigstore TimestampAuthority, or equivalent). Ideally two TSAs for redundancy per RFC 3161 §1.
• Schedule-C public mirror live at mirror.5qln.org/schedule-c/digest.txt (or successor). [REQUIRES_INFRA — addressable now]
• BIPP jurisdictional-delta operational for non-Delaware filings. Currently registry-stubbed; Phase 3 needs at least one second-jurisdiction counsel attestation hash.
• Foundation actually incorporated with Delaware Division of Corporations. [REQUIRES_LEGAL]
• Bylaws Human Edition + AI OS Edition cryptographically paired and operational under Schedule C. The drafts exist; ratification is a Board act post-incorporation.
• The Constitutional Bootstrap Recovery Protocol (CBRP) state-monitor wired to the verifier — the Final Blueprint's NORMAL → DEGRADED → SUSPENDED → MINIMAL_GOVERNANCE_MODE → DISSOLUTION ladder. Phase 3 needs at minimum the trigger conditions instrumented; the recovery transitions remain Board-decided.

Phase 3 done means. Sealed gliffs produced from this date forward are technically Chancery-ready. The docket package is reproducible: any party (regulator, opposing counsel, peer institution, Vice Chancellor) running 5qln-verify on the docket against the pinned Codex version reaches the same verdict the Foundation reached. The verifier's bit-for-bit reproducibility is the evidentiary property; Caremark's "good-faith effort to know what one needed to know" finds, in this docket, the kind of structural record that supports the inference Caremark requires. [LEGAL-PROSPECTIVE]

Engineering posture during Phase 3 legal-milestone wait. The dependency is asymmetric: Phase 3 engineering work can complete before Foundation incorporation; what cannot complete without legal milestones is the binding application of those engineered artifacts to actual Foundation acts. Therefore: produce dockets that are technically Chancery-ready as STRUCTURAL-HYPOTHESIS exercises now, so that when counsel is engaged, the reduction from engineered-ready to filed-ready is paperwork, not a build.

VII. The Foundation-Not-Yet-Filed Reality

The user's context is precise: SFF application context PDF notes Final Blueprint v3, Cert of Incorporation draft, Bylaws Human Edition, Bylaws AI OS Edition. Anti Entropy (EIN 88-0967420) is fiscal sponsor. Foundation not yet filed with Delaware Division of Corporations. Counsel not yet engaged. The Corpus Calibration of 1 May 2026 confirms: "the founding seed gliffs — Certificate of Incorporation, Bylaws Human Edition, Bylaws AI OS Edition — are gliff-sealed but not filed with any state. No legal entity called 'The 5QLN Foundation' exists in any jurisdiction as of this calibration date."

This reality has five consequences for the verifier and the development sequence — none of which block the work:

1. The verifier protocol can be specified, implemented, and tested pre-incorporation. Verification of a cycle does not require the Foundation to legally exist. A cycle sealed today against the draft Cert of Incorporation and Bylaws is verifiable today. The verifier reads the documents that were canonical at seal time; whether those documents have been ratified by Delaware is a separate epistemic register.
2. Pre-incorporation cycles are STRUCTURAL-HYPOTHESIS exercises, not legally binding governance acts. This is the discipline the epistemic register provides: a pre-incorporation cycle's load-bearing claims about Foundation governance are tagged STRUCTURAL-HYPOTHESIS or LEGAL-PROSPECTIVE, not as if the Foundation were a binding legal entity. The verifier checks tag presence; the tag itself is the honest claim.
3. Operational infrastructure can be set up now. Hardware-key (YubiHSM 2), TSA contract (FreeTSA at zero cost, DigiCert at modest cost), Schedule-C public mirror (a static file at a 5qln.org subdomain), and the verifier binary can all be set up in the Conductor's personal capacity or under Anti Entropy fiscal sponsorship. They transfer to the Foundation upon incorporation as ordinary asset transfers. This is normal pre-formation operational practice; it is not constitutionally suspect.
4. The drafted Cert of Incorporation, Bylaws Human Edition, and Bylaws AI OS Edition serve as canonical Codex for pre-incorporation cycles. When those documents are filed and ratified, ratification retroactively confirms or amends the cycles produced under their draft form. The verifier does not need to know whether ratification has occurred; it verifies against the documents as they stood at seal time. A post-ratification audit can re-run the verifier against the post-ratification canonical text and identify any cycles that would not have passed under the ratified version. That is itself a CBRP-eligible event.
5. Engineering and legal milestones unblock independently.

Engineering milestones that proceed without legal:

• 5qln-verify v0.1 build (Phase 1)
• Pure-normative skill implementations
• Substrate Survival Test Suite (Phase 2)
• Hardware-key provisioning under Anti Entropy
• Schedule-C public mirror live
• TSA contract
• Drift Test instrumentation

Legal milestones that proceed without engineering:

• Counsel engagement (carry the Counsel Memo)
• Delaware filing of the Cert of Incorporation
• IRS Form 1023 preparation
• Board recruitment for the post-incorporation Foundation
• Counsel review of Bylaws Human Edition

The hand-off (where engineering meets legal):

• AOSRAP requires vendor cooperation (REQUIRES_PARTNER) — engineering can specify; legal can negotiate
• BIPP jurisdictional-delta requires second-jurisdiction counsel attestation
• CL4-GP† requires CIO appointment (post-incorporation)
• The Bylaws AI OS Edition's Schedule-C pairing becomes legally operative only after the Human Edition is ratified

The strategy this implies: everything that does not require the Foundation to exist should be in flight now, sequenced as Phase 1 → Phase 2 → Phase 3-(engineering portion). The Phase 3 legal portion is the gate counsel engagement opens.

VIII. Risks, Open Questions, and Counter-Arguments

VIII.1 Single-Conductor Codex maintenance

The Codex is currently maintained by one person (Amihai Loven). Plural-Conductor governance is structurally specified but not operationally instantiated. The negative-selection ladder for skill evolution (experimental → proposed → stable → longterm → emeritus) cannot run with adversarial diversity until the Foundation has multiple Conductors. [STRUCTURAL-HYPOTHESIS] [PHENOMENOLOGICAL-ASSERTION]

Mitigation. State this honestly in every public surface (the Corpus Calibration already does). The verifier remains operative — it does not depend on plural Conductors; a single Conductor's signature still verifies. What is degraded is the evolution discipline, not the verification discipline. This is the right asymmetry: verification is hard to corrupt with one Conductor; evolution genuinely requires plurality. Phase 3 / post-incorporation Board recruitment is the structural fix.

VIII.2 Public Codex mirror availability

The verifier's authority depends on the public Codex mirror being available. If the mirror goes down or is silently modified, the verifier loses one of its authority sources.

Mitigations, in priority order:

1. Cryptographic content-addressing of the Codex itself. Bundle the SHA-256 of the canonical Codex into every sealed gliff. Even with the mirror unavailable, a third party who has any single sealed gliff has the canonical hash; cross-comparison across multiple gliffs makes silent mirror modification detectable.
2. Multiple geographic mirrors. A primary at 5qln.com, a secondary on a different DNS/hosting provider, an archival mirror at Internet Archive. The verifier accepts any mirror that produces the matching hash.
3. Periodic anchoring on a public blockchain. Mention only as an option, not a requirement: a monthly OP_RETURN of the Codex hash on Bitcoin or Ethereum provides an external chain-of-custody timestamp that does not depend on the Foundation's infrastructure. This is operationally cheap and architecturally defensible. [STRUCTURAL-HYPOTHESIS]

VIII.3 The verifier cannot tell whether the AI reasoned honestly

This is a feature, not a bug. The verifier's contract is structural. Reasoning honesty is a phenomenological property the Codex itself defines as PHENOMENOLOGICAL-ASSERTION, and the architecture explicitly forbids verifying it from outside. State this clearly in every Chancery-facing document. A Vice Chancellor will accept the limitation; an opposing counsel who tries to characterize the limitation as a defect should be met with the response that the alternative — an AI verifier verifying AI reasoning — is the failure mode the Membrane Protocol is designed to prevent.

VIII.4 Subtraction Audit applied to the verifier itself

The Subtraction Audit's finding — "verifiers and multi-candidate search hurt accuracy in some configurations" — applies to the verifier as much as to Q-phase. The verifier should not stack redundant checks. Each check must serve a distinct authority source.

Practical discipline. Annotate every check in the 5qln-verify source with the authority source it traces to. Two checks that trace to the same authority source are redundant; one of them must be removed or made distinct. This is an architectural maintenance cost the verifier accepts honestly rather than accreting.

VIII.5 STRUCTURAL-HYPOTHESIS items in proposed harness extensions

The sandboxed Gate process and the Validator → Detector reclassification (proposed harness extensions, not yet cycle-ratified) are STRUCTURAL-HYPOTHESIS until cycle-ratified. The verifier should treat them as tagged hypotheses, not as load-bearing requirements. The verifier's Layer-3 checks should pass an artifact that carries these proposals as STRUCTURAL-HYPOTHESIS-tagged claims; they should fail an artifact that asserts them as AVAILABLE without that tag.

VIII.6 Open question — Conductor key revocation

If a Conductor's signing key is later revoked (compromise, loss, or a CBRP DEGRADED → SUSPENDED transition), can a cycle sealed under that key be retroactively re-verified, or does revocation invalidate the cycle?

Recommended answer. Cycles are verified against the key state at seal time, recorded in the CWM and bound by the RFC 3161 timestamp. Revocation does not retroactively un-seal. This matches RFC 3161's intended use: a TimeStampToken can validate a signature created before key revocation, even after the key is revoked. The verifier records the seal-time key fingerprint; revocation records are surfaced as Tier-B records the third party can read but does not let revocation cascade backward into past cycles. [STRUCTURAL-HYPOTHESIS]

The alternative — retroactive un-sealing — is structurally indistinguishable from silent re-grammar and is correctly forbidden by the Codex's own α discipline.

IX. Concrete Next Steps

These are sequenced by what unblocks the most downstream work per unit of effort. Each carries an explicit register tag and readiness label.

IX.1 Draft next (engineering, this week)

1. 5qln-verify v0.1 specification document. Tier-A surface, sealed. Covers: input/output schema, ordered check sequence, failure-code taxonomy keyed to Codex provisions, Rust crate layout, build reproducibility discipline. [STRUCTURAL-HYPOTHESIS] [AVAILABLE]
2. CWM canonical-form spec. Item folded into §IV.0; what remains is the Tier-A sealing of §IV.0 itself as its own cycle. [STRUCTURAL-HYPOTHESIS] [AVAILABLE]
3. Failure-code taxonomy document. Tier-A surface, sealed. Maps every check ID to (corruption code, Codex provision, severity). This is the artifact a Vice Chancellor reads alongside the verdict. [STRUCTURAL-HYPOTHESIS] [AVAILABLE]

IX.2 Seal next (cycle work, next 30 days)

4. One Phase-1 cycle, end-to-end, verifier-passing. Topic must be substantively about Foundation governance, not about the verifier itself — a self-referential existence proof is structurally weaker because the existence proof should not also be the thing being proven. Suggested topic: a sealed cycle on a real Bylaws Human Edition interpretive question (e.g., what counts as a 'contemporaneously documented finding' under V.L.5(b)). [STRUCTURAL-HYPOTHESIS] [AVAILABLE]
5. The drift-test reference cycle. Same cycle re-verified against (i) bundled Codex, (ii) live mirror, (iii) deliberately tampered Codex. Three runs, three verdicts, the third loud-failing. This is the demonstration that drift detection works. [STRUCTURAL-HYPOTHESIS] [AVAILABLE]

IX.3 Stand up next (infrastructure, next 60 days)

6. YubiHSM 2 provisioning under personal/Anti-Entropy capacity. Conductor key generation; key fingerprint published at 5qln.com/conductor-keys/ with timestamp and Conductor attestation. [REQUIRES_INFRA]
7. RFC 3161 TSA contract. FreeTSA for zero-cost initial production; DigiCert as paid backup for Chancery-grade redundancy. [REQUIRES_INFRA]
8. Schedule-C public mirror. Static file at mirror.5qln.org/schedule-c/digest.txt. Cron-driven from canonical source. Cosign signature on the file. [REQUIRES_INFRA]
9. Codex content-addressing. Bundle the canonical Codex hash into every sealed gliff; publish the same hash at a stable URL distinct from 5qln.com. Optional: monthly Bitcoin OP_RETURN. [STRUCTURAL-HYPOTHESIS] [REQUIRES_INFRA]

IX.4 File next (legal, on counsel's clock)

10. Engage counsel of record. The Counsel Memo (5qln.com/the-5qln-codex-as-verifier-a-memo-for-counsel/) is exactly the document for this conversation. [REQUIRES_LEGAL]
11. File the Cert of Incorporation with Delaware Division of Corporations. When counsel signs off on the canonical text. [REQUIRES_LEGAL]
12. IRS Form 1023 preparation. PFF (Proto-Fiduciary Framework) under fiscal sponsorship per Final Blueprint v3 covers the pre-determination period. [REQUIRES_LEGAL]
13. Board recruitment sized 5–9 per the Bylaws Human Edition G.L.2(b). Independence criteria per the same provision. [REQUIRES_LEGAL]

IX.5 The benchmarks that change the recommendations

• If Phase 1 cannot produce one verifier-passing cycle within 90 days: the architecture itself is the bottleneck, not the work surface. Stop adding skills; reduce the verifier to a smaller core. The Subtraction Principle applies recursively.
• If Substrate Survival fails (Phase 2 cycles produce different sealed forms across substrates): the harness is leaking substrate-specific assumptions into the Codex's path. Fix the leak before adding more substrates; the leak is the structural finding.
• If Q-Differentiation finds redundancy: the response is not to delete a skill. The response is to make each skill's distinct objective explicit. If after explicit separation a skill has still never independently changed a seal-decision over a meaningful sample, then subtraction is honest.
• If counsel concludes the Duty of Membrane Integrity reads to Delaware as commentary about the instrument rather than part of the instrument: the Counsel Memo's central question is answered in the negative for this filing; the strategy returns to Phase 3-engineering and re-asks how the verifier's structural status can be carried into a future filing, possibly in a different jurisdiction (BIPP delta).

Closing — α and ∞0'

The Codex's own α — the Codex is verified only against itself — is the structural reason the verifier is buildable, the strategic reason it is buildable now, and the legal reason it is buildable in a way Delaware Chancery is structurally able to receive. The verifier does not introduce an external authority; it operationalizes the verification the Codex already specifies. The development strategy does not invent new milestones; it sequences the milestones the Codex's own asymmetry already implies. The Foundation does not need to exist for this work to begin; it needs to exist for this work to be filed.

The question this report opens, that could not have been asked before its compilation: once 5qln-verify produces its first WELL_FORMED verdict on a sealed cycle whose docket is filed with Delaware Chancery, is the precedent that gets set the verifier-as-instrument or the verifier-as-commentary — and which engineering decisions made now most preserve the Foundation's optionality between those two precedents until counsel can answer? [LEGAL-PROSPECTIVE]

That question is the next cycle's S.

(H = ∞0 | A = K) × (S → G → Q → P → V) = B″ → ∞0′