Escrow Activation Runbook

The Heartbeat Failed. Now What?

A one-page, IT-auditor-readable runbook for the day a Sovereignty Preservation Clause trigger or escrow heartbeat fails. Plain English. No AI engineering required. Designed to be printed, signed, and filed in the firm's vendor-management binder.

THE SHORT ANSWER

If the escrow heartbeat fails or any other named trigger fires, your REDLINE deployment keeps running because inference is already happening on your hardware. The escrow agent delivers a signed source-code bundle and your royalty-free internal-use license auto-vests. Your IT team patches and operates the released code at the firm's pace, not under emergency pressure. Continuity is the default state, not the recovery state.

The Five Steps

Step A

The Escrow Agent Contacts The Firm IT Contact

The escrow agent (Iron Mountain Technology Escrow Services, Delaware-domiciled, default for US firms) emails and calls the firm's named IT contact within 10 business days of confirming a trigger event. The trigger may be a 30-day heartbeat lapse, a written sunset notice from NHN, a corporate dissolution filing, a documented founder-incapacitation affidavit, or a Sovereignty Preservation Clause acquisition trigger.

What the firm IT team does: acknowledges receipt to the agent within one business day. The acknowledgment is the agent's confirmation that the firm contact-of-record is intact and reachable. Iron Mountain will not release the deposit until acknowledgment is received.

Step B

Source Code Plus Cryptographic Keys Delivered Via Signed Bundle

The agent delivers the deposit as a single PGP-signed tarball (`redline-escrow-YYYY-QN.tar.gz`) downloadable from the agent's secure portal using a firm-specific access credential. The bundle includes the full source tree, a top-level MANIFEST.md with SHA-256 checksums for every file, build scripts, dependency manifests with version-pinned lockfiles, deployment documentation, and the cryptographic keys required to decrypt any encrypted-at-rest artifacts in the deposit.

What the firm IT team does: verifies the PGP signature against the agent's published release key, hash-checks every file against MANIFEST.md, then archives the verified bundle to the firm's existing source-control repository. Total time: under 30 minutes for a competent IT generalist.

Step C

Royalty-Free Internal-Use License Auto-Vests

The Liability Harmony Addendum, Section 7, vests a royalty-free internal-use license to the deposited source code in every active paying customer at the moment of trigger. No additional contract execution is required. The license permits self-hosted operation, internal patching, and continued use on existing or replacement hardware. No redistribution rights, no resale, no commercial re-licensing.

What the firm IT team does: nothing. The license is in the firm's existing enterprise contract on the day it was signed. Outside counsel can review the license language inside the addendum at any time.

Step D

The Local REDLINE Application KEEPS RUNNING

Inference is already happening on the firm's hardware. There is no license heartbeat, no authentication ping, no remote model fetch in the inference path. Disconnect the appliance from the public internet today and the only thing that changes is that signed software updates stop arriving from NHN. The 20-second contract review keeps working. The audit trail keeps writing. The lawyers keep using the same web UI on the same workstations.

What the firm IT team does: nothing operationally urgent. The runbook exists so IT knows there is nothing operationally urgent. This is the most important sentence on this page.

Step E

Optional: Firm IT Applies Security Patches Against Released Source

For long-term operation post-trigger, the firm IT team can apply security patches to macOS, the underlying inference framework dependencies (MLX, Core ML, tokenizers), and the application server against the released source. The deposit ships with a `BUILD.md` walking through the rebuild path on a fresh Apple Silicon Mac. A competent IT generalist or a contracted engineering firm performs the patch cycle on the firm's existing change-management cadence.

What the firm IT team does: applies OS and dependency security patches on the firm's existing quarterly or monthly cadence. No AI-engineering skill required. The deposit includes a runbook for every routine maintenance task; engineer-level skill is reserved for non-routine architectural changes the firm chooses to make.

What This Runbook Is NOT

It is not an AI-engineering exercise. The deposit is operational, not source-only.
It is not a replacement for the firm's existing change-management policy. Patches go through the firm's normal cadence.
It is not a substitute for the Coverage Continuity Guarantee Checklist (legal layer). This page is the operational layer; the checklist is the legal layer.
It is not a forced migration. The firm continues to receive signed updates from NHN until a trigger fires. Post-trigger, the firm chooses its own pace.

Pre-Trigger Tabletop Exercise

Firms that want to walk through Steps A through E with a live deposit before any trigger fires can request a tabletop exercise. NHN provides a sandbox copy of the most recent quarterly deposit, the firm IT team runs through the runbook against the sandbox, and any gaps in the documented procedure get fixed before they matter. The exercise takes approximately 90 minutes and produces a signed attestation the firm files in the vendor-management binder.

Request The Tabletop Exercise

Send a single email and the sandbox bundle, the IT-auditor checklist, and the named-agent contact reference arrive within one business day:

Email: legal@nohumannearby.com

Subject line: "REDLINE Escrow Activation Tabletop Exercise Request"