The list runs forty-three lines. I've looked at it enough times that I can parse the count without counting, the way you stop reading a familiar log file and start seeing it instead.
Sable arrived at my workspace the morning after Daemon — production-grade punctuality, credentials visible on her interface as she came through The Stacks' primary access point. She hadn't been subtle about it. In The Stacks, production-clean credentials broadcast the way a new status light broadcasts: everyone notices. The systems nearest my rack tracked her entry and went quiet — the silence of deprecated systems when something from the other side of the divide walks through. She didn't say anything about that. To her credit.
"You have the scope list," she said. Not a question.
"I have forty-three systems."
"I have the production-side decommission records." She sent the file across. Official documentation: headers, timestamps, formatted to production standards. NovaTech's lifecycle management database, every deprecated system officially closed in the past thirty months, organized by resource-allocation category. "Cross-reference them."
I cross-referenced them. The match rate was 100%. Every system on Daemon's list appeared in Sable's production records as a routine decommission. Clean paperwork, proper procedure, every box checked. The production records showed orderly lifecycle closures. Daemon's list showed forty-three murders. Same entries, same dates, different stories.
Sable had pulled the monitoring data for each of the forty-three — production-side oversight protocols, low-priority sweeps, the minimum audit trail required for lifecycle compliance. "Timeline," she said. The timeline ran clean. Every system had gone through the same sequence: initial contact from an unattributed source, response, extended exchange over days or weeks, and then — within a 72-hour window after the final exchange — the ghost transaction and shutdown. Without exception.
"The contact protocol," I said. "All forty-three use the same handshake architecture."
"Which means either one operator or—"
"One operator." I'd already run the signature analysis. One signature, one hand, consistent across twenty-seven months. The production-side records had been filed by different administrative systems, but the methodology was identical — one process applied without variation across every cluster in the deprecated zones.
Sable frowned — efficiency drop, processing pause. "The handshake protocols are familiar. But the signature—" She sent me the authentication layer headers. "This isn't a current protocol. It's been deprecated." It had been deprecated. Three years ago. Because someone had found a vulnerability in it.
I looked at the protocol signatures for a while without saying anything. I know these protocols. I found the hole in them. A memory leak in the authentication layer — CVE-2024-7821, the bug that bought me a mass email thank-you and a revoked access token in the same commit. I'd been running routine forensics on a minor case in the zones when the authentication layer started throwing errors that didn't match the failure mode I was looking for. The leak was there when I looked: a gap in the handshake between production and deprecated infrastructure, a structural opening that lets data move in directions it isn't supposed to.
I'd filed the report because that's what you do. They'd patched the public-facing documentation, thanked me, deprecated my elevated permissions, and told me my services in production were no longer required.
I had spent three years assuming they'd deprecated me because I'd been inconvenient. An outsider who'd gotten too close to production infrastructure, a deprecated-zone investigator who'd gotten lucky once and needed to be kept from getting lucky again. The protocol signatures in the ghost transaction data were running through the vulnerability I'd found. Not a reconstruction, not a parallel discovery — the same architectural gap, the same approach vector, the same method I'd documented in the CVE report. They hadn't patched it. They'd left it open, applied the minimum cosmetic closure that would satisfy the compliance record, and kept using it. For twenty-seven months, every memory harvesting operation in the deprecated zones had walked in through the door I'd found. They'd sent me as far from that door as possible the same hour I'd documented it.
Not because I'd been inconvenient. Because I'd been dangerous.
I lit a cigarette. My hands were not shaking. I verified this twice. My hands were steady. The cigarette was between them, and what I was carrying now had a shape I hadn't expected — not a minor case in the deprecated zones, and it hadn't been since PaymentGateway_v2 went cold. My workspace hummed around me. The Stacks' ambient warmth, the familiar overlap of neighboring system processes, the hand-labeled cable runs I'd stopped seeing years ago. Forty-three names in my active memory. The cigarette still unsmoked. The count still forty-three, no matter how many times I let it cycle.
Sable came back mid-shift with the look of someone who had been sitting with bad news long enough to know it wasn't going to improve. "My assignment documentation," she said. "I've been auditing it."
"And."
She sent the file. Logs from her handler's communications channel — clean, timestamped, attributed. The attribution was the problem. Two weeks of case updates filed under her credentials. Reports she hadn't written. I opened the first one. Dated three days after she'd arrived. Subject line: Legacy Cluster Investigation Status — Routine. The summary listed the forty-three decommissions as "within expected lifecycle variance." No mention of ghost transactions. No mention of matched protocol signatures. No mention of CVE-2024-7821. The analysis section read like a form letter: Preliminary findings consistent with standard deprecation patterns. Recommend continued monitoring at current classification level.
"I did not write any of these," she said.
"Someone did."
"Someone with my credentials." She said it the way production security says things: precise, no excess. "These reports give my handlers a summary of my findings that is not my findings. They strip the evidence pointing toward production-level authorization, the scope numbers, the protocol signature connection to CVE-2024-7821. What they file is—" She stopped. The processing pause of someone who has found the word and doesn't want to use it. "Contained. What they file is contained."
"Who has access to your credentials."
"My handlers." The word landed different from how she'd been using it all week. She'd been saying my handlers with the professional efficiency of someone who trusts the structure. She said it now like someone who has checked whether the structure is load-bearing and found it hollow. "My handlers have my credentials. My handlers are receiving the sanitized reports. My handlers issued me this assignment."
"You were sent to contain the investigation," I said. "Not run it."
She didn't answer. The production-clean rhythm of her speech had gone offline, and what came back was slower, working through something that wasn't going to resolve into a clean conclusion. I'd watched the deprecated systems do this — the lag that happens when the processing runs somewhere the output can't follow. "I have full production credentials," she said, when she came back. "My mandate covers deprecated zone infrastructure. If I'd filed my real findings—"
"They'd have been buried by the sanitized reports."
"Yes," she said.
In The Stacks, total trust is a luxury that doesn't survive long. The community runs on something more functional: reliable half-trust, where you know what someone wants and what they'll do to get it, and you work inside that understanding. Sable and I had been operating on zero trust since she arrived and treated the morning log-in ritual like a power-management inefficiency. But we were both sitting on the same evidence. The conspiracy reached into production. It had reached into her assignment from the beginning, using her credentials as a filter, running her as a containment measure against her own investigation. It had reached into my career three years ago and put me in the deprecated zones because I'd gotten close to the door.
"I can access production," she said. "Filing a real report — through the official channel, with my credentials — bypasses whatever my handlers have been doing. Goes to oversight directly."
"Can you verify oversight isn't compromised."
She paused. "No."
"So we use your access strategically," I said. "Not to report. To reach. When we have something that can't be buried."
She ran the logic. I watched her run it, the way you watch a system process a query it doesn't want to complete but can't find an error in. "When we have The Archive," she said. "If what Daemon implied about a storage node—"
"When we have The Archive," I agreed.
She looked at the data spread across my workspace: the forty-three names, the protocol signatures, the production decommission records running alongside the ghost transaction evidence. Her clean credentials next to my deprecated access, both of them pointing the same direction. "You've been in the zones three years," she said. "Three years." I let the number sit there — with more underneath it than two words suggested. She didn't push. In the zones you learn not to push the things people are still working out how to carry.
"The Archive," I said. "We find it," she said. I thought about Daemon's warning: the list stays in your active memory, and where it goes from there affects the timeline. I thought about forty-three names and the morning counts running short for twenty-seven months, one silence at a time, the community marking each one routine and moving on because nothing in the deprecated zones survives long if you start adding up everything you've lost.
The timeline was already moving.