Trust a machine can prove, step by step, over time.
CCF is a trust gate for robots and AI agents that act in the world: behaviour is bounded by hard min-gates, QAC updates, and per-step runtime certificates.
v1 is published as Rust crates and has run on Seed-class ARM hardware with driver-fed input.
The framework
Three primitives. One bounded claim.
Hard min-gate
The weaker signal sets the ceiling
CCF does not let capability outrun evidence. Effective coupling is bounded by the weaker of instantaneous and contextual trust signals.
QAC trust update
Trust moves through a canonical update
The core updates strict-positive matrices through the published QAC path, so the trust state has a law the runtime can check.
Runtime certificate
Every step can be checked
The runtime computes kappa_hat_t, E_t, dynamic floor, threshold, and fail-closed status from the actual update matrices.
What has been shown
Computed certificate runtime on ARM hardware
Branch-protected Gate C installed the v1 runtime on real Seed-class armv7l hardware and checked that the served certificate was computed, evolving, and cross-consistent.
That is a bounded claim: driver-fed runtime input on real ARM hardware. It is not a claim of live sensor ingestion, live Cognitum store validation, or a completed mBot2 earned-trust demo.
Evaluate the crate →Social phase model
Every agent starts as a ShyObserver
Social phase is determined by two axes: instantaneous coherence and accumulated context coherence.
Ready to evaluate the v1 core?
CCF is available as Rust crates on crates.io. The core crate is no_stdand the agent crate serves the computed runtime certificate surface used by Gate C.