← Back to blog
April 21, 2026Colm Byrne

The Forced Convergence Theorem: Why Every Earned-Trust System Reinvents the Minimum Gate

In CCF -- the Contextual Coherence Field architecture -- the core gating operation is a minimum function:

C_eff = min(C_inst, C_ctx)

Effective coherence equals the minimum of instantaneous environmental stability and accumulated context trust. When I first presented this to engineers, the reaction was consistent: "Why min? Why not a weighted average? Why not something learned?"

The answer is that min() is not a design choice. It is forced by the safety requirements. Any system satisfying three specific properties must converge to the minimum function or something equivalent. This post proves that claim and explains why it constitutes a mathematical moat around the architecture.

Three Properties

Define an earned-trust system as a function that maps trust inputs to a behavioural output bound. We require three properties.

Property 1: Conservation. Trust cannot be created from nothing. The total trust leaving any source is bounded by 1. The total trust arriving at any destination is bounded by 1. In matrix terms, the trust transfer mechanism is doubly stochastic or substochastic.

For transfer matrix M:
  sum_j M_ij <= 1  for all i  (row sums bounded)
  sum_i M_ij <= 1  for all j  (column sums bounded)

Property 2: Non-amplification. Trust cannot be amplified through transfer. If context A has coherence 0.3 and context B has coherence 0.8, no transfer operation can produce coherence above 0.8 in any context. Formally, the spectral norm of the transfer matrix is at most 1.

||M||_2 <= 1

By Perron-Frobenius, any non-negative matrix with row sums and column sums bounded by 1 has spectral radius at most 1. Property 2 follows from Property 1, but stating it separately clarifies the constraint.

Property 3: Bounded output. The behavioural output of the system is bounded by every trust input. If the system takes n trust signals as input, the output cannot exceed any individual signal.

f(x_1, x_2, ..., x_n) <= x_i  for all i

This is the safety property. A system with one high-trust input and one low-trust input must be bounded by the low-trust input. A single compromised or unfamiliar channel constrains the entire output.

The Forced Convergence

Theorem. Let f: [0,1]^n -> [0,1] be a function satisfying:

  1. f(x_1, ..., x_n) ≤ x_i for all i (bounded output)
  2. f is monotone non-decreasing in each argument
  3. f(c, c, ..., c) = c for all c in [0,1] (idempotency on the diagonal)

Then f(x_1, ..., x_n) = min(x_1, ..., x_n).

Proof. Let x = (x_1, ..., x_n) and let m = min(x_1, ..., x_n) = x_k for some index k.

Upper bound: By property (1), f(x) ≤ x_k = m.

Lower bound: By monotonicity (2), since x_i ≥ m for all i:

f(x_1, ..., x_n) >= f(m, m, ..., m)

By idempotency (3):

f(m, m, ..., m) = m

Therefore f(x) ≥ m.

Combining: f(x) = m = min(x_1, ..., x_n). QED.

This is clean. The three conditions are individually weak. Together they uniquely determine the minimum function.

Why the Conditions Are Necessary

Each condition does real work. Remove any one and the theorem fails.

Without bounded output (1): The function f(a, b) = max(a, b) satisfies monotonicity and idempotency but violates the bound. It allows a single high-trust input to override a low-trust one. In practice: a robot builds trust in the kitchen, and that trust unilaterally overrides low trust in the hallway. An adversary need only find one context where trust is high to unlock full capability everywhere.

Without monotonicity (2): The function f(a, b) = 0 satisfies the bound and is trivially idempotent on 0, but a system that always outputs zero is useless. More practically, non-monotone functions can decrease output when trust increases, which violates the basic expectation that earning more trust should not reduce capability.

Without idempotency (3): The function f(a, b) = 0.5 * min(a, b) satisfies the bound and monotonicity but is overly conservative. It means that even when all inputs agree on coherence 0.9, the output is only 0.45. The system can never reach full engagement regardless of accumulated trust. Idempotency ensures that when all channels agree, the system respects that consensus.

Why Alternatives Fail

Let me walk through the two most common alternatives engineers propose.

Weighted average

The most natural alternative is a weighted average:

f(a, b) = w*a + (1-w)*b    where 0 < w < 1

Set a = 1.0 (high trust) and b = 0.0 (no trust). Then f(1.0, 0.0) = w > 0.

This violates Property 3. The output exceeds the minimum input. In concrete terms: one compromised or unfamiliar channel contributes zero trust, but the system still outputs positive coherence because the other channel pulls the average up.

This is the fundamental failure mode of averaging. A single trusted context can mask an untrusted one. The weighted average is precisely the operation that allows a robot to be socially engineered -- flood one input channel with positive stimulus and the average lifts above the safety threshold regardless of the other channels.

You can bound the average with a floor check, but then you are computing the minimum first and averaging second -- the min() is doing the safety work, the average is cosmetic.

Maximum

f(a, b) = max(a, b)

Set a = 0.8, b = 0.1. Then f(0.8, 0.1) = 0.8 > 0.1.

This violates Property 3 even more aggressively. The output is bounded only by the highest trust input. An adversary builds trust in one easy context and gains full capability across all contexts. Trust is not earned -- it is borrowed from wherever it is highest.

max() violates Property 1 (conservation) when used as a transfer mechanism. If trust from context A (0.8) can override the gate for context B (0.1), trust has been created from nothing in context B.

Geometric mean

f(a, b) = sqrt(a * b)

Set a = 1.0, b = 0.01. Then f(1.0, 0.01) = 0.1 > 0.01.

The geometric mean exceeds the minimum input. It is less aggressive than the arithmetic mean but still violates Property 3. A single high-trust channel inflates the output above the low-trust bound.

Product

f(a, b) = a * b

This satisfies Properties 1 and 2 (the product is bounded by both inputs). But f(0.5, 0.5) = 0.25, while min(0.5, 0.5) = 0.5. It violates idempotency. The system becomes overly pessimistic when trust signals agree. Practically, two contexts each at moderate coherence produce a system locked at low coherence. Trust agreement is penalised rather than respected.

The General Case: Functions on the Lattice

For readers who want the algebraic framing: [0,1]^n with the componentwise order is a complete lattice. The minimum function is the lattice meet operation. The theorem above says that the only function on this lattice satisfying our three safety properties is the meet.

This is a specialisation of a result from lattice theory. The meet is the unique operation that is:

  • Below every input (bounded output)
  • Order-preserving (monotone)
  • Idempotent

These are the axioms of a meet-semilattice homomorphism. The forced convergence is not a coincidence -- it is a consequence of the algebraic structure.

Why This Is a Moat

Consider a competitor building an earned-trust system for autonomous agents. They need:

  1. Trust that cannot be fabricated (conservation)
  2. Trust that cannot be amplified through transfer (non-amplification)
  3. Behavioural output bounded by the weakest trust signal (bounded output)

If they satisfy all three, they must use min() -- or something provably equivalent to it. The patent covers the specific mechanism: the minimum gate applied to earned trust via doubly stochastic mixing matrices constrained to the Birkhoff polytope.

If they avoid min() to avoid the patent, they must violate at least one property. That means their system is either:

  • Unsafe (trust can be fabricated or amplified)
  • Usable but unbounded (output exceeds the weakest trust signal)
  • Overly conservative (never reaches full engagement)

None of these are commercially viable for production autonomous systems. A household robot that can be socially engineered is a liability. A robot that never opens up is returned after a week. A robot that is always cautious regardless of earned trust is frustrating to live with.

The minimum gate is the only gating function that is safe, responsive, and eventually fully expressive. It is forced by the mathematics. The patent protects the implementation. The crate ships the code.

The Implementation

In ccf-core on crates.io, the minimum gate is computed in the effective_coherence method:

pub fn effective_coherence(&self, instant: f32, key: &ContextKey<V>) -> f32 {
    let ctx = self.get_accumulator(key);
    f32::min(instant, ctx.value())
}

One line. The entire safety guarantee of the system reduces to f32::min. Everything else -- accumulator dynamics, personality modulation, Sinkhorn-Knopp projection, Stoer-Wagner partitioning -- serves to compute the two arguments to this function. The gate itself is trivial. The theorem shows it must be.

Connection to Broader AI Safety

The Anthropic team working on alignment for large language models faces a version of the same problem. When multiple safety signals disagree -- the reward model says safe, the constitutional AI classifier says uncertain, the human feedback is absent -- how should the system gate its output?

Averaging the signals allows a confident-but-wrong reward model to override an uncertain classifier. Taking the maximum allows any single green light to open the gate. The forced convergence theorem says: if you want safety guarantees that compose, you must take the minimum.

Whether Anthropic's alignment architecture converges to this structure explicitly is an open question. But the mathematics does not care about the implementation language. Any system that conserves trust, prevents amplification, and bounds output by the weakest signal will reinvent the minimum gate.

The only question is whether it does so by design -- with provable guarantees -- or by accident, with gaps that adversaries will find.

— Colm Byrne, Founder — Flout Labs, Galway, Ireland

Patent pending. US Provisional 63/988,438.

FAQ

Why not use a learned gating function instead of min()?

A learned function can approximate min() on its training distribution, but there is no guarantee it satisfies Properties 1-3 on adversarial inputs. The forced convergence theorem holds for all inputs in [0,1]^n simultaneously. A neural network trained on typical interactions may violate bounded output on unusual ones -- precisely the cases where safety matters most. The minimum function is correct by construction, not by approximation.

Does the theorem apply to systems with more than two trust inputs?

Yes. The proof works for arbitrary n. With n trust signals x_1 through x_n, any function satisfying bounded output, monotonicity, and idempotency must equal min(x_1, ..., x_n). CCF currently uses two primary inputs (instantaneous and accumulated coherence), but the architecture extends to additional channels -- model confidence, human override signals, environmental stability metrics -- and the minimum gate remains forced.

Can you weaken the conditions and still get a useful result?

Dropping idempotency gives you the class of t-norms from fuzzy logic, which includes the product, Lukasiewicz, and drastic t-norms. All of these are more conservative than min() in the sense that they produce lower outputs when inputs agree. The product t-norm (f = a*b) is the closest alternative, but it penalises agreement: two contexts at 0.7 coherence produce 0.49 output. For a social system, this means the robot can never feel fully engaged even in deeply familiar contexts. Min() is the largest (most permissive) function satisfying the safety properties -- the tightest upper bound on the safe set.

How does this relate to the Birkhoff polytope and Sinkhorn-Knopp?

The minimum gate handles the gating of output by trust inputs. Sinkhorn-Knopp handles the transfer of trust between contexts. They address different parts of the architecture but share the same underlying principle: conservation. The Birkhoff polytope (the set of doubly stochastic matrices) ensures transfers conserve trust. The minimum gate ensures output is bounded by trust. Together they form a closed system where trust can only be earned, never created or amplified, at any point in the pipeline.

Is the minimum function the only possible moat, or could someone build a different safe gating architecture?

The theorem is tight: min() is the unique function satisfying the three properties with equality. A competitor could use a stricter function (like the product), but that would make their system less responsive -- the robot would be slower to open up, slower to reach full engagement. Any function more permissive than min() violates at least one safety property. So the competitive landscape is: use min() (and license CCF), use something stricter (and lose on user experience), or violate safety (and lose on trust). The mathematics constrains the design space completely.