{ "access": "public", "type": "reference", "format": "markdown", "title": "Cognitive Trust Certificates", "chunked": true, "url": "https://library.datagrout.ai/cognitive-trust-certificates", "summary": "**Cryptographic proof that a workflow plan has been verified before execution**", "content_markdown": "# Cognitive Trust Certificates\n\n**Cryptographic proof that a workflow plan has been verified before execution**\n\nA Cognitive Trust Certificate (CTC) is issued when the planning engine verifies a multi-step workflow. It proves the plan was checked for correctness, safety, and compliance before any tool ran. After execution, runtime assurances are appended to confirm the plan behaved as expected.\n\nThe full formal treatment — including cryptographic architecture, proof structure, and enterprise implications — is in the lab paper: [Cognitive Trust Certificates: Verifiable Execution Proofs for Autonomous Systems](https://labs.datagrout.ai/papers/ctc).\n\n---\n\n## What a CTC Proves\n\n### Compile-Time Assurances\n\nBefore execution begins, the planning engine verifies that the workflow:\n\n- **Terminates** -- the plan contains no cycles and will complete in finite steps.\n- **Is type-safe** -- every output feeds into a compatible input, with adapters inserted where needed.\n- **Complies with policy** -- no step violates side effect controls, destructive operation rules, or budget limits.\n- **Has available credentials** -- every integration in the plan has valid authentication configured.\n- **Consumes all inputs** -- required data flows through the plan without dangling unused steps.\n- **Executes deterministically** -- given the same inputs, the plan produces the same sequence of operations.\n\nIf any check fails, no CTC is issued and the plan does not execute. The system returns a specific explanation of what failed and why.\n\n### Runtime Assurances\n\nAfter execution completes, the CTC is extended with:\n\n- **Execution proof** -- confirmation that each step ran and returned a result.\n- **Budget sufficiency** -- actual credits consumed stayed within the estimated bounds.\n- **Statistical profile** -- summary of data volumes, latencies, and error rates observed during execution.\n- **Drift detection** -- whether the runtime behavior matched compile-time expectations, or if any step diverged from the plan.\n\nRuntime assurances turn a CTC from a \"plan looks correct\" proof into a \"plan ran correctly\" proof.\n\n---\n\n## How CTCs Are Created\n\nCTCs are generated automatically during workflow planning. When you use `discovery.plan` or `flow.into` to build a multi-step workflow, the planning engine validates the plan and, if it passes all checks, issues a CTC.\n\n```\nGoal -> Planning Engine -> Validated Plan + CTC\n```\n\nYou do not request a CTC explicitly. It is a byproduct of successful planning.\n\nIf the plan cannot be verified, you get a structured failure response explaining which checks did not pass.\n\n---\n\n## Skills: Verified Workflows You Can Reuse\n\nA **skill** is a workflow that has been verified, executed successfully, and saved for reuse. Skills retain their CTC, so they execute without re-verification on subsequent runs.\n\n### Creating a Skill\n\nBuild a workflow through guided discovery or planning, execute it, and save it:\n\n```python\n# Via Guide Mode: complete the workflow, then compile to skill\nsession = client.guide(goal=\"sync leads to invoices\")\n# ... navigate choices ...\nskill = client.guide(save_as_skill=True, skill_name=\"lead_invoice_sync\")\n```\n\nOr via the Playground: complete a workflow, then click **Save as skill**.\n\n### Running a Skill\n\n```python\nresult = client.call_tool(\"skills@1/lead_invoice_sync@1\", {\n \"invoice_amount\": 1500\n})\n```\n\nSkills execute the exact sequence of tools recorded during creation. No re-planning, no re-verification. The CTC from the original run carries forward.\n\n### When Skills Re-Verify\n\nIf the underlying integrations change (tools added, removed, or schemas updated), the skill's CTC is invalidated. The next execution triggers re-verification. If the plan still passes all checks, a new CTC is issued transparently. If it fails, you get a clear error explaining what changed.\n\n---\n\n## Cryptographic Integrity\n\nEvery CTC is signed with **Ed25519** by the DataGrout Certificate Authority (DG CA). The signature covers the certificate's immutable fields — id, plan hash, assurances, timestamp, and child certificate IDs — so any modification invalidates it. When a workflow produces multiple CTCs (e.g., refraction and charting), the child certificate IDs are included in the parent signature, making the entire chain tamper-evident.\n\nSignatures can be verified with the DG CA public key, available at `GET /ca.pem` and embedded in the Conduit SDK. See [Policy and Security: Cryptographic Signing](policy-security) for full details on the signing architecture.\n\n---\n\n## What a CTC Looks Like\n\nWhen CTC details are enabled in your [Interaction Settings](interaction-settings), every tool call response includes a `_meta.datagrout.ctc` object:\n\n```json\n{\n \"result\": { \"workflow_id\": \"wf_abc123\", \"status\": \"completed\" },\n \"_meta\": {\n \"datagrout\": {\n \"ctc\": {\n \"id\": \"ctc_7f3a9b2e\",\n \"viewer_url\": \"https://datagrout.ai/ctc/ctc_7f3a9b2e\",\n \"valid\": true,\n \"assurances\": {\n \"no_cycles\": true,\n \"type_safe\": true,\n \"policy_compliant\": true,\n \"credentials_available\": true,\n \"all_inputs_consumed\": true,\n \"deterministic\": false\n },\n \"issued_at\": \"2026-03-09T14:30:00Z\",\n \"expires_at\": \"2026-06-07T14:30:00Z\",\n \"plan_hash\": \"sha256:e3b0c44298fc1c149afb...\"\n },\n \"execution_summary\": \"Completed 3-step workflow. Cost: 4 credits. CTC ctc_7f3a9b2e valid.\",\n \"receipt\": {\n \"receipt_id\": \"rcp_a1b2c3d4\",\n \"actual_credits\": 4,\n \"balance_after\": 9411\n }\n }\n }\n}\n```\n\n`deterministic: false` here means one step called an external API whose response can vary — the plan is structurally valid, but the output isn't guaranteed identical across runs. The `viewer_url` can be shared with anyone (no account required) to inspect the full certificate, assurances, and proof trace.\n\n---\n\n## CTC Viewer\n\nCTCs are shareable. You can generate a viewer link that lets anyone inspect a certificate, including:\n\n- The workflow steps and their order\n- Which assurances passed at compile time\n- Which runtime assurances were recorded\n- The Ed25519 signature and verification status\n- The timestamp and issuing server\n\nUse the CTC viewer to prove to auditors, customers, or collaborators that a workflow was verified before execution. No account is required to view a shared certificate.\n\n---\n\n## Why CTCs Matter\n\n**Without verification**: Agents chain tool calls at runtime. If a type mismatch, missing credential, or policy violation exists, you find out when it fails -- after partial execution, with side effects already committed.\n\n**With CTCs**: Every check happens before the first tool runs. If the plan has a CTC, the failure surface is limited to upstream API errors, not planning mistakes.\n\nUse CTCs when:\n\n- **Compliance** requires proof that agent workflows were validated before execution.\n- **Trust** matters -- you need to show customers or auditors that an agent did not act arbitrarily.\n- **Debugging** a failure -- the CTC confirms the plan was correct, narrowing the issue to upstream behavior.\n- **Reuse** -- save verified workflows as skills and skip re-verification.\n\n---\n\n## Related\n\n- [Guide Mode](guide-mode) -- Build workflows interactively and compile them into skills\n- [Policy and Security](policy-security) -- The policy rules that CTCs verify against\n- [Core Concepts: CTCs](core-concepts) -- CTC overview\n- [Semio Types](semio) -- The type system that CTCs use for type-safety proofs\n- [Lab paper: CTCs](https://labs.datagrout.ai/papers/ctc) -- Full cryptographic architecture and enterprise implications\n" }