A badge for the one thing that matters: the action cannot run without accountable proof.
CF-1 is the minimum conformance bar for calling an integration a Consequence Firewall for AI agents or other machine actors. It is earned by a reproducible refusal sequence, not asserted in copy.
The narrow claim: a consequential action cannot mutate the world unless a valid, in-scope, sufficiently assured, non-replayed authorization receipt passes before execution, and the evidence can be verified offline.
Earn it, then add the badge to your README:
[](https://www.emiliaprotocol.ai/fire-drill/cf-1)
What CF-1 certifies
Nine behaviors on a real guarded action. Passing means the integration enforces the gate. Failing any one means the badge is not earned.
How it relates to RR-1, EG-1, and GG-1
CF-1 is the category-level standard. The existing badges are profile-specific ways to prove part or all of the same invariant.
Receipt Required for one MCP / HTTP tool
Entry rail: proves missing, valid, replay, and tamper behavior.
EMILIA Gate runtime harness
Reference CF-1 runtime profile: proves the firewall checks end to end.
GovGuard fraud-control profile
Government vertical profile: wrong org, wrong approver, Class-A, replay, tamper, execution mismatch, evidence export.
The reference Gate earns CF-1 by passing EG-1 plus the wrong-authority negative test.
node packages/gate/eg1.mjs # prints "EG-1 Enforced" — the eight runtime checks
The dedicated wrong-authority and allow-all / deny-all negative checks are part of the EMILIA Gate conformance suite. CF-1 is not a fraud score or a guarantee that the human made a good decision. It proves the enforcement point exists, fails closed, and leaves portable evidence.