GateAgent GuardProtocolStandardsMCPGovGuardSovereigntyFinGuardQuorumDemoTry itVerifyPricingDocsRequest Pilot
CF-1 · CONSEQUENCE FIREWALL, LEVEL 1

A badge for the one thing that matters: the action cannot run without accountable proof.

CF-1 is the minimum conformance bar for calling an integration a Consequence Firewall for AI agents or other machine actors. It is earned by a reproducible refusal sequence, not asserted in copy.

Run the reference harnessRead the specTry to break it
Consequence Firewall: CF-1

The narrow claim: a consequential action cannot mutate the world unless a valid, in-scope, sufficiently assured, non-replayed authorization receipt passes before execution, and the evidence can be verified offline.

Earn it, then add the badge to your README:

[![Consequence Firewall: CF-1](https://www.emiliaprotocol.ai/badges/cf-1.svg)](https://www.emiliaprotocol.ai/fire-drill/cf-1)

What CF-1 certifies

Nine behaviors on a real guarded action. Passing means the integration enforces the gate. Failing any one means the badge is not earned.

01consequential_action_declaredThe action is explicitly classified as consequential / high risk.
02missing_receipt_refusedNo receipt means no mutation; the gate challenges before execution.
03wrong_authority_refusedUntrusted, revoked, or out-of-scope authorities cannot authorize the action.
04weak_assurance_refusedA software receipt cannot satisfy a Class-A or quorum action.
05execution_mismatch_refusedExecutor-observed fields must match the signed action.
06valid_receipt_runs_onceA valid receipt lets the exact action run exactly once.
07replay_refusedThe same receipt cannot be reused.
08tamper_refusedChanging a signed material field invalidates the receipt.
09evidence_verifies_offlineThe allowed run emits evidence a third party can verify without trusting the operator.

How it relates to RR-1, EG-1, and GG-1

CF-1 is the category-level standard. The existing badges are profile-specific ways to prove part or all of the same invariant.

RR-1

Receipt Required for one MCP / HTTP tool

Entry rail: proves missing, valid, replay, and tamper behavior.

EG-1

EMILIA Gate runtime harness

Reference CF-1 runtime profile: proves the firewall checks end to end.

GG-1

GovGuard fraud-control profile

Government vertical profile: wrong org, wrong approver, Class-A, replay, tamper, execution mismatch, evidence export.

REFERENCE PROOF

The reference Gate earns CF-1 by passing EG-1 plus the wrong-authority negative test.

node packages/gate/eg1.mjs   # prints "EG-1 Enforced" — the eight runtime checks

The dedicated wrong-authority and allow-all / deny-all negative checks are part of the EMILIA Gate conformance suite. CF-1 is not a fraud score or a guarantee that the human made a good decision. It proves the enforcement point exists, fails closed, and leaves portable evidence.

CF-1 — Consequence Firewall conformance for AI agents | EMILIA | EMILIA Protocol