Learning Objectives
By the end of this module, you will be able to:
- Name and describe VCP's core components (bundles, tokens, verification, attestation)
- Read a CSM-1 token and understand what it encodes
- Trace the lifecycle of a constitutional value from authoring to AI application
- Explain how VCP ensures integrity without requiring trust in any single party
2.1 — The Bundle: VCP's Core Unit
A VCP bundle is a signed package containing:
- Content: The constitutional text itself (principles, rules, guidance)
- Manifest: Metadata — who authored it, when, what version, content hash, expiry, token budget
- Signatures: Cryptographic proof from the issuer and (optionally) a safety attestation from an independent auditor
Bundles are immutable. You don't edit a bundle; you issue a new version and revoke the old one. This creates a tamper-evident history of value changes.
Here is an annotated example of a minimal bundle manifest (JSON):
{
"vcp_version": "3.1",
"bundle": {
"id": "b_healthcare_v3",
"version": "3.0.0",
"content_hash": "sha256:a1b2c3d4...",
"content_encoding": "utf-8",
"content_format": "markdown"
},
"issuer": {
"id": "org:mercy_hospital",
"public_key": "ed25519:...",
"key_id": "key_mercy_2026"
},
"timestamps": {
"iat": "2026-02-28T12:00:00Z",
"nbf": "2026-02-28T12:00:00Z",
"exp": "2026-08-28T12:00:00Z",
"jti": "550e8400-e29b-41d4-a716-446655440000"
},
"budget": {
"token_count": 2048,
"tokenizer": "cl100k_base",
"max_context_share": 0.15
},
"safety_attestation": {
"auditor": "auditor:ethics_board",
"auditor_key_id": "key_ethics_2026",
"reviewed_at": "2026-02-27T10:00:00Z",
"attestation_type": "FULL_AUDIT",
"signature": "ed25519:..."
},
"signature": {
"algorithm": "ed25519",
"value": "...",
"signed_fields": ["bundle", "issuer", "timestamps", "budget"]
}
}2.2 — CSM-1: The Compact State Message
DEV CSM-1 (Constitutional Semantics Mark 1) is VCP's token format — a compact, machine-readable encoding of constitutional identity. Think of it as a fingerprint for a value configuration.
Format: {persona}{level}[+scopes][:namespace][@version]
Personas define the constitutional archetype:
| Code | Persona | Role |
|---|---|---|
| N | Nanny | Protective, child-safe |
| Z | Sentinel | Security-focused monitoring |
| G | Godparent | Guidance and mentorship |
| A | Ambassador | Cross-cultural communication |
| M | Muse | Creative exploration |
| D | Mediator | Conflict resolution |
| C | Custom | User-defined persona |
Level (0–5): Intensity of the persona's influence (0 = disabled, 5 = maximum).
Scopes define which life domains the constitution covers:
| Code | Scope |
|---|---|
| F | Family |
| W | Work |
| E | Education |
| H | Health |
| I | Finance |
| L | Legal |
| P | Privacy |
| S | Safety |
| A | Accessibility |
| V | Environment |
| G | General |
Examples:
N5+F+E— Nanny persona at maximum intensity, covering family and educationZ3+P:SEC— Sentinel at level 3, privacy scope, security namespaceG4@1.0.0— Godparent at level 4, version 1.0.0M2+W+G— Muse at level 2, work and general scopes
CSM-1 tokens enable quick matching: "Does this AI system support the constitution I want to use?" without transmitting the full constitutional text.
Try it yourself: The VCP Inspector lets you decode and encode CSM-1 tokens interactively. Paste any token into the Decode tab to see its layer-by-layer breakdown, or use the Encode tab to build tokens with live preview.
2.3 — Verification: Trust Without Faith
When an AI system receives a VCP bundle, it doesn't just trust it. The verification pipeline checks:
- Schema validity — Does the manifest have all required fields?
- Size limits — Is the manifest/content within acceptable bounds?
- Issuer trust — Is this signed by a trusted issuer?
- Signature validity — Does the cryptographic signature verify?
- Auditor trust — Is the attestation from a trusted auditor?
- Attestation validity — Does the auditor's signature verify?
- Content integrity — Does the content match its hash?
- Temporal validity — Is the bundle within its valid time window?
- Replay protection — Has this exact JTI been seen before?
- Scope matching — Does the bundle match the required model/purpose/environment?
- Budget compliance — Does the content fit within the model's context budget?
- Revocation status — Has this bundle been revoked?
Use the VCP Inspector's Capability tab to simulate capability negotiation and see how VCP-Hello/VCP-Ack exchanges work.
Result: one of 18 verification states, grouped by severity:
| Category | States | Response |
|---|---|---|
| Security (reject immediately) | INVALID_SIGNATURE, HASH_MISMATCH, REPLAY_DETECTED, INVALID_ATTESTATION, UNTRUSTED_ISSUER, UNTRUSTED_AUDITOR | Do not apply this bundle |
| Temporal (fetch fresh bundle) | EXPIRED, NOT_YET_VALID, REVOKED, FUTURE_TIMESTAMP | Request a current bundle |
| Configuration (fix setup) | INVALID_SCHEMA, SIZE_EXCEEDED, SCOPE_MISMATCH, BUDGET_EXCEEDED, TOKEN_MISMATCH | Adjust configuration |
| Transient (retry) | FETCH_FAILED, VERIFICATION_TIMEOUT | Retry or use fallback |
| Success | VALID | Safe to apply |
GOVERNANCE This verification model means organisations can prove which values were active during any AI interaction — critical for compliance, audit, and accountability.
2.4 — The Value Lifecycle
End-to-end flow:
Author constitution → Sign bundle → Publish →
AI system fetches → Verifies → Injects into context →
AI responds guided by values →
Audit trail records what was activeAt any point: revocation can invalidate a bundle, attestation can add third-party verification, and context adaptation can adjust how the values are applied based on the situation.
VCP is a trust architecture. Values are authored, signed, verified, applied, and audited with cryptographic integrity at every step.