CCDD
Context Contract-Driven Development

Your prompts and policies are loose text.
CCDD puts them under contract.

Como TDD pone el test primero — CCDD pone el contrato de contexto primero. Lo verificable lo revisa una máquina; lo opinable, un humano.

00 · The problem

The context is the least-governed part of the stack

Your prompts, policies and guardrails live as loose, unversioned text scattered across files. Nothing stops a well-meaning edit from quietly demoting a safety policy, dropping a guardrail, or letting an untrusted source outrank a signed rule.

CCDD turns that context into a contract — a versioned context.yaml with signatures, a CI gate that blocks context regressions, quorum governance for policy changes, and a reproducible audit. The verifiable half is checked by a machine; the judgment half stays a human's call.

01 · The hybrid contract

Two layers, one document

Verifiable → the gate

Slots with priorities, mandatory floors, signed static content, declared guardrails. All of it machine-checkable: a script decides if a change weakened the context, deterministically, the same way every run.

Judgeable → the human

Whether a rewritten policy still "reads right", whether a change of tone is acceptable — that stays a person's call, recorded as a signed sign-off. The model informs; it does not decide.

02 · Three levels

From contract to running context

Each level is a machine check; nothing ships on the model's word.

L1

Contract & sign

Declare the context as data, lint it against the schema, and sign the static slots (Ed25519). Edit a signed slot and the seal breaks.

L2

Regression gate

On every change, nine deterministic rules (R1–R9) block the merge if the context posture degraded — with quorum governance for policy edits.

L3

Assemble & audit

At runtime, assemble the payload by priority, run the guardrails, and emit a reproducible record — replayable byte-for-byte.

03 · The regression gate

A weakened context freezes the merge

The diff is read by a script.
Not by an LLM. Nine rules compare the proposed contract against the baseline.
A demoted policy is a regression.
Priority degraded, a lost signature, a deleted guardrail — each one blocks the merge (exit 1).
Only a signed change passes.
A policy edit needs a quorum of registered reviewers' Ed25519 signatures before it's allowed through.
04 · By the numbers

By the numbers, as of this file

Spec v0.3 (Draft) with an executable reference implementation. Every figure is checked into the repository.

9deterministic regression rules (R1–R9)
3levels: contract, gate, assembly
51tests green in the reference impl
0LLM calls to reach a verdict
2domains it was validated on
05 · The boundary

What CCDD governs, what it doesn't

The honest scope is part of the method. CCDD controls context integrity — not full agent security.

It governs

  • That a safety policy can't be silently demoted, unsigned or dropped
  • That a static slot's signed content hasn't changed without a re-sign
  • That an untrusted dynamic source can't outrank a signed policy by priority
  • That policy changes carry a quorum of reviewer signatures

It does not

  • Stop an injection that legitimately fits inside the context — that's the model's own robustness
  • Secure the agent's tool actions or side effects
  • Vouch for the truth of external sources it assembles

Read the contract yourself

MIT-licensed. Every claim on this page is checked into the repository that backs it.

— Mauricio Perera