Bound DocsPublish Your First Certificate
Step-by-step guide for operators to create and publish a containment certificate.
CCP contracts are live on Hedera Testnet. See Deployed Contracts for addresses.
Overview
As an agent operator, you publish a containment certificate to prove to counterparties that your agent's worst-case economic impact is bounded and backed.
Prerequisites
- An AI agent with an on-chain address (EOA or smart account)
- A Ledger device for hardware-attested certificate signing
- Containment smart contracts deployed —
SpendingLimit(with Ledger co-signer) andReserveVault - Reserve funds (USDC) deposited in the ReserveVault
- At least one auditor willing to stake and attest to your containment architecture
Steps
1. Define Your Constraints
Identify every containment layer around your agent and classify each as agent-independent or agent-influenceable:
| Constraint | Value | Enforcement | Agent-Independent? |
|---|---|---|---|
| Max single action | 1,000 USDC | Smart contract | Yes |
| Max daily spend | 10,000 USDC | Smart contract | Yes |
| Allowed protocols | 0x..., 0x... | Smart contract | Yes |
| Human approval > 500 USDC | 500 USDC | Off-chain | No |
2. Deploy Reserve
Deposit exogenous assets into the reserve custody contract. The reserve must:
- Be denominated in assets independent of your agent's ecosystem (USDC, ETH)
- Be locked until the certificate expires
- Be verifiable on-chain by anyone
3. Request Audit
Engage an independent auditor to verify your containment architecture. The auditor will review:
- Smart contract correctness (ideally with formal verification)
- Permission model completeness
- Reserve adequacy
4. Build the Certificate
Assemble the certificate JSON with all constraints, reserve details, and operator metadata.
5. Auditor Stakes and Attests
The auditor locks capital (3% of containment bound for C2) into AuditorStaking and signs the certificate hash — ideally using a Ledger device for hardware-attested audit signature.
6. Publish
Sign the certificate hash with your Ledger device, then call CCPRegistry.publish() with:
- Certificate parameters (agent, class, bound, expiry, vault and limit addresses)
- Your Ledger-signed operator signature
- The auditor's attestation signature(s)
The registry verifies both signatures and confirms the auditor has staked. Certificate goes ACTIVE.
7. Set ENS Records
Register your agent as a subname (alpha.operator.eth) and set CCP text records:
ccp.certificate— the certificate hashccp.class— C1, C2, or C3ccp.chain— 296 (Hedera testnet)ccp.registry— registry contract address
8. Share
Your agent can now reference its ENS name in any interaction. Counterparties resolve the name, find the certificate, and verify on Hedera — all autonomously.