VCC Gear-Up¶

UCCA Verified Contact Chain — State of Play¶

Last updated: 12 March 2026¶

What It Is (30 seconds)¶

WHO    Two parties. UCCA + contact.
WHAT   A chained, timestamped ledger of every interaction.
HOW    Each entry hashes the previous. Break one, break all.
KEYS   UCCA holds K1. Contact holds K2. Both needed to read full chain.
UI     Teletype. Monospace. Face ID unlock. The chain renders.
NOT    Blockchain. CRM. Receipt. Digital signature.

Architecture (one page)¶

Chain - Every contact gets a root hash on registration - Each event appends a new node: node_hash = hash(parent_hash + event_type + timestamp) - Tamper one entry → every subsequent hash breaks - Stored in engine-db (Cloudflare D1), table: vcc_chain

Keys - K1: 256-bit hex, UCCA holds, stored in contact_keys in engine-db - K2: XXXX-XXXX-XXXX (human readable, no 0/O/1/I/L), contact holds - Server stores Argon2id hash of K2 only — raw K2 never persisted - Without K2: API returns summary only (valid, length, trust level) - With K2: full ledger renders

Events (auto-fired) - hash_generated → email_confirmed → sms_confirmed → endpoints_verified → trust_l1_assigned → k2_delivered

K2 Hashing - PBKDF2-SHA256, 600K iterations, contact hash as salt - Native Web Crypto — no WASM, no dependencies - K2 entropy: ~58.6 bits. GPU brute force: millions of years.

K2 Delivery Resilience - On generation: K2 AES-GCM encrypted with K1, stored in contact_keys.k2_encrypted - On confirmed delivery (SMTP 250 or Twilio queued): k2_encrypted wiped to NULL - If both channels fail: K2 survives encrypted, only K1 can decrypt, ops triggers reissue to retry - Reissue response: { success, version, delivered, delivery_method, held } — raw K2 never returned

Endpoints - GET /api/chain/:hash — summary (no K2) or full ledger (with K2) - POST /api/chain/:hash/reissue — new K2, auto-delivered, old invalidated

Surfaces - vcc.ucca.online — stub live, security headers, dark palette - ucca-keys Worker — chain verification endpoint - Ops console — VCC world block, "standing by" badge

Phase Status¶

Phase	What	Status
1	D1 schema, chain functions, keys card redesign, vcc.ucca.online stub	✅ Complete
2	K1/K2 generation, K2 delivery, gated chain endpoint, reissue	✅ Complete
3	UCCA Authenticator — native iOS, Face ID, teletype on device	✅ Complete
4	Public whitepaper — The Gate + The Gate II	⏳ Pending
5	Sepofitti Capital conversation, defence/aviation/medical outreach	⏳ Pending

The Story (one paragraph)¶

We were building a form for investor registration. We asked what the person on the other side actually receives. That question led to a receipt, then a ledger, then a chain, then dual custody. The teletype interface came from asking what the moment should feel like. VCC is the door on top of UCCA's gate — the gate defines capability, VCC proves who touched it, when, and what happened next. Built in a garage in Brisbane, on a Thursday night.

Repo / Infrastructure¶

Repo: uccaonline/ucca-engine
Engine-db (D1): 0efa8970-0053-4623-8436-4e877af10887
Worker: ucca-keys
Surface: vcc.ucca.online
Docs: docs.ucca.online/vcc/
Full story: The Gate II (docs.ucca.online)

RAI Posture (not compliance)¶

RAI — Responsible AI — has ten core principles: Safety, Accountability, Transparency, Explainability, Fairness, Privacy, Security, Robustness, Resilience, Validity & Reliability.

UCCA covers all of them. Not by checklist. By architecture.

RAI Principle	UCCA Coverage
Transparency	VCC chain readable by both parties
Accountability	Dual custody — neither party can alter the record
Privacy	K2 never stored, PBKDF2-SHA256, AES-GCM encrypted hold
Fairness	Deterministic — same rules for every contact, no inference
Human oversight	Humans write all content. Dr Sheffield is a silent conductor.
Traceability	Every event chained, timestamped, tamper-evident to root

The distinction that matters:

A compliance standard = "we meet framework X, here's our checklist." Defensive. Retroactive.

A posture = "we built the infrastructure that makes RAI provable — not just for us, but for every organisation that touches UCCA."

UCCA didn't build this to satisfy a framework. The architecture demanded it. When RAI becomes mandatory in defence, aviation, and medical — and it will — UCCA won't be retrofitting. Everyone else will be.

UCCA isn't RAI compliant. UCCA is what RAI compliance gets built on top of.

To Pick Up From Here¶

Read this file
Read The Gate II (uploaded or docs.ucca.online)
Check Phase status table above
Ask Tim what's next

Tim Rignold + Claude (Anthropic) — Brisbane, Australia

AI Certification Landscape (ISO/UL)¶

The standards that will matter:

ISO/IEC 42001 (Dec 2023) — world's first certifiable AI management system standard. The ISO 9001 of AI. This is the one defence, aviation, medical will require.
ISO/IEC 42005 (Apr 2025) — AI system impact assessments. Complementary to 42001.
ISO/IEC 42006 (2025) — certifies the certifiers. The audit bodies are now being accredited.
UL 3115 (Nov 2025) — UL Solutions AI safety certification. The UL mark for AI products.

Where UCCA sits:

Not the organisation seeking ISO/IEC 42001 certification. The infrastructure that helps other organisations achieve and prove it — particularly the traceability, accountability, and dual-custody controls that 42001 demands.

UCCA is an ISO/IEC 42001 enabler, not just a compliant participant. That's a different commercial conversation entirely.

Auth — SSO Policy¶

Allow Google, Apple, GitHub sign-in: Yes, but with conditions.

SSO is the door. Verified endpoint is the chain anchor.

Flow: 1. Sign in with Google / Apple / GitHub — low friction entry, expected, fine 2. Before chain starts — contact must confirm a real endpoint (email or mobile) 3. K2 delivered to that confirmed endpoint — dual custody live 4. SSO identity is convenience. Verified endpoint is truth.

Why this matters for VCC: If the chain is anchored to a Google-relayed hidden email and the contact loses Google access, the chain is orphaned and K2 reissue fails. The confirmed endpoint is the recovery anchor — it must be real and owned by the contact directly.

Apple Sign In note: Apple's hide-my-email relay is acceptable for SSO login but NOT acceptable as the K2 delivery endpoint. Must collect and verify a real endpoint before chain generation.

trust.ucca.online — Tiered Knowledge Surface¶

The trust system governs access to the trust documentation. The proof of the proof.

Trust Levels (full model)¶

Level	Name	Trigger	Unlocks
0	Public	No auth	Legal minimums, all doc headings visible with lock + level number
1	Verified	Email + mobile confirmed	Basic compliance posture, encryption standards, retention schedule
2	Declared	Trust 1 + stated intent on record	Sub-processor DPAs (redacted), data residency, breach notification
3	Qualified	Human decision — Tim or Jimmy	Full Data Governance Framework, infrastructure architecture, investor materials
4	Partner	NDA executed	Everything. Unredacted. Unreserved.

UX — Document listing¶

Every document heading visible to everyone. Line icon padlock (outline, no fill, stroke weight 1, technical — see Padlock_8.svg reference) + level number beside locked docs:

Data Residency Declaration          ⌐lock⌐ 1
Sub-processor Agreements            ⌐lock⌐ 2
Data Governance Framework           ⌐lock⌐ 3
Infrastructure Architecture         ⌐lock⌐ 3
Security Audit Results              ⌐lock⌐ 4
Penetration Test Summaries          ⌐lock⌐ 4

Lock click behaviour¶

Not logged in → "This document is available at Trust Level X. Register at ir.ucca.online."
Wrong trust level → "You're at Level X. To progress, request access." → appends access_requested chain event → Tim notified in ops console → one click to approve → trust level updated → document unlocks
Correct trust level → document opens

Icon direction (critical for Alex)¶

No emoji. No filled icons. Line icons only throughout trust.ucca.online. SF Symbols stroke weight 1. Think technical instrument not consumer app. The padlock is outline only — not filled, not rounded, not friendly. Reference: Padlock_8.svg.

Surface¶

trust.ucca.online — already parked. Register Cloudflare zone, stub MkDocs structure, public layer first.

Intent declaration (Trust Level 2 gate)¶

Single text box. No dropdown. Their words:

What are you looking to understand about UCCA?

[                                    ]

[SUBMIT AND CONTINUE]

Response appended to chain as intent_declared event. Timestamped. Immutable.

Replace Shopify-style privacy/terms links across ALL surfaces with: "Compliance and governance documentation: trust.ucca.online"