CueCrux Trust Model

Principles

CueCrux’s trust system is designed to ensure that every answer is transparent, verifiable, and fair. It is not about persuading users to believe; it’s about showing the evidence that supports every claim.

Principle	Description
Evidence-first	Every claim should display its citations, timestamps, and domains wherever possible. CueCrux answers are only as strong as their evidence.
Mode clarity	Each answer carries a Light, Verified, or Audit badge, clearly describing the trade-offs between speed, verification depth, and provenance checks.
User agency	From a summary, users can jump directly to the source material with a single click no hidden steps, no gated citations.
No marketing language	Trust is earned through transparency, not adjectives. The design and clarity of the interface are the only persuasion mechanisms.

Surfaces

Trust is expressed directly in CueCrux’s product surfaces from the first answer to the deepest audit record.

Answer View

Each answer displays a mode badge showing its trust level.
Provenance chips indicate how many independent domains are cited and whether the evidence passed licence and freshness checks.
The citations pane expands to show each quote, URL, timestamp, and hash used in the answer’s assembly (artefacts stored in Perofant™).

Audit Runs

When an answer is generated in Audit mode, the system captures a CROWN snapshot: a complete, replayable record of how that answer was built.
Each snapshot includes the retrieval configuration, model parameters, evidence hashes, and verification signatures.
Audit artefacts allow independent verification through the CueCrux SDK or WatchCrux operator.

History & Saves

Saved answers keep links to their sources and mode context so that re-opening a saved answer always re-displays its original verification state.
Historical queries can be replayed with a specific as_of timestamp to observe how evidence or policies evolved over time.

Boundaries & Controls

CueCrux separates public-facing transparency from internal algorithms to maintain both integrity and resilience.

Boundary	Policy
Engine credentials	Never exposed to browsers. All user queries go through the WebCrux Backend-for-Frontend (BFF), which injects authenticated service credentials server-side.
Internal heuristics	Heuristics, model prompts, and threshold settings are kept confidential. Public documentation focuses on conceptual contracts and observable behaviours.
Immutable provenance	Evidence hashes and receipts are append-only; provenance is cryptographically signed and independently verified by WatchCrux.
Policy-aware ingestion	FactoryCrux obeys robots.txt, licence metadata, and PII rules before ingestion, ensuring sources are lawfully and ethically processed.

How Trust Operates Across Planes

Engine (CROWN + C³)

The Engine enforces trust mechanically:

CROWN receipts record who said what, when, and how it was verified.
QUORUM (MiSES) forms MiSES (Minimal Evidence Sets) so each claim uses the smallest non-redundant evidence bundle required for trust.
Cost-Conditioned Cascades (C³) balance verification depth and compute cost.

WebCrux (User Interface)

The WebCrux UI presents trust visually:

Mode badges (Light / Verified / Audit).
“Why Trust” summaries explaining the number of sources, their freshness, and any contradictions.
Provenance indicators surfaced directly from Engine metadata.

WatchCrux (Operator)

WatchCrux independently monitors trust and performance:

Verifies receipts and snapshots hourly.
Runs replay audits and detects version drift.
Publishes PASS/WARN/FAIL findings into the operator dashboard.

SDKCrux (Verification Tools)

Developers use SDKCrux to validate and interpret receipts:

Verify ed25519 signatures and BLAKE3 hashes.
Parse provenance records and reproduce trust calculations.
Detect mode/freshness mismatches or version drift automatically.

OpsCrux (Governance)

The OpsCrux Control Tower consolidates trust metrics:

Displays provenance health, contradiction rate, and audit pass rate.
Surfaces alerts from WatchCrux and enforces mode boundaries during releases.

Modes of Verification

Mode	Purpose	Verification Depth	Typical Use
Light	Fastest path to insight. Citations are optional and lightly verified.	Soft provenance check only.	Exploratory queries.
Verified	Balanced mode for work products and sharing.	Full provenance verification + QUORUM (MiSES) coverage; aims for ≥2 independent domains when available.	Publication, internal reports.
Audit	Highest assurance mode, with deterministic replay and cryptographic receipts.	Counterfactual probing + receipt signing.	Regulatory or client deliverables.

Example - From Answer to Proof

Ask a question → WebCrux proxies your query to Engine.
Engine retrieval → Combines FTS + vector search; gathers top-k artefacts.
QUORUM (MiSES) assembly → Selects a MiSES per claim; computes domain diversity.
Provenance ledger → Each artefact recorded with BLAKE3 hash and signature.
CROWN receipt → Signed snapshot with query, retrieval, model, and evidence metadata.
Display → WebCrux renders the answer with mode badge and “Why Trust” summary.

Security & Compliance Context

Trust is inseparable from security. CueCrux implements multi-layer defences drawn from the Security Master-Plan:

Vault-based key management: All JWT and receipt signing handled via HashiCorp Vault Transit keys.
Append-only provenance: Receipts are never re-signed or altered; new versions always create new ledger entries.
Independent oversight: WatchCrux operates outside the Engine lifecycle to guarantee impartial audits.
ATAM principles: Evidence weighting, transparent contradiction flags, and non-censorship policies.

Why It Matters

Credibility you can prove. Every citation, timestamp, and quote hash is visible and verifiable.
Reproducibility by design. Audit receipts can be replayed by anyone using the SDK.
Transparency without exposure. Users see enough to verify; internal systems stay secure.
Accountability baked in. WatchCrux and OpsCrux continually monitor provenance, cost, and fairness.

Summary

CueCrux’s trust model binds together the evidence chain, cost discipline, and audit visibility needed to make AI-assisted knowledge provably trustworthy.
It is a living system independently verifiable, ethically sourced, and resilient under scrutiny.

GuidesTrust Scoring

GuidesVision