Secure Context Release Gate

What this adds. SecurityRecipes already tracks context provenance, attestation, poisoning scans, evals, and egress policy. The release gate packages those controls into versioned context releases so agent hosts, MCP gateways, and reviewers know exactly which source hashes are safe to consume.

Why This Matters

The product thesis is The Secure Context Layer for Agentic AI. A credible context layer needs a release step. Enterprise reviewers do not only ask “where did this guidance come from?” They ask:

  • Which context bundle is approved for production agents?
  • Which source hashes define the bundle?
  • Which attestation, poisoning, eval, and egress checks passed?
  • Which channels require signatures before use?
  • Which drift or incident signals roll the release back?

The Secure Context Release Gate answers those questions with generated JSON rather than prose-only claims.

Generated Artifacts

  • Profile: data/context/secure-context-release-profile.json
  • Generator:
  • Runtime evaluator:
  • Generated release pack: data/context/secure-context-release-pack.json

Regenerate and validate:

Release Channels

Channel Use Default posture
open-reference Public docs, local MCP, CI, and open-source evaluation. Unsigned but hash-bound.
production-mcp Hosted MCP and enterprise agent hosts. Held until signature and transparency proof exist.
trust-center Procurement, AI platform review, and trust review diligence. Held until signed, or held earlier if a source needs review.

Runtime Decisions

The evaluator returns:

Decision Meaning
allow_open_reference_release Local or CI use can consume the unsigned release with source hashes and citations.
allow_context_release Production or diligence use has the required signature and transparency proof.
hold_for_signature The bundle is structurally ready but cannot promote to production or trust-center use yet.
hold_for_recertification A source or workflow context package needs fresh attestation.
hold_for_poisoning_review A source has actionable poisoning findings.
hold_for_eval_replay Required secure-context evals are missing or stale.
deny_unregistered_release_source The request references context outside the release manifest.
deny_release_hash_mismatch Runtime source hashes do not match the generated release.
deny_release_channel_mismatch The caller requested the wrong channel or environment.
kill_session_on_release_violation The request includes prohibited context or a runtime kill signal.

Example Checks

Open-reference release:

Production MCP release without signature:

Assurance model release with actionable poisoning findings:

Product Path

The open repo now proves the release model. The enterprise product path is hosted signed releases:

  • customer-private context release channels,
  • keyless signing and transparency-log proof,
  • release promotion APIs for MCP gateways,
  • source drift and rollback alerts,
  • trust-center export automation.

That makes the site easier for enterprise teams to approve and gives a future reviewer a concrete control primitive around agent context distribution.

Source Anchors