Solutions

Agentic execution safety

Tool‑using agents are an operator risk surface. ALP‑L1 defines a fail‑closed lockdown profile: missing or unverifiable evidence must yield HOLD/DENY.

No permit, no side effectFail‑closedOffline‑verifiable
Open DSSE viewer Download Ticket Pack Verify offline

Expected outputs: PASS (verifiable), FAIL (mismatch), HOLD (missing evidence/signatures; fail‑closed).

RisksTop 5

What can go wrong

  • Prompt injection triggers a privileged tool action (irreversible side effects).
  • Secret / token exposure via tool output, logs, or agent memory.
  • Unreviewed network egress or data exfiltration from a sandboxed runtime.
  • Unpinned dependencies or silent runtime updates change behavior post‑approval.
  • After‑the‑fact explanations without replayable receipts (audit cannot reproduce).
ReceiptsTicket‑ready

What reviewers attach

  • 1 URL (DSSE)/.well-known/mvg-procurement-ticket-pack.dsse.json (human view via DSSE viewer).
  • 1 ZIP — Ticket Pack (offline verifier kit + receipts).
  • Security Review Packet (PDF) — architecture + threat model + evidence pointers.
  • Governance receiptwho can stop a release + escalation path.
  • Transparency — inclusion proof pointers (append‑only posture).
Open DSSE viewer Site release integrity

Where MVG gates

1VERIFY

Verify receipts

Policy + environment + artifacts are pinned and replayable (deterministic inputs).

2PERMIT

Mint scoped permits

Permits are issued only after PASS, with explicit scope + expiry.

3GATE

Enforce at control points

Non‑bypassable gateways (egress, privileged I/O, dispatch) deny without a permit.

ReferencesPublic‑safe

Standards & papers

Canonical pointers live on the standards surface; immutable deposits on Zenodo.

ALP‑L1 (draft) — record 18682584 KCS (standard surface) Kingdom RFC lineage — DOI 18236114
All solutions Executive briefing