Skip to content

pinfloyd/cnp-boundary

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
demo
demo
 
 
docs
docs
 
 
examples
examples
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
HOSTED_AUTHORITY.md
HOSTED_AUTHORITY.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SUPPORT.md
SUPPORT.md
 
 

Repository files navigation

cnp-boundary

External controlled negotiation protocol (cnp) for automated and AI-driven actions. Not another scanner. A scanner detects after the fact. This boundary decides whether execution may continue.

What this repository shows

This repository is the public proof and evaluation surface for an external controlled negotiation protocol (cnp). It is meant to make one point clear: the object here is not a post-hoc detection tool and not a generic security scanner. The object is a separate execution decision surface above workflow-local logic.

Public surface structure

This public surface is intentionally paired with the separate GitHub Action surface:

  • cnp-boundary = proof / evaluation surface
  • cnp-action = install / Action surface

Commercial path

The commercial transition remains Hosted Authority. Hosted Authority is the separate written commercial path for teams that want a real execution decision layer above workflow execution.

Inquiry path

The inquiry path remains singular and controlled. If a team wants real use rather than only proof or evaluation, the canonical next step is the Hosted Authority inquiry path.

Why this distinction matters

A scanner reports. An cnp boundary decides whether execution is allowed to continue. That distinction is the core interpretation key for this repository.

Current reading route

The intended route remains:

  1. understand the proof / evaluation surface;
  2. understand the separate Action surface;
  3. move to the Hosted Authority inquiry path if the team needs real use.

Surface references

  • Action surface: cnp-action
  • Hosted Authority path: HOSTED_AUTHORITY.md
  • Support path: SUPPORT.md
  • License path: LICENSE

Current boundary

This repository presents the proof surface and the route into a separate written commercial path. It does not describe Hosted Authority as a public live service.

Request access

Request access

This is the only canonical inquiry entry for Hosted Authority access. GitHub is not checkout.

Platform-native policy vs external admission

Pre-run policy is necessary. External admission is the stronger boundary.

Platform-native controls improve the executor. External admission separates execution from authority.

If execution can proceed without an external allow decision, the system has policy, but not external admission authority.

Surrogate Boundary Test: Can execution proceed without an external allow decision?

No Admission = No Execution.

Learn more:

About

Boundary reference surface for the external admit authority model and its proof meaning.

ai-admissibility.com/

Topics

zero-trust ai-security github-actions admission-control workflow-security high-assurance pre-execution external-decision-plane boundary-reference admit-authority external-boundary authority-boundary

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

cnp-boundary v1.0.1 Latest
Mar 21, 2026

Packages

 
 
 

Contributors