Skip to content

Riverbraid/Riverbraid-Evaluation-Kit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
.gitattributes
.gitattributes
 
 
CLAIM_LEVELS.md
CLAIM_LEVELS.md
 
 
Dockerfile
Dockerfile
 
 
EVALUATOR_DECISION_TREE.md
EVALUATOR_DECISION_TREE.md
 
 
LICENSE
LICENSE
 
 
MATURITY_LADDER.md
MATURITY_LADDER.md
 
 
ONE_PAGE_SYSTEM_MAP.md
ONE_PAGE_SYSTEM_MAP.md
 
 
README.md
README.md
 
 
REPRODUCE_RIVERBRAID_v0.1.0-governance-floor.md
REPRODUCE_RIVERBRAID_v0.1.0-governance-floor.md
 
 
RISK_PROFILE_MATRIX.md
RISK_PROFILE_MATRIX.md
 
 
START_HERE.md
START_HERE.md
 
 
audit-30-repos-surface.js
audit-30-repos-surface.js
 
 
environment.lock.json
environment.lock.json
 
 
expected-results.json
expected-results.json
 
 
reproduce.ps1
reproduce.ps1
 
 
reproduce.sh
reproduce.sh
 
 
run-verification.sh
run-verification.sh
 
 
verified-repo-registry.json
verified-repo-registry.json
 
 

Repository files navigation

Riverbraid Evaluation Kit v0.1.0 governance floor

This kit is a scaffold for independent reproduction of Riverbraid's verified governance floor. It is designed to fail closed.

Role in Riverbraid

Riverbraid-Evaluation-Kit is the current public entry and evaluation surface for Riverbraid.

Public verification boundary

This repository defines the current public canonical verification registry and reproduction path for Riverbraid's governance floor.

Evidence boundary

This repository does not claim certification, legal approval, production readiness, absolute security, external audit, complete AI safety, adoption, or absence of defects.

Verification Paths

Preferred: GitHub Actions (Canonical, No Local Setup Required)

The primary verification path runs on ubuntu-latest in GitHub Actions.

Steps:

  1. Navigate to this repository's Actions tab
  2. Select Riverbraid Evaluation Kit Runtime
  3. Click Run workflow button
  4. View the verification summary when complete

What happens:

  • All 16 required files are verified present
  • verified-repo-registry.json is validated: exactly 30 entries, all pinned, all valid commits
  • Docker image is built from Dockerfile
  • Docker container runs the full verification suite
  • Each of 30 repositories is cloned at its pinned commit
  • Each verification command runs
  • Results are compared against expected-results.json
  • Final JSON summary shows verification status

Result: If all checks pass, the workflow emits:

{
  "status": "GITHUB_ACTIONS_RUNTIME_VERIFICATION_PASS",
  "runtime_claim": "EXECUTED_IN_GITHUB_ACTIONS",
  "docker_claim": "VERIFIED_IN_GITHUB_ACTIONS",
  "verification_surface": "ubuntu-latest GitHub Actions",
  "local_windows_claim": "NOT_REQUIRED"
}

Optional: Local Docker (Only If Docker Already Installed)

If Docker is already working on your machine, you may also reproduce locally:

docker build -t riverbraid-evaluator .
docker run --rm riverbraid-evaluator

Important: Do not install Docker as a first step. GitHub Actions is the canonical verification path.

Current State

Aspect Status
Registry entries 30
Commit state All pinned
Claim level target Independent reproduction
Canonical verification surface GitHub Actions on ubuntu-latest
Local Docker requirement Optional
Windows Docker requirement Not required

What a PASS Means

A PASS means:

  • The pinned registry was successfully cloned at exact commits
  • Each configured verification command executed and produced no errors
  • The final summary matched expected-results.json
  • Reproduction is deterministic and repeatable in the specified environment

What a PASS Does NOT Mean

A PASS does not mean:

  • The system is defect-free or bug-free
  • The system is production-safe or deployment-ready
  • The system is certified by any authority
  • The system is externally audited or independently reviewed
  • The system is suitable for any specific risk profile
  • The system is compliant with any regulation or standard
  • The system is safe in all deployment contexts
  • Any claim about downstream AI system behavior

Non-Claims

This evaluation kit explicitly does not:

  • Certify AI systems or models
  • Provide legal approval, compliance certification, or liability protection
  • Replace security review, legal review, or compliance audit
  • Guarantee safety, defect-freeness, or production readiness
  • Make any claims about the behavior of systems that use this as a component
  • Constitute an external audit or third-party assurance

Files

File Purpose
README.md Root repository entrance and setup map
START_HERE.md First evaluator entry point
ONE_PAGE_SYSTEM_MAP.md Short architecture map
CLAIM_LEVELS.md Claim ladder and evidence rules
EVALUATOR_DECISION_TREE.md Fit check before evaluation
RISK_PROFILE_MATRIX.md Risk profile boundary guide
MATURITY_LADDER.md Current maturity framing
REPRODUCE_RIVERBRAID_v0.1.0-governance-floor.md Reproduction guide
verified-repo-registry.json Exact repository and commit registry (30 entries)
expected-results.json Expected reproduction output
environment.lock.json Tool and environment lock scaffold
Dockerfile Containerized evaluation environment
run-verification.sh Container verification runner
reproduce.ps1 Windows helper script
reproduce.sh Unix helper script
.gitattributes Line ending normalization
.github/workflows/evaluation-kit-runtime.yml GitHub Actions verification workflow

About

Public evaluation kit for inspecting Riverbraid’s deterministic governance floor.

github.com/Riverbraid/Riverbraid-Evaluation-Kit/releases/tag/v0.1.0-governance-floor

Topics

open-source security ai evaluation verification audit cybersecurity compliance reproducibility governance ai-safety ai-security ai-evaluation llm ai-governance governance-floor

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Packages

 
 
 

Contributors

Languages