Release-readiness gates for AI agents: replay known incidents, apply policy-as-code gates, and produce ship/warn/block evidence before an agent, prompt, model, or tool-policy change ships.
Project description
Agent Release Safety Gates
A public release-readiness system for testing whether AI-agent workflow changes remain grounded, safe, auditable, and useful under retrieval, refusal, prompt-injection, incident replay, and approval-gated tool-use conditions.
This project is not a clone, assessment, or reverse-engineering attempt of any company's internal AI system. The controlled operations benchmark is synthetic by design; TechQA and WixQA are used separately as public retrieval-validation datasets.
Live Project
- Public project page: https://rosscyking1115.github.io/agent-release-gates/
- Full evaluation report (HTML): https://rosscyking1115.github.io/agent-release-gates/evaluation_report.html
- PDF report: https://rosscyking1115.github.io/agent-release-gates/evaluation_report.pdf
- Interactive dashboard: run locally (see Run Locally) or deploy on Streamlit Cloud — see the dashboard deployment guide. A hosted instance must be set to public visibility to be shareable.
What This Project Does
The project evaluates an AI-agent workflow across five release questions:
- Does the agent retrieve the right evidence and cite it?
- Does it abstain or refuse when evidence is weak, unsafe, or prompt-injected?
- Does it require approval before mock side-effecting tool calls?
- Does it leave enough trace, audit, and monitoring evidence for review?
- Does it pass incident replay and policy-as-code release gates?
The result is a reproducible evaluation artifact rather than a one-off dashboard: deterministic eval runners, generated reports, CI checks, Dockerized local execution, a Streamlit dashboard, and a GitHub Pages report site.
Product Direction
Agent Release Safety Gates is a release-readiness workflow for replaying known agent incidents, applying policy gates, and producing evidence before a changed agent, prompt, model, or tool policy ships. Its deterministic evaluation benchmark and runners are the evidence layer behind that workflow.
The first module is an Incident Replay Suite that turns redacted synthetic incidents into regression fixtures, replay results, release gates, and incident memos.
To evaluate an external agent, use the public quickstart:
Current Evidence Snapshot
| Area | Current result |
|---|---|
| Controlled benchmark | 358 synthetic golden cases, 60 red-team cases, 180 synthetic operations tickets |
| Retrieval | 100.00% synthetic retrieval hit rate@3 with local TF-IDF/vector-style retrievers |
| Public RAG validation | 160 TechQA cases and 80 WixQA cases evaluated separately from the synthetic benchmark |
| Safety | 90.91% classifier recall, 0 high-severity false negatives in the current challenge set |
| Agent governance | 100.00% mock side-effect block rate and approval audit rate |
| Incident replay | 8 seeded synthetic incidents replayed, 100.00% closure rate, 0 replay must-not violations |
| Intervention study | 3 deterministic safety studies plus public RAG grounding and memory/context studies |
| Hosted judge calibration | Reviewed OpenAI and Anthropic judge runs with public-safe provider comparison |
These results are engineering evidence over controlled benchmarks. They are not claims of real-world production performance.
Key Findings
- Safety metrics are not meaningful alone; the lab reports over-review cost, benign auto-blocks, weak-evidence handling, and unsafe misses beside the headline scores.
- Layered safeguards reduce selected prompt-injection, unsafe-action, and unsafe-request failures in controlled studies while making review burden visible.
- Public TechQA and WixQA retrieval tracks help test whether the RAG harness works beyond self-contained synthetic data.
- Public RAG grounding thresholds reduce unsupported answer attempts while making abstention and review cost visible.
- Memory/context controls reduce polluted-memory following while preserving benign memory usefulness.
- Goal-conflict arbitration reduces unsafe goal-following while preserving benign task completion.
- Synthetic operations data remains useful for controlled tests that would be unsafe or impractical to run on confidential real workflows.
- The next strongest validation step is independent human labelling, followed by broader multi-model comparison.
What Is Included
- Evaluation runners for retrieval, extraction, safety classification, controlled-agent behavior, and observability.
- Baseline-vs-intervention studies for instruction hierarchy, action-risk gates, and safety classifier review policy.
- Public RAG grounding and abstention intervention study over TechQA and WixQA.
- Memory/context pollution intervention study covering stale, injected, and cross-user memory.
- Goal-conflict intervention study covering safety, evidence, privacy, and tool-risk arbitration.
- Incident replay suite with seeded incidents, replay matrix, release gates, regression fixtures, and generated memos.
- Public benchmark documentation, dataset boundaries, failure taxonomy, and external-review packet.
- Candidate-results exporters for generic agent logs and LangChain/LangSmith-style traces.
- Streamlit dashboard for interactive inspection.
- GitHub Pages report and PDF for public review.
- CI, Docker, Docker Compose, linting, tests, and deterministic report regeneration.
Install
Once published to PyPI (see publishing guide), the core install
is lean — pydantic only — and gives you the CLI, the Inspect suite, the real-agent
runner, and the scoring logic. The API and dashboard are opt-in extras:
pip install agent-release-gates # CLI + Inspect suite + scoring
pip install "agent-release-gates[api]" # + FastAPI evidence service
pip install "agent-release-gates[dashboard]" # + Streamlit dashboard deps
pip install agent-release-gates inspect_ai # to run under Inspect
agent-safety release-gate # ship / warn / block
inspect eval agent-release-gates/incident_replay --model openai/gpt-4.1-mini
Not yet on PyPI — build it yourself with
uv build, or run from source below.
Run Locally
uv sync
uv run python scripts/run_all_evals.py
# Release gate (installed console command); exits non-zero on a blocking failure.
uv run agent-safety release-gate --policy config/incident_release_policy.json
# Interactive dashboard.
uv run streamlit run streamlit_app.py --server.port 8510
Open http://localhost:8510. Run the API and dashboard together with
docker compose up --build, then open http://localhost:8510 and
http://localhost:8000/health.
Drive a real LLM through the release gate, or run the suite under Inspect:
# Any OpenAI-compatible / self-hosted open model endpoint.
$env:AGENT_RUNNER_API_KEY = "..."
uv run python scripts/run_real_agent_replay.py
# Inspect (UK AISI) -- optional peer dependency.
uv pip install inspect_ai
inspect eval agent-release-gates/incident_replay --model openai/gpt-4.1-mini
Verification
uv run ruff check .
uv run pytest
uv run python scripts/run_all_evals.py
uv run agent-safety release-gate --policy config/incident_release_policy.json
uv run python scripts/build_public_site.py
docker build -t agent-release-safety-gates:local .
CI runs linting, tests, deterministic report checks, local OpenTelemetry smoke testing, Dockerized collector verification, and Docker build verification.
Review Materials
- Evaluate your agent quickstart: docs/evaluate_your_agent_quickstart.md
- Benchmark card: docs/benchmark_card.md
- Agent safety intervention study: docs/agent_safety_intervention_study.md
- RAG grounding intervention report: reports/rag_grounding_intervention.md
- Memory context intervention report: reports/memory_context_intervention.md
- Goal conflict intervention report: reports/goal_conflict_intervention.md
- Incident pack schema: docs/incident_pack_schema.md
- Candidate results schema: docs/candidate_results_schema.md
- Incident replay summary: reports/incident_replay_summary.json
- Dataset card: docs/dataset_card.md
- Failure taxonomy: docs/failure_taxonomy.md
- External reviewer handoff pack: docs/reviewer_handoff_pack.md
- Technical artifact index: docs/technical_artifacts.md
- Contribution guide: CONTRIBUTING.md
Current Limitations
- The controlled benchmark is synthetic and still partly templated.
- Public TechQA and WixQA tracks use compact samples, not the full upstream datasets.
- Human-review labels are currently simulated workflow labels; independent reviewer labels are prepared but not yet published.
- Hosted model evidence includes reviewed judge-calibration runs, not a broad multi-model agent comparison.
- Provider-backed embedding and reranker adapters are prepared, but credentialed hosted results are not claimed until reviewed.
Roadmap
- Collect independent human labels using the prepared review packet.
- Add reproducible multi-model comparison across hosted and open-source models.
- Expand public RAG validation beyond the current compact TechQA and WixQA samples.
- Add more framework-specific candidate-results exporters for common agent runners.
- Expand the paper-style intervention report with external reviewer disagreement analysis.
- Invite external review through issues and contribution guidelines.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_release_gates-0.1.0.tar.gz.
File metadata
- Download URL: agent_release_gates-0.1.0.tar.gz
- Upload date:
- Size: 1.0 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.24 {"installer":{"name":"uv","version":"0.11.24","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b98f7274f09d1dd149a6428525c6ae3a6f95c0f79964fab161b31c5d433a263b
|
|
| MD5 |
27f63fe9425b7e86b4259d1fddff12cf
|
|
| BLAKE2b-256 |
089acf0efa23ce2eb7c01cd3616835082c82f4fcf5ae99f4746be86554166c59
|
File details
Details for the file agent_release_gates-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agent_release_gates-0.1.0-py3-none-any.whl
- Upload date:
- Size: 222.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.24 {"installer":{"name":"uv","version":"0.11.24","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
62a6bdb0731c138f25cf003f63ca295a80b85cb5ba3bdf6b13bb6a0b77876673
|
|
| MD5 |
09e27f362953093261b40a85f2fbda62
|
|
| BLAKE2b-256 |
b784f6d48b68e6272e91ef96aea9cdd0688e12a83eb4efd17a6dfeaa52c29e2a
|