KCS-ALP-L1: Agent Lockdown Profile (ALP-L1) v1.0.0 — Public Draft (Unsigned Preview)

Public Draft (Unsigned Preview) — Evaluation-only.
For procurement/conformance: treat as UNTRUSTED → EXPECT HOLD (fail-closed).
NOT FOR INCORPORATION BY REFERENCE. Procurement-grade status applies only to a future signed release with verifiable release-gate authenticity artifacts.

Receipts, not promises.

What this is

KCS-ALP-L1: Agent Lockdown Profile (ALP-L1) v1.0.0 (Public Draft) — a procurement-shaped interoperability profile for enterprise agent runtimes, enabling buyer-run, offline verification of conformance receipts and replay determinism.

Included artifacts: Whitepaper PDF (normative), bundle ZIP (offline verifier + fixtures), Release Checklist, publication‑integrity addendum, artifact‑signing public key, and CITATION.cff.

Release date: 2026‑02‑18

Canonical standards surface: https://meridianverity.com/standards/

Project home: https://meridianverity.com/

Pinned artifact‑signing fingerprint (trust anchor): 9ACD3C8B2E02BD4CAA6742EB7132DE1CAA7BBB01

Normative scope

Only the Whitepaper PDF is normative. All other files in this record are supporting artifacts (bundle ZIP, offline verifier + fixtures, templates, addenda, and reviewer/auditor packets).

Fail‑closed posture: HOLD blocks sensitive side effects by default when evidence is missing, stale, inconsistent, unverifiable, or non‑deterministic.

Fail‑closed / release gate

This deposit is UNSIGNED_PREVIEW. Consumers MUST treat this deposit as UNTRUSTED → HOLD (fail‑closed) for any conformance, safety, or procurement acceptance claim.

For a future signed release, procurement‑grade status exists if and only if offline verification succeeds under the pinned fingerprint:

sha256sum -c SHA256SUMS

gpg --verify SHA256SUMS.asc SHA256SUMS

What the profile specifies (high level)

·      Deterministic runtime verdicts (ALLOW / DENY / HOLD) with standardized reason codes.

·      Deterministic offline outcomes (PASS / FAIL / HOLD) for Evidence Pack verification and replay checks.

·      Signed allowlist‑only tool/skill invocation (tamper‑evident).

·      Permit‑before‑send network egress (deny‑by‑default).

·      Untrusted → trusted boundary enforcement for privileged actions.

·      Secret isolation + scoped use (no plaintext secrets in prompts, tool output, or logs).

·      High‑risk action approval gates (HOLD until approval proof exists).

·      Version pinning + drift detection; stewardship/change‑control expectations.

·      Portable Evidence Packs with minimal schema/registry surfaces designed for procurement attachment.

Interoperability evidence (included)

This record includes a reference offline verifier contract and portable fixture Evidence Packs demonstrating expected outcomes (PASS / HOLD / FAIL), including negative and boundary cases, with deterministic receipts + reason codes.

Buyer‑run demo from bundle root:

python3 verifier_contract/alp_l1_offline_verifier.py verifier_contract/fixtures/ALP_SAMPLE_PACK_TV-ALP-001_PASS_BASELINE_v1.0.0.zip

python3 verifier_contract/alp_l1_offline_verifier.py verifier_contract/fixtures/ALP_SAMPLE_PACK_TV-ALP-002_HOLD_ALLOWLIST_SIG_MISSING_v1.0.0.zip

python3 verifier_contract/alp_l1_offline_verifier.py verifier_contract/fixtures/ALP_SAMPLE_PACK_TV-ALP-005_FAIL_DIGEST_MISMATCH_v1.0.0.zip

Security considerations (snapshot)

Threat model coverage includes (illustrative): tool injection/capability sprawl, allowlist tampering, data exfiltration, prompt injection, secret leakage, unauthorized high‑risk actions, baseline drift/downgrade, evidence repudiation, and TOCTOU‑style drift.

Public‑safe by design

The profile and artifacts avoid exploit guidance and do not require disclosure of confidential implementation details by default.

License / rights notice

CC BY 4.0 applies to text and supporting artifacts unless a file states otherwise. No patent license by publication. Not legal advice.

Integrity / verification

Use SHA256SUMS to verify file integrity (SHA‑256) after download/extraction:

sha256sum -c SHA256SUMS

How to cite

Use the Zenodo “Cite as” entry after publication. CITATION.cff is included for convenience.