Controlled Negotiation Protocol (CNP) Gate for GitHub Actions
Block risky workflow changes before CI continues.
This repository is the install / Action / product surface for the public controlled negotiation protocol (cnp) path.
This is the GitHub Action-facing product surface for controlled negotiation protocol (cnp) control. It is meant to make one thing clear fast: this is not another scanner and not a post-hoc reporting layer. This is an execution gate for GitHub automation.
- Blocks risky workflow changes before CI continues.
- Acts as an external execution gate for GitHub automation.
- Stops unsafe AI / automation changes before they execute.
- Not another scanner.
- Not a generic security toolbox.
- Not architecture sold as an abstraction.
This surface exists to show the product-facing path: install, understand the outcome, and understand the commercial path above the public Action surface.
For real commercial use above the public GitHub surfaces, use the Hosted Authority inquiry path:
- Understand the outcome here.
- Evaluate the proof / meaning surface separately if needed.
- Move to the Hosted Authority inquiry path for the commercial path.
Pre-run policy is necessary. External admission is the stronger boundary.
Platform-native controls improve the executor. External admission separates execution from authority.
If execution can proceed without an external allow decision, the system has policy, but not external admission authority.
Surrogate Boundary Test: Can execution proceed without an external allow decision?
No Admission = No Execution.
Learn more: