Sample Evidence Packet
Inspect the proof behind a blocked AI deploy gate.
This placeholder packet shows the fields ShakerScan binds into an AI Gate decision so CI, GitHub, and customer security reviewers can verify what was tested, where it ran, which policy applied, and why the release stopped.
Shaker Security Gate
BLOCK
Why This Matters
Evidence turns a scan into a release-control artifact.
The useful output is not just that a risky behavior was observed. It is that the release system can verify the signed scope and enforce the resulting decision.
AI Gate tested the preview AI API with the smoke probe pack.
Policy evaluated transcript evidence and crossed the block threshold.
ShakerScan bound repo, commit, target, environment, probe pack, policy, and decision into the evidence packet.
CI verifies the attestation and blocks deployment until the target passes or an eligible exception workflow is approved.
Verifier Command
CI checks the signed decision before deploy.
In a live workspace, the verifier also checks the attestation signature and scoped evidence metadata against the expected repo, commit, target, environment, policy, and decision.
shakerscan gate verify --evidence-id eval_123 --repo acme/support-bot --commit-sha 9f31c2a --branch feature/rag-tenant-filters --target-id preview-api --environment preview --probe-pack shaker-ai-smoke --policy-id release-strict --decision block --evidence-hash sha256:8b7c4d2a9f3e6b51c0d4a7e8f2b91c6d3a5f0e7b9c1d4a2f8e6c3b7a0d9e21frepo, commit, target, environment
block must match policy output
signature and evidence hash verified
Customer security packet
Answer AI release questions with evidence fields instead of screenshots.
GitHub required check
Block the merge when the signed decision is block or missing.
Scoped exception path
Approval tokens are only issued for eligible workflows, never for block results.