meshflow certify scores your agents across 8 governance categories and issues a cryptographically signed report. Use it in CI to gate deployments on a minimum readiness score.
Run certification against your org. Optionally scope to a single run:
Or use the CLI directly:
Fail the build when agents fall below a minimum score. Pass --min-score to set the threshold:
meshflow certify exits 1 when the score is below --min-score or the verdict is not_ready. This causes the CI step to fail automatically.Overall score is a weighted average. Verdicts: Production Ready ≥ 85%, Needs Work 65–84%, Not Ready < 65%.
| Category | Weight | What it checks |
|---|---|---|
| Traceability Ledger | 20% | Spans emitted, input/output hashes, causal chain, model version |
| Policy Compliance | 20% | Zero violations, policy assigned to all runs, compliance reports |
| Replayability | 15% | Checkpoints written, failed runs replayed, step-indexed state |
| Context Provenance | 15% | Context packs emitted, pack hashes, source inventory |
| Tool Safety | 10% | Tool versions tracked, guardrails active |
| Eval Coverage | 10% | Eval suite exists, pass rate ≥ 80% |
| Cost Governance | 5% | Cost tracked per run, no budget overruns |
| Incident Recovery | 5% | No unresolved paused runs, worker queue healthy |
Every report can be exported as a signed JSON evidence bundle — useful for SOC 2, EU AI Act, or internal review boards. The bundle includes all span, run, and checkpoint records plus a SHA-256 bundleHash for tamper detection.
The bundle is self-contained: share it with auditors without granting MeshFlow access.