Bundle
Gather a tenant's governed definitions — ontology types, policies, Action Fabric actions, and agent metadata — into one contents bundle, versioned by key.
A Solution Pack bundles your ontology, policies, Action Fabric actions, and agents into one versioned, signed, verifiable artifact — exported from one tenant, published to a registry, and imported into another with its hash and signature checked at the door.
canonicalize → sha256 contentHash → HMAC signature · verifyPack(hashOk + signatureOk)
The hard part of enterprise AI isn't building one agent — it's redeploying a governed solution, intact, to the next tenant, region, or air-gapped network. Solution Packs make that solution a first-class artifact: bundle it, sign it, and re-deploy it without rebuilding governance from scratch.
Gather a tenant's governed definitions — ontology types, policies, Action Fabric actions, and agent metadata — into one contents bundle, versioned by key.
Canonicalize to stable key-sorted JSON, hash to a sha256 contentHash, then HMAC-sign it. Production refuses to sign without a configured signing secret.
Publish to a shared registry on a stable or beta channel — provenance recorded by publishing tenant, install always targeting the caller's own tenant.
Every import re-checks hashOk and signatureOk before a single row is written. Tamper with the contents and it fails closed — no partial apply.
A pack is the contents bundle plus its integrity envelope. The bundle carries the definitions; the envelope is what makes it portable and provable.
Serialize the contents to stable, key-sorted JSON so the bytes are deterministic — the same definitions always hash to the same value.
Compute a sha256 over the canonical bytes. Any edit to any field — one policy priority, one property — changes the hash.
HMAC-SHA256 the contentHash with the deployment signing secret (CORTEX_PACK_SIGNING_SECRET). verifyPack then checks hashOk and signatureOk; a tampered bundle breaks hashOk, a wrong secret breaks signatureOk.
Tamper with the stored contents and verifyPack returns hashOk:false — and any attempt to apply it returns a 409. The check runs offline, with no call home.
Importing a pack is a two-step, verify-first flow. importPreview gives you a per-section diff against your live definitions; importApply re-verifies the signature, then idempotently upserts — into your own tenant only.
Publish a verified pack to a channel and any admin can browse and install it into their own tenant — after the signature is checked. Cross-tenant distribution works because the HMAC signature is over the content hash with the deployment's signing secret, so an entry published by one tenant verifies and installs cleanly for another.
Versioned bundles you can verify by hash and signature, then import into your tenant. Each pack ships with its own ontology, policies, actions, and agent definitions.
Turn your governed AI solution into a portable, verifiable artifact — and ship governance with it, every time.