CGB-1 · 6 controls
Sensitivity & Redaction
Credentials, personal data and regulated identifiers must never cross the trust boundary. Detection, redaction and the guarantees around them.
Open standard · v1.0-draft
What does a governed context pipeline
actually look like?
CIS Benchmarks define what a hardened server is. The Context Governance Benchmark defines what a governed context pipeline is: 32 measurable, tool-neutral controls across 6 domains, scored into four maturity grades. Citable by security teams, procurement and press — free under CC-BY 4.0.
Read the spec
LeanCTX self-assessment (C2)
Status: v1.0-draft, pre-review. The catalog is published and open for feedback; v1.0-final requires ≥ 3 named external reviewers. Until then, do not cite it as a released standard — cite the draft.
The catalog
32 controls, 6 domains.
Each control states a requirement, why it matters, a concrete measurement method, and a level: Basic (12 controls — the floor), Hardened (15 — engineering rigor for customer or regulated data) or Audited (5 — third-party-verifiable assurance).
CGB-2 · 5 controls
Provenance & Integrity
For any model interaction: what entered the context, where did it come from, has it been altered? Source attribution, transformation disclosure, tamper evidence.
CGB-3 · 5 controls
Budget & Resource Control
One prompt fans out into many tool calls and sub-agents. Limits, attribution and stopping runaway consumption before the invoice.
CGB-4 · 6 controls
Audit & Evidence
Governance claims are only as strong as the records behind them. What gets logged, how it is protected, and whether a third party can verify it.
CGB-5 · 5 controls
Access Scoping
What may an agent reach, on whose authority? Filesystem, command execution, network and tool-surface boundaries — assistant, not unaudited root shell.
CGB-6 · 5 controls
Lifecycle & Retention
Caches, session stores, long-term memory, shared knowledge: how accumulated state is bounded, expired, deleted and kept honest over time.
Scoring
Four grades, no C0 to hide behind.
Controls score Met (1.0), Partial (0.5, gap described) or Not met (0). A level's score is points over applicable controls. The grade is the highest threshold the pipeline clears — below C1 it is simply ungraded.
C1
Foundational
Basic ≥ 75%
C2
Managed
Basic ≥ 90% and Hardened ≥ 50%
C3
Hardened
Basic = 100%, Hardened ≥ 80%, Audited ≥ 40%, every Met control links evidence
C4
Audited
Basic = 100%, Hardened = 100%, Audited ≥ 80%, independently verified
From C3 upward, every Met claim links evidence a reviewer can open. From C4, the assessment itself is independently verified — self-assessments stop at C3 by design.
LeanCTX, assessed
We grade ourselves C2 — and show the gaps.
The spec is tool-neutral; this part is not. LeanCTX self-assesses against v1.0-draft at C2 — Managed: Basic 96% · Hardened 80% · Audited 50%. Where a claim could not be hard-verified, the control is graded down, not up.
Published gaps include CGB-1.4 (fail-closed redaction coverage is conventional, not structurally proven by a CI gate) and several Audited-level controls that await third-party verification. The full per-control findings — including every Partial and Not met — are in the public self-assessment.
Assess your own setup: lean-ctx policy coverage --benchmark cgb
statically checks your resolved policy pack against the testable controls — synthetic
fixtures, not pattern-name trust.
Governance
Versioned like a spec.
Control IDs are permanent and never reused. Substantive changes go through an RFC-light process with a 14-day comment window and recorded dissent. The catalog is revised annually; drafts are always labelled. License: CC-BY 4.0.
Review board — open call. v1.0-final ships once ≥ 3 named external reviewers (security, compliance or platform-engineering practitioners, no single-vendor commercial stake) have worked through every domain. Reviewers are named on the released spec. Volunteer via an issue →
FAQ
The benchmark, answered.
What is the Context Governance Benchmark?
A versioned, tool-neutral catalog of 32 measurable controls across 6 domains (sensitivity & redaction, provenance, budget control, audit & evidence, access scoping, lifecycle & retention) that defines what a governed context pipeline is — the way CIS Benchmarks define what a hardened server is. It is published under CC-BY 4.0 and scored into four maturity grades, C1 to C4.
Is the CGB a LeanCTX standard?
LeanCTX maintainers edit the spec, but the controls are deliberately tool-neutral: no LeanCTX concepts appear in any control, a neutrality linter enforces that in CI, and any vendor or in-house pipeline can self-assess. LeanCTX publishes its own self-assessment as a separate document — including the gaps.
What does LeanCTX itself score?
Against v1.0-draft, LeanCTX self-assesses at C2 — Managed (Basic 96%, Hardened 80%, Audited 50%), with the gaps published: among them, fail-closed redaction coverage is conventional rather than structurally proven, and several Audited-level controls need third-party verification. A perfect self-score would say more about the assessment than about the product.
Is v1.0 final?
No — v1.0-draft is published and open for review. The release becomes v1.0-final once at least three named external reviewers (security, compliance or platform-engineering practitioners) have worked through every domain. Until then, assessments must cite the draft status. Want to be a reviewer? Open an issue in the spec repository.
How do I assess my own pipeline?
Clone the spec, work through the 32 controls with the assessment template, and grade each control Met, Partial, Not met or N/A using its stated measurement method. LeanCTX users can automate part of it: lean-ctx policy coverage --benchmark cgb statically checks the resolved policy pack against the testable controls and prints per-control results.
Govern the layer that feeds your models.
Read the spec, assess your pipeline, file issues — or see how LeanCTX implements the controls locally, free forever. CGB defines the controls; the Open Context Protocol defines the wire format; the compliance mappings connect both to EU AI Act, ISO 42001 and SOC 2.