From 10dc985c2a637df61e812e1353bd149adb95634e Mon Sep 17 00:00:00 2001 From: giria660 Date: Fri, 5 Jun 2026 20:21:38 -0400 Subject: [PATCH] docs(readme): disclose stateless-signal limitation Add one bullet to 'What this Action does NOT do (yet)' to honestly state that historical signal enrichment (churn, hotspot density, prior-incident proximity) does not run in stateless customer-side mode. The decision, policy, and signed attestation are unchanged; only the risk-score amplification is reduced. Closes P1#1 from the 2026-06-04 structural audit. --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 919c891..e905640 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,13 @@ No ReleaseGate server access is required to verify. hello@releasegate.io. - It does not yet support Kubernetes admission control. See the main repo for the roadmap. +- The risk score in stateless customer-side runs does not include + historical signal enrichment (churn, hotspot density, prior- + incident proximity). Those signals require persistent history + across runs, which the customer CI runner does not have. The + decision gate, policy evaluation, and signed attestation are + fully functional; only the risk-score amplification is reduced. + Server-side dashboard runs include the full signal set. ## Security