LydianAI Open-source tooling

← All docs

Assurance-as-Code

Release baselines

Run the release-gate check and generate a timestamped baseline snapshot for regulatory submission.

Release baselines

A baseline is a named, timestamped snapshot of all the compliance artifacts in a project at a point in time. Before a baseline can be generated, the system runs a release-gate check — it validates that every required artifact exists, that none are in a suspect state, and that the full traceability chain is intact.

What the release-gate checks

The gate check runs a set of validations against the project’s standards profile. These are the critical checks:

CheckWhat it verifies
All required artifact types presentEvery mandatory artifact type for the project’s ASIL level exists
No artifacts in draft or under_reviewAll in-scope items are at least approved
No suspect flagsNo artifact is waiting for re-review after an upstream change
Full traceability chainEvery requirement is linked to at least one test case; every test case has a passing test result
All test results passingNo in-scope test case has a failing or missing result
HARA items have derived requirementsEvery hazard analysis item links to at least one safety requirement
TARA items have mitigating requirementsEvery cybersecurity threat links to at least one control or requirement

Checks that fail block baseline generation. Checks that produce warnings are recorded in the gate check log but do not block.

Running the gate check

Before generating a baseline, run the gate check to see what passes and what needs attention:

curl -X POST http://localhost/api/projects/<project-id>/gate-check \
  -H "Authorization: Bearer <your-token>"

Example response:

{
  "status": "failed",
  "passed": 6,
  "failed": 1,
  "warnings": 2,
  "results": [
    {
      "check": "all_test_results_passing",
      "status": "failed",
      "detail": "Test case TC-042 has no associated test result"
    },
    {
      "check": "tara_items_mitigated",
      "status": "warning",
      "detail": "TARA-003 mitigation requirement is in 'approved' state, not 'released'"
    }
  ]
}

Fix the issues, then re-run the gate check until all required checks pass.

Generating a baseline

Once the gate check passes, generate the baseline:

curl -X POST http://localhost/api/projects/<project-id>/baselines \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "v2.1.0 — R156 release",
    "description": "OTA Update Manager release for type approval submission"
  }'

The baseline is created immediately. All in-scope artifacts are moved to released state as part of the baseline operation.

What a baseline contains

A generated baseline record includes:

Viewing and exporting baselines

List all baselines for a project:

curl http://localhost/api/projects/<project-id>/baselines \
  -H "Authorization: Bearer <your-token>"

Export a baseline as a structured report (JSON or CSV) for submission to a technical service or regulatory body:

curl http://localhost/api/projects/<project-id>/baselines/<baseline-id>/export?format=json \
  -H "Authorization: Bearer <your-token>" \
  -o baseline-report.json

After a release: continuing development

Once a baseline is generated, artifacts in the released state cannot be edited directly. To make changes:

  1. Create a new change_request artifact documenting the reason for the change
  2. Move the artifact back to draft — this automatically marks all downstream linked items as suspect
  3. Make the changes, re-review, and re-approve the affected chain
  4. Run the gate check again and generate a new baseline when ready

This ensures a full audit trail from one release to the next, as required by UNECE R156.