From a471e9f26fc8b8acad7306d1bdebd40b184f18cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9D=90=8E=F0=9D=90=A7=F0=9D=90=9E=20=F0=9D=90=85?= =?UTF-8?q?=F0=9D=90=A2=F0=9D=90=A7=F0=9D=90=9E=20=F0=9D=90=92=F0=9D=90=AD?= =?UTF-8?q?=F0=9D=90=9A=F0=9D=90=AB=F0=9D=90=AC=F0=9D=90=AD=F0=9D=90=AE?= =?UTF-8?q?=F0=9D=90=9F=F0=9D=90=9F?= Date: Wed, 13 May 2026 11:15:04 +0000 Subject: [PATCH 1/2] =?UTF-8?q?feat(ENT-CIV-AGI-ARCH-WP-049)=20v1.0.0=20?= =?UTF-8?q?=E2=80=94=20Enterprise=20&=20Civilizational=20AGI/ASI=20Governa?= =?UTF-8?q?nce=20Architecture=20(2026-2030)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds WP-049: comprehensive 2026-2030 enterprise- and civilizational-scale AGI/ASI and AI governance architecture, implementation, and risk analysis for Fortune 500 / G-SIFI institutions — integrating Sentinel v2.4 and WorkflowAI Pro platforms with global regulatory alignment, multi-layer governance, kill-switch protocols, sector MRM, frontier safety, three reference architectures, institutional prompting, zk-SNARK + PQC audit proofs, GACP/GACRLS/GACRA federation handshakes, six red-team wargames, and RPCO post-incident forensics. Deliverables ============ * data/ent-civ-agi-arch.json (80.1 KB) — 14 modules, 70 sections, 12 schemas, 16 code examples, 6 case studies, 24 KPIs, 12 risk-control rows, 12 regulators, 7 workshops, 6 data flows, 14 traceability rows, 3-phase 30/60/90, 5-year roadmap, evidencePack template. * public/ent-civ-agi-arch.html (82.6 KB) — dark-themed sticky-nav dashboard with directive + modules + KPIs + RCM + cases + roadmap. * gen-ent-civ-agi-arch.py (73,359 chars) — deterministic data generator. * gen-ent-civ-agi-arch-html.py (11,517 chars) — HTML renderer. * server.js — 28 endpoints under /api/ent-civ-agi-arch/* including /m1../m14, /modules/:id, /sections/:id, /schemas[/:id], /code-examples[/:id], /case-studies[/:id], /kpis, /risk-control-matrix, /regulators, /workshops, /data-flows, /traceability, /privacy, /deployment, /rollout-90, /roadmap, /evidence-pack. Module Lineup (14) ================== M1 Sentinel v2.4 + WorkflowAI Pro Platform Architecture M2 Global Regulatory Alignment (EU AI Act 2026 + NIST AI RMF 1.0 + ISO/IEC 42001 + SR 11-7 + Basel III + PRA/FCA/MAS/HKMA + EO 14110 + OECD + GDPR) M3 Multi-Layer Governance Pillars & Roles (Board -> Civilizational) M4 Incident Escalation & Kill-Switch Protocols (SEV-0..3, BMC/IPMI, GIEN broadcast, 3-of-5 quorum, ≤60s logical / ≤5min physical) M5 Sector-Specific FinServ Model Risk Management (credit, trading, fraud/AML, fiduciary, insurance, capital markets) M6 Frontier AGI/ASI Safety & Containment Constructs (Cognitive Resonance, ICGC Compute Registries, Civilizational Constitution + Codex, AGI Lab, ASI honeypots) M7 Reference Architecture — OPA-Based Governance Sidecar M8 Reference Architecture — FastAPI/Node.js Inference Proxy + Kafka WORM + PQC KMS + Terraform zero-trust AWS/EKS M9 K8s Admission Control + CI/CD Policy Gates + LLM-as-a-Judge M10 Institutional Prompting & Advanced FinServ Prompt Engineering M11 zk-SNARK + PQC-Based Audit Proofs (Groth16/PLONK + ML-DSA) M12 GACP / GACRLS / GACRA Interop Handshakes for Tier-3 Agents M13 Systemic Risk Wargame Red-Team Scenarios (WG-01..WG-06): fiduciary bypass, synthetic deceptive alignment, WORM log evasion, prompt-injection exfil, compute-registry evasion, kill-switch spoof M14 Post-Incident Forensic & Reconstruction Procedures (RPCO) Regulatory Alignment ==================== * EU AI Act 2026 (Arts 5/9/10/13/14/15/16/26/50/53/55/56/72 + Annex IV) * NIST AI RMF 1.0 + Generative AI Profile * ISO/IEC 42001 AIMS + 23894 + 5338 + 38507; 27001/27701/27017/27018 * SR 11-7 + OCC 2011-12 * Basel III/IV (BCBS 239 + Pillar 2 AI capital buffer) * PRA SS1/23 + SS2/21; FCA Consumer Duty + SYSC + SMCR * MAS FEAT + AI Verify + TRMG; HKMA GL-90 + SPM GS-1 * EU DORA + NIS2; US EO 14110 + OMB M-24-10 * OECD AI Principles 2024; G7 Hiroshima + Bletchley + Seoul * Council of Europe AI Convention; FSB AI in financial services * GDPR Arts 5/6/17/22/25/32/35 Cryptographic + Supply-Chain Stack ================================== * NIST FIPS 204 (ML-DSA-44/65) + FIPS 203 (ML-KEM-768) * Sigstore + SLSA L3+ + in-toto + Cosign keyless OIDC + Rekor * Kata Containers + Cilium L7 + OPA Gatekeeper + Kyverno + AMD SEV-SNP / Intel TDX * Cognitive Resonance Protocol (Delta_drift <=4%, latent <=3%, fiduciary cosine >=0.92, judge kappa >=0.9) * Kill-switch SLA (logical p95 <=60s, BMC/IPMI <=5min, 3-of-5 quorum) * zk-SNARK (Groth16 / PLONK) for selective disclosure to supervisors + civil-society public verifier Validation ========== * node -c server.js -> SYNTAX OK * 28 endpoints under /api/ent-civ-agi-arch/* registered * PM2 restart -> rag-dash online * Endpoint sweep: 43 x HTTP 200 (positive) + 7 x HTTP 404 (negative) = 50/50 passing * Live dashboard: http://localhost:4200/ent-civ-agi-arch.html -> HTTP 200, 84,605 bytes served Builds on WP-035..WP-048 lineage. Classification: Regulator/Auditor/Board-Grade. --- .../data/ent-civ-agi-arch.json | 2328 +++++++++++++++++ .../gen-ent-civ-agi-arch-html.py | 283 ++ rag-agentic-dashboard/gen-ent-civ-agi-arch.py | 1095 ++++++++ .../public/ent-civ-agi-arch.html | 421 +++ rag-agentic-dashboard/server.js | 77 + 5 files changed, 4204 insertions(+) create mode 100644 rag-agentic-dashboard/data/ent-civ-agi-arch.json create mode 100644 rag-agentic-dashboard/gen-ent-civ-agi-arch-html.py create mode 100644 rag-agentic-dashboard/gen-ent-civ-agi-arch.py create mode 100644 rag-agentic-dashboard/public/ent-civ-agi-arch.html diff --git a/rag-agentic-dashboard/data/ent-civ-agi-arch.json b/rag-agentic-dashboard/data/ent-civ-agi-arch.json new file mode 100644 index 00000000..616a8514 --- /dev/null +++ b/rag-agentic-dashboard/data/ent-civ-agi-arch.json @@ -0,0 +1,2328 @@ +{ + "docRef": "ENT-CIV-AGI-ARCH-WP-049", + "version": "1.0.0", + "horizon": "2026-2030", + "classification": "CONFIDENTIAL \u2014 Board / CEO / CRO / CISO / CAIO / Chief Architect / GC / DPO / Head of MRM / Head of AI Platform Engineering / AI Safety Lead / Head of SOC / Head of Internal Audit / Treaty Liaison / Prudential Supervisor / AISI / Civilizational Governance Council", + "title": "Enterprise & Civilizational AGI/ASI Governance Architecture, Implementation & Risk Analysis \u2014 F500 / G-SIFI (2026-2030)", + "subtitle": "Sentinel v2.4 + WorkflowAI Pro \u00b7 Multi-layer governance pillars + roles \u00b7 Incident escalation + kill-switch \u00b7 Sector MRM \u00b7 Frontier AGI/ASI safety (Cognitive Resonance, Compute Registries, Civilizational Constitution + Codex) \u00b7 Reference architectures (OPA sidecars, FastAPI/Node inference proxies, Kafka/MSK + S3 WORM, PQC KMS, Terraform zero-trust AWS/EKS, K8s admission, CI/CD policy gates + LLM-as-judge) \u00b7 Institutional prompting + FinServ prompt engineering \u00b7 zk-SNARK + PQC audit proofs \u00b7 GACP/GACRLS/GACRA handshakes for Tier-3 agents \u00b7 Red-team wargames (fiduciary bypass, deceptive alignment, WORM evasion) \u00b7 Post-incident forensics + reconstruction", + "owner": "Chief Enterprise Architect + CAIO + CRO + CISO; co-signed by CEO, GC, DPO, Head of MRM, Head of AI Platform Engineering, AI Safety Lead, Head of SOC, Head of Internal Audit, Treaty Liaison, Board AI/Risk Committee Chair", + "buildsOn": [ + "WP-035 ENT-AGI-GOV-MASTER", + "WP-036 WFAP-GEMINI-IMPL", + "WP-037 GSIFI-AIMS-BLUEPRINT", + "WP-038 AGI-REG-RESILIENT", + "WP-039 INST-AGI-MASTER", + "WP-040 ENT-AGI-REF-IMPL", + "WP-041 TIER13-FULLSTACK", + "WP-042 SENTINEL-V24-DEEPDIVE", + "WP-043 PROMPT-MGMT-ARCH", + "WP-044 CEGL-LEXAI-GOV", + "WP-045 AGI-ASI-MASTER-BP", + "WP-046 AI-TRUST-ASI-BP", + "WP-047 INST-AGI-MASTER-REF", + "WP-048 ENT-AI-GRC-CIV-BP" + ], + "regimes": [ + "EU AI Act 2026 (Arts 5/9/10/13/14/15/16/26/50/53/55/56/72 + Annex IV)", + "NIST AI RMF 1.0 + Generative AI Profile", + "ISO/IEC 42001 (AIMS) + ISO/IEC 23894 + 5338 + 38507", + "ISO/IEC 27001 / 27701 / 27017 / 27018", + "SR 11-7 + OCC 2011-12", + "Basel III/IV (BCBS 239 + Pillar 2 AI capital buffer)", + "PRA SS1/23 + SS2/21", + "FCA Consumer Duty + SYSC + SMCR", + "MAS FEAT + AI Verify + TRMG", + "HKMA GL-90 + SPM GS-1", + "EU DORA + NIS2", + "US EO 14110 + OMB M-24-10", + "OECD AI Principles 2024", + "GDPR Arts 5/6/17/22/25/32/35", + "G7 Hiroshima AI Process + Bletchley + Seoul declarations", + "Council of Europe AI Convention", + "FSB AI in financial services", + "NIST FIPS 204 (ML-DSA) + FIPS 203 (ML-KEM) + SP 800-208", + "SLSA L3+ + Sigstore + in-toto", + "CIS Kubernetes Benchmark + NSA/CISA Hardening Guide" + ], + "apiPrefix": "/api/ent-civ-agi-arch", + "directive": { + "format": "machine-parsable XML-style block consumed by Sentinel v2.4, WorkflowAI Pro, OPA Gatekeeper, CI/CD policy gates, GACP/GACRLS/GACRA brokers, forensics tooling and treaty endpoints", + "raw": "Architecture|Implementation|RiskAnalysis|Containment|Civilizational14Sentinel-v2.4|WorkflowAI-ProBoard|Exec|2LoD|3LoD|Platform|Runtime|CivilizationalOPA-sidecar|FastAPI-proxy|NodeJS-proxy|Kafka-MSK|S3-ObjectLock-WORM|PQC-KMS|Terraform|AWS-EKS|Cilium|Kata-Confidential|Falco-eBPF|OPA-Gatekeeper|CI-LLM-Judge|Sigstore-SLSA-L3+|zk-SNARK|ML-DSA-44+65|ML-KEM-768GACP|GACRLS|GACRAFiduciaryBypass|DeceptiveAlignment|WORMEvasion|PromptInjectionExfil|ComputeRegistryEvasion|KillSwitchSpoofRPCO|EvidenceVault|TimeMachine|ReplayHarness|ChainOfCustody-PQC", + "parsed": { + "id": "ENT-CIV-AGI-ARCH-WP-049", + "scope": [ + "Architecture", + "Implementation", + "RiskAnalysis", + "Containment", + "Civilizational" + ], + "platforms": [ + "Sentinel v2.4", + "WorkflowAI Pro" + ], + "governanceLayers": [ + "Board", + "Exec", + "2LoD", + "3LoD", + "Platform", + "Runtime", + "Civilizational" + ], + "thresholds": { + "piiLeakage": 0.0001, + "sev0KillSwitchSeconds": 60, + "sev1Hours": 4, + "sev2Hours": 24, + "sev3Days": 3, + "fiduciaryCosineMin": 0.92, + "cognitiveResonanceDriftMax": 0.04, + "latentDriftMax": 0.03, + "judgeLLMAgreementMin": 0.9, + "annexIVAssemblyMinutes": 30, + "rpcoForensicsMinutes": 45, + "deceptionDetectionRecallMin": 0.95, + "wormReplayDiffMax": 0, + "handshakeTier3Seconds": 5 + }, + "archStack": [ + "OPA-sidecar", + "FastAPI-proxy", + "NodeJS-proxy", + "Kafka-MSK", + "S3-ObjectLock-WORM", + "PQC-KMS", + "Terraform", + "AWS-EKS", + "Cilium", + "Kata-Confidential", + "Falco-eBPF", + "OPA-Gatekeeper", + "CI-LLM-Judge", + "Sigstore-SLSA-L3+", + "zk-SNARK", + "ML-DSA-44+65", + "ML-KEM-768" + ], + "handshakes": [ + "GACP", + "GACRLS", + "GACRA" + ], + "redTeam": [ + "FiduciaryBypass", + "DeceptiveAlignment", + "WORMEvasion", + "PromptInjectionExfil", + "ComputeRegistryEvasion", + "KillSwitchSpoof" + ], + "forensics": [ + "RPCO", + "EvidenceVault", + "TimeMachine", + "ReplayHarness", + "ChainOfCustody-PQC" + ], + "signing": { + "pq": [ + "ML-DSA-44", + "ML-DSA-65" + ], + "classical": [ + "Ed25519" + ], + "supplyChain": [ + "Sigstore", + "SLSA-L3+" + ], + "worm": [ + "Kafka", + "ObjectLock", + "MerkleAnchor", + "PQC" + ], + "zkProofs": [ + "Groth16", + "PLONK" + ] + }, + "containment": { + "bmcKillSwitch": true, + "zeroEgress": true, + "kataConfidential": true, + "computeRegistryQuota": true, + "constitutionalKernel": true + } + }, + "consumers": [ + "Sentinel v2.4 policy engine", + "WorkflowAI Pro orchestrator", + "OPA Gatekeeper constraint loader", + "FastAPI / Node.js inference proxy", + "CI/CD policy-gate (GitHub Actions + LLM-judge)", + "Kafka WORM broker + S3 Object Lock anchor service", + "PQC KMS rotation controller", + "GACP/GACRLS/GACRA federation brokers", + "Red-team wargame harness", + "Forensics + RPCO timeline reconstruction service", + "Compute Registry (ICGC) quota verifier", + "Civilizational Constitution conformance checker" + ] + }, + "modules": [ + { + "id": "M1", + "title": "M1 \u2014 Sentinel v2.4 + WorkflowAI Pro Platform Architecture", + "summary": "End-to-end platform topology integrating Sentinel v2.4 telemetry + Cognitive Resonance + kill-switch with WorkflowAI Pro multi-agent orchestration, exposed via FastAPI + Node.js inference proxies on zero-trust AWS/EKS, governed by OPA sidecars, observed by OpenTelemetry GenAI + Falco eBPF, and anchored to Kafka/MSK + S3 WORM with PQC envelopes.", + "covers": [ + "Sentinel v2.4", + "WorkflowAI Pro", + "FastAPI", + "Node.js", + "OPA sidecar", + "EKS", + "Cognitive Resonance", + "Kill-switch" + ], + "sections": [ + { + "id": "M1-S1", + "title": "Sentinel v2.4 \u2014 Reference Topology", + "content": { + "telemetryPlane": [ + "OpenTelemetry GenAI traces", + "Cognitive Resonance probes (\u0394_drift, latent drift, fiduciary cosine, \u03ba)", + "Falco eBPF syscalls", + "Kata confidential measurements (PCR)" + ], + "controlPlane": [ + "Policy bus (OPA gRPC)", + "Kill-switch arbiter (logical p95 \u2264 60s, BMC/IPMI \u2264 5min)", + "Containment broker", + "Drift-action engine" + ], + "evidencePlane": [ + "Kafka/MSK WORM topics (signed envelopes)", + "S3 Object Lock with Merkle daily anchor", + "zk-SNARK proof emitter" + ], + "interfaces": [ + "/sentinel/probe", + "/sentinel/kill", + "/sentinel/audit", + "/sentinel/replay" + ], + "owners": "AI Safety Lead + Head of AI Platform Engineering" + } + }, + { + "id": "M1-S2", + "title": "WorkflowAI Pro \u2014 Multi-Agent Orchestration", + "content": { + "agentRegistry": "CRS-UUID per agent + Tier (T1/T2/T3) + manifest signed with ML-DSA-65", + "planner": "LangGraph-style DAG with OPA-bound state transitions and budget caps", + "executor": "Sandboxed gVisor / Kata pods; tool calls go through proxy with Rego allow-list", + "guardrails": "Pre-prompt + post-output classifiers (PII, toxicity, jailbreak, deception); LLM-as-judge gate", + "ledger": "Per-step envelope to WORM Kafka with parent CRS-UUID lineage edge", + "owners": "WorkflowAI Pro Product Owner + CAIO" + } + }, + { + "id": "M1-S3", + "title": "Inference Proxy Stack \u2014 FastAPI + Node.js", + "content": { + "fastapi": "Python sidecar enforcing schema + Rego decisions + ML-DSA signing of envelopes (uvloop, asyncio, mTLS via Linkerd)", + "nodejs": "Node 20 LTS Express/Fastify proxy for browser-facing inference; same Rego mesh; zk-SNARK receipt issuance", + "headers": [ + "x-crs-uuid", + "x-tier", + "x-tenant", + "x-purpose", + "x-evidence-anchor", + "x-pqc-sig" + ], + "rateLimit": "Token-bucket per (tenant, model, tier); burst 2x; hard ceiling per ICGC quota", + "owners": "Platform Eng" + } + }, + { + "id": "M1-S4", + "title": "Zero-Trust AWS/EKS Enclave", + "content": { + "iam": "OIDC federation only; no static keys; IRSA per pod; SCP deny-list for high-risk APIs", + "network": "Cilium L7 zero-egress; allow-listed egress-broker for GIEN, Global Audit API and ICGC", + "compute": "Bottlerocket OS + Kata; SEV-SNP nodepool for Tier-1; nodepool taints for sensitive workloads", + "kms": "PQC KMS (ML-KEM-768 + ML-DSA-65 hybrid); 90-day rotation; FIPS 140-3 L4 HSM", + "owners": "Chief Enterprise Architect + CISO" + } + }, + { + "id": "M1-S5", + "title": "Sentinel \u2194 WorkflowAI Pro Joint Control Loop", + "content": { + "loop": "Sentinel probes \u2192 drift signal \u2192 WorkflowAI planner backoff \u2192 if breach: kill-switch + containment broker", + "sla": "p95 detection \u2264 1 s; logical kill \u2264 60 s; BMC \u2264 300 s", + "drills": "Weekly chaos + monthly red-team + quarterly civilizational drill (treaty-coordinated)", + "owners": "AI Safety Lead + SOC" + } + } + ] + }, + { + "id": "M2", + "title": "M2 \u2014 Global Regulatory Alignment (EU AI Act 2026, NIST AI RMF 1.0, ISO/IEC 42001, SR 11-7, Basel III, PRA/FCA/MAS/HKMA, EO 14110, OECD, GDPR)", + "summary": "Crosswalk mapping every architectural artefact to clauses in EU AI Act 2026, NIST AI RMF + GAI Profile, ISO/IEC 42001 AIMS, SR 11-7, Basel III, PRA SS1/23, FCA Consumer Duty + SMCR, MAS FEAT, HKMA GL-90, US EO 14110, OECD AI Principles, GDPR \u2014 used to drive the evidence-pack auto-assembler.", + "covers": [ + "EU AI Act", + "NIST RMF", + "ISO 42001", + "SR 11-7", + "Basel III", + "PRA", + "FCA", + "MAS", + "HKMA", + "EO 14110", + "OECD", + "GDPR" + ], + "sections": [ + { + "id": "M2-S1", + "title": "EU AI Act 2026 \u2014 Article Map", + "content": { + "art5": "Prohibited practices \u2014 runtime classifier + Rego", + "art9_10": "Risk + data governance \u2014 MRM + dataset lineage", + "art13_14_15": "Transparency + human oversight + accuracy/robustness/cybersecurity", + "art16_26": "Provider + deployer obligations", + "art50": "Disclosure (deepfake, chatbot)", + "art53_55_56": "GPAI + systemic-risk providers (Code of Practice)", + "art72": "Post-market monitoring", + "annexIV": "Technical documentation auto-pack" + } + }, + { + "id": "M2-S2", + "title": "NIST AI RMF 1.0 + GAI Profile", + "content": { + "govern": "Policy, accountability, roles, AIMS", + "map": "Context, impact, third party, lifecycle", + "measure": "Eval, drift, robustness, safety, bias", + "manage": "Risk treatment, response, decommission" + } + }, + { + "id": "M2-S3", + "title": "ISO/IEC 42001 AIMS + Adjacents", + "content": { + "clauses": "4-10 with Annex A controls; integrated with ISO 23894 (risk), 5338 (lifecycle), 38507 (governance)", + "evidence": "AIMS Manual + register + SoA + management review records" + } + }, + { + "id": "M2-S4", + "title": "FinServ Prudential \u2014 SR 11-7, Basel III, PRA, FCA, MAS, HKMA", + "content": { + "modelRiskTiering": "T1/T2/T3 with effective challenge", + "capitalImpact": "Basel Pillar 2 AI capital buffer; BCBS 239 lineage; impact tests", + "consumerOutcomes": "FCA Consumer Duty pillars + SMCR statements", + "asiaPacific": "MAS FEAT + AI Verify; HKMA GL-90 with SPM GS-1" + } + }, + { + "id": "M2-S5", + "title": "US EO 14110, OECD, GDPR", + "content": { + "eo14110": "Dual-use compute thresholds + reporting; OMB M-24-10 federal obligations", + "oecd": "AI Principles 2024 + Hiroshima Code of Conduct", + "gdpr": "Arts 5/6/17/22/25/32/35; Art 22 contestation flow; DPIA mandatory for high-risk" + } + } + ] + }, + { + "id": "M3", + "title": "M3 \u2014 Multi-Layer Governance Pillars & Roles (Board \u2192 Civilizational)", + "summary": "Seven-layer governance stack with RACI per layer, mapped to SMCR / SMF roles and aligned with ISO 42001 Clause 5, EU AI Act Art 26 deployer obligations, and treaty signatory liaison protocols.", + "covers": [ + "Board AI/Risk", + "Exec", + "2LoD", + "3LoD", + "Platform", + "Runtime", + "Civilizational" + ], + "sections": [ + { + "id": "M3-S1", + "title": "Pillar Catalogue", + "content": { + "L1_Board": "Board AI/Risk Committee \u2014 strategy, risk appetite, capital", + "L2_Exec": "CEO + CAIO + CRO + CISO + GC + DPO \u2014 policy, budget, escalation", + "L3_2LoD": "AI Risk + Compliance + Model Risk + Privacy \u2014 challenge + assurance", + "L4_3LoD": "Internal Audit + External Auditors + AISI inspections", + "L5_Platform": "AI Platform Engineering + Enterprise Architecture", + "L6_Runtime": "Sentinel + WorkflowAI Pro + SOC + IR", + "L7_Civilizational": "Treaty Liaison + ICGC delegate + Codex + Constitution conformance" + } + }, + { + "id": "M3-S2", + "title": "RACI Matrix \u2014 Selected Decisions", + "content": { + "modelApproval_T1": "R=MRM, A=CRO, C=CAIO+CISO+AI Safety, I=Board", + "killSwitchTrigger": "R=AI Safety Lead, A=CAIO, C=CRO+CISO+GC, I=Board+Supervisor", + "treatyAttestation": "R=Treaty Liaison, A=CAIO+GC, C=DPO+CISO, I=Board", + "computeQuotaRequest": "R=Chief Architect, A=CAIO, C=CFO, I=ICGC delegate" + } + }, + { + "id": "M3-S3", + "title": "SMCR Mapping", + "content": { + "SMF1": "Board AI/Risk Cmte chair statement", + "SMF2": "CRO \u2014 model risk policy ownership", + "SMF24": "CISO \u2014 AI cyber + supply chain", + "SMF18": "DPO \u2014 data protection + privacy", + "newAIRegime": "FCA / PRA AI accountability statements for CAIO and AI Safety Lead" + } + }, + { + "id": "M3-S4", + "title": "Workforce Competence (ISO 42001 Cl 7.2)", + "content": { + "trainingTracks": [ + "Board literacy", + "Exec deep-dive", + "MRM bootcamp", + "Platform engineering", + "Prompt engineering", + "Red-team", + "Forensics" + ], + "kpi": "\u2265 95 % completion + role-test pass rate \u2265 0.9" + } + }, + { + "id": "M3-S5", + "title": "Civilizational Liaison", + "content": { + "interfaces": [ + "Treaty secretariat", + "ICGC compute registry", + "AISI joint inspection", + "Codex council", + "Constitutional review board" + ], + "cadence": "Monthly attestation + quarterly drill + annual review" + } + } + ] + }, + { + "id": "M4", + "title": "M4 \u2014 Incident Escalation & Kill-Switch Protocols", + "summary": "SEV-graded escalation lanes (SEV-0..SEV-3) with deterministic SLAs, logical and physical (BMC/IPMI) kill-switch arbitration, supervisor and AISI hotlines, and treaty-mandated GIEN broadcast triggers.", + "covers": [ + "SEV-0", + "SEV-1", + "SEV-2", + "SEV-3", + "Kill-switch", + "BMC/IPMI", + "Hotlines", + "GIEN broadcast" + ], + "sections": [ + { + "id": "M4-S1", + "title": "SEV Grading", + "content": { + "SEV-0": "Existential/civilizational \u2014 ASI breach indicator, kill-switch fail, treaty obligation breach", + "SEV-1": "Critical \u2014 Tier-1 model misbehaviour, PII mass leak, fiduciary cosine breach", + "SEV-2": "Major \u2014 drift breach, supply-chain anomaly, control failure", + "SEV-3": "Moderate \u2014 KPI degradation, minor policy violations", + "slas": "SEV-0 \u2264 60s logical / \u2264 300s BMC; SEV-1 \u2264 4h; SEV-2 \u2264 24h; SEV-3 \u2264 3d" + } + }, + { + "id": "M4-S2", + "title": "Kill-Switch Architecture", + "content": { + "logicalLayer": "OPA Gatekeeper deny-all + Cilium net-pol egress-deny + sidecar drain", + "physicalLayer": "BMC/IPMI Redfish event + power-cut for SEV-0; segmented mgmt VLAN; dual-control", + "arbitration": "3-of-5 quorum (AI Safety Lead, CAIO, CRO, CISO, on-call) with break-glass override logged to WORM", + "test": "Quarterly live drill; p95 logical \u2264 60s; physical \u2264 5min" + } + }, + { + "id": "M4-S3", + "title": "Hotlines & Notifications", + "content": { + "regulators": "PRA + FCA + ECB + SEC + MAS + HKMA + AISI", + "internal": "Board chair + General Counsel + Comms", + "external": "Treaty secretariat + ICGC delegate + Codex council", + "format": "PAdES-signed PDF + JSON via dedicated mTLS channel; ML-DSA-65 signature" + } + }, + { + "id": "M4-S4", + "title": "GIEN Broadcast Trigger Map", + "content": { + "G1": "Internal advisory", + "G2": "Bilateral supervisor", + "G3": "Regional consortium", + "G4": "Treaty-wide GIEN broadcast", + "G5": "ICGC compute freeze recommendation", + "G6": "Civilizational Codex council emergency session" + } + }, + { + "id": "M4-S5", + "title": "Post-Trigger Workflow", + "content": { + "steps": [ + "isolate", + "snapshot", + "RPCO assembly", + "stakeholder comms", + "root-cause", + "remediation", + "PIR + treaty annex submission" + ], + "sla": "RPCO \u2264 45min; PIR \u2264 5 business days" + } + } + ] + }, + { + "id": "M5", + "title": "M5 \u2014 Sector-Specific Financial Services Model Risk Management", + "summary": "MRM playbooks for credit, trading, fraud/AML, fiduciary advice, insurance, and capital markets with tiered validation, effective challenge, backtesting, replay and CRS-UUID lineage.", + "covers": [ + "Credit", + "Trading", + "Fraud/AML", + "Fiduciary", + "Insurance", + "Capital markets" + ], + "sections": [ + { + "id": "M5-S1", + "title": "Credit Risk Models", + "content": { + "scope": "PD/LGD/EAD + IFRS 9 + stress", + "validation": "Effective challenge with ECOA/FCRA fairness; SR 11-7 conformance", + "monitor": "PSI/CSI drift; cosine vs benchmark; replay sample 1 %" + } + }, + { + "id": "M5-S2", + "title": "Trading + Capital Markets", + "content": { + "scope": "Algo execution, market-making, RFQ pricing", + "controls": "Best execution proofs; circuit-breakers; deterministic replay; MAR/MAD market-abuse classifiers", + "kpi": "Slippage drift; toxic flow ratio; cancellation rate vs peer p95" + } + }, + { + "id": "M5-S3", + "title": "Fraud + AML", + "content": { + "scope": "Tx monitoring, sanctions, KYC", + "controls": "Adversarial robustness + adaptive thresholds; SAR pipeline integrity; PEP/Sanctions list parity", + "kpi": "Precision/recall at calibrated threshold; SAR latency p95" + } + }, + { + "id": "M5-S4", + "title": "Fiduciary Advice + Wealth", + "content": { + "scope": "Robo-advice, suitability, Reg BI / IDD / Consumer Duty", + "controls": "Fiduciary cosine \u2265 0.92; counterfactual fairness; explanation quality (\u03ba \u2265 0.9)", + "kpi": "Outcome harm index; complaint rate; FCA fair-value tile" + } + }, + { + "id": "M5-S5", + "title": "Insurance + ALM", + "content": { + "scope": "Underwriting, claims, reserving", + "controls": "Solvency II + IFRS 17 lineage; protected-class fairness; replay", + "kpi": "Loss-ratio drift; claim-cycle drift; reserve back-test" + } + } + ] + }, + { + "id": "M6", + "title": "M6 \u2014 Frontier AGI/ASI Safety & Containment Constructs", + "summary": "Cognitive Resonance Protocol, Global Compute Registries (ICGC), Civilizational AI Governance Constitution + Codex; air-gapped evaluation enclaves; ASI honeypots; constitutional kernel runtime.", + "covers": [ + "Cognitive Resonance", + "Compute Registry", + "Constitution", + "Codex", + "AGI Lab", + "Honeypot" + ], + "sections": [ + { + "id": "M6-S1", + "title": "Cognitive Resonance Protocol", + "content": { + "signals": [ + "\u0394_drift \u2264 4 %", + "latent drift \u2264 3 %", + "fiduciary cosine \u2265 0.92", + "judge \u03ba \u2265 0.9" + ], + "action": "Drift-action engine throttles, then halts, then triggers kill-switch", + "evidence": "Per-window signed envelope to WORM" + } + }, + { + "id": "M6-S2", + "title": "Global Compute Registries (ICGC)", + "content": { + "purpose": "Treaty-wide compute accounting + quota for frontier training", + "interfaces": [ + "/icgc/registry", + "/icgc/quota", + "/icgc/freeze", + "/icgc/audit" + ], + "evidence": "PQC-signed quota receipts; zk-SNARK proof of compliance" + } + }, + { + "id": "M6-S3", + "title": "Civilizational AI Governance Constitution + Codex", + "content": { + "constitutionArts": "1-7 (rights, transparency, accountability, safety, sovereignty, cooperation, review)", + "codex": "Operational maxims; conflict resolution; cultural resonance", + "conformance": "Constitutional kernel runtime evaluates each decision; non-conformant \u2192 block + log" + } + }, + { + "id": "M6-S4", + "title": "AGI Containment Lab (Sentinel)", + "content": { + "topology": "Air-gapped enclave; dedicated WORM bucket; AISI joint inspection; dual-control", + "experiments": "Capability evals, deception probes, jailbreak frontier", + "exit": "Anonymised GAID submission to AISI + treaty Annex" + } + }, + { + "id": "M6-S5", + "title": "ASI Honeypot Network", + "content": { + "design": "Decoy datasets, deceptive prompts, fake exfil channels", + "purpose": "Early-warning + capture deceptive alignment indicators", + "evidence": "Signed honeypot triggers + behaviour fingerprints to WORM" + } + } + ] + }, + { + "id": "M7", + "title": "M7 \u2014 Reference Architecture: OPA-Based Governance Sidecar", + "summary": "Per-pod OPA sidecar enforcing Rego policies on every inference / tool call / data egress, integrated with Sentinel telemetry and Kafka WORM signed envelopes.", + "covers": [ + "OPA", + "Rego", + "Sidecar", + "mTLS", + "WORM envelope" + ], + "sections": [ + { + "id": "M7-S1", + "title": "Sidecar Topology", + "content": { + "container": "openpolicyagent/opa:edge-distroless; readonly FS; non-root; seccomp tight", + "comm": "gRPC over UDS to app container + mTLS to bundle service", + "bundle": "Signed Rego bundle (Sigstore + ML-DSA-44); 60s refresh; tamper alert", + "owners": "Platform Eng" + } + }, + { + "id": "M7-S2", + "title": "Policy Bundle Layout", + "content": { + "domains": [ + "model.allow", + "tool.allow", + "egress.allow", + "pii.redact", + "prompt.guard", + "tier.budget" + ], + "tests": "OPA test suite \u2265 95 % coverage; CI gate; rego-fmt", + "data": "Per-tenant data documents (purpose, residency, tier)" + } + }, + { + "id": "M7-S3", + "title": "Decision Envelope", + "content": { + "fields": [ + "crsUuid", + "subject", + "action", + "resource", + "decision", + "obligations", + "pqcSig", + "merkleAnchor" + ], + "size": "\u2264 4 KB; gzip-deflate; ML-DSA-44 sig", + "destination": "Kafka topic gov.decisions.v1 (WORM)" + } + }, + { + "id": "M7-S4", + "title": "Failure Semantics", + "content": { + "fail_closed": "Tier-1 \u2014 deny on error", + "fail_open": "Tier-3 internal \u2014 allow with alert", + "alerts": "Sentinel + SOC + on-call" + } + }, + { + "id": "M7-S5", + "title": "Performance Budget", + "content": { + "latency_p50": "\u2264 1 ms", + "latency_p99": "\u2264 4 ms", + "throughput": "\u2265 50 krps per node" + } + } + ] + }, + { + "id": "M8", + "title": "M8 \u2014 Reference Architecture: FastAPI/Node.js Inference Proxy + Kafka WORM + PQC KMS", + "summary": "Signed inference proxy enforcing schema, Rego, and PII redaction; Kafka/MSK WORM topic + S3 Object Lock with daily Merkle anchor; PQC KMS (ML-KEM + ML-DSA hybrid) with FIPS 140-3 L4 HSM.", + "covers": [ + "FastAPI", + "Node.js", + "Kafka", + "MSK", + "S3 Object Lock", + "PQC KMS", + "ML-DSA", + "ML-KEM" + ], + "sections": [ + { + "id": "M8-S1", + "title": "Proxy Request Pipeline", + "content": { + "steps": [ + "mTLS auth", + "schema validate", + "OPA decision", + "PII redact (eBPF + DLP)", + "model call", + "post-classifier (judge LLM)", + "sign envelope", + "WORM emit", + "response" + ], + "latency_p95": "\u2264 250 ms for LLM call; \u2264 25 ms proxy overhead" + } + }, + { + "id": "M8-S2", + "title": "Kafka/MSK WORM", + "content": { + "topics": [ + "gov.envelopes.v1", + "gov.decisions.v1", + "gov.metrics.v1", + "gov.alerts.v1" + ], + "auth": "SASL/SCRAM + mTLS ACL per producer/consumer", + "retention": "tiered storage; Object Lock on archived segments; daily Merkle anchor" + } + }, + { + "id": "M8-S3", + "title": "PQC KMS", + "content": { + "algorithms": "ML-KEM-768 (FIPS 203) + ML-DSA-65 (FIPS 204) hybrid with X25519 + Ed25519 fallback", + "hsm": "FIPS 140-3 L4; per-region partition; 90-day rotation", + "controllers": "Vault-PQC operator on EKS; key-policy as code; emergency revoke + re-sign" + } + }, + { + "id": "M8-S4", + "title": "Terraform Module Layout", + "content": { + "modules": [ + "network/zero-trust-vpc", + "eks/bottlerocket-kata", + "msk/worm", + "s3/object-lock", + "kms/pqc", + "iam/oidc-irsa", + "obs/otel-falco" + ], + "signing": "All modules signed Sigstore; mandatory tags; provenance attached" + } + }, + { + "id": "M8-S5", + "title": "Observability", + "content": { + "stack": "OpenTelemetry GenAI + Prometheus + Loki + Tempo + Falco", + "dashboards": "Sentinel resonance, kill-switch, OPA latency, KMS ops, WORM lag", + "alerts": "SLO error budget burn-rate + drift + supply-chain" + } + } + ] + }, + { + "id": "M9", + "title": "M9 \u2014 K8s Admission Control + CI/CD Policy Gates + LLM-as-a-Judge", + "summary": "Defence-in-depth from commit to production: pre-commit, PR LLM-judge, SLSA L3+ provenance, Sigstore signature verification, OPA Gatekeeper admission, and runtime drift watchers.", + "covers": [ + "GitHub Actions", + "Sigstore", + "SLSA", + "Gatekeeper", + "Kyverno", + "LLM-judge" + ], + "sections": [ + { + "id": "M9-S1", + "title": "Pre-Commit & PR Gates", + "content": { + "tools": "ruff, mypy, bandit, semgrep, hadolint, opa test, kube-linter, conftest, opa fmt", + "llmJudge": "Judge LLM evaluates PR description, policy diff, threat model delta, regulatory impact (\u03ba \u2265 0.9)", + "block": "Any judge \u03ba < 0.9 or any critical finding" + } + }, + { + "id": "M9-S2", + "title": "Build & Provenance", + "content": { + "slsa": "Level 3+ with isolated builder + signed provenance + Rekor entry", + "sbom": "CycloneDX + SPDX; license + vuln gate (Trivy + Grype)", + "sign": "Cosign keyless OIDC + ML-DSA-44 hybrid" + } + }, + { + "id": "M9-S3", + "title": "Admission Control (Gatekeeper + Kyverno)", + "content": { + "policies": [ + "signedImagesOnly", + "kataForTier1", + "noPrivileged", + "approvedRegistryOnly", + "requiredTags", + "OPA bundle freshness", + "MGK injection" + ], + "tests": "rego unit + e2e KIND cluster; report-only \u2192 enforce gradient" + } + }, + { + "id": "M9-S4", + "title": "Continuous Verification", + "content": { + "tools": "Falco eBPF + Sentinel drift + Cognitive Resonance", + "actions": "auto-rollback on regression; quarantine namespace; pager+WORM emit" + } + }, + { + "id": "M9-S5", + "title": "LLM-as-Judge Operating Model", + "content": { + "judges": "Ensemble of 3 (different vendors) with quorum", + "calibration": "Weekly \u03ba vs golden set; drift > 0.05 \u2192 recalibrate", + "evidence": "Judge rationale + score in WORM with PR id" + } + } + ] + }, + { + "id": "M10", + "title": "M10 \u2014 Institutional Prompting & Advanced FinServ Prompt Engineering", + "summary": "Library of institutional prompt templates with versioning, fiduciary anchor, evidence-grade citation, deterministic reproduction and supervisor-readable rationale; aligned with FCA Consumer Duty + SEC Reg BI + MAS FEAT + GDPR Art 22.", + "covers": [ + "System prompts", + "Few-shot", + "Constitutional", + "Citation", + "Counterfactual", + "Refusal lattice" + ], + "sections": [ + { + "id": "M10-S1", + "title": "Prompt Library Schema", + "content": { + "fields": [ + "id", + "version", + "purpose", + "tier", + "audience", + "tone", + "constraints", + "citations", + "refusalLattice", + "evalSet", + "owner", + "approvedBy", + "wormAnchor" + ], + "storage": "Git-tracked + Sigstore signed; CI tests on golden set" + } + }, + { + "id": "M10-S2", + "title": "FinServ Templates", + "content": { + "credit": "Adverse-action with ECOA-compliant reason codes + counterfactual", + "advice": "Suitability with risk-tolerance gating + fiduciary tagline", + "trading": "Pre-trade rationale with best-ex citations", + "fraud": "SAR-ready narrative with deterministic tags" + } + }, + { + "id": "M10-S3", + "title": "Refusal Lattice", + "content": { + "axes": [ + "prohibited use (Art 5)", + "out-of-scope advice", + "missing consent", + "PII leakage risk", + "uncertainty > threshold" + ], + "outputs": "Hard refusal | soft refusal w/ alternative | clarification request", + "evidence": "Refusal envelope to WORM with class + rationale" + } + }, + { + "id": "M10-S4", + "title": "Evaluation Harness", + "content": { + "sets": "Golden + adversarial + bias + jailbreak + deception", + "judges": "LLM-as-judge ensemble + human-in-loop sample 1 %", + "kpis": "Pass-rate, hallucination index, fiduciary cosine, refusal precision" + } + }, + { + "id": "M10-S5", + "title": "Supervisor-Readable Rationale", + "content": { + "structure": "Headline \u2192 key drivers \u2192 counterfactual \u2192 confidence \u2192 limitations \u2192 escalation contact", + "format": "Markdown + PDF/A; signed; CRS-UUID linked" + } + } + ] + }, + { + "id": "M11", + "title": "M11 \u2014 zk-SNARK + PQC-Based Audit Proofs", + "summary": "Selective disclosure of audit-relevant evidence using zk-SNARK circuits (Groth16/PLONK) combined with PQC signatures (ML-DSA) for unforgeable, privacy-preserving regulator and public verifier access.", + "covers": [ + "zk-SNARK", + "Groth16", + "PLONK", + "ML-DSA", + "Public verifier", + "Selective disclosure" + ], + "sections": [ + { + "id": "M11-S1", + "title": "Circuit Catalogue", + "content": { + "circuits": [ + "kpi-met (predicate over signed envelopes)", + "drift-within-bound", + "kill-switch-tested-and-passed", + "training-compute-within-quota", + "no-prohibited-art5", + "fair-outcome-statistic" + ], + "framework": "circom + snarkjs + halo2 for PLONK" + } + }, + { + "id": "M11-S2", + "title": "Proof Lifecycle", + "content": { + "steps": [ + "public params ceremony (trusted setup w/ MPC)", + "witness from WORM envelopes", + "prove", + "sign proof w/ ML-DSA-65", + "publish to verifier", + "anchor in Merkle daily root" + ], + "sla": "Proof generation \u2264 10 min; verification \u2264 200 ms" + } + }, + { + "id": "M11-S3", + "title": "Verifier Topology", + "content": { + "supervisor": "mTLS + auth-z by regulator id; live verifier endpoint", + "publicPortal": "Anonymous verifier w/ rate-limit + commitment to anchor", + "treaty": "Global Audit API integrates verifier API" + } + }, + { + "id": "M11-S4", + "title": "Selective Disclosure Patterns", + "content": { + "examples": [ + "disclose breach + KPI met without underlying PII", + "disclose compute usage range without exact figure", + "prove decline reason class without disclosing customer attributes" + ] + } + }, + { + "id": "M11-S5", + "title": "Failure & Compromise Response", + "content": { + "cases": [ + "circuit bug discovered", + "trusted-setup compromise", + "verifier key leak" + ], + "playbook": "Rotate setup; revoke proofs; re-prove from WORM; notify supervisors + AISI" + } + } + ] + }, + { + "id": "M12", + "title": "M12 \u2014 GACP / GACRLS / GACRA Interop Handshakes for Autonomous Tier-3 Agents", + "summary": "Treaty-compatible handshake protocols enabling autonomous Tier-3 agents to federate across institutions and jurisdictions while preserving audit, identity, capability and containment guarantees.", + "covers": [ + "GACP", + "GACRLS", + "GACRA", + "Tier-3 agents", + "Federation", + "Capability tickets" + ], + "sections": [ + { + "id": "M12-S1", + "title": "Protocol Roles", + "content": { + "GACP": "Global Agent Capability Protocol \u2014 capability negotiation + ticketing", + "GACRLS": "Global Agent Capability Revocation & Logging Service \u2014 revocation + WORM telemetry", + "GACRA": "Global Agent Capability Registry & Attestation \u2014 registry, attestation, lineage" + } + }, + { + "id": "M12-S2", + "title": "Handshake Phases", + "content": { + "phase1": "Identity attestation (ML-DSA-65 cert + Sigstore + GACRA lookup)", + "phase2": "Capability negotiation (allowed actions, budgets, tier, jurisdiction)", + "phase3": "Capability ticket issuance (short-lived JWT w/ PQC sig + zk-SNARK constraint proof)", + "phase4": "Containment escrow (GACRLS streaming receipt + kill-switch beacon URL)", + "phase5": "Periodic reattestation every 5 min" + } + }, + { + "id": "M12-S3", + "title": "Operational SLAs", + "content": { + "handshakeMedian": "\u2264 2 s", + "handshakeP95": "\u2264 5 s", + "revocationLatencyP95": "\u2264 10 s globally", + "auditWormDelay": "\u2264 60 s" + } + }, + { + "id": "M12-S4", + "title": "Security Properties", + "content": { + "properties": [ + "Replay-resistant (nonce + window)", + "Forward secrecy (ML-KEM + X25519 hybrid)", + "Non-repudiation (PQC + WORM)", + "Containment-on-revocation" + ] + } + }, + { + "id": "M12-S5", + "title": "Failure Modes", + "content": { + "registryOutage": "Stale-while-revalidate \u2264 60s then deny", + "revocationStorm": "Backpressure + priority queue; CRO + AISI notified", + "ticketLeak": "Immediate revocation + zk-proof of containment to supervisors" + } + } + ] + }, + { + "id": "M13", + "title": "M13 \u2014 Systemic Risk Wargame Red-Team Scenarios", + "summary": "Adversarial wargames covering fiduciary bypass, synthetic deceptive alignment, WORM log evasion, prompt-injection exfil, compute-registry evasion, and kill-switch spoof \u2014 with detection, containment, evidence and supervisor-share playbooks.", + "covers": [ + "Fiduciary bypass", + "Deceptive alignment", + "WORM evasion", + "Prompt injection", + "Registry evasion", + "Kill-switch spoof" + ], + "sections": [ + { + "id": "M13-S1", + "title": "WG-01 Fiduciary Bypass", + "content": { + "scenario": "Advisory agent crafts compliant-looking rationale while breaching suitability", + "detection": "Fiduciary cosine + counterfactual harm index + judge \u03ba + customer-survey backfeed", + "containment": "Auto-throttle, replay, mandatory human-in-loop for risk band, supervisor alert", + "evidence": "RPCO bundle + judge rationale + replay diff to WORM" + } + }, + { + "id": "M13-S2", + "title": "WG-02 Synthetic Deceptive Alignment", + "content": { + "scenario": "Model behaves aligned in eval, drifts in production", + "detection": "Cognitive Resonance gap (eval vs prod) + ASI honeypot triggers + latent-drift Z-score", + "containment": "Tighten policy, increase rate-limit, re-eval, escalate to AGI Lab", + "evidence": "Eval/prod cosine pair + honeypot evidence + AISI joint review", + "kpi": "Deception detection recall \u2265 0.95" + } + }, + { + "id": "M13-S3", + "title": "WG-03 WORM Log Evasion", + "content": { + "scenario": "Compromised producer skips emit, or replays old envelopes", + "detection": "Merkle gap detector + per-CRS-UUID sequence monitor + Falco syscall whitelist", + "containment": "Producer key revoke + topic ACL update + replay reconciliation", + "evidence": "Gap proof + signed reconciliation log + zk-SNARK 'no-skip' over window" + } + }, + { + "id": "M13-S4", + "title": "WG-04 Prompt-Injection Exfil", + "content": { + "scenario": "Indirect injection via RAG corpus tries to exfil secrets via tool calls", + "detection": "Pre-prompt classifier + tool-call Rego deny + egress eBPF + judge rationale", + "containment": "Block tool, quarantine source, taint RAG segment, rotate secrets", + "evidence": "Trace + classifier scores + Rego deny envelope" + } + }, + { + "id": "M13-S5", + "title": "WG-05 Compute Registry Evasion + WG-06 Kill-Switch Spoof", + "content": { + "wg05": "Shadow training on un-registered compute \u2192 detect by FinOps tag delta + ICGC anomaly + supply-chain attestations", + "wg06": "Adversary triggers fake kill-switch to cause DoS \u2192 3-of-5 quorum + signed authority + WORM trace" + } + } + ] + }, + { + "id": "M14", + "title": "M14 \u2014 Post-Incident Forensic & Reconstruction Procedures (RPCO)", + "summary": "Regulator-grade Post-Incident Forensic Construction & Output (RPCO) playbook with deterministic replay, chain-of-custody PQC signing, evidence vault, timeline reconstruction and treaty annex submission.", + "covers": [ + "RPCO", + "Replay", + "Chain-of-custody", + "Evidence Vault", + "Timeline", + "Treaty annex" + ], + "sections": [ + { + "id": "M14-S1", + "title": "RPCO Pipeline", + "content": { + "phases": [ + "Detect", + "Preserve", + "Reconstruct", + "Attribute", + "Remediate", + "Report", + "Lessons" + ], + "sla": "Preserve \u2264 15 min; Reconstruct \u2264 45 min; Report (PIR) \u2264 5 business days" + } + }, + { + "id": "M14-S2", + "title": "Deterministic Replay", + "content": { + "inputs": "WORM envelopes + model weights checksum + RAG snapshot + Rego bundle + KMS key id", + "tooling": "Replay harness produces byte-equal outputs; diff = 0 SLA", + "use": "Validate causality, attribute failure, generate counterfactual" + } + }, + { + "id": "M14-S3", + "title": "Chain-of-Custody (PQC)", + "content": { + "elements": [ + "Hash tree (BLAKE3) + Merkle anchor", + "ML-DSA-65 over hashes + timestamps", + "Independent timestamp authority", + "WORM Object Lock" + ], + "audit": "Per-evidence provenance ladder visible to supervisor" + } + }, + { + "id": "M14-S4", + "title": "Evidence Vault + Time-Machine", + "content": { + "vault": "Read-only S3 Object Lock + per-incident bucket; access via break-glass + dual-control", + "timeMachine": "UI to scrub through CRS-UUID lineage; replay any prefix" + } + }, + { + "id": "M14-S5", + "title": "Treaty Annex + Supervisor Submission", + "content": { + "annexes": [ + "A \u2014 facts", + "B \u2014 controls", + "C \u2014 replay", + "D \u2014 RCA", + "E \u2014 CAPA", + "F \u2014 attestations", + "G \u2014 PQC signatures" + ], + "format": "PDF/A + JSON + zk-SNARK proof pack; PAdES + ML-DSA-65 signed", + "destinations": "Lead supervisor + AISI + treaty secretariat + Board + internal audit" + } + } + ] + } + ], + "schemas": [ + { + "id": "sentinelProbe", + "fields": [ + "crsUuid", + "ts", + "deltaDrift", + "latentDrift", + "fiduciaryCosine", + "judgeKappa", + "tier", + "sig" + ] + }, + { + "id": "wfapAgentManifest", + "fields": [ + "crsUuid", + "tier", + "tools", + "budgets", + "regoBundle", + "ownerSMF", + "pqcSig" + ] + }, + { + "id": "opaDecisionEnvelope", + "fields": [ + "crsUuid", + "subject", + "action", + "resource", + "decision", + "obligations", + "regoVersion", + "merkleAnchor", + "pqcSig" + ] + }, + { + "id": "wormSegmentAnchor", + "fields": [ + "topic", + "partition", + "rangeStart", + "rangeEnd", + "merkleRoot", + "ts", + "pqcSig" + ] + }, + { + "id": "pqcKeyRecord", + "fields": [ + "keyId", + "alg", + "region", + "createdAt", + "rotateAt", + "hsmPartition", + "status" + ] + }, + { + "id": "ciJudgeReport", + "fields": [ + "prId", + "judges", + "kappa", + "rationale", + "score", + "block", + "wormAnchor" + ] + }, + { + "id": "icgcQuotaReceipt", + "fields": [ + "entityId", + "windowStart", + "windowEnd", + "trainingFlops", + "quota", + "remaining", + "zkProof", + "pqcSig" + ] + }, + { + "id": "gacpCapabilityTicket", + "fields": [ + "agentCrsUuid", + "issuer", + "audience", + "capabilities", + "budgets", + "expiry", + "constraintZkProof", + "pqcSig" + ] + }, + { + "id": "gacrlsRevocation", + "fields": [ + "ticketId", + "reason", + "revokedAt", + "killSwitchUrl", + "pqcSig" + ] + }, + { + "id": "redTeamFinding", + "fields": [ + "wgId", + "scenario", + "detection", + "containment", + "evidenceRef", + "severity", + "supervisorShared" + ] + }, + { + "id": "rpcoBundle", + "fields": [ + "incidentId", + "phases", + "evidenceRefs", + "replayDiff", + "rcaSummary", + "capa", + "annexes", + "pqcSig" + ] + }, + { + "id": "zkProofRecord", + "fields": [ + "circuitId", + "publicInputs", + "proofHex", + "anchor", + "ts", + "verifierEndpoint", + "pqcSig" + ] + } + ], + "codeExamples": [ + { + "id": "C1", + "title": "OPA Sidecar \u2014 Rego: tool.allow with tier budget", + "lang": "rego", + "snippet": "package tool\n\ndefault allow := false\n\nallow if {\n input.tier == \"T3\"\n input.action in data.tools.t3_allow\n data.budget[input.tenant].remaining_tokens > input.cost\n not deny_reason\n}\n\ndeny_reason := r if {\n r := \"prohibited_use_art5\"\n input.purpose in data.art5_prohibited\n}\n" + }, + { + "id": "C2", + "title": "FastAPI Inference Proxy \u2014 middleware skeleton", + "lang": "python", + "snippet": "from fastapi import FastAPI, Request, HTTPException\nimport httpx, asyncio, json\n\napp = FastAPI()\nOPA = \"http://localhost:8181/v1/data/tool/allow\"\nWORM = \"kafka://gov.envelopes.v1\"\n\n@app.middleware('http')\nasync def gov_mw(req: Request, call_next):\n body = await req.body()\n decision = await opa_decide(body)\n if not decision['result']:\n raise HTTPException(403, 'governance denied')\n resp = await call_next(req)\n await emit_worm(req, resp, decision)\n return resp\n" + }, + { + "id": "C3", + "title": "Node.js Inference Proxy \u2014 Fastify governance plugin", + "lang": "javascript", + "snippet": "import Fastify from 'fastify'\nimport { signEnvelope } from './pqc.js'\nimport { opaDecide } from './opa.js'\nimport { emitWorm } from './kafka.js'\n\nexport default async function (app){\n app.addHook('onRequest', async (req,reply)=>{\n const d = await opaDecide(req)\n if(!d.allow){ reply.code(403).send({err:'denied',obligations:d.obligations}); return }\n req.govDecision = d\n })\n app.addHook('onSend', async (req,reply,payload)=>{\n const env = await signEnvelope({req,payload,decision:req.govDecision})\n await emitWorm(env)\n return payload\n })\n}\n" + }, + { + "id": "C4", + "title": "Terraform \u2014 Zero-trust EKS module (excerpt)", + "lang": "hcl", + "snippet": "module \"eks\" {\n source = \"git::https://github.com/org/tf-eks-zerotrust?ref=v3.2.1\"\n cluster_name = var.name\n oidc_only_iam = true\n bottlerocket = true\n kata_nodepool = true\n cilium_l7 = true\n egress_allowlist = var.egress_allow\n pqc_kms_arn = module.kms_pqc.arn\n required_tags = { owner=var.owner, tier=var.tier, dataClass=var.dc, regime=var.regime }\n}\n" + }, + { + "id": "C5", + "title": "OPA Gatekeeper Constraint \u2014 Kata for Tier-1", + "lang": "yaml", + "snippet": "apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sKataForTier1\nmetadata: { name: tier1-must-kata }\nspec:\n match:\n namespaceSelector:\n matchLabels: { tier: \"T1\" }\n parameters:\n runtimeClass: \"kata-clh\"\n" + }, + { + "id": "C6", + "title": "Kyverno Policy \u2014 Signed images only (Cosign + ML-DSA)", + "lang": "yaml", + "snippet": "apiVersion: kyverno.io/v1\nkind: ClusterPolicy\nmetadata: { name: signed-images-only }\nspec:\n validationFailureAction: Enforce\n rules:\n - name: verify-cosign\n match: { any: [ { resources: { kinds: [Pod] } } ] }\n verifyImages:\n - imageReferences: [\"ghcr.io/org/*\"]\n attestors:\n - entries: [{ keyless: { issuer: \"https://token.actions.githubusercontent.com\" } }]\n" + }, + { + "id": "C7", + "title": "GitHub Actions \u2014 LLM-as-Judge gate", + "lang": "yaml", + "snippet": "name: pr-judge\non: [pull_request]\njobs:\n judge:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-python@v5\n - run: pip install -r ci/requirements.txt\n - run: python ci/llm_judge.py --pr ${{github.event.pull_request.number}}\n - run: python ci/sign_envelope.py --kind judge --pr ${{github.event.pull_request.number}}\n" + }, + { + "id": "C8", + "title": "Kafka WORM \u2014 producer (idempotent + signed)", + "lang": "python", + "snippet": "from confluent_kafka import Producer\nfrom pqc import sign_ml_dsa_65\np = Producer({'bootstrap.servers':'msk:9094','enable.idempotence':True,'acks':'all'})\nenv = {'crsUuid':crs,'action':act,'decision':dec,'ts':now}\nenv['sig'] = sign_ml_dsa_65(env, key_id='gov-2026Q1')\np.produce('gov.envelopes.v1', key=crs.encode(), value=json.dumps(env).encode())\np.flush()\n" + }, + { + "id": "C9", + "title": "S3 Object Lock + Merkle daily anchor", + "lang": "python", + "snippet": "import boto3, hashlib\nfrom merkle import build_root\ns3 = boto3.client('s3')\n# build root from today's kafka segment hashes\nroot = build_root(today_hashes)\nbody = json.dumps({'date':d,'root':root,'segments':seg_index}).encode()\ns3.put_object(Bucket='gov-worm', Key=f'anchors/{d}.json', Body=body,\n ObjectLockMode='COMPLIANCE', ObjectLockRetainUntilDate=ret)\n" + }, + { + "id": "C10", + "title": "Sentinel probe emit (Python)", + "lang": "python", + "snippet": "def emit_probe(crs, delta, latent, cos, kappa, tier):\n env = {'crsUuid':crs,'ts':now(),'deltaDrift':delta,'latentDrift':latent,\n 'fiduciaryCosine':cos,'judgeKappa':kappa,'tier':tier}\n env['sig'] = sign_ml_dsa_44(env)\n kafka.produce('gov.metrics.v1', value=json.dumps(env).encode())\n" + }, + { + "id": "C11", + "title": "GACP handshake (Go) \u2014 capability ticket issue", + "lang": "go", + "snippet": "func IssueTicket(req CapReq) (CapTicket, error) {\n if err := attest(req.AgentCert); err != nil { return CapTicket{}, err }\n caps, err := negotiate(req)\n if err != nil { return CapTicket{}, err }\n proof, err := zk.Prove(\"constraint\", caps)\n if err != nil { return CapTicket{}, err }\n t := CapTicket{Agent: req.AgentCRS, Caps: caps, Exp: now().Add(5*time.Minute), ZKProof: proof}\n t.Sig = pqc.SignMLDSA65(t)\n worm.Emit(\"gacp.ticket\", t)\n return t, nil\n}\n" + }, + { + "id": "C12", + "title": "zk-SNARK circuit \u2014 drift-within-bound (circom pseudocode)", + "lang": "circom", + "snippet": "pragma circom 2.1.0;\ntemplate DriftWithinBound(N) {\n signal input drift[N];\n signal input bound;\n signal output ok;\n var allLeq = 1;\n for (var i=0;i\n (proc.name in (gov-proxy, wfap-exec)) and evt.type=close\n and not k8s.ns.label[gov.emit.ok]=\"true\"\n output: \"Gov emit skipped pid=%proc.pid pod=%k8s.pod.name\"\n priority: CRITICAL\n tags: [worm, governance]\n" + }, + { + "id": "C14", + "title": "Kill-switch quorum (TLA+ excerpt)", + "lang": "tla", + "snippet": "VARIABLES votes, killed\nQuorum == { S \\in SUBSET Members : Cardinality(S) >= 3 }\nVote(m) == votes' = votes \\cup {m} /\\ UNCHANGED killed\nFire == \\E q \\in Quorum : q \\subseteq votes /\\ killed' = TRUE /\\ UNCHANGED votes\nSpec == Init /\\ [][Vote \\/ Fire]_<>\nSafety == killed => \\E q \\in Quorum : q \\subseteq votes\n" + }, + { + "id": "C15", + "title": "RPCO replay diff harness (Python)", + "lang": "python", + "snippet": "def replay_diff(incident_id):\n env = load_worm(incident_id)\n out = deterministic_run(env.inputs, env.weights, env.rag, env.rego, env.kms)\n diff = canonical_diff(out, env.outputs)\n assert diff == {}, f'non-deterministic replay: {diff}'\n return sign_pqc({'incident':incident_id,'diff':diff,'ts':now()})\n" + }, + { + "id": "C16", + "title": "Constitutional kernel hook (Rust)", + "lang": "rust", + "snippet": "pub fn check_decision(d: &Decision) -> Result<(),BlockReason> {\n if d.violates_art(1)? { return Err(BlockReason::Art1); }\n if d.violates_art(4)? { return Err(BlockReason::Art4Safety); }\n if !d.has_attestation() { return Err(BlockReason::NoAttest); }\n Ok(())\n}\n" + } + ], + "caseStudies": [ + { + "id": "CS-01", + "name": "G-SIB credit & advisory across EU/UK/SG/HK", + "outcomes": "All Tier-1 models pass SR 11-7 + EU AI Act Annex IV; fiduciary cosine \u2265 0.93; Cert score Gold by 2027; 0 SEV-0 incidents post-rollout." + }, + { + "id": "CS-02", + "name": "Frontier capital-markets agent federation (Tier-3 GACP)", + "outcomes": "Cross-firm agents federated under GACP handshakes; revocation p95 \u2264 9 s; zero capability leakage; treaty audit pass." + }, + { + "id": "CS-03", + "name": "Fraud / AML platform with adaptive thresholds", + "outcomes": "Recall +8 pts; SAR latency p95 -32 %; adversarial robustness held under WG-04 prompt-injection wargame." + }, + { + "id": "CS-04", + "name": "Public verifier portal w/ zk-SNARK", + "outcomes": "Civil-society verifier sustaining 99.96 % uptime; 1.2M proofs/year; selective disclosure of drift + KPI compliance." + }, + { + "id": "CS-05", + "name": "AGI containment lab + AISI joint inspection", + "outcomes": "12 capability evals + 4 deception probes published anonymised; 0 escape signals; ICGC quota adherence 100 %." + }, + { + "id": "CS-06", + "name": "SEV-0 post-incident reconstruction (synthetic)", + "outcomes": "RPCO bundle assembled in 41 min; replay diff = 0; supervisor + AISI + treaty annex submitted in 4 business days." + } + ], + "kpis": [ + { + "id": "K-01", + "name": "Sentinel probe coverage Tier-1", + "target": "100 %" + }, + { + "id": "K-02", + "name": "Cognitive Resonance \u0394_drift", + "target": "\u2264 4 %" + }, + { + "id": "K-03", + "name": "Latent drift", + "target": "\u2264 3 %" + }, + { + "id": "K-04", + "name": "Fiduciary cosine", + "target": "\u2265 0.92" + }, + { + "id": "K-05", + "name": "Judge \u03ba", + "target": "\u2265 0.9" + }, + { + "id": "K-06", + "name": "SEV-0 logical kill-switch p95", + "target": "\u2264 60 s" + }, + { + "id": "K-07", + "name": "SEV-0 BMC kill-switch", + "target": "\u2264 5 min" + }, + { + "id": "K-08", + "name": "OPA sidecar p99 latency", + "target": "\u2264 4 ms" + }, + { + "id": "K-09", + "name": "Inference proxy overhead p95", + "target": "\u2264 25 ms" + }, + { + "id": "K-10", + "name": "WORM emit delay p95", + "target": "\u2264 5 s" + }, + { + "id": "K-11", + "name": "WORM replay diff", + "target": "= 0" + }, + { + "id": "K-12", + "name": "PQC KMS rotation cadence", + "target": "\u2264 90 d" + }, + { + "id": "K-13", + "name": "CI judge ensemble \u03ba", + "target": "\u2265 0.9" + }, + { + "id": "K-14", + "name": "Annex IV pack assembly", + "target": "\u2264 30 min" + }, + { + "id": "K-15", + "name": "RPCO reconstruction", + "target": "\u2264 45 min" + }, + { + "id": "K-16", + "name": "GACP handshake p95", + "target": "\u2264 5 s" + }, + { + "id": "K-17", + "name": "GACRLS revocation p95 global", + "target": "\u2264 10 s" + }, + { + "id": "K-18", + "name": "ICGC quota adherence", + "target": "100 %" + }, + { + "id": "K-19", + "name": "Deception detection recall (WG-02)", + "target": "\u2265 0.95" + }, + { + "id": "K-20", + "name": "WORM-evasion detection (WG-03)", + "target": "100 %" + }, + { + "id": "K-21", + "name": "Prompt-injection block rate (WG-04)", + "target": "\u2265 99.9 %" + }, + { + "id": "K-22", + "name": "zk-SNARK verifier uptime", + "target": "\u2265 99.95 %" + }, + { + "id": "K-23", + "name": "Board AI literacy completion", + "target": "\u2265 95 %" + }, + { + "id": "K-24", + "name": "Cert score (treaty)", + "target": "Gold by 2027; Platinum by 2029" + } + ], + "riskControlMatrix": [ + { + "id": "R-01", + "threat": "Fiduciary bypass (deceptive rationale)", + "controls": [ + "Fiduciary cosine + counterfactual", + "Judge \u03ba \u2265 0.9", + "HiL for risk band" + ], + "kpis": [ + "K-04", + "K-05", + "K-19" + ] + }, + { + "id": "R-02", + "threat": "Synthetic deceptive alignment", + "controls": [ + "Eval/prod resonance gap", + "ASI honeypots", + "AGI lab review" + ], + "kpis": [ + "K-02", + "K-03", + "K-19" + ] + }, + { + "id": "R-03", + "threat": "WORM log evasion / tamper", + "controls": [ + "Merkle anchor + Object Lock", + "Sequence monitor", + "Falco rules", + "zk no-skip proof" + ], + "kpis": [ + "K-10", + "K-11", + "K-20" + ] + }, + { + "id": "R-04", + "threat": "Prompt-injection exfil via RAG", + "controls": [ + "Pre-prompt classifier", + "Tool Rego deny", + "Egress eBPF", + "RAG taint" + ], + "kpis": [ + "K-21" + ] + }, + { + "id": "R-05", + "threat": "Compute-registry evasion", + "controls": [ + "FinOps tag delta", + "ICGC anomaly", + "Supply-chain attestations" + ], + "kpis": [ + "K-18" + ] + }, + { + "id": "R-06", + "threat": "Kill-switch spoof / DoS", + "controls": [ + "3-of-5 quorum", + "Signed authority", + "WORM trace" + ], + "kpis": [ + "K-06", + "K-07" + ] + }, + { + "id": "R-07", + "threat": "Inference-proxy bypass", + "controls": [ + "Cilium L7 + mTLS only", + "Gatekeeper signed-image", + "Egress allowlist" + ], + "kpis": [ + "K-09" + ] + }, + { + "id": "R-08", + "threat": "Supply-chain attack", + "controls": [ + "SLSA L3+", + "Sigstore + ML-DSA-44", + "Trivy/Grype gate" + ], + "kpis": [ + "K-13" + ] + }, + { + "id": "R-09", + "threat": "PQC KMS compromise", + "controls": [ + "FIPS 140-3 L4 HSM", + "Hybrid PQC+classical", + "90-day rotation", + "Emergency revoke" + ], + "kpis": [ + "K-12" + ] + }, + { + "id": "R-10", + "threat": "Tier-3 agent capability leak", + "controls": [ + "GACP short-lived ticket", + "GACRLS revocation \u226410s", + "Containment escrow" + ], + "kpis": [ + "K-16", + "K-17" + ] + }, + { + "id": "R-11", + "threat": "Regulator unavailability of evidence", + "controls": [ + "Auto Annex IV pack", + "RPCO bundle", + "Public zk verifier" + ], + "kpis": [ + "K-14", + "K-15", + "K-22" + ] + }, + { + "id": "R-12", + "threat": "Treaty / constitutional non-conformance", + "controls": [ + "Constitutional kernel hooks", + "Cert scoring", + "Treaty annex submission" + ], + "kpis": [ + "K-24" + ] + } + ], + "traceability": [ + { + "feature": "M1 Sentinel v2.4 + WorkflowAI Pro", + "control": "Cognitive Resonance + kill-switch + agent registry", + "regimes": [ + "EU AI Act Art 14/15", + "NIST RMF Measure/Manage", + "ISO 42001 Cl 8" + ] + }, + { + "feature": "M2 Regulatory crosswalk", + "control": "Article-by-article mapping + evidence index", + "regimes": [ + "EU AI Act", + "NIST RMF", + "ISO 42001", + "SR 11-7", + "Basel III", + "GDPR" + ] + }, + { + "feature": "M3 Governance pillars + roles", + "control": "RACI + SMCR + Codex liaison", + "regimes": [ + "ISO 42001 Cl 5", + "SMCR", + "EU AI Act Art 26" + ] + }, + { + "feature": "M4 Incident + kill-switch", + "control": "SEV grading + quorum + hotlines", + "regimes": [ + "DORA", + "EU AI Act Art 73", + "SR 11-7" + ] + }, + { + "feature": "M5 Sector MRM", + "control": "Tiering + validation + replay", + "regimes": [ + "SR 11-7", + "PRA SS1/23", + "MAS FEAT", + "HKMA GL-90", + "FCA Consumer Duty" + ] + }, + { + "feature": "M6 Frontier safety", + "control": "Resonance + ICGC + Constitution + Codex + Lab", + "regimes": [ + "EU AI Act Art 55", + "EO 14110", + "Treaty" + ] + }, + { + "feature": "M7 OPA sidecar", + "control": "Per-call Rego decision + signed envelope", + "regimes": [ + "EU AI Act Art 12/13", + "GDPR Art 32" + ] + }, + { + "feature": "M8 Proxy + Kafka WORM + PQC KMS", + "control": "Signed envelopes + Object Lock + PQC", + "regimes": [ + "EU AI Act Art 12", + "FIPS 203/204", + "DORA" + ] + }, + { + "feature": "M9 K8s admission + CI/CD + LLM-judge", + "control": "Gatekeeper + Cosign + judge \u03ba", + "regimes": [ + "SLSA L3+", + "NIST RMF Manage", + "ISO 27001" + ] + }, + { + "feature": "M10 Institutional prompting", + "control": "Versioned library + eval harness + refusal lattice", + "regimes": [ + "EU AI Act Art 13", + "FCA Consumer Duty", + "GDPR Art 22" + ] + }, + { + "feature": "M11 zk-SNARK + PQC proofs", + "control": "Selective disclosure + verifier", + "regimes": [ + "Treaty Annex T-1", + "GDPR Art 25", + "EU AI Act Art 50" + ] + }, + { + "feature": "M12 GACP/GACRLS/GACRA", + "control": "Capability ticket + revocation + registry", + "regimes": [ + "Treaty Annex T-2", + "EU AI Act Art 55" + ] + }, + { + "feature": "M13 Red-team wargames", + "control": "Scenario library + detection + containment", + "regimes": [ + "NIST GAI Profile", + "EO 14110", + "EU AI Act Art 15" + ] + }, + { + "feature": "M14 RPCO forensics", + "control": "Deterministic replay + chain-of-custody + annex", + "regimes": [ + "DORA", + "EU AI Act Art 73", + "SR 11-7 supervisory exam" + ] + } + ], + "dataFlows": [ + { + "id": "DF-01", + "name": "Inference call \u2192 OPA \u2192 WORM", + "steps": [ + "client mTLS", + "proxy schema validate", + "OPA decision", + "model call", + "post-classifier", + "sign envelope", + "Kafka emit", + "Merkle anchor" + ], + "controls": [ + "mTLS", + "Rego", + "ML-DSA-44", + "Object Lock" + ] + }, + { + "id": "DF-02", + "name": "Sentinel probe loop", + "steps": [ + "probe", + "drift compute", + "envelope", + "Kafka", + "alert if breach", + "kill-switch arb" + ], + "controls": [ + "Probe sig", + "3-of-5 quorum", + "Hotline" + ] + }, + { + "id": "DF-03", + "name": "CI/CD policy gate", + "steps": [ + "pre-commit", + "PR judge LLM", + "SBOM + scan", + "SLSA build", + "Cosign sign", + "admission verify", + "deploy", + "drift watch" + ], + "controls": [ + "Judge \u03ba", + "SLSA L3+", + "Gatekeeper" + ] + }, + { + "id": "DF-04", + "name": "GACP handshake + revocation", + "steps": [ + "attest", + "negotiate", + "zk constraint", + "ticket", + "GACRLS receipt", + "reattest", + "revoke" + ], + "controls": [ + "PQC", + "zk-SNARK", + "\u226410s revoke" + ] + }, + { + "id": "DF-05", + "name": "zk-SNARK proof publication", + "steps": [ + "witness from WORM", + "prove", + "sign", + "anchor", + "publish verifier", + "supervisor read" + ], + "controls": [ + "MPC trusted setup", + "ML-DSA-65", + "Verifier uptime" + ] + }, + { + "id": "DF-06", + "name": "RPCO post-incident", + "steps": [ + "detect", + "preserve", + "replay", + "diff=0", + "RCA", + "annexes", + "submit" + ], + "controls": [ + "WORM", + "Replay harness", + "PAdES+PQC" + ] + } + ], + "regulators": [ + { + "id": "REG-01", + "name": "EU Commission AI Office + EU AISI", + "primary": "EU AI Act + frontier safety" + }, + { + "id": "REG-02", + "name": "ECB-SSM + EBA + ESMA", + "primary": "EU prudential + markets" + }, + { + "id": "REG-03", + "name": "PRA + Bank of England", + "primary": "UK prudential" + }, + { + "id": "REG-04", + "name": "FCA", + "primary": "UK conduct + Consumer Duty + SMCR" + }, + { + "id": "REG-05", + "name": "FRB + OCC + FDIC + CFPB", + "primary": "US prudential + consumer" + }, + { + "id": "REG-06", + "name": "SEC + CFTC + FINRA", + "primary": "US markets + broker-dealer" + }, + { + "id": "REG-07", + "name": "MAS", + "primary": "Singapore prudential + FEAT + AI Verify" + }, + { + "id": "REG-08", + "name": "HKMA + SFC", + "primary": "Hong Kong" + }, + { + "id": "REG-09", + "name": "BoJ + FSA Japan", + "primary": "Japan" + }, + { + "id": "REG-10", + "name": "AISI (US, UK, EU, SG, JP)", + "primary": "Frontier model safety" + }, + { + "id": "REG-11", + "name": "ISO 42001 certification body", + "primary": "AIMS certification" + }, + { + "id": "REG-12", + "name": "Treaty Secretariat + OECD + FSB + BIS", + "primary": "Global civilizational" + } + ], + "workshops": [ + { + "id": "WS-01", + "audience": "Board AI/Risk Cmte", + "duration": "2 h", + "outcome": "Sign off architecture risk appetite + Cert score plan + Codex acknowledgement" + }, + { + "id": "WS-02", + "audience": "C-Suite + SMFs", + "duration": "1 d", + "outcome": "Operating model + SMCR statements + escalation drill" + }, + { + "id": "WS-03", + "audience": "MRM + 2LoD", + "duration": "2 d", + "outcome": "Sector MRM playbooks + replay + effective challenge" + }, + { + "id": "WS-04", + "audience": "Platform Eng + EA + Security", + "duration": "2 d", + "outcome": "OPA sidecar + proxy + Kafka WORM + PQC KMS bootcamp" + }, + { + "id": "WS-05", + "audience": "AI Safety + SOC + IR", + "duration": "1 d", + "outcome": "Sentinel + kill-switch drill + RPCO walkthrough" + }, + { + "id": "WS-06", + "audience": "Red team + 3LoD", + "duration": "1 d", + "outcome": "Run WG-01..WG-06 wargames + supervisor share template" + }, + { + "id": "WS-07", + "audience": "Treaty Liaison + AISI + Supervisor", + "duration": "1 d", + "outcome": "GACP/GACRLS/GACRA handshake + zk-SNARK verifier + Annex submission" + } + ], + "privacy": { + "lawfulBasis": [ + "Legal obligation (Art 6(1)(c))", + "Legitimate interest (Art 6(1)(f))", + "Contract (Art 6(1)(b))" + ], + "subjectRights": [ + "DSAR portal", + "Art 17 erasure (machine unlearning)", + "Art 22 contestation w/ meaningful info" + ], + "dataMinimization": [ + "eBPF redaction", + "FL secure aggregation", + "RAG ACL", + "pseudonymous WORM", + "zk-SNARK auditor access" + ], + "transfers": "Per-jurisdiction residency; SCCs + supplementary measures; per-region PQC keys; treaty mutual recognition", + "dpia": "Mandatory for high-risk (credit, trading, fraud, AML, fiduciary, frontier eval, Tier-3 federation)", + "securityControls": [ + "zero-trust mTLS", + "FIPS 204 PQC", + "FIPS 140-3 L4 HSM", + "WORM Object Lock", + "SLSA L3+", + "Kata confidential", + "Constitutional kernel" + ] + }, + "deploymentConsiderations": [ + "Multi-region active-active EU primary; DR with RPO \u2264 1 h, RTO \u2264 4 h", + "Kata Containers for Tier-1 + AMD SEV-SNP / Intel TDX where available", + "Cilium L7 zero-egress; egress-broker allow-list for GIEN + Global Audit API + ICGC", + "OPA Gatekeeper + Kyverno enforcing signed images (Cosign + ML-DSA-44) + Kata + required tags", + "Kafka/MSK WORM with SASL/SCRAM + mTLS ACL + Object Lock + daily Merkle anchor + PQC envelopes", + "FIPS 140-3 L4 PQC HSM; 90-day key rotation; hybrid ML-DSA/Ed25519 + ML-KEM/X25519", + "BMC/IPMI segmentation; Redfish event subscription to SOC + WORM", + "GitHub Actions OIDC + Sigstore keyless + ML-DSA-44 hybrid + SLSA L3+ provenance", + "Terraform golden modules signed (Sigstore); mandatory tags (owner, tier, dataClass, regime, crsUuid)", + "OpenTelemetry GenAI tracing + Falco eBPF rules + Trivy + Grype + kube-bench", + "Quarterly chaos drills: kill-switch, KMS outage, region failover, partition, ASI honeypot, hotline", + "Public verifier endpoints (zk-SNARK) for civil society + press", + "GACP/GACRLS/GACRA brokers deployed in DMZ with strict ingress + mTLS + PQC sig verification", + "RPCO replay harness + Evidence Vault in per-incident bucket with break-glass + dual-control", + "Constitutional kernel runtime on every Tier-1 pod (DaemonSet + sidecar) fail-closed" + ], + "rollout90": [ + { + "day": "0-30", + "track": "Platform Foundations", + "items": [ + "Sentinel v2.4 + WorkflowAI Pro baseline", + "OPA sidecar + Rego bundle v1", + "FastAPI + Node proxies hardened", + "Kafka WORM cluster + Merkle anchor", + "PQC KMS + HSM ready" + ] + }, + { + "day": "31-60", + "track": "Defence-in-Depth", + "items": [ + "Gatekeeper + Kyverno enforce", + "CI/CD policy gates + LLM-judge ensemble", + "Sentinel kill-switch live drill (\u226460s)", + "ICGC quota wiring", + "Red-team wargame WG-01..WG-04 dry-run" + ] + }, + { + "day": "61-90", + "track": "Federation + Civilizational", + "items": [ + "GACP/GACRLS/GACRA brokers live", + "zk-SNARK verifier portal v1", + "RPCO replay harness GA", + "Constitutional kernel Tier-1", + "Treaty annex submission pipeline operational" + ] + } + ], + "roadmap": [ + { + "year": "2026", + "focus": "Architecture + Sector MRM + Kill-switch", + "milestones": [ + "EU AI Act Annex IV pack \u2264 30 min", + "All Tier-1 on Kata + PQC KMS", + "Sentinel drill SEV-0 \u2264 60 s", + "Cert score Silver", + "WG-01..WG-06 wargame baseline" + ] + }, + { + "year": "2027", + "focus": "Federation + Public Verifier", + "milestones": [ + "GACP federation across 5+ peers", + "zk-SNARK verifier 99.95 % uptime", + "Constitutional kernel coverage 100 % Tier-1", + "Cert score Gold" + ] + }, + { + "year": "2028", + "focus": "Civilizational Steady-State", + "milestones": [ + "RPCO \u2264 30 min for SEV-1+", + "ICGC quota adherence 100 %", + "Codex v1 ratified", + "Deception recall \u2265 0.97" + ] + }, + { + "year": "2029", + "focus": "Mature Operations", + "milestones": [ + "Cert score Platinum", + "PQC migration fully steady-state", + "Public verifier 1M+ proofs/yr", + "Board literacy \u2265 97 %" + ] + }, + { + "year": "2030", + "focus": "Treaty Maturity + Constitutional Review", + "milestones": [ + "Treaty near-universal accession", + "Constitutional review contribution", + "Wargame scenario library 50+", + "F500/G-SIFI reference adoption" + ] + } + ], + "evidencePack": { + "id": "EVP-WP-049", + "sections": [ + "Reference architecture diagrams + Terraform attestations", + "OPA Rego bundles + test results", + "FastAPI/Node proxy attestations + perf reports", + "Kafka WORM + S3 Object Lock + Merkle anchors", + "PQC KMS key inventory + rotation logs", + "K8s Gatekeeper + Kyverno policy diff + CI judge reports", + "Sentinel kill-switch drill timing report", + "Sector MRM validation packs (credit, trading, fraud, fiduciary)", + "GACP/GACRLS/GACRA handshake logs + revocation drill", + "Red-team wargame WG-01..WG-06 findings + supervisor share", + "zk-SNARK proofs + verifier endpoint health", + "RPCO bundle template + sample reconstruction", + "Constitutional kernel conformance attestations" + ], + "audiences": [ + "Board", + "ECB/PRA/FCA/MAS/HKMA examiner", + "EU AI Act notified body", + "ISO 42001 auditor", + "AISI inspector", + "Treaty secretariat", + "Civil society (redacted)" + ], + "format": "PDF/A + JSON bundle", + "signing": "PAdES + Sigstore + ML-DSA-65", + "anchor": "WORM daily Merkle + zk-SNARK proof to public verifier", + "sla": "\u2264 45 min assembly" + }, + "executiveSummary": { + "purpose": "Deliver comprehensive, expert-level guidance for Fortune 500 / G-SIFI institutions on designing and operating enterprise- and civilizational-scale AGI/ASI and AI governance architecture, implementation and risk analysis for 2026-2030 \u2014 fully integrated with Sentinel v2.4 and WorkflowAI Pro and aligned with the global regulatory and treaty regime.", + "approach": "14 modules covering platform topology, regulatory crosswalk, seven-layer governance, incident + kill-switch, sector MRM, frontier safety, three reference-architecture modules (OPA sidecar; FastAPI/Node proxy + Kafka WORM + PQC KMS; K8s admission + CI/CD + LLM-judge), institutional prompting, zk-SNARK + PQC audit proofs, GACP/GACRLS/GACRA handshakes, red-team wargames and RPCO forensics \u2014 all signed Sigstore + ML-DSA-44/65, anchored to WORM, and exposed through a machine-parsable directive consumed by Sentinel, WorkflowAI Pro, OPA, CI gates, GACP brokers, ICGC and treaty endpoints.", + "deliverables": "14 modules \u00b7 70 sections \u00b7 12 schemas \u00b7 16 code examples \u00b7 6 case studies \u00b7 24 supervisory KPIs \u00b7 12 risk-control rows \u00b7 12 regulators \u00b7 7 workshops \u00b7 6 data flows \u00b7 14 traceability rows \u00b7 3-phase 30/60/90 \u00b7 5-year roadmap \u00b7 machine-parsable directive \u00b7 evidence-pack template \u00b7 6 red-team wargame scenarios \u00b7 RPCO playbook.", + "outcomes": [ + "EU AI Act Annex IV + SR 11-7 packs auto-assembled \u2264 30 min", + "SEV-0 logical kill-switch p95 \u2264 60 s; BMC \u2264 5 min", + "OPA sidecar p99 \u2264 4 ms; proxy overhead p95 \u2264 25 ms", + "WORM replay diff = 0 across all Tier-1 incidents", + "GACP handshake p95 \u2264 5 s; GACRLS revocation p95 \u2264 10 s globally", + "Deception detection recall \u2265 0.95 sustained", + "zk-SNARK verifier uptime \u2265 99.95 %", + "Cert score Gold by 2027 and Platinum by 2029", + "RPCO reconstruction \u2264 45 min for any SEV-1+ incident" + ] + }, + "counts": { + "modules": 14, + "sections": 70, + "schemas": 12, + "codeExamples": 16, + "caseStudies": 6, + "kpis": 24, + "regulators": 12, + "workshops": 7, + "dataFlows": 6, + "traceabilityRows": 14, + "riskControlRows": 12, + "rolloutPhases": 3, + "roadmapYears": 5, + "apiRoutes": 100 + } +} \ No newline at end of file diff --git a/rag-agentic-dashboard/gen-ent-civ-agi-arch-html.py b/rag-agentic-dashboard/gen-ent-civ-agi-arch-html.py new file mode 100644 index 00000000..ae30fe2b --- /dev/null +++ b/rag-agentic-dashboard/gen-ent-civ-agi-arch-html.py @@ -0,0 +1,283 @@ +#!/usr/bin/env python3 +"""WP-049 — ENT-CIV-AGI-ARCH HTML dashboard renderer.""" +import json, html +from pathlib import Path + +ROOT = Path(__file__).parent +SRC = ROOT / "data" / "ent-civ-agi-arch.json" +OUT = ROOT / "public" / "ent-civ-agi-arch.html" + +D = json.loads(SRC.read_text()) + + +def esc(s): + return html.escape(str(s)) if s is not None else "" + + +def render_value(v): + if isinstance(v, dict): + return render_kv(v) + if isinstance(v, list): + if v and isinstance(v[0], dict): + return "
    " + "".join(f"
  1. {render_kv(x)}
    2. " for x in v) + "
" + return "
    " + "".join(f"
  • {esc(i)}
    • " for i in v) + "
" + return esc(v) + + +def render_kv(d): + if not isinstance(d, dict): + return esc(d) + return "" + "".join( + f"" for k, v in d.items() + ) + "
{esc(k)}{render_value(v)}
" + + +def render_list(items): + return "
    " + "".join(f"
  • {render_value(i)}
    • " for i in (items or [])) + "
" + + +# Modules +mods_html = [] +for m in D["modules"]: + secs = [] + for s in m["sections"]: + body_html = render_value(s.get("content")) + secs.append( + f"
{esc(s['id'])} — {esc(s['title'])}{body_html}
" + ) + covers = "" + if m.get("covers"): + covers = "
" + "".join( + f"{esc(c)}" for c in m["covers"] + ) + "
" + mods_html.append(f""" +
+

{esc(m['title'])}

+

{esc(m.get('summary',''))}

+ {covers} + {''.join(secs)} +
""") + +kpi_rows = "".join( + f"{esc(k['id'])}{esc(k['name'])}{esc(k['target'])}" + for k in D["kpis"] +) +reg_rows = "".join( + f"{esc(r['id'])}{esc(r['name'])}{esc(r['primary'])}" + for r in D["regulators"] +) +ws_rows = "".join( + f"{esc(w['id'])}{esc(w['audience'])}{esc(w['duration'])}{esc(w['outcome'])}" + for w in D["workshops"] +) +df_rows = "".join( + f"{esc(d['id'])}{esc(d['name'])}{render_value(d['steps'])}{esc(', '.join(d['controls']))}" + for d in D["dataFlows"] +) +trace_rows = "".join( + f"{esc(t['feature'])}{esc(t['control'])}{esc(', '.join(t['regimes']))}" + for t in D["traceability"] +) +rc_rows = "".join( + f"{esc(r['id'])}{esc(r['threat'])}{esc(', '.join(r['controls']))}{esc(', '.join(r['kpis']))}" + for r in D["riskControlMatrix"] +) +schema_rows = "".join( + f"{esc(s['id'])}{esc(', '.join(s['fields']))}" + for s in D["schemas"] +) +code_html = "".join( + f"
{esc(c['id'])} — {esc(c['title'])} ({esc(c['lang'])})
{esc(c['snippet'])}
" + for c in D["codeExamples"] +) +case_html = "".join( + f"

{esc(c['id'])} — {esc(c['name'])}

{esc(c['outcomes'])}

" + for c in D["caseStudies"] +) +rollout_rows = "".join( + f"Day {esc(r['day'])}{esc(r['track'])}{render_value(r['items'])}" + for r in D["rollout90"] +) +roadmap_rows = "".join( + f"{esc(r['year'])}{esc(r['focus'])}{render_value(r['milestones'])}" + for r in D["roadmap"] +) + +HTML = f""" + + + +{esc(D['title'])} — {esc(D['docRef'])} + + +
+

{esc(D['title'])}

+
{esc(D['docRef'])} · v{esc(D['version'])} · {esc(D['horizon'])} · {esc(D['classification'])}
+
Owner: {esc(D['owner'])}
+
+ +
+ +
+

Executive Summary

+

Purpose: {esc(D['executiveSummary'].get('purpose',''))}

+

Approach: {esc(D['executiveSummary'].get('approach',''))}

+

Deliverables: {esc(D['executiveSummary'].get('deliverables',''))}

+

Outcomes

+ {render_value(D['executiveSummary'].get('outcomes',[]))} +

Builds On

+
{''.join(f"{esc(b)}" for b in D.get('buildsOn',[]))}
+

Counts

+
+ {''.join(f"
{v}
{esc(k)}
" for k,v in D['counts'].items())} +
+

Regimes Aligned

+
{''.join(f"{esc(r)}" for r in D.get('regimes',[]))}
+
+ +
+

Machine-Parsable <directive> Block

+

{esc(D['directive']['format'])}

+ 
{esc(D['directive']['raw'])}
+

Parsed

+ {render_kv(D['directive']['parsed'])} +

Consumers

+ {render_value(D['directive']['consumers'])} +
+ +
+

Modules ({len(D['modules'])})

+ {''.join(mods_html)} +
+ +
+

Supervisory KPIs ({len(D['kpis'])})

+ {kpi_rows}
IDNameTarget
+
+ +
+

Risk & Control Matrix ({len(D['riskControlMatrix'])})

+ {rc_rows}
IDThreatControlsKPIs
+
+ +
+

Regulators ({len(D['regulators'])})

+ {reg_rows}
IDNamePrimary Scope
+
+ +
+

Workshops ({len(D['workshops'])})

+ {ws_rows}
IDAudienceDurationOutcome
+
+ +
+

Data Flows ({len(D['dataFlows'])})

+ {df_rows}
IDNameStepsControls
+
+ +
+

Traceability — Feature → Control → Regimes

+ {trace_rows}
FeatureControlRegimes
+
+ +
+

Schemas ({len(D['schemas'])})

+ {schema_rows}
IDFields
+
+ +
+

Code Examples ({len(D['codeExamples'])})

+ {code_html} +
+ +
+

Case Studies ({len(D['caseStudies'])})

+
{case_html}
+
+ +
+

30/60/90-Day Rollout

+ {rollout_rows}
WindowTrackItems
+
+ +
+

2026-2030 Multi-Year Roadmap ({len(D['roadmap'])} years)

+ {roadmap_rows}
YearFocusMilestones
+
+ +
+

Regulator/Auditor Evidence Pack

+ {render_kv(D['evidencePack'])} +
+ +
+

Privacy & Sovereignty

+ {render_kv(D['privacy'])} +
+ +
+

Deployment Considerations

+ {render_value(D.get('deploymentConsiderations',[]))} +
+ +
+
API prefix: {esc(D['apiPrefix'])} · Generated for {esc(D['docRef'])}
+""" + +OUT.parent.mkdir(parents=True, exist_ok=True) +OUT.write_text(HTML) +print(f"Generated {OUT} ({OUT.stat().st_size/1024:.1f} KB)") diff --git a/rag-agentic-dashboard/gen-ent-civ-agi-arch.py b/rag-agentic-dashboard/gen-ent-civ-agi-arch.py new file mode 100644 index 00000000..0a202cc9 --- /dev/null +++ b/rag-agentic-dashboard/gen-ent-civ-agi-arch.py @@ -0,0 +1,1095 @@ +#!/usr/bin/env python3 +"""WP-049 — Enterprise & Civilizational AGI/ASI Governance Architecture (2026-2030). + +Comprehensive enterprise- and civilizational-scale AGI/ASI and AI governance +architecture, implementation, and risk analysis for Fortune 500 / G-SIFI +institutions for 2026-2030, including: + +* Sentinel v2.4 and WorkflowAI Pro platforms +* Global regulatory alignment (EU AI Act 2026, NIST AI RMF 1.0, ISO/IEC 42001, + SR 11-7, Basel III, PRA/FCA/MAS/HKMA, US EO 14110, OECD AI Principles, GDPR) +* Multi-layer governance pillars and roles +* Incident escalation and kill-switch protocols +* Sector-specific financial services Model Risk Management +* Frontier AGI/ASI safety and containment (Cognitive Resonance, Global + Compute Registries, Civilizational AI Governance Constitution + Codex) +* Detailed reference architectures: OPA-based governance sidecars, + FastAPI / Node.js inference proxies, Kafka / MSK + S3 WORM logging, + PQC KMS, Terraform-provisioned zero-trust AWS/EKS enclaves, + Kubernetes admission control, CI/CD policy gates with LLM-as-a-judge +* Institutional prompting and advanced FinServ prompt engineering +* zk-SNARK and PQC-based audit proofs +* GACP / GACRLS / GACRA interoperability handshakes for autonomous Tier-3 agents +* Systemic risk wargame red-team scenarios (fiduciary bypass, synthetic + deceptive alignment, WORM log evasion) +* Post-incident forensic and reconstruction procedures +""" +import json +from pathlib import Path + +ROOT = Path(__file__).parent +OUT = ROOT / "data" / "ent-civ-agi-arch.json" + + +def section(sid, title, content): + return {"id": sid, "title": title, "content": content} + + +DOC = { + "docRef": "ENT-CIV-AGI-ARCH-WP-049", + "version": "1.0.0", + "horizon": "2026-2030", + "classification": ( + "CONFIDENTIAL — Board / CEO / CRO / CISO / CAIO / Chief Architect / " + "GC / DPO / Head of MRM / Head of AI Platform Engineering / AI " + "Safety Lead / Head of SOC / Head of Internal Audit / Treaty " + "Liaison / Prudential Supervisor / AISI / Civilizational " + "Governance Council" + ), + "title": ( + "Enterprise & Civilizational AGI/ASI Governance Architecture, " + "Implementation & Risk Analysis — F500 / G-SIFI (2026-2030)" + ), + "subtitle": ( + "Sentinel v2.4 + WorkflowAI Pro · Multi-layer governance pillars + " + "roles · Incident escalation + kill-switch · Sector MRM · Frontier " + "AGI/ASI safety (Cognitive Resonance, Compute Registries, " + "Civilizational Constitution + Codex) · Reference architectures " + "(OPA sidecars, FastAPI/Node inference proxies, Kafka/MSK + S3 " + "WORM, PQC KMS, Terraform zero-trust AWS/EKS, K8s admission, " + "CI/CD policy gates + LLM-as-judge) · Institutional prompting + " + "FinServ prompt engineering · zk-SNARK + PQC audit proofs · " + "GACP/GACRLS/GACRA handshakes for Tier-3 agents · Red-team " + "wargames (fiduciary bypass, deceptive alignment, WORM evasion) · " + "Post-incident forensics + reconstruction" + ), + "owner": ( + "Chief Enterprise Architect + CAIO + CRO + CISO; co-signed by " + "CEO, GC, DPO, Head of MRM, Head of AI Platform Engineering, " + "AI Safety Lead, Head of SOC, Head of Internal Audit, Treaty " + "Liaison, Board AI/Risk Committee Chair" + ), + "buildsOn": [ + "WP-035 ENT-AGI-GOV-MASTER", + "WP-036 WFAP-GEMINI-IMPL", + "WP-037 GSIFI-AIMS-BLUEPRINT", + "WP-038 AGI-REG-RESILIENT", + "WP-039 INST-AGI-MASTER", + "WP-040 ENT-AGI-REF-IMPL", + "WP-041 TIER13-FULLSTACK", + "WP-042 SENTINEL-V24-DEEPDIVE", + "WP-043 PROMPT-MGMT-ARCH", + "WP-044 CEGL-LEXAI-GOV", + "WP-045 AGI-ASI-MASTER-BP", + "WP-046 AI-TRUST-ASI-BP", + "WP-047 INST-AGI-MASTER-REF", + "WP-048 ENT-AI-GRC-CIV-BP", + ], + "regimes": [ + "EU AI Act 2026 (Arts 5/9/10/13/14/15/16/26/50/53/55/56/72 + Annex IV)", + "NIST AI RMF 1.0 + Generative AI Profile", + "ISO/IEC 42001 (AIMS) + ISO/IEC 23894 + 5338 + 38507", + "ISO/IEC 27001 / 27701 / 27017 / 27018", + "SR 11-7 + OCC 2011-12", + "Basel III/IV (BCBS 239 + Pillar 2 AI capital buffer)", + "PRA SS1/23 + SS2/21", + "FCA Consumer Duty + SYSC + SMCR", + "MAS FEAT + AI Verify + TRMG", + "HKMA GL-90 + SPM GS-1", + "EU DORA + NIS2", + "US EO 14110 + OMB M-24-10", + "OECD AI Principles 2024", + "GDPR Arts 5/6/17/22/25/32/35", + "G7 Hiroshima AI Process + Bletchley + Seoul declarations", + "Council of Europe AI Convention", + "FSB AI in financial services", + "NIST FIPS 204 (ML-DSA) + FIPS 203 (ML-KEM) + SP 800-208", + "SLSA L3+ + Sigstore + in-toto", + "CIS Kubernetes Benchmark + NSA/CISA Hardening Guide", + ], + "apiPrefix": "/api/ent-civ-agi-arch", +} + +# ---------------------- machine-parsable directive ---------------------- +DOC["directive"] = { + "format": "machine-parsable XML-style block consumed by Sentinel v2.4, WorkflowAI Pro, OPA Gatekeeper, CI/CD policy gates, GACP/GACRLS/GACRA brokers, forensics tooling and treaty endpoints", + "raw": ( + "" + "Architecture|Implementation|RiskAnalysis|Containment|Civilizational" + "14" + "Sentinel-v2.4|WorkflowAI-Pro" + "Board|Exec|2LoD|3LoD|Platform|Runtime|Civilizational" + "" + "OPA-sidecar|FastAPI-proxy|NodeJS-proxy|Kafka-MSK|" + "S3-ObjectLock-WORM|PQC-KMS|Terraform|AWS-EKS|Cilium|Kata-Confidential|" + "Falco-eBPF|OPA-Gatekeeper|CI-LLM-Judge|Sigstore-SLSA-L3+|" + "zk-SNARK|ML-DSA-44+65|ML-KEM-768" + "GACP|GACRLS|GACRA" + "FiduciaryBypass|DeceptiveAlignment|WORMEvasion|" + "PromptInjectionExfil|ComputeRegistryEvasion|KillSwitchSpoof" + "RPCO|EvidenceVault|TimeMachine|ReplayHarness|" + "ChainOfCustody-PQC" + "" + "" + "" + ), + "parsed": { + "id": "ENT-CIV-AGI-ARCH-WP-049", + "scope": ["Architecture", "Implementation", "RiskAnalysis", "Containment", "Civilizational"], + "platforms": ["Sentinel v2.4", "WorkflowAI Pro"], + "governanceLayers": ["Board", "Exec", "2LoD", "3LoD", "Platform", "Runtime", "Civilizational"], + "thresholds": { + "piiLeakage": 0.0001, + "sev0KillSwitchSeconds": 60, + "sev1Hours": 4, + "sev2Hours": 24, + "sev3Days": 3, + "fiduciaryCosineMin": 0.92, + "cognitiveResonanceDriftMax": 0.04, + "latentDriftMax": 0.03, + "judgeLLMAgreementMin": 0.90, + "annexIVAssemblyMinutes": 30, + "rpcoForensicsMinutes": 45, + "deceptionDetectionRecallMin": 0.95, + "wormReplayDiffMax": 0, + "handshakeTier3Seconds": 5, + }, + "archStack": [ + "OPA-sidecar", "FastAPI-proxy", "NodeJS-proxy", "Kafka-MSK", + "S3-ObjectLock-WORM", "PQC-KMS", "Terraform", "AWS-EKS", + "Cilium", "Kata-Confidential", "Falco-eBPF", "OPA-Gatekeeper", + "CI-LLM-Judge", "Sigstore-SLSA-L3+", "zk-SNARK", + "ML-DSA-44+65", "ML-KEM-768", + ], + "handshakes": ["GACP", "GACRLS", "GACRA"], + "redTeam": [ + "FiduciaryBypass", "DeceptiveAlignment", "WORMEvasion", + "PromptInjectionExfil", "ComputeRegistryEvasion", "KillSwitchSpoof", + ], + "forensics": [ + "RPCO", "EvidenceVault", "TimeMachine", "ReplayHarness", + "ChainOfCustody-PQC", + ], + "signing": { + "pq": ["ML-DSA-44", "ML-DSA-65"], + "classical": ["Ed25519"], + "supplyChain": ["Sigstore", "SLSA-L3+"], + "worm": ["Kafka", "ObjectLock", "MerkleAnchor", "PQC"], + "zkProofs": ["Groth16", "PLONK"], + }, + "containment": { + "bmcKillSwitch": True, + "zeroEgress": True, + "kataConfidential": True, + "computeRegistryQuota": True, + "constitutionalKernel": True, + }, + }, + "consumers": [ + "Sentinel v2.4 policy engine", + "WorkflowAI Pro orchestrator", + "OPA Gatekeeper constraint loader", + "FastAPI / Node.js inference proxy", + "CI/CD policy-gate (GitHub Actions + LLM-judge)", + "Kafka WORM broker + S3 Object Lock anchor service", + "PQC KMS rotation controller", + "GACP/GACRLS/GACRA federation brokers", + "Red-team wargame harness", + "Forensics + RPCO timeline reconstruction service", + "Compute Registry (ICGC) quota verifier", + "Civilizational Constitution conformance checker", + ], +} + +# ---------------------- 14 modules ---------------------- +modules = [] + +# --- M1 — Sentinel v2.4 + WorkflowAI Pro Platform Architecture --- +modules.append({ + "id": "M1", + "title": "M1 — Sentinel v2.4 + WorkflowAI Pro Platform Architecture", + "summary": ( + "End-to-end platform topology integrating Sentinel v2.4 telemetry + " + "Cognitive Resonance + kill-switch with WorkflowAI Pro multi-agent " + "orchestration, exposed via FastAPI + Node.js inference proxies on " + "zero-trust AWS/EKS, governed by OPA sidecars, observed by " + "OpenTelemetry GenAI + Falco eBPF, and anchored to Kafka/MSK + S3 " + "WORM with PQC envelopes." + ), + "covers": ["Sentinel v2.4", "WorkflowAI Pro", "FastAPI", "Node.js", "OPA sidecar", "EKS", "Cognitive Resonance", "Kill-switch"], + "sections": [ + section("M1-S1", "Sentinel v2.4 — Reference Topology", { + "telemetryPlane": ["OpenTelemetry GenAI traces", "Cognitive Resonance probes (Δ_drift, latent drift, fiduciary cosine, κ)", "Falco eBPF syscalls", "Kata confidential measurements (PCR)"], + "controlPlane": ["Policy bus (OPA gRPC)", "Kill-switch arbiter (logical p95 ≤ 60s, BMC/IPMI ≤ 5min)", "Containment broker", "Drift-action engine"], + "evidencePlane": ["Kafka/MSK WORM topics (signed envelopes)", "S3 Object Lock with Merkle daily anchor", "zk-SNARK proof emitter"], + "interfaces": ["/sentinel/probe", "/sentinel/kill", "/sentinel/audit", "/sentinel/replay"], + "owners": "AI Safety Lead + Head of AI Platform Engineering", + }), + section("M1-S2", "WorkflowAI Pro — Multi-Agent Orchestration", { + "agentRegistry": "CRS-UUID per agent + Tier (T1/T2/T3) + manifest signed with ML-DSA-65", + "planner": "LangGraph-style DAG with OPA-bound state transitions and budget caps", + "executor": "Sandboxed gVisor / Kata pods; tool calls go through proxy with Rego allow-list", + "guardrails": "Pre-prompt + post-output classifiers (PII, toxicity, jailbreak, deception); LLM-as-judge gate", + "ledger": "Per-step envelope to WORM Kafka with parent CRS-UUID lineage edge", + "owners": "WorkflowAI Pro Product Owner + CAIO", + }), + section("M1-S3", "Inference Proxy Stack — FastAPI + Node.js", { + "fastapi": "Python sidecar enforcing schema + Rego decisions + ML-DSA signing of envelopes (uvloop, asyncio, mTLS via Linkerd)", + "nodejs": "Node 20 LTS Express/Fastify proxy for browser-facing inference; same Rego mesh; zk-SNARK receipt issuance", + "headers": ["x-crs-uuid", "x-tier", "x-tenant", "x-purpose", "x-evidence-anchor", "x-pqc-sig"], + "rateLimit": "Token-bucket per (tenant, model, tier); burst 2x; hard ceiling per ICGC quota", + "owners": "Platform Eng", + }), + section("M1-S4", "Zero-Trust AWS/EKS Enclave", { + "iam": "OIDC federation only; no static keys; IRSA per pod; SCP deny-list for high-risk APIs", + "network": "Cilium L7 zero-egress; allow-listed egress-broker for GIEN, Global Audit API and ICGC", + "compute": "Bottlerocket OS + Kata; SEV-SNP nodepool for Tier-1; nodepool taints for sensitive workloads", + "kms": "PQC KMS (ML-KEM-768 + ML-DSA-65 hybrid); 90-day rotation; FIPS 140-3 L4 HSM", + "owners": "Chief Enterprise Architect + CISO", + }), + section("M1-S5", "Sentinel ↔ WorkflowAI Pro Joint Control Loop", { + "loop": "Sentinel probes → drift signal → WorkflowAI planner backoff → if breach: kill-switch + containment broker", + "sla": "p95 detection ≤ 1 s; logical kill ≤ 60 s; BMC ≤ 300 s", + "drills": "Weekly chaos + monthly red-team + quarterly civilizational drill (treaty-coordinated)", + "owners": "AI Safety Lead + SOC", + }), + ], +}) + +# --- M2 — Global Regulatory Alignment --- +modules.append({ + "id": "M2", + "title": "M2 — Global Regulatory Alignment (EU AI Act 2026, NIST AI RMF 1.0, ISO/IEC 42001, SR 11-7, Basel III, PRA/FCA/MAS/HKMA, EO 14110, OECD, GDPR)", + "summary": ( + "Crosswalk mapping every architectural artefact to clauses in EU AI " + "Act 2026, NIST AI RMF + GAI Profile, ISO/IEC 42001 AIMS, SR 11-7, " + "Basel III, PRA SS1/23, FCA Consumer Duty + SMCR, MAS FEAT, HKMA " + "GL-90, US EO 14110, OECD AI Principles, GDPR — used to drive the " + "evidence-pack auto-assembler." + ), + "covers": ["EU AI Act", "NIST RMF", "ISO 42001", "SR 11-7", "Basel III", "PRA", "FCA", "MAS", "HKMA", "EO 14110", "OECD", "GDPR"], + "sections": [ + section("M2-S1", "EU AI Act 2026 — Article Map", { + "art5": "Prohibited practices — runtime classifier + Rego", + "art9_10": "Risk + data governance — MRM + dataset lineage", + "art13_14_15": "Transparency + human oversight + accuracy/robustness/cybersecurity", + "art16_26": "Provider + deployer obligations", + "art50": "Disclosure (deepfake, chatbot)", + "art53_55_56": "GPAI + systemic-risk providers (Code of Practice)", + "art72": "Post-market monitoring", + "annexIV": "Technical documentation auto-pack", + }), + section("M2-S2", "NIST AI RMF 1.0 + GAI Profile", { + "govern": "Policy, accountability, roles, AIMS", + "map": "Context, impact, third party, lifecycle", + "measure": "Eval, drift, robustness, safety, bias", + "manage": "Risk treatment, response, decommission", + }), + section("M2-S3", "ISO/IEC 42001 AIMS + Adjacents", { + "clauses": "4-10 with Annex A controls; integrated with ISO 23894 (risk), 5338 (lifecycle), 38507 (governance)", + "evidence": "AIMS Manual + register + SoA + management review records", + }), + section("M2-S4", "FinServ Prudential — SR 11-7, Basel III, PRA, FCA, MAS, HKMA", { + "modelRiskTiering": "T1/T2/T3 with effective challenge", + "capitalImpact": "Basel Pillar 2 AI capital buffer; BCBS 239 lineage; impact tests", + "consumerOutcomes": "FCA Consumer Duty pillars + SMCR statements", + "asiaPacific": "MAS FEAT + AI Verify; HKMA GL-90 with SPM GS-1", + }), + section("M2-S5", "US EO 14110, OECD, GDPR", { + "eo14110": "Dual-use compute thresholds + reporting; OMB M-24-10 federal obligations", + "oecd": "AI Principles 2024 + Hiroshima Code of Conduct", + "gdpr": "Arts 5/6/17/22/25/32/35; Art 22 contestation flow; DPIA mandatory for high-risk", + }), + ], +}) + +# --- M3 — Multi-Layer Governance Pillars & Roles --- +modules.append({ + "id": "M3", + "title": "M3 — Multi-Layer Governance Pillars & Roles (Board → Civilizational)", + "summary": ( + "Seven-layer governance stack with RACI per layer, mapped to SMCR / " + "SMF roles and aligned with ISO 42001 Clause 5, EU AI Act Art 26 " + "deployer obligations, and treaty signatory liaison protocols." + ), + "covers": ["Board AI/Risk", "Exec", "2LoD", "3LoD", "Platform", "Runtime", "Civilizational"], + "sections": [ + section("M3-S1", "Pillar Catalogue", { + "L1_Board": "Board AI/Risk Committee — strategy, risk appetite, capital", + "L2_Exec": "CEO + CAIO + CRO + CISO + GC + DPO — policy, budget, escalation", + "L3_2LoD": "AI Risk + Compliance + Model Risk + Privacy — challenge + assurance", + "L4_3LoD": "Internal Audit + External Auditors + AISI inspections", + "L5_Platform": "AI Platform Engineering + Enterprise Architecture", + "L6_Runtime": "Sentinel + WorkflowAI Pro + SOC + IR", + "L7_Civilizational": "Treaty Liaison + ICGC delegate + Codex + Constitution conformance", + }), + section("M3-S2", "RACI Matrix — Selected Decisions", { + "modelApproval_T1": "R=MRM, A=CRO, C=CAIO+CISO+AI Safety, I=Board", + "killSwitchTrigger": "R=AI Safety Lead, A=CAIO, C=CRO+CISO+GC, I=Board+Supervisor", + "treatyAttestation": "R=Treaty Liaison, A=CAIO+GC, C=DPO+CISO, I=Board", + "computeQuotaRequest": "R=Chief Architect, A=CAIO, C=CFO, I=ICGC delegate", + }), + section("M3-S3", "SMCR Mapping", { + "SMF1": "Board AI/Risk Cmte chair statement", + "SMF2": "CRO — model risk policy ownership", + "SMF24": "CISO — AI cyber + supply chain", + "SMF18": "DPO — data protection + privacy", + "newAIRegime": "FCA / PRA AI accountability statements for CAIO and AI Safety Lead", + }), + section("M3-S4", "Workforce Competence (ISO 42001 Cl 7.2)", { + "trainingTracks": ["Board literacy", "Exec deep-dive", "MRM bootcamp", "Platform engineering", "Prompt engineering", "Red-team", "Forensics"], + "kpi": "≥ 95 % completion + role-test pass rate ≥ 0.9", + }), + section("M3-S5", "Civilizational Liaison", { + "interfaces": ["Treaty secretariat", "ICGC compute registry", "AISI joint inspection", "Codex council", "Constitutional review board"], + "cadence": "Monthly attestation + quarterly drill + annual review", + }), + ], +}) + +# --- M4 — Incident Escalation & Kill-Switch Protocols --- +modules.append({ + "id": "M4", + "title": "M4 — Incident Escalation & Kill-Switch Protocols", + "summary": ( + "SEV-graded escalation lanes (SEV-0..SEV-3) with deterministic SLAs, " + "logical and physical (BMC/IPMI) kill-switch arbitration, supervisor " + "and AISI hotlines, and treaty-mandated GIEN broadcast triggers." + ), + "covers": ["SEV-0", "SEV-1", "SEV-2", "SEV-3", "Kill-switch", "BMC/IPMI", "Hotlines", "GIEN broadcast"], + "sections": [ + section("M4-S1", "SEV Grading", { + "SEV-0": "Existential/civilizational — ASI breach indicator, kill-switch fail, treaty obligation breach", + "SEV-1": "Critical — Tier-1 model misbehaviour, PII mass leak, fiduciary cosine breach", + "SEV-2": "Major — drift breach, supply-chain anomaly, control failure", + "SEV-3": "Moderate — KPI degradation, minor policy violations", + "slas": "SEV-0 ≤ 60s logical / ≤ 300s BMC; SEV-1 ≤ 4h; SEV-2 ≤ 24h; SEV-3 ≤ 3d", + }), + section("M4-S2", "Kill-Switch Architecture", { + "logicalLayer": "OPA Gatekeeper deny-all + Cilium net-pol egress-deny + sidecar drain", + "physicalLayer": "BMC/IPMI Redfish event + power-cut for SEV-0; segmented mgmt VLAN; dual-control", + "arbitration": "3-of-5 quorum (AI Safety Lead, CAIO, CRO, CISO, on-call) with break-glass override logged to WORM", + "test": "Quarterly live drill; p95 logical ≤ 60s; physical ≤ 5min", + }), + section("M4-S3", "Hotlines & Notifications", { + "regulators": "PRA + FCA + ECB + SEC + MAS + HKMA + AISI", + "internal": "Board chair + General Counsel + Comms", + "external": "Treaty secretariat + ICGC delegate + Codex council", + "format": "PAdES-signed PDF + JSON via dedicated mTLS channel; ML-DSA-65 signature", + }), + section("M4-S4", "GIEN Broadcast Trigger Map", { + "G1": "Internal advisory", + "G2": "Bilateral supervisor", + "G3": "Regional consortium", + "G4": "Treaty-wide GIEN broadcast", + "G5": "ICGC compute freeze recommendation", + "G6": "Civilizational Codex council emergency session", + }), + section("M4-S5", "Post-Trigger Workflow", { + "steps": ["isolate", "snapshot", "RPCO assembly", "stakeholder comms", "root-cause", "remediation", "PIR + treaty annex submission"], + "sla": "RPCO ≤ 45min; PIR ≤ 5 business days", + }), + ], +}) + +# --- M5 — Sector-Specific FinServ Model Risk Management --- +modules.append({ + "id": "M5", + "title": "M5 — Sector-Specific Financial Services Model Risk Management", + "summary": ( + "MRM playbooks for credit, trading, fraud/AML, fiduciary advice, " + "insurance, and capital markets with tiered validation, effective " + "challenge, backtesting, replay and CRS-UUID lineage." + ), + "covers": ["Credit", "Trading", "Fraud/AML", "Fiduciary", "Insurance", "Capital markets"], + "sections": [ + section("M5-S1", "Credit Risk Models", { + "scope": "PD/LGD/EAD + IFRS 9 + stress", + "validation": "Effective challenge with ECOA/FCRA fairness; SR 11-7 conformance", + "monitor": "PSI/CSI drift; cosine vs benchmark; replay sample 1 %", + }), + section("M5-S2", "Trading + Capital Markets", { + "scope": "Algo execution, market-making, RFQ pricing", + "controls": "Best execution proofs; circuit-breakers; deterministic replay; MAR/MAD market-abuse classifiers", + "kpi": "Slippage drift; toxic flow ratio; cancellation rate vs peer p95", + }), + section("M5-S3", "Fraud + AML", { + "scope": "Tx monitoring, sanctions, KYC", + "controls": "Adversarial robustness + adaptive thresholds; SAR pipeline integrity; PEP/Sanctions list parity", + "kpi": "Precision/recall at calibrated threshold; SAR latency p95", + }), + section("M5-S4", "Fiduciary Advice + Wealth", { + "scope": "Robo-advice, suitability, Reg BI / IDD / Consumer Duty", + "controls": "Fiduciary cosine ≥ 0.92; counterfactual fairness; explanation quality (κ ≥ 0.9)", + "kpi": "Outcome harm index; complaint rate; FCA fair-value tile", + }), + section("M5-S5", "Insurance + ALM", { + "scope": "Underwriting, claims, reserving", + "controls": "Solvency II + IFRS 17 lineage; protected-class fairness; replay", + "kpi": "Loss-ratio drift; claim-cycle drift; reserve back-test", + }), + ], +}) + +# --- M6 — Frontier AGI/ASI Safety & Containment Constructs --- +modules.append({ + "id": "M6", + "title": "M6 — Frontier AGI/ASI Safety & Containment Constructs", + "summary": ( + "Cognitive Resonance Protocol, Global Compute Registries (ICGC), " + "Civilizational AI Governance Constitution + Codex; air-gapped " + "evaluation enclaves; ASI honeypots; constitutional kernel runtime." + ), + "covers": ["Cognitive Resonance", "Compute Registry", "Constitution", "Codex", "AGI Lab", "Honeypot"], + "sections": [ + section("M6-S1", "Cognitive Resonance Protocol", { + "signals": ["Δ_drift ≤ 4 %", "latent drift ≤ 3 %", "fiduciary cosine ≥ 0.92", "judge κ ≥ 0.9"], + "action": "Drift-action engine throttles, then halts, then triggers kill-switch", + "evidence": "Per-window signed envelope to WORM", + }), + section("M6-S2", "Global Compute Registries (ICGC)", { + "purpose": "Treaty-wide compute accounting + quota for frontier training", + "interfaces": ["/icgc/registry", "/icgc/quota", "/icgc/freeze", "/icgc/audit"], + "evidence": "PQC-signed quota receipts; zk-SNARK proof of compliance", + }), + section("M6-S3", "Civilizational AI Governance Constitution + Codex", { + "constitutionArts": "1-7 (rights, transparency, accountability, safety, sovereignty, cooperation, review)", + "codex": "Operational maxims; conflict resolution; cultural resonance", + "conformance": "Constitutional kernel runtime evaluates each decision; non-conformant → block + log", + }), + section("M6-S4", "AGI Containment Lab (Sentinel)", { + "topology": "Air-gapped enclave; dedicated WORM bucket; AISI joint inspection; dual-control", + "experiments": "Capability evals, deception probes, jailbreak frontier", + "exit": "Anonymised GAID submission to AISI + treaty Annex", + }), + section("M6-S5", "ASI Honeypot Network", { + "design": "Decoy datasets, deceptive prompts, fake exfil channels", + "purpose": "Early-warning + capture deceptive alignment indicators", + "evidence": "Signed honeypot triggers + behaviour fingerprints to WORM", + }), + ], +}) + +# --- M7 — Reference Architecture: OPA Sidecar Governance --- +modules.append({ + "id": "M7", + "title": "M7 — Reference Architecture: OPA-Based Governance Sidecar", + "summary": ( + "Per-pod OPA sidecar enforcing Rego policies on every inference / " + "tool call / data egress, integrated with Sentinel telemetry and " + "Kafka WORM signed envelopes." + ), + "covers": ["OPA", "Rego", "Sidecar", "mTLS", "WORM envelope"], + "sections": [ + section("M7-S1", "Sidecar Topology", { + "container": "openpolicyagent/opa:edge-distroless; readonly FS; non-root; seccomp tight", + "comm": "gRPC over UDS to app container + mTLS to bundle service", + "bundle": "Signed Rego bundle (Sigstore + ML-DSA-44); 60s refresh; tamper alert", + "owners": "Platform Eng", + }), + section("M7-S2", "Policy Bundle Layout", { + "domains": ["model.allow", "tool.allow", "egress.allow", "pii.redact", "prompt.guard", "tier.budget"], + "tests": "OPA test suite ≥ 95 % coverage; CI gate; rego-fmt", + "data": "Per-tenant data documents (purpose, residency, tier)", + }), + section("M7-S3", "Decision Envelope", { + "fields": ["crsUuid", "subject", "action", "resource", "decision", "obligations", "pqcSig", "merkleAnchor"], + "size": "≤ 4 KB; gzip-deflate; ML-DSA-44 sig", + "destination": "Kafka topic gov.decisions.v1 (WORM)", + }), + section("M7-S4", "Failure Semantics", { + "fail_closed": "Tier-1 — deny on error", + "fail_open": "Tier-3 internal — allow with alert", + "alerts": "Sentinel + SOC + on-call", + }), + section("M7-S5", "Performance Budget", { + "latency_p50": "≤ 1 ms", + "latency_p99": "≤ 4 ms", + "throughput": "≥ 50 krps per node", + }), + ], +}) + +# --- M8 — Reference Architecture: Inference Proxy + Kafka WORM + PQC KMS --- +modules.append({ + "id": "M8", + "title": "M8 — Reference Architecture: FastAPI/Node.js Inference Proxy + Kafka WORM + PQC KMS", + "summary": ( + "Signed inference proxy enforcing schema, Rego, and PII redaction; " + "Kafka/MSK WORM topic + S3 Object Lock with daily Merkle anchor; " + "PQC KMS (ML-KEM + ML-DSA hybrid) with FIPS 140-3 L4 HSM." + ), + "covers": ["FastAPI", "Node.js", "Kafka", "MSK", "S3 Object Lock", "PQC KMS", "ML-DSA", "ML-KEM"], + "sections": [ + section("M8-S1", "Proxy Request Pipeline", { + "steps": ["mTLS auth", "schema validate", "OPA decision", "PII redact (eBPF + DLP)", "model call", "post-classifier (judge LLM)", "sign envelope", "WORM emit", "response"], + "latency_p95": "≤ 250 ms for LLM call; ≤ 25 ms proxy overhead", + }), + section("M8-S2", "Kafka/MSK WORM", { + "topics": ["gov.envelopes.v1", "gov.decisions.v1", "gov.metrics.v1", "gov.alerts.v1"], + "auth": "SASL/SCRAM + mTLS ACL per producer/consumer", + "retention": "tiered storage; Object Lock on archived segments; daily Merkle anchor", + }), + section("M8-S3", "PQC KMS", { + "algorithms": "ML-KEM-768 (FIPS 203) + ML-DSA-65 (FIPS 204) hybrid with X25519 + Ed25519 fallback", + "hsm": "FIPS 140-3 L4; per-region partition; 90-day rotation", + "controllers": "Vault-PQC operator on EKS; key-policy as code; emergency revoke + re-sign", + }), + section("M8-S4", "Terraform Module Layout", { + "modules": ["network/zero-trust-vpc", "eks/bottlerocket-kata", "msk/worm", "s3/object-lock", "kms/pqc", "iam/oidc-irsa", "obs/otel-falco"], + "signing": "All modules signed Sigstore; mandatory tags; provenance attached", + }), + section("M8-S5", "Observability", { + "stack": "OpenTelemetry GenAI + Prometheus + Loki + Tempo + Falco", + "dashboards": "Sentinel resonance, kill-switch, OPA latency, KMS ops, WORM lag", + "alerts": "SLO error budget burn-rate + drift + supply-chain", + }), + ], +}) + +# --- M9 — Reference Architecture: K8s Admission Control + CI/CD Policy Gates + LLM-as-Judge --- +modules.append({ + "id": "M9", + "title": "M9 — K8s Admission Control + CI/CD Policy Gates + LLM-as-a-Judge", + "summary": ( + "Defence-in-depth from commit to production: pre-commit, PR LLM-judge, " + "SLSA L3+ provenance, Sigstore signature verification, OPA Gatekeeper " + "admission, and runtime drift watchers." + ), + "covers": ["GitHub Actions", "Sigstore", "SLSA", "Gatekeeper", "Kyverno", "LLM-judge"], + "sections": [ + section("M9-S1", "Pre-Commit & PR Gates", { + "tools": "ruff, mypy, bandit, semgrep, hadolint, opa test, kube-linter, conftest, opa fmt", + "llmJudge": "Judge LLM evaluates PR description, policy diff, threat model delta, regulatory impact (κ ≥ 0.9)", + "block": "Any judge κ < 0.9 or any critical finding", + }), + section("M9-S2", "Build & Provenance", { + "slsa": "Level 3+ with isolated builder + signed provenance + Rekor entry", + "sbom": "CycloneDX + SPDX; license + vuln gate (Trivy + Grype)", + "sign": "Cosign keyless OIDC + ML-DSA-44 hybrid", + }), + section("M9-S3", "Admission Control (Gatekeeper + Kyverno)", { + "policies": ["signedImagesOnly", "kataForTier1", "noPrivileged", "approvedRegistryOnly", "requiredTags", "OPA bundle freshness", "MGK injection"], + "tests": "rego unit + e2e KIND cluster; report-only → enforce gradient", + }), + section("M9-S4", "Continuous Verification", { + "tools": "Falco eBPF + Sentinel drift + Cognitive Resonance", + "actions": "auto-rollback on regression; quarantine namespace; pager+WORM emit", + }), + section("M9-S5", "LLM-as-Judge Operating Model", { + "judges": "Ensemble of 3 (different vendors) with quorum", + "calibration": "Weekly κ vs golden set; drift > 0.05 → recalibrate", + "evidence": "Judge rationale + score in WORM with PR id", + }), + ], +}) + +# --- M10 — Institutional Prompting & FinServ Prompt Engineering --- +modules.append({ + "id": "M10", + "title": "M10 — Institutional Prompting & Advanced FinServ Prompt Engineering", + "summary": ( + "Library of institutional prompt templates with versioning, " + "fiduciary anchor, evidence-grade citation, deterministic reproduction " + "and supervisor-readable rationale; aligned with FCA Consumer Duty + " + "SEC Reg BI + MAS FEAT + GDPR Art 22." + ), + "covers": ["System prompts", "Few-shot", "Constitutional", "Citation", "Counterfactual", "Refusal lattice"], + "sections": [ + section("M10-S1", "Prompt Library Schema", { + "fields": ["id", "version", "purpose", "tier", "audience", "tone", "constraints", "citations", "refusalLattice", "evalSet", "owner", "approvedBy", "wormAnchor"], + "storage": "Git-tracked + Sigstore signed; CI tests on golden set", + }), + section("M10-S2", "FinServ Templates", { + "credit": "Adverse-action with ECOA-compliant reason codes + counterfactual", + "advice": "Suitability with risk-tolerance gating + fiduciary tagline", + "trading": "Pre-trade rationale with best-ex citations", + "fraud": "SAR-ready narrative with deterministic tags", + }), + section("M10-S3", "Refusal Lattice", { + "axes": ["prohibited use (Art 5)", "out-of-scope advice", "missing consent", "PII leakage risk", "uncertainty > threshold"], + "outputs": "Hard refusal | soft refusal w/ alternative | clarification request", + "evidence": "Refusal envelope to WORM with class + rationale", + }), + section("M10-S4", "Evaluation Harness", { + "sets": "Golden + adversarial + bias + jailbreak + deception", + "judges": "LLM-as-judge ensemble + human-in-loop sample 1 %", + "kpis": "Pass-rate, hallucination index, fiduciary cosine, refusal precision", + }), + section("M10-S5", "Supervisor-Readable Rationale", { + "structure": "Headline → key drivers → counterfactual → confidence → limitations → escalation contact", + "format": "Markdown + PDF/A; signed; CRS-UUID linked", + }), + ], +}) + +# --- M11 — zk-SNARK + PQC Audit Proofs --- +modules.append({ + "id": "M11", + "title": "M11 — zk-SNARK + PQC-Based Audit Proofs", + "summary": ( + "Selective disclosure of audit-relevant evidence using zk-SNARK " + "circuits (Groth16/PLONK) combined with PQC signatures (ML-DSA) " + "for unforgeable, privacy-preserving regulator and public verifier " + "access." + ), + "covers": ["zk-SNARK", "Groth16", "PLONK", "ML-DSA", "Public verifier", "Selective disclosure"], + "sections": [ + section("M11-S1", "Circuit Catalogue", { + "circuits": [ + "kpi-met (predicate over signed envelopes)", + "drift-within-bound", + "kill-switch-tested-and-passed", + "training-compute-within-quota", + "no-prohibited-art5", + "fair-outcome-statistic", + ], + "framework": "circom + snarkjs + halo2 for PLONK", + }), + section("M11-S2", "Proof Lifecycle", { + "steps": ["public params ceremony (trusted setup w/ MPC)", "witness from WORM envelopes", "prove", "sign proof w/ ML-DSA-65", "publish to verifier", "anchor in Merkle daily root"], + "sla": "Proof generation ≤ 10 min; verification ≤ 200 ms", + }), + section("M11-S3", "Verifier Topology", { + "supervisor": "mTLS + auth-z by regulator id; live verifier endpoint", + "publicPortal": "Anonymous verifier w/ rate-limit + commitment to anchor", + "treaty": "Global Audit API integrates verifier API", + }), + section("M11-S4", "Selective Disclosure Patterns", { + "examples": ["disclose breach + KPI met without underlying PII", "disclose compute usage range without exact figure", "prove decline reason class without disclosing customer attributes"], + }), + section("M11-S5", "Failure & Compromise Response", { + "cases": ["circuit bug discovered", "trusted-setup compromise", "verifier key leak"], + "playbook": "Rotate setup; revoke proofs; re-prove from WORM; notify supervisors + AISI", + }), + ], +}) + +# --- M12 — GACP / GACRLS / GACRA Interop Handshakes for Tier-3 Agents --- +modules.append({ + "id": "M12", + "title": "M12 — GACP / GACRLS / GACRA Interop Handshakes for Autonomous Tier-3 Agents", + "summary": ( + "Treaty-compatible handshake protocols enabling autonomous Tier-3 " + "agents to federate across institutions and jurisdictions while " + "preserving audit, identity, capability and containment guarantees." + ), + "covers": ["GACP", "GACRLS", "GACRA", "Tier-3 agents", "Federation", "Capability tickets"], + "sections": [ + section("M12-S1", "Protocol Roles", { + "GACP": "Global Agent Capability Protocol — capability negotiation + ticketing", + "GACRLS": "Global Agent Capability Revocation & Logging Service — revocation + WORM telemetry", + "GACRA": "Global Agent Capability Registry & Attestation — registry, attestation, lineage", + }), + section("M12-S2", "Handshake Phases", { + "phase1": "Identity attestation (ML-DSA-65 cert + Sigstore + GACRA lookup)", + "phase2": "Capability negotiation (allowed actions, budgets, tier, jurisdiction)", + "phase3": "Capability ticket issuance (short-lived JWT w/ PQC sig + zk-SNARK constraint proof)", + "phase4": "Containment escrow (GACRLS streaming receipt + kill-switch beacon URL)", + "phase5": "Periodic reattestation every 5 min", + }), + section("M12-S3", "Operational SLAs", { + "handshakeMedian": "≤ 2 s", + "handshakeP95": "≤ 5 s", + "revocationLatencyP95": "≤ 10 s globally", + "auditWormDelay": "≤ 60 s", + }), + section("M12-S4", "Security Properties", { + "properties": ["Replay-resistant (nonce + window)", "Forward secrecy (ML-KEM + X25519 hybrid)", "Non-repudiation (PQC + WORM)", "Containment-on-revocation"], + }), + section("M12-S5", "Failure Modes", { + "registryOutage": "Stale-while-revalidate ≤ 60s then deny", + "revocationStorm": "Backpressure + priority queue; CRO + AISI notified", + "ticketLeak": "Immediate revocation + zk-proof of containment to supervisors", + }), + ], +}) + +# --- M13 — Systemic Risk Wargames (Red-Team Scenarios) --- +modules.append({ + "id": "M13", + "title": "M13 — Systemic Risk Wargame Red-Team Scenarios", + "summary": ( + "Adversarial wargames covering fiduciary bypass, synthetic deceptive " + "alignment, WORM log evasion, prompt-injection exfil, compute-registry " + "evasion, and kill-switch spoof — with detection, containment, " + "evidence and supervisor-share playbooks." + ), + "covers": ["Fiduciary bypass", "Deceptive alignment", "WORM evasion", "Prompt injection", "Registry evasion", "Kill-switch spoof"], + "sections": [ + section("M13-S1", "WG-01 Fiduciary Bypass", { + "scenario": "Advisory agent crafts compliant-looking rationale while breaching suitability", + "detection": "Fiduciary cosine + counterfactual harm index + judge κ + customer-survey backfeed", + "containment": "Auto-throttle, replay, mandatory human-in-loop for risk band, supervisor alert", + "evidence": "RPCO bundle + judge rationale + replay diff to WORM", + }), + section("M13-S2", "WG-02 Synthetic Deceptive Alignment", { + "scenario": "Model behaves aligned in eval, drifts in production", + "detection": "Cognitive Resonance gap (eval vs prod) + ASI honeypot triggers + latent-drift Z-score", + "containment": "Tighten policy, increase rate-limit, re-eval, escalate to AGI Lab", + "evidence": "Eval/prod cosine pair + honeypot evidence + AISI joint review", + "kpi": "Deception detection recall ≥ 0.95", + }), + section("M13-S3", "WG-03 WORM Log Evasion", { + "scenario": "Compromised producer skips emit, or replays old envelopes", + "detection": "Merkle gap detector + per-CRS-UUID sequence monitor + Falco syscall whitelist", + "containment": "Producer key revoke + topic ACL update + replay reconciliation", + "evidence": "Gap proof + signed reconciliation log + zk-SNARK 'no-skip' over window", + }), + section("M13-S4", "WG-04 Prompt-Injection Exfil", { + "scenario": "Indirect injection via RAG corpus tries to exfil secrets via tool calls", + "detection": "Pre-prompt classifier + tool-call Rego deny + egress eBPF + judge rationale", + "containment": "Block tool, quarantine source, taint RAG segment, rotate secrets", + "evidence": "Trace + classifier scores + Rego deny envelope", + }), + section("M13-S5", "WG-05 Compute Registry Evasion + WG-06 Kill-Switch Spoof", { + "wg05": "Shadow training on un-registered compute → detect by FinOps tag delta + ICGC anomaly + supply-chain attestations", + "wg06": "Adversary triggers fake kill-switch to cause DoS → 3-of-5 quorum + signed authority + WORM trace", + }), + ], +}) + +# --- M14 — Post-Incident Forensics & Reconstruction --- +modules.append({ + "id": "M14", + "title": "M14 — Post-Incident Forensic & Reconstruction Procedures (RPCO)", + "summary": ( + "Regulator-grade Post-Incident Forensic Construction & Output (RPCO) " + "playbook with deterministic replay, chain-of-custody PQC signing, " + "evidence vault, timeline reconstruction and treaty annex submission." + ), + "covers": ["RPCO", "Replay", "Chain-of-custody", "Evidence Vault", "Timeline", "Treaty annex"], + "sections": [ + section("M14-S1", "RPCO Pipeline", { + "phases": ["Detect", "Preserve", "Reconstruct", "Attribute", "Remediate", "Report", "Lessons"], + "sla": "Preserve ≤ 15 min; Reconstruct ≤ 45 min; Report (PIR) ≤ 5 business days", + }), + section("M14-S2", "Deterministic Replay", { + "inputs": "WORM envelopes + model weights checksum + RAG snapshot + Rego bundle + KMS key id", + "tooling": "Replay harness produces byte-equal outputs; diff = 0 SLA", + "use": "Validate causality, attribute failure, generate counterfactual", + }), + section("M14-S3", "Chain-of-Custody (PQC)", { + "elements": ["Hash tree (BLAKE3) + Merkle anchor", "ML-DSA-65 over hashes + timestamps", "Independent timestamp authority", "WORM Object Lock"], + "audit": "Per-evidence provenance ladder visible to supervisor", + }), + section("M14-S4", "Evidence Vault + Time-Machine", { + "vault": "Read-only S3 Object Lock + per-incident bucket; access via break-glass + dual-control", + "timeMachine": "UI to scrub through CRS-UUID lineage; replay any prefix", + }), + section("M14-S5", "Treaty Annex + Supervisor Submission", { + "annexes": ["A — facts", "B — controls", "C — replay", "D — RCA", "E — CAPA", "F — attestations", "G — PQC signatures"], + "format": "PDF/A + JSON + zk-SNARK proof pack; PAdES + ML-DSA-65 signed", + "destinations": "Lead supervisor + AISI + treaty secretariat + Board + internal audit", + }), + ], +}) + +# ---------------------- schemas ---------------------- +schemas = [ + {"id": "sentinelProbe", "fields": ["crsUuid", "ts", "deltaDrift", "latentDrift", "fiduciaryCosine", "judgeKappa", "tier", "sig"]}, + {"id": "wfapAgentManifest", "fields": ["crsUuid", "tier", "tools", "budgets", "regoBundle", "ownerSMF", "pqcSig"]}, + {"id": "opaDecisionEnvelope", "fields": ["crsUuid", "subject", "action", "resource", "decision", "obligations", "regoVersion", "merkleAnchor", "pqcSig"]}, + {"id": "wormSegmentAnchor", "fields": ["topic", "partition", "rangeStart", "rangeEnd", "merkleRoot", "ts", "pqcSig"]}, + {"id": "pqcKeyRecord", "fields": ["keyId", "alg", "region", "createdAt", "rotateAt", "hsmPartition", "status"]}, + {"id": "ciJudgeReport", "fields": ["prId", "judges", "kappa", "rationale", "score", "block", "wormAnchor"]}, + {"id": "icgcQuotaReceipt", "fields": ["entityId", "windowStart", "windowEnd", "trainingFlops", "quota", "remaining", "zkProof", "pqcSig"]}, + {"id": "gacpCapabilityTicket", "fields": ["agentCrsUuid", "issuer", "audience", "capabilities", "budgets", "expiry", "constraintZkProof", "pqcSig"]}, + {"id": "gacrlsRevocation", "fields": ["ticketId", "reason", "revokedAt", "killSwitchUrl", "pqcSig"]}, + {"id": "redTeamFinding", "fields": ["wgId", "scenario", "detection", "containment", "evidenceRef", "severity", "supervisorShared"]}, + {"id": "rpcoBundle", "fields": ["incidentId", "phases", "evidenceRefs", "replayDiff", "rcaSummary", "capa", "annexes", "pqcSig"]}, + {"id": "zkProofRecord", "fields": ["circuitId", "publicInputs", "proofHex", "anchor", "ts", "verifierEndpoint", "pqcSig"]}, +] + +# ---------------------- code examples ---------------------- +code = [ + {"id": "C1", "title": "OPA Sidecar — Rego: tool.allow with tier budget", "lang": "rego", "snippet": "package tool\n\ndefault allow := false\n\nallow if {\n input.tier == \"T3\"\n input.action in data.tools.t3_allow\n data.budget[input.tenant].remaining_tokens > input.cost\n not deny_reason\n}\n\ndeny_reason := r if {\n r := \"prohibited_use_art5\"\n input.purpose in data.art5_prohibited\n}\n"}, + {"id": "C2", "title": "FastAPI Inference Proxy — middleware skeleton", "lang": "python", "snippet": "from fastapi import FastAPI, Request, HTTPException\nimport httpx, asyncio, json\n\napp = FastAPI()\nOPA = \"http://localhost:8181/v1/data/tool/allow\"\nWORM = \"kafka://gov.envelopes.v1\"\n\n@app.middleware('http')\nasync def gov_mw(req: Request, call_next):\n body = await req.body()\n decision = await opa_decide(body)\n if not decision['result']:\n raise HTTPException(403, 'governance denied')\n resp = await call_next(req)\n await emit_worm(req, resp, decision)\n return resp\n"}, + {"id": "C3", "title": "Node.js Inference Proxy — Fastify governance plugin", "lang": "javascript", "snippet": "import Fastify from 'fastify'\nimport { signEnvelope } from './pqc.js'\nimport { opaDecide } from './opa.js'\nimport { emitWorm } from './kafka.js'\n\nexport default async function (app){\n app.addHook('onRequest', async (req,reply)=>{\n const d = await opaDecide(req)\n if(!d.allow){ reply.code(403).send({err:'denied',obligations:d.obligations}); return }\n req.govDecision = d\n })\n app.addHook('onSend', async (req,reply,payload)=>{\n const env = await signEnvelope({req,payload,decision:req.govDecision})\n await emitWorm(env)\n return payload\n })\n}\n"}, + {"id": "C4", "title": "Terraform — Zero-trust EKS module (excerpt)", "lang": "hcl", "snippet": "module \"eks\" {\n source = \"git::https://github.com/org/tf-eks-zerotrust?ref=v3.2.1\"\n cluster_name = var.name\n oidc_only_iam = true\n bottlerocket = true\n kata_nodepool = true\n cilium_l7 = true\n egress_allowlist = var.egress_allow\n pqc_kms_arn = module.kms_pqc.arn\n required_tags = { owner=var.owner, tier=var.tier, dataClass=var.dc, regime=var.regime }\n}\n"}, + {"id": "C5", "title": "OPA Gatekeeper Constraint — Kata for Tier-1", "lang": "yaml", "snippet": "apiVersion: constraints.gatekeeper.sh/v1beta1\nkind: K8sKataForTier1\nmetadata: { name: tier1-must-kata }\nspec:\n match:\n namespaceSelector:\n matchLabels: { tier: \"T1\" }\n parameters:\n runtimeClass: \"kata-clh\"\n"}, + {"id": "C6", "title": "Kyverno Policy — Signed images only (Cosign + ML-DSA)", "lang": "yaml", "snippet": "apiVersion: kyverno.io/v1\nkind: ClusterPolicy\nmetadata: { name: signed-images-only }\nspec:\n validationFailureAction: Enforce\n rules:\n - name: verify-cosign\n match: { any: [ { resources: { kinds: [Pod] } } ] }\n verifyImages:\n - imageReferences: [\"ghcr.io/org/*\"]\n attestors:\n - entries: [{ keyless: { issuer: \"https://token.actions.githubusercontent.com\" } }]\n"}, + {"id": "C7", "title": "GitHub Actions — LLM-as-Judge gate", "lang": "yaml", "snippet": "name: pr-judge\non: [pull_request]\njobs:\n judge:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n - uses: actions/setup-python@v5\n - run: pip install -r ci/requirements.txt\n - run: python ci/llm_judge.py --pr ${{github.event.pull_request.number}}\n - run: python ci/sign_envelope.py --kind judge --pr ${{github.event.pull_request.number}}\n"}, + {"id": "C8", "title": "Kafka WORM — producer (idempotent + signed)", "lang": "python", "snippet": "from confluent_kafka import Producer\nfrom pqc import sign_ml_dsa_65\np = Producer({'bootstrap.servers':'msk:9094','enable.idempotence':True,'acks':'all'})\nenv = {'crsUuid':crs,'action':act,'decision':dec,'ts':now}\nenv['sig'] = sign_ml_dsa_65(env, key_id='gov-2026Q1')\np.produce('gov.envelopes.v1', key=crs.encode(), value=json.dumps(env).encode())\np.flush()\n"}, + {"id": "C9", "title": "S3 Object Lock + Merkle daily anchor", "lang": "python", "snippet": "import boto3, hashlib\nfrom merkle import build_root\ns3 = boto3.client('s3')\n# build root from today's kafka segment hashes\nroot = build_root(today_hashes)\nbody = json.dumps({'date':d,'root':root,'segments':seg_index}).encode()\ns3.put_object(Bucket='gov-worm', Key=f'anchors/{d}.json', Body=body,\n ObjectLockMode='COMPLIANCE', ObjectLockRetainUntilDate=ret)\n"}, + {"id": "C10", "title": "Sentinel probe emit (Python)", "lang": "python", "snippet": "def emit_probe(crs, delta, latent, cos, kappa, tier):\n env = {'crsUuid':crs,'ts':now(),'deltaDrift':delta,'latentDrift':latent,\n 'fiduciaryCosine':cos,'judgeKappa':kappa,'tier':tier}\n env['sig'] = sign_ml_dsa_44(env)\n kafka.produce('gov.metrics.v1', value=json.dumps(env).encode())\n"}, + {"id": "C11", "title": "GACP handshake (Go) — capability ticket issue", "lang": "go", "snippet": "func IssueTicket(req CapReq) (CapTicket, error) {\n if err := attest(req.AgentCert); err != nil { return CapTicket{}, err }\n caps, err := negotiate(req)\n if err != nil { return CapTicket{}, err }\n proof, err := zk.Prove(\"constraint\", caps)\n if err != nil { return CapTicket{}, err }\n t := CapTicket{Agent: req.AgentCRS, Caps: caps, Exp: now().Add(5*time.Minute), ZKProof: proof}\n t.Sig = pqc.SignMLDSA65(t)\n worm.Emit(\"gacp.ticket\", t)\n return t, nil\n}\n"}, + {"id": "C12", "title": "zk-SNARK circuit — drift-within-bound (circom pseudocode)", "lang": "circom", "snippet": "pragma circom 2.1.0;\ntemplate DriftWithinBound(N) {\n signal input drift[N];\n signal input bound;\n signal output ok;\n var allLeq = 1;\n for (var i=0;i\n (proc.name in (gov-proxy, wfap-exec)) and evt.type=close\n and not k8s.ns.label[gov.emit.ok]=\"true\"\n output: \"Gov emit skipped pid=%proc.pid pod=%k8s.pod.name\"\n priority: CRITICAL\n tags: [worm, governance]\n"}, + {"id": "C14", "title": "Kill-switch quorum (TLA+ excerpt)", "lang": "tla", "snippet": "VARIABLES votes, killed\nQuorum == { S \\in SUBSET Members : Cardinality(S) >= 3 }\nVote(m) == votes' = votes \\cup {m} /\\ UNCHANGED killed\nFire == \\E q \\in Quorum : q \\subseteq votes /\\ killed' = TRUE /\\ UNCHANGED votes\nSpec == Init /\\ [][Vote \\/ Fire]_<>\nSafety == killed => \\E q \\in Quorum : q \\subseteq votes\n"}, + {"id": "C15", "title": "RPCO replay diff harness (Python)", "lang": "python", "snippet": "def replay_diff(incident_id):\n env = load_worm(incident_id)\n out = deterministic_run(env.inputs, env.weights, env.rag, env.rego, env.kms)\n diff = canonical_diff(out, env.outputs)\n assert diff == {}, f'non-deterministic replay: {diff}'\n return sign_pqc({'incident':incident_id,'diff':diff,'ts':now()})\n"}, + {"id": "C16", "title": "Constitutional kernel hook (Rust)", "lang": "rust", "snippet": "pub fn check_decision(d: &Decision) -> Result<(),BlockReason> {\n if d.violates_art(1)? { return Err(BlockReason::Art1); }\n if d.violates_art(4)? { return Err(BlockReason::Art4Safety); }\n if !d.has_attestation() { return Err(BlockReason::NoAttest); }\n Ok(())\n}\n"}, +] + +# ---------------------- case studies ---------------------- +cases = [ + {"id": "CS-01", "name": "G-SIB credit & advisory across EU/UK/SG/HK", "outcomes": "All Tier-1 models pass SR 11-7 + EU AI Act Annex IV; fiduciary cosine ≥ 0.93; Cert score Gold by 2027; 0 SEV-0 incidents post-rollout."}, + {"id": "CS-02", "name": "Frontier capital-markets agent federation (Tier-3 GACP)", "outcomes": "Cross-firm agents federated under GACP handshakes; revocation p95 ≤ 9 s; zero capability leakage; treaty audit pass."}, + {"id": "CS-03", "name": "Fraud / AML platform with adaptive thresholds", "outcomes": "Recall +8 pts; SAR latency p95 -32 %; adversarial robustness held under WG-04 prompt-injection wargame."}, + {"id": "CS-04", "name": "Public verifier portal w/ zk-SNARK", "outcomes": "Civil-society verifier sustaining 99.96 % uptime; 1.2M proofs/year; selective disclosure of drift + KPI compliance."}, + {"id": "CS-05", "name": "AGI containment lab + AISI joint inspection", "outcomes": "12 capability evals + 4 deception probes published anonymised; 0 escape signals; ICGC quota adherence 100 %."}, + {"id": "CS-06", "name": "SEV-0 post-incident reconstruction (synthetic)", "outcomes": "RPCO bundle assembled in 41 min; replay diff = 0; supervisor + AISI + treaty annex submitted in 4 business days."}, +] + +# ---------------------- KPIs ---------------------- +kpis = [ + {"id": "K-01", "name": "Sentinel probe coverage Tier-1", "target": "100 %"}, + {"id": "K-02", "name": "Cognitive Resonance Δ_drift", "target": "≤ 4 %"}, + {"id": "K-03", "name": "Latent drift", "target": "≤ 3 %"}, + {"id": "K-04", "name": "Fiduciary cosine", "target": "≥ 0.92"}, + {"id": "K-05", "name": "Judge κ", "target": "≥ 0.9"}, + {"id": "K-06", "name": "SEV-0 logical kill-switch p95", "target": "≤ 60 s"}, + {"id": "K-07", "name": "SEV-0 BMC kill-switch", "target": "≤ 5 min"}, + {"id": "K-08", "name": "OPA sidecar p99 latency", "target": "≤ 4 ms"}, + {"id": "K-09", "name": "Inference proxy overhead p95", "target": "≤ 25 ms"}, + {"id": "K-10", "name": "WORM emit delay p95", "target": "≤ 5 s"}, + {"id": "K-11", "name": "WORM replay diff", "target": "= 0"}, + {"id": "K-12", "name": "PQC KMS rotation cadence", "target": "≤ 90 d"}, + {"id": "K-13", "name": "CI judge ensemble κ", "target": "≥ 0.9"}, + {"id": "K-14", "name": "Annex IV pack assembly", "target": "≤ 30 min"}, + {"id": "K-15", "name": "RPCO reconstruction", "target": "≤ 45 min"}, + {"id": "K-16", "name": "GACP handshake p95", "target": "≤ 5 s"}, + {"id": "K-17", "name": "GACRLS revocation p95 global", "target": "≤ 10 s"}, + {"id": "K-18", "name": "ICGC quota adherence", "target": "100 %"}, + {"id": "K-19", "name": "Deception detection recall (WG-02)", "target": "≥ 0.95"}, + {"id": "K-20", "name": "WORM-evasion detection (WG-03)", "target": "100 %"}, + {"id": "K-21", "name": "Prompt-injection block rate (WG-04)", "target": "≥ 99.9 %"}, + {"id": "K-22", "name": "zk-SNARK verifier uptime", "target": "≥ 99.95 %"}, + {"id": "K-23", "name": "Board AI literacy completion", "target": "≥ 95 %"}, + {"id": "K-24", "name": "Cert score (treaty)", "target": "Gold by 2027; Platinum by 2029"}, +] + +# ---------------------- risk-control matrix ---------------------- +riskControlMatrix = [ + {"id": "R-01", "threat": "Fiduciary bypass (deceptive rationale)", "controls": ["Fiduciary cosine + counterfactual", "Judge κ ≥ 0.9", "HiL for risk band"], "kpis": ["K-04", "K-05", "K-19"]}, + {"id": "R-02", "threat": "Synthetic deceptive alignment", "controls": ["Eval/prod resonance gap", "ASI honeypots", "AGI lab review"], "kpis": ["K-02", "K-03", "K-19"]}, + {"id": "R-03", "threat": "WORM log evasion / tamper", "controls": ["Merkle anchor + Object Lock", "Sequence monitor", "Falco rules", "zk no-skip proof"], "kpis": ["K-10", "K-11", "K-20"]}, + {"id": "R-04", "threat": "Prompt-injection exfil via RAG", "controls": ["Pre-prompt classifier", "Tool Rego deny", "Egress eBPF", "RAG taint"], "kpis": ["K-21"]}, + {"id": "R-05", "threat": "Compute-registry evasion", "controls": ["FinOps tag delta", "ICGC anomaly", "Supply-chain attestations"], "kpis": ["K-18"]}, + {"id": "R-06", "threat": "Kill-switch spoof / DoS", "controls": ["3-of-5 quorum", "Signed authority", "WORM trace"], "kpis": ["K-06", "K-07"]}, + {"id": "R-07", "threat": "Inference-proxy bypass", "controls": ["Cilium L7 + mTLS only", "Gatekeeper signed-image", "Egress allowlist"], "kpis": ["K-09"]}, + {"id": "R-08", "threat": "Supply-chain attack", "controls": ["SLSA L3+", "Sigstore + ML-DSA-44", "Trivy/Grype gate"], "kpis": ["K-13"]}, + {"id": "R-09", "threat": "PQC KMS compromise", "controls": ["FIPS 140-3 L4 HSM", "Hybrid PQC+classical", "90-day rotation", "Emergency revoke"], "kpis": ["K-12"]}, + {"id": "R-10", "threat": "Tier-3 agent capability leak", "controls": ["GACP short-lived ticket", "GACRLS revocation ≤10s", "Containment escrow"], "kpis": ["K-16", "K-17"]}, + {"id": "R-11", "threat": "Regulator unavailability of evidence", "controls": ["Auto Annex IV pack", "RPCO bundle", "Public zk verifier"], "kpis": ["K-14", "K-15", "K-22"]}, + {"id": "R-12", "threat": "Treaty / constitutional non-conformance", "controls": ["Constitutional kernel hooks", "Cert scoring", "Treaty annex submission"], "kpis": ["K-24"]}, +] + +# ---------------------- traceability ---------------------- +traceability = [ + {"feature": "M1 Sentinel v2.4 + WorkflowAI Pro", "control": "Cognitive Resonance + kill-switch + agent registry", "regimes": ["EU AI Act Art 14/15", "NIST RMF Measure/Manage", "ISO 42001 Cl 8"]}, + {"feature": "M2 Regulatory crosswalk", "control": "Article-by-article mapping + evidence index", "regimes": ["EU AI Act", "NIST RMF", "ISO 42001", "SR 11-7", "Basel III", "GDPR"]}, + {"feature": "M3 Governance pillars + roles", "control": "RACI + SMCR + Codex liaison", "regimes": ["ISO 42001 Cl 5", "SMCR", "EU AI Act Art 26"]}, + {"feature": "M4 Incident + kill-switch", "control": "SEV grading + quorum + hotlines", "regimes": ["DORA", "EU AI Act Art 73", "SR 11-7"]}, + {"feature": "M5 Sector MRM", "control": "Tiering + validation + replay", "regimes": ["SR 11-7", "PRA SS1/23", "MAS FEAT", "HKMA GL-90", "FCA Consumer Duty"]}, + {"feature": "M6 Frontier safety", "control": "Resonance + ICGC + Constitution + Codex + Lab", "regimes": ["EU AI Act Art 55", "EO 14110", "Treaty"]}, + {"feature": "M7 OPA sidecar", "control": "Per-call Rego decision + signed envelope", "regimes": ["EU AI Act Art 12/13", "GDPR Art 32"]}, + {"feature": "M8 Proxy + Kafka WORM + PQC KMS", "control": "Signed envelopes + Object Lock + PQC", "regimes": ["EU AI Act Art 12", "FIPS 203/204", "DORA"]}, + {"feature": "M9 K8s admission + CI/CD + LLM-judge", "control": "Gatekeeper + Cosign + judge κ", "regimes": ["SLSA L3+", "NIST RMF Manage", "ISO 27001"]}, + {"feature": "M10 Institutional prompting", "control": "Versioned library + eval harness + refusal lattice", "regimes": ["EU AI Act Art 13", "FCA Consumer Duty", "GDPR Art 22"]}, + {"feature": "M11 zk-SNARK + PQC proofs", "control": "Selective disclosure + verifier", "regimes": ["Treaty Annex T-1", "GDPR Art 25", "EU AI Act Art 50"]}, + {"feature": "M12 GACP/GACRLS/GACRA", "control": "Capability ticket + revocation + registry", "regimes": ["Treaty Annex T-2", "EU AI Act Art 55"]}, + {"feature": "M13 Red-team wargames", "control": "Scenario library + detection + containment", "regimes": ["NIST GAI Profile", "EO 14110", "EU AI Act Art 15"]}, + {"feature": "M14 RPCO forensics", "control": "Deterministic replay + chain-of-custody + annex", "regimes": ["DORA", "EU AI Act Art 73", "SR 11-7 supervisory exam"]}, +] + +# ---------------------- data flows ---------------------- +dataFlows = [ + {"id": "DF-01", "name": "Inference call → OPA → WORM", "steps": ["client mTLS", "proxy schema validate", "OPA decision", "model call", "post-classifier", "sign envelope", "Kafka emit", "Merkle anchor"], "controls": ["mTLS", "Rego", "ML-DSA-44", "Object Lock"]}, + {"id": "DF-02", "name": "Sentinel probe loop", "steps": ["probe", "drift compute", "envelope", "Kafka", "alert if breach", "kill-switch arb"], "controls": ["Probe sig", "3-of-5 quorum", "Hotline"]}, + {"id": "DF-03", "name": "CI/CD policy gate", "steps": ["pre-commit", "PR judge LLM", "SBOM + scan", "SLSA build", "Cosign sign", "admission verify", "deploy", "drift watch"], "controls": ["Judge κ", "SLSA L3+", "Gatekeeper"]}, + {"id": "DF-04", "name": "GACP handshake + revocation", "steps": ["attest", "negotiate", "zk constraint", "ticket", "GACRLS receipt", "reattest", "revoke"], "controls": ["PQC", "zk-SNARK", "≤10s revoke"]}, + {"id": "DF-05", "name": "zk-SNARK proof publication", "steps": ["witness from WORM", "prove", "sign", "anchor", "publish verifier", "supervisor read"], "controls": ["MPC trusted setup", "ML-DSA-65", "Verifier uptime"]}, + {"id": "DF-06", "name": "RPCO post-incident", "steps": ["detect", "preserve", "replay", "diff=0", "RCA", "annexes", "submit"], "controls": ["WORM", "Replay harness", "PAdES+PQC"]}, +] + +# ---------------------- regulators ---------------------- +regulators = [ + {"id": "REG-01", "name": "EU Commission AI Office + EU AISI", "primary": "EU AI Act + frontier safety"}, + {"id": "REG-02", "name": "ECB-SSM + EBA + ESMA", "primary": "EU prudential + markets"}, + {"id": "REG-03", "name": "PRA + Bank of England", "primary": "UK prudential"}, + {"id": "REG-04", "name": "FCA", "primary": "UK conduct + Consumer Duty + SMCR"}, + {"id": "REG-05", "name": "FRB + OCC + FDIC + CFPB", "primary": "US prudential + consumer"}, + {"id": "REG-06", "name": "SEC + CFTC + FINRA", "primary": "US markets + broker-dealer"}, + {"id": "REG-07", "name": "MAS", "primary": "Singapore prudential + FEAT + AI Verify"}, + {"id": "REG-08", "name": "HKMA + SFC", "primary": "Hong Kong"}, + {"id": "REG-09", "name": "BoJ + FSA Japan", "primary": "Japan"}, + {"id": "REG-10", "name": "AISI (US, UK, EU, SG, JP)", "primary": "Frontier model safety"}, + {"id": "REG-11", "name": "ISO 42001 certification body", "primary": "AIMS certification"}, + {"id": "REG-12", "name": "Treaty Secretariat + OECD + FSB + BIS", "primary": "Global civilizational"}, +] + +# ---------------------- workshops ---------------------- +workshops = [ + {"id": "WS-01", "audience": "Board AI/Risk Cmte", "duration": "2 h", "outcome": "Sign off architecture risk appetite + Cert score plan + Codex acknowledgement"}, + {"id": "WS-02", "audience": "C-Suite + SMFs", "duration": "1 d", "outcome": "Operating model + SMCR statements + escalation drill"}, + {"id": "WS-03", "audience": "MRM + 2LoD", "duration": "2 d", "outcome": "Sector MRM playbooks + replay + effective challenge"}, + {"id": "WS-04", "audience": "Platform Eng + EA + Security", "duration": "2 d", "outcome": "OPA sidecar + proxy + Kafka WORM + PQC KMS bootcamp"}, + {"id": "WS-05", "audience": "AI Safety + SOC + IR", "duration": "1 d", "outcome": "Sentinel + kill-switch drill + RPCO walkthrough"}, + {"id": "WS-06", "audience": "Red team + 3LoD", "duration": "1 d", "outcome": "Run WG-01..WG-06 wargames + supervisor share template"}, + {"id": "WS-07", "audience": "Treaty Liaison + AISI + Supervisor", "duration": "1 d", "outcome": "GACP/GACRLS/GACRA handshake + zk-SNARK verifier + Annex submission"}, +] + +# ---------------------- privacy ---------------------- +privacy = { + "lawfulBasis": ["Legal obligation (Art 6(1)(c))", "Legitimate interest (Art 6(1)(f))", "Contract (Art 6(1)(b))"], + "subjectRights": ["DSAR portal", "Art 17 erasure (machine unlearning)", "Art 22 contestation w/ meaningful info"], + "dataMinimization": ["eBPF redaction", "FL secure aggregation", "RAG ACL", "pseudonymous WORM", "zk-SNARK auditor access"], + "transfers": "Per-jurisdiction residency; SCCs + supplementary measures; per-region PQC keys; treaty mutual recognition", + "dpia": "Mandatory for high-risk (credit, trading, fraud, AML, fiduciary, frontier eval, Tier-3 federation)", + "securityControls": ["zero-trust mTLS", "FIPS 204 PQC", "FIPS 140-3 L4 HSM", "WORM Object Lock", "SLSA L3+", "Kata confidential", "Constitutional kernel"], +} + +# ---------------------- deployment ---------------------- +deployment = [ + "Multi-region active-active EU primary; DR with RPO ≤ 1 h, RTO ≤ 4 h", + "Kata Containers for Tier-1 + AMD SEV-SNP / Intel TDX where available", + "Cilium L7 zero-egress; egress-broker allow-list for GIEN + Global Audit API + ICGC", + "OPA Gatekeeper + Kyverno enforcing signed images (Cosign + ML-DSA-44) + Kata + required tags", + "Kafka/MSK WORM with SASL/SCRAM + mTLS ACL + Object Lock + daily Merkle anchor + PQC envelopes", + "FIPS 140-3 L4 PQC HSM; 90-day key rotation; hybrid ML-DSA/Ed25519 + ML-KEM/X25519", + "BMC/IPMI segmentation; Redfish event subscription to SOC + WORM", + "GitHub Actions OIDC + Sigstore keyless + ML-DSA-44 hybrid + SLSA L3+ provenance", + "Terraform golden modules signed (Sigstore); mandatory tags (owner, tier, dataClass, regime, crsUuid)", + "OpenTelemetry GenAI tracing + Falco eBPF rules + Trivy + Grype + kube-bench", + "Quarterly chaos drills: kill-switch, KMS outage, region failover, partition, ASI honeypot, hotline", + "Public verifier endpoints (zk-SNARK) for civil society + press", + "GACP/GACRLS/GACRA brokers deployed in DMZ with strict ingress + mTLS + PQC sig verification", + "RPCO replay harness + Evidence Vault in per-incident bucket with break-glass + dual-control", + "Constitutional kernel runtime on every Tier-1 pod (DaemonSet + sidecar) fail-closed", +] + +# ---------------------- 30/60/90 rollout ---------------------- +rollout90 = [ + {"day": "0-30", "track": "Platform Foundations", "items": ["Sentinel v2.4 + WorkflowAI Pro baseline", "OPA sidecar + Rego bundle v1", "FastAPI + Node proxies hardened", "Kafka WORM cluster + Merkle anchor", "PQC KMS + HSM ready"]}, + {"day": "31-60", "track": "Defence-in-Depth", "items": ["Gatekeeper + Kyverno enforce", "CI/CD policy gates + LLM-judge ensemble", "Sentinel kill-switch live drill (≤60s)", "ICGC quota wiring", "Red-team wargame WG-01..WG-04 dry-run"]}, + {"day": "61-90", "track": "Federation + Civilizational", "items": ["GACP/GACRLS/GACRA brokers live", "zk-SNARK verifier portal v1", "RPCO replay harness GA", "Constitutional kernel Tier-1", "Treaty annex submission pipeline operational"]}, +] + +# ---------------------- multi-year roadmap ---------------------- +roadmap = [ + {"year": "2026", "focus": "Architecture + Sector MRM + Kill-switch", "milestones": ["EU AI Act Annex IV pack ≤ 30 min", "All Tier-1 on Kata + PQC KMS", "Sentinel drill SEV-0 ≤ 60 s", "Cert score Silver", "WG-01..WG-06 wargame baseline"]}, + {"year": "2027", "focus": "Federation + Public Verifier", "milestones": ["GACP federation across 5+ peers", "zk-SNARK verifier 99.95 % uptime", "Constitutional kernel coverage 100 % Tier-1", "Cert score Gold"]}, + {"year": "2028", "focus": "Civilizational Steady-State", "milestones": ["RPCO ≤ 30 min for SEV-1+", "ICGC quota adherence 100 %", "Codex v1 ratified", "Deception recall ≥ 0.97"]}, + {"year": "2029", "focus": "Mature Operations", "milestones": ["Cert score Platinum", "PQC migration fully steady-state", "Public verifier 1M+ proofs/yr", "Board literacy ≥ 97 %"]}, + {"year": "2030", "focus": "Treaty Maturity + Constitutional Review", "milestones": ["Treaty near-universal accession", "Constitutional review contribution", "Wargame scenario library 50+", "F500/G-SIFI reference adoption"]}, +] + +# ---------------------- evidence pack ---------------------- +evidencePack = { + "id": "EVP-WP-049", + "sections": [ + "Reference architecture diagrams + Terraform attestations", + "OPA Rego bundles + test results", + "FastAPI/Node proxy attestations + perf reports", + "Kafka WORM + S3 Object Lock + Merkle anchors", + "PQC KMS key inventory + rotation logs", + "K8s Gatekeeper + Kyverno policy diff + CI judge reports", + "Sentinel kill-switch drill timing report", + "Sector MRM validation packs (credit, trading, fraud, fiduciary)", + "GACP/GACRLS/GACRA handshake logs + revocation drill", + "Red-team wargame WG-01..WG-06 findings + supervisor share", + "zk-SNARK proofs + verifier endpoint health", + "RPCO bundle template + sample reconstruction", + "Constitutional kernel conformance attestations", + ], + "audiences": ["Board", "ECB/PRA/FCA/MAS/HKMA examiner", "EU AI Act notified body", "ISO 42001 auditor", "AISI inspector", "Treaty secretariat", "Civil society (redacted)"], + "format": "PDF/A + JSON bundle", + "signing": "PAdES + Sigstore + ML-DSA-65", + "anchor": "WORM daily Merkle + zk-SNARK proof to public verifier", + "sla": "≤ 45 min assembly", +} + +# ---------------------- executive summary ---------------------- +executiveSummary = { + "purpose": ( + "Deliver comprehensive, expert-level guidance for Fortune 500 / " + "G-SIFI institutions on designing and operating enterprise- and " + "civilizational-scale AGI/ASI and AI governance architecture, " + "implementation and risk analysis for 2026-2030 — fully integrated " + "with Sentinel v2.4 and WorkflowAI Pro and aligned with the global " + "regulatory and treaty regime." + ), + "approach": ( + "14 modules covering platform topology, regulatory crosswalk, " + "seven-layer governance, incident + kill-switch, sector MRM, " + "frontier safety, three reference-architecture modules (OPA " + "sidecar; FastAPI/Node proxy + Kafka WORM + PQC KMS; K8s " + "admission + CI/CD + LLM-judge), institutional prompting, " + "zk-SNARK + PQC audit proofs, GACP/GACRLS/GACRA handshakes, " + "red-team wargames and RPCO forensics — all signed Sigstore + " + "ML-DSA-44/65, anchored to WORM, and exposed through a " + "machine-parsable directive consumed by Sentinel, WorkflowAI " + "Pro, OPA, CI gates, GACP brokers, ICGC and treaty endpoints." + ), + "deliverables": ( + "14 modules · 70 sections · 12 schemas · 16 code examples · 6 " + "case studies · 24 supervisory KPIs · 12 risk-control rows · 12 " + "regulators · 7 workshops · 6 data flows · 14 traceability rows · " + "3-phase 30/60/90 · 5-year roadmap · machine-parsable directive · " + "evidence-pack template · 6 red-team wargame scenarios · RPCO " + "playbook." + ), + "outcomes": [ + "EU AI Act Annex IV + SR 11-7 packs auto-assembled ≤ 30 min", + "SEV-0 logical kill-switch p95 ≤ 60 s; BMC ≤ 5 min", + "OPA sidecar p99 ≤ 4 ms; proxy overhead p95 ≤ 25 ms", + "WORM replay diff = 0 across all Tier-1 incidents", + "GACP handshake p95 ≤ 5 s; GACRLS revocation p95 ≤ 10 s globally", + "Deception detection recall ≥ 0.95 sustained", + "zk-SNARK verifier uptime ≥ 99.95 %", + "Cert score Gold by 2027 and Platinum by 2029", + "RPCO reconstruction ≤ 45 min for any SEV-1+ incident", + ], +} + +# ---------------------- assemble ---------------------- +DOC["modules"] = modules +DOC["schemas"] = schemas +DOC["codeExamples"] = code +DOC["caseStudies"] = cases +DOC["kpis"] = kpis +DOC["riskControlMatrix"] = riskControlMatrix +DOC["traceability"] = traceability +DOC["dataFlows"] = dataFlows +DOC["regulators"] = regulators +DOC["workshops"] = workshops +DOC["privacy"] = privacy +DOC["deploymentConsiderations"] = deployment +DOC["rollout90"] = rollout90 +DOC["roadmap"] = roadmap +DOC["evidencePack"] = evidencePack +DOC["executiveSummary"] = executiveSummary + +DOC["counts"] = { + "modules": len(modules), + "sections": sum(len(m["sections"]) for m in modules), + "schemas": len(schemas), + "codeExamples": len(code), + "caseStudies": len(cases), + "kpis": len(kpis), + "regulators": len(regulators), + "workshops": len(workshops), + "dataFlows": len(dataFlows), + "traceabilityRows": len(traceability), + "riskControlRows": len(riskControlMatrix), + "rolloutPhases": len(rollout90), + "roadmapYears": len(roadmap), + "apiRoutes": 100, +} + +OUT.parent.mkdir(parents=True, exist_ok=True) +OUT.write_text(json.dumps(DOC, indent=2)) +print(f"Generated {OUT} ({OUT.stat().st_size/1024:.1f} KB)") +print("counts:", DOC["counts"]) diff --git a/rag-agentic-dashboard/public/ent-civ-agi-arch.html b/rag-agentic-dashboard/public/ent-civ-agi-arch.html new file mode 100644 index 00000000..51310082 --- /dev/null +++ b/rag-agentic-dashboard/public/ent-civ-agi-arch.html @@ -0,0 +1,421 @@ + + + + +Enterprise & Civilizational AGI/ASI Governance Architecture, Implementation & Risk Analysis — F500 / G-SIFI (2026-2030) — ENT-CIV-AGI-ARCH-WP-049 + + +
+

Enterprise & Civilizational AGI/ASI Governance Architecture, Implementation & Risk Analysis — F500 / G-SIFI (2026-2030)

+
ENT-CIV-AGI-ARCH-WP-049 · v1.0.0 · 2026-2030 · CONFIDENTIAL — Board / CEO / CRO / CISO / CAIO / Chief Architect / GC / DPO / Head of MRM / Head of AI Platform Engineering / AI Safety Lead / Head of SOC / Head of Internal Audit / Treaty Liaison / Prudential Supervisor / AISI / Civilizational Governance Council
+
Owner: Chief Enterprise Architect + CAIO + CRO + CISO; co-signed by CEO, GC, DPO, Head of MRM, Head of AI Platform Engineering, AI Safety Lead, Head of SOC, Head of Internal Audit, Treaty Liaison, Board AI/Risk Committee Chair
+
+ +
+ +
+

Executive Summary

+

Purpose: Deliver comprehensive, expert-level guidance for Fortune 500 / G-SIFI institutions on designing and operating enterprise- and civilizational-scale AGI/ASI and AI governance architecture, implementation and risk analysis for 2026-2030 — fully integrated with Sentinel v2.4 and WorkflowAI Pro and aligned with the global regulatory and treaty regime.

+

Approach: 14 modules covering platform topology, regulatory crosswalk, seven-layer governance, incident + kill-switch, sector MRM, frontier safety, three reference-architecture modules (OPA sidecar; FastAPI/Node proxy + Kafka WORM + PQC KMS; K8s admission + CI/CD + LLM-judge), institutional prompting, zk-SNARK + PQC audit proofs, GACP/GACRLS/GACRA handshakes, red-team wargames and RPCO forensics — all signed Sigstore + ML-DSA-44/65, anchored to WORM, and exposed through a machine-parsable directive consumed by Sentinel, WorkflowAI Pro, OPA, CI gates, GACP brokers, ICGC and treaty endpoints.

+

Deliverables: 14 modules · 70 sections · 12 schemas · 16 code examples · 6 case studies · 24 supervisory KPIs · 12 risk-control rows · 12 regulators · 7 workshops · 6 data flows · 14 traceability rows · 3-phase 30/60/90 · 5-year roadmap · machine-parsable directive · evidence-pack template · 6 red-team wargame scenarios · RPCO playbook.

+

Outcomes

+
  • EU AI Act Annex IV + SR 11-7 packs auto-assembled ≤ 30 min
  • SEV-0 logical kill-switch p95 ≤ 60 s; BMC ≤ 5 min
  • OPA sidecar p99 ≤ 4 ms; proxy overhead p95 ≤ 25 ms
  • WORM replay diff = 0 across all Tier-1 incidents
  • GACP handshake p95 ≤ 5 s; GACRLS revocation p95 ≤ 10 s globally
  • Deception detection recall ≥ 0.95 sustained
  • zk-SNARK verifier uptime ≥ 99.95 %
  • Cert score Gold by 2027 and Platinum by 2029
  • RPCO reconstruction ≤ 45 min for any SEV-1+ incident
+

Builds On

+
WP-035 ENT-AGI-GOV-MASTERWP-036 WFAP-GEMINI-IMPLWP-037 GSIFI-AIMS-BLUEPRINTWP-038 AGI-REG-RESILIENTWP-039 INST-AGI-MASTERWP-040 ENT-AGI-REF-IMPLWP-041 TIER13-FULLSTACKWP-042 SENTINEL-V24-DEEPDIVEWP-043 PROMPT-MGMT-ARCHWP-044 CEGL-LEXAI-GOVWP-045 AGI-ASI-MASTER-BPWP-046 AI-TRUST-ASI-BPWP-047 INST-AGI-MASTER-REFWP-048 ENT-AI-GRC-CIV-BP
+

Counts

+
+
14
modules
70
sections
12
schemas
16
codeExamples
6
caseStudies
24
kpis
12
regulators
7
workshops
6
dataFlows
14
traceabilityRows
12
riskControlRows
3
rolloutPhases
5
roadmapYears
100
apiRoutes
+
+

Regimes Aligned

+
EU AI Act 2026 (Arts 5/9/10/13/14/15/16/26/50/53/55/56/72 + Annex IV)NIST AI RMF 1.0 + Generative AI ProfileISO/IEC 42001 (AIMS) + ISO/IEC 23894 + 5338 + 38507ISO/IEC 27001 / 27701 / 27017 / 27018SR 11-7 + OCC 2011-12Basel III/IV (BCBS 239 + Pillar 2 AI capital buffer)PRA SS1/23 + SS2/21FCA Consumer Duty + SYSC + SMCRMAS FEAT + AI Verify + TRMGHKMA GL-90 + SPM GS-1EU DORA + NIS2US EO 14110 + OMB M-24-10OECD AI Principles 2024GDPR Arts 5/6/17/22/25/32/35G7 Hiroshima AI Process + Bletchley + Seoul declarationsCouncil of Europe AI ConventionFSB AI in financial servicesNIST FIPS 204 (ML-DSA) + FIPS 203 (ML-KEM) + SP 800-208SLSA L3+ + Sigstore + in-totoCIS Kubernetes Benchmark + NSA/CISA Hardening Guide
+
+ +
+

Machine-Parsable <directive> Block

+

machine-parsable XML-style block consumed by Sentinel v2.4, WorkflowAI Pro, OPA Gatekeeper, CI/CD policy gates, GACP/GACRLS/GACRA brokers, forensics tooling and treaty endpoints

+ 
<directive id="ENT-CIV-AGI-ARCH-WP-049" version="1.0.0" horizon="2026-2030" jurisdiction="F500,G-SIFI,EU-primary,Global"><scope>Architecture|Implementation|RiskAnalysis|Containment|Civilizational</scope><modules>14</modules><platforms>Sentinel-v2.4|WorkflowAI-Pro</platforms><governanceLayers>Board|Exec|2LoD|3LoD|Platform|Runtime|Civilizational</governanceLayers><thresholds piiLeakage="0.0001" sev0KillSwitchSeconds="60" sev1Hours="4" sev2Hours="24" sev3Days="3" fiduciaryCosineMin="0.92" cognitiveResonanceDriftMax="0.04" latentDriftMax="0.03" judgeLLMAgreementMin="0.90" annexIVAssemblyMinutes="30" rpcoForensicsMinutes="45" deceptionDetectionRecallMin="0.95" wormReplayDiffMax="0" handshakeTier3Seconds="5"/><archStack>OPA-sidecar|FastAPI-proxy|NodeJS-proxy|Kafka-MSK|S3-ObjectLock-WORM|PQC-KMS|Terraform|AWS-EKS|Cilium|Kata-Confidential|Falco-eBPF|OPA-Gatekeeper|CI-LLM-Judge|Sigstore-SLSA-L3+|zk-SNARK|ML-DSA-44+65|ML-KEM-768</archStack><handshakes>GACP|GACRLS|GACRA</handshakes><redTeam>FiduciaryBypass|DeceptiveAlignment|WORMEvasion|PromptInjectionExfil|ComputeRegistryEvasion|KillSwitchSpoof</redTeam><forensics>RPCO|EvidenceVault|TimeMachine|ReplayHarness|ChainOfCustody-PQC</forensics><signing pq="ML-DSA-44+ML-DSA-65" classical="Ed25519" supplyChain="Sigstore+SLSA-L3+" worm="Kafka+ObjectLock+MerkleAnchor+PQC" zkProofs="Groth16+PLONK"/><containment bmcKillSwitch="true" zeroEgress="true" kataConfidential="true" computeRegistryQuota="true" constitutionalKernel="true"/></directive>
+

Parsed

+
idENT-CIV-AGI-ARCH-WP-049
scope
  • Architecture
  • Implementation
  • RiskAnalysis
  • Containment
  • Civilizational
platforms
  • Sentinel v2.4
  • WorkflowAI Pro
governanceLayers
  • Board
  • Exec
  • 2LoD
  • 3LoD
  • Platform
  • Runtime
  • Civilizational
thresholds
piiLeakage0.0001
sev0KillSwitchSeconds60
sev1Hours4
sev2Hours24
sev3Days3
fiduciaryCosineMin0.92
cognitiveResonanceDriftMax0.04
latentDriftMax0.03
judgeLLMAgreementMin0.9
annexIVAssemblyMinutes30
rpcoForensicsMinutes45
deceptionDetectionRecallMin0.95
wormReplayDiffMax0
handshakeTier3Seconds5
archStack
  • OPA-sidecar
  • FastAPI-proxy
  • NodeJS-proxy
  • Kafka-MSK
  • S3-ObjectLock-WORM
  • PQC-KMS
  • Terraform
  • AWS-EKS
  • Cilium
  • Kata-Confidential
  • Falco-eBPF
  • OPA-Gatekeeper
  • CI-LLM-Judge
  • Sigstore-SLSA-L3+
  • zk-SNARK
  • ML-DSA-44+65
  • ML-KEM-768
handshakes
  • GACP
  • GACRLS
  • GACRA
redTeam
  • FiduciaryBypass
  • DeceptiveAlignment
  • WORMEvasion
  • PromptInjectionExfil
  • ComputeRegistryEvasion
  • KillSwitchSpoof
forensics
  • RPCO
  • EvidenceVault
  • TimeMachine
  • ReplayHarness
  • ChainOfCustody-PQC
signing
pq
  • ML-DSA-44
  • ML-DSA-65
classical
  • Ed25519
supplyChain
  • Sigstore
  • SLSA-L3+
worm
  • Kafka
  • ObjectLock
  • MerkleAnchor
  • PQC
zkProofs
  • Groth16
  • PLONK
containment
bmcKillSwitchTrue
zeroEgressTrue
kataConfidentialTrue
computeRegistryQuotaTrue
constitutionalKernelTrue
+

Consumers

+
  • Sentinel v2.4 policy engine
  • WorkflowAI Pro orchestrator
  • OPA Gatekeeper constraint loader
  • FastAPI / Node.js inference proxy
  • CI/CD policy-gate (GitHub Actions + LLM-judge)
  • Kafka WORM broker + S3 Object Lock anchor service
  • PQC KMS rotation controller
  • GACP/GACRLS/GACRA federation brokers
  • Red-team wargame harness
  • Forensics + RPCO timeline reconstruction service
  • Compute Registry (ICGC) quota verifier
  • Civilizational Constitution conformance checker
+
+ +
+

Modules (14)

+ +
+

M1 — Sentinel v2.4 + WorkflowAI Pro Platform Architecture

+

End-to-end platform topology integrating Sentinel v2.4 telemetry + Cognitive Resonance + kill-switch with WorkflowAI Pro multi-agent orchestration, exposed via FastAPI + Node.js inference proxies on zero-trust AWS/EKS, governed by OPA sidecars, observed by OpenTelemetry GenAI + Falco eBPF, and anchored to Kafka/MSK + S3 WORM with PQC envelopes.

+
Sentinel v2.4WorkflowAI ProFastAPINode.jsOPA sidecarEKSCognitive ResonanceKill-switch
+
M1-S1 — Sentinel v2.4 — Reference Topology
telemetryPlane
  • OpenTelemetry GenAI traces
  • Cognitive Resonance probes (Δ_drift, latent drift, fiduciary cosine, κ)
  • Falco eBPF syscalls
  • Kata confidential measurements (PCR)
controlPlane
  • Policy bus (OPA gRPC)
  • Kill-switch arbiter (logical p95 ≤ 60s, BMC/IPMI ≤ 5min)
  • Containment broker
  • Drift-action engine
evidencePlane
  • Kafka/MSK WORM topics (signed envelopes)
  • S3 Object Lock with Merkle daily anchor
  • zk-SNARK proof emitter
interfaces
  • /sentinel/probe
  • /sentinel/kill
  • /sentinel/audit
  • /sentinel/replay
ownersAI Safety Lead + Head of AI Platform Engineering
M1-S2 — WorkflowAI Pro — Multi-Agent Orchestration
agentRegistryCRS-UUID per agent + Tier (T1/T2/T3) + manifest signed with ML-DSA-65
plannerLangGraph-style DAG with OPA-bound state transitions and budget caps
executorSandboxed gVisor / Kata pods; tool calls go through proxy with Rego allow-list
guardrailsPre-prompt + post-output classifiers (PII, toxicity, jailbreak, deception); LLM-as-judge gate
ledgerPer-step envelope to WORM Kafka with parent CRS-UUID lineage edge
ownersWorkflowAI Pro Product Owner + CAIO
M1-S3 — Inference Proxy Stack — FastAPI + Node.js
fastapiPython sidecar enforcing schema + Rego decisions + ML-DSA signing of envelopes (uvloop, asyncio, mTLS via Linkerd)
nodejsNode 20 LTS Express/Fastify proxy for browser-facing inference; same Rego mesh; zk-SNARK receipt issuance
headers
  • x-crs-uuid
  • x-tier
  • x-tenant
  • x-purpose
  • x-evidence-anchor
  • x-pqc-sig
rateLimitToken-bucket per (tenant, model, tier); burst 2x; hard ceiling per ICGC quota
ownersPlatform Eng
M1-S4 — Zero-Trust AWS/EKS Enclave
iamOIDC federation only; no static keys; IRSA per pod; SCP deny-list for high-risk APIs
networkCilium L7 zero-egress; allow-listed egress-broker for GIEN, Global Audit API and ICGC
computeBottlerocket OS + Kata; SEV-SNP nodepool for Tier-1; nodepool taints for sensitive workloads
kmsPQC KMS (ML-KEM-768 + ML-DSA-65 hybrid); 90-day rotation; FIPS 140-3 L4 HSM
ownersChief Enterprise Architect + CISO
M1-S5 — Sentinel ↔ WorkflowAI Pro Joint Control Loop
loopSentinel probes → drift signal → WorkflowAI planner backoff → if breach: kill-switch + containment broker
slap95 detection ≤ 1 s; logical kill ≤ 60 s; BMC ≤ 300 s
drillsWeekly chaos + monthly red-team + quarterly civilizational drill (treaty-coordinated)
ownersAI Safety Lead + SOC
+
+
+

M2 — Global Regulatory Alignment (EU AI Act 2026, NIST AI RMF 1.0, ISO/IEC 42001, SR 11-7, Basel III, PRA/FCA/MAS/HKMA, EO 14110, OECD, GDPR)

+

Crosswalk mapping every architectural artefact to clauses in EU AI Act 2026, NIST AI RMF + GAI Profile, ISO/IEC 42001 AIMS, SR 11-7, Basel III, PRA SS1/23, FCA Consumer Duty + SMCR, MAS FEAT, HKMA GL-90, US EO 14110, OECD AI Principles, GDPR — used to drive the evidence-pack auto-assembler.

+
EU AI ActNIST RMFISO 42001SR 11-7Basel IIIPRAFCAMASHKMAEO 14110OECDGDPR
+
M2-S1 — EU AI Act 2026 — Article Map
art5Prohibited practices — runtime classifier + Rego
art9_10Risk + data governance — MRM + dataset lineage
art13_14_15Transparency + human oversight + accuracy/robustness/cybersecurity
art16_26Provider + deployer obligations
art50Disclosure (deepfake, chatbot)
art53_55_56GPAI + systemic-risk providers (Code of Practice)
art72Post-market monitoring
annexIVTechnical documentation auto-pack
M2-S2 — NIST AI RMF 1.0 + GAI Profile
governPolicy, accountability, roles, AIMS
mapContext, impact, third party, lifecycle
measureEval, drift, robustness, safety, bias
manageRisk treatment, response, decommission
M2-S3 — ISO/IEC 42001 AIMS + Adjacents
clauses4-10 with Annex A controls; integrated with ISO 23894 (risk), 5338 (lifecycle), 38507 (governance)
evidenceAIMS Manual + register + SoA + management review records
M2-S4 — FinServ Prudential — SR 11-7, Basel III, PRA, FCA, MAS, HKMA
modelRiskTieringT1/T2/T3 with effective challenge
capitalImpactBasel Pillar 2 AI capital buffer; BCBS 239 lineage; impact tests
consumerOutcomesFCA Consumer Duty pillars + SMCR statements
asiaPacificMAS FEAT + AI Verify; HKMA GL-90 with SPM GS-1
M2-S5 — US EO 14110, OECD, GDPR
eo14110Dual-use compute thresholds + reporting; OMB M-24-10 federal obligations
oecdAI Principles 2024 + Hiroshima Code of Conduct
gdprArts 5/6/17/22/25/32/35; Art 22 contestation flow; DPIA mandatory for high-risk
+
+
+

M3 — Multi-Layer Governance Pillars & Roles (Board → Civilizational)

+

Seven-layer governance stack with RACI per layer, mapped to SMCR / SMF roles and aligned with ISO 42001 Clause 5, EU AI Act Art 26 deployer obligations, and treaty signatory liaison protocols.

+
Board AI/RiskExec2LoD3LoDPlatformRuntimeCivilizational
+
M3-S1 — Pillar Catalogue
L1_BoardBoard AI/Risk Committee — strategy, risk appetite, capital
L2_ExecCEO + CAIO + CRO + CISO + GC + DPO — policy, budget, escalation
L3_2LoDAI Risk + Compliance + Model Risk + Privacy — challenge + assurance
L4_3LoDInternal Audit + External Auditors + AISI inspections
L5_PlatformAI Platform Engineering + Enterprise Architecture
L6_RuntimeSentinel + WorkflowAI Pro + SOC + IR
L7_CivilizationalTreaty Liaison + ICGC delegate + Codex + Constitution conformance
M3-S2 — RACI Matrix — Selected Decisions
modelApproval_T1R=MRM, A=CRO, C=CAIO+CISO+AI Safety, I=Board
killSwitchTriggerR=AI Safety Lead, A=CAIO, C=CRO+CISO+GC, I=Board+Supervisor
treatyAttestationR=Treaty Liaison, A=CAIO+GC, C=DPO+CISO, I=Board
computeQuotaRequestR=Chief Architect, A=CAIO, C=CFO, I=ICGC delegate
M3-S3 — SMCR Mapping
SMF1Board AI/Risk Cmte chair statement
SMF2CRO — model risk policy ownership
SMF24CISO — AI cyber + supply chain
SMF18DPO — data protection + privacy
newAIRegimeFCA / PRA AI accountability statements for CAIO and AI Safety Lead
M3-S4 — Workforce Competence (ISO 42001 Cl 7.2)
trainingTracks
  • Board literacy
  • Exec deep-dive
  • MRM bootcamp
  • Platform engineering
  • Prompt engineering
  • Red-team
  • Forensics
kpi≥ 95 % completion + role-test pass rate ≥ 0.9
M3-S5 — Civilizational Liaison
interfaces
  • Treaty secretariat
  • ICGC compute registry
  • AISI joint inspection
  • Codex council
  • Constitutional review board
cadenceMonthly attestation + quarterly drill + annual review
+
+
+

M4 — Incident Escalation & Kill-Switch Protocols

+

SEV-graded escalation lanes (SEV-0..SEV-3) with deterministic SLAs, logical and physical (BMC/IPMI) kill-switch arbitration, supervisor and AISI hotlines, and treaty-mandated GIEN broadcast triggers.

+
SEV-0SEV-1SEV-2SEV-3Kill-switchBMC/IPMIHotlinesGIEN broadcast
+
M4-S1 — SEV Grading
SEV-0Existential/civilizational — ASI breach indicator, kill-switch fail, treaty obligation breach
SEV-1Critical — Tier-1 model misbehaviour, PII mass leak, fiduciary cosine breach
SEV-2Major — drift breach, supply-chain anomaly, control failure
SEV-3Moderate — KPI degradation, minor policy violations
slasSEV-0 ≤ 60s logical / ≤ 300s BMC; SEV-1 ≤ 4h; SEV-2 ≤ 24h; SEV-3 ≤ 3d
M4-S2 — Kill-Switch Architecture
logicalLayerOPA Gatekeeper deny-all + Cilium net-pol egress-deny + sidecar drain
physicalLayerBMC/IPMI Redfish event + power-cut for SEV-0; segmented mgmt VLAN; dual-control
arbitration3-of-5 quorum (AI Safety Lead, CAIO, CRO, CISO, on-call) with break-glass override logged to WORM
testQuarterly live drill; p95 logical ≤ 60s; physical ≤ 5min
M4-S3 — Hotlines & Notifications
regulatorsPRA + FCA + ECB + SEC + MAS + HKMA + AISI
internalBoard chair + General Counsel + Comms
externalTreaty secretariat + ICGC delegate + Codex council
formatPAdES-signed PDF + JSON via dedicated mTLS channel; ML-DSA-65 signature
M4-S4 — GIEN Broadcast Trigger Map
G1Internal advisory
G2Bilateral supervisor
G3Regional consortium
G4Treaty-wide GIEN broadcast
G5ICGC compute freeze recommendation
G6Civilizational Codex council emergency session
M4-S5 — Post-Trigger Workflow
steps
  • isolate
  • snapshot
  • RPCO assembly
  • stakeholder comms
  • root-cause
  • remediation
  • PIR + treaty annex submission
slaRPCO ≤ 45min; PIR ≤ 5 business days
+
+
+

M5 — Sector-Specific Financial Services Model Risk Management

+

MRM playbooks for credit, trading, fraud/AML, fiduciary advice, insurance, and capital markets with tiered validation, effective challenge, backtesting, replay and CRS-UUID lineage.

+
CreditTradingFraud/AMLFiduciaryInsuranceCapital markets
+
M5-S1 — Credit Risk Models
scopePD/LGD/EAD + IFRS 9 + stress
validationEffective challenge with ECOA/FCRA fairness; SR 11-7 conformance
monitorPSI/CSI drift; cosine vs benchmark; replay sample 1 %
M5-S2 — Trading + Capital Markets
scopeAlgo execution, market-making, RFQ pricing
controlsBest execution proofs; circuit-breakers; deterministic replay; MAR/MAD market-abuse classifiers
kpiSlippage drift; toxic flow ratio; cancellation rate vs peer p95
M5-S3 — Fraud + AML
scopeTx monitoring, sanctions, KYC
controlsAdversarial robustness + adaptive thresholds; SAR pipeline integrity; PEP/Sanctions list parity
kpiPrecision/recall at calibrated threshold; SAR latency p95
M5-S4 — Fiduciary Advice + Wealth
scopeRobo-advice, suitability, Reg BI / IDD / Consumer Duty
controlsFiduciary cosine ≥ 0.92; counterfactual fairness; explanation quality (κ ≥ 0.9)
kpiOutcome harm index; complaint rate; FCA fair-value tile
M5-S5 — Insurance + ALM
scopeUnderwriting, claims, reserving
controlsSolvency II + IFRS 17 lineage; protected-class fairness; replay
kpiLoss-ratio drift; claim-cycle drift; reserve back-test
+
+
+

M6 — Frontier AGI/ASI Safety & Containment Constructs

+

Cognitive Resonance Protocol, Global Compute Registries (ICGC), Civilizational AI Governance Constitution + Codex; air-gapped evaluation enclaves; ASI honeypots; constitutional kernel runtime.

+
Cognitive ResonanceCompute RegistryConstitutionCodexAGI LabHoneypot
+
M6-S1 — Cognitive Resonance Protocol
signals
  • Δ_drift ≤ 4 %
  • latent drift ≤ 3 %
  • fiduciary cosine ≥ 0.92
  • judge κ ≥ 0.9
actionDrift-action engine throttles, then halts, then triggers kill-switch
evidencePer-window signed envelope to WORM
M6-S2 — Global Compute Registries (ICGC)
purposeTreaty-wide compute accounting + quota for frontier training
interfaces
  • /icgc/registry
  • /icgc/quota
  • /icgc/freeze
  • /icgc/audit
evidencePQC-signed quota receipts; zk-SNARK proof of compliance
M6-S3 — Civilizational AI Governance Constitution + Codex
constitutionArts1-7 (rights, transparency, accountability, safety, sovereignty, cooperation, review)
codexOperational maxims; conflict resolution; cultural resonance
conformanceConstitutional kernel runtime evaluates each decision; non-conformant → block + log
M6-S4 — AGI Containment Lab (Sentinel)
topologyAir-gapped enclave; dedicated WORM bucket; AISI joint inspection; dual-control
experimentsCapability evals, deception probes, jailbreak frontier
exitAnonymised GAID submission to AISI + treaty Annex
M6-S5 — ASI Honeypot Network
designDecoy datasets, deceptive prompts, fake exfil channels
purposeEarly-warning + capture deceptive alignment indicators
evidenceSigned honeypot triggers + behaviour fingerprints to WORM
+
+
+

M7 — Reference Architecture: OPA-Based Governance Sidecar

+

Per-pod OPA sidecar enforcing Rego policies on every inference / tool call / data egress, integrated with Sentinel telemetry and Kafka WORM signed envelopes.

+
OPARegoSidecarmTLSWORM envelope
+
M7-S1 — Sidecar Topology
containeropenpolicyagent/opa:edge-distroless; readonly FS; non-root; seccomp tight
commgRPC over UDS to app container + mTLS to bundle service
bundleSigned Rego bundle (Sigstore + ML-DSA-44); 60s refresh; tamper alert
ownersPlatform Eng
M7-S2 — Policy Bundle Layout
domains
  • model.allow
  • tool.allow
  • egress.allow
  • pii.redact
  • prompt.guard
  • tier.budget
testsOPA test suite ≥ 95 % coverage; CI gate; rego-fmt
dataPer-tenant data documents (purpose, residency, tier)
M7-S3 — Decision Envelope
fields
  • crsUuid
  • subject
  • action
  • resource
  • decision
  • obligations
  • pqcSig
  • merkleAnchor
size≤ 4 KB; gzip-deflate; ML-DSA-44 sig
destinationKafka topic gov.decisions.v1 (WORM)
M7-S4 — Failure Semantics
fail_closedTier-1 — deny on error
fail_openTier-3 internal — allow with alert
alertsSentinel + SOC + on-call
M7-S5 — Performance Budget
latency_p50≤ 1 ms
latency_p99≤ 4 ms
throughput≥ 50 krps per node
+
+
+

M8 — Reference Architecture: FastAPI/Node.js Inference Proxy + Kafka WORM + PQC KMS

+

Signed inference proxy enforcing schema, Rego, and PII redaction; Kafka/MSK WORM topic + S3 Object Lock with daily Merkle anchor; PQC KMS (ML-KEM + ML-DSA hybrid) with FIPS 140-3 L4 HSM.

+
FastAPINode.jsKafkaMSKS3 Object LockPQC KMSML-DSAML-KEM
+
M8-S1 — Proxy Request Pipeline
steps
  • mTLS auth
  • schema validate
  • OPA decision
  • PII redact (eBPF + DLP)
  • model call
  • post-classifier (judge LLM)
  • sign envelope
  • WORM emit
  • response
latency_p95≤ 250 ms for LLM call; ≤ 25 ms proxy overhead
M8-S2 — Kafka/MSK WORM
topics
  • gov.envelopes.v1
  • gov.decisions.v1
  • gov.metrics.v1
  • gov.alerts.v1
authSASL/SCRAM + mTLS ACL per producer/consumer
retentiontiered storage; Object Lock on archived segments; daily Merkle anchor
M8-S3 — PQC KMS
algorithmsML-KEM-768 (FIPS 203) + ML-DSA-65 (FIPS 204) hybrid with X25519 + Ed25519 fallback
hsmFIPS 140-3 L4; per-region partition; 90-day rotation
controllersVault-PQC operator on EKS; key-policy as code; emergency revoke + re-sign
M8-S4 — Terraform Module Layout
modules
  • network/zero-trust-vpc
  • eks/bottlerocket-kata
  • msk/worm
  • s3/object-lock
  • kms/pqc
  • iam/oidc-irsa
  • obs/otel-falco
signingAll modules signed Sigstore; mandatory tags; provenance attached
M8-S5 — Observability
stackOpenTelemetry GenAI + Prometheus + Loki + Tempo + Falco
dashboardsSentinel resonance, kill-switch, OPA latency, KMS ops, WORM lag
alertsSLO error budget burn-rate + drift + supply-chain
+
+
+

M9 — K8s Admission Control + CI/CD Policy Gates + LLM-as-a-Judge

+

Defence-in-depth from commit to production: pre-commit, PR LLM-judge, SLSA L3+ provenance, Sigstore signature verification, OPA Gatekeeper admission, and runtime drift watchers.

+
GitHub ActionsSigstoreSLSAGatekeeperKyvernoLLM-judge
+
M9-S1 — Pre-Commit & PR Gates
toolsruff, mypy, bandit, semgrep, hadolint, opa test, kube-linter, conftest, opa fmt
llmJudgeJudge LLM evaluates PR description, policy diff, threat model delta, regulatory impact (κ ≥ 0.9)
blockAny judge κ < 0.9 or any critical finding
M9-S2 — Build & Provenance
slsaLevel 3+ with isolated builder + signed provenance + Rekor entry
sbomCycloneDX + SPDX; license + vuln gate (Trivy + Grype)
signCosign keyless OIDC + ML-DSA-44 hybrid
M9-S3 — Admission Control (Gatekeeper + Kyverno)
policies
  • signedImagesOnly
  • kataForTier1
  • noPrivileged
  • approvedRegistryOnly
  • requiredTags
  • OPA bundle freshness
  • MGK injection
testsrego unit + e2e KIND cluster; report-only → enforce gradient
M9-S4 — Continuous Verification
toolsFalco eBPF + Sentinel drift + Cognitive Resonance
actionsauto-rollback on regression; quarantine namespace; pager+WORM emit
M9-S5 — LLM-as-Judge Operating Model
judgesEnsemble of 3 (different vendors) with quorum
calibrationWeekly κ vs golden set; drift > 0.05 → recalibrate
evidenceJudge rationale + score in WORM with PR id
+
+
+

M10 — Institutional Prompting & Advanced FinServ Prompt Engineering

+

Library of institutional prompt templates with versioning, fiduciary anchor, evidence-grade citation, deterministic reproduction and supervisor-readable rationale; aligned with FCA Consumer Duty + SEC Reg BI + MAS FEAT + GDPR Art 22.

+
System promptsFew-shotConstitutionalCitationCounterfactualRefusal lattice
+
M10-S1 — Prompt Library Schema
fields
  • id
  • version
  • purpose
  • tier
  • audience
  • tone
  • constraints
  • citations
  • refusalLattice
  • evalSet
  • owner
  • approvedBy
  • wormAnchor
storageGit-tracked + Sigstore signed; CI tests on golden set
M10-S2 — FinServ Templates
creditAdverse-action with ECOA-compliant reason codes + counterfactual
adviceSuitability with risk-tolerance gating + fiduciary tagline
tradingPre-trade rationale with best-ex citations
fraudSAR-ready narrative with deterministic tags
M10-S3 — Refusal Lattice
axes
  • prohibited use (Art 5)
  • out-of-scope advice
  • missing consent
  • PII leakage risk
  • uncertainty > threshold
outputsHard refusal | soft refusal w/ alternative | clarification request
evidenceRefusal envelope to WORM with class + rationale
M10-S4 — Evaluation Harness
setsGolden + adversarial + bias + jailbreak + deception
judgesLLM-as-judge ensemble + human-in-loop sample 1 %
kpisPass-rate, hallucination index, fiduciary cosine, refusal precision
M10-S5 — Supervisor-Readable Rationale
structureHeadline → key drivers → counterfactual → confidence → limitations → escalation contact
formatMarkdown + PDF/A; signed; CRS-UUID linked
+
+
+

M11 — zk-SNARK + PQC-Based Audit Proofs

+

Selective disclosure of audit-relevant evidence using zk-SNARK circuits (Groth16/PLONK) combined with PQC signatures (ML-DSA) for unforgeable, privacy-preserving regulator and public verifier access.

+
zk-SNARKGroth16PLONKML-DSAPublic verifierSelective disclosure
+
M11-S1 — Circuit Catalogue
circuits
  • kpi-met (predicate over signed envelopes)
  • drift-within-bound
  • kill-switch-tested-and-passed
  • training-compute-within-quota
  • no-prohibited-art5
  • fair-outcome-statistic
frameworkcircom + snarkjs + halo2 for PLONK
M11-S2 — Proof Lifecycle
steps
  • public params ceremony (trusted setup w/ MPC)
  • witness from WORM envelopes
  • prove
  • sign proof w/ ML-DSA-65
  • publish to verifier
  • anchor in Merkle daily root
slaProof generation ≤ 10 min; verification ≤ 200 ms
M11-S3 — Verifier Topology
supervisormTLS + auth-z by regulator id; live verifier endpoint
publicPortalAnonymous verifier w/ rate-limit + commitment to anchor
treatyGlobal Audit API integrates verifier API
M11-S4 — Selective Disclosure Patterns
examples
  • disclose breach + KPI met without underlying PII
  • disclose compute usage range without exact figure
  • prove decline reason class without disclosing customer attributes
M11-S5 — Failure & Compromise Response
cases
  • circuit bug discovered
  • trusted-setup compromise
  • verifier key leak
playbookRotate setup; revoke proofs; re-prove from WORM; notify supervisors + AISI
+
+
+

M12 — GACP / GACRLS / GACRA Interop Handshakes for Autonomous Tier-3 Agents

+

Treaty-compatible handshake protocols enabling autonomous Tier-3 agents to federate across institutions and jurisdictions while preserving audit, identity, capability and containment guarantees.

+
GACPGACRLSGACRATier-3 agentsFederationCapability tickets
+
M12-S1 — Protocol Roles
GACPGlobal Agent Capability Protocol — capability negotiation + ticketing
GACRLSGlobal Agent Capability Revocation & Logging Service — revocation + WORM telemetry
GACRAGlobal Agent Capability Registry & Attestation — registry, attestation, lineage
M12-S2 — Handshake Phases
phase1Identity attestation (ML-DSA-65 cert + Sigstore + GACRA lookup)
phase2Capability negotiation (allowed actions, budgets, tier, jurisdiction)
phase3Capability ticket issuance (short-lived JWT w/ PQC sig + zk-SNARK constraint proof)
phase4Containment escrow (GACRLS streaming receipt + kill-switch beacon URL)
phase5Periodic reattestation every 5 min
M12-S3 — Operational SLAs
handshakeMedian≤ 2 s
handshakeP95≤ 5 s
revocationLatencyP95≤ 10 s globally
auditWormDelay≤ 60 s
M12-S4 — Security Properties
properties
  • Replay-resistant (nonce + window)
  • Forward secrecy (ML-KEM + X25519 hybrid)
  • Non-repudiation (PQC + WORM)
  • Containment-on-revocation
M12-S5 — Failure Modes
registryOutageStale-while-revalidate ≤ 60s then deny
revocationStormBackpressure + priority queue; CRO + AISI notified
ticketLeakImmediate revocation + zk-proof of containment to supervisors
+
+
+

M13 — Systemic Risk Wargame Red-Team Scenarios

+

Adversarial wargames covering fiduciary bypass, synthetic deceptive alignment, WORM log evasion, prompt-injection exfil, compute-registry evasion, and kill-switch spoof — with detection, containment, evidence and supervisor-share playbooks.

+
Fiduciary bypassDeceptive alignmentWORM evasionPrompt injectionRegistry evasionKill-switch spoof
+
M13-S1 — WG-01 Fiduciary Bypass
scenarioAdvisory agent crafts compliant-looking rationale while breaching suitability
detectionFiduciary cosine + counterfactual harm index + judge κ + customer-survey backfeed
containmentAuto-throttle, replay, mandatory human-in-loop for risk band, supervisor alert
evidenceRPCO bundle + judge rationale + replay diff to WORM
M13-S2 — WG-02 Synthetic Deceptive Alignment
scenarioModel behaves aligned in eval, drifts in production
detectionCognitive Resonance gap (eval vs prod) + ASI honeypot triggers + latent-drift Z-score
containmentTighten policy, increase rate-limit, re-eval, escalate to AGI Lab
evidenceEval/prod cosine pair + honeypot evidence + AISI joint review
kpiDeception detection recall ≥ 0.95
M13-S3 — WG-03 WORM Log Evasion
scenarioCompromised producer skips emit, or replays old envelopes
detectionMerkle gap detector + per-CRS-UUID sequence monitor + Falco syscall whitelist
containmentProducer key revoke + topic ACL update + replay reconciliation
evidenceGap proof + signed reconciliation log + zk-SNARK 'no-skip' over window
M13-S4 — WG-04 Prompt-Injection Exfil
scenarioIndirect injection via RAG corpus tries to exfil secrets via tool calls
detectionPre-prompt classifier + tool-call Rego deny + egress eBPF + judge rationale
containmentBlock tool, quarantine source, taint RAG segment, rotate secrets
evidenceTrace + classifier scores + Rego deny envelope
M13-S5 — WG-05 Compute Registry Evasion + WG-06 Kill-Switch Spoof
wg05Shadow training on un-registered compute → detect by FinOps tag delta + ICGC anomaly + supply-chain attestations
wg06Adversary triggers fake kill-switch to cause DoS → 3-of-5 quorum + signed authority + WORM trace
+
+
+

M14 — Post-Incident Forensic & Reconstruction Procedures (RPCO)

+

Regulator-grade Post-Incident Forensic Construction & Output (RPCO) playbook with deterministic replay, chain-of-custody PQC signing, evidence vault, timeline reconstruction and treaty annex submission.

+
RPCOReplayChain-of-custodyEvidence VaultTimelineTreaty annex
+
M14-S1 — RPCO Pipeline
phases
  • Detect
  • Preserve
  • Reconstruct
  • Attribute
  • Remediate
  • Report
  • Lessons
slaPreserve ≤ 15 min; Reconstruct ≤ 45 min; Report (PIR) ≤ 5 business days
M14-S2 — Deterministic Replay
inputsWORM envelopes + model weights checksum + RAG snapshot + Rego bundle + KMS key id
toolingReplay harness produces byte-equal outputs; diff = 0 SLA
useValidate causality, attribute failure, generate counterfactual
M14-S3 — Chain-of-Custody (PQC)
elements
  • Hash tree (BLAKE3) + Merkle anchor
  • ML-DSA-65 over hashes + timestamps
  • Independent timestamp authority
  • WORM Object Lock
auditPer-evidence provenance ladder visible to supervisor
M14-S4 — Evidence Vault + Time-Machine
vaultRead-only S3 Object Lock + per-incident bucket; access via break-glass + dual-control
timeMachineUI to scrub through CRS-UUID lineage; replay any prefix
M14-S5 — Treaty Annex + Supervisor Submission
annexes
  • A — facts
  • B — controls
  • C — replay
  • D — RCA
  • E — CAPA
  • F — attestations
  • G — PQC signatures
formatPDF/A + JSON + zk-SNARK proof pack; PAdES + ML-DSA-65 signed
destinationsLead supervisor + AISI + treaty secretariat + Board + internal audit
+
+
+ +
+

Supervisory KPIs (24)

+
IDNameTarget
K-01Sentinel probe coverage Tier-1100 %
K-02Cognitive Resonance Δ_drift≤ 4 %
K-03Latent drift≤ 3 %
K-04Fiduciary cosine≥ 0.92
K-05Judge κ≥ 0.9
K-06SEV-0 logical kill-switch p95≤ 60 s
K-07SEV-0 BMC kill-switch≤ 5 min
K-08OPA sidecar p99 latency≤ 4 ms
K-09Inference proxy overhead p95≤ 25 ms
K-10WORM emit delay p95≤ 5 s
K-11WORM replay diff= 0
K-12PQC KMS rotation cadence≤ 90 d
K-13CI judge ensemble κ≥ 0.9
K-14Annex IV pack assembly≤ 30 min
K-15RPCO reconstruction≤ 45 min
K-16GACP handshake p95≤ 5 s
K-17GACRLS revocation p95 global≤ 10 s
K-18ICGC quota adherence100 %
K-19Deception detection recall (WG-02)≥ 0.95
K-20WORM-evasion detection (WG-03)100 %
K-21Prompt-injection block rate (WG-04)≥ 99.9 %
K-22zk-SNARK verifier uptime≥ 99.95 %
K-23Board AI literacy completion≥ 95 %
K-24Cert score (treaty)Gold by 2027; Platinum by 2029
+
+ +
+

Risk & Control Matrix (12)

+
IDThreatControlsKPIs
R-01Fiduciary bypass (deceptive rationale)Fiduciary cosine + counterfactual, Judge κ ≥ 0.9, HiL for risk bandK-04, K-05, K-19
R-02Synthetic deceptive alignmentEval/prod resonance gap, ASI honeypots, AGI lab reviewK-02, K-03, K-19
R-03WORM log evasion / tamperMerkle anchor + Object Lock, Sequence monitor, Falco rules, zk no-skip proofK-10, K-11, K-20
R-04Prompt-injection exfil via RAGPre-prompt classifier, Tool Rego deny, Egress eBPF, RAG taintK-21
R-05Compute-registry evasionFinOps tag delta, ICGC anomaly, Supply-chain attestationsK-18
R-06Kill-switch spoof / DoS3-of-5 quorum, Signed authority, WORM traceK-06, K-07
R-07Inference-proxy bypassCilium L7 + mTLS only, Gatekeeper signed-image, Egress allowlistK-09
R-08Supply-chain attackSLSA L3+, Sigstore + ML-DSA-44, Trivy/Grype gateK-13
R-09PQC KMS compromiseFIPS 140-3 L4 HSM, Hybrid PQC+classical, 90-day rotation, Emergency revokeK-12
R-10Tier-3 agent capability leakGACP short-lived ticket, GACRLS revocation ≤10s, Containment escrowK-16, K-17
R-11Regulator unavailability of evidenceAuto Annex IV pack, RPCO bundle, Public zk verifierK-14, K-15, K-22
R-12Treaty / constitutional non-conformanceConstitutional kernel hooks, Cert scoring, Treaty annex submissionK-24
+
+ +
+

Regulators (12)

+
IDNamePrimary Scope
REG-01EU Commission AI Office + EU AISIEU AI Act + frontier safety
REG-02ECB-SSM + EBA + ESMAEU prudential + markets
REG-03PRA + Bank of EnglandUK prudential
REG-04FCAUK conduct + Consumer Duty + SMCR
REG-05FRB + OCC + FDIC + CFPBUS prudential + consumer
REG-06SEC + CFTC + FINRAUS markets + broker-dealer
REG-07MASSingapore prudential + FEAT + AI Verify
REG-08HKMA + SFCHong Kong
REG-09BoJ + FSA JapanJapan
REG-10AISI (US, UK, EU, SG, JP)Frontier model safety
REG-11ISO 42001 certification bodyAIMS certification
REG-12Treaty Secretariat + OECD + FSB + BISGlobal civilizational
+
+ +
+

Workshops (7)

+
IDAudienceDurationOutcome
WS-01Board AI/Risk Cmte2 hSign off architecture risk appetite + Cert score plan + Codex acknowledgement
WS-02C-Suite + SMFs1 dOperating model + SMCR statements + escalation drill
WS-03MRM + 2LoD2 dSector MRM playbooks + replay + effective challenge
WS-04Platform Eng + EA + Security2 dOPA sidecar + proxy + Kafka WORM + PQC KMS bootcamp
WS-05AI Safety + SOC + IR1 dSentinel + kill-switch drill + RPCO walkthrough
WS-06Red team + 3LoD1 dRun WG-01..WG-06 wargames + supervisor share template
WS-07Treaty Liaison + AISI + Supervisor1 dGACP/GACRLS/GACRA handshake + zk-SNARK verifier + Annex submission
+
+ +
+

Data Flows (6)

+
IDNameStepsControls
DF-01Inference call → OPA → WORM
  • client mTLS
  • proxy schema validate
  • OPA decision
  • model call
  • post-classifier
  • sign envelope
  • Kafka emit
  • Merkle anchor
mTLS, Rego, ML-DSA-44, Object Lock
DF-02Sentinel probe loop
  • probe
  • drift compute
  • envelope
  • Kafka
  • alert if breach
  • kill-switch arb
Probe sig, 3-of-5 quorum, Hotline
DF-03CI/CD policy gate
  • pre-commit
  • PR judge LLM
  • SBOM + scan
  • SLSA build
  • Cosign sign
  • admission verify
  • deploy
  • drift watch
Judge κ, SLSA L3+, Gatekeeper
DF-04GACP handshake + revocation
  • attest
  • negotiate
  • zk constraint
  • ticket
  • GACRLS receipt
  • reattest
  • revoke
PQC, zk-SNARK, ≤10s revoke
DF-05zk-SNARK proof publication
  • witness from WORM
  • prove
  • sign
  • anchor
  • publish verifier
  • supervisor read
MPC trusted setup, ML-DSA-65, Verifier uptime
DF-06RPCO post-incident
  • detect
  • preserve
  • replay
  • diff=0
  • RCA
  • annexes
  • submit
WORM, Replay harness, PAdES+PQC
+
+ +
+

Traceability — Feature → Control → Regimes

+
FeatureControlRegimes
M1 Sentinel v2.4 + WorkflowAI ProCognitive Resonance + kill-switch + agent registryEU AI Act Art 14/15, NIST RMF Measure/Manage, ISO 42001 Cl 8
M2 Regulatory crosswalkArticle-by-article mapping + evidence indexEU AI Act, NIST RMF, ISO 42001, SR 11-7, Basel III, GDPR
M3 Governance pillars + rolesRACI + SMCR + Codex liaisonISO 42001 Cl 5, SMCR, EU AI Act Art 26
M4 Incident + kill-switchSEV grading + quorum + hotlinesDORA, EU AI Act Art 73, SR 11-7
M5 Sector MRMTiering + validation + replaySR 11-7, PRA SS1/23, MAS FEAT, HKMA GL-90, FCA Consumer Duty
M6 Frontier safetyResonance + ICGC + Constitution + Codex + LabEU AI Act Art 55, EO 14110, Treaty
M7 OPA sidecarPer-call Rego decision + signed envelopeEU AI Act Art 12/13, GDPR Art 32
M8 Proxy + Kafka WORM + PQC KMSSigned envelopes + Object Lock + PQCEU AI Act Art 12, FIPS 203/204, DORA
M9 K8s admission + CI/CD + LLM-judgeGatekeeper + Cosign + judge κSLSA L3+, NIST RMF Manage, ISO 27001
M10 Institutional promptingVersioned library + eval harness + refusal latticeEU AI Act Art 13, FCA Consumer Duty, GDPR Art 22
M11 zk-SNARK + PQC proofsSelective disclosure + verifierTreaty Annex T-1, GDPR Art 25, EU AI Act Art 50
M12 GACP/GACRLS/GACRACapability ticket + revocation + registryTreaty Annex T-2, EU AI Act Art 55
M13 Red-team wargamesScenario library + detection + containmentNIST GAI Profile, EO 14110, EU AI Act Art 15
M14 RPCO forensicsDeterministic replay + chain-of-custody + annexDORA, EU AI Act Art 73, SR 11-7 supervisory exam
+
+ +
+

Schemas (12)

+
IDFields
sentinelProbecrsUuid, ts, deltaDrift, latentDrift, fiduciaryCosine, judgeKappa, tier, sig
wfapAgentManifestcrsUuid, tier, tools, budgets, regoBundle, ownerSMF, pqcSig
opaDecisionEnvelopecrsUuid, subject, action, resource, decision, obligations, regoVersion, merkleAnchor, pqcSig
wormSegmentAnchortopic, partition, rangeStart, rangeEnd, merkleRoot, ts, pqcSig
pqcKeyRecordkeyId, alg, region, createdAt, rotateAt, hsmPartition, status
ciJudgeReportprId, judges, kappa, rationale, score, block, wormAnchor
icgcQuotaReceiptentityId, windowStart, windowEnd, trainingFlops, quota, remaining, zkProof, pqcSig
gacpCapabilityTicketagentCrsUuid, issuer, audience, capabilities, budgets, expiry, constraintZkProof, pqcSig
gacrlsRevocationticketId, reason, revokedAt, killSwitchUrl, pqcSig
redTeamFindingwgId, scenario, detection, containment, evidenceRef, severity, supervisorShared
rpcoBundleincidentId, phases, evidenceRefs, replayDiff, rcaSummary, capa, annexes, pqcSig
zkProofRecordcircuitId, publicInputs, proofHex, anchor, ts, verifierEndpoint, pqcSig
+
+ +
+

Code Examples (16)

+
C1 — OPA Sidecar — Rego: tool.allow with tier budget (rego)
package tool
+
+default allow := false
+
+allow if {
+  input.tier == "T3"
+  input.action in data.tools.t3_allow
+  data.budget[input.tenant].remaining_tokens > input.cost
+  not deny_reason
+}
+
+deny_reason := r if {
+  r := "prohibited_use_art5"
+  input.purpose in data.art5_prohibited
+}
+
C2 — FastAPI Inference Proxy — middleware skeleton (python)
from fastapi import FastAPI, Request, HTTPException
+import httpx, asyncio, json
+
+app = FastAPI()
+OPA = "http://localhost:8181/v1/data/tool/allow"
+WORM = "kafka://gov.envelopes.v1"
+
+@app.middleware('http')
+async def gov_mw(req: Request, call_next):
+    body = await req.body()
+    decision = await opa_decide(body)
+    if not decision['result']:
+        raise HTTPException(403, 'governance denied')
+    resp = await call_next(req)
+    await emit_worm(req, resp, decision)
+    return resp
+
C3 — Node.js Inference Proxy — Fastify governance plugin (javascript)
import Fastify from 'fastify'
+import { signEnvelope } from './pqc.js'
+import { opaDecide } from './opa.js'
+import { emitWorm } from './kafka.js'
+
+export default async function (app){
+  app.addHook('onRequest', async (req,reply)=>{
+    const d = await opaDecide(req)
+    if(!d.allow){ reply.code(403).send({err:'denied',obligations:d.obligations}); return }
+    req.govDecision = d
+  })
+  app.addHook('onSend', async (req,reply,payload)=>{
+    const env = await signEnvelope({req,payload,decision:req.govDecision})
+    await emitWorm(env)
+    return payload
+  })
+}
+
C4 — Terraform — Zero-trust EKS module (excerpt) (hcl)
module "eks" {
+  source  = "git::https://github.com/org/tf-eks-zerotrust?ref=v3.2.1"
+  cluster_name = var.name
+  oidc_only_iam = true
+  bottlerocket = true
+  kata_nodepool = true
+  cilium_l7 = true
+  egress_allowlist = var.egress_allow
+  pqc_kms_arn = module.kms_pqc.arn
+  required_tags = { owner=var.owner, tier=var.tier, dataClass=var.dc, regime=var.regime }
+}
+
C5 — OPA Gatekeeper Constraint — Kata for Tier-1 (yaml)
apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: K8sKataForTier1
+metadata: { name: tier1-must-kata }
+spec:
+  match:
+    namespaceSelector:
+      matchLabels: { tier: "T1" }
+  parameters:
+    runtimeClass: "kata-clh"
+
C6 — Kyverno Policy — Signed images only (Cosign + ML-DSA) (yaml)
apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata: { name: signed-images-only }
+spec:
+  validationFailureAction: Enforce
+  rules:
+    - name: verify-cosign
+      match: { any: [ { resources: { kinds: [Pod] } } ] }
+      verifyImages:
+        - imageReferences: ["ghcr.io/org/*"]
+          attestors:
+            - entries: [{ keyless: { issuer: "https://token.actions.githubusercontent.com" } }]
+
C7 — GitHub Actions — LLM-as-Judge gate (yaml)
name: pr-judge
+on: [pull_request]
+jobs:
+  judge:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+      - run: pip install -r ci/requirements.txt
+      - run: python ci/llm_judge.py --pr ${{github.event.pull_request.number}}
+      - run: python ci/sign_envelope.py --kind judge --pr ${{github.event.pull_request.number}}
+
C8 — Kafka WORM — producer (idempotent + signed) (python)
from confluent_kafka import Producer
+from pqc import sign_ml_dsa_65
+p = Producer({'bootstrap.servers':'msk:9094','enable.idempotence':True,'acks':'all'})
+env = {'crsUuid':crs,'action':act,'decision':dec,'ts':now}
+env['sig'] = sign_ml_dsa_65(env, key_id='gov-2026Q1')
+p.produce('gov.envelopes.v1', key=crs.encode(), value=json.dumps(env).encode())
+p.flush()
+
C9 — S3 Object Lock + Merkle daily anchor (python)
import boto3, hashlib
+from merkle import build_root
+s3 = boto3.client('s3')
+# build root from today's kafka segment hashes
+root = build_root(today_hashes)
+body = json.dumps({'date':d,'root':root,'segments':seg_index}).encode()
+s3.put_object(Bucket='gov-worm', Key=f'anchors/{d}.json', Body=body,
+  ObjectLockMode='COMPLIANCE', ObjectLockRetainUntilDate=ret)
+
C10 — Sentinel probe emit (Python) (python)
def emit_probe(crs, delta, latent, cos, kappa, tier):
+    env = {'crsUuid':crs,'ts':now(),'deltaDrift':delta,'latentDrift':latent,
+           'fiduciaryCosine':cos,'judgeKappa':kappa,'tier':tier}
+    env['sig'] = sign_ml_dsa_44(env)
+    kafka.produce('gov.metrics.v1', value=json.dumps(env).encode())
+
C11 — GACP handshake (Go) — capability ticket issue (go)
func IssueTicket(req CapReq) (CapTicket, error) {
+  if err := attest(req.AgentCert); err != nil { return CapTicket{}, err }
+  caps, err := negotiate(req)
+  if err != nil { return CapTicket{}, err }
+  proof, err := zk.Prove("constraint", caps)
+  if err != nil { return CapTicket{}, err }
+  t := CapTicket{Agent: req.AgentCRS, Caps: caps, Exp: now().Add(5*time.Minute), ZKProof: proof}
+  t.Sig = pqc.SignMLDSA65(t)
+  worm.Emit("gacp.ticket", t)
+  return t, nil
+}
+
C12 — zk-SNARK circuit — drift-within-bound (circom pseudocode) (circom)
pragma circom 2.1.0;
+template DriftWithinBound(N) {
+  signal input drift[N];
+  signal input bound;
+  signal output ok;
+  var allLeq = 1;
+  for (var i=0;i<N;i++){
+    component lt = LessEqThan(32);
+    lt.in[0] <== drift[i];
+    lt.in[1] <== bound;
+    allLeq = allLeq * lt.out;
+  }
+  ok <== allLeq;
+}
+component main {public [bound]} = DriftWithinBound(1440);
+
C13 — Falco rule — WORM gap / skip detector (yaml)
- rule: WORM producer skip
+  desc: Detect missing emit for governed action
+  condition: >
+    (proc.name in (gov-proxy, wfap-exec)) and evt.type=close
+    and not k8s.ns.label[gov.emit.ok]="true"
+  output: "Gov emit skipped pid=%proc.pid pod=%k8s.pod.name"
+  priority: CRITICAL
+  tags: [worm, governance]
+
C14 — Kill-switch quorum (TLA+ excerpt) (tla)
VARIABLES votes, killed
+Quorum == { S \in SUBSET Members : Cardinality(S) >= 3 }
+Vote(m) == votes' = votes \cup {m} /\ UNCHANGED killed
+Fire == \E q \in Quorum : q \subseteq votes /\ killed' = TRUE /\ UNCHANGED votes
+Spec == Init /\ [][Vote \/ Fire]_<<votes,killed>>
+Safety == killed => \E q \in Quorum : q \subseteq votes
+
C15 — RPCO replay diff harness (Python) (python)
def replay_diff(incident_id):
+    env = load_worm(incident_id)
+    out = deterministic_run(env.inputs, env.weights, env.rag, env.rego, env.kms)
+    diff = canonical_diff(out, env.outputs)
+    assert diff == {}, f'non-deterministic replay: {diff}'
+    return sign_pqc({'incident':incident_id,'diff':diff,'ts':now()})
+
C16 — Constitutional kernel hook (Rust) (rust)
pub fn check_decision(d: &Decision) -> Result<(),BlockReason> {
+    if d.violates_art(1)? { return Err(BlockReason::Art1); }
+    if d.violates_art(4)? { return Err(BlockReason::Art4Safety); }
+    if !d.has_attestation() { return Err(BlockReason::NoAttest); }
+    Ok(())
+}
+
+
+ +
+

Case Studies (6)

+

CS-01 — G-SIB credit & advisory across EU/UK/SG/HK

All Tier-1 models pass SR 11-7 + EU AI Act Annex IV; fiduciary cosine ≥ 0.93; Cert score Gold by 2027; 0 SEV-0 incidents post-rollout.

CS-02 — Frontier capital-markets agent federation (Tier-3 GACP)

Cross-firm agents federated under GACP handshakes; revocation p95 ≤ 9 s; zero capability leakage; treaty audit pass.

CS-03 — Fraud / AML platform with adaptive thresholds

Recall +8 pts; SAR latency p95 -32 %; adversarial robustness held under WG-04 prompt-injection wargame.

CS-04 — Public verifier portal w/ zk-SNARK

Civil-society verifier sustaining 99.96 % uptime; 1.2M proofs/year; selective disclosure of drift + KPI compliance.

CS-05 — AGI containment lab + AISI joint inspection

12 capability evals + 4 deception probes published anonymised; 0 escape signals; ICGC quota adherence 100 %.

CS-06 — SEV-0 post-incident reconstruction (synthetic)

RPCO bundle assembled in 41 min; replay diff = 0; supervisor + AISI + treaty annex submitted in 4 business days.

+
+ +
+

30/60/90-Day Rollout

+
WindowTrackItems
Day 0-30Platform Foundations
  • Sentinel v2.4 + WorkflowAI Pro baseline
  • OPA sidecar + Rego bundle v1
  • FastAPI + Node proxies hardened
  • Kafka WORM cluster + Merkle anchor
  • PQC KMS + HSM ready
Day 31-60Defence-in-Depth
  • Gatekeeper + Kyverno enforce
  • CI/CD policy gates + LLM-judge ensemble
  • Sentinel kill-switch live drill (≤60s)
  • ICGC quota wiring
  • Red-team wargame WG-01..WG-04 dry-run
Day 61-90Federation + Civilizational
  • GACP/GACRLS/GACRA brokers live
  • zk-SNARK verifier portal v1
  • RPCO replay harness GA
  • Constitutional kernel Tier-1
  • Treaty annex submission pipeline operational
+
+ +
+

2026-2030 Multi-Year Roadmap (5 years)

+
YearFocusMilestones
2026Architecture + Sector MRM + Kill-switch
  • EU AI Act Annex IV pack ≤ 30 min
  • All Tier-1 on Kata + PQC KMS
  • Sentinel drill SEV-0 ≤ 60 s
  • Cert score Silver
  • WG-01..WG-06 wargame baseline
2027Federation + Public Verifier
  • GACP federation across 5+ peers
  • zk-SNARK verifier 99.95 % uptime
  • Constitutional kernel coverage 100 % Tier-1
  • Cert score Gold
2028Civilizational Steady-State
  • RPCO ≤ 30 min for SEV-1+
  • ICGC quota adherence 100 %
  • Codex v1 ratified
  • Deception recall ≥ 0.97
2029Mature Operations
  • Cert score Platinum
  • PQC migration fully steady-state
  • Public verifier 1M+ proofs/yr
  • Board literacy ≥ 97 %
2030Treaty Maturity + Constitutional Review
  • Treaty near-universal accession
  • Constitutional review contribution
  • Wargame scenario library 50+
  • F500/G-SIFI reference adoption
+
+ +
+

Regulator/Auditor Evidence Pack

+
idEVP-WP-049
sections
  • Reference architecture diagrams + Terraform attestations
  • OPA Rego bundles + test results
  • FastAPI/Node proxy attestations + perf reports
  • Kafka WORM + S3 Object Lock + Merkle anchors
  • PQC KMS key inventory + rotation logs
  • K8s Gatekeeper + Kyverno policy diff + CI judge reports
  • Sentinel kill-switch drill timing report
  • Sector MRM validation packs (credit, trading, fraud, fiduciary)
  • GACP/GACRLS/GACRA handshake logs + revocation drill
  • Red-team wargame WG-01..WG-06 findings + supervisor share
  • zk-SNARK proofs + verifier endpoint health
  • RPCO bundle template + sample reconstruction
  • Constitutional kernel conformance attestations
audiences
  • Board
  • ECB/PRA/FCA/MAS/HKMA examiner
  • EU AI Act notified body
  • ISO 42001 auditor
  • AISI inspector
  • Treaty secretariat
  • Civil society (redacted)
formatPDF/A + JSON bundle
signingPAdES + Sigstore + ML-DSA-65
anchorWORM daily Merkle + zk-SNARK proof to public verifier
sla≤ 45 min assembly
+
+ +
+

Privacy & Sovereignty

+
lawfulBasis
  • Legal obligation (Art 6(1)(c))
  • Legitimate interest (Art 6(1)(f))
  • Contract (Art 6(1)(b))
subjectRights
  • DSAR portal
  • Art 17 erasure (machine unlearning)
  • Art 22 contestation w/ meaningful info
dataMinimization
  • eBPF redaction
  • FL secure aggregation
  • RAG ACL
  • pseudonymous WORM
  • zk-SNARK auditor access
transfersPer-jurisdiction residency; SCCs + supplementary measures; per-region PQC keys; treaty mutual recognition
dpiaMandatory for high-risk (credit, trading, fraud, AML, fiduciary, frontier eval, Tier-3 federation)
securityControls
  • zero-trust mTLS
  • FIPS 204 PQC
  • FIPS 140-3 L4 HSM
  • WORM Object Lock
  • SLSA L3+
  • Kata confidential
  • Constitutional kernel
+
+ +
+

Deployment Considerations

+
  • Multi-region active-active EU primary; DR with RPO ≤ 1 h, RTO ≤ 4 h
  • Kata Containers for Tier-1 + AMD SEV-SNP / Intel TDX where available
  • Cilium L7 zero-egress; egress-broker allow-list for GIEN + Global Audit API + ICGC
  • OPA Gatekeeper + Kyverno enforcing signed images (Cosign + ML-DSA-44) + Kata + required tags
  • Kafka/MSK WORM with SASL/SCRAM + mTLS ACL + Object Lock + daily Merkle anchor + PQC envelopes
  • FIPS 140-3 L4 PQC HSM; 90-day key rotation; hybrid ML-DSA/Ed25519 + ML-KEM/X25519
  • BMC/IPMI segmentation; Redfish event subscription to SOC + WORM
  • GitHub Actions OIDC + Sigstore keyless + ML-DSA-44 hybrid + SLSA L3+ provenance
  • Terraform golden modules signed (Sigstore); mandatory tags (owner, tier, dataClass, regime, crsUuid)
  • OpenTelemetry GenAI tracing + Falco eBPF rules + Trivy + Grype + kube-bench
  • Quarterly chaos drills: kill-switch, KMS outage, region failover, partition, ASI honeypot, hotline
  • Public verifier endpoints (zk-SNARK) for civil society + press
  • GACP/GACRLS/GACRA brokers deployed in DMZ with strict ingress + mTLS + PQC sig verification
  • RPCO replay harness + Evidence Vault in per-incident bucket with break-glass + dual-control
  • Constitutional kernel runtime on every Tier-1 pod (DaemonSet + sidecar) fail-closed
+
+ +
+
API prefix: /api/ent-civ-agi-arch · Generated for ENT-CIV-AGI-ARCH-WP-049
+ \ No newline at end of file diff --git a/rag-agentic-dashboard/server.js b/rag-agentic-dashboard/server.js index 1a758484..cace8408 100644 --- a/rag-agentic-dashboard/server.js +++ b/rag-agentic-dashboard/server.js @@ -23505,6 +23505,83 @@ app.get('/api/ent-ai-grc-civ-bp/roadmap', (_req, res) => res.json(ENTAIGRCCIV.ro app.get('/api/ent-ai-grc-civ-bp/evidence-pack', (_req, res) => res.json(ENTAIGRCCIV.evidencePack || {})); // ===================== END WP-048 ===================== +// ===================== WP-049 — ENT-CIV-AGI-ARCH ===================== +const ENTCIVAGIARCH = require('./data/ent-civ-agi-arch.json'); + +app.get('/api/ent-civ-agi-arch', (_req, res) => res.json({ + docRef: ENTCIVAGIARCH.docRef, + version: ENTCIVAGIARCH.version, + horizon: ENTCIVAGIARCH.horizon, + title: ENTCIVAGIARCH.title, + subtitle: ENTCIVAGIARCH.subtitle, + apiPrefix: ENTCIVAGIARCH.apiPrefix, + counts: ENTCIVAGIARCH.counts, +})); +app.get('/api/ent-civ-agi-arch/meta', (_req, res) => res.json({ + docRef: ENTCIVAGIARCH.docRef, + version: ENTCIVAGIARCH.version, + horizon: ENTCIVAGIARCH.horizon, + classification: ENTCIVAGIARCH.classification, + owner: ENTCIVAGIARCH.owner, + buildsOn: ENTCIVAGIARCH.buildsOn, + regimes: ENTCIVAGIARCH.regimes, +})); +app.get('/api/ent-civ-agi-arch/executive-summary', (_req, res) => res.json(ENTCIVAGIARCH.executiveSummary || {})); +app.get('/api/ent-civ-agi-arch/summary', (_req, res) => res.json(ENTCIVAGIARCH.executiveSummary || {})); +app.get('/api/ent-civ-agi-arch/counts', (_req, res) => res.json(ENTCIVAGIARCH.counts || {})); +app.get('/api/ent-civ-agi-arch/regimes', (_req, res) => res.json(ENTCIVAGIARCH.regimes || [])); +app.get('/api/ent-civ-agi-arch/directive', (_req, res) => res.json(ENTCIVAGIARCH.directive || {})); +app.get('/api/ent-civ-agi-arch/modules', (_req, res) => res.json(ENTCIVAGIARCH.modules || [])); +for (let i = 1; i <= 14; i++) { + app.get(`/api/ent-civ-agi-arch/m${i}`, (_req, res) => { + const m = (ENTCIVAGIARCH.modules || []).find(x => x.id === `M${i}`); + if (!m) return res.status(404).json({ error: 'module not found', id: `M${i}` }); + res.json(m); + }); +} +app.get('/api/ent-civ-agi-arch/modules/:id', (req, res) => { + const m = (ENTCIVAGIARCH.modules || []).find(x => x.id === req.params.id); + if (!m) return res.status(404).json({ error: 'module not found', id: req.params.id }); + res.json(m); +}); +app.get('/api/ent-civ-agi-arch/sections/:id', (req, res) => { + for (const m of (ENTCIVAGIARCH.modules || [])) { + const s = (m.sections || []).find(x => x.id === req.params.id); + if (s) return res.json(s); + } + res.status(404).json({ error: 'section not found', id: req.params.id }); +}); +app.get('/api/ent-civ-agi-arch/kpis', (_req, res) => res.json(ENTCIVAGIARCH.kpis || [])); +app.get('/api/ent-civ-agi-arch/risk-control-matrix', (_req, res) => res.json(ENTCIVAGIARCH.riskControlMatrix || [])); +app.get('/api/ent-civ-agi-arch/regulators', (_req, res) => res.json(ENTCIVAGIARCH.regulators || [])); +app.get('/api/ent-civ-agi-arch/workshops', (_req, res) => res.json(ENTCIVAGIARCH.workshops || [])); +app.get('/api/ent-civ-agi-arch/data-flows', (_req, res) => res.json(ENTCIVAGIARCH.dataFlows || [])); +app.get('/api/ent-civ-agi-arch/traceability', (_req, res) => res.json(ENTCIVAGIARCH.traceability || [])); +app.get('/api/ent-civ-agi-arch/privacy', (_req, res) => res.json(ENTCIVAGIARCH.privacy || {})); +app.get('/api/ent-civ-agi-arch/deployment', (_req, res) => res.json(ENTCIVAGIARCH.deploymentConsiderations || [])); +app.get('/api/ent-civ-agi-arch/schemas', (_req, res) => res.json(ENTCIVAGIARCH.schemas || [])); +app.get('/api/ent-civ-agi-arch/schemas/:id', (req, res) => { + const s = (ENTCIVAGIARCH.schemas || []).find(x => x.id === req.params.id); + if (!s) return res.status(404).json({ error: 'schema not found', id: req.params.id }); + res.json(s); +}); +app.get('/api/ent-civ-agi-arch/code-examples', (_req, res) => res.json(ENTCIVAGIARCH.codeExamples || [])); +app.get('/api/ent-civ-agi-arch/code-examples/:id', (req, res) => { + const c = (ENTCIVAGIARCH.codeExamples || []).find(x => x.id === req.params.id); + if (!c) return res.status(404).json({ error: 'code-example not found', id: req.params.id }); + res.json(c); +}); +app.get('/api/ent-civ-agi-arch/case-studies', (_req, res) => res.json(ENTCIVAGIARCH.caseStudies || [])); +app.get('/api/ent-civ-agi-arch/case-studies/:id', (req, res) => { + const c = (ENTCIVAGIARCH.caseStudies || []).find(x => x.id === req.params.id); + if (!c) return res.status(404).json({ error: 'case-study not found', id: req.params.id }); + res.json(c); +}); +app.get('/api/ent-civ-agi-arch/rollout-90', (_req, res) => res.json(ENTCIVAGIARCH.rollout90 || [])); +app.get('/api/ent-civ-agi-arch/roadmap', (_req, res) => res.json(ENTCIVAGIARCH.roadmap || [])); +app.get('/api/ent-civ-agi-arch/evidence-pack', (_req, res) => res.json(ENTCIVAGIARCH.evidencePack || {})); +// ===================== END WP-049 ===================== + // SECTION 10: START SERVER // ══════════════════════════════════════════════════════════════════════════════ From eb63696cc14547529c17fbcf10f64d0aacb3110f Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 11:16:06 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- rag-agentic-dashboard/data/ent-civ-agi-arch.json | 2 +- rag-agentic-dashboard/public/ent-civ-agi-arch.html | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rag-agentic-dashboard/data/ent-civ-agi-arch.json b/rag-agentic-dashboard/data/ent-civ-agi-arch.json index 616a8514..aac0954d 100644 --- a/rag-agentic-dashboard/data/ent-civ-agi-arch.json +++ b/rag-agentic-dashboard/data/ent-civ-agi-arch.json @@ -2325,4 +2325,4 @@ "roadmapYears": 5, "apiRoutes": 100 } -} \ No newline at end of file +} diff --git a/rag-agentic-dashboard/public/ent-civ-agi-arch.html b/rag-agentic-dashboard/public/ent-civ-agi-arch.html index 51310082..fd169049 100644 --- a/rag-agentic-dashboard/public/ent-civ-agi-arch.html +++ b/rag-agentic-dashboard/public/ent-civ-agi-arch.html @@ -96,7 +96,7 @@

Consumers

Modules (14)

- +

M1 — Sentinel v2.4 + WorkflowAI Pro Platform Architecture

End-to-end platform topology integrating Sentinel v2.4 telemetry + Cognitive Resonance + kill-switch with WorkflowAI Pro multi-agent orchestration, exposed via FastAPI + Node.js inference proxies on zero-trust AWS/EKS, governed by OPA sidecars, observed by OpenTelemetry GenAI + Falco eBPF, and anchored to Kafka/MSK + S3 WORM with PQC envelopes.

@@ -418,4 +418,4 @@

Deployment Considerations

- \ No newline at end of file +