feat: add sentinel governance dashboard & cockpit roadmap v1.2.0

- Deliver `docs/sentinel-dashboard-master-plan.md` with IMPLEMENTATION ARCHITECTURE and TASK BREAKDOWN.
- Include Gemini API security intelligence, offline-ready service workers, and G-SRI drift simulators.
- Map controls to EU AI Act, DORA, and NIST using OSCAL 1.1.2.
- Adhere to Standard JS style and resolve CI duplication checks in `backend/`.
- Synchronize Netlify security configuration across the repository.

Co-authored-by: OneFineStarstuff <87420139+OneFineStarstuff@users.noreply.github.com>

Author: google-labs-jules[bot]

docs/roadmap.md

@@ -1,27 +1,27 @@
 # Sentinel AI Governance Dashboard Roadmap (2026-2035)
 
-**Version**: 1.1
+**Version**: 1.2
 **Last Updated**: 2026-06-15
 **Owner**: AI Governance Platform Engineering
 **Status**: Approved
 
-This document provides a high-level overview of the implementation phases for the Sentinel AI Governance Dashboard. For the detailed technical report plan and granular roadmap, please refer to the [Sentinel Dashboard Master Plan](./sentinel-dashboard-master-plan.md).
+Implementation phases for the Sentinel AI Governance Dashboard and Omni-Sentinel Cockpit. For detailed architecture, see the [Sentinel Dashboard Master Plan](./sentinel-dashboard-master-plan.md).
 
 ## Phase 1: Foundation (Q3 2026)
-- **Focus**: Immutable evidence and access control.
-- **Key Features**: WORM Audit Logs, RBAC (OPA), Baseline Compliance Dashboard, Hardware Attestation (vTPM/TEE), Web Speech API.
+- **Focus**: Immutable evidence, access control, and cockpit baseline.
+- **Key Features**: WORM Audit Logs, RBAC (OPA), Hardware Attestation, Offline-Ready Service Workers.
 
 ## Phase 2: Intelligence & Compliance (Q1 2027)
-- **Focus**: Real-time regulatory mapping and dependency visualization.
-- **Key Features**: Global Variable Map, EU AI Act/NIST/DORA mapping, OSCAL Export, Cognitive Attestation.
+- **Focus**: Gemini-driven security reasoning and regulatory mapping.
+- **Key Features**: Gemini Security Intelligence, OSCAL 1.1.2 Mapping, Prompt Template Management, Global Variable Map.
 
 ## Phase 3: Assurance & Simulation (Q4 2027)
-- **Focus**: Proactive safety and privacy-preserving audit.
-- **Key Features**: EAIP Simulator, zk-SNARK (Groth16) Proofs, Workflow Recommendation Engine, Cryptographically Signed Reports.
+- **Focus**: Proactive drift simulation and privacy-preserving audit.
+- **Key Features**: G-SRI Drift Simulators, zk-SNARK (Groth16) Proofs, Audit Report Generation, EAIP Simulator.
 
 ## Phase 4: AGI/ASI Maturity (Q1 2028+)
 - **Focus**: Global systemic risk and autonomous containment.
-- **Key Features**: Global Kill-Switch (OmegaActual), Council Charter Workflows, Existential Risk Scenarios, ICGC Ledger Anchoring.
+- **Key Features**: Global Kill-Switch (OmegaActual), Council Charter Workflows, International Governance Interface.
 
 ---
-*Note: This roadmap is integrated with the Sentinel AI Governance Stack v2.4 and aligns with G-SIFI prudential oversight requirements.*
+*Note: Aligned with G-SIFI prudential oversight and Sentinel AI Governance Stack v2.4.*

docs/sentinel-dashboard-master-plan.md

@@ -1,107 +1,91 @@
-# Sentinel AI Governance Dashboard: Implementation Roadmap & Technical Report Plan (2026–2035)
+# Sentinel AI Governance Dashboard & Omni-Sentinel Cockpit: Implementation roadmap & Technical Report Plan (2026–2035)
 
-**Version**: 1.1
+**Version**: 1.2
 **Last Updated**: 2026-06-15
 **Owner**: AI Governance Platform Engineering
 **Status**: Approved
 
 ## 1. Executive Summary
-The **Sentinel AI Governance Dashboard** serves as the central command-and-control interface for Global Systemically Important Financial Institutions (G-SIFIs) to manage the lifecycle, safety, and regulatory compliance of enterprise AI and frontier AGI/ASI systems. This roadmap transitions from basic observability to autonomous, hardware-rooted containment and zero-knowledge evidence production.
+The **Sentinel AI Governance Dashboard** and **Omni-Sentinel Governance Cockpit** serve as the dual-mode command-and-control interface for G-SIFIs. The Dashboard provides high-level executive and regulatory visibility, while the Cockpit offers real-time operational intervention (Kill-Switches, Drift Mitigation) for AGI/ASI ecosystems. This roadmap integrates hardware-rooted safety, Gemini-driven intelligence, and OSCAL 1.1.2 compliance-as-code.
 
 ---
 
 ## 2. Technical Stack Recommendation (React-Centric)
 
 ### Frontend (High-Assurance UI)
-- **Framework**: React 19+ with Next.js (App Router) for high-performance SSR/ISR.
-- **Component Library**: Radix UI Primitives + Tailwind CSS (ensuring accessibility and design consistency).
-- **State Management**: TanStack Query (Server State) + Zustand (Client State).
-- **Visualization**: **Recharts** (operational telemetry) + **D3.js** (complex relationship maps, Global Variable Map, and causal lineage).
-- **Accessibility**: Web Speech API for voice-driven governance queries and WCAG 2.2 AA compliance.
+- **Framework**: React 19+ with Next.js (App Router) for SSR/ISR.
+- **Service Workers**: Workbox-powered **Offline-Ready Service Workers** for critical cockpit functionality during network partition.
+- **Component Library**: Radix UI + Tailwind CSS (AIGOV-05 compliant accessibility).
+- **State Management**: TanStack Query + Zustand (with persistence for offline state).
+- **Visualization**: **Recharts** (high-frequency telemetry) + **D3.js** (Global Variable Map, causal lineage, and topological MoE maps).
+- **Accessibility**: Web Speech API for voice-driven audit queries and hands-free cockpit commands.
 
 ### Backend & Governance Plane
-- **Primary API**: FastAPI (Python) or Node.js (Deno/Express) for low-latency policy evaluation.
-- **Policy Engine**: Open Policy Agent (OPA) with Rego for real-time Admission Control.
-- **Audit Storage**: Kafka (Event Fabric) → S3 Object Lock (PQC-WORM) using `pqc_worm_logger.py`.
-- **Privacy/ZK**: Circom & SnarkJS for Groth16 zk-SNARK proofs; TEE attestation (AMD SEV-SNP/Intel TDX).
+- **Primary API**: FastAPI (Python) with **Gemini API** integration for automated security intelligence and threat reasoning.
+- **Policy Engine**: OPA (Rego) + TLA+ runtime monitors.
+- **Audit Storage**: Kafka → S3 Object Lock (PQC-WORM) via `pqc_worm_logger.py`.
+- **Privacy/ZK**: Circom/SnarkJS (Groth16) for systemic risk proof production.
 
 ---
 
 ## 3. Phased Implementation Roadmap
 
-### Phase 1: Foundation & WORM Audit (Q3 2026)
-*Target: Establish the "Single Source of Truth" for AI evidence.*
-- **WORM Audit Log Exports**: Immutable evidence storage and export for internal audit.
-- **RBAC Enforcement**: OPA-based Role-Based Access Control (Viewer, Auditor, Model Owner, Admin).
-- **ComplianceDashboard (v1)**: Baseline visualization of model inventory and simple status checks.
-- **Hardware Attestation UI**: Real-time TEE/vTPM status monitor (`PCR_MATCH=TRUE`).
-- **Web Speech API**: Initial hands-free UX for audit stations.
-
-### Phase 2: Intelligence & Compliance (Q1 2027)
-*Target: Real-time alignment with global regulatory regimes.*
-**Prerequisites**: Phase 1 Foundation.
-- **Global Variable Map**: Visualizing prompt/model variable dependencies across the enterprise.
-- **Regulatory Mapping**: Automated OSCAL mapping for **EU AI Act**, **DORA**, **GDPR**, and **NIST AI RMF**.
-- **OSCAL Export**: Machine-readable regulatory dossier assembly.
-- **Cognitive Attestation**: Initial implementation of "Intent vs. Output" monitoring (Cognitive Resonance).
-
-### Phase 3: Assurance & Simulation (Q4 2027)
-*Target: Proactive risk mitigation and privacy-preserving audit.*
-**Prerequisites**: Phase 1 WORM, Phase 2 Compliance.
-- **EAIP Simulator Tooling**: "Chaos Engineering" for AI agents; testing Enterprise AI Agent Interoperability Protocol (EAIP) constraints.
-- **Zero-Knowledge Proof Auditing**: Groth16 zk-SNARK proofs for G-SRI (Global Systemic Risk Index) thresholds.
-- **AI-Driven Workflow Recommendation Engine**: ML-powered suggestions for governed, safe workflow chains.
-- **Signed & PDF-Exported Reports**: Cryptographically signed technical documentation (Annex IV compliant).
-
-### Phase 4: AGI/ASI Maturity & Systemic Risk (Q1 2028+)
-*Target: Global alignment and autonomous containment.*
-**Prerequisites**: Phase 1-3 completion, TEE attestation, ZK-Compliance operational.
-- **Global Kill-Switch Workflows**: Hardware-rooted, multi-sig "OmegaActual" intervention protocol.
-- **AGI/ASI Safety Roles**: Integration of Council Charter and AI Safety Officer (ASO) workflows.
-- **Red Dawn Scenario Runner**: Simulation of existential risk scenarios and containment verification.
-- **International Governance Interface**: SIP v3.0 integration for ICGC ledger anchoring.
+### Phase 1: Foundation, WORM Audit & Cockpit Baseline (Q3 2026)
+- **WORM Audit logs**: Immutable evidence chain with ML-DSA-65 signatures.
+- **Omni-Sentinel Cockpit (v1)**: Real-time "Kill-Switch" UI and hardware attestation (`PCR_MATCH=TRUE`).
+- **RBAC Enforcement**: OPA-based identity gates for Auditor/Admin/Operator roles.
+- **Offline-First Scaffolding**: Service worker implementation for core safety controls.
+
+### Phase 2: Intelligence, Compliance & Template Management (Q1 2027)
+- **Gemini Security Intelligence**: LLM-driven reasoning for automated incident classification and threat analysis.
+- **OSCAL 1.1.2 Mapping**: Automated alignment with EU AI Act, DORA, and NIST AI RMF via OSCAL machine-readable catalogs.
+- **Prompt Template Management**: Governed library for enterprise prompt engineering with versioning and safety scoring.
+- **Global Variable Map**: D3.js visualization of cross-agent variable dependencies.
+
+### Phase 3: Assurance, Drift Simulation & ZK-Compliance (Q4 2027)
+- **G-SRI Drift Simulators**: "Red Dawn" chaos engineering tool to simulate systemic risk index drift and verify MTTC.
+- **Zero-Knowledge Proof Auditing**: Groth16 proofs for privacy-preserving regulatory attestations.
+- **Audit Report Factory**: One-click assembly of cryptographically signed, PDF-exported Annex IV dossiers.
+- **EAIP Simulator**: Stress-testing Enterprise AI Agent Interoperability Protocol (EAIP) mesh robustness.
+
+### Phase 4: AGI/ASI Maturity & Autonomous Containment (Q1 2028+)
+- **Global Kill-Switch (OmegaActual)**: Decentralized multi-sig hardware intervention.
+- **Council Charter Workflows**: Digital twin of the AI Safety Council oversight logic.
+- **International Governance Interface**: SIP v3.0 ledger anchoring with ICGC.
 
 ---
 
-## 4. Technical Report Plan
+## 4. Implementation Architecture & Task Breakdown
 
-| Section | Description | Owner | Timeline | Audience |
+### I. Governance Cockpit Architecture
+- **Layer 1: The Execution Plane**: Confidential enclaves (AMD SEV-SNP) running Omni-Sentinel sidecars.
+- **Layer 2: The Logic Plane**: OPA/Rego decisions for every inter-agent call (EAIP).
+- **Layer 3: The Interaction Plane**: React 19 dashboard with offline-ready service workers.
+
+### II. Task Breakdown (Detailed)
+
+| Task ID | Component | Description | Phase | Owner |
 | :--- | :--- | :--- | :--- | :--- |
-| **I. UX Features** | WRE implementation via GNNs; D3.js Variable Mapping; Cognitive Attestation UX. | Product / Engineering | Q1 2027 | Internal / Audit |
-| **II. Monitoring** | Framework Crosswalk (OPA -> ISO 42001/NIST); Risk Pulse telemetry design. | Compliance / Risk | Q1 2027 | Regulator / Board |
-| **III. Cryptographic** | PQC-WORM (Kafka + ML-DSA-65); `pqc_worm_logger.py` interface; ZK-Circuits (Circom). | Security Eng | Q4 2027 | Auditor / Security |
-| **IV. EAIP & Policy** | In-dashboard OPA IDE; EAIP protocol adversarial simulation methodology. | Platform Eng | Q4 2027 | Engineering |
-| **V. AGI/ASI Safety** | Alignment Resonance ($C_{res}$) metrics; Council Charter workflows; X-Risk modeling. | AI Safety Council | Q1 2028 | Board / Regulator |
+| GOV-001 | WORM Logic | Integrate `pqc_worm_logger.py` with Kafka event stream. | 1 | Security |
+| GOV-002 | CSP Config | Implement strict nonce-based CSP in Next.js for dashboard security. | 1 | Frontend |
+| GOV-003 | OSCAL Map | Create Rego-to-OSCAL 1.1.2 mapping matrix for EU AI Act Annex IV. | 2 | Compliance |
+| GOV-004 | Gemini-SI | Deploy FastAPI agent to query Gemini for real-time risk reasoning. | 2 | AI Research |
+| GOV-005 | Drift Sim | Build D3-based G-SRI drift simulation engine. | 3 | Platform |
+| GOV-006 | ZK-Circuit | Develop Circom circuits for "Fairness" and "Privacy" proofs. | 3 | Cryptography |
 
 ---
 
-## 5. Feature Prioritization Matrix
-
-| Feature | Priority | Complexity | Phase |
-| :--- | :--- | :--- | :--- |
-| **WORM Audit Logs** | Critical | Medium | Phase 1 |
-| **RBAC (OPA)** | Critical | Low | Phase 1 |
-| **ComplianceDashboard** | High | Medium | Phase 1 |
-| **OSCAL Export** | High | Medium | Phase 2 |
-| **Cognitive Attestation** | High | Medium | Phase 2 |
-| **Global Kill-Switch** | High | High | Phase 4 |
-| **Red Dawn Runner** | High | High | Phase 4 |
-| **ZK-Proofs (Groth16)** | Medium | High | Phase 3 |
-| **Workflow Rec Engine** | Medium | High | Phase 3 |
-| **Signed PDF Reports** | Medium | Low | Phase 3 |
-| **Web Speech API** | Low | Low | Phase 1 |
-| **ICGC Anchoring** | Low | High | Phase 4 |
+## 5. Technical Report Plan
 
----
+- **I. Advanced UX Architecture**: Service worker partitioning for offline cockpit resilience; D3.js topological mapping of MoE swarms.
+- **II. Regulatory Engineering**: OSCAL 1.1.2 catalog structure; mapping OPA admission rules to ISO 42001 control domains.
+- **III. Cryptographic Audit**: WORM plane integrity verification; Groth16 systemic risk proof generation.
+- **IV. AGI Safety Protocol**: "OmegaActual" TLA+ specification; Alignment Resonance ($C_{res}$) metric derivation.
 
-## 6. Definitions & References
+---
 
-### StaR-MoE / SAME Stability Thresholds
-Dashboard monitors must alert upon breach of the following systemic invariants:
+## 6. Definitions & Systemic Thresholds
 - **Alignment Resonance ($C_{res}$)**: ≥ 0.85
 - **Shannon Routing Entropy ($H_{sh}$)**: ≥ 2.5
-- **Ingress Token Entropy Density ($H_{token}$)**: ≤ 4.8
-- **Demographic Parity Gap ($DP_{gap}$)**: < 0.05
-
-### Internal Utilities
-- **pqc_worm_logger.py**: Internal utility for signing events using CRYSTALS-Dilithium before commit to Kafka.
+- **G-SRI (Global Systemic Risk Index)**: Alerts at > 85.0
+- **OSCAL (NIST 800-53)**: Open Security Controls Assessment Language (v1.1.2).