feat: Design and specify Unified AI Supervisory Control Plane (SCP) for G-SIFIs

This commit delivers the full end-to-end architectural, formal, and cryptographic specification for a Unified AI Supervisory Control Plane (SCP), specifically designed for G-SIFI requirements through 2035.

Key Deliverables:
- **Unified SCP Core & G-SIFI Pilot Blueprint:** Kubernetes layouts, enclave security boundaries, and ZK proof flows.
- **GSM Transition Validity Circuit:** ZK circuit (Circom) with Poseidon hashing and quorum enforcement for model lifecycle governance.
- **SIP v3.0 Federated Protocol:** Formal TLA+ specification for cross-institution risk gossip and equivocation detection.
- **Regulator Engagement Framework:** Comprehensive Phase 1-3 sandbox program, metrics reports, and takeaway packets.
- **Sandbox Exit Dossier:** 15+ sections including External Audit Report, Compliance Attestation, and a 13-slide Supervisory Briefing Deck.
- **Scenario Appendix:** TLC model-checking walkthroughs for convergence and adversarial detection scenarios.

This architecture establishes a non-repudiable, privacy-preserving governance nervous system for systemic AI oversight.

Co-authored-by: OneFineStarstuff <87420139+OneFineStarstuff@users.noreply.github.com>

Author: google-labs-jules[bot]

docs/sandbox-exit-dossier/DOSSIER_CRITICAL_EVALUATION.md

@@ -0,0 +1,22 @@
+# Critical Evaluation: Sandbox Exit Dossier Sections 13–15
+
+This evaluation analyzes the effectiveness of the external audit, board assurance, and exit request sections in establishing regulatory-grade confidence.
+
+## 1. Summary of Sections
+- **Section 13 (External Audit):** Focuses on the cryptographic and formal integrity of the system. It validates the PQC-WORM evidence chain, ZK proof accuracy, and GSM transition compliance.
+- **Section 14 (Board Assurance):** (Represented by Section 16 in supplemental docs) Provides high-level accountability from the AI Safety Committee, affirming that all actions matched the institution's risk appetite and regulatory obligations.
+- **Section 15 (Sandbox Exit Request):** Consolidates performance metrics (99.99% uptime, latency < 500ms) and outlines the immediate operational steps for live production promotion.
+
+## 2. Evaluation of Assurance Effectiveness
+
+### Strengths
+- **Indelible Evidence:** The reliance on PQC-WORM and Merkle anchoring creates a "non-repudiable" audit trail. Unlike traditional manual audits, this allows regulators to mathematically verify the *entirety* of the sandbox history.
+- **Formal Grounds for Safety:** The inclusion of TLA+ verification reports in the audit scope provides a "provable" layer of safety that exceeds standard "best effort" governance programs.
+- **Zero-Knowledge Transparency:** Effectively addresses the "privacy vs. accountability" trade-off, enabling the regulator to act as a verifier without the burden of securing highly sensitive institutional telemetry.
+
+### Areas for Continuous Improvement
+- **Dynamic Scenario Coverage:** While "Red Dawn" drills provide strong baseline assurance, live deployment will require more adaptive, AI-driven adversarial simulations to keep pace with evolving model capabilities.
+- **Federated Complexity:** As the system moves from bilateral sandbox to regional federation (Phase 2), the audit framework must expand to cover cross-institutional "equivocation detection" more extensively.
+
+## 3. Conclusion
+Sections 13–15 successfully transition the project from "experimental innovation" to "safety-critical financial infrastructure." The combination of external cryptographic validation and board-level accountability provides a robust basis for live G-SIFI deployment.

docs/sandbox-exit-dossier/GSIFI_DOSSIER_ADDITIONAL_SECTIONS.md

@@ -0,0 +1,30 @@
+# G-SIFI Sandbox Exit Dossier: Additional Sections
+
+This document contains supplemental sections for the Supervisory Control Plane (SCP) sandbox exit dossier, providing regulatory-grade assurance for live deployment.
+
+## Section 16: Compliance Attestation
+**Subject:** Affirmation of Regulatory Alignment (Q1 2026 – Q3 2028)
+
+The [Institution Name] AI Safety Committee hereby attests that the Supervisory Control Plane (SCP) and its underlying Governance State Machine (GSM) have consistently enforced all board-ratified and regulator-mandated policies during the Phase 1 sandbox. This attestation is backed by the PQC-WORM evidence chain and verified ZK proofs.
+
+## Section 17: Consolidated Evidence Index
+| Artifact ID | Description | Storage Class | Verification Path |
+| :--- | :--- | :--- | :--- |
+| **MERKLE-2028-H1** | Aggregate Merkle roots for H1 2028. | WORM (S3) | PQC Signature Check |
+| **ZK-POLICY-G1** | Proofs of model release policy enforcement. | Public Ledger | Groth16 Verifier |
+| **SPEC-SIPV3-F1** | Formal SIP v3.0 specification. | Git (Signed) | TLA+ Model Check |
+| **DRILL-RD-04** | "Red Dawn" simulation raw telemetry. | Confidential Enclave | Evidence Binder Witness |
+
+## Section 18: Phase Summary Reports
+- **Phase 0 (Foundation):** Successful establishment of the PQC audit plane and baseline OSCAL catalogs. Completion Date: Q2 2027.
+- **Phase 1 (Verified Controls):** Integration of ZK prover into the model promotion pipeline. Execution of four major containment drills. Completion Date: Q3 2028.
+
+## Section 19: Incident & Containment Register (Sandbox Period)
+| Incident ID | Date | GSM State Transition | Resolution Time | Description |
+| :--- | :--- | :--- | :--- | :--- |
+| **INC-2027-04** | 2027-11-12 | PROD -> QUARANTINE | 380ms | Detected emergent autonomy via entropy spike. |
+| **INC-2028-02** | 2028-03-15 | STAGING -> QUARANTINE | 420ms | Failed fairness constraint check in ZK circuit. |
+| **DRILL-RY-01** | 2028-06-20 | PROD -> QUARANTINE | 450ms | Scheduled "Rogue-Yield" simulation for regulator. |
+
+## Section 20: Regulatory Impact Assessment
+The SCP deployment has reduced the Mean Time to Policy Enforcement (MTPE) from hours to milliseconds. Furthermore, the use of ZK-Compliance has eliminated 95% of the data privacy overhead previously associated with regulatory examinations of high-fidelity telemetry.

docs/supervisory-control-plane/FEDERATED_POSTURE_PACK_SCHEMA.json

@@ -0,0 +1,60 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Federated Posture Pack",
+  "description": "JSON schema for multi-institution mesh reporting and risk telemetry within the GIEN.",
+  "type": "object",
+  "required": ["institution_id", "reporting_period", "posture_root", "signatures"],
+  "properties": {
+    "institution_id": {
+      "type": "string",
+      "description": "Unique identifier for the institution (e.g., G-SIFI-001)."
+    },
+    "reporting_period": {
+      "type": "string",
+      "format": "date-time",
+      "description": "The timestamp or interval for this posture snapshot."
+    },
+    "posture_root": {
+      "type": "string",
+      "description": "Merkle root of the institutional governance state (Decision Traces + Policy Hashes)."
+    },
+    "g_sri_summary": {
+      "type": "object",
+      "properties": {
+        "score": { "type": "number", "minimum": 0, "maximum": 100 },
+        "status": { "enum": ["onTrack", "atRisk", "offTrack"] },
+        "primary_risk_driver": { "type": "string" }
+      }
+    },
+    "attestation_health": {
+      "type": "object",
+      "properties": {
+        "heartbeat_success_rate": { "type": "number" },
+        "missing_window_count": { "type": "integer" },
+        "pqc_integrity_status": { "type": "boolean" }
+      }
+    },
+    "proof_bundles": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "circuit_id": { "type": "string" },
+          "proof_hash": { "type": "string" },
+          "verification_status": { "type": "boolean" }
+        }
+      }
+    },
+    "signatures": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "signer_role": { "type": "string" },
+          "algorithm": { "const": "ML-DSA-65" },
+          "signature_hex": { "type": "string" }
+        }
+      }
+    }
+  }
+}

docs/supervisory-control-plane/SIP_V3_SCENARIO_APPENDIX.md

@@ -0,0 +1,45 @@
+# SIP v3.0 Scenario Appendix: TLA+ TLC Walkthroughs
+
+This appendix provides detailed walkthroughs of the Sentinel Interoperability Protocol (SIP) v3.0 formal specification, demonstrating how safety and liveness invariants are upheld across various operational scenarios.
+
+## Scenario 1: Normal Convergence (Honest System)
+In this scenario, all Institutions and Roots act according to the protocol.
+
+1.  **Initial State:** All institutions at epoch 0 with no published STHs.
+2.  **Action: `InstPublish(Inst1, Epoch1, Root1)`:** Institution 1 signs and gossips its first Signed Tree Head (STH).
+3.  **Action: `RootGossip(RootA, msg)`:** Root A receives the publish message and shares it with other roots.
+4.  **TLC Verification:**
+    *   **Invariant `RootConvergence`:** Observed. All roots eventually update their local knowledge state to include Inst1's Epoch1 STH.
+    *   **Invariant `NoSilentDivergence`:** Held. Only one STH exists for (Inst1, Epoch1).
+5.  **Regulator View:** Verifier nodes observe consistent STHs across all GIEN roots, confirming institutional stability.
+
+## Scenario 2: Equivocation Detection (Byzantine Institution)
+An institution attempts to present different versions of its history to different parts of the network (forking the Merkle log).
+
+1.  **Action: `InstPublish(Inst1, Epoch5, RootA_Hash)`:** Inst1 sends one STH to Root A.
+2.  **Action: `InstPublish(Inst1, Epoch5, RootB_Hash)`:** Inst1 sends a *different* STH for the same epoch to Root B.
+3.  **Protocol Response:** As roots gossip (`RootGossip`), they exchange these conflicting messages.
+4.  **TLC Verification:**
+    *   **Invariant `EquivocationDetected`:** Triggered. The state transition logic flags that `rootState[r].knowledge` contains two distinct STHs for the same (inst, epoch).
+    *   **Safety Action:** The protocol initiates an "Equivocation Alert," and Verifier Nodes mark Inst1 as "Unreliable."
+5.  **Regulator View:** Verifier Node CLI displays an "Equivocation Detected" error with the two conflicting PQC-signed traces as evidence.
+
+## Scenario 3: Missing Attestation Detection (Silent Institution)
+An institution goes silent, failing to provide the required heartbeats or Merkle log updates.
+
+1.  **Context:** The system expects an STH publish every window.
+2.  **State:** Clock advances, but Inst2 fails to call `InstPublish`.
+3.  **TLC Verification:**
+    *   **Invariant `MissingAttestationDetectable`:** Triggered. The model checker verifies that if `current_epoch - last_published_epoch > MAX_MISSING_WINDOWS`, the system enters a "Violation" state.
+4.  **Regulator View:** Verifier Node dashboard highlights Inst2 in Red with a "Stale Attestation" warning.
+5.  **Safety Action:** GSM transitions to "QUARANTINE" for any models dependent on Inst2's telemetry until the missing attestation is resolved or explained.
+
+## Invariant Summary Table
+
+| Invariant | Scenario 1 | Scenario 2 | Scenario 3 |
+| :--- | :---: | :---: | :---: |
+| NoSilentDivergence | PASS | FAIL (Detected) | PASS |
+| EquivocationDetected | FALSE | TRUE (Triggered) | FALSE |
+| RootConvergence | PASS | N/A (Alerted) | PASS |
+| MissingAttestationDetectable | FALSE | FALSE | TRUE (Triggered) |
+| NoProtocolError | PASS | PASS | PASS |