feat: add master roadmap and technical plan for sentinel ai governance dashboard

- Created `docs/sentinel-dashboard-master-plan.md` with a 4-phase implementation roadmap.
- Updated `docs/roadmap.md` with high-level summary and cross-links.
- Defined technical stack and feature prioritization matrix.
- Included compliance mapping for EU AI Act, DORA, and NIST.

Co-authored-by: OneFineStarstuff <87420139+OneFineStarstuff@users.noreply.github.com>

Author: google-labs-jules[bot]

docs/roadmap.md

@@ -0,0 +1,27 @@
+# Sentinel AI Governance Dashboard Roadmap (2026-2035)
+
+**Version**: 1.0
+**Last Updated**: 2026-06-15
+**Owner**: AI Governance Platform Engineering
+**Status**: Approved
+
+This document provides a high-level overview of the implementation phases for the Sentinel AI Governance Dashboard. For the detailed technical report plan and granular roadmap, please refer to the [Sentinel Dashboard Master Plan](./sentinel-dashboard-master-plan.md).
+
+## Phase 1: Foundation (Q3 2026)
+- **Focus**: Immutable evidence and access control.
+- **Key Features**: WORM Audit Logs, RBAC (OPA), Baseline Compliance Dashboard, Hardware Attestation (vTPM/TEE), Web Speech API.
+
+## Phase 2: Intelligence & Compliance (Q1 2027)
+- **Focus**: Real-time regulatory mapping and dependency visualization.
+- **Key Features**: Global Variable Map, EU AI Act/NIST/DORA mapping, OSCAL Export, Cognitive Attestation.
+
+## Phase 3: Assurance & Simulation (Q4 2027)
+- **Focus**: Proactive safety and privacy-preserving audit.
+- **Key Features**: EAIP Simulator, zk-SNARK (Groth16) Proofs, Workflow Recommendation Engine, Cryptographically Signed Reports.
+
+## Phase 4: AGI/ASI Maturity (Q1 2028+)
+- **Focus**: Global systemic risk and autonomous containment.
+- **Key Features**: Global Kill-Switch (OmegaActual), Council Charter Workflows, Existential Risk Scenarios, ICGC Ledger Anchoring.
+
+---
+*Note: This roadmap is integrated with the Sentinel AI Governance Stack v2.4 and aligns with G-SIFI prudential oversight requirements.*

docs/sentinel-dashboard-master-plan.md

@@ -0,0 +1,99 @@
+# Sentinel AI Governance Dashboard: Implementation Roadmap & Technical Report Plan (2026–2035)
+
+**Version**: 1.0
+**Last Updated**: 2026-06-15
+**Owner**: AI Governance Platform Engineering
+**Status**: Approved
+
+## 1. Executive Summary
+The **Sentinel AI Governance Dashboard** serves as the central command-and-control interface for Global Systemically Important Financial Institutions (G-SIFIs) to manage the lifecycle, safety, and regulatory compliance of enterprise AI and frontier AGI/ASI systems. This roadmap transitions from basic observability to autonomous, hardware-rooted containment and zero-knowledge evidence production.
+
+---
+
+## 2. Technical Stack Recommendation (React-Centric)
+
+### Frontend (High-Assurance UI)
+- **Framework**: React 19+ with Next.js (App Router) for high-performance SSR/ISR.
+- **Component Library**: Radix UI Primitives + Tailwind CSS (ensuring accessibility and design consistency).
+- **State Management**: TanStack Query (Server State) + Zustand (Client State).
+- **Visualization**: **Recharts** (operational telemetry) + **D3.js** (complex relationship maps, Global Variable Map, and causal lineage).
+- **Accessibility**: Web Speech API for voice-driven governance queries (e.g., hands-free audit station interaction) and WCAG 2.2 AA compliance.
+
+### Backend & Governance Plane
+- **Primary API**: FastAPI (Python) or Node.js (Deno/Express) for low-latency policy evaluation.
+- **Policy Engine**: Open Policy Agent (OPA) with Rego for real-time Admission Control.
+- **Audit Storage**: Kafka (Event Fabric) → S3 Object Lock (PQC-WORM) using the `pqc_worm_logger.py` utility (interface documented in Section 4.III).
+- **Privacy/ZK**: Circom & SnarkJS for Groth16 zk-SNARK proofs; TEE attestation (AMD SEV-SNP/Intel TDX).
+
+---
+
+## 3. Phased Implementation Roadmap
+
+### Phase 1: Foundation & WORM Audit (Q3 2026)
+*Target: Establish the "Single Source of Truth" for AI evidence.*
+- **WORM Audit Log Exports**: Immutable evidence storage and export for internal audit.
+- **RBAC Enforcement**: OPA-based Role-Based Access Control (Viewer, Auditor, Model Owner, Admin).
+- **ComplianceDashboard (v1)**: Baseline visualization of model inventory and simple status checks.
+- **Hardware Attestation UI**: Real-time TEE/vTPM status monitor (`PCR_MATCH=TRUE`).
+- **Web Speech API**: Initial hands-free UX for audit stations.
+
+### Phase 2: Intelligence & Compliance (Q1 2027)
+*Target: Real-time alignment with global regulatory regimes.*
+**Prerequisites**: Phase 1 Foundation.
+- **Global Variable Map**: Visualizing prompt/model variable dependencies across the enterprise.
+- **Regulatory Mapping**: Automated OSCAL mapping for **EU AI Act**, **DORA**, **GDPR**, and **NIST AI RMF**.
+- **OSCAL Export**: Machine-readable regulatory dossier assembly.
+- **Cognitive Attestation**: Initial implementation of "Intent vs. Output" monitoring (Cognitive Resonance).
+
+### Phase 3: Assurance & Simulation (Q4 2027)
+*Target: Proactive risk mitigation and privacy-preserving audit.*
+**Prerequisites**: Phase 1 WORM, Phase 2 Compliance.
+- **EAIP Simulator Tooling**: "Chaos Engineering" for AI agents; testing Enterprise AI Agent Interoperability Protocol (EAIP) constraints.
+- **Zero-Knowledge Proof Auditing**: Groth16 zk-SNARK proofs for G-SRI (Global Systemic Risk Index) thresholds.
+- **AI-Driven Workflow Recommendation Engine**: ML-powered suggestions for governed, safe workflow chains.
+- **Signed & PDF-Exported Reports**: Cryptographically signed technical documentation (Annex IV compliant).
+
+### Phase 4: AGI/ASI Maturity & Systemic Risk (Q1 2028+)
+*Target: Global alignment and autonomous containment.*
+**Prerequisites**: Phase 1-3 completion, TEE attestation, ZK-Compliance operational.
+- **Global Kill-Switch Workflows**: Hardware-rooted, multi-sig "OmegaActual" intervention protocol.
+- **AGI/ASI Safety Roles**: Integration of Council Charter and AI Safety Officer (ASO) workflows.
+- **Red Dawn Scenario Runner**: Simulation of existential risk scenarios and containment verification.
+- **International Governance Interface**: SIP v3.0 integration for ICGC ledger anchoring.
+
+---
+
+## 4. Technical Report Plan
+
+| Section | Description | Owner | Timeline | Audience |
+| :--- | :--- | :--- | :--- | :--- |
+| **I. UX Features** | WRE implementation via GNNs; D3.js Variable Mapping; Cognitive Attestation UX. | Product / Engineering | Q1 2027 | Internal / Audit |
+| **II. Monitoring** | Framework Crosswalk (OPA -> ISO 42001/NIST); Risk Pulse telemetry design. | Compliance / Risk | Q1 2027 | Regulator / Board |
+| **III. Cryptographic** | PQC-WORM (Kafka + ML-DSA-65); `pqc_worm_logger.py` interface; ZK-Circuits (Circom). | Security Eng | Q4 2027 | Auditor / Security |
+| **IV. EAIP & Policy** | In-dashboard OPA IDE; EAIP protocol adversarial simulation methodology. | Platform Eng | Q4 2027 | Engineering |
+| **V. AGI/ASI Safety** | Alignment Resonance ($C_{res}$) metrics; Council Charter workflows; X-Risk modeling. | AI Safety Council | Q1 2028 | Board / Regulator |
+
+---
+
+## 5. Feature Prioritization Matrix
+
+| Feature | Priority | Complexity | Phase |
+| :--- | :--- | :--- | :--- |
+| **WORM Audit Logs** | Critical | Medium | Phase 1 |
+| **RBAC (OPA)** | Critical | Low | Phase 1 |
+| **ComplianceDashboard** | High | Medium | Phase 1 |
+| **OSCAL Export** | High | Medium | Phase 2 |
+| **Cognitive Attestation** | High | Medium | Phase 2 |
+| **Global Kill-Switch** | High | High | Phase 4 |
+| **Red Dawn Runner** | High | High | Phase 4 |
+| **ZK-Proofs (Groth16)** | Medium | High | Phase 3 |
+| **Workflow Rec Engine** | Medium | High | Phase 3 |
+| **Signed PDF Reports** | Medium | Low | Phase 3 |
+| **Web Speech API** | Low | Low | Phase 1 |
+| **ICGC Anchoring** | Low | High | Phase 4 |
+
+---
+
+## 6. Definitions & References
+- **Alignment Resonance ($C_{res}$)**: A measure of the divergence between agent objective functions and the Enterprise AI Constitution. Defined in the `SENTINEL_ALIGNMENT_SPEC_V2.md`.
+- **pqc_worm_logger.py**: Internal utility for signing events using CRYSTALS-Dilithium before commit to Kafka.