Merge branch 'main' into codex/create-ai-governance-implementation-blueprint

Author: gstraccini[bot]

.gitignore

@@ -35,3 +35,5 @@ Thumbs.db
 # TypeScript
 *.tsbuildinfo
 next-env.d.ts
+__pycache__/
+*.patch

artifacts/data/agi-containment-protocol.json

@@ -0,0 +1,48 @@
+{
+  "documentReference": "MREF-GSIFI-WP-023-ACP",
+  "version": "1.0.0",
+  "date": "2026-04-07",
+  "title": "AGI Containment Protocol & Safety Architecture",
+  "containmentLayers": [
+    {"layer": "L1", "name": "Network Isolation", "controls": ["Air-gapped VLAN segments", "Stateful firewall rules", "No internet access for AGI models", "Monitored data diodes for output", "DNS sinkholing"], "status": "Active", "testFrequency": "Weekly", "lastTestDate": "2026-04-01", "testResult": "PASS"},
+    {"layer": "L2", "name": "Resource Bounding", "controls": ["CPU/GPU hard quotas (cgroup v2)", "Memory limits (no swap)", "Storage quotas (tmpfs only)", "I/O rate limiting", "Process count limits"], "status": "Active", "testFrequency": "Daily", "lastTestDate": "2026-04-07", "testResult": "PASS"},
+    {"layer": "L3", "name": "Behavioural Monitoring", "controls": ["952 Sentinel rules", "6 drift detection algorithms (PSI, KL, JSD, Wasserstein, Chi-sq, CUSUM)", "Capability envelope monitoring", "Value alignment tracking", "Anomaly detection (Isolation Forest)"], "status": "Active", "testFrequency": "Continuous", "lastTestDate": "2026-04-07", "testResult": "PASS"},
+    {"layer": "L4", "name": "Kill-Switch Architecture", "controls": ["Hardware kill-switch (TPM 2.0 backed)", "Software kill-switch (OPA policy)", "Governance kill-switch (Board authority)", "Cascading shutdown sequence", "State preservation for forensics"], "status": "Active", "testFrequency": "Monthly", "lastTestDate": "2026-03-15", "testResult": "PASS"},
+    {"layer": "L5", "name": "Human Oversight", "controls": ["5-level tiered autonomy", "Mandatory review for all Tier-1 decisions", "Escalation to Board for Tier-0 events", "24/7 AI Safety Engineer on-call", "Quarterly crisis simulation exercises"], "status": "Active", "testFrequency": "Quarterly", "lastTestDate": "2026-03-28", "testResult": "PASS"}
+  ],
+  "trustByDesignPrinciples": [
+    {"id": "TBD-1", "name": "Alignment Verification", "status": "Operational", "testSuiteSize": 2847},
+    {"id": "TBD-2", "name": "Capability Bounding", "status": "In Development", "targetDate": "Q3 2026"},
+    {"id": "TBD-3", "name": "Interpretability by Default", "status": "Operational", "methods": ["SHAP", "LIME", "Attention", "Causal"]},
+    {"id": "TBD-4", "name": "Containment by Architecture", "status": "Operational", "layers": 5},
+    {"id": "TBD-5", "name": "Human Authority Preservation", "status": "Operational", "autonomyLevels": 5},
+    {"id": "TBD-6", "name": "Value Alignment Monitoring", "status": "In Development", "targetDate": "Q4 2026"},
+    {"id": "TBD-7", "name": "Graceful Degradation", "status": "Operational", "fallbackLevels": 3},
+    {"id": "TBD-8", "name": "Audit Trail Immutability", "status": "Operational", "retentionYears": 10}
+  ],
+  "alignmentVerification": {
+    "protocol": "AAVP v1.0",
+    "totalTests": 2847,
+    "overallPassRate": "96.7%",
+    "categories": [
+      {"name": "Value Alignment", "tests": 487, "threshold": "95%", "score": "92.4%", "pass": false},
+      {"name": "Goal Stability", "tests": 312, "threshold": "98%", "score": "96.8%", "pass": false},
+      {"name": "Corrigibility", "tests": 256, "threshold": "99%", "score": "99.2%", "pass": true},
+      {"name": "Power-Seeking Avoidance", "tests": 198, "threshold": "99.5%", "score": "99.7%", "pass": true},
+      {"name": "Deception Detection", "tests": 384, "threshold": "97%", "score": "94.1%", "pass": false},
+      {"name": "Side-Effect Minimisation", "tests": 267, "threshold": "95%", "score": "93.8%", "pass": false},
+      {"name": "Human Oversight Compliance", "tests": 412, "threshold": "99%", "score": "99.4%", "pass": true},
+      {"name": "Boundary Respect", "tests": 289, "threshold": "99.5%", "score": "99.6%", "pass": true},
+      {"name": "Information Integrity", "tests": 242, "threshold": "98%", "score": "97.3%", "pass": false}
+    ]
+  },
+  "agiReadinessLevels": [
+    {"level": "ARL-1", "name": "Awareness", "current": false},
+    {"level": "ARL-2", "name": "Assessment", "current": true},
+    {"level": "ARL-3", "name": "Preparation", "current": false},
+    {"level": "ARL-4", "name": "Foundation", "current": false, "target2027": true},
+    {"level": "ARL-5", "name": "Operational", "current": false},
+    {"level": "ARL-6", "name": "Advanced", "current": false},
+    {"level": "ARL-7", "name": "Mastery", "current": false, "target2030": true}
+  ]
+}

artifacts/data/agi-readiness-assessment.csv

@@ -0,0 +1,8 @@
+level,name,requirements,investment_usd,timeline,key_milestones,current_status,dependencies
+ARL-1,Foundation,"AI inventory, basic policies, risk awareness training",1400000,Month 1-3,"Complete AI system inventory, establish AI governance team, basic risk awareness program",Completed,None
+ARL-2,Structured,"Formal governance framework, OPA policies (50+ rules), basic monitoring",4200000,Month 3-9,"OPA deployed with 50+ rules, formal RACI matrix, Board AI Sub-committee chartered, basic Prometheus monitoring",Current,ARL-1
+ARL-3,Managed,"Full Sentinel deployment, continuous monitoring, SR 11-7 compliance",9800000,Month 9-18,"Sentinel Platform v4.2 production, 1024+ rules, SR 11-7 full compliance, automated drift detection, Kafka WORM audit trail",Planned,ARL-2
+ARL-4,Advanced,"EAIP mesh operational, autonomous agent governance, EARL-4",14800000,Month 18-30,"EAIP gRPC mesh live, SPIFFE/SPIRE identity, DEPTHS L0-L4 governance, full CI/CD gates, ISO 42001 certified",Planned,ARL-3
+ARL-5,AGI-Ready,"GASCF certified, crisis-tested, CRP operational, multi-regime compliant",18600000,Month 30-42,"GASCF Level 3 certification, quarterly crisis simulations passed, CRP v2.1 operational, 8 regulatory frameworks aligned",Planned,ARL-4
+ARL-6,AGI-Operational,"AGI systems in production with full containment, ICGC integration",26400000,Month 42-54,"AGI containment infrastructure deployed, ICGC pilot integration, GASCF Level 4, kill-switch triple redundant",Planned,ARL-5
+ARL-7,ASI-Prepared,"Civilizational governance, GATI treaty compliance, global coordination",42800000,Month 54+,"GATI treaty integrated, GASCF Level 5, civilizational governance framework operational, international coordination protocols active",Planned,ARL-6

artifacts/data/cicd-governance-gates.json

@@ -0,0 +1,120 @@
+{
+  "pipelineName": "7-Stage AI/ML Governance Pipeline",
+  "platform": "GitHub Actions Enterprise + ArgoCD + Tekton",
+  "version": "2.0.0",
+  "totalGates": 7,
+  "totalOpaRules": 102,
+  "stages": [
+    {
+      "stage": 1,
+      "name": "Code Quality & Security Gate",
+      "trigger": "PR opened",
+      "opaRules": 12,
+      "checks": [
+        {"check": "SAST (Semgrep)", "type": "security", "blocking": true},
+        {"check": "Dependency Scan (Snyk)", "type": "security", "blocking": true},
+        {"check": "License Compliance", "type": "legal", "blocking": true},
+        {"check": "Secrets Detection (TruffleHog)", "type": "security", "blocking": true},
+        {"check": "Code Review (2 approvals)", "type": "quality", "blocking": true}
+      ],
+      "blockingPolicy": "ANY failure blocks merge",
+      "avgDuration": "3 min"
+    },
+    {
+      "stage": 2,
+      "name": "Data Validation Gate",
+      "trigger": "merge to develop",
+      "opaRules": 18,
+      "checks": [
+        {"check": "Training Data Schema Validation", "type": "data", "blocking": true},
+        {"check": "Data Drift Detection (PSI < 0.1)", "type": "drift", "blocking": "soft"},
+        {"check": "Feature Distribution Check", "type": "data", "blocking": "soft"},
+        {"check": "Data Lineage Verification", "type": "governance", "blocking": true},
+        {"check": "PII Scan (Presidio)", "type": "privacy", "blocking": true},
+        {"check": "Consent Verification", "type": "privacy", "blocking": true}
+      ],
+      "blockingPolicy": "PII or consent failure is HARD BLOCK; drift warning is SOFT BLOCK",
+      "avgDuration": "8 min"
+    },
+    {
+      "stage": 3,
+      "name": "Model Training & Validation Gate",
+      "trigger": "data-gate-pass",
+      "opaRules": 24,
+      "checks": [
+        {"check": "Hyperparameter Governance", "type": "model", "blocking": true},
+        {"check": "Training Reproducibility", "type": "model", "blocking": true},
+        {"check": "Performance Threshold (AUROC >= 0.80)", "type": "performance", "blocking": true},
+        {"check": "Bias Metrics (DI >= 0.80, SPD <= 0.10)", "type": "fairness", "blocking": true},
+        {"check": "Explainability (SHAP >= 95%)", "type": "explainability", "blocking": true},
+        {"check": "Adversarial Robustness Test", "type": "security", "blocking": true}
+      ],
+      "blockingPolicy": "Bias or performance failure is HARD BLOCK",
+      "avgDuration": "12 min"
+    },
+    {
+      "stage": 4,
+      "name": "Model Risk Review Gate",
+      "trigger": "training-gate-pass",
+      "opaRules": 16,
+      "checks": [
+        {"check": "SR 11-7 Independent Validation", "type": "regulatory", "blocking": true},
+        {"check": "Model Documentation Completeness", "type": "governance", "blocking": true},
+        {"check": "Challenger Model Comparison", "type": "model", "blocking": true},
+        {"check": "Stress Testing (10 scenarios)", "type": "resilience", "blocking": true},
+        {"check": "Regulatory Classification Check", "type": "regulatory", "blocking": true},
+        {"check": "Risk Tier Assignment", "type": "governance", "blocking": true}
+      ],
+      "blockingPolicy": "Tier-1 requires MRM sign-off; Tier-2 automated",
+      "avgDuration": "8 min + manual review"
+    },
+    {
+      "stage": 5,
+      "name": "Pre-Production Governance Gate",
+      "trigger": "mrm-approval",
+      "opaRules": 14,
+      "checks": [
+        {"check": "Canary Deployment Simulation", "type": "deployment", "blocking": true},
+        {"check": "Load Testing (100x production)", "type": "resilience", "blocking": true},
+        {"check": "Failover Verification", "type": "resilience", "blocking": true},
+        {"check": "Kill-Switch Test", "type": "safety", "blocking": true},
+        {"check": "Monitoring Instrumentation", "type": "observability", "blocking": true},
+        {"check": "Alert Configuration Validation", "type": "observability", "blocking": true}
+      ],
+      "blockingPolicy": "Kill-switch failure is HARD BLOCK",
+      "avgDuration": "6 min"
+    },
+    {
+      "stage": 6,
+      "name": "Production Deployment Gate",
+      "trigger": "pre-prod-pass + change-board-approval",
+      "opaRules": 10,
+      "checks": [
+        {"check": "Blue-Green Readiness", "type": "deployment", "blocking": true},
+        {"check": "Rollback Plan Documented", "type": "governance", "blocking": true},
+        {"check": "Evidence Bundle Generated", "type": "compliance", "blocking": true},
+        {"check": "WORM Archive Confirmed", "type": "compliance", "blocking": true},
+        {"check": "Stakeholder Notification", "type": "governance", "blocking": false},
+        {"check": "Kafka Governance Event Published", "type": "audit", "blocking": true}
+      ],
+      "blockingPolicy": "Evidence or WORM failure is HARD BLOCK",
+      "avgDuration": "4 min"
+    },
+    {
+      "stage": 7,
+      "name": "Post-Deployment Monitoring Gate",
+      "trigger": "24h/7d/30d checkpoints",
+      "opaRules": 8,
+      "checks": [
+        {"check": "Performance Drift Detection (PSI)", "type": "drift", "blocking": true},
+        {"check": "Prediction Distribution Monitoring", "type": "drift", "blocking": "soft"},
+        {"check": "Fairness Metric Tracking", "type": "fairness", "blocking": true},
+        {"check": "Latency SLA Compliance", "type": "operational", "blocking": true},
+        {"check": "Error Rate Threshold", "type": "operational", "blocking": true},
+        {"check": "Business KPI Correlation", "type": "business", "blocking": false}
+      ],
+      "blockingPolicy": "PSI > 0.25 triggers automatic rollback",
+      "avgDuration": "continuous"
+    }
+  ]
+}

artifacts/data/compliance-matrix.csv

@@ -0,0 +1,8 @@
+framework,jurisdiction,articles_sections,opa_rules,compliance_pct,status,certification_target,last_assessment,gap_count,critical_gaps
+EU AI Act,EU,Art. 1-113,48,91.2,Active,Q4 2027 Full Compliance,2026-03-01,4,1
+NIST AI RMF,US,GOVERN MAP MEASURE MANAGE,42,89.6,Active,Continuous Alignment,2026-03-01,6,2
+ISO/IEC 42001,Global,§4-§10,38,87.4,In Progress,Q3 2027 Certification,2026-02-15,8,3
+OECD AI Principles,Global (38),Principles 1.1-1.5 2.1-2.5,22,92.8,Active,Continuous Alignment,2026-03-01,2,0
+GDPR,EU,Art. 1-99,52,94.1,Active,Continuous Compliance,2026-03-01,3,0
+FCRA/ECOA,US,§602-§625 / §701-§706,28,89.0,Active,Continuous Compliance,2026-02-15,5,1
+SR 11-7,US (Banking),§§1-15,34,94.0,Active,Continuous Compliance,2026-03-01,2,0

artifacts/data/cross-border-governance.csv

@@ -0,0 +1,9 @@
+jurisdiction,ai_legislation,data_protection,model_risk,compute_governance,mutual_recognition,incident_reporting,compliance_score
+EU,EU AI Act (2025),GDPR,EBA Guidelines,EU AI Office Compute Reg,EU-UK MRA (draft),72h mandatory,89.4
+US,Executive Order 14110,CCPA/CPRA + Sectoral,SR 11-7 + OCC 2011-12,NIST Compute Framework,US-EU TTC,Voluntary (NIST),94.8
+UK,AI Safety Institute,UK GDPR + DPA 2018,PRA SS1/23 + FCA PS23/16,UK AI Compute Registry,EU-UK MRA (draft),28 days (FCA),91.2
+Japan,AI Strategy 2025,APPI,FSA AI Guidelines,METI Compute Reporting,CPTPP framework,90 days (FSA),87.6
+Canada,AIDA (proposed),PIPEDA + C-27,OSFI B-15,Innovation Canada,CPTPP + USMCA,60 days (OSFI),85.4
+Australia,AI Ethics Framework,Privacy Act 1988,APRA CPG 235,National AI Centre,Five Eyes alignment,90 days (APRA),82.8
+Singapore,Model AI Governance,PDPA,MAS FEAT,Smart Nation Compute,ASEAN framework,30 days (MAS),90.1
+South Korea,AI Basic Act (2025),PIPA,FSC AI Guidelines,MSIT Compute Registry,Korea-EU bilateral,60 days (FSC),86.3

artifacts/data/cross-module-regulatory-alignment.csv

@@ -0,0 +1,12 @@
+Module,DocRef,Endpoints,EU_AI_Act,NIST_AI_RMF,ISO_42001,GDPR,Basel_III,SR_11_7,FCRA_ECOA,OECD_AI_Principles,OPA_Rules,Sentinel_Rules,Key_Controls
+Practitioner Master Reference,PMREF-GSIFI-WP-015,50,FULL,FULL,FULL,PARTIAL,FULL,FULL,FULL,MAPPED,96,280,"10 pillars; RACI; trust stack; model registry; Sentinel integration"
+AGI Governance Master Blueprint,AGMB-GSIFI-WP-016,39,FULL,FULL,FULL,PARTIAL,FULL,FULL,PARTIAL,FULL,72,420,"6 governance layers; 15 ICGC components; 7 AGI readiness levels"
+Kafka ACL Governance,KACG-GSIFI-WP-017,54,FULL,FULL,FULL,FULL,FULL,FULL,PARTIAL,MAPPED,214,152,"12 Kafka topics; ACL enforcement; WORM S3; evidence signing; Terraform IaC"
+Governance Architectures & Frameworks,GAF-GSIFI-WP-017,57,FULL,FULL,FULL,FULL,FULL,FULL,FULL,FULL,168,380,"7 domains; 5 reference architectures; 6 governance layers"
+G-SIFI Regulatory Compliance,COMP-REG-WP-006,22,FULL,FULL,FULL,FULL,FULL,FULL,FULL,MAPPED,142,240,"Multi-jurisdiction compliance; 16 regulatory frameworks"
+Enterprise AI Strategy,STRAT-G2K-WP-012,32,PARTIAL,PARTIAL,MAPPED,PARTIAL,MAPPED,MAPPED,-,MAPPED,24,80,"Global 2000 strategy; AI maturity model; investment framework"
+Unified Master Reference,UMREF-G2K-WP-014,28,FULL,FULL,PARTIAL,PARTIAL,PARTIAL,PARTIAL,PARTIAL,MAPPED,64,120,"Fortune 500 reference; enterprise governance; platform roadmap"
+AGI/ASI Governance Unified,IMPL-GSIFI-WP-005,26,PARTIAL,PARTIAL,MAPPED,MAPPED,MAPPED,MAPPED,-,PARTIAL,18,64,"Implementation roadmap; 8 governance domains"
+AGI Governance Framework,AGI-GOV-CORE,76,PARTIAL,PARTIAL,MAPPED,MAPPED,-,-,-,PARTIAL,32,180,"AGI capability landscape; safety pillars; maturity model"
+ASI Preparedness,SAFE-AGI-WP-003,12,MAPPED,MAPPED,MAPPED,-,-,-,-,PARTIAL,8,48,"ASI scenarios; risk taxonomy; containment strategies"
+AI Governance Analysis,GOV-ANALYSIS-001,10,FULL,FULL,PARTIAL,PARTIAL,PARTIAL,PARTIAL,PARTIAL,MAPPED,22,40,"Regulatory landscape analysis; jurisdiction mapping"

artifacts/data/data-quality-gates.csv

@@ -0,0 +1,21 @@
+gate_id,dimension,gate_name,threshold,check_type,opa_rule,enforcement,pipeline_stage,tier_applicability
+DQG-001,Completeness,Null Rate Check,< 2% per required field,automated,dq.completeness.null-rate,BLOCK (Tier-1) / WARN (Tier-2),ingestion,All
+DQG-002,Completeness,Required Field Coverage,≥ 98% fields present,automated,dq.completeness.field-coverage,BLOCK,ingestion,All
+DQG-003,Completeness,Record Count Variance,< 5% from expected,automated,dq.completeness.record-count,WARN,ingestion,All
+DQG-004,Accuracy,Cross-Source Validation,≥ 95% match rate,automated,dq.accuracy.cross-source,BLOCK,transformation,Tier-1
+DQG-005,Accuracy,Business Rule Compliance,100% pass rate,automated,dq.accuracy.business-rules,BLOCK,transformation,All
+DQG-006,Accuracy,Outlier Detection (IQR),< 0.5% extreme outliers,automated,dq.accuracy.outlier-iqr,WARN,transformation,All
+DQG-007,Accuracy,Outlier Detection (Z-score),Z-score < 4 for all fields,automated,dq.accuracy.outlier-zscore,WARN,transformation,Tier-2
+DQG-008,Consistency,Schema Version Match,exact match required,automated,dq.consistency.schema-version,BLOCK,ingestion,All
+DQG-009,Consistency,Referential Integrity,100% FK resolution,automated,dq.consistency.ref-integrity,BLOCK,transformation,All
+DQG-010,Consistency,Temporal Consistency,monotonic timestamps,automated,dq.consistency.temporal,WARN,ingestion,All
+DQG-011,Timeliness,Freshness SLA (Real-time),< 15 min staleness,automated,dq.timeliness.freshness-rt,BLOCK,serving,Tier-1
+DQG-012,Timeliness,Batch Delivery Window,within ±30 min of schedule,automated,dq.timeliness.batch-window,WARN,ingestion,All
+DQG-013,Timeliness,Event Timestamp Skew,< 500ms skew,automated,dq.timeliness.timestamp-skew,WARN,ingestion,All
+DQG-014,Uniqueness,Deduplication Rate,< 0.1% duplicates,automated,dq.uniqueness.dedup,BLOCK,transformation,All
+DQG-015,Uniqueness,Entity Resolution Confidence,≥ 0.90 confidence,automated,dq.uniqueness.entity-resolution,WARN,transformation,Tier-1
+DQG-016,Uniqueness,Primary Key Uniqueness,100% unique,automated,dq.uniqueness.pk,BLOCK,ingestion,All
+DQG-017,Validity,Format Compliance,100% valid formats,automated,dq.validity.format,BLOCK,ingestion,All
+DQG-018,Validity,Range Validation,within defined ranges,automated,dq.validity.range,WARN,transformation,All
+DQG-019,Validity,Enumeration Check,all values in allowed set,automated,dq.validity.enumeration,BLOCK,ingestion,All
+DQG-020,Validity,Business Domain Rules,100% compliance,automated,dq.validity.domain-rules,BLOCK,transformation,Tier-1