Merge pull request #63 from OneFineStarstuff/codex/create-agi-governance-blueprint-for-2026-2030

Add governance artifact validation suite, schemas, Rego policies and CI

Author: OneFineStarstuff

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -47,14 +47,14 @@ body:
       label: Steps to Reproduce
       description: How can we reproduce the bug?
       placeholder: |
-        Example: 
+        Example:
         1. Go to "Upload"
         2. Click on "Select File"
         3. Choose a large file (over 100MB)
         4. Click "Upload"
         5. See error
       value: |
-        1. 
+        1.
     validations:
       required: true
 

.github/workflows/cmake-single-platform.yml

@@ -36,4 +36,3 @@ jobs:
       # Execute tests defined by the CMake configuration.
       # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
       run: ctest -C ${{env.BUILD_TYPE}}
-

.github/workflows/datadog-synthetics.yml

@@ -34,5 +34,3 @@ jobs:
         api_key: ${{secrets.DD_API_KEY}}
         app_key: ${{secrets.DD_APP_KEY}}
         test_search_query: 'tag:e2e-tests' #Modify this tag to suit your tagging strategy
-
-

.github/workflows/go-ossf-slsa3-publish.yml

@@ -35,4 +35,3 @@ jobs:
       # =============================================================================================================
       #     Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects
       # =============================================================================================================
-

.github/workflows/governance-artifacts-ci.yml

@@ -1,3 +1,20 @@
+name: governance-artifacts-ci
+
+on:
+  push:
+    paths:
+      - 'docs/schemas/**'
+      - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - '.github/workflows/governance-artifacts-ci.yml'
+      - 'Makefile'
+      - '.yamllint'
+  pull_request:
+    paths:
+      - 'docs/schemas/**'
+      - 'docs/reports/ENTERPRISE_CIVILIZATIONAL_AGI_ASI_BLUEPRINT_2026_2030.md'
+      - '.github/workflows/governance-artifacts-ci.yml'
+      - 'Makefile'
+      - '.yamllint'
 name: Governance Artifacts CI
 
 on:
@@ -16,12 +33,59 @@ on:
 jobs:
   validate-governance-artifacts:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    env:
+      PYTHONUNBUFFERED: '1'
     timeout-minutes: 10
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: docs/schemas/requirements-governance.txt
+
+      - name: Install Python deps (pinned)
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r docs/schemas/requirements-governance.txt
+
+      - name: Validate governance YAML/JSON artifacts
+        run: make governance-validate
+
+      - name: Setup OPA (pinned)
+        uses: open-policy-agent/setup-opa@v2
+        with:
+          version: v1.15.2
+
+      - name: Rego format and tests
+        run: make governance-policy-test
+
+      - name: Validator and evidence bundle unit tests
+        run: make governance-validator-test
+
+      - name: Build evidence manifest
+        run: make governance-evidence-manifest
+
+      - name: Verify evidence manifest integrity
+        run: make governance-evidence-verify
+
+      - name: Validate evidence manifest schema
+        run: make governance-evidence-schema
+
+      - name: Generate machine-readable validation report
+        run: make governance-report
+
+      - name: Validate run report schema
+        run: make governance-report-schema
+
+      - name: Check generated artifacts are up to date
+        run: make governance-check-generated
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
@@ -38,6 +102,8 @@ jobs:
       - name: Upload validation report
         uses: actions/upload-artifact@v4
         with:
+          name: governance-validation-report
+          path: docs/schemas/validation_run_report.json
           name: governance-validation-reports
           path: |
             governance-artifact-validation-report.json

.github/workflows/octopusdeploy.yml

@@ -1,5 +1,5 @@
 # This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by separate terms of service, 
+# They are provided by a third-party and are governed by separate terms of service,
 # privacy policy, and support documentation.
 #
 # This workflow will build and publish a Docker container which is then deployed through Octopus Deploy.
@@ -12,13 +12,13 @@
 #
 # To configure this workflow:
 #
-# 1. Decide where you are going to host your image. 
+# 1. Decide where you are going to host your image.
 #    This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below.
 #
-# 2. Create and configure an OIDC credential for a service account in Octopus. 
+# 2. Create and configure an OIDC credential for a service account in Octopus.
 #    This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository.
-#    https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions 
-#  
+#    https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions
+#
 # 3. Configure your Octopus project details below:
 #      OCTOPUS_URL: update to your Octopus Instance Url
 #      OCTOPUS_SERVICE_ACCOUNT: update to your service account Id
@@ -42,14 +42,14 @@ jobs:
       packages: write
       contents: read
     env:
-      DOCKER_REGISTRY: ghcr.io                                # TODO: Update to your docker registry uri 
+      DOCKER_REGISTRY: ghcr.io                                # TODO: Update to your docker registry uri
       DOCKER_REGISTRY_USERNAME: ${{ github.actor }}           # TODO: Update to your docker registry username
       DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}   # TODO: Update to your docker registry password
     outputs:
       image_tag: ${{ steps.meta.outputs.version }}
     steps:
       - uses: actions/checkout@v4
-      
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
 
@@ -64,7 +64,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} 
+          images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }}
           tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}}
 
       - name: Build and push Docker image
@@ -74,7 +74,7 @@ jobs:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}      
+          labels: ${{ steps.meta.outputs.labels }}
   deploy:
     name: Deploy
     permissions:
@@ -89,9 +89,9 @@ jobs:
       OCTOPUS_ENVIRONMENT: 'your-environment'             # TODO: update to the name of the environment to recieve the first deployment
 
     steps:
-      - name: Login to Octopus Deploy 
+      - name: Login to Octopus Deploy
         uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629  #v1.0.2
-        with: 
+        with:
           server: '${{ env.OCTOPUS_URL }}'
           service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}'
 
@@ -104,7 +104,7 @@ jobs:
           packages: '*:${{ needs.build.outputs.image_tag }}'
 
       - name: Deploy Release
-        uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 
+        uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1
         with:
           project: '${{ env.OCTOPUS_PROJECT }}'
           space: '${{ env.OCTOPUS_SPACE }}'

.pre-commit-config.yaml

@@ -1,4 +1,38 @@
 repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-yaml
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.37.1
+    hooks:
+      - id: yamllint
+        args: ["-c", ".yamllint", "docs/schemas/agi_asi_governance_profile_2026_2030.yaml"]
+  - repo: local
+    hooks:
+      - id: governance-validate
+        name: governance-validate
+        entry: make governance-validate
+        language: system
+        pass_filenames: false
+      - id: governance-policy-test
+        name: governance-policy-test
+        entry: make governance-policy-test
+        language: system
+        pass_filenames: false
+      - id: governance-validator-test
+        name: governance-validator-test
+        entry: make governance-validator-test
+        language: system
+        pass_filenames: false
+      - id: governance-evidence-checks
+        name: governance-evidence-checks
+        entry: make governance-evidence-manifest && make governance-evidence-verify && make governance-evidence-schema && make governance-report-schema && make governance-check-generated
+        language: system
+        pass_filenames: false
   - repo: local
     hooks:
       - id: governance-validation-suite

.yamllint

@@ -0,0 +1,5 @@
+extends: default
+rules:
+  line-length: disable
+  document-start: disable
+  truthy: disable

ABSOLUTE_FINAL_STATUS.txt

@@ -465,8 +465,8 @@ Expected Outcome: $220.6M benefits, 745% ROI, regulatory leadership positioning
 CONCLUSION
 ================================================================================
 
-The Omni-Sentinel Global AI Governance Framework is PRODUCTION READY and 
-represents the most comprehensive AI governance architecture ever implemented 
+The Omni-Sentinel Global AI Governance Framework is PRODUCTION READY and
+represents the most comprehensive AI governance architecture ever implemented
 for a Global Systemically Important Financial Institution (G-SIFI).
 
 This framework delivers:
@@ -478,15 +478,15 @@ This framework delivers:
   - 3-tier human oversight with automation bias mitigation
   - 95%+ governance persistence at 12 months
 
-All technical work is COMPLETE. All files are COMMITTED. All documentation is 
+All technical work is COMPLETE. All files are COMMITTED. All documentation is
 READY. The framework is awaiting YOUR DEPLOYMENT ACTION.
 
-Your next immediate action: Download files from /home/user/webapp/ and deploy 
-using EXECUTIVE_ONE_PAGE_SUMMARY.md or QUICK_ACTION_GUIDE.md within the next 
+Your next immediate action: Download files from /home/user/webapp/ and deploy
+using EXECUTIVE_ONE_PAGE_SUMMARY.md or QUICK_ACTION_GUIDE.md within the next
 24 hours.
 
-This framework will transform AI governance from a compliance cost center into 
-a strategic business capability delivering measurable value and positioning 
+This framework will transform AI governance from a compliance cost center into
+a strategic business capability delivering measurable value and positioning
 the organization as a global leader in responsible AI deployment.
 
 ================================================================================

CITATION.cff

@@ -20,7 +20,7 @@ abstract: >-
   The AGI Pipeline is built to facilitate seamless integration and interaction
   between different AI modules, enabling the development of sophisticated AI
   applications. Key features of the pipeline include:
-  
+
   1. Natural Language Processing (NLP):
      - Utilizes the BART (Bidirectional and Auto-Regressive Transformers) model for text summarization and other NLP tasks.
      - Provides efficient and accurate text processing capabilities.