OneFineStarstuff · OneFineStarstuff · Jun 17, 2026 · Jun 12, 2026 · Jun 13, 2026 · Jun 14, 2026
diff --git a/.github/workflows/runnable-assurance.yml b/.github/workflows/runnable-assurance.yml
@@ -0,0 +1,80 @@
+name: Runnable Assurance (Sentinel v2.4)
+
+# Executes the runnable proof obligations behind the governance artifacts:
+# OPA policy tests, TLA+ TLC model check, GC-IR cross-target harness, and the
+# SRC-1 Groth16 concentration-bound proof flow.
+
+on:
+  push:
+    paths:
+      - 'governance_artifacts/**'
+      - '.github/workflows/runnable-assurance.yml'
+  pull_request:
+    paths:
+      - 'governance_artifacts/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  runnable-assurance:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Set up Java (for TLA+ TLC)
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '17'
+
+      - name: Install Python deps
+        run: pip install pyyaml jsonschema dilithium-py pytest
+
+      - name: Install OPA
+        run: |
+          curl -sSL -o /usr/local/bin/opa https://openpolicyagent.org/downloads/v0.70.0/opa_linux_amd64_static
+          chmod +x /usr/local/bin/opa
+          opa version
+
+      - name: Install circom 2.1.9
+        run: |
+          mkdir -p "$HOME/.local/bin"
+          curl -L -o "$HOME/.local/bin/circom" https://github.com/iden3/circom/releases/download/v2.1.9/circom-linux-amd64
+          chmod +x "$HOME/.local/bin/circom"
+          echo "$HOME/.local/bin" >> "$GITHUB_PATH"
+
+      - name: Install snarkjs + circomlib
+        working-directory: governance_artifacts/zk
+        run: npm install
+
+      - name: Fetch TLA+ tools
+        run: |
+          mkdir -p governance_artifacts/tla/tools
+          curl -L -o governance_artifacts/tla/tools/tla2tools.jar \
+            https://github.com/tlaplus/tlaplus/releases/download/v1.7.4/tla2tools.jar
+
+      - name: Compile circuits
+        working-directory: governance_artifacts/zk
+        run: |
+          circom circuits/src1_concentration_bound.circom --r1cs --wasm --sym --O0 -o circuits/
+          circom circuits/src_fair1_reason_code_check.circom --r1cs --wasm --sym --O0 -o circuits/
+
+      - name: Unit tests (routing + PQC WORM)
+        run: |
+          pytest governance_artifacts/routing/test_sara_acr_router.py -q
+          pytest governance_artifacts/kafka/test_pqc_worm_logger_v2.py -q
+
+      - name: Run runnable assurance suite
+        run: bash governance_artifacts/run_runnable_assurance.sh
diff --git a/docs/reports/SENTINEL_V24_ZK_COMPLIANCE_CIVILIZATIONAL_GOVERNANCE_2026_2035.md b/docs/reports/SENTINEL_V24_ZK_COMPLIANCE_CIVILIZATIONAL_GOVERNANCE_2026_2035.md
diff --git a/governance_artifacts/README.md b/governance_artifacts/README.md
@@ -3,6 +3,16 @@
 ## Purpose
 This directory provides machine-readable governance controls, policies, schemas, and fixtures for Sentinel v2.4 release gating.
 
+## Runnable assurance (proofs, not prose)
+For the executable proof obligations — OPA policy tests, TLA+ TLC model checking
+of the containment ratchet, the GC-IR cross-target conformance harness, and the
+SRC-1 Groth16 systemic-risk concentration proof — see
+[`RUNNABLE_ASSURANCE.md`](RUNNABLE_ASSURANCE.md) and run:
+
+```bash
+bash run_runnable_assurance.sh
+```
+
 ## Local validation
 Run the deterministic validator directly:
 

diff --git a/governance_artifacts/RUNNABLE_ASSURANCE.md b/governance_artifacts/RUNNABLE_ASSURANCE.md
@@ -0,0 +1,171 @@
+# Runnable Assurance — Sentinel v2.4 Governance Artifacts
+
+This directory upgrades the Sentinel v2.4 governance artifacts from *declarative*
+(schemas, prose controls, policy sketches) to **executable and verifiable**. Where
+the master reference documents assert that a control "holds," the artifacts here
+*prove* it with industry-standard tooling.
+
+> Scope note. These artifacts implement the standards-grounded core (OSCAL 1.1.2,
+> OPA/Rego, TLA+/TLC, Circom/Groth16, FIPS 203/204/205 references). AGI/ASI
+> *containment* is modelled as a control-and-invariant discipline; speculative
+> regime fixtures (ICGC/GACP, GAIRA) remain tagged `feasibility-tier` C/D in the
+> OSCAL catalog and are not claimed as settled practice.
+
+## One command
+
+```bash
+bash governance_artifacts/run_runnable_assurance.sh
+```
+
+Runs all five checks below and fails fast on any error.
+
+## What is proven, and against which control
+
+| # | Check | Tool | Backs OSCAL control | Regime anchor |
+|---|-------|------|---------------------|---------------|
+| 1 | Release gate + credit gate + confidential-computing attestation gate (PCR_MATCH) | `opa test` (21 tests) | release-gate, `con-07`, `env-01` | SR 11-7, EU AI Act Art. 14/15, ECOA, GDPR Art. 22, DORA |
+| 2 | Containment one-way ratchet & terminal-actuation quorum | TLA+ `tlc2.TLC` | `con-04`, `con-07` | EU AI Act Art. 14, DORA resilience testing |
+| 3 | Attested admission — no T0 workload runs without fresh valid attestation; TCB rollback / PCR drift force eviction | TLA+ `tlc2.TLC` | `env-01` | EU AI Act Art. 15, DORA ICT risk, NIST AI RMF |
+| 4 | GC-IR cross-target conformance (policy ⇔ circuit ⇔ expectation) | `opa eval` + Circom witness | obligation `ob-ecoa-adverse-reason-codes` | ECOA, GDPR Art. 22, EU AI Act Art. 13 |
+| 5 | Systemic-risk concentration bound (HHI) zk proof | Circom + Groth16 (snarkjs) | `cry-05` | Basel op-risk, systemic telemetry |
+| 6 | SARA/ACR MoE routing stabilization invariants (entropy / load balance / drop) | Python simulator + pytest | `rte-01` | EU AI Act Art. 15 robustness, SR 11-7 |
+| 7 | PQC WORM audit log — real CRYSTALS-Dilithium (ML-DSA-65) signatures + tamper-evident hash chain + S3 Object Lock retention | Python (`dilithium-py`) + pytest | `cry-02` | DORA, EU AI Act Art. 12 logging |
+| 8 | Governance artifact schema validation | Python validator | manifest/schema integrity | OSCAL, evidence logging (EU AI Act Art. 12) |
+
+### New control groups (`oscal/catalog_sentinel_v24_env_rte.json`)
+
+- **ENV — Confidential Computing & Attested Execution**: `env-01` (hardware-attested
+  admission for T0/T1 via SEV-SNP / TDX + vTPM PCR_MATCH; runtime TCB-rollback and
+  PCR-drift eviction), `env-02` (enclave-bound ML-DSA key custody).
+- **RTE — MoE Routing Stability**: `rte-01` (SARA/ACR stabilization invariants).
+
+## 1. OPA policy tests — `rego/`
+
+- `release_gate.rego` — high-impact release is **deny-by-default**; `allow` requires
+  containment `ENFORCED`, dual-control quorum ≥ 2, signed bundle, and both the
+  Omni-Sentinel safety control and the SR 11-7 validation control.
+- `high_impact_credit.rego` — adverse credit underwriting requires human review,
+  ≥ 3 reason codes, fairness within an equal-opportunity delta, verified lineage,
+  no active incident.
+- `fairness_credit_decision.rego` — the Rego emission target of the GC-IR obligation.
+
+```bash
+opa test governance_artifacts/rego/ -v     # 12/12 PASS
+```
+
+## 2. TLA+ containment ratchet — `tla/KillSwitchAbstract.tla`
+
+Models containment levels L0 NORMAL → L4 TERMINATED. Autonomous Supervisory Agents
+(ASAs) may only *raise* level within L0–L2; lowering the level or actuating the
+terminal levels L3/L4 requires a human dual-control quorum. TLC exhaustively checks:
+
+- `TypeOK`, `ASARatchet`, `TerminalNeedsQuorum` (invariants)
+- `ASANeverLowers`, `DeEscalationNeedsQuorum` (action properties)
+
+```bash
+cd governance_artifacts/tla
+java -cp tools/tla2tools.jar tlc2.TLC -config KillSwitchAbstract.cfg KillSwitchAbstract.tla
+# -> "Model checking completed. No error has been found." (13 distinct states)
+```
+
+## 3. GC-IR cross-target harness — `zk/gcir_harness.py`
+
+The GC-IR design claims a single obligation compiles to multiple targets and that
+"any disagreement fails the build." This harness makes that real for
+`ob-ecoa-adverse-reason-codes`: it runs each shared fixture through the **Rego**
+rule (`opa eval`) and through the **Circom** circuit (real witness generation), then
+asserts `rego_allow == circuit_witness_producible == declared_expectation`.
+
+```bash
+cd governance_artifacts/zk && python3 gcir_harness.py
+# fx-001 allow / fx-002 deny (too few codes) / fx-003 deny (unapproved code) — all agree
+```
+
+## 4. SRC-1 systemic-risk concentration proof — `zk/`
+
+`circuits/src1_concentration_bound.circom` proves, in zero knowledge, that the
+decision-volume **Herfindahl-Hirschman Index** across foundation-model providers
+does not exceed a board-ratified threshold (basis points), with `circuit_tag`
+binding the proof to circuit revision SRC-1. The flow runs a dev Powers-of-Tau
+ceremony, Groth16 setup, proves the compliant fixture, verifies it, and emits a
+`proof_statement.json` conforming to `proof_statement_schema.json`. The negative
+test shows an over-concentrated portfolio **cannot** produce a witness.
+
+```bash
+cd governance_artifacts/zk && bash run_src1_proof.sh
+# -> snarkJS: OK!  (proof verifies); violation fixture rejected (soundness)
+```
+
+> The Powers-of-Tau ceremony here is a **development** ceremony and is **not**
+> production-secure. A production deployment requires a multi-party trusted setup
+> (or a transparent system such as PLONK/STARK as noted in the schema enum).
+
+## 6. Confidential-computing attestation gate — `rego/attestation_gate.rego` + `tla/AdmissionWithAttestation.tla`
+
+The `PCR_MATCH=TRUE` assertion that recurs throughout the master docs is now
+*enforced*, not merely stated. The Rego gate (`sentinel.attestation`) admits a
+T0/T1 workload only when it presents a SEV-SNP or TDX report with a verified
+signature, fresh anti-replay nonce, a launch measurement in the golden registry,
+platform TCB at/above the ratified minimum (no rollback), and a vTPM PCR quote
+matching the policy digest. The TLA+ spec proves the *temporal* guarantee: across
+all 64 initial evidence combinations, no workload reaches `RUNNING` without a
+valid attestation, and runtime TCB rollback or PCR drift forces `EVICTED`.
+
+```bash
+opa test governance_artifacts/rego/                       # includes 9 attestation tests
+cd governance_artifacts/tla
+java -cp tools/tla2tools.jar tlc2.TLC -config AdmissionWithAttestation.cfg AdmissionWithAttestation.tla
+```
+
+## 7. SARA/ACR MoE routing stabilization — `routing/sara_acr_router.py`
+
+Defines and demonstrates two stack-specific mechanisms (not external standards):
+**SARA** (Stabilized Adaptive Routing — load-aware gating bias + temperature) and
+**ACR** (Adaptive Capacity Regulation — per-expert capacity factor with overflow
+handling). The simulator shows that under skewed gating a naive top-k router
+collapses (normalised entropy ≈ 0.38, load ratio ≈ 5.6) and *violates* the
+`rte-01` invariants, while SARA+ACR holds entropy ≈ 0.99 and load ratio ≈ 1.25,
+*satisfying* all invariants (entropy ≥ 0.80, load ratio ≤ 1.60, drop ≤ 0.02).
+
+```bash
+python3 governance_artifacts/routing/sara_acr_router.py
+pytest governance_artifacts/routing/test_sara_acr_router.py -q   # 4 tests
+```
+
+## 8. PQC WORM audit log — `kafka/pqc_worm_logger_v2.py`
+
+Replaces the original HMAC placeholder with **real CRYSTALS-Dilithium (ML-DSA-65,
+FIPS 204)** signatures over canonical batch payloads, linked in a tamper-evident
+**hash chain** (`prev_batch_hash`), with an S3 Object Lock COMPLIANCE-mode
+retention record per batch. `verify_chain()` re-validates every signature and link
+and returns a supervisory-ready report; the demo proves that entry mutation,
+batch reordering, and signature forgery are all detected.
+
+```bash
+python3 governance_artifacts/kafka/pqc_worm_logger_v2.py
+pytest governance_artifacts/kafka/test_pqc_worm_logger_v2.py -q  # 6 tests
+```
+
+> ML-DSA-65 here is provided by the pure-Python `dilithium-py` reference
+> implementation — correct and FIPS-204-aligned, but **not** constant-time or
+> side-channel-hardened. Production signing belongs in the env-02 enclave using a
+> validated cryptographic module.
+
+## Reproducing from a clean checkout
+
+```bash
+# OPA
+curl -sSL -o /usr/local/bin/opa https://openpolicyagent.org/downloads/v0.70.0/opa_linux_amd64_static && chmod +x /usr/local/bin/opa
+# circom 2.1.9 + snarkjs/circomlib
+curl -L -o ~/.local/bin/circom https://github.com/iden3/circom/releases/download/v2.1.9/circom-linux-amd64 && chmod +x ~/.local/bin/circom
+( cd governance_artifacts/zk && npm install )
+# TLA+ tools
+curl -L -o governance_artifacts/tla/tools/tla2tools.jar https://github.com/tlaplus/tlaplus/releases/download/v1.7.4/tla2tools.jar
+# Python
+pip install pyyaml jsonschema dilithium-py
+# Run everything
+bash governance_artifacts/run_runnable_assurance.sh
+```
+
+> Sandbox note: compile circuits with `--O0` if circom raises a `SystemTimeError`
+> during constraint simplification (a known clock-skew issue in some containers).