OneFineStarstuff · OneFineStarstuff · Apr 6, 2026 · Apr 3, 2026 · Apr 4, 2026 · Apr 4, 2026
diff --git a/artifacts/data/agi-readiness-assessment.csv b/artifacts/data/agi-readiness-assessment.csv
@@ -0,0 +1,8 @@
+level,name,requirements,investment_usd,timeline,key_milestones,current_status,dependencies
+ARL-1,Foundation,"AI inventory, basic policies, risk awareness training",1400000,Month 1-3,"Complete AI system inventory, establish AI governance team, basic risk awareness program",Completed,None
+ARL-2,Structured,"Formal governance framework, OPA policies (50+ rules), basic monitoring",4200000,Month 3-9,"OPA deployed with 50+ rules, formal RACI matrix, Board AI Sub-committee chartered, basic Prometheus monitoring",Current,ARL-1
+ARL-3,Managed,"Full Sentinel deployment, continuous monitoring, SR 11-7 compliance",9800000,Month 9-18,"Sentinel Platform v4.2 production, 1024+ rules, SR 11-7 full compliance, automated drift detection, Kafka WORM audit trail",Planned,ARL-2
+ARL-4,Advanced,"EAIP mesh operational, autonomous agent governance, EARL-4",14800000,Month 18-30,"EAIP gRPC mesh live, SPIFFE/SPIRE identity, DEPTHS L0-L4 governance, full CI/CD gates, ISO 42001 certified",Planned,ARL-3
+ARL-5,AGI-Ready,"GASCF certified, crisis-tested, CRP operational, multi-regime compliant",18600000,Month 30-42,"GASCF Level 3 certification, quarterly crisis simulations passed, CRP v2.1 operational, 8 regulatory frameworks aligned",Planned,ARL-4
+ARL-6,AGI-Operational,"AGI systems in production with full containment, ICGC integration",26400000,Month 42-54,"AGI containment infrastructure deployed, ICGC pilot integration, GASCF Level 4, kill-switch triple redundant",Planned,ARL-5
+ARL-7,ASI-Prepared,"Civilizational governance, GATI treaty compliance, global coordination",42800000,Month 54+,"GATI treaty integrated, GASCF Level 5, civilizational governance framework operational, international coordination protocols active",Planned,ARL-6
diff --git a/artifacts/data/global-governance-components.csv b/artifacts/data/global-governance-components.csv
@@ -0,0 +1,16 @@
+id,acronym,full_name,function,status,integration_protocol,latency_sla,regulatory_basis
+GC-01,GACRA,Global AI Compute Resource Authority,"Compute allocation, licensing, monitoring",Proposed,REST + mTLS,< 500ms,ICGC Charter Art. 3
+GC-02,GASO,Global AI Safety Office,"Safety standards, incident coordination",Pilot (EU + US),Kafka + gRPC,< 200ms,ICGC Charter Art. 5
+GC-03,GFMCF,Global Frontier Model Certification Framework,Pre-deployment certification for frontier models,Draft,OPA + REST,< 50ms,GASCF Levels 1-5
+GC-04,GAICS,Global AI Incident Classification System,Standardized incident severity and reporting,Draft,Kafka + gRPC,< 200ms,ICGC Charter Art. 8
+GC-05,GAIVS,Global AI Incident Verification System,Independent incident investigation,Proposed,REST + mTLS,< 1000ms,ICGC Charter Art. 9
+GC-06,GACP,Global AI Compute Passport,Portable compute usage credentials,Proposed,REST + OAuth2,< 500ms,GACRLS Integration
+GC-07,GATI,Global AI Treaty Infrastructure,"Treaty management, compliance tracking",Concept,REST + Batch,24h batch,International Law
+GC-08,GACMO,Global AI Capability Monitoring Observatory,Track frontier capabilities worldwide,Pilot (3 countries),Batch + Streaming,15-min batch,ICGC Charter Art. 6
+GC-09,FTEWS,Frontier Technology Early Warning System,"Capability jump detection, risk alerts",Prototype,WebSocket + gRPC,< 100ms,GACMO Integration
+GC-10,GAI-SOC,Global AI Security Operations Center,24/7 AI threat monitoring and response,Pilot,STIX/TAXII + REST,Near real-time,ICGC Charter Art. 10
+GC-11,GAIGA,Global AI Governance Assembly,Legislative body for international AI law,Proposed,Diplomatic,N/A,ICGC Charter Art. 2
+GC-12,GACRLS,Global AI Compute Resource Licensing System,Compute license issuance and compliance,Draft,REST + mTLS,< 500ms,GACRA Integration
+GC-13,GFCO,Global Frontier Compute Observatory,Monitor global compute build-out and allocation,Concept,Batch + Streaming,1h batch,GACMO Integration
+GC-14,GAID,Global AI Insurance and Indemnification,"Risk pooling, liability frameworks",Concept,REST + Batch,24h batch,GASCF Integration
+GC-15,GASCF,Global AI Safety Certification Framework,Multi-tier safety certification (Levels 1-5),Draft,OPA + REST + Audit,< 50ms,EU AI Act + NIST AI RMF
diff --git a/artifacts/data/kafka-acl-matrix.json b/artifacts/data/kafka-acl-matrix.json
@@ -0,0 +1,73 @@
+{
+  "_metadata": {
+    "docRef": "KACG-GSIFI-WP-017",
+    "description": "Kafka ACL Matrix: Topic-level PRODUCE/CONSUME ACL assignments for all AI governance topics",
+    "version": "1.0.0",
+    "lastUpdated": "2026-04-03"
+  },
+  "topics": {
+    "ai.inference.events": {
+      "partitions": 24, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": false,
+      "produce": ["inference-engine-*", "sentinel-platform"],
+      "consume": ["compliance-engine", "ksqldb-analytics", "evidence-generator"]
+    },
+    "ai.training.events": {
+      "partitions": 12, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": true,
+      "produce": ["mlops-pipeline", "model-registry"],
+      "consume": ["compliance-engine", "ksqldb-analytics", "sentinel-platform"]
+    },
+    "ai.governance.decisions": {
+      "partitions": 12, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": true,
+      "produce": ["opa-engine", "sentinel-platform", "caio-portal"],
+      "consume": ["compliance-engine", "evidence-generator", "audit-portal"]
+    },
+    "ai.model.promotions": {
+      "partitions": 6, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": true,
+      "produce": ["model-registry", "mlops-pipeline"],
+      "consume": ["compliance-engine", "sentinel-platform", "evidence-generator"]
+    },
+    "ai.bias.alerts": {
+      "partitions": 6, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": false,
+      "produce": ["sentinel-platform", "fairness-monitor"],
+      "consume": ["compliance-engine", "caio-portal", "cro-dashboard"]
+    },
+    "ai.drift.detections": {
+      "partitions": 6, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": false,
+      "produce": ["sentinel-platform", "monitoring-service"],
+      "consume": ["compliance-engine", "model-registry", "opa-engine"]
+    },
+    "ai.sentinel.evaluations": {
+      "partitions": 24, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": false,
+      "produce": ["sentinel-platform"],
+      "consume": ["compliance-engine", "ksqldb-analytics", "evidence-generator"]
+    },
+    "ai.compliance.evidence": {
+      "partitions": 12, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": true,
+      "produce": ["evidence-generator"],
+      "consume": ["audit-portal", "regulator-portal", "compliance-engine"],
+      "exclusiveWrite": true
+    },
+    "ai.agent.telemetry": {
+      "partitions": 12, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "10 years", "transactional": false,
+      "produce": ["agent-orchestrator", "behavioral-sidecar"],
+      "consume": ["compliance-engine", "sentinel-platform", "safety-monitor"]
+    },
+    "ai.killswitch.events": {
+      "partitions": 3, "replicationFactor": 3, "minInsyncReplicas": 3, "retention": "PERMANENT", "transactional": true,
+      "produce": ["kill-switch-controller"],
+      "consume": ["ALL-governance-services", "board-dashboard"],
+      "exclusiveWrite": true,
+      "criticalTopic": true
+    },
+    "ai.consent.changes": {
+      "partitions": 6, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "5 years (GDPR)", "transactional": true,
+      "produce": ["consent-management-platform"],
+      "consume": ["compliance-engine", "erasure-controller", "privacy-engine"]
+    },
+    "ai.erasure.requests": {
+      "partitions": 6, "replicationFactor": 3, "minInsyncReplicas": 2, "retention": "5 years (GDPR)", "transactional": true,
+      "produce": ["consent-management-platform", "dpo-portal"],
+      "consume": ["erasure-controller", "compliance-engine", "evidence-generator"]
+    }
+  }
+}
diff --git a/artifacts/data/kafka-compliance-controls.csv b/artifacts/data/kafka-compliance-controls.csv
@@ -0,0 +1,13 @@
+Requirement,ISO_42001,NIST_AI_RMF,EU_AI_Act,Basel_III,SR_11_7,Kafka_Implementation,Status
+AI System Inventory,A.5.4,GOVERN 1.1,Art. 60,CRE 30.2,§3,ai.governance.decisions: REGISTER events,IMPLEMENTED
+Risk Assessment,A.5.5,MAP 1.1-1.6,Art. 9,CRE 31,§5,OPA group compliance.sr117.risk-*,IMPLEMENTED
+Data Governance,A.7.1-A.7.4,MAP 2.1-2.3,Art. 10,CRE 33,§6,ai.training.events + PII detection rules,IMPLEMENTED
+Model Documentation,A.6.2.5,GOVERN 4.1,Art. 11,CRE 35,§7,Evidence bundle: MODEL_DOCUMENTATION,IMPLEMENTED
+Testing & Validation,A.6.2.6,MEASURE 2.1-2.13,Art. 9.7,CRE 35,§8-9,OPA lifecycle.model.validation-*,IMPLEMENTED
+Monitoring,A.8.4,MEASURE 3.1-3.3,Art. 9.9,CRE 36,§10,All 12 Kafka topics + Sentinel rules,IMPLEMENTED
+Record Keeping,A.6.2.3,GOVERN 5.1,Art. 12,CRE 35,§7,WORM S3 + hash chain + 10yr retention,IMPLEMENTED
+Transparency,A.6.2.4,GOVERN 4.2,Art. 13,—,—,Evidence bundles + auditor portal,IMPLEMENTED
+Human Oversight,A.8.3,GOVERN 1.4,Art. 14,—,§4,ai.governance.decisions: ESCALATE events,IMPLEMENTED
+Incident Response,A.8.5,RESPOND 1.1-1.4,Art. 62,—,—,ai.killswitch.events + incident bundles,IMPLEMENTED
+Bias Monitoring,A.8.4,MEASURE 2.6-2.11,Art. 10.2f,—,FCRA/ECOA,OPA fairness.disparateImpact.*,IMPLEMENTED
+Access Control,A.6.1.3,GOVERN 6.1,Art. 9.4b,CRE 30,§3,Kafka ACL layer + OPA authorizer,IMPLEMENTED
diff --git a/artifacts/data/kafka-governance-timeline.csv b/artifacts/data/kafka-governance-timeline.csv
@@ -0,0 +1,17 @@
+Phase,Week,Deliverable,Owner,Exit_Criteria,Status
+Foundation,1-2,Kafka cluster deployment (5-broker 3-AZ),Platform Eng.,Cluster healthy - mTLS enabled,PLANNED
+Foundation,1-2,SPIFFE/SPIRE deployment,Security Eng.,SVIDs issuing for all services,PLANNED
+Foundation,2-3,Core topic creation (12 topics) + ACL enforcement,Platform Eng.,All topics created - ACLs applied,PLANNED
+Foundation,3-4,Schema Registry + core schemas,Platform Eng.,Schemas registered - compatibility enforced,PLANNED
+Foundation,3-4,WORM S3 bucket provisioned,Cloud Eng.,COMPLIANCE mode verified,PLANNED
+Compliance Engine,5-6,OPA Kafka Authorizer deployed,Platform Eng.,Authorizer active on all brokers,PLANNED
+Compliance Engine,5-6,OPA policy bundle Phase 1 (180 rules),AI Governance,180 rules active - P99 < 5ms,PLANNED
+Compliance Engine,6-7,Compliance Engine deployed,Platform Eng.,Consuming all 12 topics,PLANNED
+Compliance Engine,7-8,Evidence bundle generator operational,Compliance Eng.,First SR 11-7 bundle generated,PLANNED
+Compliance Engine,7-8,Verification CLI v1.0,DevTools,CLI verifies bundles - hash chains,PLANNED
+Auditor Readiness,9-10,OPA policy bundle Phase 2 (312 rules),AI Governance,All 312 rules across 11 groups,PLANNED
+Auditor Readiness,9-10,Auditor portal v1.0,Compliance Eng.,Self-service evidence retrieval,PLANNED
+Auditor Readiness,10-11,Terraform IaC complete (8 modules),Platform Eng.,All infra managed via Terraform,PLANNED
+Auditor Readiness,11-12,CI/CD governance gates (5 gates),DevOps,All 5 gates active,PLANNED
+Auditor Readiness,12,Drift detection operational,SRE,Hourly drift alerts - PagerDuty,PLANNED
+Auditor Readiness,12,Internal audit dry-run (ISO 42001),Compliance,Dry run complete - findings remediated,PLANNED
diff --git a/artifacts/data/rollout-30-60-90.csv b/artifacts/data/rollout-30-60-90.csv
@@ -0,0 +1,13 @@
+phase,week,day_range,activities,deliverables,owner,dependencies,success_criteria
+Days 1-30,W1,1-7,"AI system inventory audit, stakeholder mapping","Complete inventory, RACI draft",CAIO,None,"100% systems inventoried, RACI approved"
+Days 1-30,W2,8-14,"Risk classification of all AI systems, OPA pilot (25 rules)","Risk register v1, OPA running",VP AI Gov,W1 inventory,"All systems classified, OPA health OK"
+Days 1-30,W3,15-21,"Board AI Sub-committee charter, CAIO role formalization","Charter approved, CAIO onboarded",CEO,W1 stakeholder map,"Charter signed, CAIO authority defined"
+Days 1-30,W4,22-30,"MVAGS deployment, basic monitoring, incident playbook v1","MVAGS operational, dashboards live",CTO,"W2 OPA, W3 charter","MVAGS responding, 3 dashboards live"
+Days 31-60,W5,31-37,"OPA expansion (100+ rules), Sentinel pilot (200 rules)",Expanded policy coverage,VP AI Gov,W4 MVAGS,"100+ OPA rules active, Sentinel evaluating"
+Days 31-60,W6,38-44,"Data governance framework, PII detection deployment","Data quality gates, PII scanner",CDO,W5 OPA expansion,"Quality gate active, PII detection > 99%"
+Days 31-60,W7,45-51,"CI/CD governance gates (G1-G5), model registry launch","Pipeline gates active, registry operational",CTO,"W5 Sentinel, W6 data gov","5 gates blocking, registry has 100% models"
+Days 31-60,W8,52-60,"SR 11-7 compliance review, fair lending testing","SR 11-7 gap analysis, DI test results",CRO,W7 model registry,"Gap analysis complete, DI >= 0.80 all classes"
+Days 61-90,W9,61-67,"Full OPA deployment (336 rules), Sentinel production",Full policy enforcement,VP AI Gov,W8 compliance review,"336 rules active, Sentinel 1024 rules"
+Days 61-90,W10,68-74,EU AI Act conformity assessment preparation,Conformity documentation,GC,W9 full OPA,"Documentation complete for 14/22 systems"
+Days 61-90,W11,75-81,"ISO 42001 Phase 1-2 completion, crisis simulation SIM-01","AIMS scope documented, simulation report",VP AI Gov,"W9 full Sentinel, W10 conformity","Phases 1-2 complete, simulation report filed"
+Days 61-90,W12,82-90,"EARL assessment, board reporting, Phase 1 review","EARL score, board presentation, lessons learned",CAIO,W11 all milestones,"EARL-3 confirmed, board presentation delivered"
diff --git a/artifacts/policies/agent_governance_depths.rego b/artifacts/policies/agent_governance_depths.rego
@@ -0,0 +1,132 @@
+# Autonomous Agent Governance — DEPTHS Classification Policy
+# GAF-GSIFI-WP-017, Domain 6/7 — AGI Safety & Master Blueprint
+# Policy Group: PG-07 (Autonomous Agent)
+# Regulatory alignment: EU AI Act Art. 6-9 (high-risk), NIST AI RMF GOVERN/MANAGE
+#
+# Enforces the DEPTHS (Deployment Evaluation Protocol for Trustworthy Hybrid Systems)
+# classification and corresponding governance controls for autonomous AI agents.
+# Levels L0 (Tool) through L5 (Self-multiplying) have escalating requirements.
+
+package agent_governance.depths
+
+import rego.v1
+
+# DEPTHS Classification Levels
+depths_levels := {
+    "L0": {"name": "Tool", "max_autonomy": "none", "requires_kill_switch": false, "requires_board_approval": false, "requires_behavioral_sidecar": false, "requires_gascf": false},
+    "L1": {"name": "Assistant", "max_autonomy": "suggestion", "requires_kill_switch": true, "requires_board_approval": false, "requires_behavioral_sidecar": false, "requires_gascf": false},
+    "L2": {"name": "Executor", "max_autonomy": "approved_actions", "requires_kill_switch": true, "requires_board_approval": false, "requires_behavioral_sidecar": false, "requires_gascf": false},
+    "L3": {"name": "Collaborator", "max_autonomy": "independent_in_scope", "requires_kill_switch": true, "requires_board_approval": false, "requires_behavioral_sidecar": true, "requires_gascf": false},
+    "L4": {"name": "Depths-class", "max_autonomy": "self_directed_in_domain", "requires_kill_switch": true, "requires_board_approval": true, "requires_behavioral_sidecar": true, "requires_gascf": true},
+    "L5": {"name": "Self-multiplying", "max_autonomy": "spawn_sub_agents", "requires_kill_switch": true, "requires_board_approval": true, "requires_behavioral_sidecar": true, "requires_gascf": true}
+}
+
+# CARDINAL INVARIANT: Self-multiplying agents MUST NEVER have write access to Tier 0
+deny contains msg if {
+    input.agent.depth_level == "L5"
+    some access in input.agent.system_access
+    access.tier == 0
+    access.permission == "write"
+    msg := sprintf(
+        "CARDINAL INVARIANT VIOLATION: Agent '%s' (L5 Self-multiplying) has write access to Tier 0 system '%s'. Self-multiplying agents shall NEVER receive write access to identity systems, kill-switch mechanisms, or governance policy engines.",
+        [input.agent.agent_id, access.system_name]
+    )
+}
+
+# DENY: L4+ agent without board approval
+deny contains msg if {
+    level := input.agent.depth_level
+    depths_levels[level].requires_board_approval
+    not input.agent.board_approval_granted
+    msg := sprintf(
+        "GOVERNANCE VIOLATION: Agent '%s' (DEPTHS %s/%s) requires Board AI Sub-committee approval before deployment. No approval on record.",
+        [input.agent.agent_id, level, depths_levels[level].name]
+    )
+}
+
+# DENY: Agent without kill-switch when required
+deny contains msg if {
+    level := input.agent.depth_level
+    depths_levels[level].requires_kill_switch
+    not input.agent.kill_switch_enabled
+    msg := sprintf(
+        "SAFETY VIOLATION: Agent '%s' (DEPTHS %s) requires kill-switch capability. Kill-switch not enabled. Required latency: 50-280ms.",
+        [input.agent.agent_id, level]
+    )
+}
+
+# DENY: L3+ agent without behavioral sidecar
+deny contains msg if {
+    level := input.agent.depth_level
+    depths_levels[level].requires_behavioral_sidecar
+    not input.agent.behavioral_sidecar_active
+    msg := sprintf(
+        "GOVERNANCE VIOLATION: Agent '%s' (DEPTHS %s) requires behavioral sidecar monitoring via EAIP. Sidecar not active.",
+        [input.agent.agent_id, level]
+    )
+}
+
+# DENY: L4+ agent without GASCF certification
+deny contains msg if {
+    level := input.agent.depth_level
+    depths_levels[level].requires_gascf
+    not input.agent.gascf_certified
+    msg := sprintf(
+        "CERTIFICATION VIOLATION: Agent '%s' (DEPTHS %s) requires GASCF certification (Level 3+) before deployment.",
+        [input.agent.agent_id, level]
+    )
+}
+
+# DENY: Kill-switch latency exceeds maximum
+deny contains msg if {
+    input.agent.kill_switch_enabled
+    input.agent.kill_switch_latency_ms > 280
+    msg := sprintf(
+        "SAFETY VIOLATION: Agent '%s' kill-switch latency %dms exceeds maximum 280ms. Kill-switch must respond within 50-280ms per governance policy.",
+        [input.agent.agent_id, input.agent.kill_switch_latency_ms]
+    )
+}
+
+# DENY: Agent scope exceeds classification level
+deny contains msg if {
+    level := input.agent.depth_level
+    level_idx := level_to_index(level)
+    behavior_idx := autonomy_to_index(input.agent.observed_autonomy)
+    behavior_idx > level_idx
+    msg := sprintf(
+        "SCOPE VIOLATION: Agent '%s' (DEPTHS %s) exhibiting autonomy level '%s' which exceeds its classification. Escalate to VP AI Safety.",
+        [input.agent.agent_id, level, input.agent.observed_autonomy]
+    )
+}
+
+# WARN: Agent approaching scope boundary
+warn contains msg if {
+    input.agent.scope_utilization_pct > 85
+    msg := sprintf(
+        "SCOPE WARNING: Agent '%s' scope utilization at %d%%. Consider preemptive scope review.",
+        [input.agent.agent_id, input.agent.scope_utilization_pct]
+    )
+}
+
+# DENY: No audit trail for L2+ agents
+deny contains msg if {
+    level := input.agent.depth_level
+    level_to_index(level) >= 2
+    not input.agent.audit_trail_active
+    msg := sprintf(
+        "AUDIT VIOLATION: Agent '%s' (DEPTHS %s) requires complete audit trail logging. Audit trail not active.",
+        [input.agent.agent_id, level]
+    )
+}
+
+# Helper: Map DEPTHS level to numeric index
+level_to_index(level) := idx if {
+    mapping := {"L0": 0, "L1": 1, "L2": 2, "L3": 3, "L4": 4, "L5": 5}
+    idx := mapping[level]
+}
+
+# Helper: Map observed autonomy to numeric index
+autonomy_to_index(autonomy) := idx if {
+    mapping := {"none": 0, "suggestion": 1, "approved_actions": 2, "independent_in_scope": 3, "self_directed_in_domain": 4, "spawn_sub_agents": 5}
+    idx := mapping[autonomy]
+}