diff --git a/rag-agentic-dashboard/public/master-reference.html b/rag-agentic-dashboard/public/master-reference.html
index 14f8032..a437b7c 100644
--- a/rag-agentic-dashboard/public/master-reference.html
+++ b/rag-agentic-dashboard/public/master-reference.html
@@ -5,54 +5,99 @@
 <title>MREF-GSIFI-WP-023 — Institutional-Grade AGI/ASI Governance Master Reference 2026-2030</title>
 <style>
 *{margin:0;padding:0;box-sizing:border-box}
-body{font-family:'Segoe UI',system-ui,-apple-system,sans-serif;background:#0a0e1a;color:#e0e4f0;line-height:1.6}
-.header{background:linear-gradient(135deg,#0d1321 0%,#1b2838 50%,#0f172a 100%);border-bottom:2px solid #3b82f6;padding:24px 32px}
-.header h1{font-size:1.5em;color:#60a5fa;font-weight:700}
-.header .meta{color:#94a3b8;font-size:0.85em;margin-top:6px}
-.header .doc-ref{color:#fbbf24;font-weight:600}
-.nav{display:flex;gap:6px;padding:12px 32px;background:#111827;border-bottom:1px solid #1e293b;flex-wrap:wrap}
-.nav a{padding:6px 14px;border-radius:6px;color:#94a3b8;text-decoration:none;font-size:0.8em;cursor:pointer;transition:all 0.2s}
-.nav a:hover,.nav a.active{background:#1e3a5f;color:#60a5fa}
-.container{max-width:1400px;margin:0 auto;padding:24px 32px}
-.section{display:none;animation:fadeIn 0.3s ease-in}
+:root{--bg:#0a0e1a;--surface:#111827;--border:#1e293b;--blue:#60a5fa;--green:#34d399;--gold:#fbbf24;--red:#f87171;--purple:#a78bfa;--text:#e0e4f0;--muted:#94a3b8;--dim:#64748b}
+body{font-family:'Segoe UI',system-ui,-apple-system,sans-serif;background:var(--bg);color:var(--text);line-height:1.6;min-height:100vh}
+.header{background:linear-gradient(135deg,#0d1321 0%,#1b2838 40%,#162032 70%,#0f172a 100%);border-bottom:2px solid var(--blue);padding:20px 32px;position:relative;overflow:hidden}
+.header::before{content:'';position:absolute;top:0;left:0;right:0;bottom:0;background:radial-gradient(ellipse at 70% 50%,rgba(59,130,246,0.08) 0%,transparent 60%);pointer-events:none}
+.header h1{font-size:1.6em;color:var(--blue);font-weight:800;letter-spacing:-0.02em;position:relative}
+.header .meta{color:var(--muted);font-size:0.82em;margin-top:6px;position:relative}
+.header .doc-ref{color:var(--gold);font-weight:700}
+.header .live-badge{display:inline-block;background:#064e3b;color:var(--green);font-size:0.72em;padding:2px 10px;border-radius:10px;margin-left:12px;font-weight:600;animation:pulse 2s infinite}
+@keyframes pulse{0%,100%{opacity:1}50%{opacity:0.6}}
+.status-bar{background:#0d1321;border-bottom:1px solid var(--border);padding:6px 32px;display:flex;gap:24px;font-size:0.75em;color:var(--dim);align-items:center}
+.status-bar .dot{width:6px;height:6px;border-radius:50%;display:inline-block;margin-right:4px}
+.status-bar .dot-green{background:var(--green)}
+.status-bar .dot-gold{background:var(--gold)}
+.nav{display:flex;gap:4px;padding:10px 32px;background:var(--surface);border-bottom:1px solid var(--border);flex-wrap:wrap;position:sticky;top:0;z-index:100}
+.nav a{padding:7px 16px;border-radius:8px;color:var(--muted);text-decoration:none;font-size:0.78em;cursor:pointer;transition:all 0.2s;font-weight:500;border:1px solid transparent}
+.nav a:hover{background:rgba(59,130,246,0.1);color:var(--blue);border-color:rgba(59,130,246,0.2)}
+.nav a.active{background:#1e3a5f;color:var(--blue);border-color:rgba(59,130,246,0.4);font-weight:600}
+.container{max-width:1440px;margin:0 auto;padding:24px 32px}
+.section{display:none;animation:fadeIn 0.4s ease-out}
 .section.active{display:block}
-@keyframes fadeIn{from{opacity:0}to{opacity:1}}
-.kpi-grid{display:grid;grid-template-columns:repeat(auto-fill,minmax(200px,1fr));gap:16px;margin:20px 0}
-.kpi{background:#111827;border:1px solid #1e293b;border-radius:10px;padding:16px;text-align:center}
-.kpi .value{font-size:1.8em;font-weight:700;color:#60a5fa}
-.kpi .label{font-size:0.78em;color:#94a3b8;margin-top:4px}
-.kpi.green .value{color:#34d399}
-.kpi.gold .value{color:#fbbf24}
-.kpi.red .value{color:#f87171}
-.kpi.purple .value{color:#a78bfa}
-h2{color:#60a5fa;margin:24px 0 12px;font-size:1.3em;border-bottom:1px solid #1e293b;padding-bottom:8px}
-h3{color:#93c5fd;margin:16px 0 8px;font-size:1.1em}
-table{width:100%;border-collapse:collapse;margin:12px 0;font-size:0.85em}
-th{background:#1e293b;color:#93c5fd;padding:10px 12px;text-align:left;font-weight:600}
-td{padding:8px 12px;border-bottom:1px solid #1e293b;color:#cbd5e1}
-tr:hover{background:#111827}
-.badge{display:inline-block;padding:2px 10px;border-radius:12px;font-size:0.75em;font-weight:600}
-.badge-green{background:#064e3b;color:#34d399}
-.badge-blue{background:#1e3a5f;color:#60a5fa}
-.badge-gold{background:#78350f;color:#fbbf24}
-.badge-red{background:#7f1d1d;color:#f87171}
-.badge-purple{background:#4c1d95;color:#c4b5fd}
-.card{background:#111827;border:1px solid #1e293b;border-radius:10px;padding:18px;margin:12px 0}
-.card h4{color:#93c5fd;margin-bottom:8px;font-size:1em}
-.progress-bar{height:8px;background:#1e293b;border-radius:4px;overflow:hidden;margin:6px 0}
-.progress-bar .fill{height:100%;border-radius:4px;transition:width 0.6s}
+@keyframes fadeIn{from{opacity:0;transform:translateY(6px)}to{opacity:1;transform:translateY(0)}}
+.kpi-grid{display:grid;grid-template-columns:repeat(auto-fill,minmax(180px,1fr));gap:14px;margin:20px 0}
+.kpi{background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:16px;text-align:center;transition:transform 0.2s,border-color 0.2s}
+.kpi:hover{transform:translateY(-2px);border-color:rgba(96,165,250,0.3)}
+.kpi .value{font-size:1.7em;font-weight:800;color:var(--blue);letter-spacing:-0.02em}
+.kpi .label{font-size:0.72em;color:var(--muted);margin-top:3px;text-transform:uppercase;letter-spacing:0.05em;font-weight:500}
+.kpi .trend{font-size:0.68em;margin-top:4px}
+.kpi.green .value{color:var(--green)}.kpi.gold .value{color:var(--gold)}.kpi.red .value{color:var(--red)}.kpi.purple .value{color:var(--purple)}
+h2{color:var(--blue);margin:28px 0 14px;font-size:1.35em;border-bottom:1px solid var(--border);padding-bottom:8px;font-weight:700}
+h3{color:#93c5fd;margin:20px 0 10px;font-size:1.05em;font-weight:600}
+h4{color:#93c5fd;margin-bottom:8px;font-size:0.95em}
+table{width:100%;border-collapse:collapse;margin:12px 0;font-size:0.82em}
+thead{position:sticky;top:54px;z-index:10}
+th{background:#1a2332;color:#93c5fd;padding:10px 12px;text-align:left;font-weight:600;font-size:0.88em;border-bottom:2px solid var(--border)}
+td{padding:8px 12px;border-bottom:1px solid rgba(30,41,59,0.6);color:#cbd5e1}
+tr:hover td{background:rgba(30,41,59,0.4)}
+.badge{display:inline-block;padding:2px 10px;border-radius:12px;font-size:0.73em;font-weight:600;white-space:nowrap}
+.badge-green{background:#064e3b;color:var(--green)}.badge-blue{background:#1e3a5f;color:var(--blue)}.badge-gold{background:#78350f;color:var(--gold)}.badge-red{background:#7f1d1d;color:var(--red)}.badge-purple{background:#4c1d95;color:#c4b5fd}.badge-gray{background:#1e293b;color:var(--muted)}
+.card{background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:18px;margin:12px 0;transition:border-color 0.2s}
+.card:hover{border-color:rgba(96,165,250,0.2)}
+.progress-bar{height:8px;background:var(--border);border-radius:4px;overflow:hidden;margin:6px 0}
+.progress-bar .fill{height:100%;border-radius:4px;transition:width 0.8s ease-out}
 .col-2{display:grid;grid-template-columns:1fr 1fr;gap:16px}
 .col-3{display:grid;grid-template-columns:1fr 1fr 1fr;gap:16px}
-.status-active{color:#34d399}
-.status-draft{color:#fbbf24}
-.status-proposed{color:#94a3b8}
-@media(max-width:900px){.col-2,.col-3{grid-template-columns:1fr}.kpi-grid{grid-template-columns:repeat(2,1fr)}}
+.col-4{display:grid;grid-template-columns:1fr 1fr 1fr 1fr;gap:14px}
+.chart-container{background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:20px;margin:16px 0;min-height:200px;position:relative}
+.chart-title{font-size:0.88em;color:var(--muted);margin-bottom:12px;font-weight:600;text-transform:uppercase;letter-spacing:0.05em}
+.bar-chart{display:flex;align-items:flex-end;gap:8px;height:180px;padding-top:10px}
+.bar-col{flex:1;display:flex;flex-direction:column;align-items:center;gap:4px}
+.bar{border-radius:6px 6px 0 0;width:100%;min-width:20px;transition:height 0.8s ease-out;position:relative}
+.bar:hover{filter:brightness(1.2)}
+.bar-label{font-size:0.65em;color:var(--muted);text-align:center;word-break:break-word;line-height:1.2}
+.bar-value{font-size:0.7em;color:var(--text);font-weight:600}
+.radar-wrap{display:flex;justify-content:center;padding:10px}
+canvas{max-width:100%}
+.timeline{position:relative;padding-left:32px;margin:16px 0}
+.timeline::before{content:'';position:absolute;left:12px;top:0;bottom:0;width:2px;background:linear-gradient(180deg,var(--blue),var(--purple),var(--gold))}
+.tl-item{position:relative;margin-bottom:20px;padding-left:16px}
+.tl-item::before{content:'';position:absolute;left:-24px;top:6px;width:10px;height:10px;border-radius:50%;border:2px solid var(--blue);background:var(--bg)}
+.tl-item.active::before{background:var(--blue)}
+.tl-item h5{color:var(--blue);font-size:0.9em;margin-bottom:2px}
+.tl-item p{color:var(--muted);font-size:0.82em}
+.raci{font-size:0.75em}
+.raci td,.raci th{text-align:center;padding:6px 8px}
+.raci .R{color:var(--red);font-weight:700}.raci .A{color:var(--gold);font-weight:700}.raci .C{color:var(--blue);font-weight:700}.raci .I{color:var(--muted);font-weight:600}
+.heatmap{display:grid;gap:2px;margin:12px 0}
+.hm-cell{padding:6px 8px;text-align:center;border-radius:4px;font-size:0.72em;font-weight:600}
+.accordion{margin:10px 0}
+.acc-header{background:#1a2332;padding:10px 14px;border-radius:8px;cursor:pointer;display:flex;justify-content:space-between;align-items:center;font-size:0.88em;color:var(--blue);font-weight:600;margin-bottom:4px;transition:background 0.2s}
+.acc-header:hover{background:#1e3a5f}
+.acc-header .arrow{transition:transform 0.2s}
+.acc-header.open .arrow{transform:rotate(90deg)}
+.acc-body{display:none;padding:12px 14px;background:rgba(17,24,39,0.5);border-radius:0 0 8px 8px;margin-top:-4px;margin-bottom:8px}
+.acc-body.open{display:block}
+.split{display:flex;gap:20px}
+.split>*{flex:1}
+.tag{display:inline-block;padding:1px 8px;border-radius:8px;font-size:0.68em;background:rgba(59,130,246,0.15);color:var(--blue);margin:1px 2px}
+.watermark{position:fixed;bottom:12px;right:16px;font-size:0.65em;color:rgba(100,116,139,0.3);font-weight:700;letter-spacing:0.1em;pointer-events:none;z-index:0}
+@media(max-width:900px){.col-2,.col-3,.col-4{grid-template-columns:1fr}.kpi-grid{grid-template-columns:repeat(2,1fr)}.split{flex-direction:column}.nav{gap:2px}.nav a{padding:5px 10px;font-size:0.72em}}
+@media print{body{background:#fff;color:#000}.header{background:#fff;border-color:#000}.nav{display:none}.kpi .value{color:#000}.section{display:block!important;page-break-inside:avoid}}
 </style>
 </head>
 <body>
 <div class="header">
-  <h1>Institutional-Grade AGI/ASI Governance Master Reference 2026-2030</h1>
-  <div class="meta"><span class="doc-ref">MREF-GSIFI-WP-023 v1.0.0</span> | 2026-04-07 | CONFIDENTIAL — Board / C-Suite / Regulators | Fortune 500 · Global 2000 · G-SIFIs</div>
+  <h1>Institutional-Grade AGI/ASI Governance Master Reference 2026-2030<span class="live-badge">LIVE</span></h1>
+  <div class="meta"><span class="doc-ref">MREF-GSIFI-WP-023 v1.0.0</span> | 2026-04-08 | CONFIDENTIAL — Board / C-Suite / Regulators / Enterprise Architecture | Fortune 500 · Global 2000 · 30 G-SIFIs</div>
+</div>
+<div class="status-bar">
+  <span><span class="dot dot-green"></span>Sentinel v2.4 Online</span>
+  <span><span class="dot dot-green"></span>EAIP 10,400 RPC/s</span>
+  <span><span class="dot dot-green"></span>Kafka 45K evt/s</span>
+  <span><span class="dot dot-green"></span>Policy Engine 4.2ms P99</span>
+  <span id="clock" style="margin-left:auto;color:var(--blue)"></span>
 </div>
 <div class="nav" id="nav">
   <a onclick="show('exec')" class="active">Executive Summary</a>
@@ -65,6 +110,7 @@ <h1>Institutional-Grade AGI/ASI Governance Master Reference 2026-2030</h1>
   <a onclick="show('blueprint')">Master Blueprint</a>
   <a onclick="show('implementation')">Implementation</a>
   <a onclick="show('appendices')">Appendices</a>
+  <a onclick="show('api')">API Explorer</a>
 </div>
 <div class="container">
 
@@ -73,217 +119,641 @@ <h1>Institutional-Grade AGI/ASI Governance Master Reference 2026-2030</h1>
   <h2>Executive Summary</h2>
   <div id="exec-context" class="card"></div>
   <div class="kpi-grid" id="exec-kpis"></div>
-  <h3>Investment Summary</h3>
+  <h3>Investment & ROI Summary</h3>
   <div class="kpi-grid" id="exec-investment"></div>
+  <div class="col-2" style="margin-top:20px">
+    <div class="chart-container"><div class="chart-title">Regulatory Compliance Scores by Framework</div><div class="bar-chart" id="chart-compliance"></div></div>
+    <div class="chart-container"><div class="chart-title">Investment Allocation (5-Year)</div><div class="bar-chart" id="chart-invest"></div></div>
+  </div>
+  <h3>Strategic KPI Trajectory (2024-2030)</h3>
+  <div class="chart-container"><div class="chart-title">Governance Maturity Progression</div><div id="trajectory-table"></div></div>
+  <h3>Document Hierarchy</h3>
+  <div class="card" id="doc-hierarchy"></div>
 </div>
 
 <!-- REGULATORY COMPLIANCE -->
 <div class="section" id="sec-regulatory">
-  <h2>Regulatory Compliance Architecture — 8 Framework Integration</h2>
+  <h2>Regulatory Compliance Architecture — 8 Framework Integration Across 4 Jurisdictions</h2>
+  <div class="kpi-grid" id="reg-summary-kpis"></div>
   <div class="kpi-grid" id="reg-scores"></div>
-  <h3>Framework Details</h3>
-  <table id="reg-table"><thead><tr><th>Framework</th><th>Jurisdiction</th><th>OPA Rules</th><th>Sentinel Rules</th><th>Compliance %</th><th>Status</th></tr></thead><tbody></tbody></table>
-  <h3>Cross-Framework Overlap Matrix</h3>
+  <h3>Framework Detail Matrix</h3>
+  <table id="reg-table"><thead><tr><th>Framework</th><th>Jurisdiction</th><th>OPA Rules</th><th>Sentinel Rules</th><th>Compliance</th><th>Trend</th><th>Status</th></tr></thead><tbody></tbody></table>
+  <h3>Cross-Framework Overlap & Coverage Matrix</h3>
   <table id="overlap-table"><thead><tr><th>Framework Pair</th><th>Overlaps</th><th>Unique Left</th><th>Unique Right</th><th>Coverage</th></tr></thead><tbody></tbody></table>
-  <h3>Gap Analysis</h3>
+  <h3>Compliance Gap Analysis</h3>
   <div class="kpi-grid" id="gap-kpis"></div>
-  <table id="gap-table"><thead><tr><th>ID</th><th>Description</th><th>Frameworks</th><th>Remediation</th><th>Timeline</th><th>Owner</th></tr></thead><tbody></tbody></table>
+  <table id="gap-table"><thead><tr><th>ID</th><th>Severity</th><th>Description</th><th>Frameworks</th><th>Remediation</th><th>Timeline</th><th>Effort</th><th>Owner</th></tr></thead><tbody></tbody></table>
 </div>
 
 <!-- GOVERNANCE STRUCTURE -->
 <div class="section" id="sec-governance">
-  <h2>Multilayered AI Governance Structure — 8 Pillars</h2>
+  <h2>Multilayered AI Governance Architecture — 8 Pillars, 6 Layers</h2>
+  <div class="kpi-grid" id="gov-kpis"></div>
+  <h3>Governance Pillars</h3>
   <div id="pillars-grid"></div>
-  <h3>Decision Hierarchy</h3>
-  <table id="hierarchy-table"><thead><tr><th>Level</th><th>Authority</th><th>Cadence</th><th>Escalation Trigger</th></tr></thead><tbody></tbody></table>
-  <h3>AGI Incident Escalation Phases</h3>
-  <table id="escalation-table"><thead><tr><th>Phase</th><th>SLA</th><th>Actions</th><th>Responsible</th></tr></thead><tbody></tbody></table>
-  <h3>Severity Levels</h3>
-  <table id="severity-table"><thead><tr><th>Level</th><th>Name</th><th>Description</th><th>Response</th><th>Example</th></tr></thead><tbody></tbody></table>
+  <h3>Decision Hierarchy — 4 Authority Levels</h3>
+  <table id="hierarchy-table"><thead><tr><th>Level</th><th>Authority</th><th>Members</th><th>Cadence</th><th>Escalation Trigger</th><th>SLA</th></tr></thead><tbody></tbody></table>
+  <h3>RACI Matrix — Key Governance Activities</h3>
+  <div id="raci-container"></div>
+  <h3>AGI Incident Escalation Framework — 6 Phases</h3>
+  <table id="escalation-table"><thead><tr><th>Phase</th><th>SLA</th><th>Actions</th><th>Responsible</th><th>Notification</th></tr></thead><tbody></tbody></table>
+  <h3>Severity Classification — 5 Levels</h3>
+  <table id="severity-table"><thead><tr><th>Level</th><th>Name</th><th>Criteria</th><th>Response SLA</th><th>Authority</th><th>Example</th></tr></thead><tbody></tbody></table>
 </div>
 
 <!-- TECHNICAL IMPLEMENTATION -->
 <div class="section" id="sec-technical">
-  <h2>Technical Implementation — Reference Architecture & Trust Stack</h2>
-  <h3>Enterprise AI Governance Architecture v3.0</h3>
-  <table id="arch-table"><thead><tr><th>Layer</th><th>Components</th><th>Technology</th><th>Governance</th></tr></thead><tbody></tbody></table>
+  <h2>Technical Implementation — Enterprise AI Governance Architecture v3.0</h2>
+  <div class="kpi-grid" id="tech-kpis"></div>
+  <h3>6-Layer Reference Architecture</h3>
+  <table id="arch-table"><thead><tr><th>Layer</th><th>Components</th><th>Technology Stack</th><th>Governance Controls</th></tr></thead><tbody></tbody></table>
   <h3>Enterprise Trust & Compliance Stack v2.0</h3>
-  <table id="trust-table"><thead><tr><th>Layer</th><th>Components</th><th>Standard</th></tr></thead><tbody></tbody></table>
-  <h3>Kafka ACL Governance — 12 Topics</h3>
-  <table id="kafka-table"><thead><tr><th>Topic</th><th>Partitions</th><th>Retention</th><th>ACL</th></tr></thead><tbody></tbody></table>
-  <h3>Terraform IaC — 8 Modules, 144 Resources</h3>
+  <table id="trust-table"><thead><tr><th>Layer</th><th>Components</th><th>Standard Alignment</th></tr></thead><tbody></tbody></table>
+  <div class="col-2" style="margin-top:20px">
+    <div>
+      <h3>Kafka ACL Governance — 12 Topics, 312 ACL Rules</h3>
+      <table id="kafka-table"><thead><tr><th>Topic</th><th>Partitions</th><th>Retention</th><th>ACL Controls</th></tr></thead><tbody></tbody></table>
+    </div>
+    <div>
+      <h3>WORM Evidence Storage</h3>
+      <div class="card" id="worm-card"></div>
+      <h3>Policy Engine Performance</h3>
+      <div class="card" id="policy-perf-card"></div>
+    </div>
+  </div>
+  <h3>Terraform IaC Governance — 8 Modules, 144 Resources</h3>
   <div class="col-2">
-    <div><table id="tf-modules"><thead><tr><th>Module</th><th>Resources</th><th>Description</th></tr></thead><tbody></tbody></table></div>
-    <div><table id="tf-gates"><thead><tr><th>Gate</th><th>Tool</th><th>Blocks On</th></tr></thead><tbody></tbody></table></div>
+    <table id="tf-modules"><thead><tr><th>Module</th><th>Resources</th><th>Description</th><th>Drift Check</th></tr></thead><tbody></tbody></table>
+    <table id="tf-gates"><thead><tr><th>Gate</th><th>Tool</th><th>Blocks On</th><th>Status</th></tr></thead><tbody></tbody></table>
   </div>
-  <h3>Auditor Workflows</h3>
-  <table id="auditor-table"><thead><tr><th>Mode</th><th>Description</th><th>SLA</th><th>Tools</th></tr></thead><tbody></tbody></table>
+  <h3>Auditor Workflow Modes — Evidence Bundle Generation</h3>
+  <table id="auditor-table"><thead><tr><th>Mode</th><th>Description</th><th>SLA</th><th>Evidence Types</th><th>Regulator Standards</th></tr></thead><tbody></tbody></table>
 </div>
 
 <!-- FINANCIAL SERVICES -->
 <div class="section" id="sec-financial">
   <h2>Financial Services AI Governance — G-SIFI Model Risk Management</h2>
   <div class="kpi-grid" id="fs-kpis"></div>
-  <h3>Model Inventory by Category</h3>
-  <table id="model-table"><thead><tr><th>Category</th><th>Models</th><th>Tier</th><th>SR 11-7</th><th>Key Metric</th></tr></thead><tbody></tbody></table>
-  <h3>SR 11-7 Validation Stages</h3>
-  <table id="sr117-table"><thead><tr><th>Stage</th><th>Activities</th><th>Owner</th><th>Timeline</th><th>Artifacts</th></tr></thead><tbody></tbody></table>
-  <h3>Fair Lending Controls</h3>
-  <div id="fair-lending-card" class="card"></div>
-  <h3>EARL Maturity Model</h3>
-  <div id="earl-card" class="card"></div>
+  <h3>Model Inventory by Category — 847 Models (312 Production)</h3>
+  <table id="model-table"><thead><tr><th>Category</th><th>Models</th><th>Production</th><th>Risk Tier</th><th>SR 11-7 Section</th><th>Key Performance</th><th>Last Validated</th></tr></thead><tbody></tbody></table>
+  <div class="col-2" style="margin-top:16px">
+    <div>
+      <h3>SR 11-7 Validation Pipeline — 6 Stages</h3>
+      <table id="sr117-table"><thead><tr><th>Stage</th><th>Activities</th><th>Owner</th><th>Timeline</th><th>Artifacts</th></tr></thead><tbody></tbody></table>
+    </div>
+    <div>
+      <h3>Fair Lending Compliance (FCRA/ECOA)</h3>
+      <div id="fair-lending-card" class="card"></div>
+      <h3>EARL Maturity Assessment</h3>
+      <div id="earl-card" class="card"></div>
+    </div>
+  </div>
 </div>
 
 <!-- AGI SAFETY -->
 <div class="section" id="sec-safety">
-  <h2>Frontier AGI Safety — Trust-by-Design & Containment</h2>
-  <h3>Trust-by-Design Principles</h3>
-  <table id="tbd-table"><thead><tr><th>ID</th><th>Principle</th><th>Implementation</th><th>Status</th></tr></thead><tbody></tbody></table>
-  <h3>AGI Alignment Verification Protocol (AAVP)</h3>
+  <h2>Frontier AGI Safety — Trust-by-Design, Alignment Verification & Containment</h2>
+  <div class="kpi-grid" id="safety-kpis"></div>
+  <h3>Trust-by-Design Principles — 8 Core Principles</h3>
+  <table id="tbd-table"><thead><tr><th>ID</th><th>Principle</th><th>Implementation Approach</th><th>Verification</th><th>Status</th></tr></thead><tbody></tbody></table>
+  <h3>AGI Alignment Verification Protocol (AAVP) — 2,847 Tests</h3>
   <div class="kpi-grid" id="align-kpis"></div>
-  <table id="align-table"><thead><tr><th>Category</th><th>Tests</th><th>Threshold</th><th>Score</th><th>Status</th></tr></thead><tbody></tbody></table>
-  <h3>Containment Architecture — 5 Layers</h3>
-  <table id="contain-table"><thead><tr><th>Layer</th><th>Description</th><th>Controls</th><th>Status</th></tr></thead><tbody></tbody></table>
-  <h3>AGI Readiness Levels (ARL)</h3>
-  <table id="arl-table"><thead><tr><th>Level</th><th>Name</th><th>Description</th><th>Milestone</th></tr></thead><tbody></tbody></table>
+  <div class="col-2">
+    <div>
+      <table id="align-table"><thead><tr><th>Category</th><th>Tests</th><th>Threshold</th><th>Current</th><th>Status</th></tr></thead><tbody></tbody></table>
+    </div>
+    <div class="chart-container"><div class="chart-title">Alignment Score Distribution</div><canvas id="radar-canvas" width="320" height="320"></canvas></div>
+  </div>
+  <h3>Containment Architecture — 5 Active Layers</h3>
+  <table id="contain-table"><thead><tr><th>Layer</th><th>Description</th><th>Controls</th><th>Last Test</th><th>Status</th></tr></thead><tbody></tbody></table>
+  <h3>AGI Readiness Levels (ARL-1 through ARL-7)</h3>
+  <div id="arl-timeline" class="timeline"></div>
 </div>
 
 <!-- GLOBAL GOVERNANCE -->
 <div class="section" id="sec-global">
-  <h2>Global Governance — ICGC, Compute Registry & Cross-Border Coordination</h2>
+  <h2>Global Governance — International Compute Governance & Cross-Border Coordination</h2>
+  <div class="kpi-grid" id="global-kpis"></div>
   <h3>International Compute Governance Consortium (ICGC) — 15 Components</h3>
-  <table id="icgc-table"><thead><tr><th>ID</th><th>Name</th><th>Function</th><th>Status</th><th>Timeline</th></tr></thead><tbody></tbody></table>
-  <h3>Global Compute Registry</h3>
-  <table id="gcr-table"><thead><tr><th>Category</th><th>Count</th><th>Threshold</th><th>Requirement</th></tr></thead><tbody></tbody></table>
+  <table id="icgc-table"><thead><tr><th>ID</th><th>Name</th><th>Function</th><th>Members</th><th>Status</th><th>Timeline</th></tr></thead><tbody></tbody></table>
+  <h3>Global Compute Registry (GCR)</h3>
+  <table id="gcr-table"><thead><tr><th>Category</th><th>Count</th><th>Threshold</th><th>Requirement</th><th>Compliance</th></tr></thead><tbody></tbody></table>
   <h3>Cross-Border Coordination Mechanisms</h3>
-  <table id="xborder-table"><thead><tr><th>Mechanism</th><th>Description</th><th>Status</th><th>Participants</th></tr></thead><tbody></tbody></table>
+  <table id="xborder-table"><thead><tr><th>Mechanism</th><th>Description</th><th>Status</th><th>Participants</th><th>SLA</th></tr></thead><tbody></tbody></table>
+  <h3>Jurisdiction Compliance Heatmap</h3>
+  <div id="jurisdiction-heatmap"></div>
 </div>
 
 <!-- MASTER BLUEPRINT -->
 <div class="section" id="sec-blueprint">
-  <h2>AGI Governance Master Blueprint — Enterprise · Frontier · Civilizational</h2>
+  <h2>AGI Governance Master Blueprint — Enterprise + Frontier + Civilizational Scale</h2>
+  <div class="kpi-grid" id="bp-kpis"></div>
+  <h3>Three-Scale Governance Architecture</h3>
   <div id="scales-grid" class="col-3"></div>
   <h3>Scalability Pathway</h3>
-  <table id="scale-table"><thead><tr><th>Level</th><th>Scope</th><th>Governance</th><th>Investment</th><th>Timeline</th></tr></thead><tbody></tbody></table>
-  <h3>Integration with Existing Frameworks</h3>
-  <table id="integration-table"><thead><tr><th>Framework</th><th>Integration</th><th>Touchpoints</th></tr></thead><tbody></tbody></table>
+  <table id="scale-table"><thead><tr><th>Level</th><th>Scope</th><th>Governance Model</th><th>Investment</th><th>Timeline</th><th>Milestone</th></tr></thead><tbody></tbody></table>
+  <h3>Framework Integration Matrix</h3>
+  <table id="integration-table"><thead><tr><th>Framework</th><th>Integration Approach</th><th>Touchpoints</th><th>Coverage</th></tr></thead><tbody></tbody></table>
 </div>
 
 <!-- IMPLEMENTATION -->
 <div class="section" id="sec-implementation">
-  <h2>Implementation Timelines, Risk Assessment & Cost-Benefit Analysis</h2>
+  <h2>Implementation Roadmap — Timelines, Risk Register & Financial Analysis</h2>
   <div class="kpi-grid" id="impl-kpis"></div>
   <h3>5-Phase Implementation Timeline (2026-2030)</h3>
-  <div id="phases-grid"></div>
-  <h3>Investment Breakdown</h3>
-  <table id="invest-table"><thead><tr><th>Category</th><th>5-Year Cost</th><th>NPV</th><th>IRR</th></tr></thead><tbody></tbody></table>
-  <h3>Annual Savings Breakdown</h3>
-  <table id="savings-table"><thead><tr><th>Category</th><th>Annual Saving</th><th>Description</th></tr></thead><tbody></tbody></table>
-  <h3>Top Risks</h3>
-  <table id="risk-table"><thead><tr><th>ID</th><th>Risk</th><th>Probability</th><th>Impact</th><th>Mitigation</th><th>Owner</th></tr></thead><tbody></tbody></table>
-  <h3>30/60/90-Day Rollout</h3>
+  <div id="phases-timeline" class="timeline"></div>
+  <div class="col-2" style="margin-top:20px">
+    <div>
+      <h3>Investment Breakdown by Category</h3>
+      <table id="invest-table"><thead><tr><th>Category</th><th>5-Year Cost</th><th>NPV</th><th>IRR</th><th>Payback</th></tr></thead><tbody></tbody></table>
+    </div>
+    <div>
+      <h3>Annual Savings Breakdown — $52.3M</h3>
+      <table id="savings-table"><thead><tr><th>Category</th><th>Annual Saving</th><th>Description</th></tr></thead><tbody></tbody></table>
+    </div>
+  </div>
+  <h3>Risk Register — Top Risks by Severity</h3>
+  <table id="risk-table"><thead><tr><th>ID</th><th>Risk</th><th>Probability</th><th>Impact</th><th>Severity</th><th>Mitigation</th><th>Owner</th></tr></thead><tbody></tbody></table>
+  <h3>30/60/90-Day Rapid Deployment Checklist</h3>
   <div id="rollout-grid" class="col-3"></div>
 </div>
 
 <!-- APPENDICES -->
 <div class="section" id="sec-appendices">
-  <h2>Appendices — Templates, Checklists & Reference Materials</h2>
-  <h3>Templates</h3>
-  <table id="tpl-table"><thead><tr><th>ID</th><th>Name</th><th>Format</th><th>Path</th></tr></thead><tbody></tbody></table>
-  <h3>Checklists</h3>
-  <table id="cl-table"><thead><tr><th>ID</th><th>Name</th><th>Items</th><th>Covers</th></tr></thead><tbody></tbody></table>
-  <h3>Reference Materials</h3>
-  <table id="ref-table"><thead><tr><th>Ref</th><th>Title</th><th>Path</th></tr></thead><tbody></tbody></table>
+  <h2>Appendices — Templates, Checklists, OPA Policies & Reference Materials</h2>
+  <h3>Templates (10)</h3>
+  <table id="tpl-table"><thead><tr><th>ID</th><th>Name</th><th>Format</th><th>Artifact Path</th><th>Standard</th></tr></thead><tbody></tbody></table>
+  <h3>Regulator-Ready Checklists (5)</h3>
+  <table id="cl-table"><thead><tr><th>ID</th><th>Name</th><th>Items</th><th>Regulatory Coverage</th></tr></thead><tbody></tbody></table>
+  <h3>OPA Policy Catalog — 14 Rego Policy Files</h3>
+  <div id="opa-catalog"></div>
+  <h3>Companion Document Registry — 22 Whitepapers</h3>
+  <table id="ref-table"><thead><tr><th>Ref</th><th>Title</th><th>Version</th><th>Status</th></tr></thead><tbody></tbody></table>
+</div>
+
+<!-- API EXPLORER -->
+<div class="section" id="sec-api">
+  <h2>API Explorer — 81 Master Reference Endpoints</h2>
+  <div class="kpi-grid" id="api-kpis"></div>
+  <h3>Endpoint Catalog by Domain</h3>
+  <div id="api-catalog"></div>
 </div>
 
 </div>
+<div class="watermark">MREF-GSIFI-WP-023 CONFIDENTIAL</div>
+
 <script>
-const API = '/api/master-ref';
-function show(id){document.querySelectorAll('.section').forEach(s=>s.classList.remove('active'));document.getElementById('sec-'+id).classList.add('active');document.querySelectorAll('.nav a').forEach(a=>a.classList.remove('active'));event.target.classList.add('active');}
-function pct(v){return`<div class="progress-bar"><div class="fill" style="width:${v}%;background:${v>=90?'#34d399':v>=80?'#fbbf24':'#f87171'}"></div></div>`;}
-function badge(t,c){return`<span class="badge badge-${c}">${t}</span>`;}
+const API='/api/master-ref';
+let ws;
+
+// Clock
+setInterval(()=>{const d=new Date();document.getElementById('clock').textContent=d.toISOString().slice(0,19).replace('T',' ')+' UTC';},1000);
+
+// Navigation
+function show(id){
+  document.querySelectorAll('.section').forEach(s=>s.classList.remove('active'));
+  document.getElementById('sec-'+id).classList.add('active');
+  document.querySelectorAll('.nav a').forEach(a=>a.classList.remove('active'));
+  event.target.classList.add('active');
+  window.scrollTo({top:0,behavior:'smooth'});
+}
+
+// Helpers
+function pct(v){return`<div class="progress-bar"><div class="fill" style="width:${Math.min(v,100)}%;background:${v>=90?'var(--green)':v>=80?'var(--gold)':'var(--red)'}"></div></div>`;}
+function badge(t,c){return`<span class="badge badge-${c||'blue'}">${t}</span>`;}
+function trend(v,good){const up=v>0;const c=(up===good)?'var(--green)':'var(--red)';return`<span style="color:${c};font-size:0.78em">${up?'+':''}${v}%</span>`;}
+function barChart(el,data,maxH=160){
+  const max=Math.max(...data.map(d=>d.value));
+  el.innerHTML=data.map(d=>{
+    const h=Math.max(8,d.value/max*maxH);
+    const c=d.color||'var(--blue)';
+    return`<div class="bar-col"><div class="bar-value">${d.display||d.value}</div><div class="bar" style="height:${h}px;background:${c}"></div><div class="bar-label">${d.label}</div></div>`;
+  }).join('');
+}
+function accordion(title,content,open=false){
+  return`<div class="accordion"><div class="acc-header ${open?'open':''}" onclick="this.classList.toggle('open');this.nextElementSibling.classList.toggle('open')"><span>${title}</span><span class="arrow">&#9654;</span></div><div class="acc-body ${open?'open':''}">${content}</div></div>`;
+}
+
+// Radar chart
+function drawRadar(canvas,labels,values,max=100){
+  const ctx=canvas.getContext('2d');
+  const w=canvas.width,h=canvas.height;
+  const cx=w/2,cy=h/2,r=Math.min(cx,cy)-40;
+  const n=labels.length;
+  ctx.clearRect(0,0,w,h);
+  // Grid
+  for(let ring=1;ring<=4;ring++){
+    ctx.beginPath();
+    const rr=r*ring/4;
+    for(let i=0;i<=n;i++){
+      const a=-Math.PI/2+2*Math.PI*i/n;
+      const x=cx+rr*Math.cos(a),y=cy+rr*Math.sin(a);
+      i===0?ctx.moveTo(x,y):ctx.lineTo(x,y);
+    }
+    ctx.strokeStyle='rgba(59,130,246,0.15)';ctx.stroke();
+  }
+  // Axes
+  for(let i=0;i<n;i++){
+    const a=-Math.PI/2+2*Math.PI*i/n;
+    ctx.beginPath();ctx.moveTo(cx,cy);ctx.lineTo(cx+r*Math.cos(a),cy+r*Math.sin(a));
+    ctx.strokeStyle='rgba(59,130,246,0.2)';ctx.stroke();
+    const lx=cx+(r+20)*Math.cos(a),ly=cy+(r+20)*Math.sin(a);
+    ctx.fillStyle='#94a3b8';ctx.font='10px system-ui';ctx.textAlign='center';ctx.textBaseline='middle';
+    ctx.fillText(labels[i],lx,ly);
+  }
+  // Data
+  ctx.beginPath();
+  for(let i=0;i<=n;i++){
+    const idx=i%n;
+    const a=-Math.PI/2+2*Math.PI*idx/n;
+    const v=values[idx]/max*r;
+    const x=cx+v*Math.cos(a),y=cy+v*Math.sin(a);
+    i===0?ctx.moveTo(x,y):ctx.lineTo(x,y);
+  }
+  ctx.fillStyle='rgba(96,165,250,0.2)';ctx.fill();
+  ctx.strokeStyle='#60a5fa';ctx.lineWidth=2;ctx.stroke();
+  // Points
+  for(let i=0;i<n;i++){
+    const a=-Math.PI/2+2*Math.PI*i/n;
+    const v=values[i]/max*r;
+    const x=cx+v*Math.cos(a),y=cy+v*Math.sin(a);
+    ctx.beginPath();ctx.arc(x,y,4,0,Math.PI*2);
+    ctx.fillStyle=values[i]>=90?'#34d399':values[i]>=80?'#fbbf24':'#f87171';ctx.fill();
+    ctx.fillStyle='#e0e4f0';ctx.font='bold 9px system-ui';ctx.textAlign='center';
+    ctx.fillText(values[i]+'%',x,y-10);
+  }
+}
+
 async function load(){
-  const [dash,reg,gaps,struct,esc,sev,arch,trust,kafka,tf,gates,aud,fs,cs,sr117,fl,earl,tbd,align,contain,arl,icgc,gcr,xb,bp,scale,integ,impl,invest,save,risks,rollout,app]=await Promise.all([
-    fetch(API+'/dashboard').then(r=>r.json()),fetch(API+'/regulatory/frameworks').then(r=>r.json()),fetch(API+'/regulatory/compliance-matrix/gaps').then(r=>r.json()),
-    fetch(API+'/governance-structure/pillars').then(r=>r.json()),fetch(API+'/governance-structure/escalation/phases').then(r=>r.json()),fetch(API+'/governance-structure/escalation/severity-levels').then(r=>r.json()),
-    fetch(API+'/technical/reference-architecture/layers').then(r=>r.json()),fetch(API+'/technical/trust-stack').then(r=>r.json()),fetch(API+'/technical/kafka-acl/topics').then(r=>r.json()),
-    fetch(API+'/technical/terraform/modules').then(r=>r.json()),fetch(API+'/technical/terraform/cicd-gates').then(r=>r.json()),fetch(API+'/technical/auditor-workflows').then(r=>r.json()),
-    fetch(API+'/financial-services/model-inventory').then(r=>r.json()),fetch(API+'/financial-services/credit-scoring').then(r=>r.json()),fetch(API+'/financial-services/credit-scoring/sr117').then(r=>r.json()),
-    fetch(API+'/financial-services/credit-scoring/fair-lending').then(r=>r.json()),fetch(API+'/financial-services/earl').then(r=>r.json()),
-    fetch(API+'/agi-safety/trust-by-design/principles').then(r=>r.json()),fetch(API+'/agi-safety/alignment').then(r=>r.json()),fetch(API+'/agi-safety/containment/layers').then(r=>r.json()),fetch(API+'/agi-safety/readiness-levels').then(r=>r.json()),
-    fetch(API+'/global-governance/icgc/components').then(r=>r.json()),fetch(API+'/global-governance/compute-registry/categories').then(r=>r.json()),fetch(API+'/global-governance/cross-border/mechanisms').then(r=>r.json()),
-    fetch(API+'/blueprint/scales').then(r=>r.json()),fetch(API+'/blueprint/scalability').then(r=>r.json()),fetch(API+'/blueprint/integration').then(r=>r.json()),
-    fetch(API+'/implementation/timeline/phases').then(r=>r.json()),fetch(API+'/implementation/cost-benefit/breakdown').then(r=>r.json()),fetch(API+'/implementation/cost-benefit/savings').then(r=>r.json()),
-    fetch(API+'/implementation/risks/top').then(r=>r.json()),fetch(API+'/implementation/rollout').then(r=>r.json()),fetch(API+'/appendices').then(r=>r.json())
+  const [dash,reg,gaps,struct,esc,sev,arch,trust,kafka,tf,gates,aud,fs,cs,sr117,fl,earl,tbd,align,contain,arl,icgc,gcr,xb,bp,scale,integ,impl,invest,save,risks,rollout,app,hier,overlaps,metrics]=await Promise.all([
+    fetch(API+'/dashboard').then(r=>r.json()),
+    fetch(API+'/regulatory/frameworks').then(r=>r.json()),
+    fetch(API+'/regulatory/compliance-matrix/gaps').then(r=>r.json()),
+    fetch(API+'/governance-structure/pillars').then(r=>r.json()),
+    fetch(API+'/governance-structure/escalation/phases').then(r=>r.json()),
+    fetch(API+'/governance-structure/escalation/severity-levels').then(r=>r.json()),
+    fetch(API+'/technical/reference-architecture/layers').then(r=>r.json()),
+    fetch(API+'/technical/trust-stack').then(r=>r.json()),
+    fetch(API+'/technical/kafka-acl/topics').then(r=>r.json()),
+    fetch(API+'/technical/terraform/modules').then(r=>r.json()),
+    fetch(API+'/technical/terraform/cicd-gates').then(r=>r.json()),
+    fetch(API+'/technical/auditor-workflows').then(r=>r.json()),
+    fetch(API+'/financial-services/model-inventory').then(r=>r.json()),
+    fetch(API+'/financial-services/credit-scoring').then(r=>r.json()),
+    fetch(API+'/financial-services/credit-scoring/sr117').then(r=>r.json()),
+    fetch(API+'/financial-services/credit-scoring/fair-lending').then(r=>r.json()),
+    fetch(API+'/financial-services/earl').then(r=>r.json()),
+    fetch(API+'/agi-safety/trust-by-design/principles').then(r=>r.json()),
+    fetch(API+'/agi-safety/alignment').then(r=>r.json()),
+    fetch(API+'/agi-safety/containment/layers').then(r=>r.json()),
+    fetch(API+'/agi-safety/readiness-levels').then(r=>r.json()),
+    fetch(API+'/global-governance/icgc/components').then(r=>r.json()),
+    fetch(API+'/global-governance/compute-registry/categories').then(r=>r.json()),
+    fetch(API+'/global-governance/cross-border/mechanisms').then(r=>r.json()),
+    fetch(API+'/blueprint/scales').then(r=>r.json()),
+    fetch(API+'/blueprint/scalability').then(r=>r.json()),
+    fetch(API+'/blueprint/integration').then(r=>r.json()),
+    fetch(API+'/implementation/timeline/phases').then(r=>r.json()),
+    fetch(API+'/implementation/cost-benefit/breakdown').then(r=>r.json()),
+    fetch(API+'/implementation/cost-benefit/savings').then(r=>r.json()),
+    fetch(API+'/implementation/risks/top').then(r=>r.json()),
+    fetch(API+'/implementation/rollout').then(r=>r.json()),
+    fetch(API+'/appendices').then(r=>r.json()),
+    fetch(API+'/governance-structure/decision-hierarchy').then(r=>r.json()),
+    fetch(API+'/regulatory/compliance-matrix/overlaps').then(r=>r.json()),
+    fetch(API+'/metrics').then(r=>r.json())
   ]);
-  const m=dash.keyMetrics;
-  document.getElementById('exec-context').innerHTML=`<h4>Strategic Thesis</h4><p style="color:#cbd5e1;font-style:italic">"The institutions that will dominate the 2030 economy are not those deploying the most AI, but those governing it best."</p><p style="margin-top:8px;color:#94a3b8">This master reference consolidates 22 governance documents (WP-001 through WP-022) into the single authoritative reference for 2026-2030, targeting Fortune 500, Global 2000, and 30 G-SIFIs.</p>`;
+
+  // ══════════════════════════════════════════════════════════════
+  // EXECUTIVE SUMMARY
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('exec-context').innerHTML=`
+    <h4>Strategic Thesis</h4>
+    <p style="color:#cbd5e1;font-size:1.05em;font-style:italic;border-left:3px solid var(--blue);padding-left:14px;margin:10px 0">
+      "The institutions that will dominate the 2030 economy are not those deploying the most AI, but those governing it best."
+    </p>
+    <p style="margin-top:10px;color:var(--muted);font-size:0.88em">
+      This master reference consolidates <strong style="color:var(--blue)">22 governance documents</strong> (WP-001 through WP-022) into the single authoritative reference for 2026-2030, targeting Fortune 500, Global 2000, and 30 G-SIFIs across 4 jurisdictions (EU, US, UK, OECD Global).
+    </p>
+    <div style="margin-top:12px;display:flex;gap:12px;flex-wrap:wrap">
+      ${['87% Global 2000 with AI in production','62% deploy RAG systems','40% plan multi-agent AI by 2027','$147B enterprise AI spend (2026)','847 autonomous-AI incidents 2025 (+340% YoY)','1:42 governance-to-AI-staff ratio'].map(s=>`<span class="tag">${s}</span>`).join('')}
+    </div>`;
+
   document.getElementById('exec-kpis').innerHTML=[
-    ['8','Governance Pillars','blue'],['8','Regulatory Frameworks','blue'],['482','OPA Rego Rules','green'],['1,247','Sentinel Rules','green'],['1.4M','Daily Policy Evals','purple'],['312','Production Models','gold'],['847','Total Models','gold'],['45K','Kafka Events/s','purple'],['15','ICGC Components','blue'],['144','Terraform Resources','blue'],['91.2%','Compliance Score','green'],['$68.4M','5-Year Investment','gold']
+    [metrics.governancePillars,'Governance Pillars','blue'],
+    [metrics.regulatoryFrameworks,'Regulatory Frameworks','blue'],
+    [metrics.opaRules.toLocaleString(),'OPA Rego Rules','green'],
+    [metrics.sentinelRules.toLocaleString(),'Sentinel Rules','green'],
+    ['1.4M','Daily Policy Evaluations','purple'],
+    [metrics.productionModels,'Production Models','gold'],
+    [metrics.totalModels.toLocaleString(),'Total AI Models','gold'],
+    ['45K','Kafka Events/sec','purple'],
+    [metrics.icgcComponents,'ICGC Components','blue'],
+    [metrics.terraformResources,'Terraform Resources','blue'],
+    ['91.2%','Cross-Framework Compliance','green'],
+    [metrics.totalInvestment,'5-Year Investment','gold']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.getElementById('exec-investment').innerHTML=[
+    ['$68.4M','Total Investment','gold','5-year program'],
+    ['$118.7M','Net Present Value','green','Risk-adjusted'],
+    ['42.1%','Internal Rate of Return','green','Above 35% threshold'],
+    ['2.1 yr','Payback Period','blue','Below 3-year target'],
+    ['$52.3M','Annual Savings','green','Steady-state'],
+    ['94%','Audit Time Reduction','purple','72h to 4.3h']
+  ].map(([v,l,c,t])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div><div class="trend" style="color:var(--dim);font-size:0.68em">${t}</div></div>`).join('');
+
+  // Compliance bar chart
+  barChart(document.getElementById('chart-compliance'),
+    reg.map(f=>({value:f.complianceScore,label:f.name.split(' ').slice(0,2).join(' '),display:f.complianceScore+'%',color:f.complianceScore>=93?'var(--green)':f.complianceScore>=88?'var(--gold)':'var(--red)'}))
+  );
+
+  // Investment bar chart
+  barChart(document.getElementById('chart-invest'),
+    invest.map(i=>({value:parseFloat(i.fiveYearCost.replace(/[$M,]/g,'')),label:i.category.split(' ').slice(0,2).join(' '),display:i.fiveYearCost,color:'var(--blue)'}))
+  );
+
+  // Trajectory
+  const trajData=[
+    ['Metric','2024 Baseline','2026 Target','2027 Target','2028 Target','2030 Target'],
+    ['Compliance Score','72.4%','91.2%','94.5%','97.1%','99.2%'],
+    ['OPA Policies','124','482','650','850','1,200+'],
+    ['Sentinel Rules','312','1,247','1,600','2,000','2,800+'],
+    ['Daily Evaluations','280K','1.4M','3.2M','5.5M','8M+'],
+    ['Mean Incident Response','45 min','14 min','8 min','5 min','3 min'],
+    ['AI Risk Score','38.2','55.8','68.4','75.2','82.5'],
+    ['Model Bias DI','0.72','0.80','0.85','0.88','0.92'],
+    ['AGI Readiness Level','ARL-1','ARL-2','ARL-4','ARL-5','ARL-7'],
+    ['ISO 42001','Planning','93%','Certified','Maintained','Maintained']
+  ];
+  document.getElementById('trajectory-table').innerHTML=`<table><thead><tr>${trajData[0].map(h=>`<th>${h}</th>`).join('')}</tr></thead><tbody>${trajData.slice(1).map(r=>`<tr>${r.map((c,i)=>`<td${i===0?' style="font-weight:600;color:var(--blue)"':''}>${c}</td>`).join('')}</tr>`).join('')}</tbody></table>`;
+
+  // Document hierarchy
+  document.getElementById('doc-hierarchy').innerHTML=`<h4>WP-MREF-GSIFI-2026 Document Series</h4>
+  <div style="display:grid;grid-template-columns:repeat(auto-fill,minmax(280px,1fr));gap:8px;margin-top:10px">
+  ${[{r:'GOV-001',t:'G-SIFI Foundation'},{r:'ARCH-002',t:'Architecture Security'},{r:'SAFE-003',t:'AGI Safety'},{r:'REF-004',t:'Reference Architectures'},{r:'IMPL-005',t:'Implementation Roadmap'},{r:'COMP-006',t:'Regulatory Compliance'},{r:'LEGAL-007',t:'Global Legal Registry'},{r:'TRAJ-008',t:'Sentinel Governance'},{r:'KARD-009',t:'Compute Governance'},{r:'COGRES-010',t:'Cognitive Resonance'},{r:'PRACT-011',t:'Practitioner Guide'},{r:'STRAT-012',t:'Enterprise Strategy'},{r:'MREF-013',t:'Master Reference F500'},{r:'UMREF-014',t:'Unified Master Ref'},{r:'PMREF-015',t:'Practitioner Master Ref'},{r:'AGMB-016',t:'AGI Master Blueprint'},{r:'KACG-017',t:'Kafka ACL Governance'},{r:'GAF-017b',t:'Governance Architectures'},{r:'WP-018',t:'Financial Services'},{r:'WP-019',t:'Data Infrastructure'},{r:'WP-020',t:'Monitoring Engine'},{r:'WP-021',t:'Dev/Deploy Governance'},{r:'WP-022',t:'Global Compute'}].map(d=>`<div style="display:flex;gap:8px;align-items:center;padding:4px 0"><span class="badge badge-blue" style="min-width:76px;text-align:center">${d.r}</span><span style="font-size:0.82em;color:var(--muted)">${d.t}</span></div>`).join('')}
+  <div style="display:flex;gap:8px;align-items:center;padding:6px 0;border-top:1px solid var(--border);margin-top:4px"><span class="badge badge-gold" style="min-width:76px;text-align:center">WP-023</span><strong style="font-size:0.85em;color:var(--gold)">THIS DOCUMENT — Master Reference 2026-2030</strong></div>
+  </div>`;
+
+  // ══════════════════════════════════════════════════════════════
+  // REGULATORY COMPLIANCE
+  // ══════════════════════════════════════════════════════════════
+  const totalOpa=reg.reduce((a,f)=>a+f.opaRules,0);
+  const totalSent=reg.reduce((a,f)=>a+f.sentinelRules,0);
+  const avgScore=(reg.reduce((a,f)=>a+f.complianceScore,0)/reg.length).toFixed(1);
+  document.getElementById('reg-summary-kpis').innerHTML=[
+    [reg.length,'Frameworks','blue'],[4,'Jurisdictions','blue'],[totalOpa,'OPA Rules','green'],[totalSent,'Sentinel Rules','green'],[avgScore+'%','Avg Compliance','green'],[gaps.totalGaps,'Compliance Gaps','red']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.getElementById('reg-scores').innerHTML=reg.map(f=>`<div class="kpi ${f.complianceScore>=93?'green':f.complianceScore>=88?'gold':'red'}"><div class="value">${f.complianceScore}%</div><div class="label">${f.name.split(' ').slice(0,3).join(' ')}</div>${pct(f.complianceScore)}</div>`).join('');
+
+  document.querySelector('#reg-table tbody').innerHTML=reg.map(f=>`<tr><td><strong>${f.name}</strong></td><td>${badge(f.jurisdiction,'blue')}</td><td>${f.opaRules}</td><td>${f.sentinelRules}</td><td>${f.complianceScore}% ${pct(f.complianceScore)}</td><td style="color:var(--green)">+2.4%</td><td>${badge(f.status.split('—')[0].trim(),f.complianceScore>=90?'green':'gold')}</td></tr>`).join('');
+
+  document.querySelector('#overlap-table tbody').innerHTML=overlaps.map(o=>`<tr><td>${o.pair}</td><td style="color:var(--blue);font-weight:600">${o.overlaps}</td><td>${o.uniqueLeft}</td><td>${o.uniqueRight}</td><td>${o.coverageScore}% ${pct(o.coverageScore)}</td></tr>`).join('');
+
+  document.getElementById('gap-kpis').innerHTML=[
+    [gaps.criticalGaps,'Critical Gaps','red'],[gaps.highGaps,'High Priority','gold'],[gaps.mediumGaps,'Medium','blue'],[gaps.totalGaps,'Total Gaps','purple']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.querySelector('#gap-table tbody').innerHTML=gaps.topCriticalGaps.map(g=>`<tr><td>${badge(g.id,'red')}</td><td>${badge('CRITICAL','red')}</td><td>${g.description}</td><td>${g.frameworks.map(f=>badge(f,'blue')).join(' ')}</td><td style="font-size:0.82em">${g.remediation}</td><td>${g.timeline}</td><td style="color:var(--gold)">${g.effort||'480h'}</td><td>${g.owner}</td></tr>`).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // GOVERNANCE STRUCTURE
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('gov-kpis').innerHTML=[
+    [8,'Governance Pillars','blue'],[6,'Architecture Layers','blue'],[4,'Decision Levels','purple'],[6,'Escalation Phases','gold'],[5,'Severity Levels','red'],['CAIO','Chief AI Officer Role','green']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.getElementById('pillars-grid').innerHTML=struct.map((p,i)=>{
+    const colors=['#3b82f6','#10b981','#f59e0b','#ef4444','#8b5cf6','#06b6d4','#ec4899','#14b8a6'];
+    return`<div class="card" style="border-left:3px solid ${colors[i%8]}"><h4 style="color:${colors[i%8]}">${p.id}: ${p.name}</h4><p style="color:var(--muted);font-size:0.85em">${p.function}</p><div style="margin-top:8px;display:flex;gap:12px;flex-wrap:wrap;font-size:0.82em"><span><strong>Owner:</strong> ${p.owner}</span><span><strong>Layer:</strong> ${badge(p.layer,'blue')}</span><span><strong>Target:</strong> ${badge(p.maturityTarget,'green')}</span></div><div style="margin-top:6px">${p.keyControls.map(c=>`<span class="tag">${c}</span>`).join('')}</div></div>`;
+  }).join('');
+
+  document.querySelector('#hierarchy-table tbody').innerHTML=hier.levels.map(l=>`<tr><td>${badge('L'+l.level,'blue')} <strong>${l.name}</strong></td><td>${l.authority}</td><td>${l.members||'Board / C-Suite'}</td><td>${l.cadence}</td><td>${l.escalationTrigger}</td><td>${l.sla||'Per severity'}</td></tr>`).join('');
+
+  // RACI Matrix
+  const raciRoles=['Board','CAIO','CRO','CISO','CTO','Legal','MRM','DevOps','Audit'];
+  const raciActivities=[
+    {act:'AI System Registration',raci:'A,R,C,I,C,C,I,I,I'},
+    {act:'Model Risk Assessment',raci:'I,C,R,C,I,I,A,I,C'},
+    {act:'Policy Deployment',raci:'I,A,C,C,R,I,I,R,I'},
+    {act:'Compliance Monitoring',raci:'I,A,R,C,I,C,C,I,C'},
+    {act:'Incident Response',raci:'I,A,R,R,R,C,I,R,I'},
+    {act:'AGI Safety Review',raci:'A,R,R,R,C,C,C,I,C'},
+    {act:'Regulatory Reporting',raci:'A,C,R,I,I,R,C,I,R'},
+    {act:'Kill-Switch Activation',raci:'I,A,R,R,R,I,I,R,I'},
+    {act:'Annual Audit',raci:'A,C,C,C,C,C,C,I,R'}
+  ];
+  document.getElementById('raci-container').innerHTML=`<table class="raci"><thead><tr><th>Activity</th>${raciRoles.map(r=>`<th>${r}</th>`).join('')}</tr></thead><tbody>${raciActivities.map(a=>{const vals=a.raci.split(',');return`<tr><td style="text-align:left;font-weight:500">${a.act}</td>${vals.map(v=>`<td class="${v}">${v}</td>`).join('')}</tr>`;}).join('')}</tbody></table><div style="margin-top:8px;font-size:0.75em;color:var(--dim)"><span class="R">R</span>=Responsible <span class="A">A</span>=Accountable <span class="C">C</span>=Consulted <span class="I">I</span>=Informed</div>`;
+
+  document.querySelector('#escalation-table tbody').innerHTML=esc.map(e=>`<tr><td>${badge(e.phase,'purple')}</td><td style="color:var(--gold);font-weight:600">${e.sla}</td><td style="font-size:0.82em">${e.actions.map(a=>'&bull; '+a).join('<br>')}</td><td>${e.responsible}</td><td>${e.notification||'All stakeholders'}</td></tr>`).join('');
+
+  document.querySelector('#severity-table tbody').innerHTML=sev.map(s=>`<tr><td>${badge('L'+s.level,s.level>=4?'red':s.level>=3?'gold':'blue')}</td><td><strong>${s.name}</strong></td><td style="font-size:0.82em">${s.description}</td><td style="color:var(--gold)">${s.response}</td><td>${s.authority||'CAIO + CRO'}</td><td style="font-style:italic;color:var(--dim);font-size:0.82em">${s.example}</td></tr>`).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // TECHNICAL IMPLEMENTATION
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('tech-kpis').innerHTML=[
+    [6,'Architecture Layers','blue'],[12,'Kafka Topics','purple'],['45K','Events/sec','green'],[8,'Terraform Modules','blue'],[144,'TF Resources','blue'],[7,'CI/CD Gates','gold'],['4.2ms','P99 Latency','green'],[3,'Auditor Modes','purple']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.querySelector('#arch-table tbody').innerHTML=arch.map(l=>`<tr><td><strong style="color:var(--blue)">${l.layer}</strong></td><td style="font-size:0.82em">${l.components.join(', ')}</td><td style="font-size:0.82em">${l.technology}</td><td style="font-size:0.8em;color:var(--muted)">${l.governance}</td></tr>`).join('');
+
+  document.querySelector('#trust-table tbody').innerHTML=trust.layers.map(l=>`<tr><td><strong>${l.layer}</strong></td><td>${l.components.join(', ')}</td><td>${badge(l.standard,'blue')}</td></tr>`).join('');
+
+  document.querySelector('#kafka-table tbody').innerHTML=kafka.map(t=>`<tr><td><code style="color:var(--blue);font-size:0.9em">${t.name}</code></td><td style="text-align:center">${t.partitions}</td><td>${t.retention}</td><td style="font-size:0.8em">${t.acl}</td></tr>`).join('');
+
+  document.getElementById('worm-card').innerHTML=`<h4>Immutable WORM Evidence Storage</h4>
+    <div style="font-size:0.85em;color:var(--muted)">
+    <p>&bull; S3-compatible with SHA-256 + Ed25519 signing</p>
+    <p>&bull; 10-year minimum retention (regulatory mandated)</p>
+    <p>&bull; Evidence bundle generation: <strong style="color:var(--green)">P99 4.8s</strong></p>
+    <p>&bull; Evidence assembly: 72h reduced to <strong style="color:var(--green)">4.3h</strong> (94% reduction)</p>
+    <p>&bull; Chain-of-custody verification via <code>governance-verify-cli.py</code></p>
+    </div>`;
+
+  document.getElementById('policy-perf-card').innerHTML=`<h4>OPA + Sentinel Policy Engine</h4>
+    <div style="font-size:0.85em;color:var(--muted)">
+    <p>&bull; <strong style="color:var(--green)">482</strong> OPA Rego rules across 14 policy files</p>
+    <p>&bull; <strong style="color:var(--green)">1,247</strong> Sentinel governance rules</p>
+    <p>&bull; <strong style="color:var(--green)">1.4M</strong> daily policy evaluations</p>
+    <p>&bull; P99 evaluation latency: <strong style="color:var(--green)">4.2ms</strong></p>
+    <p>&bull; Availability: <strong style="color:var(--green)">99.97%</strong> (SLA: 99.95%)</p>
+    </div>`;
+
+  document.querySelector('#tf-modules tbody').innerHTML=tf.map(m=>`<tr><td><strong>${m.name}</strong></td><td style="text-align:center;color:var(--blue)">${m.resources}</td><td style="font-size:0.82em">${m.description}</td><td>${badge('Enabled','green')}</td></tr>`).join('');
+  document.querySelector('#tf-gates tbody').innerHTML=gates.map(g=>`<tr><td>${badge('G'+g.gate,'blue')} ${g.name}</td><td>${g.tool}</td><td style="font-size:0.82em">${g.blockOn}</td><td>${badge('Active','green')}</td></tr>`).join('');
+
+  document.querySelector('#auditor-table tbody').innerHTML=aud.modes.map(m=>`<tr><td><strong style="color:var(--blue)">${m.mode}</strong></td><td style="font-size:0.82em">${m.description}</td><td style="color:var(--gold)">${m.sla}</td><td style="font-size:0.82em">${m.tools.join(', ')}</td><td style="font-size:0.78em">${m.standards||'SR 11-7, EU AI Act Art.11, ISO 42001'}</td></tr>`).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // FINANCIAL SERVICES
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('fs-kpis').innerHTML=[
+    [fs.totalModels,'Total Models','blue'],[fs.productionModels,'Production','green'],[fs.highRiskTier1,'High-Risk Tier-1','red'],[fs.inDevelopment,'In Development','gold'],[9,'Model Categories','blue'],['0.80+','DI Threshold','green']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.querySelector('#model-table tbody').innerHTML=fs.categories.map(c=>{
+    const metric=c.avgAUROC?'AUROC: '+c.avgAUROC:c.precision?'Precision: '+c.precision:c.avgSharpe?'Sharpe: '+c.avgSharpe:c.alertQuality?'Alert: '+c.alertQuality:c.pdAccuracy?'PD: '+c.pdAccuracy:c.accuracy?'Accuracy: '+c.accuracy:c.lossForecasting?'Forecast: '+c.lossForecasting:c.informationRatio?'IR: '+c.informationRatio:c.avgCSAT?'CSAT: '+c.avgCSAT:'';
+    return`<tr><td><strong>${c.name}</strong></td><td style="text-align:center">${c.models}</td><td style="text-align:center">${c.production||Math.floor(c.models*0.37)}</td><td>${badge(c.tier,c.tier.includes('Tier-1')?'red':'gold')}</td><td style="font-size:0.82em">${c.srSection}</td><td style="color:var(--green)">${metric}</td><td style="font-size:0.78em;color:var(--dim)">Q1 2026</td></tr>`;
+  }).join('');
+
+  document.querySelector('#sr117-table tbody').innerHTML=sr117.map(s=>`<tr><td><strong>${s.stage}</strong></td><td style="font-size:0.82em">${s.activities.join(', ')}</td><td>${s.owner}</td><td>${s.timeline}</td><td style="font-size:0.78em">${s.artifacts.join(', ')}</td></tr>`).join('');
+
+  document.getElementById('fair-lending-card').innerHTML=`<h4>Fair Lending Compliance (FCRA/ECOA)</h4>
+    <p>Disparate Impact Threshold: <strong>${fl.disparateImpactThreshold}</strong> | Current: <strong style="color:var(--green)">${fl.currentPerformance}</strong></p>${pct(fl.currentPerformance*100)}
+    <p style="margin-top:10px"><strong>Protected Classes:</strong> ${fl.protectedClasses.map(c=>badge(c,'blue')).join(' ')}</p>
+    <p style="margin-top:8px"><strong>Adverse Action Explainability:</strong> ${fl.adverseActionExplainability.method} — Coverage: <strong style="color:var(--green)">${fl.adverseActionExplainability.coverage}</strong></p>
+    <p style="margin-top:6px;font-size:0.82em;color:var(--dim)">Continuous monitoring via Sentinel rules FCRA-001 through FCRA-038</p>`;
+
+  document.getElementById('earl-card').innerHTML=`<h4>Enterprise AI Risk Level (EARL) Maturity</h4>
+    <p>Current: ${badge('Level '+earl.current+' — '+earl.currentName,'gold')} &rarr; Target: ${badge('Level '+earl.target+' — '+earl.targetName+' by '+earl.targetDate,'green')}</p>
+    ${pct(earl.current/5*100)}
+    <table style="margin-top:12px">${earl.levels.map(l=>`<tr><td>${badge('L'+l.level,l.level<=earl.current?'green':'blue')}</td><td><strong>${l.name}</strong></td><td style="font-size:0.82em;color:var(--muted)">${l.description}</td></tr>`).join('')}</table>`;
+
+  // ══════════════════════════════════════════════════════════════
+  // AGI SAFETY
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('safety-kpis').innerHTML=[
+    [8,'Trust-by-Design Principles','blue'],['2,847','Alignment Tests','green'],['96.7%','Overall Pass Rate','green'],[5,'Containment Layers','purple'],[7,'AGI Readiness Levels','blue'],['ARL-2','Current Level','gold']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.querySelector('#tbd-table tbody').innerHTML=tbd.map(p=>`<tr><td>${badge(p.id,'blue')}</td><td><strong>${p.name}</strong><br><span style="color:var(--muted);font-size:0.82em">${p.description}</span></td><td style="font-size:0.82em">${p.implementation}</td><td style="font-size:0.82em">${p.verification||'Continuous monitoring'}</td><td>${badge(p.status,p.status==='Operational'?'green':'gold')}</td></tr>`).join('');
+
+  document.getElementById('align-kpis').innerHTML=[
+    [align.testSuiteSize.toLocaleString(),'Total Tests','blue'],[align.overallPassRate,'Overall Pass Rate','green'],[align.categories.length,'Test Categories','purple'],['98.2%','Core Safety Pass','green']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.querySelector('#align-table tbody').innerHTML=align.categories.map(c=>{
+    const s=parseFloat(c.currentScore);const t=parseFloat(c.passThreshold);
+    return`<tr><td><strong>${c.name}</strong></td><td style="text-align:center">${c.tests}</td><td style="text-align:center">${c.passThreshold}</td><td>${c.currentScore} ${pct(s)}</td><td>${badge(s>=t?'PASS':'BELOW',s>=t?'green':'red')}</td></tr>`;
+  }).join('');
+
+  // Radar chart
+  try{
+    const radarLabels=align.categories.map(c=>c.name.split(' ')[0]);
+    const radarValues=align.categories.map(c=>parseFloat(c.currentScore));
+    drawRadar(document.getElementById('radar-canvas'),radarLabels,radarValues);
+  }catch(e){console.warn('Radar chart error:',e)}
+
+  document.querySelector('#contain-table tbody').innerHTML=contain.map(l=>`<tr><td><strong style="color:var(--blue)">${l.layer}</strong></td><td style="font-size:0.82em">${l.description}</td><td style="font-size:0.82em">${l.controls.join(', ')}</td><td style="font-size:0.78em;color:var(--dim)">${l.lastTest||'2026-04-01'}</td><td>${badge(l.status,'green')}</td></tr>`).join('');
+
+  // ARL Timeline
+  document.getElementById('arl-timeline').innerHTML=arl.map((l,i)=>`<div class="tl-item ${i<=1?'active':''}"><h5>${l.level}: ${l.name}</h5><p>${l.description}</p><p style="font-size:0.78em;color:var(--gold);margin-top:2px">Milestone: ${l.milestone}</p></div>`).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // GLOBAL GOVERNANCE
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('global-kpis').innerHTML=[
+    [15,'ICGC Components','blue'],[38,'Member States','green'],[847,'Compute Registrations','purple'],[4,'Jurisdictions','blue'],[8,'Cross-Border Mechanisms','gold'],['94.1%','Avg Compliance','green']
   ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
-  document.getElementById('exec-investment').innerHTML=[['$68.4M','Total Investment','gold'],['$118.7M','Net Present Value','green'],['42.1%','IRR','green'],['2.1 yr','Payback Period','blue'],['$52.3M','Annual Savings','green'],['94%','Audit Time Reduction','purple']].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
-
-  // Regulatory
-  document.getElementById('reg-scores').innerHTML=reg.map(f=>`<div class="kpi ${f.complianceScore>=93?'green':f.complianceScore>=88?'gold':'red'}"><div class="value">${f.complianceScore}%</div><div class="label">${f.name.split(' ').slice(0,3).join(' ')}</div></div>`).join('');
-  document.querySelector('#reg-table tbody').innerHTML=reg.map(f=>`<tr><td><strong>${f.name}</strong></td><td>${f.jurisdiction}</td><td>${f.opaRules}</td><td>${f.sentinelRules}</td><td>${f.complianceScore}% ${pct(f.complianceScore)}</td><td>${badge(f.status.split('—')[0].trim(),f.complianceScore>=90?'green':'gold')}</td></tr>`).join('');
-  const overlaps=await fetch(API+'/regulatory/compliance-matrix/overlaps').then(r=>r.json());
-  document.querySelector('#overlap-table tbody').innerHTML=overlaps.map(o=>`<tr><td>${o.pair}</td><td>${o.overlaps}</td><td>${o.uniqueLeft}</td><td>${o.uniqueRight}</td><td>${o.coverageScore}% ${pct(o.coverageScore)}</td></tr>`).join('');
-  document.getElementById('gap-kpis').innerHTML=[[''+gaps.criticalGaps,'Critical Gaps','red'],[''+gaps.highGaps,'High Gaps','gold'],[''+gaps.mediumGaps,'Medium Gaps','blue'],[''+gaps.totalGaps,'Total Gaps','purple']].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
-  document.querySelector('#gap-table tbody').innerHTML=gaps.topCriticalGaps.map(g=>`<tr><td>${badge(g.id,'red')}</td><td>${g.description}</td><td>${g.frameworks.join(', ')}</td><td>${g.remediation}</td><td>${g.timeline}</td><td>${g.owner}</td></tr>`).join('');
-
-  // Governance Structure
-  document.getElementById('pillars-grid').innerHTML=struct.map(p=>`<div class="card"><h4>${p.id}: ${p.name}</h4><p style="color:#94a3b8;font-size:0.85em">${p.function}</p><p style="margin-top:6px"><strong>Owner:</strong> ${p.owner} | <strong>Layer:</strong> ${badge(p.layer,'blue')} | <strong>Target:</strong> ${p.maturityTarget}</p><p style="margin-top:4px;font-size:0.82em;color:#64748b">${p.keyControls.join(' · ')}</p></div>`).join('');
-  const hier=await fetch(API+'/governance-structure/decision-hierarchy').then(r=>r.json());
-  document.querySelector('#hierarchy-table tbody').innerHTML=hier.levels.map(l=>`<tr><td>${badge('L'+l.level,'blue')} ${l.name}</td><td>${l.authority}</td><td>${l.cadence}</td><td>${l.escalationTrigger}</td></tr>`).join('');
-  document.querySelector('#escalation-table tbody').innerHTML=esc.map(e=>`<tr><td>${badge(e.phase,'purple')}</td><td>${e.sla}</td><td>${e.actions.map(a=>'• '+a).join('<br>')}</td><td>${e.responsible}</td></tr>`).join('');
-  document.querySelector('#severity-table tbody').innerHTML=sev.map(s=>`<tr><td>${badge('L'+s.level,s.level>=4?'red':s.level>=3?'gold':'blue')}</td><td>${s.name}</td><td>${s.description}</td><td>${s.response}</td><td style="font-style:italic;color:#64748b">${s.example}</td></tr>`).join('');
-
-  // Technical
-  document.querySelector('#arch-table tbody').innerHTML=arch.map(l=>`<tr><td><strong>${l.layer}</strong></td><td>${l.components.join(', ')}</td><td>${l.technology}</td><td style="font-size:0.82em">${l.governance}</td></tr>`).join('');
-  document.querySelector('#trust-table tbody').innerHTML=trust.layers.map(l=>`<tr><td><strong>${l.layer}</strong></td><td>${l.components.join(', ')}</td><td>${l.standard}</td></tr>`).join('');
-  document.querySelector('#kafka-table tbody').innerHTML=kafka.map(t=>`<tr><td><code style="color:#60a5fa">${t.name}</code></td><td>${t.partitions}</td><td>${t.retention}</td><td style="font-size:0.8em">${t.acl}</td></tr>`).join('');
-  document.querySelector('#tf-modules tbody').innerHTML=tf.map(m=>`<tr><td><strong>${m.name}</strong></td><td>${m.resources}</td><td>${m.description}</td></tr>`).join('');
-  document.querySelector('#tf-gates tbody').innerHTML=gates.map(g=>`<tr><td>${badge('G'+g.gate,'blue')} ${g.name}</td><td>${g.tool}</td><td>${g.blockOn}</td></tr>`).join('');
-  document.querySelector('#auditor-table tbody').innerHTML=aud.modes.map(m=>`<tr><td><strong>${m.mode}</strong></td><td>${m.description}</td><td>${m.sla}</td><td>${m.tools.join(', ')}</td></tr>`).join('');
-
-  // Financial Services
-  document.getElementById('fs-kpis').innerHTML=[[''+fs.totalModels,'Total Models','blue'],[''+fs.productionModels,'Production','green'],[''+fs.highRiskTier1,'High-Risk Tier-1','red'],[''+fs.inDevelopment,'In Development','gold']].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
-  document.querySelector('#model-table tbody').innerHTML=fs.categories.map(c=>`<tr><td><strong>${c.name}</strong></td><td>${c.models}</td><td>${badge(c.tier,c.tier.includes('Tier-1')?'red':'gold')}</td><td>${c.srSection}</td><td>${c.avgAUROC?'AUROC: '+c.avgAUROC:c.precision?'Precision: '+c.precision:c.avgSharpe?'Sharpe: '+c.avgSharpe:c.alertQuality?'Alert Quality: '+c.alertQuality:c.pdAccuracy?'PD: '+c.pdAccuracy:c.accuracy?'Accuracy: '+c.accuracy:c.lossForecasting?'Forecast: '+c.lossForecasting:c.informationRatio?'IR: '+c.informationRatio:c.avgCSAT?'CSAT: '+c.avgCSAT:''}</td></tr>`).join('');
-  document.querySelector('#sr117-table tbody').innerHTML=sr117.map(s=>`<tr><td><strong>${s.stage}</strong></td><td>${s.activities.join(', ')}</td><td>${s.owner}</td><td>${s.timeline}</td><td>${s.artifacts.join(', ')}</td></tr>`).join('');
-  document.getElementById('fair-lending-card').innerHTML=`<h4>Fair Lending Compliance</h4><p>DI Threshold: <strong>${fl.disparateImpactThreshold}</strong> | Current: <strong style="color:#34d399">${fl.currentPerformance}</strong></p>${pct(fl.currentPerformance*100)}<p style="margin-top:8px">Protected Classes: ${fl.protectedClasses.map(c=>badge(c,'blue')).join(' ')}</p><p style="margin-top:8px">Adverse Action: ${fl.adverseActionExplainability.method} — Coverage: ${fl.adverseActionExplainability.coverage}</p>`;
-  document.getElementById('earl-card').innerHTML=`<h4>EARL Maturity</h4><p>Current: ${badge('Level '+earl.current+' — '+earl.currentName,'gold')} → Target: ${badge('Level '+earl.target+' — '+earl.targetName+' by '+earl.targetDate,'green')}</p>${pct(earl.current/5*100)}<table style="margin-top:12px">${earl.levels.map(l=>`<tr><td>${badge('L'+l.level,l.level<=earl.current?'green':'blue')}</td><td><strong>${l.name}</strong></td><td>${l.description}</td></tr>`).join('')}</table>`;
-
-  // AGI Safety
-  document.querySelector('#tbd-table tbody').innerHTML=tbd.map(p=>`<tr><td>${badge(p.id,'blue')}</td><td><strong>${p.name}</strong><br><span style="color:#94a3b8;font-size:0.85em">${p.description}</span></td><td>${p.implementation}</td><td>${badge(p.status,p.status==='Operational'?'green':'gold')}</td></tr>`).join('');
-  document.getElementById('align-kpis').innerHTML=[[''+align.testSuiteSize,'Total Tests','blue'],[''+align.overallPassRate,'Overall Pass Rate','green'],[''+align.categories.length,'Categories','purple']].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
-  document.querySelector('#align-table tbody').innerHTML=align.categories.map(c=>{const s=parseFloat(c.currentScore);const t=parseFloat(c.passThreshold);return`<tr><td>${c.name}</td><td>${c.tests}</td><td>${c.passThreshold}</td><td>${c.currentScore} ${pct(s)}</td><td>${badge(s>=t?'PASS':'BELOW',s>=t?'green':'red')}</td></tr>`;}).join('');
-  document.querySelector('#contain-table tbody').innerHTML=contain.map(l=>`<tr><td><strong>${l.layer}</strong></td><td>${l.description}</td><td>${l.controls.join(', ')}</td><td>${badge(l.status,'green')}</td></tr>`).join('');
-  document.querySelector('#arl-table tbody').innerHTML=arl.map(l=>`<tr><td>${badge(l.level,'blue')}</td><td><strong>${l.name}</strong></td><td>${l.description}</td><td>${l.milestone}</td></tr>`).join('');
-
-  // Global Governance
-  document.querySelector('#icgc-table tbody').innerHTML=icgc.map(c=>`<tr><td>${badge(c.id,'blue')}</td><td><strong>${c.name}</strong></td><td>${c.function}</td><td>${badge(c.status,c.status.includes('Active')?'green':c.status.includes('Draft')?'gold':'blue')}</td><td>${c.timeline}</td></tr>`).join('');
-  document.querySelector('#gcr-table tbody').innerHTML=gcr.map(c=>`<tr><td><strong>${c.name}</strong></td><td>${c.count}</td><td>${c.threshold}</td><td>${c.requirement}</td></tr>`).join('');
-  document.querySelector('#xborder-table tbody').innerHTML=xb.map(m=>`<tr><td><strong>${m.name}</strong></td><td>${m.description}</td><td>${badge(m.status,m.status.includes('Active')?'green':'gold')}</td><td>${m.participants.join(', ')}</td></tr>`).join('');
-
-  // Blueprint
-  document.getElementById('scales-grid').innerHTML=bp.map(s=>`<div class="card"><h4 style="color:${s.scale==='Enterprise'?'#60a5fa':s.scale==='Frontier'?'#fbbf24':'#a78bfa'}">${s.scale} Scale</h4><p style="color:#94a3b8;font-size:0.85em">${s.description}</p><p style="margin-top:8px"><strong>Components:</strong></p><ul style="margin-left:16px;font-size:0.85em">${s.components.map(c=>'<li>'+c+'</li>').join('')}</ul><p style="margin-top:8px"><strong>Integration:</strong></p><ul style="margin-left:16px;font-size:0.82em;color:#64748b">${s.integrationPoints.map(i=>'<li>'+i+'</li>').join('')}</ul></div>`).join('');
-  document.querySelector('#scale-table tbody').innerHTML=Object.entries(scale).map(([k,v])=>`<tr><td><strong>${k.charAt(0).toUpperCase()+k.slice(1)}</strong></td><td>${v.scope}</td><td>${v.governance}</td><td>${v.investment}</td><td>${v.timeline}</td></tr>`).join('');
-  document.querySelector('#integration-table tbody').innerHTML=integ.existingFrameworks.map(f=>`<tr><td><strong>${f.framework}</strong></td><td>${f.integration}</td><td>${f.touchpoints.join(', ')}</td></tr>`).join('');
-
-  // Implementation
-  document.getElementById('impl-kpis').innerHTML=[['$68.4M','Total Investment','gold'],['$118.7M','NPV','green'],['42.1%','IRR','green'],['2.1 yr','Payback','blue'],['$52.3M','Annual Savings','green'],['48','Total Risks','red']].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
-  document.getElementById('phases-grid').innerHTML=impl.map(p=>`<div class="card"><h4>${p.phase}</h4><p style="color:#94a3b8;font-size:0.85em">Duration: ${p.duration} | Investment: <strong style="color:#fbbf24">${p.investment}</strong></p><p style="margin-top:8px"><strong>Milestones:</strong></p><ul style="margin-left:16px;font-size:0.85em">${p.milestones.map(m=>'<li>'+m+'</li>').join('')}</ul></div>`).join('');
-  document.querySelector('#invest-table tbody').innerHTML=invest.map(i=>`<tr><td><strong>${i.category}</strong></td><td>${i.fiveYearCost}</td><td>${i.npv}</td><td>${i.irr}</td></tr>`).join('');
-  document.querySelector('#savings-table tbody').innerHTML=save.map(s=>`<tr><td><strong>${s.category}</strong></td><td style="color:#34d399">${s.annual}</td><td>${s.description}</td></tr>`).join('');
-  document.querySelector('#risk-table tbody').innerHTML=risks.map(r=>`<tr><td>${badge(r.id,'red')}</td><td><strong>${r.name}</strong></td><td>${(r.probability*100).toFixed(0)}%</td><td>${badge(r.impact,r.impact==='Critical'?'red':'gold')}</td><td style="font-size:0.85em">${r.mitigation}</td><td>${r.owner}</td></tr>`).join('');
-  document.getElementById('rollout-grid').innerHTML=Object.entries(rollout).map(([k,v])=>`<div class="card"><h4>${v.title}</h4><ul style="margin-left:16px;font-size:0.85em">${v.actions.map(a=>'<li>'+a+'</li>').join('')}</ul></div>`).join('');
-
-  // Appendices
-  document.querySelector('#tpl-table tbody').innerHTML=app.templates.map(t=>`<tr><td>${badge(t.id,'blue')}</td><td>${t.name}</td><td>${t.format}</td><td><code>${t.path}</code></td></tr>`).join('');
-  document.querySelector('#cl-table tbody').innerHTML=app.checklists.map(c=>`<tr><td>${badge(c.id,'blue')}</td><td>${c.name}</td><td>${c.items}</td><td>${c.covers.join(', ')}</td></tr>`).join('');
-  document.querySelector('#ref-table tbody').innerHTML=app.referenceMaterials.map(r=>`<tr><td>${badge(r.ref,'blue')}</td><td>${r.title}</td><td><code>${r.path}</code></td></tr>`).join('');
+
+  document.querySelector('#icgc-table tbody').innerHTML=icgc.map(c=>`<tr><td>${badge(c.id,'blue')}</td><td><strong>${c.name}</strong></td><td style="font-size:0.82em">${c.function}</td><td>${c.members||38}</td><td>${badge(c.status,c.status.includes('Active')?'green':c.status.includes('Draft')?'gold':'blue')}</td><td>${c.timeline}</td></tr>`).join('');
+
+  document.querySelector('#gcr-table tbody').innerHTML=gcr.map(c=>`<tr><td><strong>${c.name}</strong></td><td style="color:var(--blue);font-weight:600">${c.count}</td><td>${c.threshold}</td><td style="font-size:0.82em">${c.requirement}</td><td>${badge('Compliant','green')}</td></tr>`).join('');
+
+  document.querySelector('#xborder-table tbody').innerHTML=xb.map(m=>`<tr><td><strong>${m.name}</strong></td><td style="font-size:0.82em">${m.description}</td><td>${badge(m.status,m.status.includes('Active')?'green':'gold')}</td><td style="font-size:0.82em">${m.participants.join(', ')}</td><td>${m.sla||'24h'}</td></tr>`).join('');
+
+  // Jurisdiction heatmap
+  const jurisdictions=[
+    {name:'United States',euAI:'N/A',nist:'96.4%',iso:'93.2%',gdpr:'N/A',sr117:'94.8%',overall:'94.8%'},
+    {name:'European Union',euAI:'89.4%',nist:'N/A',iso:'93.2%',gdpr:'96.1%',sr117:'N/A',overall:'89.4%'},
+    {name:'United Kingdom',euAI:'N/A',nist:'N/A',iso:'93.2%',gdpr:'95.8%',sr117:'N/A',overall:'91.2%'},
+    {name:'OECD (Global)',euAI:'N/A',nist:'N/A',iso:'93.2%',gdpr:'N/A',sr117:'N/A',overall:'91.6%'}
+  ];
+  document.getElementById('jurisdiction-heatmap').innerHTML=`<table><thead><tr><th>Jurisdiction</th><th>EU AI Act</th><th>NIST AI RMF</th><th>ISO 42001</th><th>GDPR</th><th>SR 11-7</th><th>Overall</th></tr></thead><tbody>${jurisdictions.map(j=>`<tr><td><strong>${j.name}</strong></td>${[j.euAI,j.nist,j.iso,j.gdpr,j.sr117].map(v=>`<td style="text-align:center;${v!=='N/A'?'color:'+(parseFloat(v)>=93?'var(--green)':parseFloat(v)>=88?'var(--gold)':'var(--red)')+';font-weight:600':'color:var(--dim)'}">${v}</td>`).join('')}<td style="text-align:center;font-weight:700;color:var(--blue)">${j.overall}</td></tr>`).join('')}</tbody></table>`;
+
+  // ══════════════════════════════════════════════════════════════
+  // MASTER BLUEPRINT
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('bp-kpis').innerHTML=[
+    [3,'Governance Scales','blue'],[22,'Source Documents','purple'],[8,'Pillar Integration','green'],['2026-2030','Timeline Horizon','gold'],[5,'Scalability Levels','blue'],['WP-023','Master Reference','gold']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.getElementById('scales-grid').innerHTML=bp.map(s=>{
+    const clr=s.scale==='Enterprise'?'#3b82f6':s.scale==='Frontier'?'#f59e0b':'#8b5cf6';
+    return`<div class="card" style="border-top:3px solid ${clr}"><h4 style="color:${clr}">${s.scale} Scale</h4><p style="color:var(--muted);font-size:0.85em;margin-bottom:10px">${s.description}</p><div style="font-size:0.82em"><strong>Components:</strong><ul style="margin:4px 0 8px 16px">${s.components.map(c=>'<li>'+c+'</li>').join('')}</ul><strong>Integration Points:</strong><ul style="margin:4px 0 0 16px;color:var(--dim)">${s.integrationPoints.map(i=>'<li>'+i+'</li>').join('')}</ul></div></div>`;
+  }).join('');
+
+  document.querySelector('#scale-table tbody').innerHTML=Object.entries(scale).map(([k,v])=>`<tr><td><strong style="color:var(--blue)">${k.charAt(0).toUpperCase()+k.slice(1)}</strong></td><td>${v.scope}</td><td style="font-size:0.82em">${v.governance}</td><td style="color:var(--gold)">${v.investment}</td><td>${v.timeline}</td><td style="font-size:0.78em;color:var(--dim)">${v.milestone||'Per phase'}</td></tr>`).join('');
+
+  document.querySelector('#integration-table tbody').innerHTML=integ.existingFrameworks.map(f=>`<tr><td><strong>${f.framework}</strong></td><td style="font-size:0.82em">${f.integration}</td><td>${f.touchpoints.map(t=>badge(t,'blue')).join(' ')}</td><td>${badge('Mapped','green')}</td></tr>`).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // IMPLEMENTATION
+  // ══════════════════════════════════════════════════════════════
+  document.getElementById('impl-kpis').innerHTML=[
+    ['$68.4M','Total Investment','gold'],['$118.7M','NPV','green'],['42.1%','IRR','green'],['2.1 yr','Payback','blue'],['$52.3M','Annual Savings','green'],[48,'Total Risks','red'],[4,'Critical Risks','red'],[12,'High Risks','gold']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  // Phase timeline
+  document.getElementById('phases-timeline').innerHTML=impl.map((p,i)=>`<div class="tl-item ${i===0?'active':''}"><h5>${p.phase}</h5><p>Duration: ${p.duration} | Investment: <strong style="color:var(--gold)">${p.investment}</strong></p><div style="margin-top:6px">${p.milestones.map(m=>`<div style="font-size:0.82em;color:var(--muted);padding:2px 0">&bull; ${m}</div>`).join('')}</div></div>`).join('');
+
+  document.querySelector('#invest-table tbody').innerHTML=invest.map(i=>`<tr><td><strong>${i.category}</strong></td><td style="color:var(--gold)">${i.fiveYearCost}</td><td style="color:var(--green)">${i.npv}</td><td style="color:var(--green)">${i.irr}</td><td>${i.payback||'2.1 yr'}</td></tr>`).join('');
+
+  document.querySelector('#savings-table tbody').innerHTML=save.map(s=>`<tr><td><strong>${s.category}</strong></td><td style="color:var(--green);font-weight:600">${s.annual}</td><td style="font-size:0.82em;color:var(--muted)">${s.description}</td></tr>`).join('');
+
+  document.querySelector('#risk-table tbody').innerHTML=risks.map(r=>{
+    const sev=r.probability>=0.7?'Critical':r.probability>=0.5?'High':r.probability>=0.3?'Medium':'Low';
+    return`<tr><td>${badge(r.id,'red')}</td><td><strong>${r.name}</strong></td><td>${(r.probability*100).toFixed(0)}%</td><td>${badge(r.impact,r.impact==='Critical'?'red':'gold')}</td><td>${badge(sev,sev==='Critical'?'red':sev==='High'?'gold':'blue')}</td><td style="font-size:0.82em">${r.mitigation}</td><td>${r.owner}</td></tr>`;
+  }).join('');
+
+  document.getElementById('rollout-grid').innerHTML=Object.entries(rollout).map(([k,v])=>{
+    const clr=k.includes('30')?'var(--green)':k.includes('60')?'var(--blue)':'var(--purple)';
+    return`<div class="card" style="border-top:3px solid ${clr}"><h4 style="color:${clr}">${v.title}</h4><div style="font-size:0.85em">${v.actions.map(a=>`<div style="padding:3px 0;color:var(--muted)">&bull; ${a}</div>`).join('')}</div></div>`;
+  }).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // APPENDICES
+  // ══════════════════════════════════════════════════════════════
+  document.querySelector('#tpl-table tbody').innerHTML=app.templates.map(t=>`<tr><td>${badge(t.id,'blue')}</td><td><strong>${t.name}</strong></td><td>${badge(t.format,'gray')}</td><td><code style="font-size:0.85em;color:var(--muted)">${t.path}</code></td><td style="font-size:0.78em">${t.standard||'Multi-framework'}</td></tr>`).join('');
+
+  document.querySelector('#cl-table tbody').innerHTML=app.checklists.map(c=>`<tr><td>${badge(c.id,'green')}</td><td><strong>${c.name}</strong></td><td style="text-align:center;color:var(--blue);font-weight:600">${c.items}</td><td>${c.covers.map(cv=>badge(cv,'blue')).join(' ')}</td></tr>`).join('');
+
+  // OPA Policy catalog
+  const opaFiles=['eu_ai_act_high_risk','nist_ai_rmf_govern','iso42001_aims_governance','gdpr_ai_data_protection','fair_lending_disparate_impact','basel_iii_model_risk','sr_11_7_model_validation','kafka_acl_governance','eu_ai_act_kafka_enforcement','agent_governance_depths','development_deployment_governance','monitoring_sentinel_engine','oecd_ai_principles','master_reference_compliance'];
+  document.getElementById('opa-catalog').innerHTML=`<table><thead><tr><th>Policy File</th><th>Framework</th><th>Rules</th><th>Status</th></tr></thead><tbody>${opaFiles.map(f=>`<tr><td><code style="color:var(--blue)">${f}.rego</code></td><td>${badge(f.split('_').slice(0,2).join(' ').toUpperCase(),'blue')}</td><td style="color:var(--green)">Active</td><td>${badge('Deployed','green')}</td></tr>`).join('')}</tbody></table>`;
+
+  document.querySelector('#ref-table tbody').innerHTML=app.referenceMaterials.map(r=>`<tr><td>${badge(r.ref,'blue')}</td><td><strong>${r.title}</strong></td><td>v1.0.0</td><td>${badge('Published','green')}</td></tr>`).join('');
+
+  // ══════════════════════════════════════════════════════════════
+  // API EXPLORER
+  // ══════════════════════════════════════════════════════════════
+  const apiDomains=[
+    {name:'Root & Metadata',prefix:'/api/master-ref',endpoints:['','metadata','dashboard','metrics'],count:4},
+    {name:'Regulatory Compliance',prefix:'/api/master-ref/regulatory',endpoints:['frameworks','frameworks/:id','compliance-matrix','compliance-matrix/overlaps','compliance-matrix/gaps','compliance-matrix/requirements/:framework','jurisdiction/:code','policy-as-code'],count:14},
+    {name:'Governance Structure',prefix:'/api/master-ref/governance-structure',endpoints:['pillars','pillars/:id','decision-hierarchy','escalation/phases','escalation/severity-levels','raci-matrix'],count:12},
+    {name:'Technical Implementation',prefix:'/api/master-ref/technical',endpoints:['reference-architecture/layers','trust-stack','kafka-acl/topics','kafka-acl/acl-rules','terraform/modules','terraform/cicd-gates','auditor-workflows','worm-storage','drift-detection','evidence-bundles'],count:14},
+    {name:'Financial Services',prefix:'/api/master-ref/financial-services',endpoints:['model-inventory','credit-scoring','credit-scoring/sr117','credit-scoring/fair-lending','trading','risk-management','customer-service','earl'],count:10},
+    {name:'AGI Safety',prefix:'/api/master-ref/agi-safety',endpoints:['trust-by-design/principles','alignment','containment/layers','readiness-levels','kill-switch/status','cognitive-resonance'],count:10},
+    {name:'Global Governance',prefix:'/api/master-ref/global-governance',endpoints:['icgc/components','compute-registry/categories','cross-border/mechanisms','jurisdiction-compliance'],count:8},
+    {name:'Master Blueprint',prefix:'/api/master-ref/blueprint',endpoints:['scales','scalability','integration','unified-view'],count:5},
+    {name:'Implementation',prefix:'/api/master-ref/implementation',endpoints:['timeline/phases','cost-benefit/breakdown','cost-benefit/savings','risks/top','risks/register','rollout','kpi-targets'],count:14}
+  ];
+  const totalApiEndpoints=apiDomains.reduce((a,d)=>a+d.count,0);
+  document.getElementById('api-kpis').innerHTML=[
+    [totalApiEndpoints,'Total Endpoints','blue'],[apiDomains.length,'API Domains','purple'],['GET','HTTP Method','green'],['JSON','Response Format','blue'],['<5ms','Avg Latency','green'],['81/81','Test Pass Rate','green']
+  ].map(([v,l,c])=>`<div class="kpi ${c}"><div class="value">${v}</div><div class="label">${l}</div></div>`).join('');
+
+  document.getElementById('api-catalog').innerHTML=apiDomains.map(d=>
+    accordion(`${d.name} (${d.count} endpoints)`,`<table><thead><tr><th>Endpoint</th><th>Method</th><th>Status</th></tr></thead><tbody>${d.endpoints.map(e=>`<tr><td><code style="color:var(--blue)">${d.prefix}/${e}</code></td><td>${badge('GET','green')}</td><td>${badge('200 OK','green')}</td></tr>`).join('')}</tbody></table>`)
+  ).join('');
+
+  console.log('[MREF-GSIFI-WP-023] Dashboard loaded — '+totalApiEndpoints+' API endpoints mapped across '+apiDomains.length+' domains');
 }
-load();
+
+// WebSocket connection for real-time updates
+function connectWS(){
+  try{
+    ws=new WebSocket((location.protocol==='https:'?'wss://':'ws://')+location.host+'/ws');
+    ws.onopen=()=>console.log('[WS] Connected');
+    ws.onclose=()=>setTimeout(connectWS,5000);
+    ws.onerror=()=>{};
+  }catch(e){}
+}
+
+load().catch(e=>console.error('[MREF] Load error:',e));
+connectWS();
 </script>
 </body>
 </html>
diff --git a/rag-agentic-dashboard/public/six-layer-governance.html b/rag-agentic-dashboard/public/six-layer-governance.html
new file mode 100644
index 0000000..431f393
--- /dev/null
+++ b/rag-agentic-dashboard/public/six-layer-governance.html
@@ -0,0 +1,1122 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>GSIFI-REFARCH-WP-024 — Six-Layer Full-Stack AI Governance for Tier-1 Global Banks</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--bg:#0a0e1a;--surface:#111827;--border:#1e293b;--blue:#60a5fa;--green:#34d399;--gold:#fbbf24;--red:#f87171;--purple:#a78bfa;--cyan:#22d3ee;--text:#e0e4f0;--muted:#94a3b8;--dim:#64748b;--l1:#f59e0b;--l2:#3b82f6;--l3:#8b5cf6;--l4:#10b981;--l5:#ef4444;--l6:#06b6d4}
+body{font-family:'Segoe UI',system-ui,-apple-system,sans-serif;background:var(--bg);color:var(--text);line-height:1.6;min-height:100vh}
+.header{background:linear-gradient(135deg,#0d1321 0%,#1b2838 40%,#162032 70%,#0f172a 100%);border-bottom:2px solid var(--blue);padding:20px 32px;position:relative;overflow:hidden}
+.header::before{content:'';position:absolute;top:0;left:0;right:0;bottom:0;background:radial-gradient(ellipse at 70% 50%,rgba(59,130,246,0.08) 0%,transparent 60%);pointer-events:none}
+.header h1{font-size:1.55em;color:var(--blue);font-weight:800;letter-spacing:-0.02em;position:relative}
+.header .meta{color:var(--muted);font-size:0.82em;margin-top:6px;position:relative}
+.header .doc-ref{color:var(--gold);font-weight:700}
+.header .live-badge{display:inline-block;background:#064e3b;color:var(--green);font-size:0.72em;padding:2px 10px;border-radius:10px;margin-left:12px;font-weight:600;animation:pulse 2s infinite}
+@keyframes pulse{0%,100%{opacity:1}50%{opacity:0.6}}
+.status-bar{background:#0d1321;border-bottom:1px solid var(--border);padding:6px 32px;display:flex;gap:24px;font-size:0.75em;color:var(--dim);align-items:center;flex-wrap:wrap}
+.status-bar .dot{width:6px;height:6px;border-radius:50%;display:inline-block;margin-right:4px}
+.status-bar .dot-green{background:var(--green)}.status-bar .dot-gold{background:var(--gold)}.status-bar .dot-red{background:var(--red)}
+.nav{display:flex;gap:4px;padding:10px 32px;background:var(--surface);border-bottom:1px solid var(--border);flex-wrap:wrap;position:sticky;top:0;z-index:100}
+.nav a{padding:7px 16px;border-radius:8px;color:var(--muted);text-decoration:none;font-size:0.78em;cursor:pointer;transition:all 0.2s;font-weight:500;border:1px solid transparent}
+.nav a:hover{background:rgba(59,130,246,0.1);color:var(--blue);border-color:rgba(59,130,246,0.2)}
+.nav a.active{background:#1e3a5f;color:var(--blue);border-color:rgba(59,130,246,0.4);font-weight:600}
+.container{max-width:1480px;margin:0 auto;padding:24px 32px}
+.section{display:none;animation:fadeIn 0.4s ease-out}
+.section.active{display:block}
+@keyframes fadeIn{from{opacity:0;transform:translateY(6px)}to{opacity:1;transform:translateY(0)}}
+.kpi-grid{display:grid;grid-template-columns:repeat(auto-fill,minmax(170px,1fr));gap:14px;margin:20px 0}
+.kpi{background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:16px;text-align:center;transition:transform 0.2s,border-color 0.2s}
+.kpi:hover{transform:translateY(-2px);border-color:rgba(96,165,250,0.3)}
+.kpi .value{font-size:1.65em;font-weight:800;letter-spacing:-0.02em}
+.kpi .label{font-size:0.72em;color:var(--muted);margin-top:3px;text-transform:uppercase;letter-spacing:0.05em;font-weight:500}
+.kpi.blue .value{color:var(--blue)}.kpi.green .value{color:var(--green)}.kpi.gold .value{color:var(--gold)}.kpi.red .value{color:var(--red)}.kpi.purple .value{color:var(--purple)}.kpi.cyan .value{color:var(--cyan)}
+h2{color:var(--blue);margin:28px 0 14px;font-size:1.3em;border-bottom:1px solid var(--border);padding-bottom:8px;font-weight:700}
+h3{color:#93c5fd;margin:20px 0 10px;font-size:1.05em;font-weight:600}
+h4{color:#93c5fd;margin-bottom:8px;font-size:0.92em}
+table{width:100%;border-collapse:collapse;margin:12px 0;font-size:0.82em}
+thead{position:sticky;top:54px;z-index:10}
+th{background:#1a2332;color:#93c5fd;padding:10px 12px;text-align:left;font-weight:600;font-size:0.88em;border-bottom:2px solid var(--border)}
+td{padding:8px 12px;border-bottom:1px solid rgba(30,41,59,0.6);color:#cbd5e1;vertical-align:top}
+tr:hover td{background:rgba(30,41,59,0.4)}
+.badge{display:inline-block;padding:2px 10px;border-radius:12px;font-size:0.73em;font-weight:600;white-space:nowrap}
+.badge-green{background:#064e3b;color:var(--green)}.badge-blue{background:#1e3a5f;color:var(--blue)}.badge-gold{background:#78350f;color:var(--gold)}.badge-red{background:#7f1d1d;color:var(--red)}.badge-purple{background:#4c1d95;color:#c4b5fd}.badge-gray{background:#1e293b;color:var(--muted)}.badge-cyan{background:#083344;color:var(--cyan)}
+.card{background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:18px;margin:12px 0;transition:border-color 0.2s}
+.card:hover{border-color:rgba(96,165,250,0.2)}
+.card h4{margin-top:0}
+.progress-bar{height:8px;background:var(--border);border-radius:4px;overflow:hidden;margin:6px 0}
+.progress-bar .fill{height:100%;border-radius:4px;transition:width 0.8s ease-out}
+.col-2{display:grid;grid-template-columns:1fr 1fr;gap:16px}
+.col-3{display:grid;grid-template-columns:1fr 1fr 1fr;gap:16px}
+.col-4{display:grid;grid-template-columns:repeat(4,1fr);gap:14px}
+@media(max-width:900px){.col-2,.col-3,.col-4{grid-template-columns:1fr}}
+.chart-container{background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:20px;margin:16px 0;min-height:200px;position:relative}
+.chart-title{font-size:0.88em;color:var(--muted);margin-bottom:12px;font-weight:600;text-transform:uppercase;letter-spacing:0.05em}
+/* Six-Layer visual stack */
+.layer-stack{display:flex;flex-direction:column;gap:6px;margin:16px 0}
+.layer-row{display:grid;grid-template-columns:80px 200px 1fr 240px 150px;gap:12px;align-items:center;padding:14px 16px;border-radius:12px;border:1px solid var(--border);background:var(--surface);transition:all 0.3s;cursor:pointer}
+.layer-row:hover{border-color:rgba(96,165,250,0.4);transform:translateX(4px)}
+.layer-id{font-size:1.6em;font-weight:900;text-align:center;border-radius:10px;padding:4px 0;line-height:1.2}
+.layer-name{font-weight:700;font-size:0.92em;line-height:1.3}
+.layer-function{font-size:0.78em;color:var(--muted);line-height:1.4}
+.layer-owner{font-size:0.76em;color:var(--dim)}
+.layer-3lod{font-size:0.74em;font-weight:600;text-align:center;padding:4px 8px;border-radius:8px}
+.l1-color{color:var(--l1);border-color:rgba(245,158,11,0.3)}.l1-bg{background:rgba(245,158,11,0.08)}
+.l2-color{color:var(--l2);border-color:rgba(59,130,246,0.3)}.l2-bg{background:rgba(59,130,246,0.08)}
+.l3-color{color:var(--l3);border-color:rgba(139,92,246,0.3)}.l3-bg{background:rgba(139,92,246,0.08)}
+.l4-color{color:var(--l4);border-color:rgba(16,185,129,0.3)}.l4-bg{background:rgba(16,185,129,0.08)}
+.l5-color{color:var(--l5);border-color:rgba(239,68,68,0.3)}.l5-bg{background:rgba(239,68,68,0.08)}
+.l6-color{color:var(--l6);border-color:rgba(6,182,212,0.3)}.l6-bg{background:rgba(6,182,212,0.08)}
+/* 3LoD Visual */
+.lod-container{display:grid;grid-template-columns:repeat(3,1fr);gap:16px;margin:16px 0}
+.lod-card{border-radius:12px;padding:20px;border:1px solid var(--border);background:var(--surface)}
+.lod-card h4{margin-bottom:10px}
+.lod-role{padding:10px;margin:8px 0;border-radius:8px;background:rgba(30,41,59,0.5);border-left:3px solid var(--blue)}
+.lod-role .role-title{font-weight:700;font-size:0.88em;color:var(--blue)}
+.lod-role .role-detail{font-size:0.76em;color:var(--muted);margin-top:3px}
+/* Crisis Sim */
+.crisis-card{border-radius:12px;padding:20px;border:1px solid var(--border);background:var(--surface);margin:10px 0}
+.crisis-card.trading{border-left:4px solid var(--red)}
+.crisis-card.hallucination{border-left:4px solid var(--gold)}
+.crisis-card.adversarial{border-left:4px solid var(--purple)}
+.crisis-card .crisis-title{font-weight:700;font-size:1em;margin-bottom:8px}
+.crisis-card .scenario{font-size:0.82em;color:var(--muted);line-height:1.5;margin:8px 0;padding:10px;background:rgba(30,41,59,0.5);border-radius:8px;border-left:2px solid var(--dim)}
+/* Crosswalk table */
+.crosswalk-cell{font-size:0.73em;line-height:1.3}
+.crosswalk-cell.na{color:var(--dim);font-style:italic}
+/* Board package */
+.slide-preview{background:#1a2332;border:2px solid var(--border);border-radius:16px;padding:28px;aspect-ratio:16/9;display:flex;flex-direction:column;margin:16px 0;position:relative;overflow:hidden}
+.slide-preview::before{content:'16:9 BOARD ARCHITECTURE SLIDE';position:absolute;top:8px;right:12px;font-size:0.6em;color:var(--dim);letter-spacing:0.08em}
+.slide-preview .slide-grid{display:grid;grid-template-columns:1fr 2fr 1fr;gap:16px;flex:1}
+.slide-col{display:flex;flex-direction:column;gap:6px}
+.slide-layer{padding:8px 10px;border-radius:8px;font-size:0.72em;border:1px solid var(--border)}
+/* Pipeline gates */
+.pipeline{display:flex;gap:4px;margin:16px 0;overflow-x:auto;padding-bottom:8px}
+.gate{flex:0 0 calc(14.28% - 4px);min-width:140px;background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:14px;text-align:center;position:relative}
+.gate.human{border-color:rgba(251,191,36,0.4);background:rgba(120,53,15,0.1)}
+.gate.auto{border-color:rgba(52,211,153,0.3);background:rgba(6,78,59,0.1)}
+.gate .gate-num{font-size:1.4em;font-weight:900;margin-bottom:4px}
+.gate .gate-name{font-size:0.72em;font-weight:600;line-height:1.2}
+.gate .gate-type{font-size:0.65em;margin-top:6px}
+.gate-arrow{display:flex;align-items:center;color:var(--dim);font-size:1.2em;flex:0 0 20px;justify-content:center}
+/* Roadmap */
+.timeline{position:relative;padding-left:40px;margin:16px 0}
+.timeline::before{content:'';position:absolute;left:16px;top:0;bottom:0;width:2px;background:var(--border)}
+.timeline-item{position:relative;margin:16px 0;padding:16px;background:var(--surface);border:1px solid var(--border);border-radius:12px}
+.timeline-item::before{content:'';position:absolute;left:-30px;top:22px;width:12px;height:12px;border-radius:50%;border:2px solid var(--blue);background:var(--bg)}
+.timeline-item.active::before{background:var(--blue)}
+.timeline-item .phase-header{display:flex;justify-content:space-between;align-items:center;margin-bottom:10px}
+.timeline-item .phase-name{font-weight:700;font-size:0.95em;color:var(--blue)}
+.timeline-item .phase-duration{font-size:0.75em;color:var(--muted)}
+.ws-list{display:grid;grid-template-columns:1fr 1fr;gap:8px;margin-top:8px}
+.ws-item{padding:8px 10px;background:rgba(30,41,59,0.4);border-radius:8px;font-size:0.78em}
+.ws-item .ws-name{font-weight:600;color:var(--text)}
+.ws-item .ws-milestone{font-size:0.85em;color:var(--gold);margin-top:2px}
+/* Exec Briefing */
+.exec-briefing{background:#111827;border:2px solid var(--border);border-radius:16px;padding:32px;margin:16px 0;max-width:900px;position:relative}
+.exec-briefing::before{content:'BOARD RISK COMMITTEE — ONE-PAGE EXECUTIVE BRIEFING';position:absolute;top:-12px;left:24px;background:var(--bg);padding:0 12px;font-size:0.68em;color:var(--gold);font-weight:600;letter-spacing:0.06em}
+.briefing-header{font-size:1.2em;font-weight:800;color:var(--blue);text-align:center;padding:12px 0;border-bottom:2px solid var(--border);margin-bottom:16px}
+.briefing-section{margin:12px 0;padding-bottom:10px;border-bottom:1px solid rgba(30,41,59,0.5)}
+.briefing-section:last-child{border-bottom:none}
+.briefing-section .title{font-size:0.78em;font-weight:700;color:var(--gold);text-transform:uppercase;letter-spacing:0.05em;margin-bottom:4px}
+.briefing-section .content{font-size:0.84em;color:#cbd5e1;line-height:1.5}
+.traffic-light{display:inline-block;width:10px;height:10px;border-radius:50%;margin-right:4px;vertical-align:middle}
+.tl-green{background:var(--green)}.tl-amber{background:var(--gold)}.tl-red{background:var(--red)}
+/* Print/PDF */
+@media print{
+  body{background:#fff;color:#1a1a1a}
+  .nav,.status-bar{display:none}
+  .section{display:block!important;page-break-inside:avoid}
+  .header{background:#fff;border-color:#1a1a1a;padding:16px}
+  .header h1{color:#1a365d}
+  table,th,td{border:1px solid #ccc}
+  th{background:#e2e8f0;color:#1a1a1a}
+  .kpi{border:1px solid #ccc;background:#f9fafb}
+  .kpi .value{color:#1a365d}
+  .card,.chart-container{background:#f9fafb;border:1px solid #ccc}
+  .watermark{position:fixed;top:50%;left:50%;transform:translate(-50%,-50%) rotate(-30deg);font-size:80px;color:rgba(0,0,0,0.04);font-weight:900;pointer-events:none;z-index:999}
+}
+</style>
+</head>
+<body>
+<!-- Header -->
+<div class="header">
+  <h1 id="docTitle">Enterprise AI Governance Reference Architecture</h1>
+  <div class="meta">
+    <span class="doc-ref" id="docRef">GSIFI-REFARCH-WP-024</span> |
+    <span id="docVersion">v1.0.0</span> |
+    <span id="docDate">2026-04-10</span> |
+    <span id="docClass">CONFIDENTIAL</span>
+    <span class="live-badge" id="wsStatus">CONNECTING</span>
+  </div>
+  <div class="meta" style="margin-top:4px;font-size:0.76em">Six-Layer Full-Stack Governance Model for AGI-Capable Systems in Tier-1 Global Banks</div>
+</div>
+
+<!-- Status Bar -->
+<div class="status-bar" id="statusBar">
+  <span><span class="dot dot-green"></span>API Connected</span>
+  <span id="sbEndpoints">Endpoints: --</span>
+  <span id="sbLayers">Layers: --</span>
+  <span id="sbControls">Controls: --</span>
+  <span id="sbMappings">Mappings: --</span>
+  <span id="sbKPIs">KPIs: --</span>
+  <span id="sbTimestamp">Updated: --</span>
+</div>
+
+<!-- Navigation -->
+<nav class="nav" id="mainNav">
+  <a href="#overview" class="active" data-section="sec-overview">Overview</a>
+  <a href="#six-layer" data-section="sec-six-layer">Six-Layer Model</a>
+  <a href="#3lod" data-section="sec-3lod">Three Lines of Defense</a>
+  <a href="#stack" data-section="sec-stack">Governance Stack</a>
+  <a href="#crosswalk" data-section="sec-crosswalk">Regulatory Crosswalk</a>
+  <a href="#cicd" data-section="sec-cicd">CI/CD Gates</a>
+  <a href="#escalation" data-section="sec-escalation">Escalation Thresholds</a>
+  <a href="#data-gov" data-section="sec-data-gov">Data Governance Fields</a>
+  <a href="#roadmap" data-section="sec-roadmap">90-Day MVP Roadmap</a>
+  <a href="#crisis" data-section="sec-crisis">Crisis Simulations</a>
+  <a href="#board" data-section="sec-board">Board Deliverables</a>
+  <a href="#api" data-section="sec-api">API Explorer</a>
+</nav>
+
+<div class="container">
+
+<!-- ═══════════════ SECTION: OVERVIEW ═══════════════ -->
+<div class="section active" id="sec-overview">
+  <h2>Executive Dashboard</h2>
+  <div class="kpi-grid" id="kpiGrid"></div>
+
+  <h3>Regulatory Framework Coverage</h3>
+  <div id="frameworkBadges" style="display:flex;flex-wrap:wrap;gap:8px;margin:12px 0"></div>
+
+  <div class="col-2" style="margin-top:20px">
+    <div class="chart-container">
+      <div class="chart-title">Governance Layers — KPI Achievement</div>
+      <canvas id="layerRadar" width="400" height="300"></canvas>
+    </div>
+    <div class="chart-container">
+      <div class="chart-title">Investment Breakdown by Phase</div>
+      <div id="investmentChart" style="display:flex;align-items:flex-end;gap:12px;height:200px;padding-top:10px"></div>
+    </div>
+  </div>
+
+  <h3>Document Classification</h3>
+  <div class="card" id="metaCard"></div>
+
+  <h3>Companion Documents</h3>
+  <div id="companionDocs" style="display:flex;flex-wrap:wrap;gap:10px;margin:12px 0"></div>
+</div>
+
+<!-- ═══════════════ SECTION: SIX-LAYER MODEL ═══════════════ -->
+<div class="section" id="sec-six-layer">
+  <h2>Six-Layer Full-Stack AI Governance Model</h2>
+  <p style="color:var(--muted);font-size:0.88em;margin-bottom:16px" id="sixLayerPrinciple"></p>
+
+  <div class="layer-stack" id="layerStack"></div>
+
+  <h3>Layer Detail</h3>
+  <div id="layerDetail" class="card" style="display:none"></div>
+
+  <h3>Regulatory Mapping by Layer</h3>
+  <div id="regMapTable"></div>
+
+  <h3>KPI Summary Across All Layers</h3>
+  <div id="kpiTable"></div>
+</div>
+
+<!-- ═══════════════ SECTION: THREE LINES OF DEFENSE ═══════════════ -->
+<div class="section" id="sec-3lod">
+  <h2>Three Lines of Defense — AI/AGI Governance</h2>
+  <p style="color:var(--muted);font-size:0.88em;margin-bottom:16px" id="lodModel"></p>
+  <div class="lod-container" id="lodContainer"></div>
+
+  <h3>CAIGO Authority Profile</h3>
+  <div class="card" id="caigoProfile"></div>
+
+  <h3>AI Risk Committee Composition</h3>
+  <div class="card" id="riskCommittee"></div>
+
+  <h3>Specialized Governance Offices</h3>
+  <div class="col-3" id="govOffices"></div>
+</div>
+
+<!-- ═══════════════ SECTION: GOVERNANCE STACK ═══════════════ -->
+<div class="section" id="sec-stack">
+  <h2>Minimal Enterprise AI Governance Stack</h2>
+  <p style="color:var(--muted);font-size:0.88em;margin-bottom:16px" id="stackPrinciple"></p>
+  <div id="stackGrid" class="col-2"></div>
+  <h3>Stack Maturity Overview</h3>
+  <div id="stackMaturity"></div>
+</div>
+
+<!-- ═══════════════ SECTION: REGULATORY CROSSWALK ═══════════════ -->
+<div class="section" id="sec-crosswalk">
+  <h2>Regulatory Control Crosswalk</h2>
+  <p style="color:var(--muted);font-size:0.88em;margin-bottom:8px" id="crosswalkPurpose"></p>
+  <div class="kpi-grid" style="grid-template-columns:repeat(3,1fr)">
+    <div class="kpi blue"><div class="value" id="cwControls">--</div><div class="label">Controls</div></div>
+    <div class="kpi green"><div class="value" id="cwMappings">--</div><div class="label">Mappings</div></div>
+    <div class="kpi gold"><div class="value" id="cwFrameworks">--</div><div class="label">Frameworks</div></div>
+  </div>
+
+  <h3>Full Crosswalk Matrix</h3>
+  <div style="overflow-x:auto" id="crosswalkTable"></div>
+
+  <h3>Evidence Artifacts & Auditor Questions</h3>
+  <div id="evidenceTable"></div>
+</div>
+
+<!-- ═══════════════ SECTION: CI/CD GATES ═══════════════ -->
+<div class="section" id="sec-cicd">
+  <h2>CI/CD Governance Pipeline — 7-Stage Human-in-the-Loop</h2>
+  <div class="pipeline" id="pipelineViz"></div>
+  <h3>Gate Details</h3>
+  <div id="gateTable"></div>
+</div>
+
+<!-- ═══════════════ SECTION: ESCALATION ═══════════════ -->
+<div class="section" id="sec-escalation">
+  <h2>Runtime Escalation Thresholds</h2>
+  <div id="escalationCards"></div>
+</div>
+
+<!-- ═══════════════ SECTION: DATA GOVERNANCE FIELDS ═══════════════ -->
+<div class="section" id="sec-data-gov">
+  <h2>Data Governance Fields in Model Registry</h2>
+  <div class="kpi-grid" style="grid-template-columns:repeat(2,1fr);max-width:500px">
+    <div class="kpi green"><div class="value" id="dgTotal">--</div><div class="label">Total Fields</div></div>
+    <div class="kpi gold"><div class="value" id="dgRequired">--</div><div class="label">Required</div></div>
+  </div>
+  <div id="dgTable"></div>
+</div>
+
+<!-- ═══════════════ SECTION: 90-DAY MVP ROADMAP ═══════════════ -->
+<div class="section" id="sec-roadmap">
+  <h2>90-Day MVP Implementation Roadmap</h2>
+  <div class="kpi-grid" style="grid-template-columns:repeat(4,1fr)">
+    <div class="kpi blue"><div class="value">4</div><div class="label">Phases</div></div>
+    <div class="kpi gold"><div class="value">90</div><div class="label">Days</div></div>
+    <div class="kpi green"><div class="value" id="mvpInvest">--</div><div class="label">Year-1 Investment</div></div>
+    <div class="kpi purple"><div class="value" id="mvpTeam">--</div><div class="label">Team FTE</div></div>
+  </div>
+  <div class="timeline" id="roadmapTimeline"></div>
+  <h3>Go/No-Go Gates</h3>
+  <div id="gatesTable"></div>
+</div>
+
+<!-- ═══════════════ SECTION: CRISIS SIMULATIONS ═══════════════ -->
+<div class="section" id="sec-crisis">
+  <h2>AI Crisis Simulation Scenarios</h2>
+  <p style="color:var(--muted);font-size:0.88em;margin-bottom:16px">Phase 4 of the 90-day MVP: Three production-grade crisis tabletop exercises designed to stress-test the governance architecture under extreme conditions.</p>
+  <div id="crisisContainer"></div>
+  <h3>Post-Simulation Hardening Actions</h3>
+  <div id="hardeningActions"></div>
+</div>
+
+<!-- ═══════════════ SECTION: BOARD DELIVERABLES ═══════════════ -->
+<div class="section" id="sec-board">
+  <h2>Executive & Board-Ready Deliverables</h2>
+
+  <h3>Prioritized Recommendation</h3>
+  <div class="card" id="recommendation"></div>
+
+  <h3>Artifact Sequencing</h3>
+  <div id="sequencingTable"></div>
+
+  <h3>Board Package Component 1: Architecture Slide (16:9 Preview)</h3>
+  <div class="slide-preview" id="slidePreview"></div>
+
+  <h3>Board Package Component 2: One-Page Executive Briefing</h3>
+  <div class="exec-briefing" id="execBriefing"></div>
+
+  <h3>Board Package Component 3: Regulatory Crosswalk & Technical Annex</h3>
+  <div class="card" id="annexGuidance"></div>
+
+  <h3>Design Principles for Board Communications</h3>
+  <div class="col-3" id="designPrinciples"></div>
+</div>
+
+<!-- ═══════════════ SECTION: API EXPLORER ═══════════════ -->
+<div class="section" id="sec-api">
+  <h2>API Explorer — GSIFI-REFARCH-WP-024</h2>
+  <p style="color:var(--muted);font-size:0.88em;margin-bottom:16px">42 REST API endpoints powering this reference architecture. Click any endpoint to inspect the live response.</p>
+  <div id="apiCatalog"></div>
+  <h3>Live API Response</h3>
+  <pre id="apiResponse" style="background:var(--surface);border:1px solid var(--border);border-radius:12px;padding:16px;font-size:0.78em;color:#93c5fd;max-height:500px;overflow:auto;white-space:pre-wrap">Select an endpoint above to inspect the response.</pre>
+</div>
+
+</div><!-- /container -->
+
+<script>
+// ═══════════════════════════════════════════════════════════════
+// DATA LOADING & RENDERING ENGINE
+// ═══════════════════════════════════════════════════════════════
+
+const API = '/api/gsifi-refarch';
+const cache = {};
+
+async function fetchJSON(path) {
+  if (cache[path]) return cache[path];
+  try {
+    const r = await fetch(path);
+    if (!r.ok) throw new Error(r.status);
+    const d = await r.json();
+    cache[path] = d;
+    return d;
+  } catch(e) { console.error('Fetch error:', path, e); return null; }
+}
+
+// ── Navigation ──────────────────────────────────────────────
+document.querySelectorAll('.nav a').forEach(a => {
+  a.addEventListener('click', e => {
+    e.preventDefault();
+    document.querySelectorAll('.nav a').forEach(n => n.classList.remove('active'));
+    a.classList.add('active');
+    document.querySelectorAll('.section').forEach(s => s.classList.remove('active'));
+    const sec = document.getElementById(a.dataset.section);
+    if (sec) sec.classList.add('active');
+    window.location.hash = a.getAttribute('href');
+  });
+});
+
+// Restore section from hash
+window.addEventListener('load', () => {
+  const hash = window.location.hash.replace('#','');
+  if (hash) {
+    const link = document.querySelector(`.nav a[href="#${hash}"]`);
+    if (link) link.click();
+  }
+});
+
+// ── WebSocket ───────────────────────────────────────────────
+let ws;
+function connectWS() {
+  const protocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
+  ws = new WebSocket(`${protocol}//${location.host}/ws`);
+  ws.onopen = () => { document.getElementById('wsStatus').textContent = 'LIVE'; document.getElementById('wsStatus').style.background = '#064e3b'; };
+  ws.onclose = () => { document.getElementById('wsStatus').textContent = 'RECONNECTING'; document.getElementById('wsStatus').style.background = '#78350f'; setTimeout(connectWS, 3000); };
+  ws.onerror = () => ws.close();
+}
+connectWS();
+
+// ═══════════════════════════════════════════════════════════════
+// SECTION RENDERERS
+// ═══════════════════════════════════════════════════════════════
+
+// ── Overview ────────────────────────────────────────────────
+async function renderOverview() {
+  const [dash, meta, metrics] = await Promise.all([
+    fetchJSON(`${API}/dashboard`),
+    fetchJSON(`${API}/meta`),
+    fetchJSON(`${API}/metrics`)
+  ]);
+  if (!dash) return;
+
+  // Status bar
+  document.getElementById('sbEndpoints').textContent = `Endpoints: ${metrics?.endpoints || 42}`;
+  document.getElementById('sbLayers').textContent = `Layers: ${dash.layers}`;
+  document.getElementById('sbControls').textContent = `Controls: ${dash.crosswalkControls}`;
+  document.getElementById('sbMappings').textContent = `Mappings: ${dash.crosswalkMappings}`;
+  document.getElementById('sbKPIs').textContent = `KPIs: ${dash.totalKpis}`;
+  document.getElementById('sbTimestamp').textContent = `Updated: ${new Date().toISOString().slice(0,16)}`;
+
+  // KPI Grid
+  const kpis = [
+    { value: dash.layers, label: 'Governance Layers', cls: 'blue' },
+    { value: dash.linesOfDefense, label: 'Lines of Defense', cls: 'gold' },
+    { value: dash.governanceStackComponents, label: 'Stack Components', cls: 'green' },
+    { value: dash.regulatoryFrameworks, label: 'Regulatory Frameworks', cls: 'purple' },
+    { value: dash.crosswalkControls, label: 'Crosswalk Controls', cls: 'blue' },
+    { value: dash.crosswalkMappings, label: 'Control Mappings', cls: 'cyan' },
+    { value: dash.cicdGates, label: 'CI/CD Gates', cls: 'green' },
+    { value: dash.escalationTriggers, label: 'Escalation Triggers', cls: 'red' },
+    { value: dash.crisisSimulations, label: 'Crisis Simulations', cls: 'gold' },
+    { value: dash.mvpPhases, label: 'MVP Phases', cls: 'blue' },
+    { value: dash.totalKpis, label: 'Total KPIs', cls: 'green' },
+    { value: dash.boardDeliverables, label: 'Board Deliverables', cls: 'purple' },
+    { value: dash.dataGovernanceFields, label: 'Data Gov Fields', cls: 'cyan' },
+    { value: metrics?.opaRules || '482+', label: 'OPA Rego Rules', cls: 'blue' },
+    { value: metrics?.sentinelRules || '1,247', label: 'Sentinel Rules', cls: 'green' },
+    { value: metrics?.humanInLoopGates || 4, label: 'Human Gates', cls: 'gold' }
+  ];
+  document.getElementById('kpiGrid').innerHTML = kpis.map(k =>
+    `<div class="kpi ${k.cls}"><div class="value">${k.value}</div><div class="label">${k.label}</div></div>`
+  ).join('');
+
+  // Regulatory framework badges
+  if (meta?.regulatoryFrameworks) {
+    document.getElementById('frameworkBadges').innerHTML = meta.regulatoryFrameworks.map(f =>
+      `<span class="badge badge-blue" style="font-size:0.8em;padding:4px 14px">${f}</span>`
+    ).join('');
+  }
+
+  // Meta card
+  if (meta) {
+    document.getElementById('metaCard').innerHTML = `
+      <div style="display:grid;grid-template-columns:1fr 1fr;gap:8px;font-size:0.84em">
+        <div><strong style="color:var(--muted)">Classification:</strong> ${meta.classification}</div>
+        <div><strong style="color:var(--muted)">Applicability:</strong> ${meta.applicability}</div>
+        <div><strong style="color:var(--muted)">Authors:</strong> ${meta.authors?.join(', ')}</div>
+        <div><strong style="color:var(--muted)">Audience:</strong> ${meta.audience?.join(', ')}</div>
+      </div>`;
+  }
+
+  // Companion docs
+  if (meta?.companionDocuments) {
+    document.getElementById('companionDocs').innerHTML = meta.companionDocuments.map(d =>
+      `<div class="card" style="margin:0;padding:10px 14px;flex:0 0 auto"><span class="badge badge-gray">${d.ref}</span> <span style="font-size:0.82em;margin-left:6px">${d.title}</span></div>`
+    ).join('');
+  }
+
+  // Investment chart
+  const phases = [
+    { name: 'Ph 1: Foundation', value: 1.8, color: 'var(--l1)' },
+    { name: 'Ph 2: Infrastructure', value: 3.4, color: 'var(--l2)' },
+    { name: 'Ph 3: Operations', value: 4.8, color: 'var(--l3)' },
+    { name: 'Ph 4: Crisis & Hardening', value: 4.2, color: 'var(--l5)' }
+  ];
+  const maxVal = Math.max(...phases.map(p => p.value));
+  document.getElementById('investmentChart').innerHTML = phases.map(p =>
+    `<div style="flex:1;display:flex;flex-direction:column;align-items:center;gap:4px">
+      <div style="font-size:0.78em;font-weight:700;color:${p.color}">$${p.value}M</div>
+      <div style="width:100%;height:${(p.value/maxVal)*160}px;background:${p.color};border-radius:8px 8px 0 0;min-height:20px;opacity:0.85"></div>
+      <div style="font-size:0.65em;color:var(--muted);text-align:center;line-height:1.2">${p.name}</div>
+    </div>`
+  ).join('');
+
+  // Radar chart
+  renderRadarChart();
+}
+
+function renderRadarChart() {
+  const canvas = document.getElementById('layerRadar');
+  if (!canvas) return;
+  const ctx = canvas.getContext('2d');
+  const W = canvas.width, H = canvas.height;
+  const cx = W/2, cy = H/2 + 10, R = Math.min(W, H) * 0.35;
+  ctx.clearRect(0, 0, W, H);
+
+  const labels = ['L1 Board', 'L2 Policy', 'L3 Model', 'L4 Data', 'L5 DevOps', 'L6 Compute'];
+  const values = [0.94, 0.88, 0.89, 0.82, 0.92, 0.62]; // from KPI averages
+  const targets = [1, 1, 0.95, 0.95, 0.95, 1];
+  const n = labels.length;
+  const colors = ['#f59e0b','#3b82f6','#8b5cf6','#10b981','#ef4444','#06b6d4'];
+
+  // Grid
+  for (let ring = 0.25; ring <= 1; ring += 0.25) {
+    ctx.beginPath();
+    for (let i = 0; i <= n; i++) {
+      const a = (Math.PI * 2 * (i % n)) / n - Math.PI / 2;
+      const x = cx + R * ring * Math.cos(a);
+      const y = cy + R * ring * Math.sin(a);
+      i === 0 ? ctx.moveTo(x, y) : ctx.lineTo(x, y);
+    }
+    ctx.strokeStyle = 'rgba(30,41,59,0.8)';
+    ctx.stroke();
+  }
+
+  // Axes
+  for (let i = 0; i < n; i++) {
+    const a = (Math.PI * 2 * i) / n - Math.PI / 2;
+    ctx.beginPath();
+    ctx.moveTo(cx, cy);
+    ctx.lineTo(cx + R * Math.cos(a), cy + R * Math.sin(a));
+    ctx.strokeStyle = 'rgba(30,41,59,0.5)';
+    ctx.stroke();
+    // Label
+    const lx = cx + (R + 22) * Math.cos(a);
+    const ly = cy + (R + 22) * Math.sin(a);
+    ctx.fillStyle = colors[i];
+    ctx.font = 'bold 10px system-ui';
+    ctx.textAlign = 'center';
+    ctx.textBaseline = 'middle';
+    ctx.fillText(labels[i], lx, ly);
+  }
+
+  // Target polygon
+  ctx.beginPath();
+  for (let i = 0; i <= n; i++) {
+    const a = (Math.PI * 2 * (i % n)) / n - Math.PI / 2;
+    const x = cx + R * targets[i % n] * Math.cos(a);
+    const y = cy + R * targets[i % n] * Math.sin(a);
+    i === 0 ? ctx.moveTo(x, y) : ctx.lineTo(x, y);
+  }
+  ctx.strokeStyle = 'rgba(251,191,36,0.4)';
+  ctx.setLineDash([4, 4]);
+  ctx.stroke();
+  ctx.setLineDash([]);
+
+  // Value polygon
+  ctx.beginPath();
+  for (let i = 0; i <= n; i++) {
+    const a = (Math.PI * 2 * (i % n)) / n - Math.PI / 2;
+    const x = cx + R * values[i % n] * Math.cos(a);
+    const y = cy + R * values[i % n] * Math.sin(a);
+    i === 0 ? ctx.moveTo(x, y) : ctx.lineTo(x, y);
+  }
+  ctx.fillStyle = 'rgba(96,165,250,0.15)';
+  ctx.fill();
+  ctx.strokeStyle = 'rgba(96,165,250,0.8)';
+  ctx.lineWidth = 2;
+  ctx.stroke();
+
+  // Points
+  for (let i = 0; i < n; i++) {
+    const a = (Math.PI * 2 * i) / n - Math.PI / 2;
+    const x = cx + R * values[i] * Math.cos(a);
+    const y = cy + R * values[i] * Math.sin(a);
+    ctx.beginPath();
+    ctx.arc(x, y, 4, 0, Math.PI * 2);
+    ctx.fillStyle = colors[i];
+    ctx.fill();
+    ctx.strokeStyle = '#0a0e1a';
+    ctx.lineWidth = 2;
+    ctx.stroke();
+  }
+
+  // Legend
+  ctx.font = '9px system-ui';
+  ctx.fillStyle = '#94a3b8';
+  ctx.textAlign = 'left';
+  ctx.fillText('-- Target    -- Current', cx - 50, H - 8);
+}
+
+// ── Six-Layer Model ──────────────────────────────────────────
+async function renderSixLayer() {
+  const data = await fetchJSON(`${API}/six-layer-model`);
+  if (!data) return;
+
+  document.getElementById('sixLayerPrinciple').textContent = data.designPrinciple;
+
+  const colorMap = { L1: 'l1', L2: 'l2', L3: 'l3', L4: 'l4', L5: 'l5', L6: 'l6' };
+
+  // Layer stack
+  document.getElementById('layerStack').innerHTML = data.layers.map(l => {
+    const c = colorMap[l.id];
+    return `<div class="layer-row ${c}-bg" onclick="showLayerDetail('${l.id}')" style="border-left:4px solid var(--${c})">
+      <div class="layer-id ${c}-color">${l.id}</div>
+      <div><div class="layer-name ${c}-color">${l.name}</div><div class="layer-owner">${l.owner}</div></div>
+      <div class="layer-function">${l.function}</div>
+      <div style="display:flex;flex-wrap:wrap;gap:3px">${l.controls.slice(0,3).map(ctrl => `<span class="badge badge-gray" style="font-size:0.65em">${ctrl.length > 40 ? ctrl.slice(0,37)+'...' : ctrl}</span>`).join('')}</div>
+      <div class="layer-3lod" style="background:rgba(30,41,59,0.6);color:var(--${c})">${l.threeLines}</div>
+    </div>`;
+  }).join('');
+
+  // Regulatory map table
+  const regMap = await fetchJSON(`${API}/six-layer-model/regulatory-map`);
+  if (regMap) {
+    const fws = Object.keys(regMap[0].regulatoryMapping);
+    document.getElementById('regMapTable').innerHTML = `<table><thead><tr><th>Layer</th>${fws.map(f => `<th>${f}</th>`).join('')}</tr></thead><tbody>${
+      regMap.map(l => `<tr><td><span class="badge badge-blue">${l.layer}</span> ${l.name}</td>${fws.map(f => `<td class="crosswalk-cell">${l.regulatoryMapping[f] || '<span class="na">N/A</span>'}</td>`).join('')}</tr>`).join('')
+    }</tbody></table>`;
+  }
+
+  // KPI table
+  const kpiData = await fetchJSON(`${API}/six-layer-model/kpi-summary`);
+  if (kpiData) {
+    document.getElementById('kpiTable').innerHTML = `<table><thead><tr><th>Layer</th><th>KPI</th><th>Target</th><th>Current</th><th>Status</th></tr></thead><tbody>${
+      kpiData.kpis.map(k => {
+        const status = k.current >= k.target ? 'green' : (parseFloat(k.current) >= parseFloat(k.target) * 0.9 ? 'gold' : 'red');
+        return `<tr><td><span class="badge badge-blue">${k.layer}</span> ${k.layerName}</td><td>${k.kpi}</td><td>${k.target}</td><td>${k.current}</td><td><span class="badge badge-${status}">${status === 'green' ? 'On Track' : status === 'gold' ? 'Near' : 'Gap'}</span></td></tr>`;
+      }).join('')
+    }</tbody></table>`;
+  }
+}
+
+window.showLayerDetail = async function(id) {
+  const layer = await fetchJSON(`${API}/six-layer-model/layers/${id}`);
+  if (!layer) return;
+  const el = document.getElementById('layerDetail');
+  el.style.display = 'block';
+  el.innerHTML = `
+    <h4 style="color:var(--${id.toLowerCase() === 'l1' ? 'l1' : id.toLowerCase() === 'l2' ? 'l2' : id.toLowerCase() === 'l3' ? 'l3' : id.toLowerCase() === 'l4' ? 'l4' : id.toLowerCase() === 'l5' ? 'l5' : 'l6'})">${layer.id}: ${layer.name}</h4>
+    <p style="font-size:0.84em;color:var(--muted);margin-bottom:12px">${layer.function}</p>
+    <div class="col-2">
+      <div>
+        <h4>Controls</h4>
+        <ul style="font-size:0.82em;padding-left:18px;color:#cbd5e1">${layer.controls.map(c => `<li style="margin:4px 0">${c}</li>`).join('')}</ul>
+      </div>
+      <div>
+        <h4>Key Roles</h4>
+        <div style="display:flex;flex-wrap:wrap;gap:4px">${layer.keyRoles.map(r => `<span class="badge badge-blue">${r}</span>`).join('')}</div>
+        <h4 style="margin-top:14px">Evidence Artifacts</h4>
+        <div style="display:flex;flex-wrap:wrap;gap:4px">${layer.artifacts.map(a => `<span class="badge badge-green">${a}</span>`).join('')}</div>
+        <h4 style="margin-top:14px">Maturity Target</h4>
+        <span class="badge badge-gold">${layer.maturityTarget}</span>
+      </div>
+    </div>
+    <h4 style="margin-top:16px">KPIs</h4>
+    <table><thead><tr><th>KPI</th><th>Target</th><th>Current</th></tr></thead><tbody>${
+      layer.kpis.map(k => `<tr><td>${k.kpi}</td><td>${k.target}</td><td>${k.current}</td></tr>`).join('')
+    }</tbody></table>`;
+  el.scrollIntoView({ behavior: 'smooth', block: 'nearest' });
+};
+
+// ── Three Lines of Defense ───────────────────────────────────
+async function render3LoD() {
+  const data = await fetchJSON(`${API}/three-lines`);
+  if (!data) return;
+  document.getElementById('lodModel').textContent = data.model;
+
+  const lineColors = ['var(--green)', 'var(--blue)', 'var(--purple)'];
+  document.getElementById('lodContainer').innerHTML = data.lines.map((line, i) => `
+    <div class="lod-card" style="border-top:3px solid ${lineColors[i]}">
+      <h4 style="color:${lineColors[i]}">${line.line}: ${line.name}</h4>
+      <p style="font-size:0.82em;color:var(--muted);margin-bottom:10px">${line.function}</p>
+      ${line.roles.map(r => `
+        <div class="lod-role" style="border-left-color:${lineColors[i]}">
+          <div class="role-title">${r.title}</div>
+          <div class="role-detail">${r.responsibility || r.responsibilities?.join('; ') || ''}</div>
+          ${r.count ? `<div class="role-detail" style="color:var(--gold)">Staffing: ${r.count}</div>` : ''}
+          ${r.reportsTo ? `<div class="role-detail">Reports to: ${r.reportsTo}</div>` : ''}
+          ${r.team ? `<div class="role-detail">Team: ${r.team}</div>` : ''}
+        </div>
+      `).join('')}
+      <h4 style="margin-top:12px;font-size:0.82em">Accountabilities</h4>
+      <ul style="font-size:0.78em;padding-left:16px;color:var(--muted)">${line.accountabilities.map(a => `<li>${a}</li>`).join('')}</ul>
+    </div>
+  `).join('');
+
+  // CAIGO Profile
+  const caigo = await fetchJSON(`${API}/three-lines/caigo`);
+  if (caigo) {
+    document.getElementById('caigoProfile').innerHTML = `
+      <div class="col-2">
+        <div>
+          <h4 style="color:var(--gold)">${caigo.title}</h4>
+          <p style="font-size:0.84em;margin:8px 0">${caigo.responsibility}</p>
+          <div style="font-size:0.82em"><strong>Reports To:</strong> ${caigo.reportsTo}</div>
+          <div style="font-size:0.82em"><strong>Budget:</strong> <span style="color:var(--green)">${caigo.budget}</span></div>
+          <div style="font-size:0.82em"><strong>Direct Reports:</strong> ${caigo.directReports}</div>
+        </div>
+        <div>
+          <h4>Key Authorities</h4>
+          <ul style="font-size:0.82em;padding-left:16px">${caigo.keyAuthorities.map(a => `<li style="margin:4px 0;color:var(--gold)">${a}</li>`).join('')}</ul>
+        </div>
+      </div>`;
+  }
+
+  // Risk Committee
+  const rc = await fetchJSON(`${API}/three-lines/ai-risk-committee`);
+  if (rc) {
+    document.getElementById('riskCommittee').innerHTML = `
+      <h4>AI Risk Committee</h4>
+      <div style="font-size:0.84em;margin:6px 0"><strong>Chair:</strong> ${rc.chair} | <strong>Cadence:</strong> ${rc.cadence}</div>
+      <div style="display:flex;flex-wrap:wrap;gap:4px;margin:8px 0">${rc.members.map(m => `<span class="badge badge-blue">${m}</span>`).join('')}</div>
+      <h4 style="margin-top:12px">Responsibilities</h4>
+      <ul style="font-size:0.82em;padding-left:16px;color:#cbd5e1">${rc.responsibilities.map(r => `<li>${r}</li>`).join('')}</ul>`;
+  }
+
+  // Specialized offices
+  const [ethics, mrm, dg, cg] = await Promise.all([
+    fetchJSON(`${API}/three-lines/ethics-office`),
+    fetchJSON(`${API}/three-lines/mrm`),
+    fetchJSON(`${API}/three-lines/data-governance`),
+  ]);
+  const offices = [ethics, mrm, dg].filter(Boolean);
+  document.getElementById('govOffices').innerHTML = offices.map(o => `
+    <div class="card">
+      <h4>${o.title || o.head || 'Office'}</h4>
+      ${o.head ? `<div style="font-size:0.82em"><strong>Head:</strong> ${o.head}</div>` : ''}
+      ${o.reportsTo ? `<div style="font-size:0.82em"><strong>Reports To:</strong> ${o.reportsTo}</div>` : ''}
+      ${o.team ? `<div style="font-size:0.82em"><strong>Team:</strong> ${o.team}</div>` : ''}
+      <h4 style="margin-top:10px;font-size:0.82em">Responsibilities</h4>
+      <ul style="font-size:0.78em;padding-left:16px;color:var(--muted)">${(o.responsibilities || []).map(r => `<li>${r}</li>`).join('')}</ul>
+    </div>
+  `).join('');
+}
+
+// ── Governance Stack ─────────────────────────────────────────
+async function renderStack() {
+  const data = await fetchJSON(`${API}/governance-stack`);
+  if (!data) return;
+  document.getElementById('stackPrinciple').textContent = data.designPrinciple;
+
+  document.getElementById('stackGrid').innerHTML = data.components.map(c => `
+    <div class="card" style="border-left:3px solid var(--blue)">
+      <div style="display:flex;justify-content:space-between;align-items:start">
+        <h4>${c.id}: ${c.name}</h4>
+        <span class="badge badge-blue">${c.layer}</span>
+      </div>
+      <p style="font-size:0.82em;color:var(--muted);margin:6px 0">${c.description}</p>
+      ${c.technology ? `<div style="font-size:0.78em;margin:4px 0"><strong style="color:var(--dim)">Tech:</strong> ${c.technology}</div>` : ''}
+      <div style="display:flex;flex-wrap:wrap;gap:3px;margin:6px 0">${(c.regulatory || []).map(r => `<span class="badge badge-purple" style="font-size:0.65em">${r}</span>`).join('')}</div>
+      <div style="font-size:0.76em;margin-top:6px">
+        <span class="badge badge-gray">Current: ${c.currentMaturity}</span>
+        <span class="badge badge-green" style="margin-left:4px">Target: ${c.targetMaturity}</span>
+      </div>
+    </div>
+  `).join('');
+
+  // Maturity overview
+  document.getElementById('stackMaturity').innerHTML = `<table><thead><tr><th>Component</th><th>Current</th><th>Target</th><th>Gap</th></tr></thead><tbody>${
+    data.components.map(c => {
+      const curr = parseInt(c.currentMaturity.match(/\d/)?.[0] || 0);
+      const tgt = parseInt(c.targetMaturity.match(/\d/)?.[0] || 0);
+      const gap = tgt - curr;
+      return `<tr><td>${c.id}: ${c.name}</td><td><span class="badge badge-blue">Level ${curr}</span></td><td><span class="badge badge-green">Level ${tgt}</span></td><td>${gap > 0 ? `<span class="badge badge-gold">+${gap}</span>` : '<span class="badge badge-green">Met</span>'}</td></tr>`;
+    }).join('')
+  }</tbody></table>`;
+}
+
+// ── Regulatory Crosswalk ────────────────────────────────────
+async function renderCrosswalk() {
+  const data = await fetchJSON(`${API}/crosswalk`);
+  if (!data) return;
+  document.getElementById('crosswalkPurpose').textContent = data.purpose;
+  document.getElementById('cwControls').textContent = data.totalControls;
+  document.getElementById('cwMappings').textContent = data.totalMappings;
+  document.getElementById('cwFrameworks').textContent = data.frameworks.length;
+
+  // Full crosswalk matrix
+  document.getElementById('crosswalkTable').innerHTML = `<table><thead><tr><th style="min-width:100px">ID</th><th style="min-width:160px">Control</th><th>EU AI Act</th><th>NIST RMF</th><th>ISO 42001</th><th>SR 11-7</th><th>GDPR</th><th>FCRA/ECOA</th></tr></thead><tbody>${
+    data.controls.map(c => `<tr>
+      <td><span class="badge badge-blue">${c.id}</span></td>
+      <td style="font-weight:600">${c.control}</td>
+      <td class="crosswalk-cell">${c.euAiAct}</td>
+      <td class="crosswalk-cell">${c.nistRmf}</td>
+      <td class="crosswalk-cell">${c.iso42001}</td>
+      <td class="crosswalk-cell">${c.sr117}</td>
+      <td class="crosswalk-cell">${c.gdpr}</td>
+      <td class="crosswalk-cell ${c.fcraEcoa === 'N/A' ? 'na' : ''}">${c.fcraEcoa}</td>
+    </tr>`).join('')
+  }</tbody></table>`;
+
+  // Evidence table
+  const evidence = await fetchJSON(`${API}/crosswalk/evidence`);
+  if (evidence) {
+    document.getElementById('evidenceTable').innerHTML = `<table><thead><tr><th>Control</th><th>Evidence Artifacts</th><th>Likely Auditor Question</th></tr></thead><tbody>${
+      evidence.evidence.map(e => `<tr>
+        <td><span class="badge badge-blue">${e.controlId}</span> ${e.control}</td>
+        <td>${e.evidence.map(a => `<span class="badge badge-green" style="font-size:0.7em;margin:2px">${a}</span>`).join('')}</td>
+        <td style="font-size:0.78em;font-style:italic;color:var(--gold)">"${e.auditorQuestion}"</td>
+      </tr>`).join('')
+    }</tbody></table>`;
+  }
+}
+
+// ── CI/CD Gates ─────────────────────────────────────────────
+async function renderCICD() {
+  const data = await fetchJSON(`${API}/cicd-gates`);
+  if (!data) return;
+
+  // Pipeline viz
+  let html = '';
+  data.gates.forEach((g, i) => {
+    const cls = g.humanApproval ? 'human' : 'auto';
+    html += `<div class="gate ${cls}">
+      <div class="gate-num" style="color:${g.humanApproval ? 'var(--gold)' : 'var(--green)'}">${g.gate}</div>
+      <div class="gate-name">${g.name}</div>
+      <div class="gate-type"><span class="badge ${g.humanApproval ? 'badge-gold' : 'badge-green'}">${g.humanApproval ? 'Human Approval' : 'Automated'}</span></div>
+    </div>`;
+    if (i < data.gates.length - 1) html += `<div class="gate-arrow">&#x2192;</div>`;
+  });
+  document.getElementById('pipelineViz').innerHTML = html;
+
+  // Gate detail table
+  document.getElementById('gateTable').innerHTML = `<table><thead><tr><th>#</th><th>Gate Name</th><th>Tool</th><th>Type</th><th>Blocks On</th></tr></thead><tbody>${
+    data.gates.map(g => `<tr>
+      <td style="font-weight:700;font-size:1.1em">${g.gate}</td>
+      <td style="font-weight:600">${g.name}</td>
+      <td style="font-size:0.78em">${g.tool}</td>
+      <td><span class="badge ${g.humanApproval ? 'badge-gold' : 'badge-green'}">${g.humanApproval ? 'Human' : 'Auto'}</span></td>
+      <td style="font-size:0.78em;color:var(--red)">${g.blocksOn}</td>
+    </tr>`).join('')
+  }</tbody></table>`;
+}
+
+// ── Escalation Thresholds ───────────────────────────────────
+async function renderEscalation() {
+  const data = await fetchJSON(`${API}/escalation-thresholds`);
+  if (!data) return;
+
+  const sevColors = { 'SEV-1': 'badge-red', 'SEV-2': 'badge-gold' };
+  document.getElementById('escalationCards').innerHTML = data.thresholds.map(t => `
+    <div class="card" style="border-left:4px solid ${t.severity === 'SEV-1' ? 'var(--red)' : 'var(--gold)'}">
+      <div style="display:flex;justify-content:space-between;align-items:center">
+        <h4>${t.trigger}</h4>
+        <span class="badge ${sevColors[t.severity] || 'badge-gray'}">${t.severity}</span>
+      </div>
+      <div style="font-size:0.84em;color:var(--muted);margin:8px 0"><strong>Metric:</strong> ${t.metric}</div>
+      <div class="col-3" style="margin-top:8px;font-size:0.82em">
+        <div><strong style="color:var(--dim)">Escalation:</strong><br>${t.escalation}</div>
+        <div><strong style="color:var(--dim)">SLA:</strong><br><span style="color:var(--gold)">${t.sla}</span></div>
+        <div><strong style="color:var(--dim)">Auto Action:</strong><br><span style="color:var(--green)">${t.autoAction}</span></div>
+      </div>
+    </div>
+  `).join('');
+}
+
+// ── Data Governance Fields ──────────────────────────────────
+async function renderDataGov() {
+  const data = await fetchJSON(`${API}/data-governance-fields`);
+  if (!data) return;
+  document.getElementById('dgTotal').textContent = data.totalFields;
+  document.getElementById('dgRequired').textContent = data.requiredFields;
+
+  document.getElementById('dgTable').innerHTML = `<table><thead><tr><th>Field</th><th>Type</th><th>Required</th><th>Description</th></tr></thead><tbody>${
+    data.fields.map(f => `<tr>
+      <td><code style="color:var(--cyan);font-size:0.9em">${f.field}</code></td>
+      <td><span class="badge badge-gray">${f.type}</span></td>
+      <td><span class="badge ${f.required ? 'badge-red' : 'badge-gray'}">${f.required ? 'REQUIRED' : 'Optional'}</span></td>
+      <td style="font-size:0.8em">${f.description}</td>
+    </tr>`).join('')
+  }</tbody></table>`;
+}
+
+// ── 90-Day MVP Roadmap ──────────────────────────────────────
+async function renderRoadmap() {
+  const data = await fetchJSON(`${API}/mvp-roadmap`);
+  if (!data) return;
+  document.getElementById('mvpInvest').textContent = '$14.2M';
+  document.getElementById('mvpTeam').textContent = data.teamSize || '25-35';
+
+  // Timeline
+  document.getElementById('roadmapTimeline').innerHTML = data.phases.map((p, i) => `
+    <div class="timeline-item ${i === 0 ? 'active' : ''}">
+      <div class="phase-header">
+        <div class="phase-name">${p.phase}</div>
+        <div>
+          <span class="badge badge-blue">${p.duration}</span>
+          <span class="badge badge-gold" style="margin-left:4px">${p.investment}</span>
+        </div>
+      </div>
+      <p style="font-size:0.84em;color:var(--muted);margin-bottom:10px">${p.objective}</p>
+      <div class="ws-list">
+        ${p.workstreams ? p.workstreams.map(ws => `
+          <div class="ws-item">
+            <div class="ws-name"><span class="badge badge-gray" style="font-size:0.8em">${ws.ws}</span> ${ws.name}</div>
+            <div style="font-size:0.78em;color:var(--muted);margin-top:2px">Owner: ${ws.owner}</div>
+            <div class="ws-milestone">Milestone: ${ws.milestone}</div>
+          </div>
+        `).join('') : ''}
+        ${p.crisisSimulations ? p.crisisSimulations.map(s => `
+          <div class="ws-item" style="border-left:2px solid var(--red)">
+            <div class="ws-name">${s.name}</div>
+            <div style="font-size:0.78em;color:var(--muted)">${s.duration}</div>
+          </div>
+        `).join('') : ''}
+      </div>
+    </div>
+  `).join('');
+
+  // Go/No-Go gates
+  const gates = await fetchJSON(`${API}/mvp-roadmap/gates`);
+  if (gates) {
+    document.getElementById('gatesTable').innerHTML = `<table><thead><tr><th>Gate</th><th>Criteria</th><th>Decision Authority</th></tr></thead><tbody>${
+      gates.map(g => `<tr>
+        <td style="font-weight:700;color:var(--gold)">${g.gate}</td>
+        <td><ul style="padding-left:16px;font-size:0.82em">${g.criteria.map(c => `<li>${c}</li>`).join('')}</ul></td>
+        <td><span class="badge badge-purple">${g.decisionAuthority}</span></td>
+      </tr>`).join('')
+    }</tbody></table>`;
+  }
+}
+
+// ── Crisis Simulations ──────────────────────────────────────
+async function renderCrisis() {
+  const data = await fetchJSON(`${API}/mvp-roadmap/crisis-simulations`);
+  if (!data) return;
+
+  const simClasses = ['trading', 'hallucination', 'adversarial'];
+  document.getElementById('crisisContainer').innerHTML = data.simulations.map((s, i) => `
+    <div class="crisis-card ${simClasses[i] || ''}">
+      <div style="display:flex;justify-content:space-between;align-items:center">
+        <div class="crisis-title" style="color:${['var(--red)','var(--gold)','var(--purple)'][i]}">${s.id}: ${s.name}</div>
+        <span class="badge badge-gray">${s.duration}</span>
+      </div>
+      <div class="scenario">${s.scenario}</div>
+      <div class="col-2" style="margin-top:12px">
+        <div>
+          <h4 style="font-size:0.82em">Objectives</h4>
+          <ul style="font-size:0.78em;padding-left:16px;color:#cbd5e1">${s.objectives.map(o => `<li style="margin:3px 0">${o}</li>`).join('')}</ul>
+        </div>
+        <div>
+          <h4 style="font-size:0.82em">Participants</h4>
+          <div style="display:flex;flex-wrap:wrap;gap:3px">${s.participants.map(p => `<span class="badge badge-blue" style="font-size:0.72em">${p}</span>`).join('')}</div>
+          <h4 style="font-size:0.82em;margin-top:10px">Success Criteria</h4>
+          <ul style="font-size:0.78em;padding-left:16px;color:var(--green)">${s.successCriteria.map(c => `<li style="margin:3px 0">${c}</li>`).join('')}</ul>
+        </div>
+      </div>
+    </div>
+  `).join('');
+
+  // Hardening actions
+  document.getElementById('hardeningActions').innerHTML = `<div class="card"><ul style="padding-left:18px;font-size:0.84em">${
+    data.hardeningActions.map(a => `<li style="margin:6px 0">${a}</li>`).join('')
+  }</ul></div>`;
+}
+
+// ── Board Deliverables ──────────────────────────────────────
+async function renderBoard() {
+  const [rec, pkg] = await Promise.all([
+    fetchJSON(`${API}/board-deliverables/recommendation`),
+    fetchJSON(`${API}/board-deliverables/package`)
+  ]);
+
+  // Recommendation
+  if (rec) {
+    document.getElementById('recommendation').innerHTML = `
+      <div style="font-size:1.1em;font-weight:800;color:var(--gold);margin-bottom:12px">${rec.recommendation}</div>
+      <ul style="font-size:0.84em;padding-left:18px;color:#cbd5e1">${rec.rationale.map(r => `<li style="margin:6px 0">${r}</li>`).join('')}</ul>`;
+
+    // Sequencing
+    document.getElementById('sequencingTable').innerHTML = `<table><thead><tr><th>Order</th><th>Artifact</th><th>Timeline</th><th>Rationale</th></tr></thead><tbody>${
+      rec.sequencing.map(s => `<tr>
+        <td style="font-size:1.3em;font-weight:800;color:var(--gold);text-align:center">${s.order}</td>
+        <td style="font-weight:600">${s.artifact}</td>
+        <td><span class="badge badge-blue">${s.timeline}</span></td>
+        <td style="font-size:0.82em;color:var(--muted)">${s.reason}</td>
+      </tr>`).join('')
+    }</tbody></table>`;
+  }
+
+  // Board package
+  if (pkg) {
+    // Architecture slide preview
+    const layers = await fetchJSON(`${API}/six-layer-model/layers`);
+    if (layers) {
+      const colorVars = ['var(--l1)','var(--l2)','var(--l3)','var(--l4)','var(--l5)','var(--l6)'];
+      document.getElementById('slidePreview').innerHTML = `
+        <div style="text-align:center;font-size:0.95em;font-weight:800;color:var(--blue);margin-bottom:12px">Enterprise AI Governance — Six-Layer Defense-in-Depth Architecture</div>
+        <div class="slide-grid">
+          <div class="slide-col" style="gap:4px">
+            <div style="font-size:0.68em;font-weight:700;color:var(--muted);text-align:center;margin-bottom:4px">LAYER</div>
+            ${layers.map((l, i) => `<div class="slide-layer" style="border-color:${colorVars[i]};background:rgba(0,0,0,0.3)">
+              <span style="color:${colorVars[i]};font-weight:800">${l.id}</span>
+              <span style="font-size:0.72em;color:var(--text);margin-left:4px">${l.name}</span>
+            </div>`).join('')}
+          </div>
+          <div class="slide-col" style="gap:4px">
+            <div style="font-size:0.68em;font-weight:700;color:var(--muted);text-align:center;margin-bottom:4px">KEY CONTROLS</div>
+            ${layers.map((l, i) => `<div class="slide-layer" style="border-color:rgba(30,41,59,0.6);font-size:0.62em;color:var(--muted);line-height:1.3">
+              ${l.controls.slice(0,2).map(c => c.length > 50 ? c.slice(0,47)+'...' : c).join(' | ')}
+            </div>`).join('')}
+          </div>
+          <div class="slide-col" style="gap:4px">
+            <div style="font-size:0.68em;font-weight:700;color:var(--muted);text-align:center;margin-bottom:4px">OWNERSHIP (3LoD)</div>
+            ${layers.map((l, i) => `<div class="slide-layer" style="border-color:rgba(30,41,59,0.6)">
+              <span style="font-size:0.62em;color:${colorVars[i]}">${l.owner.length > 35 ? l.owner.slice(0,32)+'...' : l.owner}</span>
+              <br><span style="font-size:0.58em;color:var(--dim)">${l.threeLines}</span>
+            </div>`).join('')}
+          </div>
+        </div>
+        <div style="display:flex;justify-content:space-between;margin-top:auto;font-size:0.6em;color:var(--dim);border-top:1px solid var(--border);padding-top:6px">
+          <span>GSIFI-REFARCH-WP-024 v1.0.0 | CONFIDENTIAL</span>
+          <span>42 API Endpoints | 186 Controls | 847 Mappings</span>
+          <span>$14.2M Year-1 | IRR 42.1% | Payback 2.1yr</span>
+        </div>`;
+    }
+
+    // Executive briefing
+    const comp2 = pkg.components.find(c => c.id === 'BP-02');
+    if (comp2) {
+      document.getElementById('execBriefing').innerHTML = `
+        <div class="briefing-header">AI Governance for AGI-Capable Systems: Board Risk Committee Briefing</div>
+        ${comp2.sections.map(s => `
+          <div class="briefing-section">
+            <div class="title">${s.section} <span style="font-size:0.8em;color:var(--dim)">(~${s.words} words)</span></div>
+            <div class="content">${s.content}</div>
+          </div>
+        `).join('')}
+        <div style="text-align:center;margin-top:16px;padding-top:12px;border-top:1px solid var(--border)">
+          <span style="font-size:0.84em;font-weight:700;color:var(--gold)">DECISION REQUESTED:</span>
+          <span style="font-size:0.84em;color:var(--text);margin-left:8px">The Board is asked to <strong>APPROVE</strong> the six-layer governance architecture, <strong>FUND</strong> the 90-day MVP ($14.2M), and <strong>APPOINT</strong> the CAIGO.</span>
+        </div>`;
+    }
+
+    // Annex guidance
+    const comp3 = pkg.components.find(c => c.id === 'BP-03');
+    if (comp3) {
+      document.getElementById('annexGuidance').innerHTML = `
+        <h4>${comp3.name}</h4>
+        <div style="font-size:0.82em;color:var(--muted);margin-bottom:10px">Format: ${comp3.format}</div>
+        <div class="col-2">
+          <div>
+            <h4 style="font-size:0.85em">Sections</h4>
+            ${comp3.sections.map(s => `<div style="margin:6px 0;padding:8px;background:rgba(30,41,59,0.4);border-radius:6px">
+              <div style="font-size:0.82em;font-weight:600;color:var(--blue)">${s.section}</div>
+              <div style="font-size:0.78em;color:var(--muted)">${s.content}</div>
+            </div>`).join('')}
+          </div>
+          <div>
+            <h4 style="font-size:0.85em">Design Principles</h4>
+            <ul style="font-size:0.82em;padding-left:16px;color:#cbd5e1">${comp3.designPrinciples.map(p => `<li style="margin:4px 0">${p}</li>`).join('')}</ul>
+          </div>
+        </div>`;
+    }
+
+    // Design principles for all 3 components
+    document.getElementById('designPrinciples').innerHTML = pkg.components.map(c => `
+      <div class="card">
+        <h4 style="font-size:0.82em;color:var(--gold)">${c.id}: ${c.name}</h4>
+        <div style="font-size:0.78em;color:var(--dim);margin-bottom:6px">${c.format}</div>
+        <ul style="font-size:0.78em;padding-left:14px;color:#cbd5e1">${c.designPrinciples.map(p => `<li style="margin:3px 0">${p}</li>`).join('')}</ul>
+      </div>
+    `).join('');
+  }
+}
+
+// ── API Explorer ────────────────────────────────────────────
+async function renderAPI() {
+  const endpoints = [
+    { group: 'Core', paths: ['/api/gsifi-refarch', '/api/gsifi-refarch/meta', '/api/gsifi-refarch/dashboard', '/api/gsifi-refarch/metrics'] },
+    { group: 'Six-Layer Model', paths: ['/api/gsifi-refarch/six-layer-model', '/api/gsifi-refarch/six-layer-model/layers', '/api/gsifi-refarch/six-layer-model/layers/L1', '/api/gsifi-refarch/six-layer-model/layers/L1/controls', '/api/gsifi-refarch/six-layer-model/layers/L1/kpis', '/api/gsifi-refarch/six-layer-model/regulatory-map', '/api/gsifi-refarch/six-layer-model/kpi-summary'] },
+    { group: 'Three Lines of Defense', paths: ['/api/gsifi-refarch/three-lines', '/api/gsifi-refarch/three-lines/lines', '/api/gsifi-refarch/three-lines/lines/1', '/api/gsifi-refarch/three-lines/caigo', '/api/gsifi-refarch/three-lines/ai-risk-committee', '/api/gsifi-refarch/three-lines/ethics-office', '/api/gsifi-refarch/three-lines/mrm', '/api/gsifi-refarch/three-lines/data-governance', '/api/gsifi-refarch/three-lines/compute-governance'] },
+    { group: 'Governance Stack', paths: ['/api/gsifi-refarch/governance-stack', '/api/gsifi-refarch/governance-stack/components', '/api/gsifi-refarch/governance-stack/components/GS-01'] },
+    { group: 'Regulatory Crosswalk', paths: ['/api/gsifi-refarch/crosswalk', '/api/gsifi-refarch/crosswalk/controls', '/api/gsifi-refarch/crosswalk/controls/CTRL-001', '/api/gsifi-refarch/crosswalk/by-framework/eu-ai-act', '/api/gsifi-refarch/crosswalk/by-framework/nist', '/api/gsifi-refarch/crosswalk/by-framework/sr117', '/api/gsifi-refarch/crosswalk/evidence'] },
+    { group: 'Operational', paths: ['/api/gsifi-refarch/cicd-gates', '/api/gsifi-refarch/escalation-thresholds', '/api/gsifi-refarch/data-governance-fields'] },
+    { group: 'Board Deliverables', paths: ['/api/gsifi-refarch/board-deliverables', '/api/gsifi-refarch/board-deliverables/recommendation', '/api/gsifi-refarch/board-deliverables/package', '/api/gsifi-refarch/board-deliverables/package/BP-01', '/api/gsifi-refarch/board-deliverables/package/BP-02', '/api/gsifi-refarch/board-deliverables/package/BP-03'] },
+    { group: '90-Day Roadmap', paths: ['/api/gsifi-refarch/mvp-roadmap', '/api/gsifi-refarch/mvp-roadmap/phases', '/api/gsifi-refarch/mvp-roadmap/phases/1', '/api/gsifi-refarch/mvp-roadmap/crisis-simulations', '/api/gsifi-refarch/mvp-roadmap/crisis-simulations/CRISIS-01', '/api/gsifi-refarch/mvp-roadmap/gates'] }
+  ];
+
+  document.getElementById('apiCatalog').innerHTML = endpoints.map(g => `
+    <div style="margin-bottom:16px">
+      <h4 style="color:var(--gold);font-size:0.82em;margin-bottom:6px">${g.group}</h4>
+      <div style="display:flex;flex-wrap:wrap;gap:4px">${g.paths.map(p => `<a href="#" onclick="inspectAPI('${p}');return false;" class="badge badge-blue" style="cursor:pointer;text-decoration:none;font-size:0.75em">${p}</a>`).join('')}</div>
+    </div>
+  `).join('');
+}
+
+window.inspectAPI = async function(path) {
+  const el = document.getElementById('apiResponse');
+  el.textContent = `Loading ${path}...`;
+  try {
+    const r = await fetch(path);
+    const data = await r.json();
+    el.textContent = JSON.stringify(data, null, 2);
+  } catch(e) {
+    el.textContent = `Error: ${e.message}`;
+  }
+};
+
+// ═══════════════════════════════════════════════════════════════
+// INITIALIZATION
+// ═══════════════════════════════════════════════════════════════
+async function init() {
+  console.log('[GSIFI-REFARCH] Loading dashboard...');
+  const t0 = performance.now();
+
+  await Promise.all([
+    renderOverview(),
+    renderSixLayer(),
+    render3LoD(),
+    renderStack(),
+    renderCrosswalk(),
+    renderCICD(),
+    renderEscalation(),
+    renderDataGov(),
+    renderRoadmap(),
+    renderCrisis(),
+    renderBoard(),
+    renderAPI()
+  ]);
+
+  const elapsed = ((performance.now() - t0) / 1000).toFixed(2);
+  console.log(`[GSIFI-REFARCH] Dashboard loaded in ${elapsed}s — 42 endpoints across 8 domains`);
+}
+
+init();
+</script>
+</body>
+</html>
diff --git a/rag-agentic-dashboard/server.js b/rag-agentic-dashboard/server.js
index 4d3781c..79a1bc4 100644
--- a/rag-agentic-dashboard/server.js
+++ b/rag-agentic-dashboard/server.js
@@ -12525,7 +12525,8 @@ app.get('/api/governance-index', (_, res) => res.json({
       modules: [
         { name: 'Practitioner Master Reference', api: '/api/practitioner-master-reference', dashboard: '/practitioner-master-reference.html', docRef: 'PMREF-GSIFI-WP-015', endpoints: 50 },
         { name: 'AGI Governance Master Blueprint', api: '/api/agi-governance-master-blueprint', dashboard: '/agi-governance-master-blueprint.html', docRef: 'AGMB-GSIFI-WP-016', endpoints: 39 },
-        { name: 'Governance Architectures & Frameworks', api: '/api/governance-architectures-frameworks', dashboard: '/governance-architectures-frameworks.html', docRef: 'GAF-GSIFI-WP-017', endpoints: 57 }
+        { name: 'Governance Architectures & Frameworks', api: '/api/governance-architectures-frameworks', dashboard: '/governance-architectures-frameworks.html', docRef: 'GAF-GSIFI-WP-017', endpoints: 57 },
+        { name: 'Six-Layer G-SIFI Reference Architecture', api: '/api/gsifi-refarch', dashboard: '/six-layer-governance.html', docRef: 'GSIFI-REFARCH-WP-024', endpoints: 42 }
       ],
       keyEndpoints: [
         '/api/practitioner-master-reference/governance-layers',
@@ -12709,8 +12710,8 @@ app.get('/api/governance-index', (_, res) => res.json({
     { ref: 'GAF-GSIFI-WP-017', title: 'AGI/ASI Governance Architectures & Frameworks', path: '/docs/reports/AGI_ASI_GOVERNANCE_ARCHITECTURES_FRAMEWORKS.md' }
   ],
   dashboards: {
-    count: 35,
-    governance: ['/governance-index.html', '/practitioner-master-reference.html', '/agi-governance-master-blueprint.html', '/kafka-acl-governance.html', '/governance-architectures-frameworks.html', '/gsifi-governance.html', '/gsifi-practitioner-guide.html'],
+    count: 36,
+    governance: ['/governance-index.html', '/practitioner-master-reference.html', '/agi-governance-master-blueprint.html', '/kafka-acl-governance.html', '/governance-architectures-frameworks.html', '/gsifi-governance.html', '/gsifi-practitioner-guide.html', '/six-layer-governance.html'],
     strategy: ['/enterprise-ai-strategy-g2k.html', '/master-reference.html', '/unified-master-reference.html', '/ai-strategy-report.html'],
     safety: ['/agi-governance.html', '/asi-preparedness.html', '/agi-governance-unified.html'],
     platform: ['/index.html', '/eaip-specification.html', '/ciso-roadmap.html', '/ciso-report.html'],
@@ -15094,6 +15095,102 @@ app.get('/api/master-ref/appendices/templates', (_, res) => res.json(MASTER_REF.
 app.get('/api/master-ref/appendices/checklists', (_, res) => res.json(MASTER_REF.appendices.checklists));
 app.get('/api/master-ref/appendices/reference-materials', (_, res) => res.json(MASTER_REF.appendices.referenceMaterials));
 
+// Additional master-ref endpoints for comprehensive coverage
+app.get('/api/master-ref/regulatory/policy-as-code', (_, res) => res.json({
+  totalPolicies: 482, framework: 'OPA Rego', engine: 'Open Policy Agent v0.60+',
+  policyFiles: ['eu_ai_act_high_risk.rego','nist_ai_rmf_govern.rego','iso42001_aims_governance.rego','gdpr_ai_data_protection.rego','fair_lending_disparate_impact.rego','basel_iii_model_risk.rego','sr_11_7_model_validation.rego','kafka_acl_governance.rego','eu_ai_act_kafka_enforcement.rego','agent_governance_depths.rego','development_deployment_governance.rego','monitoring_sentinel_engine.rego','oecd_ai_principles.rego','master_reference_compliance.rego'],
+  evaluationsPerDay: '1.4M', p99Latency: '4.2ms', availability: '99.97%'
+}));
+app.get('/api/master-ref/governance-structure/raci-matrix', (_, res) => res.json({
+  roles: ['Board','CAIO','CRO','CISO','CTO','Legal','MRM','DevOps','Audit'],
+  activities: [
+    {activity:'AI System Registration',raci:['A','R','C','I','C','C','I','I','I']},
+    {activity:'Model Risk Assessment',raci:['I','C','R','C','I','I','A','I','C']},
+    {activity:'Policy Deployment',raci:['I','A','C','C','R','I','I','R','I']},
+    {activity:'Compliance Monitoring',raci:['I','A','R','C','I','C','C','I','C']},
+    {activity:'Incident Response',raci:['I','A','R','R','R','C','I','R','I']},
+    {activity:'AGI Safety Review',raci:['A','R','R','R','C','C','C','I','C']},
+    {activity:'Regulatory Reporting',raci:['A','C','R','I','I','R','C','I','R']},
+    {activity:'Kill-Switch Activation',raci:['I','A','R','R','R','I','I','R','I']},
+    {activity:'Annual Audit',raci:['A','C','C','C','C','C','C','I','R']}
+  ]
+}));
+app.get('/api/master-ref/technical/kafka-acl/acl-rules', (_, res) => res.json({
+  totalRules: 312, ruleGroups: 11,
+  enforcement: 'mTLS + SPIFFE SVIDs', auditRetention: '10 years',
+  topicCount: MASTER_REF.technicalImplementation.kafkaAclGovernance.topics.length,
+  throughput: '45,000 events/sec', availability: '99.997%'
+}));
+app.get('/api/master-ref/technical/worm-storage', (_, res) => res.json({
+  type: 'S3-compatible WORM', signing: 'SHA-256 + Ed25519',
+  retentionMinimum: '10 years', evidenceBundleP99: '4.8s',
+  evidenceAssemblyReduction: '94%', assemblyTimeBefore: '72h', assemblyTimeAfter: '4.3h',
+  storageFormat: 'Immutable append-only', verificationTool: 'governance-verify-cli.py'
+}));
+app.get('/api/master-ref/technical/drift-detection', (_, res) => res.json({
+  enabled: true, interval: '15 minutes', engine: 'Terraform + Sentinel',
+  autoRemediation: true, driftCategories: ['ACL Configuration','Policy Version','Schema Registry','Certificate Rotation','Retention Policy'],
+  alertThreshold: 'Any unauthorized change', escalation: 'Immediate SEV-2'
+}));
+app.get('/api/master-ref/technical/evidence-bundles', (_, res) => res.json({
+  generationP99: '4.8s', formats: ['SR 11-7','EU AI Act Art.11','ISO 42001','Basel III CRE 30-36'],
+  bundleTypes: ['Compliance Assessment','Model Validation','Incident Response','Audit Evidence','Regulatory Submission'],
+  storageIntegrity: 'SHA-256 chain-of-custody', retrieval: 'Self-service portal + API'
+}));
+app.get('/api/master-ref/financial-services/risk-management', (_, res) => res.json({
+  category: 'Risk Management Models', models: 94, production: 42, tier: 'Tier-2',
+  srSection: 'SR 11-7 §IV', pdAccuracy: '0.91', framework: 'Basel III CRE 30-36',
+  validationFrequency: 'Annual + trigger-based'
+}));
+app.get('/api/master-ref/financial-services/customer-service', (_, res) => res.json({
+  category: 'Customer Service AI', models: 67, production: 28, tier: 'Tier-2',
+  srSection: 'SR 11-7 §V', avgCSAT: '4.2/5.0', framework: 'Consumer Duty + FCRA',
+  complianceScore: '94.1%'
+}));
+app.get('/api/master-ref/agi-safety/kill-switch/status', (_, res) => res.json({
+  status: 'ARMED', lastTest: '2026-04-01T00:00:00Z', testResult: 'PASS',
+  activationLatency: '<100ms', types: ['Hardware Kill-Switch','Software Kill-Switch','Network Isolation','Resource Throttle'],
+  authority: ['CAIO','CRO','Board Chair'], requiresDualApproval: true
+}));
+app.get('/api/master-ref/agi-safety/cognitive-resonance', (_, res) => res.json({
+  protocol: 'Cognitive Resonance Protocol v1.0', status: 'Deployed',
+  components: ['Alignment Monitor','Value Drift Detector','Goal Stability Verifier','Reward Hacking Guard'],
+  testSuite: 847, passRate: '97.2%', deployedSince: 'Q2 2026'
+}));
+app.get('/api/master-ref/global-governance/jurisdiction-compliance', (_, res) => res.json({
+  jurisdictions: [
+    {name:'United States',score:94.8,frameworks:['NIST AI RMF','FCRA/ECOA','SR 11-7']},
+    {name:'European Union',score:89.4,frameworks:['EU AI Act','GDPR','ISO 42001']},
+    {name:'United Kingdom',score:91.2,frameworks:['UK AI Framework','UK GDPR','PRA SS1/23']},
+    {name:'OECD Global',score:91.6,frameworks:['OECD AI Principles','ISO 42001']}
+  ],
+  overallAverage: 91.75
+}));
+app.get('/api/master-ref/blueprint/unified-view', (_, res) => res.json({
+  scales: MASTER_REF.masterBlueprint.scales,
+  scalability: MASTER_REF.masterBlueprint.scalabilityPathway,
+  integration: MASTER_REF.masterBlueprint.integrationWithExisting,
+  unifiedThesis: 'Enterprise + Frontier + Civilizational governance unified under MREF-GSIFI-WP-023'
+}));
+app.get('/api/master-ref/implementation/risks/register', (_, res) => res.json({
+  totalRisks: MASTER_REF.implementation.riskAssessment.totalRisks,
+  criticalRisks: MASTER_REF.implementation.riskAssessment.criticalRisks,
+  highRisks: MASTER_REF.implementation.riskAssessment.highRisks,
+  risks: MASTER_REF.implementation.riskAssessment.topRisks
+}));
+app.get('/api/master-ref/implementation/kpi-targets', (_, res) => res.json({
+  targets: [
+    {kpi:'Regulatory Compliance Score',baseline:'72.4%',target2026:'91.2%',target2028:'97.1%',target2030:'99.2%'},
+    {kpi:'OPA Policy Coverage',baseline:'124',target2026:'482',target2028:'850',target2030:'1,200+'},
+    {kpi:'Sentinel Rules',baseline:'312',target2026:'1,247',target2028:'2,000',target2030:'2,800+'},
+    {kpi:'Daily Policy Evaluations',baseline:'280K',target2026:'1.4M',target2028:'5.5M',target2030:'8M+'},
+    {kpi:'Mean Incident Response',baseline:'45 min',target2026:'14 min',target2028:'5 min',target2030:'3 min'},
+    {kpi:'AI Risk Score',baseline:'38.2',target2026:'55.8',target2028:'75.2',target2030:'82.5'},
+    {kpi:'Model Bias DI',baseline:'0.72',target2026:'0.80',target2028:'0.88',target2030:'0.92'},
+    {kpi:'AGI Readiness Level',baseline:'ARL-1',target2026:'ARL-2',target2028:'ARL-5',target2030:'ARL-7'}
+  ]
+}));
+
 // Dashboard / KPI Summary
 app.get('/api/master-ref/dashboard', (_, res) => {
   const fwScores = MASTER_REF.regulatoryCompliance.frameworks.map(f => ({ id: f.id, name: f.name, score: f.complianceScore }));
@@ -15140,6 +15237,839 @@ app.get('/api/master-ref/metrics', (_, res) => {
   });
 });
 
+// ══════════════════════════════════════════════════════════════════════════════
+// SECTION: G-SIFI REFERENCE ARCHITECTURE — ENTERPRISE AI GOVERNANCE
+// Document: GSIFI-REFARCH-WP-024 v1.0.0
+// Scope: Tier-1 Global Banks, G-SIFIs, AGI-Capable System Governance
+// Six-Layer Full-Stack Model · Three-Lines-of-Defense · Regulatory Crosswalk
+// Board Deliverables · 90-Day MVP Roadmap · Crisis Simulation Scenarios
+// ══════════════════════════════════════════════════════════════════════════════
+
+const GSIFI_REFARCH = {
+  meta: {
+    documentReference: 'GSIFI-REFARCH-WP-024',
+    title: 'Enterprise AI Governance Reference Architecture for Global Systemically Important Financial Institutions',
+    subtitle: 'Six-Layer Full-Stack Governance Model for AGI-Capable Systems in Tier-1 Global Banks',
+    version: '1.0.0',
+    date: '2026-04-10',
+    classification: 'CONFIDENTIAL — Board Risk Committee / C-Suite / Prudential Supervisors / Internal Audit',
+    authors: [
+      'Chief AI Governance Officer (CAIGO)',
+      'Chief Risk Officer',
+      'Chief Information Security Officer',
+      'Head of Model Risk Management',
+      'VP AI Ethics & Safety',
+      'Head of Data Governance',
+      'Chief Technology Officer',
+      'General Counsel',
+      'Head of Compute Governance'
+    ],
+    audience: [
+      'Board Risk Committee',
+      'Board Technology Committee',
+      'Group CEO / Group CRO / Group CTO / Group CISO',
+      'Prudential Supervisors (Fed, PRA, ECB-SSM, MAS)',
+      'AI Risk Committee',
+      'Model Risk Management',
+      'Internal Audit / External Audit',
+      'Financial Conduct Regulators (FCA, CFPB, ESMA)'
+    ],
+    applicability: 'All AI/ML systems deployed by the institution, with enhanced controls for AGI-capable, autonomous-decision, and frontier-model systems',
+    regulatoryFrameworks: ['EU AI Act (2024/1689)', 'NIST AI RMF 1.0', 'ISO/IEC 42001:2023', 'SR 11-7', 'GDPR (2016/679)', 'FCRA/ECOA', 'Basel III CRE 30-36', 'PRA SS1/23', 'FCA PS23/16', 'MAS FEAT'],
+    supersedes: ['GSIFI-REFARCH-WP-024-DRAFT-001'],
+    companionDocuments: [
+      { ref: 'MREF-GSIFI-WP-023', title: 'Master Reference 2026-2030' },
+      { ref: 'KACG-GSIFI-WP-017', title: 'Kafka ACL Governance Engine' },
+      { ref: 'PRACT-GSIFI-WP-011', title: 'Practitioner G-SIFI Guide' },
+      { ref: 'SAFE-AGI-WP-003', title: 'AGI Readiness & Safety Frameworks' }
+    ]
+  },
+
+  // ════════════════════════════════════════════════════════════
+  // SIX-LAYER FULL-STACK AI GOVERNANCE MODEL
+  // ════════════════════════════════════════════════════════════
+  sixLayerModel: {
+    designPrinciple: 'Defense-in-depth governance: every AI decision traverses six explicit control layers from board mandate to silicon. No layer may be bypassed; each produces immutable evidence.',
+    layers: [
+      {
+        id: 'L1', name: 'Board & Enterprise Risk Oversight',
+        function: 'Strategic direction, risk appetite, regulatory accountability, fiduciary duty for AI/AGI systems',
+        owner: 'Board Risk Committee + Board Technology Sub-Committee',
+        threeLines: '3rd Line + Board Oversight',
+        controls: [
+          'AI/AGI risk appetite statement (annual, board-approved)',
+          'Quarterly AI risk dashboard review with traffic-light escalation',
+          'Annual AGI readiness stress test and tabletop exercise',
+          'Board-level kill-switch authorization protocol',
+          'SMCR/SIMR accountability mapping for AI decisions',
+          'Regulatory examination response ownership'
+        ],
+        keyRoles: ['Board Risk Committee Chair', 'Non-Executive AI Director', 'Group CEO', 'Group CRO'],
+        artifacts: ['AI Risk Appetite Statement', 'Board AI Dashboard', 'Annual AI Attestation', 'Crisis Playbook'],
+        regulatoryMapping: { 'EU AI Act': 'Art. 9, 26 (deployer obligations)', 'NIST AI RMF': 'GOVERN 1-6', 'ISO 42001': 'Clause 5 (Leadership)', 'SR 11-7': 'Board oversight mandate', 'GDPR': 'Art. 35 (DPIA oversight)' },
+        maturityTarget: 'Level 4 (Proactive) by Q4 2027',
+        kpis: [
+          { kpi: 'Board AI dashboard review cadence', target: 'Quarterly', current: 'Quarterly' },
+          { kpi: 'AI risk appetite refresh', target: 'Annual', current: 'Annual' },
+          { kpi: 'Board tabletop exercise completion', target: '1/year', current: '1/year' },
+          { kpi: 'SMCR mapping coverage', target: '100%', current: '94%' }
+        ]
+      },
+      {
+        id: 'L2', name: 'AI Strategy & Policy Infrastructure',
+        function: 'Enterprise AI policies, standards, taxonomies, ethical frameworks, and responsible AI principles translated into enforceable rules',
+        owner: 'CAIGO + AI Risk Committee',
+        threeLines: '2nd Line (AI Risk)',
+        controls: [
+          'Enterprise AI Policy (Tier-1, board-approved annually)',
+          'AI Standards Library (Tier-2, CRO-approved quarterly)',
+          'Risk classification taxonomy: Prohibited → High → Limited → Minimal',
+          'Ethical AI principles (fairness, transparency, accountability, safety, privacy)',
+          'Policy-as-code enforcement via OPA Rego (482+ rules)',
+          'Policy exception register with time-bound expiry and CRO escalation',
+          'Cross-jurisdictional policy harmonization matrix'
+        ],
+        keyRoles: ['CAIGO', 'AI Risk Committee Chair', 'VP AI Ethics & Safety', 'General Counsel'],
+        artifacts: ['Enterprise AI Policy v3.0', 'AI Standards Library', 'Risk Taxonomy', 'Policy Exception Register', 'OPA Rule Catalog'],
+        regulatoryMapping: { 'EU AI Act': 'Art. 6-7 (risk classification), Art. 9 (risk management)', 'NIST AI RMF': 'GOVERN, MAP', 'ISO 42001': 'Clause 6 (Planning), Clause 7 (Support)', 'SR 11-7': 'Policy framework requirements', 'GDPR': 'Art. 5, 25 (data protection by design)' },
+        maturityTarget: 'Level 4 (Proactive) by Q2 2027',
+        kpis: [
+          { kpi: 'Policy coverage (AI systems governed)', target: '100%', current: '91%' },
+          { kpi: 'OPA rule coverage (regulatory requirements)', target: '95%', current: '88%' },
+          { kpi: 'Policy exception age (avg days)', target: '<90', current: '67' },
+          { kpi: 'Cross-jurisdictional alignment', target: '95%', current: '86%' }
+        ]
+      },
+      {
+        id: 'L3', name: 'Model Lifecycle & Risk Management',
+        function: 'End-to-end model lifecycle governance from ideation through decommission, including risk assessment, validation, monitoring, and MRM',
+        owner: 'Head of Model Risk Management + CAIGO',
+        threeLines: '2nd Line (Model Risk)',
+        controls: [
+          'AI System Inventory Registry (all models, all jurisdictions)',
+          'Risk classification engine: 12-dimension scoring (ARS v2.0)',
+          'Model validation platform (independent challenger, back-testing)',
+          'SR 11-7 compliant validation lifecycle (6-stage pipeline)',
+          'Fairness testing: disparate impact ratio ≥ 0.80 threshold',
+          'Model performance monitoring (drift detection, degradation alerting)',
+          'Model decommission protocol with evidence archival',
+          'Frontier model enhanced validation (AAVP: 2,847 tests)'
+        ],
+        keyRoles: ['Head of MRM', 'Lead Model Validators', 'Model Risk Analysts', 'AI Safety Engineers'],
+        artifacts: ['Model Inventory', 'Model Risk Assessment', 'Validation Report', 'Performance Monitor Dashboard', 'Decommission Certificate'],
+        regulatoryMapping: { 'EU AI Act': 'Art. 9-15 (high-risk requirements)', 'NIST AI RMF': 'MAP, MEASURE', 'ISO 42001': 'Clause 8 (Operation), Annex A', 'SR 11-7': 'Full lifecycle (§§III-V)', 'GDPR': 'Art. 22 (automated decision-making)', 'FCRA/ECOA': 'Fair lending model validation' },
+        maturityTarget: 'Level 4 (Proactive) by Q4 2026',
+        kpis: [
+          { kpi: 'Model inventory completeness', target: '100%', current: '96%' },
+          { kpi: 'Validation currency (models within cycle)', target: '95%', current: '89%' },
+          { kpi: 'Avg validation turnaround (days)', target: '<45', current: '52' },
+          { kpi: 'Disparate impact compliance', target: '100% ≥ 0.80', current: '97%' },
+          { kpi: 'High-risk model re-validation frequency', target: 'Annual', current: 'Annual' }
+        ]
+      },
+      {
+        id: 'L4', name: 'Data Governance & Privacy Engineering',
+        function: 'AI-ready data infrastructure: lineage, quality, consent, privacy, PII protection, and cross-border data transfer governance',
+        owner: 'Chief Data Officer + Data Protection Officer',
+        threeLines: '1st Line (Data Operations) + 2nd Line (Data Governance)',
+        controls: [
+          'Data lineage tracking (source → feature → model → output)',
+          'Data quality gates: 6 dimensions (completeness, accuracy, timeliness, consistency, uniqueness, validity)',
+          'Overall data quality score threshold ≥ 0.85',
+          'PII detection and classification (99.7% accuracy)',
+          'GDPR Art. 17 erasure compliance (automated, < 72h)',
+          'Cross-border data transfer impact assessment',
+          'Consent management for AI training data',
+          'Synthetic data governance for model development',
+          'Data governance fields in model registry (14 mandatory fields)'
+        ],
+        keyRoles: ['CDO', 'DPO', 'Data Stewards', 'Privacy Engineers', 'Data Quality Analysts'],
+        artifacts: ['Data Lineage Maps', 'Data Quality Reports', 'DPIA Register', 'Consent Records', 'Erasure Audit Trail'],
+        regulatoryMapping: { 'EU AI Act': 'Art. 10 (data governance), Art. 12 (record-keeping)', 'NIST AI RMF': 'MAP 2, MEASURE 2', 'ISO 42001': 'Annex A.6 (Data)', 'SR 11-7': 'Data validation requirements', 'GDPR': 'Art. 5-9, 13-22, 25, 30, 35' },
+        maturityTarget: 'Level 3 (Defined) by Q2 2027',
+        modelRegistryDataFields: [
+          { field: 'data_sources', type: 'array', required: true, description: 'List of all data sources with lineage IDs' },
+          { field: 'training_data_version', type: 'string', required: true, description: 'Immutable version hash of training dataset' },
+          { field: 'pii_classes_present', type: 'array', required: true, description: 'PII categories in training/inference data' },
+          { field: 'consent_basis', type: 'enum', required: true, description: 'Legal basis: consent | legitimate_interest | contract | legal_obligation' },
+          { field: 'data_quality_score', type: 'float', required: true, description: 'Composite DQ score (0.0-1.0), minimum 0.85' },
+          { field: 'cross_border_transfers', type: 'array', required: false, description: 'Jurisdictions where data is transferred' },
+          { field: 'retention_policy', type: 'string', required: true, description: 'Data retention period and deletion trigger' },
+          { field: 'synthetic_data_ratio', type: 'float', required: false, description: 'Proportion of synthetic vs real data' },
+          { field: 'bias_audit_date', type: 'date', required: true, description: 'Last bias/fairness audit of training data' },
+          { field: 'feature_store_ref', type: 'string', required: false, description: 'Reference to centralized feature store' },
+          { field: 'dpia_ref', type: 'string', required: true, description: 'Data Protection Impact Assessment reference' },
+          { field: 'data_steward', type: 'string', required: true, description: 'Accountable data steward name/ID' },
+          { field: 'encryption_at_rest', type: 'boolean', required: true, description: 'AES-256 encryption status' },
+          { field: 'anonymization_method', type: 'string', required: false, description: 'Anonymization/pseudonymization technique applied' }
+        ],
+        kpis: [
+          { kpi: 'Data quality score (composite)', target: '≥ 0.85', current: '0.87' },
+          { kpi: 'PII detection accuracy', target: '99.5%', current: '99.7%' },
+          { kpi: 'Erasure request compliance (< 72h)', target: '100%', current: '99.4%' },
+          { kpi: 'Data lineage coverage', target: '95%', current: '82%' },
+          { kpi: 'Model registry data field completeness', target: '100%', current: '91%' }
+        ]
+      },
+      {
+        id: 'L5', name: 'Development, Deployment & Runtime Governance',
+        function: 'CI/CD pipeline governance, human-in-the-loop gates, runtime monitoring, incident response, escalation thresholds, and operational controls',
+        owner: 'CTO + Head of AI Platform Engineering',
+        threeLines: '1st Line (Engineering)',
+        controls: [
+          'CI/CD governance pipeline: 7-stage with human-in-the-loop gates',
+          'Runtime monitoring: real-time performance, drift, fairness, safety',
+          'Tamper-evident audit logging (Kafka WORM, SHA-256 + Ed25519)',
+          'KPI/SLA oversight panel with automated alerting',
+          'Incident response ownership matrix (RACI per severity)',
+          'Runtime escalation thresholds (5 trigger types)',
+          'Canary/blue-green deployment with automated rollback',
+          'Kill-switch architecture (hardware + software + network isolation)',
+          'AI system health dashboard (real-time, board-accessible)'
+        ],
+        keyRoles: ['CTO', 'Head AI Platform', 'MLOps Engineers', 'SRE/DevSecOps', 'Incident Commanders'],
+        artifacts: ['CI/CD Gate Reports', 'Runtime Dashboards', 'Audit Logs', 'Incident Reports', 'Deployment Certificates'],
+        cicdGates: [
+          { gate: 1, name: 'Code Quality & Security Scan', tool: 'SonarQube + Snyk + Semgrep', humanApproval: false, blocksOn: 'Critical/High vulns, code coverage < 80%' },
+          { gate: 2, name: 'Data Validation & DQ Check', tool: 'Great Expectations + Custom DQ Engine', humanApproval: false, blocksOn: 'DQ score < 0.85, schema drift, PII leak' },
+          { gate: 3, name: 'Model Performance Validation', tool: 'MLflow + Custom Benchmark Suite', humanApproval: true, blocksOn: 'AUC/F1 regression > 2%, latency > SLA' },
+          { gate: 4, name: 'Bias & Fairness Assessment', tool: 'Fairlearn + AIF360 + Custom DI Engine', humanApproval: true, blocksOn: 'DI < 0.80, protected-class disparity > 5%' },
+          { gate: 5, name: 'Policy-as-Code Compliance', tool: 'OPA Rego (482 rules) + Sentinel (1,247 rules)', humanApproval: false, blocksOn: 'Any policy violation (zero-tolerance for High-Risk)' },
+          { gate: 6, name: 'Security & Adversarial Testing', tool: 'Garak + Custom Red-Team Suite + PenTest', humanApproval: true, blocksOn: 'Prompt injection vuln, jailbreak success > 0.1%' },
+          { gate: 7, name: 'Deployment Approval & Sign-off', tool: 'Governance Portal + MRM Sign-off', humanApproval: true, blocksOn: 'Missing validation cert, risk owner approval, or CAIGO sign-off for High-Risk' }
+        ],
+        runtimeEscalationThresholds: [
+          { trigger: 'Performance Degradation', metric: 'AUC/F1 drop > 5% from baseline over 24h rolling window', severity: 'SEV-2', escalation: 'Model Owner → MRM → CAIGO', sla: '4 hours', autoAction: 'Traffic throttle to 50%, shadow mode activation' },
+          { trigger: 'Fairness Drift', metric: 'DI ratio drops below 0.80 for any protected class', severity: 'SEV-1', escalation: 'AI Ethics → CRO → Board Risk Committee (if systemic)', sla: '2 hours', autoAction: 'Immediate model quarantine for credit/lending models' },
+          { trigger: 'Data Quality Breach', metric: 'Input DQ score < 0.80 or schema violation rate > 1%', severity: 'SEV-2', escalation: 'Data Steward → CDO → Model Owner', sla: '4 hours', autoAction: 'Fallback to last-known-good data pipeline' },
+          { trigger: 'Adversarial/Anomalous Input', metric: 'Anomaly score > 3σ or known attack pattern detected', severity: 'SEV-1', escalation: 'CISO SOC → AI Security → CAIGO → Kill-switch if autonomous', sla: '1 hour', autoAction: 'Rate limit + enhanced logging + human review queue' },
+          { trigger: 'Autonomous Decision Volume Spike', metric: 'Decision throughput > 200% of 30-day average', severity: 'SEV-2', escalation: 'Operations → CRO Risk → CAIGO', sla: '2 hours', autoAction: 'Throttle to baseline, require human approval above threshold' }
+        ],
+        regulatoryMapping: { 'EU AI Act': 'Art. 9 (risk management), Art. 14 (human oversight), Art. 72 (post-market monitoring)', 'NIST AI RMF': 'MANAGE 1-4', 'ISO 42001': 'Clause 8, 9, 10', 'SR 11-7': '§IV-V (ongoing monitoring)', 'GDPR': 'Art. 32 (security), Art. 33-34 (breach notification)' },
+        maturityTarget: 'Level 4 (Proactive) by Q2 2027',
+        kpis: [
+          { kpi: 'CI/CD pipeline pass rate', target: '95%', current: '92%' },
+          { kpi: 'Mean time to detect (MTTD)', target: '< 15 min', current: '23 min' },
+          { kpi: 'Mean time to respond (MTTR)', target: '< 60 min', current: '87 min' },
+          { kpi: 'Audit log integrity verification', target: '100%', current: '100%' },
+          { kpi: 'Runtime escalation SLA compliance', target: '98%', current: '91%' },
+          { kpi: 'Human-in-the-loop gate coverage', target: '100% for High-Risk', current: '100%' }
+        ]
+      },
+      {
+        id: 'L6', name: 'Compute & Infrastructure Governance',
+        function: 'Hardware/infrastructure controls: compute allocation, GPU cluster governance, energy monitoring, physical security, supply chain, and sovereign compute compliance',
+        owner: 'Head of Compute Governance + CISO',
+        threeLines: '1st Line (Infrastructure) + 2nd Line (Security)',
+        controls: [
+          'Compute allocation registry (GPU/TPU inventory, utilization, access)',
+          'Training compute threshold monitoring (frontier model detection)',
+          'Sovereign compute compliance (data residency, jurisdictional boundaries)',
+          'Hardware security module (HSM) key management for model signing',
+          'Supply chain governance for AI accelerators (provenance, sanctions)',
+          'Energy and carbon footprint monitoring for AI workloads',
+          'Physical security for AI training clusters (SCIF-equivalent)',
+          'Network segmentation for AI workloads (Zero Trust Architecture)',
+          'Compute cost allocation and chargeback governance'
+        ],
+        keyRoles: ['Head of Compute Governance', 'CISO', 'VP Infrastructure', 'Cloud Security Architects', 'Procurement AI Hardware'],
+        artifacts: ['Compute Registry', 'Utilization Reports', 'Sovereignty Assessment', 'HSM Key Inventory', 'Carbon Reports'],
+        regulatoryMapping: { 'EU AI Act': 'Art. 52a (compute thresholds for GPAI)', 'NIST AI RMF': 'GOVERN 5 (resource allocation)', 'ISO 42001': 'Annex A.8 (Technology)', 'SR 11-7': 'Infrastructure risk for model-dependent systems', 'GDPR': 'Art. 32 (appropriate technical measures)' },
+        maturityTarget: 'Level 3 (Defined) by Q4 2027',
+        kpis: [
+          { kpi: 'Compute registry completeness', target: '100%', current: '78%' },
+          { kpi: 'Sovereign compute compliance', target: '100%', current: '94%' },
+          { kpi: 'GPU utilization efficiency', target: '> 70%', current: '62%' },
+          { kpi: 'HSM key rotation compliance', target: '100%', current: '100%' },
+          { kpi: 'Carbon reporting coverage', target: '100%', current: '45%' }
+        ]
+      }
+    ]
+  },
+
+  // ════════════════════════════════════════════════════════════
+  // THREE LINES OF DEFENSE + KEY GOVERNANCE ROLES
+  // ════════════════════════════════════════════════════════════
+  threeLinesOfDefense: {
+    model: 'Enhanced Three Lines of Defense adapted for AI/AGI governance in G-SIFIs, with additional Board Oversight layer',
+    lines: [
+      {
+        line: '1st Line', name: 'AI Development & Operations',
+        function: 'Build, deploy, operate, and monitor AI systems within policy guardrails',
+        roles: [
+          { title: 'AI/ML Engineers', count: '200-400 FTE (typical Tier-1)', responsibility: 'Build models within governance frameworks' },
+          { title: 'MLOps/DevSecOps', count: '50-100 FTE', responsibility: 'CI/CD pipeline operation and gate enforcement' },
+          { title: 'Data Engineers', count: '100-200 FTE', responsibility: 'Data pipeline quality and lineage' },
+          { title: 'SRE/Infrastructure', count: '30-60 FTE', responsibility: 'Runtime reliability and compute governance' }
+        ],
+        accountabilities: ['Policy compliance in daily operations', 'Self-assessment and testing', 'Incident first-response', 'Evidence production for audit']
+      },
+      {
+        line: '2nd Line', name: 'AI Risk Management & Compliance',
+        function: 'Independent oversight, challenge, validation, and policy enforcement',
+        roles: [
+          {
+            title: 'Chief AI Governance Officer (CAIGO)',
+            reportsTo: 'Group CRO (functional) / CEO (administrative)',
+            responsibility: 'Enterprise-wide AI governance accountability. Chairs AI Risk Committee. Owns AI policy framework, risk taxonomy, compliance-as-code program. Authority to halt any AI system deployment.',
+            budget: '$2.8M annual (governance operations + external advisory)',
+            directReports: 12,
+            keyAuthorities: ['AI system deployment halt', 'Risk appetite breach escalation', 'Policy exception approval/denial', 'Regulatory examination coordination', 'Kill-switch co-authorization']
+          },
+          {
+            title: 'AI Risk Committee',
+            chair: 'CAIGO',
+            members: ['CRO', 'CTO', 'CISO', 'CDO', 'General Counsel', 'Head of MRM', 'VP AI Ethics', 'Head of Compute Governance'],
+            cadence: 'Monthly (emergency convene within 2 hours)',
+            responsibilities: ['AI risk appetite monitoring', 'High-risk system deployment approval', 'Incident review and lessons learned', 'Regulatory change impact assessment', 'AGI readiness review (quarterly)']
+          },
+          {
+            title: 'AI Ethics & Safety Office',
+            head: 'VP AI Ethics & Safety',
+            reportsTo: 'CAIGO',
+            team: '6-10 FTE (ethicists, safety engineers, policy analysts)',
+            responsibilities: ['Fairness and bias testing', 'Ethical review of new use cases', 'Responsible AI principles enforcement', 'Frontier model safety assessment', 'External ethics advisory liaison', 'Consumer harm impact assessment']
+          },
+          {
+            title: 'Model Risk Management (MRM)',
+            head: 'Head of MRM',
+            reportsTo: 'CRO',
+            team: '40-80 FTE (model validators, quant analysts)',
+            responsibilities: ['Independent model validation (SR 11-7)', 'Model performance monitoring', 'Model inventory management', 'Validation methodology development', 'MRM reporting to Board Risk Committee']
+          },
+          {
+            title: 'Data Governance Office',
+            head: 'CDO',
+            reportsTo: 'COO',
+            team: '20-40 FTE (data stewards, DQ analysts, privacy engineers)',
+            responsibilities: ['Data quality framework', 'Data lineage and cataloging', 'Privacy impact assessments', 'Cross-border data compliance', 'AI training data governance']
+          },
+          {
+            title: 'Compute Governance Office',
+            head: 'Head of Compute Governance',
+            reportsTo: 'CTO',
+            team: '8-15 FTE (compute analysts, security architects)',
+            responsibilities: ['Compute allocation and registry', 'Frontier model threshold monitoring', 'Sovereign compute compliance', 'GPU/TPU supply chain governance', 'Energy and carbon reporting']
+          }
+        ],
+        accountabilities: ['Independent risk assessment and challenge', 'Policy development and enforcement', 'Regulatory compliance assurance', 'Risk reporting to Board']
+      },
+      {
+        line: '3rd Line', name: 'Internal Audit & Board Oversight',
+        function: 'Independent assurance on governance effectiveness and regulatory compliance',
+        roles: [
+          { title: 'AI Audit Team (within Internal Audit)', count: '8-15 FTE', responsibility: 'Independent assurance on AI governance controls, evidence verification, regulatory readiness' },
+          { title: 'Board Risk Committee', cadence: 'Quarterly', responsibility: 'Strategic AI risk oversight, risk appetite approval, crisis authorization' },
+          { title: 'Board Technology Sub-Committee', cadence: 'Quarterly', responsibility: 'Technology strategy alignment, compute governance oversight' }
+        ],
+        accountabilities: ['Governance design adequacy assessment', 'Control operating effectiveness testing', 'Regulatory examination readiness', 'Board-level risk reporting']
+      }
+    ]
+  },
+
+  // ════════════════════════════════════════════════════════════
+  // MINIMAL ENTERPRISE AI GOVERNANCE STACK
+  // ════════════════════════════════════════════════════════════
+  governanceStack: {
+    designPrinciple: 'Eleven mandatory platform components forming the minimum viable governance stack for any G-SIFI deploying AI/AGI systems',
+    components: [
+      {
+        id: 'GS-01', name: 'AI Inventory Registry',
+        description: 'Centralized, authoritative catalog of every AI/ML system across the institution — development, staging, production, decommissioned',
+        minimumFields: ['system_id', 'system_name', 'business_unit', 'risk_tier', 'model_type', 'deployment_status', 'data_sources', 'owner', 'validator', 'last_validation_date', 'regulatory_classification', 'jurisdiction', 'kill_switch_enabled'],
+        technology: 'Custom registry (e.g., MLflow Model Registry + governance extensions)',
+        layer: 'L3', regulatory: ['EU AI Act Art. 49', 'SR 11-7 §III', 'ISO 42001 A.4.3'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q2 2027'
+      },
+      {
+        id: 'GS-02', name: 'Risk Classification Engine',
+        description: '12-dimension AI Risk Score (ARS v2.0) engine that automatically classifies systems as Prohibited/High/Limited/Minimal based on use case, data sensitivity, autonomy level, and impact',
+        dimensions: ['Autonomy Level', 'Decision Impact', 'Data Sensitivity', 'Model Complexity', 'Regulatory Exposure', 'Consumer Impact', 'Systemic Risk', 'Explainability', 'Fairness Risk', 'Safety Criticality', 'Reversibility', 'Human Oversight Level'],
+        technology: 'Custom scoring engine + OPA decision trees',
+        layer: 'L2-L3', regulatory: ['EU AI Act Art. 6-7', 'NIST MAP 1-5', 'SR 11-7 §III'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q4 2026'
+      },
+      {
+        id: 'GS-03', name: 'Policy-as-Code Enforcement',
+        description: 'Machine-executable policy rules that automatically evaluate every AI system and deployment against regulatory and institutional requirements',
+        technology: 'OPA Rego (482+ rules) + Sentinel (1,247 rules)',
+        evaluationsPerDay: '1.4M', p99Latency: '4.2ms', availability: '99.97%',
+        layer: 'L2', regulatory: ['All frameworks (unified enforcement)'],
+        currentMaturity: 'Level 4', targetMaturity: 'Level 5 by Q4 2028'
+      },
+      {
+        id: 'GS-04', name: 'Model Validation Platform',
+        description: 'Independent validation infrastructure for challenger testing, back-testing, stress testing, and ongoing performance monitoring per SR 11-7',
+        capabilities: ['Independent challenger models', 'Back-testing suites', 'Sensitivity analysis', 'Benchmark comparison', 'Stability testing', 'Fairness validation'],
+        technology: 'Custom validation platform + MLflow + Great Expectations',
+        layer: 'L3', regulatory: ['SR 11-7 §IV', 'EU AI Act Art. 9', 'ISO 42001 Clause 9'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q2 2027'
+      },
+      {
+        id: 'GS-05', name: 'Runtime Monitoring & Observability',
+        description: 'Real-time monitoring of all production AI systems: performance, fairness, drift, safety, and anomaly detection with automated alerting',
+        metrics: ['Inference latency', 'Prediction accuracy', 'Feature drift', 'Label drift', 'Fairness metrics', 'Anomaly scores', 'Error rates', 'Throughput', 'Resource utilization'],
+        technology: 'OpenTelemetry + Prometheus + Grafana + Custom AI Monitoring',
+        layer: 'L5', regulatory: ['EU AI Act Art. 72', 'NIST MEASURE/MANAGE', 'SR 11-7 §V'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q4 2027'
+      },
+      {
+        id: 'GS-06', name: 'Tamper-Evident Audit Logging',
+        description: 'Immutable, cryptographically-signed audit trail for every AI governance event, decision, and system interaction',
+        technology: 'Kafka WORM (45K events/sec) + S3 WORM + SHA-256 + Ed25519',
+        retention: '10 years minimum', integrity: 'Chain-of-custody verification',
+        layer: 'L5', regulatory: ['EU AI Act Art. 12', 'SR 11-7 §VI', 'GDPR Art. 30', 'ISO 42001 Clause 7.5'],
+        currentMaturity: 'Level 4', targetMaturity: 'Level 5 by Q2 2028'
+      },
+      {
+        id: 'GS-07', name: 'KPI/SLA Oversight Panel',
+        description: 'Executive-level dashboard providing real-time visibility into AI governance health, regulatory compliance, and risk posture',
+        metrics: 42, refreshRate: 'Real-time (WebSocket)', audiences: ['Board', 'C-Suite', 'MRM', 'Regulators'],
+        layer: 'L1-L5', regulatory: ['NIST GOVERN 6', 'ISO 42001 Clause 9.1', 'SR 11-7 reporting'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q2 2027'
+      },
+      {
+        id: 'GS-08', name: 'Incident Response Framework',
+        description: 'Structured incident response with severity classification, ownership matrix, communication protocols, and post-incident review',
+        severityLevels: 5, avgResponseTime: '14 min (current)', targetResponseTime: '5 min (2028)',
+        layer: 'L5', regulatory: ['EU AI Act Art. 62', 'GDPR Art. 33-34', 'PRA SS1/23', 'SR 11-7'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q2 2027'
+      },
+      {
+        id: 'GS-09', name: 'CI/CD Human-in-the-Loop Gates',
+        description: 'Mandatory human review and approval checkpoints in the AI deployment pipeline, with authority levels tied to risk classification',
+        gates: 7, humanGates: 4, autoGates: 3,
+        layer: 'L5', regulatory: ['EU AI Act Art. 14', 'NIST GOVERN 4', 'SR 11-7 §IV'],
+        currentMaturity: 'Level 4', targetMaturity: 'Level 5 by Q4 2027'
+      },
+      {
+        id: 'GS-10', name: 'Runtime Escalation Engine',
+        description: 'Automated escalation system with 5 trigger types, severity-based routing, SLA enforcement, and auto-remediation capabilities',
+        triggers: 5, autoActions: true, slaEnforcement: true,
+        layer: 'L5', regulatory: ['EU AI Act Art. 72', 'NIST MANAGE 3-4', 'SR 11-7 §V'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q2 2027'
+      },
+      {
+        id: 'GS-11', name: 'Data Governance Fields in Model Registry',
+        description: '14 mandatory data governance fields embedded in the AI model registry ensuring every model has traceable data provenance and compliance status',
+        mandatoryFields: 14, completionTarget: '100%', currentCompletion: '91%',
+        layer: 'L3-L4', regulatory: ['GDPR Art. 5,30', 'EU AI Act Art. 10', 'SR 11-7 data requirements'],
+        currentMaturity: 'Level 3', targetMaturity: 'Level 4 by Q4 2026'
+      }
+    ]
+  },
+
+  // ════════════════════════════════════════════════════════════
+  // REGULATORY CONTROL CROSSWALK
+  // ════════════════════════════════════════════════════════════
+  regulatoryCrosswalk: {
+    purpose: 'Maps each governance control to specific regulatory requirements across all applicable frameworks, with evidence artifacts regulators and internal audit will request',
+    frameworks: ['EU AI Act', 'NIST AI RMF', 'ISO 42001', 'SR 11-7', 'GDPR', 'FCRA/ECOA'],
+    totalControls: 186,
+    totalMappings: 847,
+    controls: [
+      { id: 'CTRL-001', control: 'AI System Risk Classification', euAiAct: 'Art. 6-7 (risk levels)', nistRmf: 'MAP 1.1-1.6', iso42001: '6.1 (risk assessment)', sr117: '§III (model tiering)', gdpr: 'Art. 35 (DPIA trigger)', fcraEcoa: 'N/A', evidence: ['Risk assessment form', 'Classification decision record', 'ARS score calculation'], auditorQuestion: 'Show me how you classified this system as high-risk and what criteria were applied.' },
+      { id: 'CTRL-002', control: 'Model Inventory & Registration', euAiAct: 'Art. 49 (EU database)', nistRmf: 'GOVERN 1.1', iso42001: 'A.4.3', sr117: '§III (inventory)', gdpr: 'Art. 30 (processing records)', fcraEcoa: 'Model documentation', evidence: ['Model registry extract', 'System inventory report', 'Jurisdiction mapping'], auditorQuestion: 'Provide a complete list of all AI models in production, their risk tiers, and validation status.' },
+      { id: 'CTRL-003', control: 'Independent Model Validation', euAiAct: 'Art. 9.7 (testing)', nistRmf: 'MEASURE 1-4', iso42001: 'Clause 9.1', sr117: '§IV (effective challenge)', gdpr: 'N/A', fcraEcoa: 'Fair lending model testing', evidence: ['Validation report', 'Challenger model results', 'Back-testing analysis'], auditorQuestion: 'Walk me through the independent validation of your credit scoring model, including challenger model results.' },
+      { id: 'CTRL-004', control: 'Fairness & Bias Testing', euAiAct: 'Art. 10.2(f)', nistRmf: 'MAP 2.3, MEASURE 2.6', iso42001: 'A.8.4', sr117: '§IV (outcomes analysis)', gdpr: 'Art. 22 (automated decisions)', fcraEcoa: 'DI ≥ 0.80, adverse action', evidence: ['Disparate impact report', 'Protected class analysis', 'Adverse action samples'], auditorQuestion: 'Show disparate impact ratios across all protected classes for your lending models.' },
+      { id: 'CTRL-005', control: 'Human Oversight Mechanisms', euAiAct: 'Art. 14 (human oversight)', nistRmf: 'GOVERN 4', iso42001: 'A.9.2', sr117: '§V (use)', gdpr: 'Art. 22(3) (human intervention)', fcraEcoa: 'Manual review for adverse action', evidence: ['HITL gate configuration', 'Override audit trail', 'Escalation records'], auditorQuestion: 'Demonstrate that a human can intervene, override, or halt this system at any point in the decision chain.' },
+      { id: 'CTRL-006', control: 'Transparency & Explainability', euAiAct: 'Art. 13 (transparency)', nistRmf: 'MAP 2.1', iso42001: 'A.7.4', sr117: '§V (documentation)', gdpr: 'Art. 13-15 (right to explanation)', fcraEcoa: 'Adverse action reasons', evidence: ['Explainability report (SHAP/LIME)', 'Consumer disclosure templates', 'Model documentation'], auditorQuestion: 'Show me how a consumer denied credit receives specific, understandable reasons for the decision.' },
+      { id: 'CTRL-007', control: 'Data Governance & Quality', euAiAct: 'Art. 10 (data requirements)', nistRmf: 'MAP 2.2', iso42001: 'A.6', sr117: '§III (data validation)', gdpr: 'Art. 5 (data quality)', fcraEcoa: 'Data accuracy requirements', evidence: ['Data quality scorecard', 'Lineage documentation', 'DQ gate results'], auditorQuestion: 'Show me the data quality metrics for all input features in your trading algorithm.' },
+      { id: 'CTRL-008', control: 'Continuous Monitoring & Drift Detection', euAiAct: 'Art. 72 (post-market)', nistRmf: 'MEASURE 3, MANAGE 2', iso42001: 'Clause 9.1', sr117: '§V (ongoing monitoring)', gdpr: 'Art. 32 (ongoing security)', fcraEcoa: 'Ongoing compliance monitoring', evidence: ['Monitoring dashboard screenshots', 'Drift alert history', 'Performance trend reports'], auditorQuestion: 'Show me monitoring alerts from the last quarter and how each was investigated and resolved.' },
+      { id: 'CTRL-009', control: 'Incident Management & Reporting', euAiAct: 'Art. 62 (serious incidents)', nistRmf: 'MANAGE 3-4', iso42001: 'Clause 10.2', sr117: 'Incident reporting', gdpr: 'Art. 33-34 (breach notification)', fcraEcoa: 'Consumer complaint handling', evidence: ['Incident register', 'Root cause analysis', 'Regulatory notification records'], auditorQuestion: 'Provide all AI-related incidents from the past 12 months and demonstrate that each was reported within required timeframes.' },
+      { id: 'CTRL-010', control: 'Audit Trail & Record-Keeping', euAiAct: 'Art. 12 (record-keeping)', nistRmf: 'GOVERN 1.5', iso42001: 'Clause 7.5', sr117: '§VI (documentation)', gdpr: 'Art. 30 (records)', fcraEcoa: 'Record retention', evidence: ['Kafka audit log samples', 'WORM storage verification', 'Chain-of-custody proof'], auditorQuestion: 'Demonstrate that your audit trail is tamper-evident and has been verified for integrity over the retention period.' },
+      { id: 'CTRL-011', control: 'Kill-Switch & Emergency Shutdown', euAiAct: 'Art. 14.4(e) (stop button)', nistRmf: 'MANAGE 4', iso42001: 'A.9.5', sr117: 'Operational risk controls', gdpr: 'N/A', fcraEcoa: 'N/A', evidence: ['Kill-switch test results', 'Activation latency metrics', 'Authorization protocol documentation'], auditorQuestion: 'Show me the last kill-switch test result and demonstrate that the system can be halted within 100ms.' },
+      { id: 'CTRL-012', control: 'Board & Executive Reporting', euAiAct: 'Art. 26 (deployer duties)', nistRmf: 'GOVERN 5-6', iso42001: 'Clause 9.3 (management review)', sr117: 'Board reporting mandate', gdpr: 'Art. 37-39 (DPO duties)', fcraEcoa: 'Compliance reporting', evidence: ['Board AI dashboard', 'Quarterly risk report', 'Annual attestation'], auditorQuestion: 'Show me the Board Risk Committee minutes where AI risk was discussed and what actions were taken.' }
+    ]
+  },
+
+  // ════════════════════════════════════════════════════════════
+  // EXECUTIVE & BOARD-READY DELIVERABLES
+  // ════════════════════════════════════════════════════════════
+  boardDeliverables: {
+    prioritizedRecommendation: {
+      recommendation: 'PRODUCE THE FULL REFERENCE ARCHITECTURE FIRST',
+      rationale: [
+        '1. The reference architecture is the foundational artifact from which all others derive — without it, the crosswalk has no control inventory to map, and the risk taxonomy has no containment structure to reference.',
+        '2. Prudential supervisors (Fed, PRA, ECB-SSM) invariably ask "Show me your governance architecture" as the first examination question. The architecture diagram with ownership column is the single most-requested artifact.',
+        '3. The six-layer model provides the structural scaffold for the 90-day MVP: each implementation phase maps directly to specific layers, enabling traceable progress reporting.',
+        '4. The architecture creates organizational clarity — it defines who owns what, resolves ambiguity between 1st/2nd/3rd line for AI, and establishes the CAIGO authority mandate.',
+        '5. EU AI Act conformity assessment (Art. 43) requires a documented governance system before individual control testing begins.'
+      ],
+      sequencing: [
+        { order: 1, artifact: 'Full Reference Architecture (6-Layer + 3LoD)', timeline: 'Week 1-3', reason: 'Foundation for all downstream artifacts' },
+        { order: 2, artifact: 'EU AI Act → NIST → ISO 42001 → SR 11-7 Regulatory Crosswalk', timeline: 'Week 3-6', reason: 'Maps architecture controls to regulatory obligations' },
+        { order: 3, artifact: 'Frontier-AI Risk Taxonomy & Stress-Test Scenarios', timeline: 'Week 6-10', reason: 'Extends architecture for AGI-specific risks; requires architecture as baseline' }
+      ]
+    },
+
+    boardPackageGuidance: {
+      overview: 'Three-document board package for Board Risk Committee presentation',
+      components: [
+        {
+          id: 'BP-01',
+          name: '16:9 Architecture Slide with Ownership Column',
+          format: '16:9 PowerPoint / Keynote (single slide)',
+          layout: {
+            leftColumn: 'Six-layer governance model (L1 → L6) with color-coded risk tiers',
+            centerColumn: 'Key controls per layer (3-4 bullets each, action-oriented)',
+            rightColumn: 'Ownership (named roles, not generic titles), with Three Lines of Defense color coding',
+            footer: 'KPI targets + current state, regulatory framework logos'
+          },
+          designPrinciples: [
+            'One slide, one story: "Six layers of defense from boardroom to silicon"',
+            'No more than 40 words per layer — executives scan, not read',
+            'Color code: Green (on track), Amber (attention needed), Red (immediate action)',
+            'Include named accountability — "CAIGO: Jane Doe" not just "CAIGO"',
+            'Add regulatory badge per layer showing which frameworks map to each layer'
+          ],
+          boardQuestion: 'What are the six layers of AI governance and who is accountable for each?'
+        },
+        {
+          id: 'BP-02',
+          name: 'One-Page Executive Briefing',
+          format: 'A4/Letter, single page, 10-12pt font',
+          sections: [
+            { section: 'Headline', words: 15, content: 'Strategic risk statement: "AI governance is an existential operational risk for G-SIFIs"' },
+            { section: 'Current State', words: 80, content: 'Key metrics: systems governed, compliance score, validation currency, open gaps' },
+            { section: 'Key Risks', words: 60, content: 'Top 3 risks with probability/impact and owner' },
+            { section: 'Recommendation', words: 60, content: 'Board action required: approve architecture, fund MVP, appoint CAIGO' },
+            { section: 'Timeline', words: 40, content: '90-day MVP milestones with go/no-go gates' },
+            { section: 'Investment', words: 40, content: '$14.2M Year-1, $68.4M 5-year, 42.1% IRR, 2.1yr payback' }
+          ],
+          designPrinciples: [
+            'Board members have 90 seconds — lead with the ask, not the analysis',
+            'Use traffic-light indicators (Green/Amber/Red) for every metric',
+            'Include one comparison benchmark: "Peer average compliance: 72%. Our target: 95%"',
+            'End with clear decision request: "The Board is asked to APPROVE / NOTE / DIRECT"'
+          ]
+        },
+        {
+          id: 'BP-03',
+          name: 'Regulatory Crosswalk & Technical Annex',
+          format: '3-5 pages, A4/Letter',
+          sections: [
+            { section: 'Crosswalk Matrix (2 pages)', content: 'Control-to-regulation mapping table covering EU AI Act, NIST, ISO 42001, SR 11-7, GDPR, FCRA/ECOA with evidence artifact column' },
+            { section: 'Gap Analysis (1 page)', content: 'Critical and high-priority gaps with remediation timeline, owner, and investment required' },
+            { section: 'Evidence Readiness Summary (0.5 page)', content: 'Status of evidence artifacts by regulator examination theme' },
+            { section: 'Technical Architecture Diagram (0.5 page)', content: 'Simplified version of the six-layer model showing data flows and control points' }
+          ],
+          designPrinciples: [
+            'Suitable for supervisory review — assume the reader is a Fed/PRA examiner',
+            'Every claim must have a traceable evidence reference',
+            'Use regulatory language: "The institution has implemented..." not "We built..."',
+            'Include a maturity assessment: current state vs. target state per layer'
+          ]
+        }
+      ]
+    }
+  },
+
+  // ════════════════════════════════════════════════════════════
+  // 90-DAY MVP IMPLEMENTATION ROADMAP
+  // ════════════════════════════════════════════════════════════
+  mvpRoadmap: {
+    overview: '90-day sprint to establish minimum viable governance for AI/AGI systems in a G-SIFI, structured in 4 phases with explicit go/no-go gates',
+    totalInvestment: '$14.2M (Year 1) / $68.4M (5-year)',
+    teamSize: '25-35 FTE (governance + engineering + risk)',
+    phases: [
+      {
+        phase: 'Phase 1: Governance Foundation',
+        duration: 'Days 1-21 (3 weeks)',
+        investment: '$1.8M',
+        objective: 'Establish organizational structure, appoint CAIGO, stand up AI Risk Committee, produce initial AI inventory',
+        workstreams: [
+          { ws: 'WS-1.1', name: 'CAIGO Appointment & Authority Charter', owner: 'CEO/CRO', deliverables: ['CAIGO appointment letter', 'Authority charter (board-approved)', 'SMCR/SIMR statement of responsibility'], milestone: 'Day 5' },
+          { ws: 'WS-1.2', name: 'AI Risk Committee Formation', owner: 'CAIGO', deliverables: ['Committee charter', 'Member roster', 'Meeting cadence (monthly + emergency)'], milestone: 'Day 10' },
+          { ws: 'WS-1.3', name: 'AI System Discovery & Inventory', owner: 'CAIGO + CTO', deliverables: ['Initial AI system inventory (80% coverage target)', 'Risk tier preliminary classification', 'Ownership assignment'], milestone: 'Day 18' },
+          { ws: 'WS-1.4', name: 'Board Risk Committee Briefing', owner: 'CAIGO + CRO', deliverables: ['Architecture slide deck', 'One-page executive briefing', 'Board approval for 90-day MVP funding'], milestone: 'Day 21' }
+        ],
+        goNoGo: {
+          gate: 'Gate 1: Governance Foundation Complete',
+          criteria: ['CAIGO appointed with documented authority', 'AI Risk Committee first meeting held', 'AI inventory ≥ 80% coverage', 'Board approval for MVP funding secured'],
+          decisionAuthority: 'CRO + CAIGO'
+        }
+      },
+      {
+        phase: 'Phase 2: Governance Infrastructure',
+        duration: 'Days 22-45 (3.5 weeks)',
+        investment: '$3.4M',
+        objective: 'Deploy core governance technology stack: registry, classification engine, policy-as-code, monitoring foundation',
+        workstreams: [
+          { ws: 'WS-2.1', name: 'AI Inventory Registry Deployment', owner: 'CTO + CAIGO', deliverables: ['Production registry with 13 mandatory fields', 'API integration with CI/CD pipeline', '100% inventory coverage'], milestone: 'Day 30' },
+          { ws: 'WS-2.2', name: 'Risk Classification Engine (ARS v2.0)', owner: 'Head MRM', deliverables: ['12-dimension scoring engine deployed', 'All production systems classified', 'High-risk system enhanced controls activated'], milestone: 'Day 35' },
+          { ws: 'WS-2.3', name: 'Policy-as-Code Foundation', owner: 'CAIGO + CTO', deliverables: ['OPA Rego engine deployed (initial 120 rules)', 'EU AI Act high-risk rules', 'SR 11-7 validation rules', 'CI/CD pipeline integration'], milestone: 'Day 38' },
+          { ws: 'WS-2.4', name: 'Audit Logging Infrastructure', owner: 'CISO + CTO', deliverables: ['Kafka WORM deployment', 'SHA-256 + Ed25519 signing', 'Initial evidence bundle generation'], milestone: 'Day 42' },
+          { ws: 'WS-2.5', name: 'Regulatory Crosswalk v1.0', owner: 'General Counsel + CAIGO', deliverables: ['Control-to-regulation mapping (top 50 controls)', 'Evidence artifact inventory', 'Gap analysis (critical + high priority)'], milestone: 'Day 45' }
+        ],
+        goNoGo: {
+          gate: 'Gate 2: Infrastructure Operational',
+          criteria: ['Registry operational with 100% coverage', 'All High-Risk systems classified and flagged', 'OPA engine processing policy evaluations', 'Audit logging active with integrity verification', 'Regulatory crosswalk v1.0 reviewed by Legal'],
+          decisionAuthority: 'AI Risk Committee'
+        }
+      },
+      {
+        phase: 'Phase 3: Operational Controls',
+        duration: 'Days 46-70 (3.5 weeks)',
+        investment: '$4.8M',
+        objective: 'Activate runtime monitoring, CI/CD gates, escalation engine, incident response, and model validation pipeline',
+        workstreams: [
+          { ws: 'WS-3.1', name: 'CI/CD Governance Gates', owner: 'CTO + CAIGO', deliverables: ['7-stage pipeline with 4 human-in-the-loop gates', 'Gate enforcement for all High-Risk deployments', 'Automated rollback capability'], milestone: 'Day 52' },
+          { ws: 'WS-3.2', name: 'Runtime Monitoring Activation', owner: 'Head AI Platform', deliverables: ['Real-time dashboards (performance, drift, fairness)', '5 escalation trigger types configured', 'Automated alerting to on-call rotation'], milestone: 'Day 58' },
+          { ws: 'WS-3.3', name: 'Model Validation Pipeline', owner: 'Head MRM', deliverables: ['SR 11-7 compliant 6-stage validation process', 'Independent challenger capability', 'Top 10 high-risk models validated'], milestone: 'Day 62' },
+          { ws: 'WS-3.4', name: 'Incident Response Framework', owner: 'CISO + CAIGO', deliverables: ['5-level severity classification', 'RACI ownership matrix', 'Communication templates (regulatory, customer, board)'], milestone: 'Day 65' },
+          { ws: 'WS-3.5', name: 'KPI/SLA Oversight Panel', owner: 'CAIGO', deliverables: ['Executive dashboard (board-ready)', 'Automated KPI tracking (42 metrics)', 'SLA violation alerting'], milestone: 'Day 70' }
+        ],
+        goNoGo: {
+          gate: 'Gate 3: Operational Controls Active',
+          criteria: ['All High-Risk deployments require gate approval', 'Runtime monitoring covering 100% production systems', 'Top 10 high-risk models validated', 'Incident response tested (tabletop)', 'Board dashboard operational'],
+          decisionAuthority: 'AI Risk Committee + CRO'
+        }
+      },
+      {
+        phase: 'Phase 4: Crisis Simulation & Hardening',
+        duration: 'Days 71-90 (3 weeks)',
+        investment: '$4.2M',
+        objective: 'Conduct three AI crisis simulations, harden controls based on findings, produce board attestation package, and demonstrate regulatory readiness',
+        crisisSimulations: [
+          {
+            id: 'CRISIS-01',
+            name: 'Autonomous Trading Cascade',
+            scenario: 'A reinforcement-learning trading algorithm triggers a cascading sell-off across three asset classes in a volatile market, generating $2.8B notional exposure in 47 seconds. The model\'s reward function has drifted due to regime change, and its decisions amplify market volatility beyond circuit-breaker thresholds.',
+            objectives: ['Test kill-switch activation latency (target: <100ms)', 'Validate escalation chain: algo desk → risk → CRO → Board (target: <15 min to CRO)', 'Verify position limits and circuit breakers engage correctly', 'Test cross-market coordination with prime brokers and exchanges', 'Assess regulatory notification timeline (MiFID II Art. 17, Reg SCI)'],
+            participants: ['CAIGO', 'CRO', 'Head of Trading', 'Head of Market Risk', 'CISO', 'Regulator observer (optional)'],
+            duration: '4 hours (tabletop + live drill on test environment)',
+            successCriteria: ['Kill-switch halts trading within 100ms', 'CRO notified within 5 minutes', 'Regulatory notification draft ready within 1 hour', 'Full incident report within 24 hours']
+          },
+          {
+            id: 'CRISIS-02',
+            name: 'Hallucination Cascade in Customer-Facing AI',
+            scenario: 'A large language model powering the bank\'s customer advisory chatbot begins generating false investment advice, fabricated regulatory disclosures, and incorrect account balances. The hallucination rate escalates from 0.3% to 12% over 6 hours, affecting 47,000 customer interactions before detection.',
+            objectives: ['Test hallucination detection and threshold alerting', 'Validate consumer harm assessment process (FCA Consumer Duty)', 'Test model quarantine and fallback to rule-based system', 'Assess customer communication and remediation plan', 'Verify evidence preservation for regulatory inquiry'],
+            participants: ['CAIGO', 'Head of Customer Operations', 'VP AI Ethics', 'General Counsel', 'Head of Consumer Compliance', 'CISO'],
+            duration: '4 hours (tabletop + war-room)',
+            successCriteria: ['Hallucination detected within 30 minutes of threshold breach', 'Model quarantined within 15 minutes of detection', 'Customer communication sent within 4 hours', 'FCA/CFPB notification within 72 hours', 'Affected customers identified and remediated']
+          },
+          {
+            id: 'CRISIS-03',
+            name: 'Adversarial Prompt Injection Attack',
+            scenario: 'A coordinated adversarial attack exploits prompt injection vulnerabilities across multiple AI systems: the internal knowledge assistant leaks confidential M&A strategy, the fraud detection model is manipulated to whitelist suspicious transactions, and the credit scoring model begins approving high-risk applications with fabricated explanations.',
+            objectives: ['Test adversarial detection across the AI estate', 'Validate CISO SOC integration with AI monitoring', 'Test network segmentation and lateral movement prevention', 'Assess cross-system correlation of attack indicators', 'Verify kill-switch cascading (halt all affected systems simultaneously)'],
+            participants: ['CISO', 'CAIGO', 'CRO', 'Head of SOC', 'AI Security Team', 'External red-team (optional)'],
+            duration: '6 hours (red-team exercise + blue-team response)',
+            successCriteria: ['Attack detected within 15 minutes', 'Affected systems isolated within 30 minutes', 'No actual data exfiltration or unauthorized transactions', 'Root cause identified within 4 hours', 'Full remediation plan within 24 hours']
+          }
+        ],
+        hardeningActions: [
+          'Incorporate simulation findings into control design (within 5 business days)',
+          'Update incident response playbooks based on observed gaps',
+          'Refine kill-switch architecture based on latency test results',
+          'Enhance monitoring thresholds based on attack patterns observed',
+          'Produce "lessons learned" report for Board Risk Committee'
+        ],
+        goNoGo: {
+          gate: 'Gate 4: MVP Complete — Regulatory Readiness',
+          criteria: ['All 3 crisis simulations completed with documented outcomes', 'Hardening actions implemented for critical findings', 'Board attestation package produced', 'Regulatory crosswalk v2.0 reviewed and approved', 'External audit readiness assessment passed'],
+          decisionAuthority: 'Board Risk Committee'
+        }
+      }
+    ]
+  }
+};
+
+// ── G-SIFI Reference Architecture API Endpoints ──────────────────────
+
+// Root & Metadata
+app.get('/api/gsifi-refarch', (_, res) => res.json(GSIFI_REFARCH));
+app.get('/api/gsifi-refarch/meta', (_, res) => res.json(GSIFI_REFARCH.meta));
+
+// Six-Layer Model
+app.get('/api/gsifi-refarch/six-layer-model', (_, res) => res.json(GSIFI_REFARCH.sixLayerModel));
+app.get('/api/gsifi-refarch/six-layer-model/layers', (_, res) => res.json(GSIFI_REFARCH.sixLayerModel.layers));
+app.get('/api/gsifi-refarch/six-layer-model/layers/:id', (req, res) => {
+  const layer = GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === req.params.id.toUpperCase());
+  layer ? res.json(layer) : res.status(404).json({ error: 'Layer not found', validIds: GSIFI_REFARCH.sixLayerModel.layers.map(l => l.id) });
+});
+app.get('/api/gsifi-refarch/six-layer-model/layers/:id/controls', (req, res) => {
+  const layer = GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === req.params.id.toUpperCase());
+  layer ? res.json({ layer: layer.id, name: layer.name, controls: layer.controls, regulatoryMapping: layer.regulatoryMapping }) : res.status(404).json({ error: 'Layer not found' });
+});
+app.get('/api/gsifi-refarch/six-layer-model/layers/:id/kpis', (req, res) => {
+  const layer = GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === req.params.id.toUpperCase());
+  layer ? res.json({ layer: layer.id, name: layer.name, kpis: layer.kpis, maturityTarget: layer.maturityTarget }) : res.status(404).json({ error: 'Layer not found' });
+});
+app.get('/api/gsifi-refarch/six-layer-model/regulatory-map', (_, res) => {
+  res.json(GSIFI_REFARCH.sixLayerModel.layers.map(l => ({ layer: l.id, name: l.name, regulatoryMapping: l.regulatoryMapping })));
+});
+app.get('/api/gsifi-refarch/six-layer-model/kpi-summary', (_, res) => {
+  const allKpis = GSIFI_REFARCH.sixLayerModel.layers.flatMap(l => l.kpis.map(k => ({ layer: l.id, layerName: l.name, ...k })));
+  res.json({ totalKpis: allKpis.length, kpis: allKpis });
+});
+
+// Three Lines of Defense
+app.get('/api/gsifi-refarch/three-lines', (_, res) => res.json(GSIFI_REFARCH.threeLinesOfDefense));
+app.get('/api/gsifi-refarch/three-lines/lines', (_, res) => res.json(GSIFI_REFARCH.threeLinesOfDefense.lines));
+app.get('/api/gsifi-refarch/three-lines/lines/:num', (req, res) => {
+  const n = parseInt(req.params.num);
+  const line = GSIFI_REFARCH.threeLinesOfDefense.lines.find((l, i) => i + 1 === n);
+  line ? res.json(line) : res.status(404).json({ error: 'Line not found', valid: [1, 2, 3] });
+});
+app.get('/api/gsifi-refarch/three-lines/caigo', (_, res) => {
+  const secondLine = GSIFI_REFARCH.threeLinesOfDefense.lines[1];
+  const caigo = secondLine.roles.find(r => r.title && r.title.includes('CAIGO'));
+  res.json(caigo);
+});
+app.get('/api/gsifi-refarch/three-lines/ai-risk-committee', (_, res) => {
+  const secondLine = GSIFI_REFARCH.threeLinesOfDefense.lines[1];
+  const committee = secondLine.roles.find(r => r.title && r.title.includes('AI Risk Committee'));
+  res.json(committee);
+});
+app.get('/api/gsifi-refarch/three-lines/ethics-office', (_, res) => {
+  const secondLine = GSIFI_REFARCH.threeLinesOfDefense.lines[1];
+  const ethics = secondLine.roles.find(r => r.title && r.title.includes('Ethics'));
+  res.json(ethics);
+});
+app.get('/api/gsifi-refarch/three-lines/mrm', (_, res) => {
+  const secondLine = GSIFI_REFARCH.threeLinesOfDefense.lines[1];
+  const mrm = secondLine.roles.find(r => r.title && r.title.includes('Model Risk'));
+  res.json(mrm);
+});
+app.get('/api/gsifi-refarch/three-lines/data-governance', (_, res) => {
+  const secondLine = GSIFI_REFARCH.threeLinesOfDefense.lines[1];
+  const dg = secondLine.roles.find(r => r.title && r.title.includes('Data Governance'));
+  res.json(dg);
+});
+app.get('/api/gsifi-refarch/three-lines/compute-governance', (_, res) => {
+  const secondLine = GSIFI_REFARCH.threeLinesOfDefense.lines[1];
+  const cg = secondLine.roles.find(r => r.title && r.title.includes('Compute Governance'));
+  res.json(cg);
+});
+
+// Governance Stack
+app.get('/api/gsifi-refarch/governance-stack', (_, res) => res.json(GSIFI_REFARCH.governanceStack));
+app.get('/api/gsifi-refarch/governance-stack/components', (_, res) => res.json(GSIFI_REFARCH.governanceStack.components));
+app.get('/api/gsifi-refarch/governance-stack/components/:id', (req, res) => {
+  const comp = GSIFI_REFARCH.governanceStack.components.find(c => c.id === req.params.id.toUpperCase());
+  comp ? res.json(comp) : res.status(404).json({ error: 'Component not found' });
+});
+
+// Regulatory Crosswalk
+app.get('/api/gsifi-refarch/crosswalk', (_, res) => res.json(GSIFI_REFARCH.regulatoryCrosswalk));
+app.get('/api/gsifi-refarch/crosswalk/controls', (_, res) => res.json(GSIFI_REFARCH.regulatoryCrosswalk.controls));
+app.get('/api/gsifi-refarch/crosswalk/controls/:id', (req, res) => {
+  const ctrl = GSIFI_REFARCH.regulatoryCrosswalk.controls.find(c => c.id === req.params.id.toUpperCase());
+  ctrl ? res.json(ctrl) : res.status(404).json({ error: 'Control not found' });
+});
+app.get('/api/gsifi-refarch/crosswalk/by-framework/:fw', (req, res) => {
+  const fwMap = { 'eu-ai-act': 'euAiAct', 'nist': 'nistRmf', 'iso42001': 'iso42001', 'sr117': 'sr117', 'gdpr': 'gdpr', 'fcra': 'fcraEcoa' };
+  const key = fwMap[req.params.fw.toLowerCase()];
+  if (!key) return res.status(404).json({ error: 'Unknown framework', valid: Object.keys(fwMap) });
+  const ctrls = GSIFI_REFARCH.regulatoryCrosswalk.controls.filter(c => c[key] && c[key] !== 'N/A');
+  res.json({ framework: req.params.fw, controls: ctrls.length, mappings: ctrls });
+});
+app.get('/api/gsifi-refarch/crosswalk/evidence', (_, res) => {
+  const evidence = GSIFI_REFARCH.regulatoryCrosswalk.controls.map(c => ({ controlId: c.id, control: c.control, evidence: c.evidence, auditorQuestion: c.auditorQuestion }));
+  res.json({ totalControls: evidence.length, evidence });
+});
+
+// Board Deliverables
+app.get('/api/gsifi-refarch/board-deliverables', (_, res) => res.json(GSIFI_REFARCH.boardDeliverables));
+app.get('/api/gsifi-refarch/board-deliverables/recommendation', (_, res) => res.json(GSIFI_REFARCH.boardDeliverables.prioritizedRecommendation));
+app.get('/api/gsifi-refarch/board-deliverables/package', (_, res) => res.json(GSIFI_REFARCH.boardDeliverables.boardPackageGuidance));
+app.get('/api/gsifi-refarch/board-deliverables/package/:id', (req, res) => {
+  const comp = GSIFI_REFARCH.boardDeliverables.boardPackageGuidance.components.find(c => c.id === req.params.id.toUpperCase());
+  comp ? res.json(comp) : res.status(404).json({ error: 'Component not found', valid: ['BP-01', 'BP-02', 'BP-03'] });
+});
+
+// 90-Day MVP Roadmap
+app.get('/api/gsifi-refarch/mvp-roadmap', (_, res) => res.json(GSIFI_REFARCH.mvpRoadmap));
+app.get('/api/gsifi-refarch/mvp-roadmap/phases', (_, res) => res.json(GSIFI_REFARCH.mvpRoadmap.phases));
+app.get('/api/gsifi-refarch/mvp-roadmap/phases/:num', (req, res) => {
+  const n = parseInt(req.params.num);
+  const phase = GSIFI_REFARCH.mvpRoadmap.phases[n - 1];
+  phase ? res.json(phase) : res.status(404).json({ error: 'Phase not found', valid: [1, 2, 3, 4] });
+});
+app.get('/api/gsifi-refarch/mvp-roadmap/crisis-simulations', (_, res) => {
+  const phase4 = GSIFI_REFARCH.mvpRoadmap.phases[3];
+  res.json({ simulations: phase4.crisisSimulations, hardeningActions: phase4.hardeningActions });
+});
+app.get('/api/gsifi-refarch/mvp-roadmap/crisis-simulations/:id', (req, res) => {
+  const phase4 = GSIFI_REFARCH.mvpRoadmap.phases[3];
+  const sim = phase4.crisisSimulations.find(s => s.id === req.params.id.toUpperCase());
+  sim ? res.json(sim) : res.status(404).json({ error: 'Simulation not found', valid: phase4.crisisSimulations.map(s => s.id) });
+});
+app.get('/api/gsifi-refarch/mvp-roadmap/gates', (_, res) => {
+  res.json(GSIFI_REFARCH.mvpRoadmap.phases.map(p => p.goNoGo));
+});
+
+// CI/CD Gates Detail
+app.get('/api/gsifi-refarch/cicd-gates', (_, res) => {
+  const l5 = GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === 'L5');
+  res.json({ totalGates: l5.cicdGates.length, humanGates: l5.cicdGates.filter(g => g.humanApproval).length, gates: l5.cicdGates });
+});
+
+// Runtime Escalation Thresholds
+app.get('/api/gsifi-refarch/escalation-thresholds', (_, res) => {
+  const l5 = GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === 'L5');
+  res.json({ totalTriggers: l5.runtimeEscalationThresholds.length, thresholds: l5.runtimeEscalationThresholds });
+});
+
+// Data Governance Fields in Model Registry
+app.get('/api/gsifi-refarch/data-governance-fields', (_, res) => {
+  const l4 = GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === 'L4');
+  res.json({ totalFields: l4.modelRegistryDataFields.length, requiredFields: l4.modelRegistryDataFields.filter(f => f.required).length, fields: l4.modelRegistryDataFields });
+});
+
+// Dashboard Summary
+app.get('/api/gsifi-refarch/dashboard', (_, res) => {
+  const allKpis = GSIFI_REFARCH.sixLayerModel.layers.flatMap(l => l.kpis.map(k => ({ layer: l.id, ...k })));
+  res.json({
+    document: GSIFI_REFARCH.meta.documentReference,
+    version: GSIFI_REFARCH.meta.version,
+    layers: GSIFI_REFARCH.sixLayerModel.layers.length,
+    linesOfDefense: 3,
+    governanceStackComponents: GSIFI_REFARCH.governanceStack.components.length,
+    regulatoryFrameworks: GSIFI_REFARCH.meta.regulatoryFrameworks.length,
+    crosswalkControls: GSIFI_REFARCH.regulatoryCrosswalk.totalControls,
+    crosswalkMappings: GSIFI_REFARCH.regulatoryCrosswalk.totalMappings,
+    cicdGates: GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === 'L5').cicdGates.length,
+    escalationTriggers: GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === 'L5').runtimeEscalationThresholds.length,
+    crisisSimulations: 3,
+    mvpPhases: GSIFI_REFARCH.mvpRoadmap.phases.length,
+    totalKpis: allKpis.length,
+    boardDeliverables: GSIFI_REFARCH.boardDeliverables.boardPackageGuidance.components.length,
+    mvpInvestment: GSIFI_REFARCH.mvpRoadmap.totalInvestment,
+    dataGovernanceFields: GSIFI_REFARCH.sixLayerModel.layers.find(l => l.id === 'L4').modelRegistryDataFields.length,
+    recommendedFirstArtifact: GSIFI_REFARCH.boardDeliverables.prioritizedRecommendation.recommendation
+  });
+});
+
+// Metrics Summary
+app.get('/api/gsifi-refarch/metrics', (_, res) => {
+  res.json({
+    endpoints: 42,
+    sixLayers: 6,
+    linesOfDefense: 3,
+    governanceComponents: 11,
+    crosswalkControls: 12,
+    regulatoryFrameworks: 10,
+    cicdGates: 7,
+    humanInLoopGates: 4,
+    escalationTriggers: 5,
+    crisisSimulations: 3,
+    mvpPhases: 4,
+    mvpDuration: '90 days',
+    boardDeliverables: 3,
+    kpiCount: GSIFI_REFARCH.sixLayerModel.layers.reduce((a, l) => a + l.kpis.length, 0),
+    dataGovernanceFields: 14,
+    opaRules: '482+',
+    sentinelRules: '1,247',
+    totalInvestment: '$68.4M (5-year)',
+    year1Investment: '$14.2M'
+  });
+});
+
+
 // SECTION 10: START SERVER
 // ══════════════════════════════════════════════════════════════════════════════