diff --git a/rag-agentic-dashboard/data/tier13-fullstack.json b/rag-agentic-dashboard/data/tier13-fullstack.json
new file mode 100644
index 0000000..30129b2
--- /dev/null
+++ b/rag-agentic-dashboard/data/tier13-fullstack.json
@@ -0,0 +1,1404 @@
+{
+  "docRef": "TIER13-FULLSTACK-WP-041",
+  "version": "1.0.0",
+  "horizon": "2026-2030",
+  "classification": "CONFIDENTIAL — Board / CRO / CISO / CAIO / Prudential Supervisor / Treaty Authority / AI Safety Institute",
+  "title": "Full-Stack AI Governance Ontology — Tier 1–3 Enterprise Blueprint for G-SIFIs",
+  "subtitle": "From CI/CD Policy Gates to SACIL/MCIGL/UGL Meta-Cosmic Governance (2026-2030)",
+  "owner": "Group CEO + Chief AI Officer (CAIO) — co-signed by CRO, CISO, GC, DPO, Head of Internal Audit, Treaty Liaison",
+  "buildsOn": [
+    "WP-035 ENT-AGI-GOV-MASTER",
+    "WP-036 WFAP-GEMINI-IMPL",
+    "WP-037 GSIFI-AIMS-BLUEPRINT",
+    "WP-038 AGI-REG-RESILIENT",
+    "WP-039 INST-AGI-MASTER",
+    "WP-040 ENT-AGI-REF-IMPL"
+  ],
+  "tiers": {
+    "T1": "Operational/Engineering — CI/CD, K8s, Kafka, OPA, Terraform, golden envs",
+    "T2": "Enterprise/Supervisory — Control Tower, AI Governance Ledger, autonomous supervisory agents, treaty enforcement",
+    "T3": "Civilizational/Meta-Cosmic — SACIL, MCIGL, UGL governance constructs"
+  },
+  "regimes": [
+    "EU AI Act 2026 (High-Risk + GPAI Arts 53/55)",
+    "NIST AI RMF 1.0 (Govern/Map/Measure/Manage)",
+    "ISO/IEC 42001:2023 AIMS",
+    "ISO/IEC 23894 (AI risk)",
+    "ISO/IEC 5338 (AI lifecycle)",
+    "GDPR Art 22, 25, 35",
+    "Basel III/IV (BCBS 239 risk data aggregation)",
+    "SR 11-7 (Fed Model Risk Management)",
+    "PRA SS1/23, FCA Consumer Duty, MAS FEAT, HKMA",
+    "OECD AI Principles 2019",
+    "US EO 14110 + OMB M-24-10",
+    "FCRA/ECOA, GLBA"
+  ],
+  "counts": {
+    "tiers": 3,
+    "modules": 14,
+    "sections": 56,
+    "schemas": 12,
+    "codeExamples": 14,
+    "caseStudies": 6,
+    "apiRoutes": 92,
+    "controls": 380,
+    "kpis": 22,
+    "opaPolicies": 48,
+    "treatyClauses": 18
+  },
+  "apiPrefix": "/api/tier13-fullstack",
+  "modules": [
+    {
+      "id": "M1",
+      "title": "M1 — Full-Stack Ontology Collapse (Tier 1 → Tier 3)",
+      "summary": "Collapses 380 controls and 7 governance layers into a tractable Tier 1-3 ontology with bidirectional traceability from atomic OPA rules up to UGL meta-cosmic principles.",
+      "sections": [
+        {
+          "id": "M1-S1",
+          "title": "Three-Tier Ontology Lattice",
+          "content": [
+            "Tier 1 (Operational): CI/CD gates, container/cluster runtime, message bus, policy engine, IaC.",
+            "Tier 2 (Enterprise/Supervisory): Control Tower, AI Governance Ledger (AIGL), autonomous supervisory agents, AI treaty layer.",
+            "Tier 3 (Civilizational/Meta-Cosmic): SACIL (Sovereign AI Civilization Layer), MCIGL (Multi-Civilizational Intergovernmental Ledger), UGL (Universal Governance Lattice).",
+            "Each tier emits attestations consumable by the tier above; each upper tier emits constraints flowing downward as policy bundles."
+          ],
+          "diagram": [
+            "T3 UGL  ───constraints──▶ T2 Treaty Layer  ───constraints──▶ T1 OPA bundles",
+            "T1 evidence ──attestations▶ T2 Ledger ──proofs──▶ T3 MCIGL/SACIL inscription"
+          ]
+        },
+        {
+          "id": "M1-S2",
+          "title": "Ontology Domains (7 layers collapsed to 3 tiers)",
+          "content": [
+            "L1 Code & Build (T1)",
+            "L2 Runtime & Data (T1)",
+            "L3 Model & Decision (T1↔T2)",
+            "L4 Policy & Control (T2)",
+            "L5 Supervisory & Treaty (T2↔T3)",
+            "L6 Civilizational (T3)",
+            "L7 Meta-Cosmic / UGL (T3)"
+          ]
+        },
+        {
+          "id": "M1-S3",
+          "title": "Traceability Identifiers",
+          "content": [
+            "Control ID format: CTL-<L>-<NNN> (e.g., CTL-L4-021).",
+            "OPA rule binding: package gov.<domain>.<rule>; metadata: control_id, regime_refs[], tier, sacilPrinciple.",
+            "Every Tier-1 PR enforces presence of {control_id, regime_refs[]} in policy metadata via OPA conftest."
+          ]
+        },
+        {
+          "id": "M1-S4",
+          "title": "Cross-Tier Invariants",
+          "content": [
+            "INV-1: No Tier-1 deployment without signed Tier-2 trust contract.",
+            "INV-2: No Tier-2 supervisory message without UGL-aligned ethical hash.",
+            "INV-3: Tier-3 inscriptions are append-only, anchored in Rekor + MCIGL Merkle root.",
+            "INV-4: Drift between tiers > ε triggers SEV-1 reconciliation within 30 minutes."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M2",
+      "title": "M2 — Tier 1: CI/CD Policy Gates (Pre-Merge → Pre-Prod → Prod)",
+      "summary": "Five-stage CI/CD gate pipeline enforcing OPA/Rego policies, SBOM, model cards, fairness/robustness scans, and SLSA L3 provenance before any AI artifact reaches a regulated environment.",
+      "sections": [
+        {
+          "id": "M2-S1",
+          "title": "Gate Pipeline (G0..G4)",
+          "content": [
+            "G0 Pre-Commit: secrets scan, lint, license check (OPA conftest).",
+            "G1 Pre-Merge: unit tests, model-card schema, dataset-card schema, OPA policy diff, SBOM (CycloneDX 1.5).",
+            "G2 Build: SLSA L3 provenance (in-toto + Sigstore cosign), reproducible image digest, hybrid Ed25519+Dilithium3 signature.",
+            "G3 Pre-Prod: fairness scan (AIR≥0.85), robustness (HELM-style adversarial), data-protection impact (DPIA), Basel-style stress test pack.",
+            "G4 Prod: human-in-the-loop sign-off (CAIO+CRO), Trust Contract issued, AIGL anchor, Codex inscription."
+          ],
+          "regime_refs": [
+            "EU AI Act Art 9-15",
+            "ISO/IEC 42001 8.x",
+            "NIST AI RMF Manage 2.x",
+            "SR 11-7 III.A"
+          ]
+        },
+        {
+          "id": "M2-S2",
+          "title": "GitHub Actions / GitLab CI Reference",
+          "content": [
+            "Workflow file `.github/workflows/ai-gov-gates.yml` enforces G0-G4 with required status checks.",
+            "OIDC-only deploy: no long-lived secrets; cosign keyless signing.",
+            "Branch protection: G3+G4 jobs are required; human approval via CODEOWNERS for /models/*."
+          ]
+        },
+        {
+          "id": "M2-S3",
+          "title": "Deployment Considerations",
+          "content": [
+            "Per-jurisdiction job matrix: EU/UK/US/SG/HK; each runs the regime-specific OPA bundle.",
+            "Air-gapped variant for Tier-1 G-SIBs uses self-hosted runners + private Sigstore (Rekor mirror).",
+            "Failed gates emit `gate.failed` Kafka event, blocked deploy + PagerDuty SEV-2 if recurrent."
+          ]
+        },
+        {
+          "id": "M2-S4",
+          "title": "Gate-to-Regime Traceability",
+          "content": [
+            "G1 → ISO/IEC 42001 §8.4 (operational planning)",
+            "G2 → NIST AI RMF Map 2.1, EU AI Act Art 12 (record-keeping)",
+            "G3 → EU AI Act Art 9 (risk mgmt) + Art 10 (data) + SR 11-7 III.B (model validation)",
+            "G4 → EU AI Act Art 14 (human oversight) + ISO/IEC 42001 §9.3 (mgmt review)"
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M3",
+      "title": "M3 — Tier 1: Kubernetes + Kafka + OPA Runtime Control Stack",
+      "summary": "Hardened K8s clusters with OPA Gatekeeper admission, Istio mTLS, Kafka WORM audit topics with ACL governance, governance side-cars, and Next.js explainability front-ends.",
+      "sections": [
+        {
+          "id": "M3-S1",
+          "title": "Cluster Topology",
+          "content": [
+            "Per-jurisdiction K8s clusters (EU-WEST, US-EAST, APAC-SG, APAC-HK, UK).",
+            "Three node pools: model-serving (GPU/TPU, taints), governance-control (CPU), audit-edge (CPU + ephemeral storage).",
+            "PSP/PSA = restricted; runtimeClass = gVisor/Kata for high-risk models."
+          ]
+        },
+        {
+          "id": "M3-S2",
+          "title": "OPA Gatekeeper Admission",
+          "content": [
+            "ConstraintTemplates: K8sRequiredLabels (ai.system.id), K8sBlockUnsignedImages, K8sRequireModelCardCM, K8sRequireSidecarGov.",
+            "Audit interval: 60s; sync replication into Tier-2 ledger every 5 min.",
+            "Mutation webhook injects governance side-car (gov-sidecar:1.4) into every AI Pod."
+          ]
+        },
+        {
+          "id": "M3-S3",
+          "title": "Kafka WORM Audit Topics + ACLs",
+          "content": [
+            "Topics: `gov.decision.envelope`, `gov.incident`, `gov.attestation`, `gov.kpi`, `gov.policy.violation`.",
+            "Compaction OFF, log.retention.ms=immutable (broker-level WORM via tiered storage to S3 Object Lock COMPLIANCE).",
+            "ACL governance: only `gov-svc` principal may produce; `audit-svc` and `ledger-svc` may consume; ACL changes require dual-control + OPA review."
+          ]
+        },
+        {
+          "id": "M3-S4",
+          "title": "Service Mesh & Sidecars",
+          "content": [
+            "Istio mTLS STRICT; AuthorizationPolicy per AI system ID.",
+            "Governance side-car (Node 20 / Python 3.12) intercepts inference requests, signs Decision Envelope, publishes to `gov.decision.envelope`.",
+            "Next.js explainability front-end consumes envelopes via authenticated WebSocket and renders SHAP/LIME + counterfactuals."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M4",
+      "title": "M4 — Tier 1: Terraform-Deployed Golden Environments",
+      "summary": "Versioned, OPA-validated Terraform modules deploying golden AI environments per jurisdiction with WORM storage, KMS, observability, and supervisory exfil endpoints.",
+      "sections": [
+        {
+          "id": "M4-S1",
+          "title": "Module Catalog",
+          "content": [
+            "tf-modules/ai-cluster (EKS/GKE/AKS variants)",
+            "tf-modules/ai-kafka (MSK/Confluent + Object Lock)",
+            "tf-modules/ai-opa (Gatekeeper + bundle server)",
+            "tf-modules/ai-ledger-anchor (KMS + Rekor mirror)",
+            "tf-modules/ai-supervisor-vpn (Treaty Authority readonly access)"
+          ]
+        },
+        {
+          "id": "M4-S2",
+          "title": "Policy-as-Code in Plan Phase",
+          "content": [
+            "`terraform plan -out` → `conftest test` against `policy/iac/*.rego` → fail on: public S3, KMS rotation off, missing tags (ai.system.id, jurisdiction, sensitivity).",
+            "Atlantis or Terraform Cloud Sentinel hard-mandatory for prod workspaces."
+          ]
+        },
+        {
+          "id": "M4-S3",
+          "title": "Golden Environment Specifications",
+          "content": [
+            "Tagging: ai.system.id, model.version, regime, criticality, owner.team, retention.years.",
+            "Encryption: CMK per jurisdiction; envelope encryption for model artifacts; HSM-backed for SR 11-7 Tier-1 models.",
+            "Observability: Prometheus + Tempo + Loki + OpenTelemetry; SLO burn alerts wired to SEV escalation."
+          ]
+        },
+        {
+          "id": "M4-S4",
+          "title": "Deployment Considerations",
+          "content": [
+            "Drift detection every 15 min (driftctl) → Tier-2 ledger event if drift > threshold.",
+            "Disaster recovery: cross-region replicated WORM bucket + ledger snapshots; RPO ≤ 5 min, RTO ≤ 30 min.",
+            "Sovereign-cloud variants for EU (Gaia-X), CN (CMG), IN (MeghRaj)."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M5",
+      "title": "M5 — Tier 1: OPA/Rego Policy Enforcement Library (48 policies)",
+      "summary": "Catalogued OPA bundles spanning IaC, K8s admission, CI/CD, runtime decisions, and data-rights enforcement with explicit regime mapping.",
+      "sections": [
+        {
+          "id": "M5-S1",
+          "title": "Bundle Layout",
+          "content": [
+            "bundles/iac (12 policies)",
+            "bundles/k8s-admission (10 policies)",
+            "bundles/cicd-gates (8 policies)",
+            "bundles/runtime-decisions (12 policies, e.g., FCRA adverse-action eligibility)",
+            "bundles/data-rights (6 policies, GDPR Art 22 / 35 enforcement)"
+          ]
+        },
+        {
+          "id": "M5-S2",
+          "title": "Sample Policy → Regime Mapping (subset)",
+          "content": [
+            "POL-CICD-002 require_model_card → ISO/IEC 42001 §7.5, EU AI Act Art 11",
+            "POL-RT-007 fcra_adverse_action_required → FCRA §615(a), ECOA Reg B",
+            "POL-RT-011 gdpr_art22_human_review → GDPR Art 22(3)",
+            "POL-K8S-004 require_signed_image → SLSA L3, NIST SSDF PO.5",
+            "POL-IAC-009 worm_object_lock → BCBS 239 §3 (data integrity)"
+          ]
+        },
+        {
+          "id": "M5-S3",
+          "title": "Decision API & Latency Budget",
+          "content": [
+            "OPA sidecar p99 ≤ 8 ms; bundle refresh every 60 s with HMAC + Cosign signature verification.",
+            "Decision logs streamed to `gov.decision.envelope` Kafka topic; sampled at 100% for high-risk models, 10% otherwise."
+          ]
+        },
+        {
+          "id": "M5-S4",
+          "title": "Tier-2 / Tier-3 Hooks",
+          "content": [
+            "Each rule carries `metadata.sacilPrinciple` (e.g., `consent`, `non-domination`, `proportionality`).",
+            "Aggregate rule firings feed Tier-3 UGL conformance scoring (M13)."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M6",
+      "title": "M6 — Tier 2: Basel-Style AI Stress Tests & Capital Overlay",
+      "summary": "Annual + on-demand AI stress test framework producing capital overlays, fed back into Pillar 2 ICAAP and aligned with PRA SS3/18 + Fed CCAR-style scenarios.",
+      "sections": [
+        {
+          "id": "M6-S1",
+          "title": "Scenario Library (12 scenarios)",
+          "content": [
+            "S1 Severe macro + concept drift",
+            "S2 Adversarial prompt injection storm",
+            "S3 Cross-jurisdiction divergence (e.g., EU vs US fairness regimes)",
+            "S4 Vendor model recall (foundation provider revokes weights)",
+            "S5 Data poisoning at retrain horizon",
+            "S6 Liquidity crunch + AI mis-pricing",
+            "S7 Cyber + AI compound (ransomware + model theft)",
+            "S8 GPAI capability jump (frontier T3 emergence)",
+            "S9 Treaty regime fragmentation",
+            "S10 Sanctions surge + KYC-AI false negatives",
+            "S11 Climate transition shock + ESG model drift",
+            "S12 Quantum cryptanalytic break of legacy signing"
+          ]
+        },
+        {
+          "id": "M6-S2",
+          "title": "Methodology",
+          "content": [
+            "Shock vectors injected at data, model, and decision layers.",
+            "Severity grades: mild / adverse / severely adverse, mirroring Fed DFAST.",
+            "Capital overlay = base ICAAP buffer + ΔAI-VaR + interpretability gap penalty."
+          ]
+        },
+        {
+          "id": "M6-S3",
+          "title": "Outputs & Regulator Submission",
+          "content": [
+            "Quarterly stress-pack to Board Risk Committee + supervisor.",
+            "Schema: `aiStressTestResult` (M9).",
+            "PRA SS1/23, SR 15-18, EBA GL/2018/03 alignment columns."
+          ]
+        },
+        {
+          "id": "M6-S4",
+          "title": "Capital Overlay Responsiveness KPI",
+          "content": [
+            "KPI-COR-1: latency from stress event detection to capital overlay update ≤ 5 business days.",
+            "KPI-COR-2: drift-induced overlay reconciliation across jurisdictions ≤ 24h."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M7",
+      "title": "M7 — Tier 2: AI Governance Control Tower",
+      "summary": "Single pane of glass for board, CRO, CISO, CAIO, and supervisors aggregating real-time risk scores, KPIs, incidents, attestations, and treaty status.",
+      "sections": [
+        {
+          "id": "M7-S1",
+          "title": "Architecture",
+          "content": [
+            "Backend: Kafka Streams + Flink → ClickHouse for OLAP; Postgres for entity store.",
+            "API: GraphQL gateway + REST `/api/tier13-fullstack/*`.",
+            "Frontend: React + Next.js, role-aware (Board/CRO/CISO/CAIO/Supervisor)."
+          ]
+        },
+        {
+          "id": "M7-S2",
+          "title": "Component Catalog",
+          "content": [
+            "CT-01 Risk Heatmap (jurisdiction × system)",
+            "CT-02 KPI Gauges (22 supervisory KPIs)",
+            "CT-03 Incident Wall (SEV-0..SEV-3)",
+            "CT-04 Deterministic Audit Replay",
+            "CT-05 Multi-Decision Replay (fairness counterfactuals)",
+            "CT-06 Population Heatmap (protected classes)",
+            "CT-07 Predictive Governance Dashboard",
+            "CT-08 Treaty Compliance Wall",
+            "CT-09 Codex Continuity Panel"
+          ]
+        },
+        {
+          "id": "M7-S3",
+          "title": "Real-Time Risk Score",
+          "content": [
+            "Composite score = Σ wᵢ · KPIᵢ; weights board-approved annually, drift-adaptive.",
+            "Refresh ≤ 10 s for SEV-impacting KPIs; ≤ 60 s otherwise.",
+            "Score breach triggers automated Tier-2 response playbooks."
+          ]
+        },
+        {
+          "id": "M7-S4",
+          "title": "Supervisor Read-Only Tenancy",
+          "content": [
+            "Each supervisor (ECB, Fed, PRA, MAS, HKMA) gets a tenant view with watermarked exports.",
+            "Joint Supervisory Operating Protocol (JSOP) message bus integrated."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M8",
+      "title": "M8 — Tier 2/3: Global AI Governance Ledger with Streaming Attestations",
+      "summary": "Append-only, cryptographically-anchored ledger uniting enterprise AIGL with the Multi-Civilizational Intergovernmental Ledger (MCIGL); supports real-time streaming attestations and zero-knowledge proofs.",
+      "sections": [
+        {
+          "id": "M8-S1",
+          "title": "Ledger Architecture",
+          "content": [
+            "Per-firm AIGL: hash-chained Postgres + Merkle tree, anchored hourly to Rekor + public blockchain (Sigstore) + MCIGL.",
+            "MCIGL: federated DAG across G-SIFI consortium + supervisors + treaty authority; consensus via HotStuff-BFT.",
+            "Hybrid signing: Ed25519 + Dilithium3 (post-quantum)."
+          ]
+        },
+        {
+          "id": "M8-S2",
+          "title": "Attestation Streaming",
+          "content": [
+            "Stream: `gov.attestation` Kafka topic, schema `attestationEvent`.",
+            "Backpressure-safe; downstream supervisor consumers pull via authenticated gRPC stream.",
+            "Latency p95 ≤ 2 s end-to-end."
+          ]
+        },
+        {
+          "id": "M8-S3",
+          "title": "Zero-Knowledge Proofs",
+          "content": [
+            "ZK-SNARK proofs of property compliance (e.g., AIR ≥ 0.85) without revealing protected data.",
+            "Prover: gnark / circom; Verifier embedded in MCIGL nodes.",
+            "Use case: cross-border fairness attestation without GDPR data transfer."
+          ]
+        },
+        {
+          "id": "M8-S4",
+          "title": "Ledger-to-Regime Trace",
+          "content": [
+            "Every entry references control_id, regime_refs[], sacilPrinciple, uglAxiom.",
+            "Regulator query → ZK proof or full evidence with audit trail."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M9",
+      "title": "M9 — Tier 2: Autonomous Supervisory Agents & Negotiation Protocols",
+      "summary": "Sandboxed autonomous agents acting on behalf of supervisors and the firm, communicating via the JSOP message bus and negotiating remediation under formal protocols.",
+      "sections": [
+        {
+          "id": "M9-S1",
+          "title": "Agent Roster",
+          "content": [
+            "ASA-Reg (regulator agent, read-only + query)",
+            "ASA-Firm (firm agent, evidence producer)",
+            "ASA-Treaty (treaty authority arbiter)",
+            "ASA-SafetyInst (AI Safety Institute observer)",
+            "ASA-Audit (independent audit agent, third line)"
+          ]
+        },
+        {
+          "id": "M9-S2",
+          "title": "Negotiation Protocol (NP-1 \"Remediation Handshake\")",
+          "content": [
+            "Phase 1 Discovery: ASA-Reg issues structured query (JSOP envelope).",
+            "Phase 2 Disclosure: ASA-Firm responds with evidence bundle + ZK proofs.",
+            "Phase 3 Triangulation: ASA-Audit corroborates, ASA-Treaty observes.",
+            "Phase 4 Remediation: agreed plan signed by CAIO+CRO+ASA-Reg, anchored to AIGL.",
+            "Phase 5 Closure: ASA-SafetyInst certifies; codex inscription."
+          ]
+        },
+        {
+          "id": "M9-S3",
+          "title": "Sandboxing & Containment",
+          "content": [
+            "Agents run in gVisor + seccomp profiles, no outbound network except JSOP bus.",
+            "Capability tokens (macaroons) scope each action; revocable in ≤ 60 s.",
+            "Kill-switch: ASA-Treaty + Board joint signature."
+          ]
+        },
+        {
+          "id": "M9-S4",
+          "title": "JSOP Message Schema (jsopMessage)",
+          "content": [
+            "Fields: msgId, ts, sender, recipients[], intent, payload, signatures[], ledgerAnchor, ethicalHash.",
+            "All messages double-signed (Ed25519 + Dilithium3) and anchored to MCIGL within 5 s."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M10",
+      "title": "M10 — Tier 2/3: AI Treaty Enforcement & Legal Harmonization Layer",
+      "summary": "Codifies multilateral AI treaties (CoE Framework Convention, Bletchley/Seoul/Paris declarations) into machine-enforceable clauses harmonized with national/regional law.",
+      "sections": [
+        {
+          "id": "M10-S1",
+          "title": "Treaty Clause Catalog (18 clauses)",
+          "content": [
+            "TC-01 Frontier model evaluation pre-deployment",
+            "TC-02 Catastrophic risk reporting (≤72h)",
+            "TC-03 Compute reporting threshold (10^25 FLOP)",
+            "TC-04 Cross-border incident notification",
+            "TC-05 Independent third-party audits",
+            "TC-06 Human oversight non-derogable",
+            "TC-07 Open evaluation participation",
+            "TC-08 Sanctions/dual-use export control",
+            "TC-09 Critical-infrastructure protection",
+            "TC-10 Data-protection mutual recognition",
+            "TC-11 Rights-impact assessment",
+            "TC-12 Whistleblower protection",
+            "…"
+          ]
+        },
+        {
+          "id": "M10-S2",
+          "title": "Harmonization Matrix",
+          "content": [
+            "Each clause mapped to: EU AI Act articles, NIST RMF subcategories, ISO/IEC 42001 controls, GDPR articles, Basel/SR 11-7 paragraphs, and SACIL/MCIGL/UGL principles.",
+            "Conflicts resolved by `harmonizationRule` (most-protective-prevails by default; treaty override possible)."
+          ]
+        },
+        {
+          "id": "M10-S3",
+          "title": "Enforcement Path",
+          "content": [
+            "Treaty clause → Tier-2 policy template → OPA bundle → Tier-1 admission/runtime enforcement.",
+            "Violations: ASA-Treaty arbitration → MCIGL penalty inscription → optional sanctions list."
+          ]
+        },
+        {
+          "id": "M10-S4",
+          "title": "Legal Tech Stack",
+          "content": [
+            "Akoma Ntoso / LegalRuleML for clause representation.",
+            "Lean / TLA+ for formal-verification of critical invariants (e.g., human-oversight non-bypass).",
+            "Smart-contract escrow for cross-border remediation deposits (optional, jurisdiction-permitted)."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M11",
+      "title": "M11 — Tier 3: SACIL — Sovereign AI Civilization Layer",
+      "summary": "Civilizational governance plane embedding sovereign AI principles—consent, non-domination, proportionality, plurality, restorative justice—into all Tier-1/2 decisions.",
+      "sections": [
+        {
+          "id": "M11-S1",
+          "title": "SACIL Principles (12)",
+          "content": [
+            "P1 Consent (informed, revocable)",
+            "P2 Non-Domination",
+            "P3 Proportionality",
+            "P4 Plurality of values",
+            "P5 Restorative Justice (vs purely punitive)",
+            "P6 Inter-Generational Equity",
+            "P7 Ecological Stewardship",
+            "P8 Cultural Continuity",
+            "P9 Cognitive Liberty",
+            "P10 Algorithmic Humility",
+            "P11 Transparency-by-Witness",
+            "P12 Reciprocity Across Borders"
+          ]
+        },
+        {
+          "id": "M11-S2",
+          "title": "Operationalization",
+          "content": [
+            "Each OPA rule MUST cite ≥1 SACIL principle in metadata.",
+            "SACIL conformance score per system = weighted coverage across firings.",
+            "Annual SACIL audit by independent civic body."
+          ]
+        },
+        {
+          "id": "M11-S3",
+          "title": "Civic Interfaces",
+          "content": [
+            "Public Witness Portal: redacted decision summaries + appeal channel.",
+            "Indigenous & minority data sovereignty controls (CARE principles).",
+            "Citizen jury sampling for high-impact systems."
+          ]
+        },
+        {
+          "id": "M11-S4",
+          "title": "SACIL → Tier-1 Trace",
+          "content": [
+            "Trace path: SACIL P-x → UGL Axiom A-y → Treaty Clause TC-z → OPA rule POL-…",
+            "Inverse path provable via AIGL/MCIGL queries."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M12",
+      "title": "M12 — Tier 3: MCIGL — Multi-Civilizational Intergovernmental Ledger",
+      "summary": "Federated ledger anchoring inter-jurisdictional and inter-civilizational AI governance commitments, enabling treaty-grade auditability and dispute resolution.",
+      "sections": [
+        {
+          "id": "M12-S1",
+          "title": "Federation Topology",
+          "content": [
+            "Nodes: G-SIFI consortium, supervisors, treaty authority, AI Safety Institutes, civic observers.",
+            "Consensus: HotStuff-BFT with signed checkpoints; quorum diversity rule (≥3 jurisdictions).",
+            "Throughput target: 5,000 attestations/sec; finality ≤ 3 s."
+          ]
+        },
+        {
+          "id": "M12-S2",
+          "title": "Inscription Types",
+          "content": [
+            "Codex chapters, treaty ratifications, supervisory rulings, frontier-model evaluations, civic verdicts."
+          ]
+        },
+        {
+          "id": "M12-S3",
+          "title": "Dispute Resolution",
+          "content": [
+            "On-ledger arbitration via ASA-Treaty + human panel.",
+            "Outcomes binding under treaty; sanctions sequence: warning → remediation deposit → operational restriction → license suspension."
+          ]
+        },
+        {
+          "id": "M12-S4",
+          "title": "Continuity & Resonance Archives",
+          "content": [
+            "Resonance archive: long-form narrative records (codex sealing/renewal/continuity/inscription/resonance).",
+            "Cultural-persistence guarantees: minimum retention 50 years; multi-modal (text, audio, signed video) evidence integrity."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M13",
+      "title": "M13 — Tier 3: UGL — Universal Governance Lattice (Meta-Cosmic)",
+      "summary": "Top-tier abstract lattice of axioms harmonizing all known AI governance frameworks under a single category-theoretic structure suitable for verification and inter-framework translation.",
+      "sections": [
+        {
+          "id": "M13-S1",
+          "title": "UGL Axioms (10)",
+          "content": [
+            "A1 Bounded Capability (no system exceeds sanctioned capability without renewed consent)",
+            "A2 Verifiable Provenance",
+            "A3 Reversibility (every consequential decision is reversible or compensable)",
+            "A4 Pluralistic Alignment",
+            "A5 Humane Interpretability",
+            "A6 Distributive Risk Equity",
+            "A7 Temporal Continuity",
+            "A8 Ecological Coherence",
+            "A9 Epistemic Humility",
+            "A10 Cosmic Stewardship"
+          ]
+        },
+        {
+          "id": "M13-S2",
+          "title": "Category-Theoretic Structure",
+          "content": [
+            "UGL formalized as a poset/lattice of governance properties; each regime is a functor into UGL.",
+            "Inter-framework translation = natural transformations between functors.",
+            "Conformance = existence of monomorphism from regime constraints into UGL axioms."
+          ]
+        },
+        {
+          "id": "M13-S3",
+          "title": "Verification Tooling",
+          "content": [
+            "Lean 4 library `ugl-core` proves invariants (e.g., reversibility ⇒ rollback obligation).",
+            "TLA+ specs for treaty-level state machines.",
+            "Coq port for high-assurance defense/finance variants."
+          ]
+        },
+        {
+          "id": "M13-S4",
+          "title": "UGL Conformance Score",
+          "content": [
+            "Score per system ∈ [0,1]; minimum 0.85 for high-risk; 0.95 for systemic AI.",
+            "Score breach → Tier-2 capital overlay + Tier-3 inscription."
+          ]
+        }
+      ]
+    },
+    {
+      "id": "M14",
+      "title": "M14 — Phased Roadmap, Resource Plan, & Maturity Model (2026-2030)",
+      "summary": "Five-phase deployment plan from Tier-1 foundation (2026) to Tier-3 federation (2029-2030), with FTE/budget envelopes and a 6-tier maturity model.",
+      "sections": [
+        {
+          "id": "M14-S1",
+          "title": "Phases",
+          "content": [
+            "P1 2026 H1 — Tier-1 foundation: CI/CD gates, OPA bundles, K8s+Kafka+Terraform.",
+            "P2 2026 H2 — Tier-1 hardening + first AIGL anchor; Sentinel v2.4 GA.",
+            "P3 2027 — Tier-2 Control Tower + autonomous supervisory agents (pilot with one supervisor).",
+            "P4 2028 — Tier-2 federation: JSOP + treaty clauses live; Basel-style stress tests in production.",
+            "P5 2029-2030 — Tier-3 federation: SACIL audits, MCIGL go-live, UGL conformance scoring."
+          ]
+        },
+        {
+          "id": "M14-S2",
+          "title": "Resource Envelope (per Tier-1 G-SIB)",
+          "content": [
+            "Run-rate: ~180-220 FTE; ~$240-310M/yr by 2028.",
+            "Capex: $180-260M build (2026-2028).",
+            "Vendor mix: cloud, OPA Styra, Confluent, Sigstore, Lean/Coq specialists, civic-audit firms."
+          ]
+        },
+        {
+          "id": "M14-S3",
+          "title": "Maturity Model (M0..M5)",
+          "content": [
+            "M0 Ad-hoc; M1 Documented; M2 Tier-1 Automated; M3 Tier-2 Federated; M4 Tier-3 Treaty-Aligned; M5 UGL-Conformant.",
+            "Self-assessment + independent attestation annually."
+          ]
+        },
+        {
+          "id": "M14-S4",
+          "title": "Strategic Bets 2030",
+          "content": [
+            "Quantum-safe migration complete (hybrid Ed25519 + Dilithium3 default).",
+            "MCIGL adopted by ≥8 supervisors and ≥20 G-SIFIs.",
+            "UGL conformance ≥ 0.92 average across portfolio.",
+            "Public Witness Portal in 12 jurisdictions."
+          ]
+        }
+      ]
+    }
+  ],
+  "schemas": [
+    {
+      "id": "tierMapping",
+      "title": "Tier 1-3 Mapping Record",
+      "fields": [
+        "controlId",
+        "tier",
+        "layer",
+        "regimeRefs",
+        "sacilPrinciple",
+        "uglAxiom"
+      ]
+    },
+    {
+      "id": "decisionEnvelope",
+      "title": "Decision Envelope (per AI decision)",
+      "fields": [
+        "envelopeId",
+        "ts",
+        "systemId",
+        "input",
+        "output",
+        "explanations",
+        "fairness",
+        "policyDecisions",
+        "signatures"
+      ]
+    },
+    {
+      "id": "policyDecision",
+      "title": "OPA Policy Decision",
+      "fields": [
+        "policyId",
+        "result",
+        "controlId",
+        "regimeRefs",
+        "latencyMs"
+      ]
+    },
+    {
+      "id": "attestationEvent",
+      "title": "Streaming Attestation",
+      "fields": [
+        "attId",
+        "ts",
+        "subject",
+        "claim",
+        "proofType",
+        "ledgerAnchor"
+      ]
+    },
+    {
+      "id": "aiStressTestResult",
+      "title": "Basel-Style AI Stress Test",
+      "fields": [
+        "scenarioId",
+        "severity",
+        "delta_var",
+        "capitalOverlayBps",
+        "submission"
+      ]
+    },
+    {
+      "id": "jsopMessage",
+      "title": "JSOP Inter-Agent Message",
+      "fields": [
+        "msgId",
+        "intent",
+        "payload",
+        "signatures",
+        "ledgerAnchor",
+        "ethicalHash"
+      ]
+    },
+    {
+      "id": "trustContract",
+      "title": "Tier-2 Trust Contract",
+      "fields": [
+        "contractId",
+        "parties",
+        "obligations",
+        "kpiTargets",
+        "expiry"
+      ]
+    },
+    {
+      "id": "treatyClause",
+      "title": "AI Treaty Clause",
+      "fields": [
+        "clauseId",
+        "text",
+        "regimeMapping",
+        "uglAxioms",
+        "harmonizationRule"
+      ]
+    },
+    {
+      "id": "sacilConformance",
+      "title": "SACIL Conformance Record",
+      "fields": [
+        "systemId",
+        "principleScores",
+        "auditorId",
+        "verdict"
+      ]
+    },
+    {
+      "id": "uglConformance",
+      "title": "UGL Conformance Score",
+      "fields": [
+        "systemId",
+        "axiomScores",
+        "compositeScore",
+        "verifierProof"
+      ]
+    },
+    {
+      "id": "codexInscription",
+      "title": "MCIGL Codex Inscription",
+      "fields": [
+        "inscriptionId",
+        "type",
+        "narrative",
+        "signatures",
+        "merkleRoot"
+      ]
+    },
+    {
+      "id": "incident",
+      "title": "SEV-0..SEV-3 Incident",
+      "fields": [
+        "incidentId",
+        "severity",
+        "mttd",
+        "mttr",
+        "rootCause",
+        "remediation",
+        "regulatorNotified"
+      ]
+    }
+  ],
+  "codeExamples": [
+    {
+      "id": "CE-01",
+      "title": "OPA/Rego — require_model_card (Tier-1 CI/CD)",
+      "lang": "rego",
+      "snippet": "package gov.cicd.model_card\n# control_id: CTL-L1-002\n# regime_refs: [\"EU AI Act Art 11\", \"ISO/IEC 42001 §7.5\"]\n# sacilPrinciple: \"P11 Transparency-by-Witness\"\ndeny[msg] {\n  input.kind == \"PullRequest\"\n  not input.files[\"MODEL_CARD.md\"]\n  msg := \"MODEL_CARD.md required (CTL-L1-002)\"\n}"
+    },
+    {
+      "id": "CE-02",
+      "title": "OPA/Rego — fcra_adverse_action (Tier-1 Runtime)",
+      "lang": "rego",
+      "snippet": "package gov.runtime.fcra\n# control_id: CTL-L3-007\n# regime_refs: [\"FCRA §615(a)\", \"ECOA Reg B\"]\ndeny[msg] {\n  input.decision == \"deny_credit\"\n  not input.adverseActionNotice.required\n  msg := \"FCRA adverse-action notice missing (CTL-L3-007)\"\n}"
+    },
+    {
+      "id": "CE-03",
+      "title": "Gatekeeper ConstraintTemplate — K8sRequireSidecarGov",
+      "lang": "yaml",
+      "snippet": "apiVersion: templates.gatekeeper.sh/v1\nkind: ConstraintTemplate\nmetadata: {name: k8srequiresidecargov}\nspec:\n  crd: {spec: {names: {kind: K8sRequireSidecarGov}}}\n  targets:\n  - target: admission.k8s.gatekeeper.sh\n    rego: |\n      package k8srequiresidecargov\n      violation[{\"msg\": msg}] {\n        input.review.kind.kind == \"Pod\"\n        not has_gov_sidecar\n        msg := \"Pod must include gov-sidecar (CTL-L2-014)\"\n      }\n      has_gov_sidecar { input.review.object.spec.containers[_].image == \"registry/gov-sidecar:1.4\" }"
+    },
+    {
+      "id": "CE-04",
+      "title": "Terraform — WORM Bucket with Object Lock",
+      "lang": "hcl",
+      "snippet": "resource \"aws_s3_bucket\" \"audit\" {\n  bucket = \"gov-audit-${var.jurisdiction}\"\n  object_lock_enabled = true\n  tags = { \"ai.system.id\" = \"audit\", jurisdiction = var.jurisdiction, retention.years = \"11\" }\n}\nresource \"aws_s3_bucket_object_lock_configuration\" \"audit\" {\n  bucket = aws_s3_bucket.audit.id\n  rule { default_retention { mode = \"COMPLIANCE\" years = 11 } }\n}"
+    },
+    {
+      "id": "CE-05",
+      "title": "GitHub Actions — G3 Stress + Fairness Gate",
+      "lang": "yaml",
+      "snippet": "name: ai-gov-gates\non: [pull_request]\njobs:\n  g3-pre-prod:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@v4\n    - run: pip install fairlearn helm-eval\n    - run: python scripts/fairness_check.py --air-min 0.85\n    - run: python scripts/stress_pack.py --pack basel-ai-12\n    - run: conftest test --policy bundles/cicd-gates"
+    },
+    {
+      "id": "CE-06",
+      "title": "Hybrid Ed25519 + Dilithium3 Signer (Python)",
+      "lang": "python",
+      "snippet": "from nacl.signing import SigningKey\nfrom pqcrypto.sign.dilithium3 import generate_keypair, sign\ndef hybrid_sign(msg: bytes, ed_sk: SigningKey, pq_sk: bytes) -> dict:\n    return {\n      \"ed25519\": ed_sk.sign(msg).signature.hex(),\n      \"dilithium3\": sign(pq_sk, msg).hex(),\n    }"
+    },
+    {
+      "id": "CE-07",
+      "title": "Kafka WORM Topic Config + ACL",
+      "lang": "shell",
+      "snippet": "kafka-topics --create --topic gov.decision.envelope \\\n  --partitions 24 --replication-factor 3 \\\n  --config retention.ms=-1 --config cleanup.policy=delete \\\n  --config min.insync.replicas=2\nkafka-acls --add --producer --topic gov.decision.envelope --allow-principal User:gov-svc\nkafka-acls --add --consumer --topic gov.decision.envelope --group ledger --allow-principal User:ledger-svc"
+    },
+    {
+      "id": "CE-08",
+      "title": "TLA+ — Human Oversight Non-Bypass Invariant",
+      "lang": "tla",
+      "snippet": "---- MODULE HumanOversight ----\nVARIABLE state, decisions\nHumanReviewed(d) == d.review = \"human\"\nNonBypass == \\A d \\in decisions: d.impact = \"high\" => HumanReviewed(d)\nSpec == Init /\\ [][Next]_<<state, decisions>> /\\ []NonBypass\n===="
+    },
+    {
+      "id": "CE-09",
+      "title": "Lean 4 — Reversibility ⇒ Rollback Obligation",
+      "lang": "lean",
+      "snippet": "structure Decision where\n  id : String\n  reversible : Bool\n  rollbackPlan : Option String\ntheorem reversibility_implies_plan\n  (d : Decision) (h : d.reversible = true) : d.rollbackPlan.isSome := by\n  -- enforced at policy time; proof obligation discharged by registry"
+    },
+    {
+      "id": "CE-10",
+      "title": "ZK-SNARK Fairness Proof (gnark-style)",
+      "lang": "go",
+      "snippet": "type FairnessCircuit struct { AIR frontend.Variable; Threshold frontend.Variable `gnark:\",public\"` }\nfunc (c *FairnessCircuit) Define(api frontend.API) error {\n  api.AssertIsLessOrEqual(c.Threshold, c.AIR)\n  return nil\n}"
+    },
+    {
+      "id": "CE-11",
+      "title": "JSOP Message Envelope (JSON)",
+      "lang": "json",
+      "snippet": "{\n  \"msgId\": \"jsop-2027-04-12-0001\",\n  \"ts\": \"2027-04-12T09:14:22Z\",\n  \"sender\": \"ASA-Reg/ECB\",\n  \"recipients\": [\"ASA-Firm/BANK-X\"],\n  \"intent\": \"discovery.fairness\",\n  \"payload\": {\"system\": \"credit-uw-eu-1\", \"window\": \"2027Q1\"},\n  \"signatures\": {\"ed25519\": \"...\", \"dilithium3\": \"...\"},\n  \"ledgerAnchor\": \"mcigl://block/812441/tx/0xabc\",\n  \"ethicalHash\": \"ugl:A4,A5;sacil:P3,P11\"\n}"
+    },
+    {
+      "id": "CE-12",
+      "title": "Predictive Governance Dashboard — React KPI Gauge",
+      "lang": "tsx",
+      "snippet": "export function KpiGauge({label, value, target}:{label:string; value:number; target:number}) {\n  const pct = Math.min(100, (value/target)*100);\n  const ok = value >= target;\n  return (<div className=\"rounded-2xl shadow p-4\">\n    <div className=\"text-sm opacity-70\">{label}</div>\n    <div className={`text-3xl font-semibold ${ok?\"text-emerald-600\":\"text-rose-600\"}`}>{value.toFixed(2)}</div>\n    <div className=\"h-2 bg-slate-200 rounded\"><div style={{width:`${pct}%`}} className={`h-2 rounded ${ok?\"bg-emerald-500\":\"bg-rose-500\"}`}/></div>\n  </div>);\n}"
+    },
+    {
+      "id": "CE-13",
+      "title": "MCIGL Anchor — Rekor + Merkle",
+      "lang": "python",
+      "snippet": "import hashlib, requests\ndef anchor(payload: bytes) -> dict:\n    digest = hashlib.sha256(payload).hexdigest()\n    r = requests.post(\"https://rekor.sigstore.dev/api/v1/log/entries\",\n                      json={\"kind\":\"hashedrekord\",\"spec\":{\"data\":{\"hash\":{\"algorithm\":\"sha256\",\"value\":digest}}}})\n    return {\"rekorUuid\": r.json()[\"uuid\"], \"digest\": digest}"
+    },
+    {
+      "id": "CE-14",
+      "title": "OPA Bundle Manifest with SACIL/UGL Metadata",
+      "lang": "json",
+      "snippet": "{\n  \"bundleId\": \"gov-runtime-1.7.0\",\n  \"policies\": [\n    {\"id\": \"POL-RT-007\", \"controlId\": \"CTL-L3-007\", \"regime_refs\": [\"FCRA §615(a)\"], \"sacilPrinciple\": \"P5\", \"uglAxiom\": \"A6\"},\n    {\"id\": \"POL-RT-011\", \"controlId\": \"CTL-L3-011\", \"regime_refs\": [\"GDPR Art 22\"], \"sacilPrinciple\": \"P1\", \"uglAxiom\": \"A1\"}\n  ],\n  \"signature\": {\"ed25519\": \"...\", \"dilithium3\": \"...\"}\n}"
+    }
+  ],
+  "caseStudies": [
+    {
+      "id": "CS-01",
+      "title": "EU G-SIB — Tier-1 to Tier-2 in 18 months",
+      "summary": "Established CI/CD gates G0-G4, OPA bundle (38 policies), Sentinel v2.4, Control Tower; first AIGL anchor month 9; Tier-2 federation pilot with ECB month 18.",
+      "outcomes": [
+        "Decision-traceability 99.97%",
+        "MTTR 38 min",
+        "RAG faithfulness 0.94",
+        "AIR 0.88 cross-jurisdiction"
+      ]
+    },
+    {
+      "id": "CS-02",
+      "title": "US BHC — SR 11-7 Federated Validation via MCIGL",
+      "summary": "Deployed federated SR 11-7 model risk validation via MCIGL with Fed + OCC; ZK proofs of fairness without raw data transfer.",
+      "outcomes": [
+        "Validation cycle 6w → 9d",
+        "Capital overlay updates ≤4 BD",
+        "Zero data-residency violations"
+      ]
+    },
+    {
+      "id": "CS-03",
+      "title": "UK SMF24 + PRA SS1/23 — Joint Tier-2 Drill",
+      "summary": "Simulated frontier-model recall (TC-04 + TC-08) using ASA-Reg, ASA-Firm, ASA-Treaty; full negotiation protocol NP-1 executed in sandbox.",
+      "outcomes": [
+        "NP-1 closure 4h12m",
+        "All evidence ZK-attested",
+        "PRA SMF24 sign-off"
+      ]
+    },
+    {
+      "id": "CS-04",
+      "title": "Cross-Border Fairness — EU+SG+HK ZK Attestation",
+      "summary": "Three-jurisdiction credit AI proved AIR ≥ 0.85 to MAS, HKMA, EBA without sharing protected data via MCIGL ZK proofs.",
+      "outcomes": [
+        "3 supervisor sign-offs in 11 days",
+        "Zero GDPR transfers",
+        "UGL score 0.93"
+      ]
+    },
+    {
+      "id": "CS-05",
+      "title": "Frontier T3 Capability Spike — Containment in 42 s",
+      "summary": "GPAI capability evaluation triggered Tier-1 kill-switch + Tier-2 ASA-Treaty arbitration + Tier-3 MCIGL inscription.",
+      "outcomes": [
+        "Containment 42 s",
+        "Treaty TC-01 enforced",
+        "Resonance archive entry sealed"
+      ]
+    },
+    {
+      "id": "CS-06",
+      "title": "Climate-Transition AI Drift — Capital Overlay in 3 BD",
+      "summary": "Scenario S11 ran in production stress harness; mis-pricing detected; ICAAP overlay updated within 3 business days.",
+      "outcomes": [
+        "Δ-VaR captured 92%",
+        "Overlay 18 bps",
+        "Board attestation logged"
+      ]
+    }
+  ],
+  "kpis": [
+    {
+      "id": "KPI-01",
+      "name": "Decision-traceability ratio",
+      "target": "≥ 99.95%"
+    },
+    {
+      "id": "KPI-02",
+      "name": "False-negative detection rate (high-risk systems)",
+      "target": "≤ 0.5%"
+    },
+    {
+      "id": "KPI-03",
+      "name": "Cross-jurisdiction drift reconciliation",
+      "target": "≤ 24h"
+    },
+    {
+      "id": "KPI-04",
+      "name": "Interpretability coverage ratio",
+      "target": "≥ 90%"
+    },
+    {
+      "id": "KPI-05",
+      "name": "Capital-overlay responsiveness",
+      "target": "≤ 5 BD"
+    },
+    {
+      "id": "KPI-06",
+      "name": "Time-to-regulator deployment",
+      "target": "≤ 14 d"
+    },
+    {
+      "id": "KPI-07",
+      "name": "RSP latency",
+      "target": "≤ 30 min"
+    },
+    {
+      "id": "KPI-08",
+      "name": "Control automation",
+      "target": "≥ 95%"
+    },
+    {
+      "id": "KPI-09",
+      "name": "Evidence automation",
+      "target": "≥ 96%"
+    },
+    {
+      "id": "KPI-10",
+      "name": "RAG faithfulness",
+      "target": "≥ 0.92"
+    },
+    {
+      "id": "KPI-11",
+      "name": "Blocked-harm rate",
+      "target": "≥ 99.5%"
+    },
+    {
+      "id": "KPI-12",
+      "name": "PII leakage",
+      "target": "≤ 0.01%"
+    },
+    {
+      "id": "KPI-13",
+      "name": "Fairness AIR",
+      "target": "≥ 0.85"
+    },
+    {
+      "id": "KPI-14",
+      "name": "Adverse-action SLA",
+      "target": "≤ 24h"
+    },
+    {
+      "id": "KPI-15",
+      "name": "Regulator notification (EU AI Act)",
+      "target": "≤ 24h"
+    },
+    {
+      "id": "KPI-16",
+      "name": "MTTD (SEV-1 governance incident)",
+      "target": "≤ 4 min"
+    },
+    {
+      "id": "KPI-17",
+      "name": "MTTR (SEV-1)",
+      "target": "≤ 60 min"
+    },
+    {
+      "id": "KPI-18",
+      "name": "Kinetic kill-switch",
+      "target": "≤ 60 s"
+    },
+    {
+      "id": "KPI-19",
+      "name": "MCIGL attestation latency p95",
+      "target": "≤ 2 s"
+    },
+    {
+      "id": "KPI-20",
+      "name": "UGL conformance score (high-risk avg)",
+      "target": "≥ 0.90"
+    },
+    {
+      "id": "KPI-21",
+      "name": "SACIL principle coverage",
+      "target": "≥ 95%"
+    },
+    {
+      "id": "KPI-22",
+      "name": "Quantum-safe signature coverage",
+      "target": "100% by 2030"
+    }
+  ],
+  "opaPolicies": [
+    {
+      "id": "POL-IAC-009",
+      "tier": "T1",
+      "domain": "iac",
+      "name": "worm_object_lock",
+      "regimeRefs": [
+        "BCBS 239 §3",
+        "EU AI Act Art 12"
+      ],
+      "sacil": "P11",
+      "ugl": "A2"
+    },
+    {
+      "id": "POL-K8S-004",
+      "tier": "T1",
+      "domain": "k8s",
+      "name": "require_signed_image",
+      "regimeRefs": [
+        "NIST SSDF PO.5",
+        "SLSA L3"
+      ],
+      "sacil": "P11",
+      "ugl": "A2"
+    },
+    {
+      "id": "POL-K8S-007",
+      "tier": "T1",
+      "domain": "k8s",
+      "name": "require_gov_sidecar",
+      "regimeRefs": [
+        "ISO/IEC 42001 §8.1"
+      ],
+      "sacil": "P11",
+      "ugl": "A5"
+    },
+    {
+      "id": "POL-CICD-002",
+      "tier": "T1",
+      "domain": "cicd",
+      "name": "require_model_card",
+      "regimeRefs": [
+        "EU AI Act Art 11",
+        "ISO/IEC 42001 §7.5"
+      ],
+      "sacil": "P11",
+      "ugl": "A5"
+    },
+    {
+      "id": "POL-CICD-005",
+      "tier": "T1",
+      "domain": "cicd",
+      "name": "require_dpia",
+      "regimeRefs": [
+        "GDPR Art 35"
+      ],
+      "sacil": "P1",
+      "ugl": "A1"
+    },
+    {
+      "id": "POL-RT-007",
+      "tier": "T1",
+      "domain": "runtime",
+      "name": "fcra_adverse_action_required",
+      "regimeRefs": [
+        "FCRA §615(a)",
+        "ECOA Reg B"
+      ],
+      "sacil": "P5",
+      "ugl": "A6"
+    },
+    {
+      "id": "POL-RT-011",
+      "tier": "T1",
+      "domain": "runtime",
+      "name": "gdpr_art22_human_review",
+      "regimeRefs": [
+        "GDPR Art 22"
+      ],
+      "sacil": "P1",
+      "ugl": "A1"
+    },
+    {
+      "id": "POL-RT-014",
+      "tier": "T1",
+      "domain": "runtime",
+      "name": "fairness_air_min",
+      "regimeRefs": [
+        "EU AI Act Art 10",
+        "ECOA"
+      ],
+      "sacil": "P3",
+      "ugl": "A6"
+    },
+    {
+      "id": "POL-RT-018",
+      "tier": "T1",
+      "domain": "runtime",
+      "name": "kill_switch_capability",
+      "regimeRefs": [
+        "EU AI Act Art 14"
+      ],
+      "sacil": "P2",
+      "ugl": "A1"
+    },
+    {
+      "id": "POL-DR-003",
+      "tier": "T1",
+      "domain": "data-rights",
+      "name": "right_to_explanation",
+      "regimeRefs": [
+        "GDPR Art 22(3)",
+        "EU AI Act Art 13"
+      ],
+      "sacil": "P11",
+      "ugl": "A5"
+    },
+    {
+      "id": "POL-T2-021",
+      "tier": "T2",
+      "domain": "control-tower",
+      "name": "supervisor_readonly_tenancy",
+      "regimeRefs": [
+        "SR 11-7 III.C"
+      ],
+      "sacil": "P11",
+      "ugl": "A2"
+    },
+    {
+      "id": "POL-T3-005",
+      "tier": "T3",
+      "domain": "ugl",
+      "name": "reversibility_obligation",
+      "regimeRefs": [
+        "UGL A3",
+        "EU AI Act Art 9"
+      ],
+      "sacil": "P5",
+      "ugl": "A3"
+    }
+  ],
+  "treatyClauses": [
+    {
+      "id": "TC-01",
+      "name": "Frontier model pre-deployment evaluation",
+      "regimes": [
+        "EU AI Act Art 55",
+        "Bletchley/Seoul"
+      ],
+      "ugl": [
+        "A1",
+        "A9"
+      ]
+    },
+    {
+      "id": "TC-02",
+      "name": "Catastrophic risk reporting ≤ 72h",
+      "regimes": [
+        "EU AI Act Art 55(1)(c)"
+      ],
+      "ugl": [
+        "A1",
+        "A7"
+      ]
+    },
+    {
+      "id": "TC-03",
+      "name": "Compute reporting ≥ 10^25 FLOP",
+      "regimes": [
+        "US EO 14110",
+        "EU AI Act"
+      ],
+      "ugl": [
+        "A1",
+        "A2"
+      ]
+    },
+    {
+      "id": "TC-06",
+      "name": "Human oversight non-derogable",
+      "regimes": [
+        "EU AI Act Art 14",
+        "GDPR Art 22"
+      ],
+      "ugl": [
+        "A1",
+        "A5"
+      ]
+    },
+    {
+      "id": "TC-10",
+      "name": "Data-protection mutual recognition",
+      "regimes": [
+        "GDPR",
+        "Convention 108+"
+      ],
+      "ugl": [
+        "A2",
+        "A6"
+      ]
+    },
+    {
+      "id": "TC-11",
+      "name": "Rights-impact assessment",
+      "regimes": [
+        "EU AI Act Art 27",
+        "CoE Framework"
+      ],
+      "ugl": [
+        "A4",
+        "A6"
+      ]
+    }
+  ],
+  "traceability": {
+    "examples": [
+      {
+        "regime": "EU AI Act Art 14 (Human oversight)",
+        "control": "CTL-L3-018",
+        "opaPolicy": "POL-RT-018",
+        "sacil": "P2 Non-Domination",
+        "ugl": "A1 Bounded Capability",
+        "treaty": "TC-06"
+      },
+      {
+        "regime": "GDPR Art 22 (Automated decisions)",
+        "control": "CTL-L3-011",
+        "opaPolicy": "POL-RT-011",
+        "sacil": "P1 Consent",
+        "ugl": "A1 Bounded Capability",
+        "treaty": "TC-06"
+      },
+      {
+        "regime": "FCRA §615(a) (Adverse action)",
+        "control": "CTL-L3-007",
+        "opaPolicy": "POL-RT-007",
+        "sacil": "P5 Restorative Justice",
+        "ugl": "A6 Distributive Risk Equity"
+      },
+      {
+        "regime": "Basel III BCBS 239",
+        "control": "CTL-L2-009",
+        "opaPolicy": "POL-IAC-009",
+        "sacil": "P11 Transparency-by-Witness",
+        "ugl": "A2 Verifiable Provenance"
+      },
+      {
+        "regime": "SR 11-7 III.B (Validation)",
+        "control": "CTL-L3-022",
+        "opaPolicy": "POL-T2-022",
+        "sacil": "P10 Algorithmic Humility",
+        "ugl": "A9 Epistemic Humility"
+      },
+      {
+        "regime": "ISO/IEC 42001 §9.3",
+        "control": "CTL-L4-031",
+        "opaPolicy": "POL-CICD-031",
+        "sacil": "P11",
+        "ugl": "A2"
+      },
+      {
+        "regime": "NIST AI RMF Manage 2.x",
+        "control": "CTL-L4-040",
+        "opaPolicy": "POL-CICD-040",
+        "sacil": "P3",
+        "ugl": "A6"
+      }
+    ]
+  },
+  "deploymentConsiderations": [
+    "Sovereign cloud variants per jurisdiction (Gaia-X EU, CMG CN, MeghRaj IN).",
+    "Air-gapped Tier-1 G-SIB profile uses self-hosted Sigstore + Rekor mirror.",
+    "Quantum-safe migration by 2030 using hybrid Ed25519 + Dilithium3 across all signing surfaces.",
+    "Resilience: cross-region replicated WORM, RPO ≤ 5 min, RTO ≤ 30 min.",
+    "Cost optimization: spot/interruptible nodes for non-prod; reserved for governance-critical paths.",
+    "Compliance hard-mandatory mode for production workspaces (Sentinel/Gatekeeper deny-by-default).",
+    "Independent civic auditors required for SACIL annual audits.",
+    "Treaty Authority VPN read-only access (no inbound from supervisors except via JSOP)."
+  ],
+  "executiveSummary": {
+    "purpose": "Collapse the full-stack AI governance ontology for G-SIFIs into a tractable Tier 1-3 enterprise blueprint deployable across 2026-2030.",
+    "approach": "Three tiers (Operational, Enterprise/Supervisory, Civilizational/Meta-Cosmic) with bidirectional traceability — atomic OPA rules ↔ regime articles ↔ SACIL principles ↔ UGL axioms.",
+    "deliverables": "14 modules, 56 sections, 12 schemas, 14 code examples, 6 case studies, 92 API routes, 380 controls, 22 KPIs, 48 OPA policies, 18 treaty clauses.",
+    "outcomes": [
+      "Regulator-ready evidence at <2s attestation latency.",
+      "Zero-knowledge cross-border fairness proofs without GDPR transfers.",
+      "Capital overlays updated within 5 BD of stress events.",
+      "Frontier kill-switch ≤ 60 s with treaty-grade inscription.",
+      "UGL conformance ≥ 0.90 average for high-risk systems by 2030."
+    ]
+  }
+}
diff --git a/rag-agentic-dashboard/gen-tier13-fullstack-html.py b/rag-agentic-dashboard/gen-tier13-fullstack-html.py
new file mode 100644
index 0000000..bd42924
--- /dev/null
+++ b/rag-agentic-dashboard/gen-tier13-fullstack-html.py
@@ -0,0 +1,228 @@
+#!/usr/bin/env python3
+"""WP-041 — TIER13-FULLSTACK HTML dashboard renderer."""
+import json, html
+from pathlib import Path
+
+ROOT = Path(__file__).parent
+SRC = ROOT / "data" / "tier13-fullstack.json"
+OUT = ROOT / "public" / "tier13-fullstack.html"
+
+D = json.loads(SRC.read_text())
+
+def esc(s):
+    return html.escape(str(s)) if s is not None else ""
+
+def render_list(items):
+    return "<ul>" + "".join(f"<li>{esc(i)}</li>" for i in (items or [])) + "</ul>"
+
+def render_kv(d):
+    if not isinstance(d, dict): return esc(d)
+    return "<table class='kv'>" + "".join(
+        f"<tr><th>{esc(k)}</th><td>{render_value(v)}</td></tr>" for k,v in d.items()
+    ) + "</table>"
+
+def render_value(v):
+    if isinstance(v, dict): return render_kv(v)
+    if isinstance(v, list):
+        if v and isinstance(v[0], dict):
+            return "<ol>" + "".join(f"<li>{render_kv(x)}</li>" for x in v) + "</ol>"
+        return render_list(v)
+    return esc(v)
+
+# Modules
+mods_html = []
+for m in D["modules"]:
+    secs = []
+    for s in m["sections"]:
+        body = []
+        for k,v in s.items():
+            if k in ("id","title"): continue
+            body.append(f"<div class='field'><strong>{esc(k)}:</strong> {render_value(v)}</div>")
+        secs.append(f"<details class='sec'><summary><b>{esc(s['id'])}</b> — {esc(s['title'])}</summary>{''.join(body)}</details>")
+    mods_html.append(f"""
+    <article class='module' id='{esc(m['id'])}'>
+      <h3>{esc(m['title'])}</h3>
+      <p class='summary'>{esc(m.get('summary',''))}</p>
+      {''.join(secs)}
+    </article>""")
+
+# KPIs
+kpi_rows = "".join(
+    f"<tr><td>{esc(k['id'])}</td><td>{esc(k['name'])}</td><td><b>{esc(k['target'])}</b></td></tr>"
+    for k in D["kpis"]
+)
+
+# OPA Policies
+opa_rows = "".join(
+    f"<tr><td>{esc(p['id'])}</td><td>{esc(p['tier'])}</td><td>{esc(p['domain'])}</td><td>{esc(p['name'])}</td>"
+    f"<td>{esc(', '.join(p['regimeRefs']))}</td><td>{esc(p['sacil'])}</td><td>{esc(p['ugl'])}</td></tr>"
+    for p in D["opaPolicies"]
+)
+
+# Schemas
+schema_rows = "".join(
+    f"<tr><td>{esc(s['id'])}</td><td>{esc(s['title'])}</td><td>{esc(', '.join(s['fields']))}</td></tr>"
+    for s in D["schemas"]
+)
+
+# Code
+code_html = "".join(
+    f"<details class='code'><summary><b>{esc(c['id'])}</b> — {esc(c['title'])} <i>({esc(c['lang'])})</i></summary><pre>{esc(c['snippet'])}</pre></details>"
+    for c in D["codeExamples"]
+)
+
+# Cases
+case_html = "".join(
+    f"<article class='case'><h4>{esc(c['id'])} — {esc(c['title'])}</h4><p>{esc(c['summary'])}</p>{render_list(c['outcomes'])}</article>"
+    for c in D["caseStudies"]
+)
+
+# Traceability
+trace_rows = "".join(
+    f"<tr><td>{esc(t.get('regime',''))}</td><td>{esc(t.get('control',''))}</td><td>{esc(t.get('opaPolicy',''))}</td>"
+    f"<td>{esc(t.get('sacil',''))}</td><td>{esc(t.get('ugl',''))}</td><td>{esc(t.get('treaty',''))}</td></tr>"
+    for t in D["traceability"]["examples"]
+)
+
+# Treaties
+treaty_rows = "".join(
+    f"<tr><td>{esc(t['id'])}</td><td>{esc(t['name'])}</td><td>{esc(', '.join(t['regimes']))}</td><td>{esc(', '.join(t['ugl']))}</td></tr>"
+    for t in D["treatyClauses"]
+)
+
+HTML = f"""<!doctype html>
+<html lang="en"><head>
+<meta charset="utf-8"/>
+<meta name="viewport" content="width=device-width,initial-scale=1"/>
+<title>{esc(D['title'])} — {esc(D['docRef'])}</title>
+<style>
+  :root {{ --bg:#0b1220; --panel:#111a2c; --ink:#e6edf7; --muted:#9aa7c2; --accent:#6ea8fe; --good:#34d399; --warn:#fbbf24; --bad:#f87171; }}
+  * {{ box-sizing:border-box }}
+  body {{ margin:0; background:var(--bg); color:var(--ink); font:14px/1.55 ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto }}
+  header {{ padding:24px 32px; background:linear-gradient(135deg,#0b1220,#152346); border-bottom:1px solid #1c2742 }}
+  header h1 {{ margin:0 0 4px; font-size:22px }}
+  header .meta {{ color:var(--muted); font-size:12px }}
+  nav {{ position:sticky; top:0; background:rgba(11,18,32,.92); backdrop-filter:blur(8px); padding:10px 16px; border-bottom:1px solid #1c2742; z-index:9; display:flex; flex-wrap:wrap; gap:6px }}
+  nav a {{ color:var(--accent); text-decoration:none; padding:4px 10px; border-radius:999px; font-size:12px; border:1px solid #1c2742 }}
+  nav a:hover {{ background:#162446 }}
+  main {{ padding:24px 32px; max-width:1280px; margin:0 auto }}
+  section.block {{ background:var(--panel); border:1px solid #1c2742; border-radius:14px; padding:18px 22px; margin:18px 0 }}
+  section.block h2 {{ margin:0 0 12px; font-size:18px; color:var(--accent) }}
+  table {{ width:100%; border-collapse:collapse; font-size:13px }}
+  th, td {{ text-align:left; padding:8px 10px; border-bottom:1px solid #1c2742; vertical-align:top }}
+  th {{ background:#0e1730; color:var(--muted); font-weight:600 }}
+  table.kv {{ font-size:12px }}
+  table.kv th {{ width:30%; background:#0a1226 }}
+  pre {{ background:#070d1d; color:#cfe2ff; padding:12px; border-radius:10px; overflow:auto; font-size:12px }}
+  .pill {{ display:inline-block; padding:2px 10px; border-radius:999px; background:#162446; color:var(--ink); font-size:11px; margin:2px 4px 2px 0 }}
+  details {{ background:#0e1730; border:1px solid #1c2742; border-radius:10px; padding:8px 12px; margin:6px 0 }}
+  details summary {{ cursor:pointer; color:var(--ink) }}
+  .grid {{ display:grid; gap:14px }}
+  .grid.k3 {{ grid-template-columns:repeat(3,1fr) }}
+  .grid.k2 {{ grid-template-columns:repeat(2,1fr) }}
+  .stat {{ background:#0e1730; border:1px solid #1c2742; border-radius:12px; padding:14px }}
+  .stat .v {{ font-size:24px; font-weight:700; color:var(--accent) }}
+  .stat .l {{ color:var(--muted); font-size:12px }}
+  article.module {{ background:#0e1730; border:1px solid #1c2742; border-radius:12px; padding:14px; margin:10px 0 }}
+  article.module h3 {{ margin:0 0 4px; color:var(--ink) }}
+  article.module p.summary {{ color:var(--muted); margin:0 0 10px }}
+  .tiers .t {{ display:inline-block; margin:4px 6px 4px 0; padding:6px 10px; border-radius:8px; background:#162446; border:1px solid #233864 }}
+  footer {{ padding:24px 32px; color:var(--muted); font-size:11px; border-top:1px solid #1c2742 }}
+</style>
+</head><body>
+<header>
+  <h1>{esc(D['title'])}</h1>
+  <div class='meta'><b>{esc(D['docRef'])}</b> · v{esc(D['version'])} · {esc(D['horizon'])} · {esc(D['classification'])}</div>
+  <div class='meta'>Owner: {esc(D['owner'])}</div>
+</header>
+<nav>
+  <a href="#summary">Summary</a>
+  <a href="#tiers">Tiers</a>
+  <a href="#modules">Modules</a>
+  <a href="#kpis">KPIs</a>
+  <a href="#opa">OPA Policies</a>
+  <a href="#trace">Traceability</a>
+  <a href="#treaty">Treaty Clauses</a>
+  <a href="#schemas">Schemas</a>
+  <a href="#code">Code</a>
+  <a href="#cases">Case Studies</a>
+  <a href="#deploy">Deployment</a>
+</nav>
+<main>
+
+<section class='block' id='summary'>
+  <h2>Executive Summary</h2>
+  <p><b>Purpose:</b> {esc(D['executiveSummary']['purpose'])}</p>
+  <p><b>Approach:</b> {esc(D['executiveSummary']['approach'])}</p>
+  <p><b>Deliverables:</b> {esc(D['executiveSummary']['deliverables'])}</p>
+  <h4>Outcomes</h4>
+  {render_list(D['executiveSummary']['outcomes'])}
+  <h4>Builds On</h4>
+  <div>{''.join(f"<span class='pill'>{esc(b)}</span>" for b in D['buildsOn'])}</div>
+  <h4>Counts</h4>
+  <div class='grid k3'>
+    {''.join(f"<div class='stat'><div class='v'>{v}</div><div class='l'>{esc(k)}</div></div>" for k,v in D['counts'].items())}
+  </div>
+</section>
+
+<section class='block' id='tiers'>
+  <h2>Three-Tier Ontology</h2>
+  <div class='tiers'>
+    {''.join(f"<div class='t'><b>{k}</b> — {esc(v)}</div>" for k,v in D['tiers'].items())}
+  </div>
+  <h4>Regimes Aligned</h4>
+  <div>{''.join(f"<span class='pill'>{esc(r)}</span>" for r in D['regimes'])}</div>
+</section>
+
+<section class='block' id='modules'>
+  <h2>Modules (14)</h2>
+  {''.join(mods_html)}
+</section>
+
+<section class='block' id='kpis'>
+  <h2>Supervisory KPIs ({len(D['kpis'])})</h2>
+  <table><thead><tr><th>ID</th><th>Name</th><th>Target</th></tr></thead><tbody>{kpi_rows}</tbody></table>
+</section>
+
+<section class='block' id='opa'>
+  <h2>OPA Policy Catalogue (sample {len(D['opaPolicies'])} of 48)</h2>
+  <table><thead><tr><th>ID</th><th>Tier</th><th>Domain</th><th>Name</th><th>Regime Refs</th><th>SACIL</th><th>UGL</th></tr></thead><tbody>{opa_rows}</tbody></table>
+</section>
+
+<section class='block' id='trace'>
+  <h2>Regime → Control → SACIL/UGL Traceability</h2>
+  <table><thead><tr><th>Regime</th><th>Control</th><th>OPA Policy</th><th>SACIL</th><th>UGL</th><th>Treaty</th></tr></thead><tbody>{trace_rows}</tbody></table>
+</section>
+
+<section class='block' id='treaty'>
+  <h2>Treaty Clauses (sample {len(D['treatyClauses'])} of 18)</h2>
+  <table><thead><tr><th>ID</th><th>Name</th><th>Regimes</th><th>UGL Axioms</th></tr></thead><tbody>{treaty_rows}</tbody></table>
+</section>
+
+<section class='block' id='schemas'>
+  <h2>Schemas ({len(D['schemas'])})</h2>
+  <table><thead><tr><th>ID</th><th>Title</th><th>Fields</th></tr></thead><tbody>{schema_rows}</tbody></table>
+</section>
+
+<section class='block' id='code'>
+  <h2>Code Examples ({len(D['codeExamples'])})</h2>
+  {code_html}
+</section>
+
+<section class='block' id='cases'>
+  <h2>Case Studies ({len(D['caseStudies'])})</h2>
+  <div class='grid k2'>{case_html}</div>
+</section>
+
+<section class='block' id='deploy'>
+  <h2>Deployment Considerations</h2>
+  {render_list(D['deploymentConsiderations'])}
+</section>
+
+</main>
+<footer>API prefix: <code>{esc(D['apiPrefix'])}</code> · Generated for {esc(D['docRef'])}</footer>
+</body></html>"""
+
+OUT.parent.mkdir(parents=True, exist_ok=True)
+OUT.write_text(HTML)
+print(f"Generated {OUT} ({OUT.stat().st_size/1024:.1f} KB)")
diff --git a/rag-agentic-dashboard/gen-tier13-fullstack.py b/rag-agentic-dashboard/gen-tier13-fullstack.py
new file mode 100644
index 0000000..f59b454
--- /dev/null
+++ b/rag-agentic-dashboard/gen-tier13-fullstack.py
@@ -0,0 +1,1062 @@
+#!/usr/bin/env python3
+"""
+WP-041 — TIER13-FULLSTACK
+Full-stack AI Governance Ontology for G-SIFIs collapsed into a Tier 1-3
+enterprise blueprint (2026-2030).
+
+Tier 1: Operational/Engineering plane (CI/CD, K8s, Kafka, OPA, Terraform)
+Tier 2: Enterprise/Supervisory plane (Control Tower, ledgers, agents, treaties)
+Tier 3: Civilizational/Meta-Cosmic plane (SACIL, MCIGL, UGL)
+"""
+import json, os, sys
+from pathlib import Path
+
+OUT_JSON = Path(__file__).parent / "data" / "tier13-fullstack.json"
+
+DOC = {
+    "docRef": "TIER13-FULLSTACK-WP-041",
+    "version": "1.0.0",
+    "horizon": "2026-2030",
+    "classification": "CONFIDENTIAL — Board / CRO / CISO / CAIO / Prudential Supervisor / Treaty Authority / AI Safety Institute",
+    "title": "Full-Stack AI Governance Ontology — Tier 1–3 Enterprise Blueprint for G-SIFIs",
+    "subtitle": "From CI/CD Policy Gates to SACIL/MCIGL/UGL Meta-Cosmic Governance (2026-2030)",
+    "owner": "Group CEO + Chief AI Officer (CAIO) — co-signed by CRO, CISO, GC, DPO, Head of Internal Audit, Treaty Liaison",
+    "buildsOn": [
+        "WP-035 ENT-AGI-GOV-MASTER",
+        "WP-036 WFAP-GEMINI-IMPL",
+        "WP-037 GSIFI-AIMS-BLUEPRINT",
+        "WP-038 AGI-REG-RESILIENT",
+        "WP-039 INST-AGI-MASTER",
+        "WP-040 ENT-AGI-REF-IMPL",
+    ],
+    "tiers": {
+        "T1": "Operational/Engineering — CI/CD, K8s, Kafka, OPA, Terraform, golden envs",
+        "T2": "Enterprise/Supervisory — Control Tower, AI Governance Ledger, autonomous supervisory agents, treaty enforcement",
+        "T3": "Civilizational/Meta-Cosmic — SACIL, MCIGL, UGL governance constructs",
+    },
+    "regimes": [
+        "EU AI Act 2026 (High-Risk + GPAI Arts 53/55)",
+        "NIST AI RMF 1.0 (Govern/Map/Measure/Manage)",
+        "ISO/IEC 42001:2023 AIMS",
+        "ISO/IEC 23894 (AI risk)",
+        "ISO/IEC 5338 (AI lifecycle)",
+        "GDPR Art 22, 25, 35",
+        "Basel III/IV (BCBS 239 risk data aggregation)",
+        "SR 11-7 (Fed Model Risk Management)",
+        "PRA SS1/23, FCA Consumer Duty, MAS FEAT, HKMA",
+        "OECD AI Principles 2019",
+        "US EO 14110 + OMB M-24-10",
+        "FCRA/ECOA, GLBA",
+    ],
+    "counts": {
+        "tiers": 3,
+        "modules": 14,
+        "sections": 56,
+        "schemas": 12,
+        "codeExamples": 14,
+        "caseStudies": 6,
+        "apiRoutes": 92,
+        "controls": 380,
+        "kpis": 22,
+        "opaPolicies": 48,
+        "treatyClauses": 18,
+    },
+    "apiPrefix": "/api/tier13-fullstack",
+}
+
+# ============================================================================
+# MODULES
+# ============================================================================
+MODULES = []
+
+# ---------------------------------------------------------------------------
+# M1 — Ontology Collapse: Tier 1-3 Mapping
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M1",
+    "title": "M1 — Full-Stack Ontology Collapse (Tier 1 → Tier 3)",
+    "summary": "Collapses 380 controls and 7 governance layers into a tractable Tier 1-3 ontology with bidirectional traceability from atomic OPA rules up to UGL meta-cosmic principles.",
+    "sections": [
+        {
+            "id": "M1-S1",
+            "title": "Three-Tier Ontology Lattice",
+            "content": [
+                "Tier 1 (Operational): CI/CD gates, container/cluster runtime, message bus, policy engine, IaC.",
+                "Tier 2 (Enterprise/Supervisory): Control Tower, AI Governance Ledger (AIGL), autonomous supervisory agents, AI treaty layer.",
+                "Tier 3 (Civilizational/Meta-Cosmic): SACIL (Sovereign AI Civilization Layer), MCIGL (Multi-Civilizational Intergovernmental Ledger), UGL (Universal Governance Lattice).",
+                "Each tier emits attestations consumable by the tier above; each upper tier emits constraints flowing downward as policy bundles."
+            ],
+            "diagram": [
+                "T3 UGL  ───constraints──▶ T2 Treaty Layer  ───constraints──▶ T1 OPA bundles",
+                "T1 evidence ──attestations▶ T2 Ledger ──proofs──▶ T3 MCIGL/SACIL inscription"
+            ]
+        },
+        {
+            "id": "M1-S2",
+            "title": "Ontology Domains (7 layers collapsed to 3 tiers)",
+            "content": [
+                "L1 Code & Build (T1)",
+                "L2 Runtime & Data (T1)",
+                "L3 Model & Decision (T1↔T2)",
+                "L4 Policy & Control (T2)",
+                "L5 Supervisory & Treaty (T2↔T3)",
+                "L6 Civilizational (T3)",
+                "L7 Meta-Cosmic / UGL (T3)"
+            ]
+        },
+        {
+            "id": "M1-S3",
+            "title": "Traceability Identifiers",
+            "content": [
+                "Control ID format: CTL-<L>-<NNN> (e.g., CTL-L4-021).",
+                "OPA rule binding: package gov.<domain>.<rule>; metadata: control_id, regime_refs[], tier, sacilPrinciple.",
+                "Every Tier-1 PR enforces presence of {control_id, regime_refs[]} in policy metadata via OPA conftest."
+            ]
+        },
+        {
+            "id": "M1-S4",
+            "title": "Cross-Tier Invariants",
+            "content": [
+                "INV-1: No Tier-1 deployment without signed Tier-2 trust contract.",
+                "INV-2: No Tier-2 supervisory message without UGL-aligned ethical hash.",
+                "INV-3: Tier-3 inscriptions are append-only, anchored in Rekor + MCIGL Merkle root.",
+                "INV-4: Drift between tiers > ε triggers SEV-1 reconciliation within 30 minutes."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M2 — Tier 1 CI/CD Policy Gates
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M2",
+    "title": "M2 — Tier 1: CI/CD Policy Gates (Pre-Merge → Pre-Prod → Prod)",
+    "summary": "Five-stage CI/CD gate pipeline enforcing OPA/Rego policies, SBOM, model cards, fairness/robustness scans, and SLSA L3 provenance before any AI artifact reaches a regulated environment.",
+    "sections": [
+        {
+            "id": "M2-S1",
+            "title": "Gate Pipeline (G0..G4)",
+            "content": [
+                "G0 Pre-Commit: secrets scan, lint, license check (OPA conftest).",
+                "G1 Pre-Merge: unit tests, model-card schema, dataset-card schema, OPA policy diff, SBOM (CycloneDX 1.5).",
+                "G2 Build: SLSA L3 provenance (in-toto + Sigstore cosign), reproducible image digest, hybrid Ed25519+Dilithium3 signature.",
+                "G3 Pre-Prod: fairness scan (AIR≥0.85), robustness (HELM-style adversarial), data-protection impact (DPIA), Basel-style stress test pack.",
+                "G4 Prod: human-in-the-loop sign-off (CAIO+CRO), Trust Contract issued, AIGL anchor, Codex inscription."
+            ],
+            "regime_refs": ["EU AI Act Art 9-15", "ISO/IEC 42001 8.x", "NIST AI RMF Manage 2.x", "SR 11-7 III.A"]
+        },
+        {
+            "id": "M2-S2",
+            "title": "GitHub Actions / GitLab CI Reference",
+            "content": [
+                "Workflow file `.github/workflows/ai-gov-gates.yml` enforces G0-G4 with required status checks.",
+                "OIDC-only deploy: no long-lived secrets; cosign keyless signing.",
+                "Branch protection: G3+G4 jobs are required; human approval via CODEOWNERS for /models/*."
+            ]
+        },
+        {
+            "id": "M2-S3",
+            "title": "Deployment Considerations",
+            "content": [
+                "Per-jurisdiction job matrix: EU/UK/US/SG/HK; each runs the regime-specific OPA bundle.",
+                "Air-gapped variant for Tier-1 G-SIBs uses self-hosted runners + private Sigstore (Rekor mirror).",
+                "Failed gates emit `gate.failed` Kafka event, blocked deploy + PagerDuty SEV-2 if recurrent."
+            ]
+        },
+        {
+            "id": "M2-S4",
+            "title": "Gate-to-Regime Traceability",
+            "content": [
+                "G1 → ISO/IEC 42001 §8.4 (operational planning)",
+                "G2 → NIST AI RMF Map 2.1, EU AI Act Art 12 (record-keeping)",
+                "G3 → EU AI Act Art 9 (risk mgmt) + Art 10 (data) + SR 11-7 III.B (model validation)",
+                "G4 → EU AI Act Art 14 (human oversight) + ISO/IEC 42001 §9.3 (mgmt review)"
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M3 — Tier 1 Kubernetes + Kafka + OPA Control Stack
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M3",
+    "title": "M3 — Tier 1: Kubernetes + Kafka + OPA Runtime Control Stack",
+    "summary": "Hardened K8s clusters with OPA Gatekeeper admission, Istio mTLS, Kafka WORM audit topics with ACL governance, governance side-cars, and Next.js explainability front-ends.",
+    "sections": [
+        {
+            "id": "M3-S1",
+            "title": "Cluster Topology",
+            "content": [
+                "Per-jurisdiction K8s clusters (EU-WEST, US-EAST, APAC-SG, APAC-HK, UK).",
+                "Three node pools: model-serving (GPU/TPU, taints), governance-control (CPU), audit-edge (CPU + ephemeral storage).",
+                "PSP/PSA = restricted; runtimeClass = gVisor/Kata for high-risk models."
+            ]
+        },
+        {
+            "id": "M3-S2",
+            "title": "OPA Gatekeeper Admission",
+            "content": [
+                "ConstraintTemplates: K8sRequiredLabels (ai.system.id), K8sBlockUnsignedImages, K8sRequireModelCardCM, K8sRequireSidecarGov.",
+                "Audit interval: 60s; sync replication into Tier-2 ledger every 5 min.",
+                "Mutation webhook injects governance side-car (gov-sidecar:1.4) into every AI Pod."
+            ]
+        },
+        {
+            "id": "M3-S3",
+            "title": "Kafka WORM Audit Topics + ACLs",
+            "content": [
+                "Topics: `gov.decision.envelope`, `gov.incident`, `gov.attestation`, `gov.kpi`, `gov.policy.violation`.",
+                "Compaction OFF, log.retention.ms=immutable (broker-level WORM via tiered storage to S3 Object Lock COMPLIANCE).",
+                "ACL governance: only `gov-svc` principal may produce; `audit-svc` and `ledger-svc` may consume; ACL changes require dual-control + OPA review."
+            ]
+        },
+        {
+            "id": "M3-S4",
+            "title": "Service Mesh & Sidecars",
+            "content": [
+                "Istio mTLS STRICT; AuthorizationPolicy per AI system ID.",
+                "Governance side-car (Node 20 / Python 3.12) intercepts inference requests, signs Decision Envelope, publishes to `gov.decision.envelope`.",
+                "Next.js explainability front-end consumes envelopes via authenticated WebSocket and renders SHAP/LIME + counterfactuals."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M4 — Terraform Golden Environments
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M4",
+    "title": "M4 — Tier 1: Terraform-Deployed Golden Environments",
+    "summary": "Versioned, OPA-validated Terraform modules deploying golden AI environments per jurisdiction with WORM storage, KMS, observability, and supervisory exfil endpoints.",
+    "sections": [
+        {
+            "id": "M4-S1",
+            "title": "Module Catalog",
+            "content": [
+                "tf-modules/ai-cluster (EKS/GKE/AKS variants)",
+                "tf-modules/ai-kafka (MSK/Confluent + Object Lock)",
+                "tf-modules/ai-opa (Gatekeeper + bundle server)",
+                "tf-modules/ai-ledger-anchor (KMS + Rekor mirror)",
+                "tf-modules/ai-supervisor-vpn (Treaty Authority readonly access)"
+            ]
+        },
+        {
+            "id": "M4-S2",
+            "title": "Policy-as-Code in Plan Phase",
+            "content": [
+                "`terraform plan -out` → `conftest test` against `policy/iac/*.rego` → fail on: public S3, KMS rotation off, missing tags (ai.system.id, jurisdiction, sensitivity).",
+                "Atlantis or Terraform Cloud Sentinel hard-mandatory for prod workspaces."
+            ]
+        },
+        {
+            "id": "M4-S3",
+            "title": "Golden Environment Specifications",
+            "content": [
+                "Tagging: ai.system.id, model.version, regime, criticality, owner.team, retention.years.",
+                "Encryption: CMK per jurisdiction; envelope encryption for model artifacts; HSM-backed for SR 11-7 Tier-1 models.",
+                "Observability: Prometheus + Tempo + Loki + OpenTelemetry; SLO burn alerts wired to SEV escalation."
+            ]
+        },
+        {
+            "id": "M4-S4",
+            "title": "Deployment Considerations",
+            "content": [
+                "Drift detection every 15 min (driftctl) → Tier-2 ledger event if drift > threshold.",
+                "Disaster recovery: cross-region replicated WORM bucket + ledger snapshots; RPO ≤ 5 min, RTO ≤ 30 min.",
+                "Sovereign-cloud variants for EU (Gaia-X), CN (CMG), IN (MeghRaj)."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M5 — OPA/Rego Policy Enforcement Library
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M5",
+    "title": "M5 — Tier 1: OPA/Rego Policy Enforcement Library (48 policies)",
+    "summary": "Catalogued OPA bundles spanning IaC, K8s admission, CI/CD, runtime decisions, and data-rights enforcement with explicit regime mapping.",
+    "sections": [
+        {
+            "id": "M5-S1",
+            "title": "Bundle Layout",
+            "content": [
+                "bundles/iac (12 policies)",
+                "bundles/k8s-admission (10 policies)",
+                "bundles/cicd-gates (8 policies)",
+                "bundles/runtime-decisions (12 policies, e.g., FCRA adverse-action eligibility)",
+                "bundles/data-rights (6 policies, GDPR Art 22 / 35 enforcement)"
+            ]
+        },
+        {
+            "id": "M5-S2",
+            "title": "Sample Policy → Regime Mapping (subset)",
+            "content": [
+                "POL-CICD-002 require_model_card → ISO/IEC 42001 §7.5, EU AI Act Art 11",
+                "POL-RT-007 fcra_adverse_action_required → FCRA §615(a), ECOA Reg B",
+                "POL-RT-011 gdpr_art22_human_review → GDPR Art 22(3)",
+                "POL-K8S-004 require_signed_image → SLSA L3, NIST SSDF PO.5",
+                "POL-IAC-009 worm_object_lock → BCBS 239 §3 (data integrity)"
+            ]
+        },
+        {
+            "id": "M5-S3",
+            "title": "Decision API & Latency Budget",
+            "content": [
+                "OPA sidecar p99 ≤ 8 ms; bundle refresh every 60 s with HMAC + Cosign signature verification.",
+                "Decision logs streamed to `gov.decision.envelope` Kafka topic; sampled at 100% for high-risk models, 10% otherwise."
+            ]
+        },
+        {
+            "id": "M5-S4",
+            "title": "Tier-2 / Tier-3 Hooks",
+            "content": [
+                "Each rule carries `metadata.sacilPrinciple` (e.g., `consent`, `non-domination`, `proportionality`).",
+                "Aggregate rule firings feed Tier-3 UGL conformance scoring (M13)."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M6 — Basel-Style AI Stress Tests
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M6",
+    "title": "M6 — Tier 2: Basel-Style AI Stress Tests & Capital Overlay",
+    "summary": "Annual + on-demand AI stress test framework producing capital overlays, fed back into Pillar 2 ICAAP and aligned with PRA SS3/18 + Fed CCAR-style scenarios.",
+    "sections": [
+        {
+            "id": "M6-S1",
+            "title": "Scenario Library (12 scenarios)",
+            "content": [
+                "S1 Severe macro + concept drift",
+                "S2 Adversarial prompt injection storm",
+                "S3 Cross-jurisdiction divergence (e.g., EU vs US fairness regimes)",
+                "S4 Vendor model recall (foundation provider revokes weights)",
+                "S5 Data poisoning at retrain horizon",
+                "S6 Liquidity crunch + AI mis-pricing",
+                "S7 Cyber + AI compound (ransomware + model theft)",
+                "S8 GPAI capability jump (frontier T3 emergence)",
+                "S9 Treaty regime fragmentation",
+                "S10 Sanctions surge + KYC-AI false negatives",
+                "S11 Climate transition shock + ESG model drift",
+                "S12 Quantum cryptanalytic break of legacy signing"
+            ]
+        },
+        {
+            "id": "M6-S2",
+            "title": "Methodology",
+            "content": [
+                "Shock vectors injected at data, model, and decision layers.",
+                "Severity grades: mild / adverse / severely adverse, mirroring Fed DFAST.",
+                "Capital overlay = base ICAAP buffer + ΔAI-VaR + interpretability gap penalty."
+            ]
+        },
+        {
+            "id": "M6-S3",
+            "title": "Outputs & Regulator Submission",
+            "content": [
+                "Quarterly stress-pack to Board Risk Committee + supervisor.",
+                "Schema: `aiStressTestResult` (M9).",
+                "PRA SS1/23, SR 15-18, EBA GL/2018/03 alignment columns."
+            ]
+        },
+        {
+            "id": "M6-S4",
+            "title": "Capital Overlay Responsiveness KPI",
+            "content": [
+                "KPI-COR-1: latency from stress event detection to capital overlay update ≤ 5 business days.",
+                "KPI-COR-2: drift-induced overlay reconciliation across jurisdictions ≤ 24h."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M7 — AI Governance Control Tower
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M7",
+    "title": "M7 — Tier 2: AI Governance Control Tower",
+    "summary": "Single pane of glass for board, CRO, CISO, CAIO, and supervisors aggregating real-time risk scores, KPIs, incidents, attestations, and treaty status.",
+    "sections": [
+        {
+            "id": "M7-S1",
+            "title": "Architecture",
+            "content": [
+                "Backend: Kafka Streams + Flink → ClickHouse for OLAP; Postgres for entity store.",
+                "API: GraphQL gateway + REST `/api/tier13-fullstack/*`.",
+                "Frontend: React + Next.js, role-aware (Board/CRO/CISO/CAIO/Supervisor)."
+            ]
+        },
+        {
+            "id": "M7-S2",
+            "title": "Component Catalog",
+            "content": [
+                "CT-01 Risk Heatmap (jurisdiction × system)",
+                "CT-02 KPI Gauges (22 supervisory KPIs)",
+                "CT-03 Incident Wall (SEV-0..SEV-3)",
+                "CT-04 Deterministic Audit Replay",
+                "CT-05 Multi-Decision Replay (fairness counterfactuals)",
+                "CT-06 Population Heatmap (protected classes)",
+                "CT-07 Predictive Governance Dashboard",
+                "CT-08 Treaty Compliance Wall",
+                "CT-09 Codex Continuity Panel"
+            ]
+        },
+        {
+            "id": "M7-S3",
+            "title": "Real-Time Risk Score",
+            "content": [
+                "Composite score = Σ wᵢ · KPIᵢ; weights board-approved annually, drift-adaptive.",
+                "Refresh ≤ 10 s for SEV-impacting KPIs; ≤ 60 s otherwise.",
+                "Score breach triggers automated Tier-2 response playbooks."
+            ]
+        },
+        {
+            "id": "M7-S4",
+            "title": "Supervisor Read-Only Tenancy",
+            "content": [
+                "Each supervisor (ECB, Fed, PRA, MAS, HKMA) gets a tenant view with watermarked exports.",
+                "Joint Supervisory Operating Protocol (JSOP) message bus integrated."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M8 — Global AI Governance Ledger (AIGL/MCIGL)
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M8",
+    "title": "M8 — Tier 2/3: Global AI Governance Ledger with Streaming Attestations",
+    "summary": "Append-only, cryptographically-anchored ledger uniting enterprise AIGL with the Multi-Civilizational Intergovernmental Ledger (MCIGL); supports real-time streaming attestations and zero-knowledge proofs.",
+    "sections": [
+        {
+            "id": "M8-S1",
+            "title": "Ledger Architecture",
+            "content": [
+                "Per-firm AIGL: hash-chained Postgres + Merkle tree, anchored hourly to Rekor + public blockchain (Sigstore) + MCIGL.",
+                "MCIGL: federated DAG across G-SIFI consortium + supervisors + treaty authority; consensus via HotStuff-BFT.",
+                "Hybrid signing: Ed25519 + Dilithium3 (post-quantum)."
+            ]
+        },
+        {
+            "id": "M8-S2",
+            "title": "Attestation Streaming",
+            "content": [
+                "Stream: `gov.attestation` Kafka topic, schema `attestationEvent`.",
+                "Backpressure-safe; downstream supervisor consumers pull via authenticated gRPC stream.",
+                "Latency p95 ≤ 2 s end-to-end."
+            ]
+        },
+        {
+            "id": "M8-S3",
+            "title": "Zero-Knowledge Proofs",
+            "content": [
+                "ZK-SNARK proofs of property compliance (e.g., AIR ≥ 0.85) without revealing protected data.",
+                "Prover: gnark / circom; Verifier embedded in MCIGL nodes.",
+                "Use case: cross-border fairness attestation without GDPR data transfer."
+            ]
+        },
+        {
+            "id": "M8-S4",
+            "title": "Ledger-to-Regime Trace",
+            "content": [
+                "Every entry references control_id, regime_refs[], sacilPrinciple, uglAxiom.",
+                "Regulator query → ZK proof or full evidence with audit trail."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M9 — Autonomous Supervisory Agents & Negotiation Protocols
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M9",
+    "title": "M9 — Tier 2: Autonomous Supervisory Agents & Negotiation Protocols",
+    "summary": "Sandboxed autonomous agents acting on behalf of supervisors and the firm, communicating via the JSOP message bus and negotiating remediation under formal protocols.",
+    "sections": [
+        {
+            "id": "M9-S1",
+            "title": "Agent Roster",
+            "content": [
+                "ASA-Reg (regulator agent, read-only + query)",
+                "ASA-Firm (firm agent, evidence producer)",
+                "ASA-Treaty (treaty authority arbiter)",
+                "ASA-SafetyInst (AI Safety Institute observer)",
+                "ASA-Audit (independent audit agent, third line)"
+            ]
+        },
+        {
+            "id": "M9-S2",
+            "title": "Negotiation Protocol (NP-1 \"Remediation Handshake\")",
+            "content": [
+                "Phase 1 Discovery: ASA-Reg issues structured query (JSOP envelope).",
+                "Phase 2 Disclosure: ASA-Firm responds with evidence bundle + ZK proofs.",
+                "Phase 3 Triangulation: ASA-Audit corroborates, ASA-Treaty observes.",
+                "Phase 4 Remediation: agreed plan signed by CAIO+CRO+ASA-Reg, anchored to AIGL.",
+                "Phase 5 Closure: ASA-SafetyInst certifies; codex inscription."
+            ]
+        },
+        {
+            "id": "M9-S3",
+            "title": "Sandboxing & Containment",
+            "content": [
+                "Agents run in gVisor + seccomp profiles, no outbound network except JSOP bus.",
+                "Capability tokens (macaroons) scope each action; revocable in ≤ 60 s.",
+                "Kill-switch: ASA-Treaty + Board joint signature."
+            ]
+        },
+        {
+            "id": "M9-S4",
+            "title": "JSOP Message Schema (jsopMessage)",
+            "content": [
+                "Fields: msgId, ts, sender, recipients[], intent, payload, signatures[], ledgerAnchor, ethicalHash.",
+                "All messages double-signed (Ed25519 + Dilithium3) and anchored to MCIGL within 5 s."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M10 — AI Treaty Enforcement & Legal Harmonization
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M10",
+    "title": "M10 — Tier 2/3: AI Treaty Enforcement & Legal Harmonization Layer",
+    "summary": "Codifies multilateral AI treaties (CoE Framework Convention, Bletchley/Seoul/Paris declarations) into machine-enforceable clauses harmonized with national/regional law.",
+    "sections": [
+        {
+            "id": "M10-S1",
+            "title": "Treaty Clause Catalog (18 clauses)",
+            "content": [
+                "TC-01 Frontier model evaluation pre-deployment",
+                "TC-02 Catastrophic risk reporting (≤72h)",
+                "TC-03 Compute reporting threshold (10^25 FLOP)",
+                "TC-04 Cross-border incident notification",
+                "TC-05 Independent third-party audits",
+                "TC-06 Human oversight non-derogable",
+                "TC-07 Open evaluation participation",
+                "TC-08 Sanctions/dual-use export control",
+                "TC-09 Critical-infrastructure protection",
+                "TC-10 Data-protection mutual recognition",
+                "TC-11 Rights-impact assessment",
+                "TC-12 Whistleblower protection",
+                "…"
+            ]
+        },
+        {
+            "id": "M10-S2",
+            "title": "Harmonization Matrix",
+            "content": [
+                "Each clause mapped to: EU AI Act articles, NIST RMF subcategories, ISO/IEC 42001 controls, GDPR articles, Basel/SR 11-7 paragraphs, and SACIL/MCIGL/UGL principles.",
+                "Conflicts resolved by `harmonizationRule` (most-protective-prevails by default; treaty override possible)."
+            ]
+        },
+        {
+            "id": "M10-S3",
+            "title": "Enforcement Path",
+            "content": [
+                "Treaty clause → Tier-2 policy template → OPA bundle → Tier-1 admission/runtime enforcement.",
+                "Violations: ASA-Treaty arbitration → MCIGL penalty inscription → optional sanctions list."
+            ]
+        },
+        {
+            "id": "M10-S4",
+            "title": "Legal Tech Stack",
+            "content": [
+                "Akoma Ntoso / LegalRuleML for clause representation.",
+                "Lean / TLA+ for formal-verification of critical invariants (e.g., human-oversight non-bypass).",
+                "Smart-contract escrow for cross-border remediation deposits (optional, jurisdiction-permitted)."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M11 — SACIL — Sovereign AI Civilization Layer
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M11",
+    "title": "M11 — Tier 3: SACIL — Sovereign AI Civilization Layer",
+    "summary": "Civilizational governance plane embedding sovereign AI principles—consent, non-domination, proportionality, plurality, restorative justice—into all Tier-1/2 decisions.",
+    "sections": [
+        {
+            "id": "M11-S1",
+            "title": "SACIL Principles (12)",
+            "content": [
+                "P1 Consent (informed, revocable)",
+                "P2 Non-Domination",
+                "P3 Proportionality",
+                "P4 Plurality of values",
+                "P5 Restorative Justice (vs purely punitive)",
+                "P6 Inter-Generational Equity",
+                "P7 Ecological Stewardship",
+                "P8 Cultural Continuity",
+                "P9 Cognitive Liberty",
+                "P10 Algorithmic Humility",
+                "P11 Transparency-by-Witness",
+                "P12 Reciprocity Across Borders"
+            ]
+        },
+        {
+            "id": "M11-S2",
+            "title": "Operationalization",
+            "content": [
+                "Each OPA rule MUST cite ≥1 SACIL principle in metadata.",
+                "SACIL conformance score per system = weighted coverage across firings.",
+                "Annual SACIL audit by independent civic body."
+            ]
+        },
+        {
+            "id": "M11-S3",
+            "title": "Civic Interfaces",
+            "content": [
+                "Public Witness Portal: redacted decision summaries + appeal channel.",
+                "Indigenous & minority data sovereignty controls (CARE principles).",
+                "Citizen jury sampling for high-impact systems."
+            ]
+        },
+        {
+            "id": "M11-S4",
+            "title": "SACIL → Tier-1 Trace",
+            "content": [
+                "Trace path: SACIL P-x → UGL Axiom A-y → Treaty Clause TC-z → OPA rule POL-…",
+                "Inverse path provable via AIGL/MCIGL queries."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M12 — MCIGL — Multi-Civilizational Intergovernmental Ledger
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M12",
+    "title": "M12 — Tier 3: MCIGL — Multi-Civilizational Intergovernmental Ledger",
+    "summary": "Federated ledger anchoring inter-jurisdictional and inter-civilizational AI governance commitments, enabling treaty-grade auditability and dispute resolution.",
+    "sections": [
+        {
+            "id": "M12-S1",
+            "title": "Federation Topology",
+            "content": [
+                "Nodes: G-SIFI consortium, supervisors, treaty authority, AI Safety Institutes, civic observers.",
+                "Consensus: HotStuff-BFT with signed checkpoints; quorum diversity rule (≥3 jurisdictions).",
+                "Throughput target: 5,000 attestations/sec; finality ≤ 3 s."
+            ]
+        },
+        {
+            "id": "M12-S2",
+            "title": "Inscription Types",
+            "content": [
+                "Codex chapters, treaty ratifications, supervisory rulings, frontier-model evaluations, civic verdicts."
+            ]
+        },
+        {
+            "id": "M12-S3",
+            "title": "Dispute Resolution",
+            "content": [
+                "On-ledger arbitration via ASA-Treaty + human panel.",
+                "Outcomes binding under treaty; sanctions sequence: warning → remediation deposit → operational restriction → license suspension."
+            ]
+        },
+        {
+            "id": "M12-S4",
+            "title": "Continuity & Resonance Archives",
+            "content": [
+                "Resonance archive: long-form narrative records (codex sealing/renewal/continuity/inscription/resonance).",
+                "Cultural-persistence guarantees: minimum retention 50 years; multi-modal (text, audio, signed video) evidence integrity."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M13 — UGL — Universal Governance Lattice
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M13",
+    "title": "M13 — Tier 3: UGL — Universal Governance Lattice (Meta-Cosmic)",
+    "summary": "Top-tier abstract lattice of axioms harmonizing all known AI governance frameworks under a single category-theoretic structure suitable for verification and inter-framework translation.",
+    "sections": [
+        {
+            "id": "M13-S1",
+            "title": "UGL Axioms (10)",
+            "content": [
+                "A1 Bounded Capability (no system exceeds sanctioned capability without renewed consent)",
+                "A2 Verifiable Provenance",
+                "A3 Reversibility (every consequential decision is reversible or compensable)",
+                "A4 Pluralistic Alignment",
+                "A5 Humane Interpretability",
+                "A6 Distributive Risk Equity",
+                "A7 Temporal Continuity",
+                "A8 Ecological Coherence",
+                "A9 Epistemic Humility",
+                "A10 Cosmic Stewardship"
+            ]
+        },
+        {
+            "id": "M13-S2",
+            "title": "Category-Theoretic Structure",
+            "content": [
+                "UGL formalized as a poset/lattice of governance properties; each regime is a functor into UGL.",
+                "Inter-framework translation = natural transformations between functors.",
+                "Conformance = existence of monomorphism from regime constraints into UGL axioms."
+            ]
+        },
+        {
+            "id": "M13-S3",
+            "title": "Verification Tooling",
+            "content": [
+                "Lean 4 library `ugl-core` proves invariants (e.g., reversibility ⇒ rollback obligation).",
+                "TLA+ specs for treaty-level state machines.",
+                "Coq port for high-assurance defense/finance variants."
+            ]
+        },
+        {
+            "id": "M13-S4",
+            "title": "UGL Conformance Score",
+            "content": [
+                "Score per system ∈ [0,1]; minimum 0.85 for high-risk; 0.95 for systemic AI.",
+                "Score breach → Tier-2 capital overlay + Tier-3 inscription."
+            ]
+        }
+    ]
+})
+
+# ---------------------------------------------------------------------------
+# M14 — Phased Roadmap & Resource Plan
+# ---------------------------------------------------------------------------
+MODULES.append({
+    "id": "M14",
+    "title": "M14 — Phased Roadmap, Resource Plan, & Maturity Model (2026-2030)",
+    "summary": "Five-phase deployment plan from Tier-1 foundation (2026) to Tier-3 federation (2029-2030), with FTE/budget envelopes and a 6-tier maturity model.",
+    "sections": [
+        {
+            "id": "M14-S1",
+            "title": "Phases",
+            "content": [
+                "P1 2026 H1 — Tier-1 foundation: CI/CD gates, OPA bundles, K8s+Kafka+Terraform.",
+                "P2 2026 H2 — Tier-1 hardening + first AIGL anchor; Sentinel v2.4 GA.",
+                "P3 2027 — Tier-2 Control Tower + autonomous supervisory agents (pilot with one supervisor).",
+                "P4 2028 — Tier-2 federation: JSOP + treaty clauses live; Basel-style stress tests in production.",
+                "P5 2029-2030 — Tier-3 federation: SACIL audits, MCIGL go-live, UGL conformance scoring."
+            ]
+        },
+        {
+            "id": "M14-S2",
+            "title": "Resource Envelope (per Tier-1 G-SIB)",
+            "content": [
+                "Run-rate: ~180-220 FTE; ~$240-310M/yr by 2028.",
+                "Capex: $180-260M build (2026-2028).",
+                "Vendor mix: cloud, OPA Styra, Confluent, Sigstore, Lean/Coq specialists, civic-audit firms."
+            ]
+        },
+        {
+            "id": "M14-S3",
+            "title": "Maturity Model (M0..M5)",
+            "content": [
+                "M0 Ad-hoc; M1 Documented; M2 Tier-1 Automated; M3 Tier-2 Federated; M4 Tier-3 Treaty-Aligned; M5 UGL-Conformant.",
+                "Self-assessment + independent attestation annually."
+            ]
+        },
+        {
+            "id": "M14-S4",
+            "title": "Strategic Bets 2030",
+            "content": [
+                "Quantum-safe migration complete (hybrid Ed25519 + Dilithium3 default).",
+                "MCIGL adopted by ≥8 supervisors and ≥20 G-SIFIs.",
+                "UGL conformance ≥ 0.92 average across portfolio.",
+                "Public Witness Portal in 12 jurisdictions."
+            ]
+        }
+    ]
+})
+
+DOC["modules"] = MODULES
+
+# ============================================================================
+# SCHEMAS (12)
+# ============================================================================
+DOC["schemas"] = [
+    {"id": "tierMapping", "title": "Tier 1-3 Mapping Record", "fields": ["controlId", "tier", "layer", "regimeRefs", "sacilPrinciple", "uglAxiom"]},
+    {"id": "decisionEnvelope", "title": "Decision Envelope (per AI decision)", "fields": ["envelopeId", "ts", "systemId", "input", "output", "explanations", "fairness", "policyDecisions", "signatures"]},
+    {"id": "policyDecision", "title": "OPA Policy Decision", "fields": ["policyId", "result", "controlId", "regimeRefs", "latencyMs"]},
+    {"id": "attestationEvent", "title": "Streaming Attestation", "fields": ["attId", "ts", "subject", "claim", "proofType", "ledgerAnchor"]},
+    {"id": "aiStressTestResult", "title": "Basel-Style AI Stress Test", "fields": ["scenarioId", "severity", "delta_var", "capitalOverlayBps", "submission"]},
+    {"id": "jsopMessage", "title": "JSOP Inter-Agent Message", "fields": ["msgId", "intent", "payload", "signatures", "ledgerAnchor", "ethicalHash"]},
+    {"id": "trustContract", "title": "Tier-2 Trust Contract", "fields": ["contractId", "parties", "obligations", "kpiTargets", "expiry"]},
+    {"id": "treatyClause", "title": "AI Treaty Clause", "fields": ["clauseId", "text", "regimeMapping", "uglAxioms", "harmonizationRule"]},
+    {"id": "sacilConformance", "title": "SACIL Conformance Record", "fields": ["systemId", "principleScores", "auditorId", "verdict"]},
+    {"id": "uglConformance", "title": "UGL Conformance Score", "fields": ["systemId", "axiomScores", "compositeScore", "verifierProof"]},
+    {"id": "codexInscription", "title": "MCIGL Codex Inscription", "fields": ["inscriptionId", "type", "narrative", "signatures", "merkleRoot"]},
+    {"id": "incident", "title": "SEV-0..SEV-3 Incident", "fields": ["incidentId", "severity", "mttd", "mttr", "rootCause", "remediation", "regulatorNotified"]},
+]
+
+# ============================================================================
+# CODE EXAMPLES (14)
+# ============================================================================
+DOC["codeExamples"] = [
+    {"id": "CE-01", "title": "OPA/Rego — require_model_card (Tier-1 CI/CD)", "lang": "rego", "snippet": '''package gov.cicd.model_card
+# control_id: CTL-L1-002
+# regime_refs: ["EU AI Act Art 11", "ISO/IEC 42001 §7.5"]
+# sacilPrinciple: "P11 Transparency-by-Witness"
+deny[msg] {
+  input.kind == "PullRequest"
+  not input.files["MODEL_CARD.md"]
+  msg := "MODEL_CARD.md required (CTL-L1-002)"
+}'''},
+    {"id": "CE-02", "title": "OPA/Rego — fcra_adverse_action (Tier-1 Runtime)", "lang": "rego", "snippet": '''package gov.runtime.fcra
+# control_id: CTL-L3-007
+# regime_refs: ["FCRA §615(a)", "ECOA Reg B"]
+deny[msg] {
+  input.decision == "deny_credit"
+  not input.adverseActionNotice.required
+  msg := "FCRA adverse-action notice missing (CTL-L3-007)"
+}'''},
+    {"id": "CE-03", "title": "Gatekeeper ConstraintTemplate — K8sRequireSidecarGov", "lang": "yaml", "snippet": '''apiVersion: templates.gatekeeper.sh/v1
+kind: ConstraintTemplate
+metadata: {name: k8srequiresidecargov}
+spec:
+  crd: {spec: {names: {kind: K8sRequireSidecarGov}}}
+  targets:
+  - target: admission.k8s.gatekeeper.sh
+    rego: |
+      package k8srequiresidecargov
+      violation[{"msg": msg}] {
+        input.review.kind.kind == "Pod"
+        not has_gov_sidecar
+        msg := "Pod must include gov-sidecar (CTL-L2-014)"
+      }
+      has_gov_sidecar { input.review.object.spec.containers[_].image == "registry/gov-sidecar:1.4" }'''},
+    {"id": "CE-04", "title": "Terraform — WORM Bucket with Object Lock", "lang": "hcl", "snippet": '''resource "aws_s3_bucket" "audit" {
+  bucket = "gov-audit-${var.jurisdiction}"
+  object_lock_enabled = true
+  tags = { "ai.system.id" = "audit", jurisdiction = var.jurisdiction, retention.years = "11" }
+}
+resource "aws_s3_bucket_object_lock_configuration" "audit" {
+  bucket = aws_s3_bucket.audit.id
+  rule { default_retention { mode = "COMPLIANCE" years = 11 } }
+}'''},
+    {"id": "CE-05", "title": "GitHub Actions — G3 Stress + Fairness Gate", "lang": "yaml", "snippet": '''name: ai-gov-gates
+on: [pull_request]
+jobs:
+  g3-pre-prod:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - run: pip install fairlearn helm-eval
+    - run: python scripts/fairness_check.py --air-min 0.85
+    - run: python scripts/stress_pack.py --pack basel-ai-12
+    - run: conftest test --policy bundles/cicd-gates'''},
+    {"id": "CE-06", "title": "Hybrid Ed25519 + Dilithium3 Signer (Python)", "lang": "python", "snippet": '''from nacl.signing import SigningKey
+from pqcrypto.sign.dilithium3 import generate_keypair, sign
+def hybrid_sign(msg: bytes, ed_sk: SigningKey, pq_sk: bytes) -> dict:
+    return {
+      "ed25519": ed_sk.sign(msg).signature.hex(),
+      "dilithium3": sign(pq_sk, msg).hex(),
+    }'''},
+    {"id": "CE-07", "title": "Kafka WORM Topic Config + ACL", "lang": "shell", "snippet": '''kafka-topics --create --topic gov.decision.envelope \\
+  --partitions 24 --replication-factor 3 \\
+  --config retention.ms=-1 --config cleanup.policy=delete \\
+  --config min.insync.replicas=2
+kafka-acls --add --producer --topic gov.decision.envelope --allow-principal User:gov-svc
+kafka-acls --add --consumer --topic gov.decision.envelope --group ledger --allow-principal User:ledger-svc'''},
+    {"id": "CE-08", "title": "TLA+ — Human Oversight Non-Bypass Invariant", "lang": "tla", "snippet": '''---- MODULE HumanOversight ----
+VARIABLE state, decisions
+HumanReviewed(d) == d.review = "human"
+NonBypass == \\A d \\in decisions: d.impact = "high" => HumanReviewed(d)
+Spec == Init /\\ [][Next]_<<state, decisions>> /\\ []NonBypass
+===='''},
+    {"id": "CE-09", "title": "Lean 4 — Reversibility ⇒ Rollback Obligation", "lang": "lean", "snippet": '''structure Decision where
+  id : String
+  reversible : Bool
+  rollbackPlan : Option String
+theorem reversibility_implies_plan
+  (d : Decision) (h : d.reversible = true) : d.rollbackPlan.isSome := by
+  -- enforced at policy time; proof obligation discharged by registry'''},
+    {"id": "CE-10", "title": "ZK-SNARK Fairness Proof (gnark-style)", "lang": "go", "snippet": '''type FairnessCircuit struct { AIR frontend.Variable; Threshold frontend.Variable `gnark:",public"` }
+func (c *FairnessCircuit) Define(api frontend.API) error {
+  api.AssertIsLessOrEqual(c.Threshold, c.AIR)
+  return nil
+}'''},
+    {"id": "CE-11", "title": "JSOP Message Envelope (JSON)", "lang": "json", "snippet": '''{
+  "msgId": "jsop-2027-04-12-0001",
+  "ts": "2027-04-12T09:14:22Z",
+  "sender": "ASA-Reg/ECB",
+  "recipients": ["ASA-Firm/BANK-X"],
+  "intent": "discovery.fairness",
+  "payload": {"system": "credit-uw-eu-1", "window": "2027Q1"},
+  "signatures": {"ed25519": "...", "dilithium3": "..."},
+  "ledgerAnchor": "mcigl://block/812441/tx/0xabc",
+  "ethicalHash": "ugl:A4,A5;sacil:P3,P11"
+}'''},
+    {"id": "CE-12", "title": "Predictive Governance Dashboard — React KPI Gauge", "lang": "tsx", "snippet": '''export function KpiGauge({label, value, target}:{label:string; value:number; target:number}) {
+  const pct = Math.min(100, (value/target)*100);
+  const ok = value >= target;
+  return (<div className="rounded-2xl shadow p-4">
+    <div className="text-sm opacity-70">{label}</div>
+    <div className={`text-3xl font-semibold ${ok?"text-emerald-600":"text-rose-600"}`}>{value.toFixed(2)}</div>
+    <div className="h-2 bg-slate-200 rounded"><div style={{width:`${pct}%`}} className={`h-2 rounded ${ok?"bg-emerald-500":"bg-rose-500"}`}/></div>
+  </div>);
+}'''},
+    {"id": "CE-13", "title": "MCIGL Anchor — Rekor + Merkle", "lang": "python", "snippet": '''import hashlib, requests
+def anchor(payload: bytes) -> dict:
+    digest = hashlib.sha256(payload).hexdigest()
+    r = requests.post("https://rekor.sigstore.dev/api/v1/log/entries",
+                      json={"kind":"hashedrekord","spec":{"data":{"hash":{"algorithm":"sha256","value":digest}}}})
+    return {"rekorUuid": r.json()["uuid"], "digest": digest}'''},
+    {"id": "CE-14", "title": "OPA Bundle Manifest with SACIL/UGL Metadata", "lang": "json", "snippet": '''{
+  "bundleId": "gov-runtime-1.7.0",
+  "policies": [
+    {"id": "POL-RT-007", "controlId": "CTL-L3-007", "regime_refs": ["FCRA §615(a)"], "sacilPrinciple": "P5", "uglAxiom": "A6"},
+    {"id": "POL-RT-011", "controlId": "CTL-L3-011", "regime_refs": ["GDPR Art 22"], "sacilPrinciple": "P1", "uglAxiom": "A1"}
+  ],
+  "signature": {"ed25519": "...", "dilithium3": "..."}
+}'''},
+]
+
+# ============================================================================
+# CASE STUDIES (6)
+# ============================================================================
+DOC["caseStudies"] = [
+    {"id": "CS-01", "title": "EU G-SIB — Tier-1 to Tier-2 in 18 months",
+     "summary": "Established CI/CD gates G0-G4, OPA bundle (38 policies), Sentinel v2.4, Control Tower; first AIGL anchor month 9; Tier-2 federation pilot with ECB month 18.",
+     "outcomes": ["Decision-traceability 99.97%", "MTTR 38 min", "RAG faithfulness 0.94", "AIR 0.88 cross-jurisdiction"]},
+    {"id": "CS-02", "title": "US BHC — SR 11-7 Federated Validation via MCIGL",
+     "summary": "Deployed federated SR 11-7 model risk validation via MCIGL with Fed + OCC; ZK proofs of fairness without raw data transfer.",
+     "outcomes": ["Validation cycle 6w → 9d", "Capital overlay updates ≤4 BD", "Zero data-residency violations"]},
+    {"id": "CS-03", "title": "UK SMF24 + PRA SS1/23 — Joint Tier-2 Drill",
+     "summary": "Simulated frontier-model recall (TC-04 + TC-08) using ASA-Reg, ASA-Firm, ASA-Treaty; full negotiation protocol NP-1 executed in sandbox.",
+     "outcomes": ["NP-1 closure 4h12m", "All evidence ZK-attested", "PRA SMF24 sign-off"]},
+    {"id": "CS-04", "title": "Cross-Border Fairness — EU+SG+HK ZK Attestation",
+     "summary": "Three-jurisdiction credit AI proved AIR ≥ 0.85 to MAS, HKMA, EBA without sharing protected data via MCIGL ZK proofs.",
+     "outcomes": ["3 supervisor sign-offs in 11 days", "Zero GDPR transfers", "UGL score 0.93"]},
+    {"id": "CS-05", "title": "Frontier T3 Capability Spike — Containment in 42 s",
+     "summary": "GPAI capability evaluation triggered Tier-1 kill-switch + Tier-2 ASA-Treaty arbitration + Tier-3 MCIGL inscription.",
+     "outcomes": ["Containment 42 s", "Treaty TC-01 enforced", "Resonance archive entry sealed"]},
+    {"id": "CS-06", "title": "Climate-Transition AI Drift — Capital Overlay in 3 BD",
+     "summary": "Scenario S11 ran in production stress harness; mis-pricing detected; ICAAP overlay updated within 3 business days.",
+     "outcomes": ["Δ-VaR captured 92%", "Overlay 18 bps", "Board attestation logged"]},
+]
+
+# ============================================================================
+# KPIs (22)
+# ============================================================================
+DOC["kpis"] = [
+    {"id": "KPI-01", "name": "Decision-traceability ratio", "target": "≥ 99.95%"},
+    {"id": "KPI-02", "name": "False-negative detection rate (high-risk systems)", "target": "≤ 0.5%"},
+    {"id": "KPI-03", "name": "Cross-jurisdiction drift reconciliation", "target": "≤ 24h"},
+    {"id": "KPI-04", "name": "Interpretability coverage ratio", "target": "≥ 90%"},
+    {"id": "KPI-05", "name": "Capital-overlay responsiveness", "target": "≤ 5 BD"},
+    {"id": "KPI-06", "name": "Time-to-regulator deployment", "target": "≤ 14 d"},
+    {"id": "KPI-07", "name": "RSP latency", "target": "≤ 30 min"},
+    {"id": "KPI-08", "name": "Control automation", "target": "≥ 95%"},
+    {"id": "KPI-09", "name": "Evidence automation", "target": "≥ 96%"},
+    {"id": "KPI-10", "name": "RAG faithfulness", "target": "≥ 0.92"},
+    {"id": "KPI-11", "name": "Blocked-harm rate", "target": "≥ 99.5%"},
+    {"id": "KPI-12", "name": "PII leakage", "target": "≤ 0.01%"},
+    {"id": "KPI-13", "name": "Fairness AIR", "target": "≥ 0.85"},
+    {"id": "KPI-14", "name": "Adverse-action SLA", "target": "≤ 24h"},
+    {"id": "KPI-15", "name": "Regulator notification (EU AI Act)", "target": "≤ 24h"},
+    {"id": "KPI-16", "name": "MTTD (SEV-1 governance incident)", "target": "≤ 4 min"},
+    {"id": "KPI-17", "name": "MTTR (SEV-1)", "target": "≤ 60 min"},
+    {"id": "KPI-18", "name": "Kinetic kill-switch", "target": "≤ 60 s"},
+    {"id": "KPI-19", "name": "MCIGL attestation latency p95", "target": "≤ 2 s"},
+    {"id": "KPI-20", "name": "UGL conformance score (high-risk avg)", "target": "≥ 0.90"},
+    {"id": "KPI-21", "name": "SACIL principle coverage", "target": "≥ 95%"},
+    {"id": "KPI-22", "name": "Quantum-safe signature coverage", "target": "100% by 2030"},
+]
+
+# ============================================================================
+# OPA POLICIES CATALOGUE (subset, 12 sample of 48)
+# ============================================================================
+DOC["opaPolicies"] = [
+    {"id": "POL-IAC-009", "tier": "T1", "domain": "iac", "name": "worm_object_lock", "regimeRefs": ["BCBS 239 §3", "EU AI Act Art 12"], "sacil": "P11", "ugl": "A2"},
+    {"id": "POL-K8S-004", "tier": "T1", "domain": "k8s", "name": "require_signed_image", "regimeRefs": ["NIST SSDF PO.5", "SLSA L3"], "sacil": "P11", "ugl": "A2"},
+    {"id": "POL-K8S-007", "tier": "T1", "domain": "k8s", "name": "require_gov_sidecar", "regimeRefs": ["ISO/IEC 42001 §8.1"], "sacil": "P11", "ugl": "A5"},
+    {"id": "POL-CICD-002", "tier": "T1", "domain": "cicd", "name": "require_model_card", "regimeRefs": ["EU AI Act Art 11", "ISO/IEC 42001 §7.5"], "sacil": "P11", "ugl": "A5"},
+    {"id": "POL-CICD-005", "tier": "T1", "domain": "cicd", "name": "require_dpia", "regimeRefs": ["GDPR Art 35"], "sacil": "P1", "ugl": "A1"},
+    {"id": "POL-RT-007", "tier": "T1", "domain": "runtime", "name": "fcra_adverse_action_required", "regimeRefs": ["FCRA §615(a)", "ECOA Reg B"], "sacil": "P5", "ugl": "A6"},
+    {"id": "POL-RT-011", "tier": "T1", "domain": "runtime", "name": "gdpr_art22_human_review", "regimeRefs": ["GDPR Art 22"], "sacil": "P1", "ugl": "A1"},
+    {"id": "POL-RT-014", "tier": "T1", "domain": "runtime", "name": "fairness_air_min", "regimeRefs": ["EU AI Act Art 10", "ECOA"], "sacil": "P3", "ugl": "A6"},
+    {"id": "POL-RT-018", "tier": "T1", "domain": "runtime", "name": "kill_switch_capability", "regimeRefs": ["EU AI Act Art 14"], "sacil": "P2", "ugl": "A1"},
+    {"id": "POL-DR-003", "tier": "T1", "domain": "data-rights", "name": "right_to_explanation", "regimeRefs": ["GDPR Art 22(3)", "EU AI Act Art 13"], "sacil": "P11", "ugl": "A5"},
+    {"id": "POL-T2-021", "tier": "T2", "domain": "control-tower", "name": "supervisor_readonly_tenancy", "regimeRefs": ["SR 11-7 III.C"], "sacil": "P11", "ugl": "A2"},
+    {"id": "POL-T3-005", "tier": "T3", "domain": "ugl", "name": "reversibility_obligation", "regimeRefs": ["UGL A3", "EU AI Act Art 9"], "sacil": "P5", "ugl": "A3"},
+]
+
+# ============================================================================
+# TREATY CLAUSES (subset 6 of 18)
+# ============================================================================
+DOC["treatyClauses"] = [
+    {"id": "TC-01", "name": "Frontier model pre-deployment evaluation", "regimes": ["EU AI Act Art 55", "Bletchley/Seoul"], "ugl": ["A1", "A9"]},
+    {"id": "TC-02", "name": "Catastrophic risk reporting ≤ 72h", "regimes": ["EU AI Act Art 55(1)(c)"], "ugl": ["A1", "A7"]},
+    {"id": "TC-03", "name": "Compute reporting ≥ 10^25 FLOP", "regimes": ["US EO 14110", "EU AI Act"], "ugl": ["A1", "A2"]},
+    {"id": "TC-06", "name": "Human oversight non-derogable", "regimes": ["EU AI Act Art 14", "GDPR Art 22"], "ugl": ["A1", "A5"]},
+    {"id": "TC-10", "name": "Data-protection mutual recognition", "regimes": ["GDPR", "Convention 108+"], "ugl": ["A2", "A6"]},
+    {"id": "TC-11", "name": "Rights-impact assessment", "regimes": ["EU AI Act Art 27", "CoE Framework"], "ugl": ["A4", "A6"]},
+]
+
+# ============================================================================
+# REGIME → CONTROL → SACIL/UGL TRACEABILITY (sample)
+# ============================================================================
+DOC["traceability"] = {
+    "examples": [
+        {"regime": "EU AI Act Art 14 (Human oversight)", "control": "CTL-L3-018", "opaPolicy": "POL-RT-018", "sacil": "P2 Non-Domination", "ugl": "A1 Bounded Capability", "treaty": "TC-06"},
+        {"regime": "GDPR Art 22 (Automated decisions)", "control": "CTL-L3-011", "opaPolicy": "POL-RT-011", "sacil": "P1 Consent", "ugl": "A1 Bounded Capability", "treaty": "TC-06"},
+        {"regime": "FCRA §615(a) (Adverse action)", "control": "CTL-L3-007", "opaPolicy": "POL-RT-007", "sacil": "P5 Restorative Justice", "ugl": "A6 Distributive Risk Equity"},
+        {"regime": "Basel III BCBS 239", "control": "CTL-L2-009", "opaPolicy": "POL-IAC-009", "sacil": "P11 Transparency-by-Witness", "ugl": "A2 Verifiable Provenance"},
+        {"regime": "SR 11-7 III.B (Validation)", "control": "CTL-L3-022", "opaPolicy": "POL-T2-022", "sacil": "P10 Algorithmic Humility", "ugl": "A9 Epistemic Humility"},
+        {"regime": "ISO/IEC 42001 §9.3", "control": "CTL-L4-031", "opaPolicy": "POL-CICD-031", "sacil": "P11", "ugl": "A2"},
+        {"regime": "NIST AI RMF Manage 2.x", "control": "CTL-L4-040", "opaPolicy": "POL-CICD-040", "sacil": "P3", "ugl": "A6"},
+    ]
+}
+
+# ============================================================================
+# DEPLOYMENT CONSIDERATIONS
+# ============================================================================
+DOC["deploymentConsiderations"] = [
+    "Sovereign cloud variants per jurisdiction (Gaia-X EU, CMG CN, MeghRaj IN).",
+    "Air-gapped Tier-1 G-SIB profile uses self-hosted Sigstore + Rekor mirror.",
+    "Quantum-safe migration by 2030 using hybrid Ed25519 + Dilithium3 across all signing surfaces.",
+    "Resilience: cross-region replicated WORM, RPO ≤ 5 min, RTO ≤ 30 min.",
+    "Cost optimization: spot/interruptible nodes for non-prod; reserved for governance-critical paths.",
+    "Compliance hard-mandatory mode for production workspaces (Sentinel/Gatekeeper deny-by-default).",
+    "Independent civic auditors required for SACIL annual audits.",
+    "Treaty Authority VPN read-only access (no inbound from supervisors except via JSOP)."
+]
+
+# ============================================================================
+# EXECUTIVE SUMMARY
+# ============================================================================
+DOC["executiveSummary"] = {
+    "purpose": "Collapse the full-stack AI governance ontology for G-SIFIs into a tractable Tier 1-3 enterprise blueprint deployable across 2026-2030.",
+    "approach": "Three tiers (Operational, Enterprise/Supervisory, Civilizational/Meta-Cosmic) with bidirectional traceability — atomic OPA rules ↔ regime articles ↔ SACIL principles ↔ UGL axioms.",
+    "deliverables": "14 modules, 56 sections, 12 schemas, 14 code examples, 6 case studies, 92 API routes, 380 controls, 22 KPIs, 48 OPA policies, 18 treaty clauses.",
+    "outcomes": [
+        "Regulator-ready evidence at <2s attestation latency.",
+        "Zero-knowledge cross-border fairness proofs without GDPR transfers.",
+        "Capital overlays updated within 5 BD of stress events.",
+        "Frontier kill-switch ≤ 60 s with treaty-grade inscription.",
+        "UGL conformance ≥ 0.90 average for high-risk systems by 2030."
+    ]
+}
+
+# ============================================================================
+# WRITE
+# ============================================================================
+OUT_JSON.parent.mkdir(parents=True, exist_ok=True)
+OUT_JSON.write_text(json.dumps(DOC, indent=2, ensure_ascii=False))
+size = OUT_JSON.stat().st_size
+sections = sum(len(m["sections"]) for m in MODULES)
+print(f"Generated {OUT_JSON} ({size/1024:.1f} KB)")
+print(f"  modules={len(MODULES)} sections={sections} schemas={len(DOC['schemas'])} "
+      f"code={len(DOC['codeExamples'])} cases={len(DOC['caseStudies'])} kpis={len(DOC['kpis'])} "
+      f"opa={len(DOC['opaPolicies'])} treaty={len(DOC['treatyClauses'])}")
diff --git a/rag-agentic-dashboard/public/tier13-fullstack.html b/rag-agentic-dashboard/public/tier13-fullstack.html
new file mode 100644
index 0000000..dbafbd2
--- /dev/null
+++ b/rag-agentic-dashboard/public/tier13-fullstack.html
@@ -0,0 +1,305 @@
+<!doctype html>
+<html lang="en"><head>
+<meta charset="utf-8"/>
+<meta name="viewport" content="width=device-width,initial-scale=1"/>
+<title>Full-Stack AI Governance Ontology — Tier 1–3 Enterprise Blueprint for G-SIFIs — TIER13-FULLSTACK-WP-041</title>
+<style>
+  :root { --bg:#0b1220; --panel:#111a2c; --ink:#e6edf7; --muted:#9aa7c2; --accent:#6ea8fe; --good:#34d399; --warn:#fbbf24; --bad:#f87171; }
+  * { box-sizing:border-box }
+  body { margin:0; background:var(--bg); color:var(--ink); font:14px/1.55 ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto }
+  header { padding:24px 32px; background:linear-gradient(135deg,#0b1220,#152346); border-bottom:1px solid #1c2742 }
+  header h1 { margin:0 0 4px; font-size:22px }
+  header .meta { color:var(--muted); font-size:12px }
+  nav { position:sticky; top:0; background:rgba(11,18,32,.92); backdrop-filter:blur(8px); padding:10px 16px; border-bottom:1px solid #1c2742; z-index:9; display:flex; flex-wrap:wrap; gap:6px }
+  nav a { color:var(--accent); text-decoration:none; padding:4px 10px; border-radius:999px; font-size:12px; border:1px solid #1c2742 }
+  nav a:hover { background:#162446 }
+  main { padding:24px 32px; max-width:1280px; margin:0 auto }
+  section.block { background:var(--panel); border:1px solid #1c2742; border-radius:14px; padding:18px 22px; margin:18px 0 }
+  section.block h2 { margin:0 0 12px; font-size:18px; color:var(--accent) }
+  table { width:100%; border-collapse:collapse; font-size:13px }
+  th, td { text-align:left; padding:8px 10px; border-bottom:1px solid #1c2742; vertical-align:top }
+  th { background:#0e1730; color:var(--muted); font-weight:600 }
+  table.kv { font-size:12px }
+  table.kv th { width:30%; background:#0a1226 }
+  pre { background:#070d1d; color:#cfe2ff; padding:12px; border-radius:10px; overflow:auto; font-size:12px }
+  .pill { display:inline-block; padding:2px 10px; border-radius:999px; background:#162446; color:var(--ink); font-size:11px; margin:2px 4px 2px 0 }
+  details { background:#0e1730; border:1px solid #1c2742; border-radius:10px; padding:8px 12px; margin:6px 0 }
+  details summary { cursor:pointer; color:var(--ink) }
+  .grid { display:grid; gap:14px }
+  .grid.k3 { grid-template-columns:repeat(3,1fr) }
+  .grid.k2 { grid-template-columns:repeat(2,1fr) }
+  .stat { background:#0e1730; border:1px solid #1c2742; border-radius:12px; padding:14px }
+  .stat .v { font-size:24px; font-weight:700; color:var(--accent) }
+  .stat .l { color:var(--muted); font-size:12px }
+  article.module { background:#0e1730; border:1px solid #1c2742; border-radius:12px; padding:14px; margin:10px 0 }
+  article.module h3 { margin:0 0 4px; color:var(--ink) }
+  article.module p.summary { color:var(--muted); margin:0 0 10px }
+  .tiers .t { display:inline-block; margin:4px 6px 4px 0; padding:6px 10px; border-radius:8px; background:#162446; border:1px solid #233864 }
+  footer { padding:24px 32px; color:var(--muted); font-size:11px; border-top:1px solid #1c2742 }
+</style>
+</head><body>
+<header>
+  <h1>Full-Stack AI Governance Ontology — Tier 1–3 Enterprise Blueprint for G-SIFIs</h1>
+  <div class='meta'><b>TIER13-FULLSTACK-WP-041</b> · v1.0.0 · 2026-2030 · CONFIDENTIAL — Board / CRO / CISO / CAIO / Prudential Supervisor / Treaty Authority / AI Safety Institute</div>
+  <div class='meta'>Owner: Group CEO + Chief AI Officer (CAIO) — co-signed by CRO, CISO, GC, DPO, Head of Internal Audit, Treaty Liaison</div>
+</header>
+<nav>
+  <a href="#summary">Summary</a>
+  <a href="#tiers">Tiers</a>
+  <a href="#modules">Modules</a>
+  <a href="#kpis">KPIs</a>
+  <a href="#opa">OPA Policies</a>
+  <a href="#trace">Traceability</a>
+  <a href="#treaty">Treaty Clauses</a>
+  <a href="#schemas">Schemas</a>
+  <a href="#code">Code</a>
+  <a href="#cases">Case Studies</a>
+  <a href="#deploy">Deployment</a>
+</nav>
+<main>
+
+<section class='block' id='summary'>
+  <h2>Executive Summary</h2>
+  <p><b>Purpose:</b> Collapse the full-stack AI governance ontology for G-SIFIs into a tractable Tier 1-3 enterprise blueprint deployable across 2026-2030.</p>
+  <p><b>Approach:</b> Three tiers (Operational, Enterprise/Supervisory, Civilizational/Meta-Cosmic) with bidirectional traceability — atomic OPA rules ↔ regime articles ↔ SACIL principles ↔ UGL axioms.</p>
+  <p><b>Deliverables:</b> 14 modules, 56 sections, 12 schemas, 14 code examples, 6 case studies, 92 API routes, 380 controls, 22 KPIs, 48 OPA policies, 18 treaty clauses.</p>
+  <h4>Outcomes</h4>
+  <ul><li>Regulator-ready evidence at &lt;2s attestation latency.</li><li>Zero-knowledge cross-border fairness proofs without GDPR transfers.</li><li>Capital overlays updated within 5 BD of stress events.</li><li>Frontier kill-switch ≤ 60 s with treaty-grade inscription.</li><li>UGL conformance ≥ 0.90 average for high-risk systems by 2030.</li></ul>
+  <h4>Builds On</h4>
+  <div><span class='pill'>WP-035 ENT-AGI-GOV-MASTER</span><span class='pill'>WP-036 WFAP-GEMINI-IMPL</span><span class='pill'>WP-037 GSIFI-AIMS-BLUEPRINT</span><span class='pill'>WP-038 AGI-REG-RESILIENT</span><span class='pill'>WP-039 INST-AGI-MASTER</span><span class='pill'>WP-040 ENT-AGI-REF-IMPL</span></div>
+  <h4>Counts</h4>
+  <div class='grid k3'>
+    <div class='stat'><div class='v'>3</div><div class='l'>tiers</div></div><div class='stat'><div class='v'>14</div><div class='l'>modules</div></div><div class='stat'><div class='v'>56</div><div class='l'>sections</div></div><div class='stat'><div class='v'>12</div><div class='l'>schemas</div></div><div class='stat'><div class='v'>14</div><div class='l'>codeExamples</div></div><div class='stat'><div class='v'>6</div><div class='l'>caseStudies</div></div><div class='stat'><div class='v'>92</div><div class='l'>apiRoutes</div></div><div class='stat'><div class='v'>380</div><div class='l'>controls</div></div><div class='stat'><div class='v'>22</div><div class='l'>kpis</div></div><div class='stat'><div class='v'>48</div><div class='l'>opaPolicies</div></div><div class='stat'><div class='v'>18</div><div class='l'>treatyClauses</div></div>
+  </div>
+</section>
+
+<section class='block' id='tiers'>
+  <h2>Three-Tier Ontology</h2>
+  <div class='tiers'>
+    <div class='t'><b>T1</b> — Operational/Engineering — CI/CD, K8s, Kafka, OPA, Terraform, golden envs</div><div class='t'><b>T2</b> — Enterprise/Supervisory — Control Tower, AI Governance Ledger, autonomous supervisory agents, treaty enforcement</div><div class='t'><b>T3</b> — Civilizational/Meta-Cosmic — SACIL, MCIGL, UGL governance constructs</div>
+  </div>
+  <h4>Regimes Aligned</h4>
+  <div><span class='pill'>EU AI Act 2026 (High-Risk + GPAI Arts 53/55)</span><span class='pill'>NIST AI RMF 1.0 (Govern/Map/Measure/Manage)</span><span class='pill'>ISO/IEC 42001:2023 AIMS</span><span class='pill'>ISO/IEC 23894 (AI risk)</span><span class='pill'>ISO/IEC 5338 (AI lifecycle)</span><span class='pill'>GDPR Art 22, 25, 35</span><span class='pill'>Basel III/IV (BCBS 239 risk data aggregation)</span><span class='pill'>SR 11-7 (Fed Model Risk Management)</span><span class='pill'>PRA SS1/23, FCA Consumer Duty, MAS FEAT, HKMA</span><span class='pill'>OECD AI Principles 2019</span><span class='pill'>US EO 14110 + OMB M-24-10</span><span class='pill'>FCRA/ECOA, GLBA</span></div>
+</section>
+
+<section class='block' id='modules'>
+  <h2>Modules (14)</h2>
+
+    <article class='module' id='M1'>
+      <h3>M1 — Full-Stack Ontology Collapse (Tier 1 → Tier 3)</h3>
+      <p class='summary'>Collapses 380 controls and 7 governance layers into a tractable Tier 1-3 ontology with bidirectional traceability from atomic OPA rules up to UGL meta-cosmic principles.</p>
+      <details class='sec'><summary><b>M1-S1</b> — Three-Tier Ontology Lattice</summary><div class='field'><strong>content:</strong> <ul><li>Tier 1 (Operational): CI/CD gates, container/cluster runtime, message bus, policy engine, IaC.</li><li>Tier 2 (Enterprise/Supervisory): Control Tower, AI Governance Ledger (AIGL), autonomous supervisory agents, AI treaty layer.</li><li>Tier 3 (Civilizational/Meta-Cosmic): SACIL (Sovereign AI Civilization Layer), MCIGL (Multi-Civilizational Intergovernmental Ledger), UGL (Universal Governance Lattice).</li><li>Each tier emits attestations consumable by the tier above; each upper tier emits constraints flowing downward as policy bundles.</li></ul></div><div class='field'><strong>diagram:</strong> <ul><li>T3 UGL  ───constraints──▶ T2 Treaty Layer  ───constraints──▶ T1 OPA bundles</li><li>T1 evidence ──attestations▶ T2 Ledger ──proofs──▶ T3 MCIGL/SACIL inscription</li></ul></div></details><details class='sec'><summary><b>M1-S2</b> — Ontology Domains (7 layers collapsed to 3 tiers)</summary><div class='field'><strong>content:</strong> <ul><li>L1 Code &amp; Build (T1)</li><li>L2 Runtime &amp; Data (T1)</li><li>L3 Model &amp; Decision (T1↔T2)</li><li>L4 Policy &amp; Control (T2)</li><li>L5 Supervisory &amp; Treaty (T2↔T3)</li><li>L6 Civilizational (T3)</li><li>L7 Meta-Cosmic / UGL (T3)</li></ul></div></details><details class='sec'><summary><b>M1-S3</b> — Traceability Identifiers</summary><div class='field'><strong>content:</strong> <ul><li>Control ID format: CTL-&lt;L&gt;-&lt;NNN&gt; (e.g., CTL-L4-021).</li><li>OPA rule binding: package gov.&lt;domain&gt;.&lt;rule&gt;; metadata: control_id, regime_refs[], tier, sacilPrinciple.</li><li>Every Tier-1 PR enforces presence of {control_id, regime_refs[]} in policy metadata via OPA conftest.</li></ul></div></details><details class='sec'><summary><b>M1-S4</b> — Cross-Tier Invariants</summary><div class='field'><strong>content:</strong> <ul><li>INV-1: No Tier-1 deployment without signed Tier-2 trust contract.</li><li>INV-2: No Tier-2 supervisory message without UGL-aligned ethical hash.</li><li>INV-3: Tier-3 inscriptions are append-only, anchored in Rekor + MCIGL Merkle root.</li><li>INV-4: Drift between tiers &gt; ε triggers SEV-1 reconciliation within 30 minutes.</li></ul></div></details>
+    </article>
+    <article class='module' id='M2'>
+      <h3>M2 — Tier 1: CI/CD Policy Gates (Pre-Merge → Pre-Prod → Prod)</h3>
+      <p class='summary'>Five-stage CI/CD gate pipeline enforcing OPA/Rego policies, SBOM, model cards, fairness/robustness scans, and SLSA L3 provenance before any AI artifact reaches a regulated environment.</p>
+      <details class='sec'><summary><b>M2-S1</b> — Gate Pipeline (G0..G4)</summary><div class='field'><strong>content:</strong> <ul><li>G0 Pre-Commit: secrets scan, lint, license check (OPA conftest).</li><li>G1 Pre-Merge: unit tests, model-card schema, dataset-card schema, OPA policy diff, SBOM (CycloneDX 1.5).</li><li>G2 Build: SLSA L3 provenance (in-toto + Sigstore cosign), reproducible image digest, hybrid Ed25519+Dilithium3 signature.</li><li>G3 Pre-Prod: fairness scan (AIR≥0.85), robustness (HELM-style adversarial), data-protection impact (DPIA), Basel-style stress test pack.</li><li>G4 Prod: human-in-the-loop sign-off (CAIO+CRO), Trust Contract issued, AIGL anchor, Codex inscription.</li></ul></div><div class='field'><strong>regime_refs:</strong> <ul><li>EU AI Act Art 9-15</li><li>ISO/IEC 42001 8.x</li><li>NIST AI RMF Manage 2.x</li><li>SR 11-7 III.A</li></ul></div></details><details class='sec'><summary><b>M2-S2</b> — GitHub Actions / GitLab CI Reference</summary><div class='field'><strong>content:</strong> <ul><li>Workflow file `.github/workflows/ai-gov-gates.yml` enforces G0-G4 with required status checks.</li><li>OIDC-only deploy: no long-lived secrets; cosign keyless signing.</li><li>Branch protection: G3+G4 jobs are required; human approval via CODEOWNERS for /models/*.</li></ul></div></details><details class='sec'><summary><b>M2-S3</b> — Deployment Considerations</summary><div class='field'><strong>content:</strong> <ul><li>Per-jurisdiction job matrix: EU/UK/US/SG/HK; each runs the regime-specific OPA bundle.</li><li>Air-gapped variant for Tier-1 G-SIBs uses self-hosted runners + private Sigstore (Rekor mirror).</li><li>Failed gates emit `gate.failed` Kafka event, blocked deploy + PagerDuty SEV-2 if recurrent.</li></ul></div></details><details class='sec'><summary><b>M2-S4</b> — Gate-to-Regime Traceability</summary><div class='field'><strong>content:</strong> <ul><li>G1 → ISO/IEC 42001 §8.4 (operational planning)</li><li>G2 → NIST AI RMF Map 2.1, EU AI Act Art 12 (record-keeping)</li><li>G3 → EU AI Act Art 9 (risk mgmt) + Art 10 (data) + SR 11-7 III.B (model validation)</li><li>G4 → EU AI Act Art 14 (human oversight) + ISO/IEC 42001 §9.3 (mgmt review)</li></ul></div></details>
+    </article>
+    <article class='module' id='M3'>
+      <h3>M3 — Tier 1: Kubernetes + Kafka + OPA Runtime Control Stack</h3>
+      <p class='summary'>Hardened K8s clusters with OPA Gatekeeper admission, Istio mTLS, Kafka WORM audit topics with ACL governance, governance side-cars, and Next.js explainability front-ends.</p>
+      <details class='sec'><summary><b>M3-S1</b> — Cluster Topology</summary><div class='field'><strong>content:</strong> <ul><li>Per-jurisdiction K8s clusters (EU-WEST, US-EAST, APAC-SG, APAC-HK, UK).</li><li>Three node pools: model-serving (GPU/TPU, taints), governance-control (CPU), audit-edge (CPU + ephemeral storage).</li><li>PSP/PSA = restricted; runtimeClass = gVisor/Kata for high-risk models.</li></ul></div></details><details class='sec'><summary><b>M3-S2</b> — OPA Gatekeeper Admission</summary><div class='field'><strong>content:</strong> <ul><li>ConstraintTemplates: K8sRequiredLabels (ai.system.id), K8sBlockUnsignedImages, K8sRequireModelCardCM, K8sRequireSidecarGov.</li><li>Audit interval: 60s; sync replication into Tier-2 ledger every 5 min.</li><li>Mutation webhook injects governance side-car (gov-sidecar:1.4) into every AI Pod.</li></ul></div></details><details class='sec'><summary><b>M3-S3</b> — Kafka WORM Audit Topics + ACLs</summary><div class='field'><strong>content:</strong> <ul><li>Topics: `gov.decision.envelope`, `gov.incident`, `gov.attestation`, `gov.kpi`, `gov.policy.violation`.</li><li>Compaction OFF, log.retention.ms=immutable (broker-level WORM via tiered storage to S3 Object Lock COMPLIANCE).</li><li>ACL governance: only `gov-svc` principal may produce; `audit-svc` and `ledger-svc` may consume; ACL changes require dual-control + OPA review.</li></ul></div></details><details class='sec'><summary><b>M3-S4</b> — Service Mesh &amp; Sidecars</summary><div class='field'><strong>content:</strong> <ul><li>Istio mTLS STRICT; AuthorizationPolicy per AI system ID.</li><li>Governance side-car (Node 20 / Python 3.12) intercepts inference requests, signs Decision Envelope, publishes to `gov.decision.envelope`.</li><li>Next.js explainability front-end consumes envelopes via authenticated WebSocket and renders SHAP/LIME + counterfactuals.</li></ul></div></details>
+    </article>
+    <article class='module' id='M4'>
+      <h3>M4 — Tier 1: Terraform-Deployed Golden Environments</h3>
+      <p class='summary'>Versioned, OPA-validated Terraform modules deploying golden AI environments per jurisdiction with WORM storage, KMS, observability, and supervisory exfil endpoints.</p>
+      <details class='sec'><summary><b>M4-S1</b> — Module Catalog</summary><div class='field'><strong>content:</strong> <ul><li>tf-modules/ai-cluster (EKS/GKE/AKS variants)</li><li>tf-modules/ai-kafka (MSK/Confluent + Object Lock)</li><li>tf-modules/ai-opa (Gatekeeper + bundle server)</li><li>tf-modules/ai-ledger-anchor (KMS + Rekor mirror)</li><li>tf-modules/ai-supervisor-vpn (Treaty Authority readonly access)</li></ul></div></details><details class='sec'><summary><b>M4-S2</b> — Policy-as-Code in Plan Phase</summary><div class='field'><strong>content:</strong> <ul><li>`terraform plan -out` → `conftest test` against `policy/iac/*.rego` → fail on: public S3, KMS rotation off, missing tags (ai.system.id, jurisdiction, sensitivity).</li><li>Atlantis or Terraform Cloud Sentinel hard-mandatory for prod workspaces.</li></ul></div></details><details class='sec'><summary><b>M4-S3</b> — Golden Environment Specifications</summary><div class='field'><strong>content:</strong> <ul><li>Tagging: ai.system.id, model.version, regime, criticality, owner.team, retention.years.</li><li>Encryption: CMK per jurisdiction; envelope encryption for model artifacts; HSM-backed for SR 11-7 Tier-1 models.</li><li>Observability: Prometheus + Tempo + Loki + OpenTelemetry; SLO burn alerts wired to SEV escalation.</li></ul></div></details><details class='sec'><summary><b>M4-S4</b> — Deployment Considerations</summary><div class='field'><strong>content:</strong> <ul><li>Drift detection every 15 min (driftctl) → Tier-2 ledger event if drift &gt; threshold.</li><li>Disaster recovery: cross-region replicated WORM bucket + ledger snapshots; RPO ≤ 5 min, RTO ≤ 30 min.</li><li>Sovereign-cloud variants for EU (Gaia-X), CN (CMG), IN (MeghRaj).</li></ul></div></details>
+    </article>
+    <article class='module' id='M5'>
+      <h3>M5 — Tier 1: OPA/Rego Policy Enforcement Library (48 policies)</h3>
+      <p class='summary'>Catalogued OPA bundles spanning IaC, K8s admission, CI/CD, runtime decisions, and data-rights enforcement with explicit regime mapping.</p>
+      <details class='sec'><summary><b>M5-S1</b> — Bundle Layout</summary><div class='field'><strong>content:</strong> <ul><li>bundles/iac (12 policies)</li><li>bundles/k8s-admission (10 policies)</li><li>bundles/cicd-gates (8 policies)</li><li>bundles/runtime-decisions (12 policies, e.g., FCRA adverse-action eligibility)</li><li>bundles/data-rights (6 policies, GDPR Art 22 / 35 enforcement)</li></ul></div></details><details class='sec'><summary><b>M5-S2</b> — Sample Policy → Regime Mapping (subset)</summary><div class='field'><strong>content:</strong> <ul><li>POL-CICD-002 require_model_card → ISO/IEC 42001 §7.5, EU AI Act Art 11</li><li>POL-RT-007 fcra_adverse_action_required → FCRA §615(a), ECOA Reg B</li><li>POL-RT-011 gdpr_art22_human_review → GDPR Art 22(3)</li><li>POL-K8S-004 require_signed_image → SLSA L3, NIST SSDF PO.5</li><li>POL-IAC-009 worm_object_lock → BCBS 239 §3 (data integrity)</li></ul></div></details><details class='sec'><summary><b>M5-S3</b> — Decision API &amp; Latency Budget</summary><div class='field'><strong>content:</strong> <ul><li>OPA sidecar p99 ≤ 8 ms; bundle refresh every 60 s with HMAC + Cosign signature verification.</li><li>Decision logs streamed to `gov.decision.envelope` Kafka topic; sampled at 100% for high-risk models, 10% otherwise.</li></ul></div></details><details class='sec'><summary><b>M5-S4</b> — Tier-2 / Tier-3 Hooks</summary><div class='field'><strong>content:</strong> <ul><li>Each rule carries `metadata.sacilPrinciple` (e.g., `consent`, `non-domination`, `proportionality`).</li><li>Aggregate rule firings feed Tier-3 UGL conformance scoring (M13).</li></ul></div></details>
+    </article>
+    <article class='module' id='M6'>
+      <h3>M6 — Tier 2: Basel-Style AI Stress Tests &amp; Capital Overlay</h3>
+      <p class='summary'>Annual + on-demand AI stress test framework producing capital overlays, fed back into Pillar 2 ICAAP and aligned with PRA SS3/18 + Fed CCAR-style scenarios.</p>
+      <details class='sec'><summary><b>M6-S1</b> — Scenario Library (12 scenarios)</summary><div class='field'><strong>content:</strong> <ul><li>S1 Severe macro + concept drift</li><li>S2 Adversarial prompt injection storm</li><li>S3 Cross-jurisdiction divergence (e.g., EU vs US fairness regimes)</li><li>S4 Vendor model recall (foundation provider revokes weights)</li><li>S5 Data poisoning at retrain horizon</li><li>S6 Liquidity crunch + AI mis-pricing</li><li>S7 Cyber + AI compound (ransomware + model theft)</li><li>S8 GPAI capability jump (frontier T3 emergence)</li><li>S9 Treaty regime fragmentation</li><li>S10 Sanctions surge + KYC-AI false negatives</li><li>S11 Climate transition shock + ESG model drift</li><li>S12 Quantum cryptanalytic break of legacy signing</li></ul></div></details><details class='sec'><summary><b>M6-S2</b> — Methodology</summary><div class='field'><strong>content:</strong> <ul><li>Shock vectors injected at data, model, and decision layers.</li><li>Severity grades: mild / adverse / severely adverse, mirroring Fed DFAST.</li><li>Capital overlay = base ICAAP buffer + ΔAI-VaR + interpretability gap penalty.</li></ul></div></details><details class='sec'><summary><b>M6-S3</b> — Outputs &amp; Regulator Submission</summary><div class='field'><strong>content:</strong> <ul><li>Quarterly stress-pack to Board Risk Committee + supervisor.</li><li>Schema: `aiStressTestResult` (M9).</li><li>PRA SS1/23, SR 15-18, EBA GL/2018/03 alignment columns.</li></ul></div></details><details class='sec'><summary><b>M6-S4</b> — Capital Overlay Responsiveness KPI</summary><div class='field'><strong>content:</strong> <ul><li>KPI-COR-1: latency from stress event detection to capital overlay update ≤ 5 business days.</li><li>KPI-COR-2: drift-induced overlay reconciliation across jurisdictions ≤ 24h.</li></ul></div></details>
+    </article>
+    <article class='module' id='M7'>
+      <h3>M7 — Tier 2: AI Governance Control Tower</h3>
+      <p class='summary'>Single pane of glass for board, CRO, CISO, CAIO, and supervisors aggregating real-time risk scores, KPIs, incidents, attestations, and treaty status.</p>
+      <details class='sec'><summary><b>M7-S1</b> — Architecture</summary><div class='field'><strong>content:</strong> <ul><li>Backend: Kafka Streams + Flink → ClickHouse for OLAP; Postgres for entity store.</li><li>API: GraphQL gateway + REST `/api/tier13-fullstack/*`.</li><li>Frontend: React + Next.js, role-aware (Board/CRO/CISO/CAIO/Supervisor).</li></ul></div></details><details class='sec'><summary><b>M7-S2</b> — Component Catalog</summary><div class='field'><strong>content:</strong> <ul><li>CT-01 Risk Heatmap (jurisdiction × system)</li><li>CT-02 KPI Gauges (22 supervisory KPIs)</li><li>CT-03 Incident Wall (SEV-0..SEV-3)</li><li>CT-04 Deterministic Audit Replay</li><li>CT-05 Multi-Decision Replay (fairness counterfactuals)</li><li>CT-06 Population Heatmap (protected classes)</li><li>CT-07 Predictive Governance Dashboard</li><li>CT-08 Treaty Compliance Wall</li><li>CT-09 Codex Continuity Panel</li></ul></div></details><details class='sec'><summary><b>M7-S3</b> — Real-Time Risk Score</summary><div class='field'><strong>content:</strong> <ul><li>Composite score = Σ wᵢ · KPIᵢ; weights board-approved annually, drift-adaptive.</li><li>Refresh ≤ 10 s for SEV-impacting KPIs; ≤ 60 s otherwise.</li><li>Score breach triggers automated Tier-2 response playbooks.</li></ul></div></details><details class='sec'><summary><b>M7-S4</b> — Supervisor Read-Only Tenancy</summary><div class='field'><strong>content:</strong> <ul><li>Each supervisor (ECB, Fed, PRA, MAS, HKMA) gets a tenant view with watermarked exports.</li><li>Joint Supervisory Operating Protocol (JSOP) message bus integrated.</li></ul></div></details>
+    </article>
+    <article class='module' id='M8'>
+      <h3>M8 — Tier 2/3: Global AI Governance Ledger with Streaming Attestations</h3>
+      <p class='summary'>Append-only, cryptographically-anchored ledger uniting enterprise AIGL with the Multi-Civilizational Intergovernmental Ledger (MCIGL); supports real-time streaming attestations and zero-knowledge proofs.</p>
+      <details class='sec'><summary><b>M8-S1</b> — Ledger Architecture</summary><div class='field'><strong>content:</strong> <ul><li>Per-firm AIGL: hash-chained Postgres + Merkle tree, anchored hourly to Rekor + public blockchain (Sigstore) + MCIGL.</li><li>MCIGL: federated DAG across G-SIFI consortium + supervisors + treaty authority; consensus via HotStuff-BFT.</li><li>Hybrid signing: Ed25519 + Dilithium3 (post-quantum).</li></ul></div></details><details class='sec'><summary><b>M8-S2</b> — Attestation Streaming</summary><div class='field'><strong>content:</strong> <ul><li>Stream: `gov.attestation` Kafka topic, schema `attestationEvent`.</li><li>Backpressure-safe; downstream supervisor consumers pull via authenticated gRPC stream.</li><li>Latency p95 ≤ 2 s end-to-end.</li></ul></div></details><details class='sec'><summary><b>M8-S3</b> — Zero-Knowledge Proofs</summary><div class='field'><strong>content:</strong> <ul><li>ZK-SNARK proofs of property compliance (e.g., AIR ≥ 0.85) without revealing protected data.</li><li>Prover: gnark / circom; Verifier embedded in MCIGL nodes.</li><li>Use case: cross-border fairness attestation without GDPR data transfer.</li></ul></div></details><details class='sec'><summary><b>M8-S4</b> — Ledger-to-Regime Trace</summary><div class='field'><strong>content:</strong> <ul><li>Every entry references control_id, regime_refs[], sacilPrinciple, uglAxiom.</li><li>Regulator query → ZK proof or full evidence with audit trail.</li></ul></div></details>
+    </article>
+    <article class='module' id='M9'>
+      <h3>M9 — Tier 2: Autonomous Supervisory Agents &amp; Negotiation Protocols</h3>
+      <p class='summary'>Sandboxed autonomous agents acting on behalf of supervisors and the firm, communicating via the JSOP message bus and negotiating remediation under formal protocols.</p>
+      <details class='sec'><summary><b>M9-S1</b> — Agent Roster</summary><div class='field'><strong>content:</strong> <ul><li>ASA-Reg (regulator agent, read-only + query)</li><li>ASA-Firm (firm agent, evidence producer)</li><li>ASA-Treaty (treaty authority arbiter)</li><li>ASA-SafetyInst (AI Safety Institute observer)</li><li>ASA-Audit (independent audit agent, third line)</li></ul></div></details><details class='sec'><summary><b>M9-S2</b> — Negotiation Protocol (NP-1 &quot;Remediation Handshake&quot;)</summary><div class='field'><strong>content:</strong> <ul><li>Phase 1 Discovery: ASA-Reg issues structured query (JSOP envelope).</li><li>Phase 2 Disclosure: ASA-Firm responds with evidence bundle + ZK proofs.</li><li>Phase 3 Triangulation: ASA-Audit corroborates, ASA-Treaty observes.</li><li>Phase 4 Remediation: agreed plan signed by CAIO+CRO+ASA-Reg, anchored to AIGL.</li><li>Phase 5 Closure: ASA-SafetyInst certifies; codex inscription.</li></ul></div></details><details class='sec'><summary><b>M9-S3</b> — Sandboxing &amp; Containment</summary><div class='field'><strong>content:</strong> <ul><li>Agents run in gVisor + seccomp profiles, no outbound network except JSOP bus.</li><li>Capability tokens (macaroons) scope each action; revocable in ≤ 60 s.</li><li>Kill-switch: ASA-Treaty + Board joint signature.</li></ul></div></details><details class='sec'><summary><b>M9-S4</b> — JSOP Message Schema (jsopMessage)</summary><div class='field'><strong>content:</strong> <ul><li>Fields: msgId, ts, sender, recipients[], intent, payload, signatures[], ledgerAnchor, ethicalHash.</li><li>All messages double-signed (Ed25519 + Dilithium3) and anchored to MCIGL within 5 s.</li></ul></div></details>
+    </article>
+    <article class='module' id='M10'>
+      <h3>M10 — Tier 2/3: AI Treaty Enforcement &amp; Legal Harmonization Layer</h3>
+      <p class='summary'>Codifies multilateral AI treaties (CoE Framework Convention, Bletchley/Seoul/Paris declarations) into machine-enforceable clauses harmonized with national/regional law.</p>
+      <details class='sec'><summary><b>M10-S1</b> — Treaty Clause Catalog (18 clauses)</summary><div class='field'><strong>content:</strong> <ul><li>TC-01 Frontier model evaluation pre-deployment</li><li>TC-02 Catastrophic risk reporting (≤72h)</li><li>TC-03 Compute reporting threshold (10^25 FLOP)</li><li>TC-04 Cross-border incident notification</li><li>TC-05 Independent third-party audits</li><li>TC-06 Human oversight non-derogable</li><li>TC-07 Open evaluation participation</li><li>TC-08 Sanctions/dual-use export control</li><li>TC-09 Critical-infrastructure protection</li><li>TC-10 Data-protection mutual recognition</li><li>TC-11 Rights-impact assessment</li><li>TC-12 Whistleblower protection</li><li>…</li></ul></div></details><details class='sec'><summary><b>M10-S2</b> — Harmonization Matrix</summary><div class='field'><strong>content:</strong> <ul><li>Each clause mapped to: EU AI Act articles, NIST RMF subcategories, ISO/IEC 42001 controls, GDPR articles, Basel/SR 11-7 paragraphs, and SACIL/MCIGL/UGL principles.</li><li>Conflicts resolved by `harmonizationRule` (most-protective-prevails by default; treaty override possible).</li></ul></div></details><details class='sec'><summary><b>M10-S3</b> — Enforcement Path</summary><div class='field'><strong>content:</strong> <ul><li>Treaty clause → Tier-2 policy template → OPA bundle → Tier-1 admission/runtime enforcement.</li><li>Violations: ASA-Treaty arbitration → MCIGL penalty inscription → optional sanctions list.</li></ul></div></details><details class='sec'><summary><b>M10-S4</b> — Legal Tech Stack</summary><div class='field'><strong>content:</strong> <ul><li>Akoma Ntoso / LegalRuleML for clause representation.</li><li>Lean / TLA+ for formal-verification of critical invariants (e.g., human-oversight non-bypass).</li><li>Smart-contract escrow for cross-border remediation deposits (optional, jurisdiction-permitted).</li></ul></div></details>
+    </article>
+    <article class='module' id='M11'>
+      <h3>M11 — Tier 3: SACIL — Sovereign AI Civilization Layer</h3>
+      <p class='summary'>Civilizational governance plane embedding sovereign AI principles—consent, non-domination, proportionality, plurality, restorative justice—into all Tier-1/2 decisions.</p>
+      <details class='sec'><summary><b>M11-S1</b> — SACIL Principles (12)</summary><div class='field'><strong>content:</strong> <ul><li>P1 Consent (informed, revocable)</li><li>P2 Non-Domination</li><li>P3 Proportionality</li><li>P4 Plurality of values</li><li>P5 Restorative Justice (vs purely punitive)</li><li>P6 Inter-Generational Equity</li><li>P7 Ecological Stewardship</li><li>P8 Cultural Continuity</li><li>P9 Cognitive Liberty</li><li>P10 Algorithmic Humility</li><li>P11 Transparency-by-Witness</li><li>P12 Reciprocity Across Borders</li></ul></div></details><details class='sec'><summary><b>M11-S2</b> — Operationalization</summary><div class='field'><strong>content:</strong> <ul><li>Each OPA rule MUST cite ≥1 SACIL principle in metadata.</li><li>SACIL conformance score per system = weighted coverage across firings.</li><li>Annual SACIL audit by independent civic body.</li></ul></div></details><details class='sec'><summary><b>M11-S3</b> — Civic Interfaces</summary><div class='field'><strong>content:</strong> <ul><li>Public Witness Portal: redacted decision summaries + appeal channel.</li><li>Indigenous &amp; minority data sovereignty controls (CARE principles).</li><li>Citizen jury sampling for high-impact systems.</li></ul></div></details><details class='sec'><summary><b>M11-S4</b> — SACIL → Tier-1 Trace</summary><div class='field'><strong>content:</strong> <ul><li>Trace path: SACIL P-x → UGL Axiom A-y → Treaty Clause TC-z → OPA rule POL-…</li><li>Inverse path provable via AIGL/MCIGL queries.</li></ul></div></details>
+    </article>
+    <article class='module' id='M12'>
+      <h3>M12 — Tier 3: MCIGL — Multi-Civilizational Intergovernmental Ledger</h3>
+      <p class='summary'>Federated ledger anchoring inter-jurisdictional and inter-civilizational AI governance commitments, enabling treaty-grade auditability and dispute resolution.</p>
+      <details class='sec'><summary><b>M12-S1</b> — Federation Topology</summary><div class='field'><strong>content:</strong> <ul><li>Nodes: G-SIFI consortium, supervisors, treaty authority, AI Safety Institutes, civic observers.</li><li>Consensus: HotStuff-BFT with signed checkpoints; quorum diversity rule (≥3 jurisdictions).</li><li>Throughput target: 5,000 attestations/sec; finality ≤ 3 s.</li></ul></div></details><details class='sec'><summary><b>M12-S2</b> — Inscription Types</summary><div class='field'><strong>content:</strong> <ul><li>Codex chapters, treaty ratifications, supervisory rulings, frontier-model evaluations, civic verdicts.</li></ul></div></details><details class='sec'><summary><b>M12-S3</b> — Dispute Resolution</summary><div class='field'><strong>content:</strong> <ul><li>On-ledger arbitration via ASA-Treaty + human panel.</li><li>Outcomes binding under treaty; sanctions sequence: warning → remediation deposit → operational restriction → license suspension.</li></ul></div></details><details class='sec'><summary><b>M12-S4</b> — Continuity &amp; Resonance Archives</summary><div class='field'><strong>content:</strong> <ul><li>Resonance archive: long-form narrative records (codex sealing/renewal/continuity/inscription/resonance).</li><li>Cultural-persistence guarantees: minimum retention 50 years; multi-modal (text, audio, signed video) evidence integrity.</li></ul></div></details>
+    </article>
+    <article class='module' id='M13'>
+      <h3>M13 — Tier 3: UGL — Universal Governance Lattice (Meta-Cosmic)</h3>
+      <p class='summary'>Top-tier abstract lattice of axioms harmonizing all known AI governance frameworks under a single category-theoretic structure suitable for verification and inter-framework translation.</p>
+      <details class='sec'><summary><b>M13-S1</b> — UGL Axioms (10)</summary><div class='field'><strong>content:</strong> <ul><li>A1 Bounded Capability (no system exceeds sanctioned capability without renewed consent)</li><li>A2 Verifiable Provenance</li><li>A3 Reversibility (every consequential decision is reversible or compensable)</li><li>A4 Pluralistic Alignment</li><li>A5 Humane Interpretability</li><li>A6 Distributive Risk Equity</li><li>A7 Temporal Continuity</li><li>A8 Ecological Coherence</li><li>A9 Epistemic Humility</li><li>A10 Cosmic Stewardship</li></ul></div></details><details class='sec'><summary><b>M13-S2</b> — Category-Theoretic Structure</summary><div class='field'><strong>content:</strong> <ul><li>UGL formalized as a poset/lattice of governance properties; each regime is a functor into UGL.</li><li>Inter-framework translation = natural transformations between functors.</li><li>Conformance = existence of monomorphism from regime constraints into UGL axioms.</li></ul></div></details><details class='sec'><summary><b>M13-S3</b> — Verification Tooling</summary><div class='field'><strong>content:</strong> <ul><li>Lean 4 library `ugl-core` proves invariants (e.g., reversibility ⇒ rollback obligation).</li><li>TLA+ specs for treaty-level state machines.</li><li>Coq port for high-assurance defense/finance variants.</li></ul></div></details><details class='sec'><summary><b>M13-S4</b> — UGL Conformance Score</summary><div class='field'><strong>content:</strong> <ul><li>Score per system ∈ [0,1]; minimum 0.85 for high-risk; 0.95 for systemic AI.</li><li>Score breach → Tier-2 capital overlay + Tier-3 inscription.</li></ul></div></details>
+    </article>
+    <article class='module' id='M14'>
+      <h3>M14 — Phased Roadmap, Resource Plan, &amp; Maturity Model (2026-2030)</h3>
+      <p class='summary'>Five-phase deployment plan from Tier-1 foundation (2026) to Tier-3 federation (2029-2030), with FTE/budget envelopes and a 6-tier maturity model.</p>
+      <details class='sec'><summary><b>M14-S1</b> — Phases</summary><div class='field'><strong>content:</strong> <ul><li>P1 2026 H1 — Tier-1 foundation: CI/CD gates, OPA bundles, K8s+Kafka+Terraform.</li><li>P2 2026 H2 — Tier-1 hardening + first AIGL anchor; Sentinel v2.4 GA.</li><li>P3 2027 — Tier-2 Control Tower + autonomous supervisory agents (pilot with one supervisor).</li><li>P4 2028 — Tier-2 federation: JSOP + treaty clauses live; Basel-style stress tests in production.</li><li>P5 2029-2030 — Tier-3 federation: SACIL audits, MCIGL go-live, UGL conformance scoring.</li></ul></div></details><details class='sec'><summary><b>M14-S2</b> — Resource Envelope (per Tier-1 G-SIB)</summary><div class='field'><strong>content:</strong> <ul><li>Run-rate: ~180-220 FTE; ~$240-310M/yr by 2028.</li><li>Capex: $180-260M build (2026-2028).</li><li>Vendor mix: cloud, OPA Styra, Confluent, Sigstore, Lean/Coq specialists, civic-audit firms.</li></ul></div></details><details class='sec'><summary><b>M14-S3</b> — Maturity Model (M0..M5)</summary><div class='field'><strong>content:</strong> <ul><li>M0 Ad-hoc; M1 Documented; M2 Tier-1 Automated; M3 Tier-2 Federated; M4 Tier-3 Treaty-Aligned; M5 UGL-Conformant.</li><li>Self-assessment + independent attestation annually.</li></ul></div></details><details class='sec'><summary><b>M14-S4</b> — Strategic Bets 2030</summary><div class='field'><strong>content:</strong> <ul><li>Quantum-safe migration complete (hybrid Ed25519 + Dilithium3 default).</li><li>MCIGL adopted by ≥8 supervisors and ≥20 G-SIFIs.</li><li>UGL conformance ≥ 0.92 average across portfolio.</li><li>Public Witness Portal in 12 jurisdictions.</li></ul></div></details>
+    </article>
+</section>
+
+<section class='block' id='kpis'>
+  <h2>Supervisory KPIs (22)</h2>
+  <table><thead><tr><th>ID</th><th>Name</th><th>Target</th></tr></thead><tbody><tr><td>KPI-01</td><td>Decision-traceability ratio</td><td><b>≥ 99.95%</b></td></tr><tr><td>KPI-02</td><td>False-negative detection rate (high-risk systems)</td><td><b>≤ 0.5%</b></td></tr><tr><td>KPI-03</td><td>Cross-jurisdiction drift reconciliation</td><td><b>≤ 24h</b></td></tr><tr><td>KPI-04</td><td>Interpretability coverage ratio</td><td><b>≥ 90%</b></td></tr><tr><td>KPI-05</td><td>Capital-overlay responsiveness</td><td><b>≤ 5 BD</b></td></tr><tr><td>KPI-06</td><td>Time-to-regulator deployment</td><td><b>≤ 14 d</b></td></tr><tr><td>KPI-07</td><td>RSP latency</td><td><b>≤ 30 min</b></td></tr><tr><td>KPI-08</td><td>Control automation</td><td><b>≥ 95%</b></td></tr><tr><td>KPI-09</td><td>Evidence automation</td><td><b>≥ 96%</b></td></tr><tr><td>KPI-10</td><td>RAG faithfulness</td><td><b>≥ 0.92</b></td></tr><tr><td>KPI-11</td><td>Blocked-harm rate</td><td><b>≥ 99.5%</b></td></tr><tr><td>KPI-12</td><td>PII leakage</td><td><b>≤ 0.01%</b></td></tr><tr><td>KPI-13</td><td>Fairness AIR</td><td><b>≥ 0.85</b></td></tr><tr><td>KPI-14</td><td>Adverse-action SLA</td><td><b>≤ 24h</b></td></tr><tr><td>KPI-15</td><td>Regulator notification (EU AI Act)</td><td><b>≤ 24h</b></td></tr><tr><td>KPI-16</td><td>MTTD (SEV-1 governance incident)</td><td><b>≤ 4 min</b></td></tr><tr><td>KPI-17</td><td>MTTR (SEV-1)</td><td><b>≤ 60 min</b></td></tr><tr><td>KPI-18</td><td>Kinetic kill-switch</td><td><b>≤ 60 s</b></td></tr><tr><td>KPI-19</td><td>MCIGL attestation latency p95</td><td><b>≤ 2 s</b></td></tr><tr><td>KPI-20</td><td>UGL conformance score (high-risk avg)</td><td><b>≥ 0.90</b></td></tr><tr><td>KPI-21</td><td>SACIL principle coverage</td><td><b>≥ 95%</b></td></tr><tr><td>KPI-22</td><td>Quantum-safe signature coverage</td><td><b>100% by 2030</b></td></tr></tbody></table>
+</section>
+
+<section class='block' id='opa'>
+  <h2>OPA Policy Catalogue (sample 12 of 48)</h2>
+  <table><thead><tr><th>ID</th><th>Tier</th><th>Domain</th><th>Name</th><th>Regime Refs</th><th>SACIL</th><th>UGL</th></tr></thead><tbody><tr><td>POL-IAC-009</td><td>T1</td><td>iac</td><td>worm_object_lock</td><td>BCBS 239 §3, EU AI Act Art 12</td><td>P11</td><td>A2</td></tr><tr><td>POL-K8S-004</td><td>T1</td><td>k8s</td><td>require_signed_image</td><td>NIST SSDF PO.5, SLSA L3</td><td>P11</td><td>A2</td></tr><tr><td>POL-K8S-007</td><td>T1</td><td>k8s</td><td>require_gov_sidecar</td><td>ISO/IEC 42001 §8.1</td><td>P11</td><td>A5</td></tr><tr><td>POL-CICD-002</td><td>T1</td><td>cicd</td><td>require_model_card</td><td>EU AI Act Art 11, ISO/IEC 42001 §7.5</td><td>P11</td><td>A5</td></tr><tr><td>POL-CICD-005</td><td>T1</td><td>cicd</td><td>require_dpia</td><td>GDPR Art 35</td><td>P1</td><td>A1</td></tr><tr><td>POL-RT-007</td><td>T1</td><td>runtime</td><td>fcra_adverse_action_required</td><td>FCRA §615(a), ECOA Reg B</td><td>P5</td><td>A6</td></tr><tr><td>POL-RT-011</td><td>T1</td><td>runtime</td><td>gdpr_art22_human_review</td><td>GDPR Art 22</td><td>P1</td><td>A1</td></tr><tr><td>POL-RT-014</td><td>T1</td><td>runtime</td><td>fairness_air_min</td><td>EU AI Act Art 10, ECOA</td><td>P3</td><td>A6</td></tr><tr><td>POL-RT-018</td><td>T1</td><td>runtime</td><td>kill_switch_capability</td><td>EU AI Act Art 14</td><td>P2</td><td>A1</td></tr><tr><td>POL-DR-003</td><td>T1</td><td>data-rights</td><td>right_to_explanation</td><td>GDPR Art 22(3), EU AI Act Art 13</td><td>P11</td><td>A5</td></tr><tr><td>POL-T2-021</td><td>T2</td><td>control-tower</td><td>supervisor_readonly_tenancy</td><td>SR 11-7 III.C</td><td>P11</td><td>A2</td></tr><tr><td>POL-T3-005</td><td>T3</td><td>ugl</td><td>reversibility_obligation</td><td>UGL A3, EU AI Act Art 9</td><td>P5</td><td>A3</td></tr></tbody></table>
+</section>
+
+<section class='block' id='trace'>
+  <h2>Regime → Control → SACIL/UGL Traceability</h2>
+  <table><thead><tr><th>Regime</th><th>Control</th><th>OPA Policy</th><th>SACIL</th><th>UGL</th><th>Treaty</th></tr></thead><tbody><tr><td>EU AI Act Art 14 (Human oversight)</td><td>CTL-L3-018</td><td>POL-RT-018</td><td>P2 Non-Domination</td><td>A1 Bounded Capability</td><td>TC-06</td></tr><tr><td>GDPR Art 22 (Automated decisions)</td><td>CTL-L3-011</td><td>POL-RT-011</td><td>P1 Consent</td><td>A1 Bounded Capability</td><td>TC-06</td></tr><tr><td>FCRA §615(a) (Adverse action)</td><td>CTL-L3-007</td><td>POL-RT-007</td><td>P5 Restorative Justice</td><td>A6 Distributive Risk Equity</td><td></td></tr><tr><td>Basel III BCBS 239</td><td>CTL-L2-009</td><td>POL-IAC-009</td><td>P11 Transparency-by-Witness</td><td>A2 Verifiable Provenance</td><td></td></tr><tr><td>SR 11-7 III.B (Validation)</td><td>CTL-L3-022</td><td>POL-T2-022</td><td>P10 Algorithmic Humility</td><td>A9 Epistemic Humility</td><td></td></tr><tr><td>ISO/IEC 42001 §9.3</td><td>CTL-L4-031</td><td>POL-CICD-031</td><td>P11</td><td>A2</td><td></td></tr><tr><td>NIST AI RMF Manage 2.x</td><td>CTL-L4-040</td><td>POL-CICD-040</td><td>P3</td><td>A6</td><td></td></tr></tbody></table>
+</section>
+
+<section class='block' id='treaty'>
+  <h2>Treaty Clauses (sample 6 of 18)</h2>
+  <table><thead><tr><th>ID</th><th>Name</th><th>Regimes</th><th>UGL Axioms</th></tr></thead><tbody><tr><td>TC-01</td><td>Frontier model pre-deployment evaluation</td><td>EU AI Act Art 55, Bletchley/Seoul</td><td>A1, A9</td></tr><tr><td>TC-02</td><td>Catastrophic risk reporting ≤ 72h</td><td>EU AI Act Art 55(1)(c)</td><td>A1, A7</td></tr><tr><td>TC-03</td><td>Compute reporting ≥ 10^25 FLOP</td><td>US EO 14110, EU AI Act</td><td>A1, A2</td></tr><tr><td>TC-06</td><td>Human oversight non-derogable</td><td>EU AI Act Art 14, GDPR Art 22</td><td>A1, A5</td></tr><tr><td>TC-10</td><td>Data-protection mutual recognition</td><td>GDPR, Convention 108+</td><td>A2, A6</td></tr><tr><td>TC-11</td><td>Rights-impact assessment</td><td>EU AI Act Art 27, CoE Framework</td><td>A4, A6</td></tr></tbody></table>
+</section>
+
+<section class='block' id='schemas'>
+  <h2>Schemas (12)</h2>
+  <table><thead><tr><th>ID</th><th>Title</th><th>Fields</th></tr></thead><tbody><tr><td>tierMapping</td><td>Tier 1-3 Mapping Record</td><td>controlId, tier, layer, regimeRefs, sacilPrinciple, uglAxiom</td></tr><tr><td>decisionEnvelope</td><td>Decision Envelope (per AI decision)</td><td>envelopeId, ts, systemId, input, output, explanations, fairness, policyDecisions, signatures</td></tr><tr><td>policyDecision</td><td>OPA Policy Decision</td><td>policyId, result, controlId, regimeRefs, latencyMs</td></tr><tr><td>attestationEvent</td><td>Streaming Attestation</td><td>attId, ts, subject, claim, proofType, ledgerAnchor</td></tr><tr><td>aiStressTestResult</td><td>Basel-Style AI Stress Test</td><td>scenarioId, severity, delta_var, capitalOverlayBps, submission</td></tr><tr><td>jsopMessage</td><td>JSOP Inter-Agent Message</td><td>msgId, intent, payload, signatures, ledgerAnchor, ethicalHash</td></tr><tr><td>trustContract</td><td>Tier-2 Trust Contract</td><td>contractId, parties, obligations, kpiTargets, expiry</td></tr><tr><td>treatyClause</td><td>AI Treaty Clause</td><td>clauseId, text, regimeMapping, uglAxioms, harmonizationRule</td></tr><tr><td>sacilConformance</td><td>SACIL Conformance Record</td><td>systemId, principleScores, auditorId, verdict</td></tr><tr><td>uglConformance</td><td>UGL Conformance Score</td><td>systemId, axiomScores, compositeScore, verifierProof</td></tr><tr><td>codexInscription</td><td>MCIGL Codex Inscription</td><td>inscriptionId, type, narrative, signatures, merkleRoot</td></tr><tr><td>incident</td><td>SEV-0..SEV-3 Incident</td><td>incidentId, severity, mttd, mttr, rootCause, remediation, regulatorNotified</td></tr></tbody></table>
+</section>
+
+<section class='block' id='code'>
+  <h2>Code Examples (14)</h2>
+  <details class='code'><summary><b>CE-01</b> — OPA/Rego — require_model_card (Tier-1 CI/CD) <i>(rego)</i></summary><pre>package gov.cicd.model_card
+# control_id: CTL-L1-002
+# regime_refs: [&quot;EU AI Act Art 11&quot;, &quot;ISO/IEC 42001 §7.5&quot;]
+# sacilPrinciple: &quot;P11 Transparency-by-Witness&quot;
+deny[msg] {
+  input.kind == &quot;PullRequest&quot;
+  not input.files[&quot;MODEL_CARD.md&quot;]
+  msg := &quot;MODEL_CARD.md required (CTL-L1-002)&quot;
+}</pre></details><details class='code'><summary><b>CE-02</b> — OPA/Rego — fcra_adverse_action (Tier-1 Runtime) <i>(rego)</i></summary><pre>package gov.runtime.fcra
+# control_id: CTL-L3-007
+# regime_refs: [&quot;FCRA §615(a)&quot;, &quot;ECOA Reg B&quot;]
+deny[msg] {
+  input.decision == &quot;deny_credit&quot;
+  not input.adverseActionNotice.required
+  msg := &quot;FCRA adverse-action notice missing (CTL-L3-007)&quot;
+}</pre></details><details class='code'><summary><b>CE-03</b> — Gatekeeper ConstraintTemplate — K8sRequireSidecarGov <i>(yaml)</i></summary><pre>apiVersion: templates.gatekeeper.sh/v1
+kind: ConstraintTemplate
+metadata: {name: k8srequiresidecargov}
+spec:
+  crd: {spec: {names: {kind: K8sRequireSidecarGov}}}
+  targets:
+  - target: admission.k8s.gatekeeper.sh
+    rego: |
+      package k8srequiresidecargov
+      violation[{&quot;msg&quot;: msg}] {
+        input.review.kind.kind == &quot;Pod&quot;
+        not has_gov_sidecar
+        msg := &quot;Pod must include gov-sidecar (CTL-L2-014)&quot;
+      }
+      has_gov_sidecar { input.review.object.spec.containers[_].image == &quot;registry/gov-sidecar:1.4&quot; }</pre></details><details class='code'><summary><b>CE-04</b> — Terraform — WORM Bucket with Object Lock <i>(hcl)</i></summary><pre>resource &quot;aws_s3_bucket&quot; &quot;audit&quot; {
+  bucket = &quot;gov-audit-${var.jurisdiction}&quot;
+  object_lock_enabled = true
+  tags = { &quot;ai.system.id&quot; = &quot;audit&quot;, jurisdiction = var.jurisdiction, retention.years = &quot;11&quot; }
+}
+resource &quot;aws_s3_bucket_object_lock_configuration&quot; &quot;audit&quot; {
+  bucket = aws_s3_bucket.audit.id
+  rule { default_retention { mode = &quot;COMPLIANCE&quot; years = 11 } }
+}</pre></details><details class='code'><summary><b>CE-05</b> — GitHub Actions — G3 Stress + Fairness Gate <i>(yaml)</i></summary><pre>name: ai-gov-gates
+on: [pull_request]
+jobs:
+  g3-pre-prod:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - run: pip install fairlearn helm-eval
+    - run: python scripts/fairness_check.py --air-min 0.85
+    - run: python scripts/stress_pack.py --pack basel-ai-12
+    - run: conftest test --policy bundles/cicd-gates</pre></details><details class='code'><summary><b>CE-06</b> — Hybrid Ed25519 + Dilithium3 Signer (Python) <i>(python)</i></summary><pre>from nacl.signing import SigningKey
+from pqcrypto.sign.dilithium3 import generate_keypair, sign
+def hybrid_sign(msg: bytes, ed_sk: SigningKey, pq_sk: bytes) -&gt; dict:
+    return {
+      &quot;ed25519&quot;: ed_sk.sign(msg).signature.hex(),
+      &quot;dilithium3&quot;: sign(pq_sk, msg).hex(),
+    }</pre></details><details class='code'><summary><b>CE-07</b> — Kafka WORM Topic Config + ACL <i>(shell)</i></summary><pre>kafka-topics --create --topic gov.decision.envelope \
+  --partitions 24 --replication-factor 3 \
+  --config retention.ms=-1 --config cleanup.policy=delete \
+  --config min.insync.replicas=2
+kafka-acls --add --producer --topic gov.decision.envelope --allow-principal User:gov-svc
+kafka-acls --add --consumer --topic gov.decision.envelope --group ledger --allow-principal User:ledger-svc</pre></details><details class='code'><summary><b>CE-08</b> — TLA+ — Human Oversight Non-Bypass Invariant <i>(tla)</i></summary><pre>---- MODULE HumanOversight ----
+VARIABLE state, decisions
+HumanReviewed(d) == d.review = &quot;human&quot;
+NonBypass == \A d \in decisions: d.impact = &quot;high&quot; =&gt; HumanReviewed(d)
+Spec == Init /\ [][Next]_&lt;&lt;state, decisions&gt;&gt; /\ []NonBypass
+====</pre></details><details class='code'><summary><b>CE-09</b> — Lean 4 — Reversibility ⇒ Rollback Obligation <i>(lean)</i></summary><pre>structure Decision where
+  id : String
+  reversible : Bool
+  rollbackPlan : Option String
+theorem reversibility_implies_plan
+  (d : Decision) (h : d.reversible = true) : d.rollbackPlan.isSome := by
+  -- enforced at policy time; proof obligation discharged by registry</pre></details><details class='code'><summary><b>CE-10</b> — ZK-SNARK Fairness Proof (gnark-style) <i>(go)</i></summary><pre>type FairnessCircuit struct { AIR frontend.Variable; Threshold frontend.Variable `gnark:&quot;,public&quot;` }
+func (c *FairnessCircuit) Define(api frontend.API) error {
+  api.AssertIsLessOrEqual(c.Threshold, c.AIR)
+  return nil
+}</pre></details><details class='code'><summary><b>CE-11</b> — JSOP Message Envelope (JSON) <i>(json)</i></summary><pre>{
+  &quot;msgId&quot;: &quot;jsop-2027-04-12-0001&quot;,
+  &quot;ts&quot;: &quot;2027-04-12T09:14:22Z&quot;,
+  &quot;sender&quot;: &quot;ASA-Reg/ECB&quot;,
+  &quot;recipients&quot;: [&quot;ASA-Firm/BANK-X&quot;],
+  &quot;intent&quot;: &quot;discovery.fairness&quot;,
+  &quot;payload&quot;: {&quot;system&quot;: &quot;credit-uw-eu-1&quot;, &quot;window&quot;: &quot;2027Q1&quot;},
+  &quot;signatures&quot;: {&quot;ed25519&quot;: &quot;...&quot;, &quot;dilithium3&quot;: &quot;...&quot;},
+  &quot;ledgerAnchor&quot;: &quot;mcigl://block/812441/tx/0xabc&quot;,
+  &quot;ethicalHash&quot;: &quot;ugl:A4,A5;sacil:P3,P11&quot;
+}</pre></details><details class='code'><summary><b>CE-12</b> — Predictive Governance Dashboard — React KPI Gauge <i>(tsx)</i></summary><pre>export function KpiGauge({label, value, target}:{label:string; value:number; target:number}) {
+  const pct = Math.min(100, (value/target)*100);
+  const ok = value &gt;= target;
+  return (&lt;div className=&quot;rounded-2xl shadow p-4&quot;&gt;
+    &lt;div className=&quot;text-sm opacity-70&quot;&gt;{label}&lt;/div&gt;
+    &lt;div className={`text-3xl font-semibold ${ok?&quot;text-emerald-600&quot;:&quot;text-rose-600&quot;}`}&gt;{value.toFixed(2)}&lt;/div&gt;
+    &lt;div className=&quot;h-2 bg-slate-200 rounded&quot;&gt;&lt;div style={{width:`${pct}%`}} className={`h-2 rounded ${ok?&quot;bg-emerald-500&quot;:&quot;bg-rose-500&quot;}`}/&gt;&lt;/div&gt;
+  &lt;/div&gt;);
+}</pre></details><details class='code'><summary><b>CE-13</b> — MCIGL Anchor — Rekor + Merkle <i>(python)</i></summary><pre>import hashlib, requests
+def anchor(payload: bytes) -&gt; dict:
+    digest = hashlib.sha256(payload).hexdigest()
+    r = requests.post(&quot;https://rekor.sigstore.dev/api/v1/log/entries&quot;,
+                      json={&quot;kind&quot;:&quot;hashedrekord&quot;,&quot;spec&quot;:{&quot;data&quot;:{&quot;hash&quot;:{&quot;algorithm&quot;:&quot;sha256&quot;,&quot;value&quot;:digest}}}})
+    return {&quot;rekorUuid&quot;: r.json()[&quot;uuid&quot;], &quot;digest&quot;: digest}</pre></details><details class='code'><summary><b>CE-14</b> — OPA Bundle Manifest with SACIL/UGL Metadata <i>(json)</i></summary><pre>{
+  &quot;bundleId&quot;: &quot;gov-runtime-1.7.0&quot;,
+  &quot;policies&quot;: [
+    {&quot;id&quot;: &quot;POL-RT-007&quot;, &quot;controlId&quot;: &quot;CTL-L3-007&quot;, &quot;regime_refs&quot;: [&quot;FCRA §615(a)&quot;], &quot;sacilPrinciple&quot;: &quot;P5&quot;, &quot;uglAxiom&quot;: &quot;A6&quot;},
+    {&quot;id&quot;: &quot;POL-RT-011&quot;, &quot;controlId&quot;: &quot;CTL-L3-011&quot;, &quot;regime_refs&quot;: [&quot;GDPR Art 22&quot;], &quot;sacilPrinciple&quot;: &quot;P1&quot;, &quot;uglAxiom&quot;: &quot;A1&quot;}
+  ],
+  &quot;signature&quot;: {&quot;ed25519&quot;: &quot;...&quot;, &quot;dilithium3&quot;: &quot;...&quot;}
+}</pre></details>
+</section>
+
+<section class='block' id='cases'>
+  <h2>Case Studies (6)</h2>
+  <div class='grid k2'><article class='case'><h4>CS-01 — EU G-SIB — Tier-1 to Tier-2 in 18 months</h4><p>Established CI/CD gates G0-G4, OPA bundle (38 policies), Sentinel v2.4, Control Tower; first AIGL anchor month 9; Tier-2 federation pilot with ECB month 18.</p><ul><li>Decision-traceability 99.97%</li><li>MTTR 38 min</li><li>RAG faithfulness 0.94</li><li>AIR 0.88 cross-jurisdiction</li></ul></article><article class='case'><h4>CS-02 — US BHC — SR 11-7 Federated Validation via MCIGL</h4><p>Deployed federated SR 11-7 model risk validation via MCIGL with Fed + OCC; ZK proofs of fairness without raw data transfer.</p><ul><li>Validation cycle 6w → 9d</li><li>Capital overlay updates ≤4 BD</li><li>Zero data-residency violations</li></ul></article><article class='case'><h4>CS-03 — UK SMF24 + PRA SS1/23 — Joint Tier-2 Drill</h4><p>Simulated frontier-model recall (TC-04 + TC-08) using ASA-Reg, ASA-Firm, ASA-Treaty; full negotiation protocol NP-1 executed in sandbox.</p><ul><li>NP-1 closure 4h12m</li><li>All evidence ZK-attested</li><li>PRA SMF24 sign-off</li></ul></article><article class='case'><h4>CS-04 — Cross-Border Fairness — EU+SG+HK ZK Attestation</h4><p>Three-jurisdiction credit AI proved AIR ≥ 0.85 to MAS, HKMA, EBA without sharing protected data via MCIGL ZK proofs.</p><ul><li>3 supervisor sign-offs in 11 days</li><li>Zero GDPR transfers</li><li>UGL score 0.93</li></ul></article><article class='case'><h4>CS-05 — Frontier T3 Capability Spike — Containment in 42 s</h4><p>GPAI capability evaluation triggered Tier-1 kill-switch + Tier-2 ASA-Treaty arbitration + Tier-3 MCIGL inscription.</p><ul><li>Containment 42 s</li><li>Treaty TC-01 enforced</li><li>Resonance archive entry sealed</li></ul></article><article class='case'><h4>CS-06 — Climate-Transition AI Drift — Capital Overlay in 3 BD</h4><p>Scenario S11 ran in production stress harness; mis-pricing detected; ICAAP overlay updated within 3 business days.</p><ul><li>Δ-VaR captured 92%</li><li>Overlay 18 bps</li><li>Board attestation logged</li></ul></article></div>
+</section>
+
+<section class='block' id='deploy'>
+  <h2>Deployment Considerations</h2>
+  <ul><li>Sovereign cloud variants per jurisdiction (Gaia-X EU, CMG CN, MeghRaj IN).</li><li>Air-gapped Tier-1 G-SIB profile uses self-hosted Sigstore + Rekor mirror.</li><li>Quantum-safe migration by 2030 using hybrid Ed25519 + Dilithium3 across all signing surfaces.</li><li>Resilience: cross-region replicated WORM, RPO ≤ 5 min, RTO ≤ 30 min.</li><li>Cost optimization: spot/interruptible nodes for non-prod; reserved for governance-critical paths.</li><li>Compliance hard-mandatory mode for production workspaces (Sentinel/Gatekeeper deny-by-default).</li><li>Independent civic auditors required for SACIL annual audits.</li><li>Treaty Authority VPN read-only access (no inbound from supervisors except via JSOP).</li></ul>
+</section>
+
+</main>
+<footer>API prefix: <code>/api/tier13-fullstack</code> · Generated for TIER13-FULLSTACK-WP-041</footer>
+</body></html>
diff --git a/rag-agentic-dashboard/server.js b/rag-agentic-dashboard/server.js
index eb6d70b..89a2724 100644
--- a/rag-agentic-dashboard/server.js
+++ b/rag-agentic-dashboard/server.js
@@ -22620,6 +22620,134 @@ app.get('/api/ent-agi-ref-impl/case-studies/:id', (req, res) => {
   res.json(cs);
 });
 
+// ============================================================================
+// WP-041 — TIER13-FULLSTACK ROUTES
+// Full-Stack AI Governance Ontology (Tier 1-3) for G-SIFIs (2026-2030)
+// ============================================================================
+const TIER13 = require('./data/tier13-fullstack.json');
+
+function tier13Find(coll, id) {
+  if (!Array.isArray(coll)) return null;
+  const k = String(id).toUpperCase();
+  return coll.find(x => String(x.id || '').toUpperCase() === k) || null;
+}
+
+// Root + meta
+app.get('/api/tier13-fullstack', (_req, res) => res.json(TIER13));
+app.get('/api/tier13-fullstack/meta', (_req, res) => {
+  const { docRef, version, horizon, classification, title, subtitle, owner, buildsOn, tiers, regimes, counts, apiPrefix } = TIER13;
+  res.json({ docRef, version, horizon, classification, title, subtitle, owner, buildsOn, tiers, regimes, counts, apiPrefix });
+});
+app.get('/api/tier13-fullstack/executive-summary', (_req, res) => res.json(TIER13.executiveSummary || {}));
+app.get('/api/tier13-fullstack/summary', (_req, res) => {
+  const { docRef, version, horizon, classification, title, subtitle, owner, buildsOn, counts, apiPrefix } = TIER13;
+  res.json({ docRef, version, horizon, classification, title, subtitle, owner, buildsOn, counts, apiPrefix });
+});
+
+// Modules
+app.get('/api/tier13-fullstack/modules', (_req, res) => {
+  res.json((TIER13.modules || []).map(m => ({ id: m.id, title: m.title, summary: m.summary, sectionCount: (m.sections || []).length })));
+});
+app.get('/api/tier13-fullstack/modules/:id', (req, res) => {
+  const m = tier13Find(TIER13.modules, req.params.id);
+  if (!m) return res.status(404).json({ error: 'module not found', id: req.params.id });
+  res.json(m);
+});
+// Per-module shortcuts m1..m14
+for (let i = 1; i <= 14; i++) {
+  const id = `M${i}`;
+  app.get(`/api/tier13-fullstack/m${i}`, (_req, res) => {
+    const m = tier13Find(TIER13.modules, id);
+    if (!m) return res.status(404).json({ error: 'module not found', id });
+    res.json(m);
+  });
+}
+
+// Sections
+app.get('/api/tier13-fullstack/sections/:id', (req, res) => {
+  for (const m of TIER13.modules || []) {
+    const s = (m.sections || []).find(x => String(x.id).toUpperCase() === String(req.params.id).toUpperCase());
+    if (s) return res.json({ moduleId: m.id, ...s });
+  }
+  res.status(404).json({ error: 'section not found', id: req.params.id });
+});
+
+// Tiers
+app.get('/api/tier13-fullstack/tiers', (_req, res) => res.json(TIER13.tiers || {}));
+app.get('/api/tier13-fullstack/tiers/:id', (req, res) => {
+  const k = String(req.params.id).toUpperCase();
+  const v = (TIER13.tiers || {})[k];
+  if (!v) return res.status(404).json({ error: 'tier not found', id: req.params.id });
+  res.json({ id: k, description: v });
+});
+
+// Regimes
+app.get('/api/tier13-fullstack/regimes', (_req, res) => res.json(TIER13.regimes || []));
+
+// KPIs
+app.get('/api/tier13-fullstack/kpis', (_req, res) => res.json(TIER13.kpis || []));
+app.get('/api/tier13-fullstack/kpis/:id', (req, res) => {
+  const k = tier13Find(TIER13.kpis, req.params.id);
+  if (!k) return res.status(404).json({ error: 'kpi not found', id: req.params.id });
+  res.json(k);
+});
+
+// OPA Policies
+app.get('/api/tier13-fullstack/opa-policies', (_req, res) => res.json(TIER13.opaPolicies || []));
+app.get('/api/tier13-fullstack/opa-policies/:id', (req, res) => {
+  const p = tier13Find(TIER13.opaPolicies, req.params.id);
+  if (!p) return res.status(404).json({ error: 'opa policy not found', id: req.params.id });
+  res.json(p);
+});
+app.get('/api/tier13-fullstack/opa-policies/by-tier/:tier', (req, res) => {
+  const t = String(req.params.tier).toUpperCase();
+  res.json((TIER13.opaPolicies || []).filter(p => String(p.tier).toUpperCase() === t));
+});
+app.get('/api/tier13-fullstack/opa-policies/by-domain/:domain', (req, res) => {
+  const d = String(req.params.domain).toLowerCase();
+  res.json((TIER13.opaPolicies || []).filter(p => String(p.domain).toLowerCase() === d));
+});
+
+// Treaty clauses
+app.get('/api/tier13-fullstack/treaty-clauses', (_req, res) => res.json(TIER13.treatyClauses || []));
+app.get('/api/tier13-fullstack/treaty-clauses/:id', (req, res) => {
+  const t = tier13Find(TIER13.treatyClauses, req.params.id);
+  if (!t) return res.status(404).json({ error: 'treaty clause not found', id: req.params.id });
+  res.json(t);
+});
+
+// Traceability
+app.get('/api/tier13-fullstack/traceability', (_req, res) => res.json(TIER13.traceability || {}));
+app.get('/api/tier13-fullstack/traceability/examples', (_req, res) => res.json((TIER13.traceability || {}).examples || []));
+
+// Schemas
+app.get('/api/tier13-fullstack/schemas', (_req, res) => res.json(TIER13.schemas || []));
+app.get('/api/tier13-fullstack/schemas/:id', (req, res) => {
+  const s = tier13Find(TIER13.schemas, req.params.id);
+  if (!s) return res.status(404).json({ error: 'schema not found', id: req.params.id });
+  res.json(s);
+});
+
+// Code examples
+app.get('/api/tier13-fullstack/code-examples', (_req, res) => res.json(TIER13.codeExamples || []));
+app.get('/api/tier13-fullstack/code-examples/:id', (req, res) => {
+  const c = tier13Find(TIER13.codeExamples, req.params.id);
+  if (!c) return res.status(404).json({ error: 'code example not found', id: req.params.id });
+  res.json(c);
+});
+
+// Case studies
+app.get('/api/tier13-fullstack/case-studies', (_req, res) => res.json(TIER13.caseStudies || []));
+app.get('/api/tier13-fullstack/case-studies/:id', (req, res) => {
+  const c = tier13Find(TIER13.caseStudies, req.params.id);
+  if (!c) return res.status(404).json({ error: 'case study not found', id: req.params.id });
+  res.json(c);
+});
+
+// Deployment
+app.get('/api/tier13-fullstack/deployment-considerations', (_req, res) => res.json(TIER13.deploymentConsiderations || []));
+
+
 // SECTION 10: START SERVER
 // ══════════════════════════════════════════════════════════════════════════════