Skip to content

Add AGI/ASI governance artifacts, validation rules, and tests (Sentinel v2.4, 2026–2035 roadmap)#141

Open
OneFineStarstuff wants to merge 1 commit into
mainfrom
codex/develop-agi/asi-governance-implementation-roadmap
Open

Add AGI/ASI governance artifacts, validation rules, and tests (Sentinel v2.4, 2026–2035 roadmap)#141
OneFineStarstuff wants to merge 1 commit into
mainfrom
codex/develop-agi/asi-governance-implementation-roadmap

Conversation

@OneFineStarstuff

@OneFineStarstuff OneFineStarstuff commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Motivation

  • Extend the governance artifacts bundle to include a supervisor-grade reference architecture, longer horizon roadmap, and machine-readable artifacts for AGI/ASI governance (2026–2035) so enterprise/regulator workflows can consume containment, ZK-proof, and systemic-risk assets.
  • Ensure integrity and machine-validation for the new artifacts by updating manifest targets, checksum manifest, and the artifact validator to detect schema/format and semantic issues across OSCAL, Rego, Circom, TLA+, CSV mappings, and new templates.

Description

  • Added new artifacts: enterprise-agi-asi-governance-reference-architecture-2026-2035.md, roadmap-2026-2035.yaml, data/multi_jurisdiction_regulatory_mapping_2026_2035.csv, oscal/sentinel-ai-control-catalog-oscal.json, policies/sentinel_ai_release_gate_v24.rego, tla/OmniSentinelContainment.tla, circuits/g_sri_systemic_risk.circom, templates/gc-ir-bridge-event.json, and templates/regulator-technical-report-2035.xml and updated artifacts/README.md, artifacts/manifest-targets-v1.json, and artifacts/artifact-manifest-v1.json with new entries and updated timestamp.
  • Extended artifacts/validate_artifacts.py with new checks and helpers for the 2026–2035 horizon, including: extended markdown report validation, extended XML report template checks, OSCAL catalog validation, regulatory mapping CSV validation, Rego policy snippet and delimiter checks, TLA+ spec checks, Circom circuit checks, GC-IR event schema validation, and roadmap date-range support up to 2035.
  • Added example machine-readable assets (OSCAL catalog, GC-IR event template, roadmap YAML, Circom circuit, TLA+ spec, Rego gate) and ensured they are covered by the checksum manifest and manifest targets.
  • Updated unit tests in unit_tests/test_artifacts_validation.py to assert presence of the new manifest targets and to exercise the new validation code paths (validate_extended_artifacts, validate_oscal_catalog, validate_rego_policy, validate_tla_spec, validate_circom_circuit).

Testing

  • Ran the artifact validation CLI python artifacts/validate_artifacts.py (normal and --json modes) and the extended artifact validations, which completed successfully and report all checks passing.
  • Executed the manifest build/check flow with python artifacts/build_manifest.py --check, which passed in check mode.
  • Ran the unit test suite with pytest covering unit_tests/test_artifacts_validation.py, and all tests including the newly added extended-artifact tests passed.

Codex Task

Summary by Sourcery

Add 2026–2035 AGI/ASI governance artifacts and integrate them into the artifact validation pipeline and manifest coverage.

New Features:

  • Introduce long-horizon AGI/ASI governance reference architecture, roadmap, OSCAL catalog, Rego gate, TLA+ containment spec, Circom systemic-risk circuit, GC-IR event template, regulator technical report template, and multi-jurisdiction regulatory mapping artifacts.

Enhancements:

  • Extend artifact validation to cover 2026–2035 roadmap dates, structured markdown/XML reports, OSCAL control catalog integrity, regulatory mapping CSV schema, Rego release-gate policies, TLA+ specs, Circom circuits, and GC-IR event payloads.
  • Document new governance artifacts and validation checks in the artifacts README and ensure manifest targets/checksum manifest track the extended asset set.

Tests:

  • Add unit tests asserting manifest coverage for new governance artifacts and exercising the new validation helpers for OSCAL catalogs, Rego policies, TLA+ specs, Circom circuits, and the extended artifact bundle.

Summary by CodeRabbit

  • New Features
    • Added a 2026–2035 governance reference architecture with roadmap, compliance, evidence, and reporting artifacts.
    • Introduced new machine-readable templates and controls for compliance reviews, reporting, and proof submissions.
  • Bug Fixes
    • Expanded validation coverage so more governance artifacts and longer-horizon roadmap dates are checked consistently.
  • Tests
    • Added unit tests for the new artifact validation rules and failure cases.

@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
v0-one-fine-starstuff-github-io Ready Ready Preview, Comment, Open in v0 Jul 6, 2026 8:35am

@code-genius-code-coverage

Copy link
Copy Markdown

The files' contents are under analysis for test generation.

@semanticdiff-com

semanticdiff-com Bot commented Jul 6, 2026

Copy link
Copy Markdown

@gitnotebooks

gitnotebooks Bot commented Jul 6, 2026

Copy link
Copy Markdown

@sourcery-ai

sourcery-ai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Reviewer's Guide

Extends the artifact validation pipeline and manifest to cover new 2026–2035 AGI/ASI governance assets (reference architecture, roadmap, OSCAL catalog, Rego gate, TLA+, Circom, templates, CSV mappings), adding structured validators and tests so the CLI and checksum manifest robustly enforce schema, content, and semantic requirements for these long-horizon governance artifacts.

Sequence diagram for extended AGI/ASI artifact validation in run_validation

sequenceDiagram
  actor User
  participant ValidateArtifactsCLI
  participant ValidatorModule

  User->>ValidateArtifactsCLI: run_validation()
  ValidateArtifactsCLI->>ValidatorModule: validate_control_catalog()
  ValidateArtifactsCLI->>ValidatorModule: validate_roadmap()
  ValidateArtifactsCLI->>ValidatorModule: validate_report_template()
  ValidateArtifactsCLI->>ValidatorModule: validate_extended_artifacts()

  alt 2026_2035_extended_artifacts
    ValidatorModule->>ValidatorModule: validate_extended_markdown_report()
    ValidatorModule->>ValidatorModule: validate_roadmap(min_year=2026, max_year=2035)
    ValidatorModule->>ValidatorModule: validate_regulatory_mapping_csv()
    ValidatorModule->>ValidatorModule: validate_oscal_catalog()
    ValidatorModule->>ValidatorModule: validate_rego_policy()
    ValidatorModule->>ValidatorModule: validate_tla_spec()
    ValidatorModule->>ValidatorModule: validate_circom_circuit()
    ValidatorModule->>ValidatorModule: validate_gc_ir_event()
    ValidatorModule->>ValidatorModule: validate_extended_report_template()
  end

  ValidateArtifactsCLI-->>User: validation result including extended_2026_2035_artifacts
Loading

File-Level Changes

Change Details Files
Extend artifact validator to support 2026–2035 governance artifacts and richer schema/semantic checks.
  • Broaden roadmap validation to accept configurable year ranges, enforce unique phase/milestone IDs, and validate phase keys based on horizon.
  • Add extended markdown and XML report template validators to enforce tag structure and required governance sections.
  • Introduce validators for OSCAL catalog (UUID, metadata fields, control/group structure, required controls), regulatory mapping CSV (headers, frameworks, non-empty cells), Rego policy (balanced delimiters and required policy snippets), TLA+ spec (balanced comments and required module/theorem snippets), Circom circuit (balanced delimiters and required circuit snippets), and GC-IR event JSON (schema, types, and semantic constraints).
  • Wire new extended validation routine into the main run_validation flow and expose a new check result key for extended artifacts.
artifacts/validate_artifacts.py
Add new 2026–2035 governance artifacts and register them in the manifest and documentation.
  • Create long-horizon reference architecture markdown, roadmap YAML, TLA+ containment spec, Circom systemic-risk circuit, Rego release gate policy, GC-IR bridge event template, regulator technical report XML template, regulatory mapping CSV, and OSCAL control catalog placeholders.
  • Document the new artifacts and validation responsibilities in the artifacts README, including updated description of roadmap and extended AGI/ASI checks.
  • Update manifest targets and checksum manifest to include all new artifact paths and refresh timestamps so they are tracked by build_manifest and validate_artifacts.
artifacts/README.md
artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md
artifacts/roadmap-2026-2035.yaml
artifacts/tla/OmniSentinelContainment.tla
artifacts/policies/sentinel_ai_release_gate_v24.rego
artifacts/circuits/g_sri_systemic_risk.circom
artifacts/templates/regulator-technical-report-2035.xml
artifacts/data/multi_jurisdiction_regulatory_mapping_2026_2035.csv
artifacts/oscal/sentinel-ai-control-catalog-oscal.json
artifacts/templates/gc-ir-bridge-event.json
artifacts/artifact-manifest-v1.json
artifacts/manifest-targets-v1.json
Expand unit tests to cover new manifest targets and extended validation logic.
  • Add tests asserting that manifest targets include all new 2026–2035 governance artifact paths.
  • Introduce unit tests for validate_extended_artifacts plus focused negative-path tests for OSCAL catalog UUID validation, Rego policy required helpers, TLA+ theorems, and Circom delimiter balancing.
  • Ensure extended validators are imported and callable from the test suite, increasing coverage of long-horizon artifact checks.
unit_tests/test_artifacts_validation.py

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@github-actions github-actions Bot added documentation Improvements or additions to documentation python Pull requests that update python code labels Jul 6, 2026
@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

1 similar comment
@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@deepsource-io

deepsource-io Bot commented Jul 6, 2026

Copy link
Copy Markdown

DeepSource Code Review

We reviewed changes in 835ef34...9472a1a on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
Python Jul 6, 2026 8:35a.m. Review ↗
JavaScript Jul 6, 2026 8:35a.m. Review ↗
Shell Jul 6, 2026 8:35a.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@guardrails

guardrails Bot commented Jul 6, 2026

Copy link
Copy Markdown

⚠️ We detected 1 security issue in this pull request:

Hard-Coded Secrets (1)
Severity Details Docs
Medium Title: Hex High Entropy String
"tla/OmniSentinelContainment.tla": "c4d70dc56804055aebda35c634eab3002be47c1ce314160deb63150f02ea80d7"
📚

More info on how to fix Hard-Coded Secrets in General.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 security issue, and left some high level feedback:

Security issues:

  • The native Python xml library is vulnerable to XML External Entity (XXE) attacks. These attacks can leak confidential data and "XML bombs" can cause denial of service. Do not use this library to parse untrusted input. Instead the Python documentation recommends using defusedxml. (link)

General comments:

  • The roadmap validator’s conditional use of "outcomes" if max_year > 2030 else "objectives" makes the schema logic implicit and tied to the horizon; consider making phase schema explicit (e.g., a mode flag or separate validator) instead of relying on max_year to choose required keys.
  • Several of the new validators (Rego, TLA+, Circom, extended markdown) rely on brittle substring/snippet checks that will break with minor formatting changes; consider normalizing/structuring the inputs (e.g., simple parsing, tokenization, or regex-based checks) so they validate semantics rather than exact text fragments.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The roadmap validator’s conditional use of `"outcomes" if max_year > 2030 else "objectives"` makes the schema logic implicit and tied to the horizon; consider making phase schema explicit (e.g., a mode flag or separate validator) instead of relying on `max_year` to choose required keys.
- Several of the new validators (Rego, TLA+, Circom, extended markdown) rely on brittle substring/snippet checks that will break with minor formatting changes; consider normalizing/structuring the inputs (e.g., simple parsing, tokenization, or regex-based checks) so they validate semantics rather than exact text fragments.

## Individual Comments

### Comment 1
<location path="artifacts/validate_artifacts.py" line_range="239" />
<code_context>
    tree = ET.parse(path)
</code_context>
<issue_to_address>
**security (python.lang.security.use-defused-xml-parse):** The native Python `xml` library is vulnerable to XML External Entity (XXE) attacks.  These attacks can leak confidential data and "XML bombs" can cause denial of service. Do not use this library to parse untrusted input. Instead  the Python documentation recommends using `defusedxml`.

```suggestion
    tree = defusedxml.etree.ElementTree.parse(path)
```

*Source: opengrep*
</issue_to_address>

Fix all in Cursor


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread artifacts/validate_artifacts.py
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a set of 2026–2035 AGI/ASI governance artifacts: a reference architecture document, a roadmap YAML, an OSCAL control catalog, a Rego release-gate policy, a TLA+ containment spec, a Circom circuit, JSON/XML templates, updated manifests/README, and extended validator logic with corresponding unit tests.

Changes

Extended AGI/ASI Governance Artifacts and Validation

Layer / File(s) Summary
Manifest, README, and target list updates
artifacts/README.md, artifacts/artifact-manifest-v1.json, artifacts/manifest-targets-v1.json
README documents the new artifact set and validation checklist; manifest hashes/timestamp and manifest-targets file lists are updated to include new artifacts.
Reference architecture document
artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md
New Markdown document covering design goals, architecture layers, subsystems, safety invariants, compliance-as-code, audit logging, ZK compliance, G-SRI index, simulation program, jurisdiction mapping, roadmap, and acceptance criteria.
Roadmap, OSCAL catalog, and templates
artifacts/roadmap-2026-2035.yaml, artifacts/oscal/sentinel-ai-control-catalog-oscal.json, artifacts/templates/gc-ir-bridge-event.json, artifacts/templates/regulator-technical-report-2035.xml
New machine-readable roadmap, OSCAL control catalog, GC-IR bridge event template, and regulator report XML template referenced by the architecture doc.
Rego release gate policy
artifacts/policies/sentinel_ai_release_gate_v24.rego
New default-deny release gate defining required evidence, approval/ZK predicates, deny rules, and evidence-status computation.
TLA+ containment spec
artifacts/tla/OmniSentinelContainment.tla
New TLA+ module modeling containment state transitions, fairness, and safety/liveness theorems.
Circom systemic risk circuit
artifacts/circuits/g_sri_systemic_risk.circom
New circuit computing a weighted score band check with public policy version/evidence commitment outputs.
Validator extensions and tests
artifacts/validate_artifacts.py, unit_tests/test_artifacts_validation.py
Validator extended with parameterized roadmap checks and new validators for markdown, XML, OSCAL, CSV, Rego, TLA+, Circom, and GC-IR event artifacts, wired into run_validation; new unit tests cover positive and negative cases.

Estimated code review effort: 4 (Complex) | ~60 minutes

Possibly related PRs

Suggested labels: enhancement, Review effort [1-5]: 5

Suggested reviewers: gstraccini

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main changes: governance artifacts, extended validation rules, tests, and the 2026–2035 Sentinel roadmap.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/develop-agi/asi-governance-implementation-roadmap
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch codex/develop-agi/asi-governance-implementation-roadmap

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codacy-production

Copy link
Copy Markdown

Not up to standards ⛔

🔴 Issues 2 high · 3 medium · 84 minor

Alerts:
⚠ 89 issues (≤ 0 issues of at least minor severity)

Results:
89 new issues

Category Results
BestPractice 4 minor
Documentation 17 minor
Security 2 high
CodeStyle 60 minor
Complexity 3 medium
3 minor

View in Codacy

🟢 Metrics 6 complexity · 2 duplication

Metric Results
Complexity 6
Duplication 2

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@charliecreates charliecreates Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed with a risk-prioritized focus on executable validation and policy logic.

Blocking feedback

  1. Required evidence is declared but not enforced by the gate decision, so releases can still pass with missing bbom_current/owner_attested evidence — artifacts/policies/sentinel_ai_release_gate_v24.rego#L7-L77
Non-blocking feedback (1)
  1. The failing Guardrails secret alert appears to be a false positive on deterministic checksum values in the manifest — artifacts/artifact-manifest-v1.json#L1-L21.
    Consider allowlisting this manifest path/pattern in that scanner so real secret findings stay high-signal.

If you want me to apply fixes, reply with the item numbers (for example: please fix 1).

Comment thread artifacts/policies/sentinel_ai_release_gate_v24.rego

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (6)
artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md (1)

1-7: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

<title>/<abstract>/<content> tags will likely be stripped by GitHub's markdown renderer.

GitHub's HTML sanitizer for GFM only allows tags reachable via Markdown syntax (headings, lists, tables, etc.) plus a small extra allowlist; arbitrary tags like <title>, <abstract>, and <content> are generally stripped when rendered. Since this pattern mirrors the existing enterprise-civilizational-agi-asi-blueprint-2026-2030.md convention (presumably required for the validator's tag-based parsing), this is likely an accepted tradeoff rather than a new defect, but worth confirming the rendered document still reads acceptably on GitHub.

artifacts/validate_artifacts.py (1)

304-368: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Extract the repeated "read text or raise ValidationError" preamble.

validate_extended_markdown_report, validate_rego_policy, validate_tla_spec, and validate_circom_circuit all duplicate the same read + FileNotFoundError handling (also flagged by the duplication check). A small helper removes the repetition.

♻️ Proposed helper
def read_required_text(path: Path) -> str:
    try:
        return path.read_text(encoding="utf-8")
    except FileNotFoundError as exc:
        raise ValidationError(f"required artifact file missing: {display_artifact_path(path)}") from exc

Then each validator becomes e.g. text = read_required_text(path).

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@artifacts/validate_artifacts.py` around lines 304 - 368, The validators
duplicate the same “read text or raise ValidationError” preamble, so extract
that logic into a shared helper and reuse it. Add a small function like
read_required_text(path) that handles Path.read_text and FileNotFoundError with
the existing ValidationError message, then update validate_rego_policy,
validate_tla_spec, validate_circom_circuit, and
validate_extended_markdown_report to call it instead of repeating the try/except
block.

Source: Linters/SAST tools

artifacts/circuits/g_sri_systemic_risk.circom (1)

34-36: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Redundant public signals: outputs duplicate already-public inputs.

publicPolicyVersion/publicEvidenceCommitment are just pass-throughs of policyVersion/evidenceCommitment, which are already declared public on component main (line 64). This doubles the exposed public signals for the same two values without adding information.

Also applies to: 60-61, 64-64

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@artifacts/circuits/g_sri_systemic_risk.circom` around lines 34 - 36, The
circuit exposes redundant public outputs: publicPolicyVersion and
publicEvidenceCommitment duplicate values that are already public inputs on
component main. Remove these extra output signals from
g_sri_systemic_risk.circom and keep the public exposure only on the existing
policyVersion and evidenceCommitment inputs, updating the main wiring so the
circuit still behaves correctly without duplicating public signals.
artifacts/oscal/sentinel-ai-control-catalog-oscal.json (1)

26-26: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick win

Consider repeated maps-to props instead of semicolon-joined values.

Each maps-to prop packs multiple framework identifiers into a single delimited string (e.g. "EU-AI-Act;NIST-AI-RMF-GOVERN;ISO-IEC-42001;FCA-SMCR"). Standard OSCAL consumers expect one value per prop; repeating {"name": "maps-to", "value": "..."} for each framework would be more directly machine-consumable by regulator/enterprise OSCAL tooling, better matching this PR's stated goal.

♻️ Example refactor for SG-01
             "props": [
-              {"name": "maps-to", "value": "EU-AI-Act;NIST-AI-RMF-GOVERN;ISO-IEC-42001;FCA-SMCR"},
+              {"name": "maps-to", "value": "EU-AI-Act"},
+              {"name": "maps-to", "value": "NIST-AI-RMF-GOVERN"},
+              {"name": "maps-to", "value": "ISO-IEC-42001"},
+              {"name": "maps-to", "value": "FCA-SMCR"},
               {"name": "cadence", "value": "quarterly"}
             ],

Also applies to: 37-37, 54-54, 65-65, 82-82, 93-93

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@artifacts/oscal/sentinel-ai-control-catalog-oscal.json` at line 26, The OSCAL
`maps-to` props are using semicolon-delimited multi-framework strings instead of
one value per prop, which makes them harder for standard consumers to parse.
Update the affected prop entries in `sentinel-ai-control-catalog-oscal.json` so
each framework identifier is emitted as its own `{"name": "maps-to", "value":
"..."}` entry, and apply the same pattern to all similar occurrences referenced
by the comment.
artifacts/policies/sentinel_ai_release_gate_v24.rego (1)

1-1: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Directory layout doesn't mirror the package path.

Regal flags that package sentinel.release.v24 conventionally expects a matching directory structure (e.g. policies/sentinel/release/v24/...).

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@artifacts/policies/sentinel_ai_release_gate_v24.rego` at line 1, The package
declaration in the Rego policy does not match the conventional directory layout
expected by Regal. Update the location of the policy file or the package name
around package sentinel.release.v24 so the directory structure mirrors the
package path (for example, a sentinel/release/v24 hierarchy under policies),
keeping the package and path aligned.

Source: Linters/SAST tools

artifacts/roadmap-2026-2035.yaml (1)

12-12: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Inconsistent window date-range formats across phases.

Four different formats are used for window: 2026-Q2_to_2026-Q4, a bare year (2027), and hyphenated year ranges (2031-2032, 2033-2035). Since the validator is stated to add "roadmap date-range support through 2035," a single consistent format (e.g., always start_date..end_date or ISO quarter notation) would make automated parsing far less error-prone.

Also applies to: 20-20, 50-50, 57-57

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@artifacts/roadmap-2026-2035.yaml` at line 12, The roadmap phases use
inconsistent window formats, so update the `window` fields in the roadmap YAML
to use one standardized date-range format everywhere. Review the phase entries
referenced by the roadmap schema/validator and normalize all `window` values
(including the ones for `2026-Q2_to_2026-Q4`, `2027`, `2031-2032`, and
`2033-2035`) to the same parseable convention so the validator and downstream
automation can handle them consistently.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@artifacts/circuits/g_sri_systemic_risk.circom`:
- Around line 26-49: The weighted sum in GSRIWeightedSum only range-checks
scores[i], so weights[i] can remain unconstrained and distort accum[n] and
inBand. Add an explicit bound check for each weights[i] in the same loop, using
Range100() if weights are percentage-like or the appropriate intended
constraint, and ensure the check is enforced before products[i] is computed.

In `@artifacts/policies/sentinel_ai_release_gate_v24.rego`:
- Around line 7-14: The evidence reporting logic in
sentinel_ai_release_gate_v24.rego is drifting from the actual gate checks, since
required_evidence/evidence_status reads input.evidence while the deny predicates
use separate input.annex_iv_complete, input.model_validation.status,
input.containment.*, and input.zk.last_verified fields. Update the policy so
evidence_status is derived from the same helper predicates used by deny, or
refactor deny to read from input.evidence directly, with shared symbols like
required_evidence, evidence_status, model_validation_approved, and
zk_proof_verified serving as the single source of truth.

In `@artifacts/tla/OmniSentinelContainment.tla`:
- Around line 105-108: The NoPrivilegedSelfModification invariant is currently
vacuous because Next never allows policyVersion, credentialVersion, or
boundaryVersion to change. Update the OmniSentinelContainment model by adding a
concrete unauthorized self-modification action and include it in Next, then
adjust PrivilegedState/related actions so the invariant can actually be violated
by a bad actor and meaningfully test containment. Use the existing symbols
NoPrivilegedSelfModification, Next, and PrivilegedState to place the change.

In `@artifacts/validate_artifacts.py`:
- Around line 298-301: The required-header validation in validate_artifacts.py
is calling strip() on row[header] without handling missing CSV fields, so short
rows can raise an AttributeError instead of ValidationError. Update the row
validation loop in the CSV parsing logic to treat None values as empty strings
before checking emptiness, so the existing ValidationError path is triggered
consistently for malformed rows. Use the row/required_headers check in the
current validation block as the fix point.

---

Nitpick comments:
In `@artifacts/circuits/g_sri_systemic_risk.circom`:
- Around line 34-36: The circuit exposes redundant public outputs:
publicPolicyVersion and publicEvidenceCommitment duplicate values that are
already public inputs on component main. Remove these extra output signals from
g_sri_systemic_risk.circom and keep the public exposure only on the existing
policyVersion and evidenceCommitment inputs, updating the main wiring so the
circuit still behaves correctly without duplicating public signals.

In `@artifacts/oscal/sentinel-ai-control-catalog-oscal.json`:
- Line 26: The OSCAL `maps-to` props are using semicolon-delimited
multi-framework strings instead of one value per prop, which makes them harder
for standard consumers to parse. Update the affected prop entries in
`sentinel-ai-control-catalog-oscal.json` so each framework identifier is emitted
as its own `{"name": "maps-to", "value": "..."}` entry, and apply the same
pattern to all similar occurrences referenced by the comment.

In `@artifacts/policies/sentinel_ai_release_gate_v24.rego`:
- Line 1: The package declaration in the Rego policy does not match the
conventional directory layout expected by Regal. Update the location of the
policy file or the package name around package sentinel.release.v24 so the
directory structure mirrors the package path (for example, a
sentinel/release/v24 hierarchy under policies), keeping the package and path
aligned.

In `@artifacts/roadmap-2026-2035.yaml`:
- Line 12: The roadmap phases use inconsistent window formats, so update the
`window` fields in the roadmap YAML to use one standardized date-range format
everywhere. Review the phase entries referenced by the roadmap schema/validator
and normalize all `window` values (including the ones for `2026-Q2_to_2026-Q4`,
`2027`, `2031-2032`, and `2033-2035`) to the same parseable convention so the
validator and downstream automation can handle them consistently.

In `@artifacts/validate_artifacts.py`:
- Around line 304-368: The validators duplicate the same “read text or raise
ValidationError” preamble, so extract that logic into a shared helper and reuse
it. Add a small function like read_required_text(path) that handles
Path.read_text and FileNotFoundError with the existing ValidationError message,
then update validate_rego_policy, validate_tla_spec, validate_circom_circuit,
and validate_extended_markdown_report to call it instead of repeating the
try/except block.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 06376665-c2db-4efc-bf14-fc6bfc48b196

📥 Commits

Reviewing files that changed from the base of the PR and between 835ef34 and 9472a1a.

⛔ Files ignored due to path filters (1)
  • artifacts/data/multi_jurisdiction_regulatory_mapping_2026_2035.csv is excluded by !**/*.csv
📒 Files selected for processing (13)
  • artifacts/README.md
  • artifacts/artifact-manifest-v1.json
  • artifacts/circuits/g_sri_systemic_risk.circom
  • artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md
  • artifacts/manifest-targets-v1.json
  • artifacts/oscal/sentinel-ai-control-catalog-oscal.json
  • artifacts/policies/sentinel_ai_release_gate_v24.rego
  • artifacts/roadmap-2026-2035.yaml
  • artifacts/templates/gc-ir-bridge-event.json
  • artifacts/templates/regulator-technical-report-2035.xml
  • artifacts/tla/OmniSentinelContainment.tla
  • artifacts/validate_artifacts.py
  • unit_tests/test_artifacts_validation.py

Comment thread artifacts/circuits/g_sri_systemic_risk.circom
Comment thread artifacts/policies/sentinel_ai_release_gate_v24.rego
Comment thread artifacts/tla/OmniSentinelContainment.tla
Comment thread artifacts/validate_artifacts.py
@netlify

netlify Bot commented Jul 6, 2026

Copy link
Copy Markdown

Deploy Preview for onefinestarstuff failed.

Name Link
🔨 Latest commit 9472a1a
🔍 Latest deploy log https://app.netlify.com/projects/onefinestarstuff/deploys/6a4b68e11730880009ccbb39

@OneFineStarstuff OneFineStarstuff enabled auto-merge (squash) July 6, 2026 10:41
@OneFineStarstuff OneFineStarstuff disabled auto-merge July 6, 2026 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

codex documentation Improvements or additions to documentation python Pull requests that update python code size/XXL

Projects

Development

Successfully merging this pull request may close these issues.

3 participants