Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,65 @@
- Forensic evidence export from Kafka+WORM stack.
- Post-incident corrective action tracking to closure.


Check notice on line 41 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L41

Expected: 1; Actual: 2
## 6) Daily DevSecOps Operational Checks — Omni-Sentinel Cognitive Execution Environment

This daily check is a **control-execution runbook**, not a substitute for live telemetry. Operators must attach signed dashboard exports, endpoint responses, attestation records, and WORM archive proofs before marking a row green.

Check notice on line 44 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L44

Expected: 80; Actual: 230

### 6.1 Evidence sources and control thresholds

| Check | System of record | Required evidence | Green threshold | Escalation trigger |

Check notice on line 48 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L48

Expected: 80; Actual: 87
|---|---|---|---|---|

Check notice on line 49 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L49

Table pipe is missing space to the right for style "compact"
| Sentinel telemetry dashboards | GAI-SOC dashboard, Sentinel v2.4 event API, WorkflowAI Pro workflow audit API | Signed daily dashboard export plus trace IDs for sampled model, agent, and tool events | All critical panels fresh within SLA; no unresolved SEV-1/SEV-2 alerts | Stale telemetry, unexplained event gaps, failed policy-decision correlation, or anomalous autonomous-tool activity |

Check notice on line 50 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L50

Expected: 80; Actual: 392
| Internal health endpoints | `/healthz`, `/readyz`, `/metrics`, `/policy/decision`, `/containment/state`, `/evidence/latest` | Endpoint transcript with timestamp, service identity, response digest, and mTLS peer certificate hash | All Tier-0/Tier-1 services return healthy/ready and policy decision latency remains within SLO | Any unhealthy critical service, missing mTLS identity, or degraded policy latency impacting containment |

Check notice on line 51 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L51

Expected: 80; Actual: 434
| Global Systemic Risk Index (G-SRI) | G-SRI aggregation service and G-Stack systemic-risk dashboard | Daily G-SRI value, component scores, confidence interval, and threshold policy version | `G-SRI < watch_threshold`; no component breach for liquidity, market-integrity, cyber, autonomy, or concentration dimensions | `G-SRI >= watch_threshold`, rapid day-over-day increase, low-confidence score, or conflicting component telemetry |

Check notice on line 52 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L52

Expected: 80; Actual: 434
| PQC WORM audit batches | `pqc_worm_logger.py`, Kafka evidence topics, AWS S3 Object Lock bucket | Batch manifest, Kafka offset range, post-quantum signature bundle, S3 object version ID, retention mode, legal-hold status, and chain hash | Batch committed on schedule; Object Lock governance/compliance mode and retention date match policy; chain hash verifies | Missing batch, late batch, signature failure, retention-mode drift, unexpected delete marker, or chain-hash mismatch |

Check notice on line 53 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L53

Expected: 80; Actual: 482
| TEE and TPM attestation | Attestation broker, enclave quote verifier, TPM event log collector | Quote verification result, PCR digest set, signer/MRENCLAVE or equivalent measurement, nonce, and verifier signature | `PCR_MATCH=TRUE`; approved enclave measurement; quote freshness within policy window | `PCR_MATCH=FALSE`, stale quote, unapproved measurement, verifier outage, or mismatch between Kubernetes node identity and attested identity |

Check notice on line 54 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L54

Expected: 80; Actual: 445
| OPA/Rego compliance-as-code | CI/CD policy gate and runtime PDP | Policy bundle digest, decision logs, test output, and exception register diff | No critical deny-to-allow override; all exceptions time-bound and approved | New critical exception, expired waiver, unreviewed policy bundle, or runtime PDP divergence from CI policy |

Check notice on line 55 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L55

Expected: 80; Actual: 333
| Red Dawn simulation readiness | Simulation controller and crisis-exercise backlog | Last drill date, scenario coverage, open action aging, and kill-switch proof | Latest scheduled scenario completed; corrective actions within SLA | Missed drill, failed kill-switch exercise, or recurring containment gap |

Check notice on line 56 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L56

Expected: 80; Actual: 307
| ZK compliance proof pipeline | Circom/Groth16 or zk-STARK prover, verifier contract/service, GC-IR bridge | Circuit version, proving key hash, verification key hash, proof transcript, public inputs, and regulator profile mapping | Proof verifies for required controls without exposing protected telemetry | Proof generation failure, verifier mismatch, stale circuit, or public-input leakage risk |

Check notice on line 57 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L57

Expected: 80; Actual: 399

### 6.2 Daily status template

```xml
<daily_operational_status date="YYYY-MM-DD" environment="prod|pre-prod" classification="confidential">
<title>Omni-Sentinel Daily DevSecOps Operational Check</title>
<abstract>
Point-in-time control-execution summary for Sentinel AI Governance Stack v2.4,
G-Stack, WorkflowAI Pro, Omni-Sentinel containment, GAI-SOC telemetry,
G-SRI systemic-risk scoring, PQC WORM evidence, TEE/TPM attestation,
OPA/Rego policy gates, Red Dawn simulations, and ZK compliance proofs.
</abstract>
<content>
<control id="OPS-SENTINEL-001" status="green|amber|red" evidence_uri="worm://..." />

Check notice on line 71 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L71

Expected: 80; Actual: 88
<control id="OPS-GSRI-001" status="green|amber|red" value="0.00" threshold="0.00" />

Check notice on line 72 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L72

Expected: 80; Actual: 88
<control id="OPS-WORM-001" status="green|amber|red" batch_id="..." s3_version_id="..." />

Check notice on line 73 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L73

Expected: 80; Actual: 93
<control id="OPS-ATTEST-001" status="green|amber|red" PCR_MATCH="TRUE|FALSE" quote_id="..." />

Check notice on line 74 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L74

Expected: 80; Actual: 98
<deviations>Summarize confirmed deviations, severity, owner, ETA, and compensating controls.</deviations>

Check notice on line 75 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L75

Expected: 80; Actual: 109
<emerging_agi_asi_containment_risks>Summarize new autonomy, replication, deception, tool-use, cyber, market-contagion, and data-exfiltration risks.</emerging_agi_asi_containment_risks>

Check notice on line 76 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L76

Expected: 80; Actual: 188
<recommended_remediation_actions>List prioritized engineering, risk, and governance actions.</recommended_remediation_actions>

Check notice on line 77 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L77

Expected: 80; Actual: 130
</content>
</daily_operational_status>
```

### 6.3 Deviation triage and remediation rules

- **Red**: failed containment, `PCR_MATCH=FALSE`, missing WORM batch, G-SRI threshold breach, or critical Sentinel telemetry outage. Freeze affected autonomous workflows, invoke incident command, preserve evidence, notify 2LOD/Legal, and prepare regulator notification analysis.

Check notice on line 84 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L84

Expected: 80; Actual: 278
- **Amber**: delayed batch, stale but recoverable dashboard, non-critical OPA divergence, unverified ZK proof, or overdue Red Dawn action. Open a time-bound remediation ticket, require named owner approval for continued operation, and increase monitoring frequency.

Check notice on line 85 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L85

Expected: 80; Actual: 265
- **Green with observation**: controls pass but trend indicators deteriorate. Record the observation, add it to the next model-governance forum, and review thresholds if the trend persists for three business days.

Check notice on line 86 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L86

Expected: 80; Actual: 213

### 6.4 Minimum command and API transcript pattern

```bash
sentinelctl dashboard export --since 24h --sign --out evidence/sentinel-dashboard.json
curl --fail --cert ops.pem --key ops.key https://sentinel.internal/containment/state
python3 pqc_worm_logger.py verify --window 24h --bucket s3://<object-lock-bucket>
attestctl verify --tee --tpm --require-pcr-match --nonce-from kms
opa test policies/ --coverage --format=json
zkctl verify --profile gsifi-oscal --proof evidence/gsri-proof.json
```

Store command output in the WORM evidence plane with the operator identity, build/version metadata, monotonic timestamp, trace ID, and SHA-384 digest.

Check notice on line 99 in docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md#L99

Expected: 80; Actual: 150


</content>
61 changes: 61 additions & 0 deletions docs/reports/INSTITUTIONAL_GRADE_AGI_ASI_GOVERNANCE_2026_2030.md
Original file line number Diff line number Diff line change
Expand Up @@ -388,6 +388,67 @@ resource "kafka_acl" "policy_decisions_read" {

---


## 9.3 Extension Roadmap (2031–2035): Perpetual Assurance and ZK Regulatory Compliance

| Horizon | Enterprise-grade capability target | Technical implementation milestones | Assurance and regulator evidence |
|---|---|---|---|
| 2031 | Perpetual assurance fabric for AI, agents, and frontier compute | Normalize BBOM, model cards, system cards, policy bundles, attestation quotes, and incident records into an append-only evidence graph | Continuous OSCAL assessment results, signed evidence manifests, and auditor replay APIs |
| 2032 | Privacy-preserving supervisory reporting | Deploy Circom/Groth16 systemic-risk circuits for near-term deterministic controls and evaluate zk-STARK proofs for transparent, post-quantum-friendly assurance at scale | Verifier transcripts proving control satisfaction without exposing customer data, model weights, prompts, or proprietary trading telemetry |
| 2033 | Cross-institution systemic-risk interoperability | Implement GC-IR bridges that translate G-SRI components, incident categories, and control states into jurisdiction-specific regulator profiles | Multi-jurisdiction proof packs for EU, UK, US, Singapore, Hong Kong, and Basel-aligned supervisors |
| 2034 | Autonomous Supervisory Agents with constrained authority | Deploy read-only or approval-gated agents for evidence sampling, exception aging analysis, policy-drift detection, and regulator Q&A preparation | Agent action logs, policy constraints, human approvals, and formally verified authority boundaries |
| 2035 | Civilizational-scale containment and resilience drills | Run Red Dawn systemic simulations across liquidity shocks, AI-enabled cyber contagion, deceptive-agent behavior, and cross-border market coordination scenarios | Board-ready and regulator-ready technical dossiers with TLA+ invariant results, OPA decision traces, WORM hashes, and ZK verification proofs |

## 9.4 Reference Architecture: Sentinel AI Governance Stack v2.4, G-Stack, and Omni-Sentinel

```text
[Model/Agent Runtime]
-> governance sidecar (OPA/Rego PDP, tool allowlist, kill-switch hooks)
-> WorkflowAI Pro orchestration (planner/executor/verifier separation)
-> Sentinel AI Governance Stack v2.4 (inventory, policy, monitoring, evidence)
-> GAI-SOC telemetry lake (events, traces, alerts, CRP divergence, containment state)
-> G-Stack systemic-risk services (G-SRI scoring, Red Dawn scenario controller)
-> Kafka PQC evidence bus (signed topics, offset manifests, chain hashes)
-> WORM archive (S3 Object Lock, legal hold, retention policy, access logs)
-> BBOM/perpetual assurance graph (build, model, data, policy, attestation lineage)
-> ZK proof layer (Circom/Groth16, zk-STARK proofs, GC-IR regulator bridges)
-> Supervisory portal/API (OSCAL profiles, regulator packets, proof verification)
```

### Core design requirements

1. **Control plane isolation**: Sentinel policy administration, OPA bundle publication, WORM retention policy, and attestation trust roots must be isolated from model-runtime administrators.
2. **Evidence plane immutability**: Kafka evidence topics must be append-only, signed, schema-validated, and archived to WORM storage with retention and legal-hold metadata.
3. **Containment plane determinism**: kill-switch, safe-mode, egress-deny, tool revocation, and compute-quota enforcement must not depend on best-effort analytics paths.
4. **Assurance plane cryptography**: ZK proofs should attest to threshold compliance, control execution, and G-SRI bounds while minimizing disclosure of protected telemetry.
5. **Regulator profile portability**: OSCAL control catalogs and regulator profiles should map one canonical control to jurisdiction-specific evidence expectations and notification thresholds.

## 9.5 Formal Safety and Containment Invariants

TLA+ specifications should model at least the following invariants before high-autonomy workflows enter production:

- **No unapproved escalation**: an agent cannot acquire a new privileged tool, data domain, or network route unless a signed policy decision and required human approval exist.
- **Containment dominance**: safe-mode and kill-switch decisions override workflow-completion and business-priority objectives.
- **Evidence completeness**: every material model, agent, policy, and containment decision has a trace ID, policy bundle digest, and immutable evidence record.
- **Attested execution**: critical inference, policy, and evidence services run only on nodes with valid TEE/TPM attestation and `PCR_MATCH=TRUE`.
- **Systemic-risk guardrail**: if G-SRI reaches the watch threshold or confidence falls below policy minimum, autonomous expansion and privileged tool use are suspended until reviewed.

OPA/Rego gates should enforce the runtime analogues of these invariants in CI/CD and production, with unit tests checked into the same repository as the policy bundle.

## 9.6 ZK-Proof Compliance Model for G-SRI and Control Assertions

A regulator-facing proof pack should separate private witnesses from public inputs:

| Circuit/proof domain | Private witness examples | Public inputs | Proof objective |
|---|---|---|---|
| G-SRI threshold proof | Institution-level telemetry, incident counts, exposure weights, concentration data | Circuit version, regulator profile, threshold, reporting period, salted commitment root | Prove G-SRI remains below threshold without revealing sensitive positions or customer data |
| WORM evidence proof | Object keys, Kafka offsets, chain-hash links, retention metadata | Batch commitment, retention policy ID, timestamp window | Prove all required evidence batches were committed and retained |
| Attestation proof | Raw quote material, PCR digest details, node identity mapping | Approved measurement root, verifier signature, freshness window | Prove critical services ran on approved attested infrastructure |
| Policy-compliance proof | Decision payloads, risk-tier attributes, exception details | Policy bundle digest, control IDs, pass/fail aggregate | Prove material decisions satisfied required OPA/Rego controls |

Near-term deployments can use Circom/Groth16 for stable, high-value deterministic circuits. Medium-term deployments should add zk-STARK verification where transparency, prover scalability, and post-quantum resilience outweigh proof-size constraints. All proof systems require key-management, circuit-change control, verifier-version governance, and negative-test evidence.


## 10. Report Templates for Boards, Regulators, and Engineering Teams

## 10.1 Board quarterly pack
Expand Down
51 changes: 51 additions & 0 deletions docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,55 @@
- Evidence custodian role for artifact provenance and chain-of-custody.
- Real-time replay support for selected model/agent decisions.


Check notice on line 50 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L50

Expected: 1; Actual: 2
## 5) Regulator-Ready Technical Report Structures

Use the following structures for supervisory submissions, recurring operating attestations, and urgent containment updates. Each report must include immutable evidence URIs, signer identity, control owner, regulator profile, and the applicable OSCAL control mapping.

Check notice on line 53 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L53

Expected: 80; Actual: 266

```xml
<title>Daily Omni-Sentinel DevSecOps and Containment Attestation</title>
<abstract>
Point-in-time evidence summary covering Sentinel telemetry freshness, G-SRI status,
PQC WORM audit-batch completion, TEE/TPM attestation, OPA/Rego policy enforcement,
Red Dawn readiness, and ZK compliance-proof verification.
</abstract>
<content>
<section id="operational_status">Green/amber/red status by control domain with evidence references.</section>

Check notice on line 63 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L63

Expected: 80; Actual: 111
<section id="deviations">Confirmed deviations, severity, compensating controls, owner, and target remediation date.</section>

Check notice on line 64 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L64

Expected: 80; Actual: 127
<section id="containment_risks">Emerging AGI/ASI risks across autonomy, deception, replication, cyber, market integrity, and exfiltration.</section>

Check notice on line 65 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L65

Expected: 80; Actual: 150
<section id="remediation">Prioritized remediation actions and regulator-notification assessment.</section>

Check notice on line 66 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L66

Expected: 80; Actual: 108
</content>
```

```xml
<title>G-SRI Privacy-Preserving Systemic Risk Compliance Proof</title>
<abstract>
Zero-knowledge proof package demonstrating that systemic-risk indicators remain within

Check notice on line 73 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L73

Expected: 80; Actual: 86
approved thresholds for the reporting period without disclosing protected institution,
customer, model, prompt, trading, or security telemetry.
</abstract>
<content>
<section id="public_inputs">Regulator profile, threshold, reporting period, circuit version, and commitment roots.</section>

Check notice on line 78 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L78

Expected: 80; Actual: 126
<section id="verification">Verifier result, verification key hash, proof-system version, and negative-test coverage.</section>

Check notice on line 79 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L79

Expected: 80; Actual: 128
<section id="control_mapping">OSCAL control IDs and jurisdictional obligations satisfied by the proof.</section>

Check notice on line 80 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L80

Expected: 80; Actual: 114
<section id="exceptions">Any failed, stale, or waived proof obligations and remediation plan.</section>

Check notice on line 81 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L81

Expected: 80; Actual: 105
</content>
```

```xml
<title>Red Dawn AGI/ASI Containment Simulation Technical Dossier</title>
<abstract>
Technical dossier for systemic containment exercises covering scenario design,
formal invariants, telemetry, kill-switch execution, incident-command decisions,
post-exercise findings, and control improvements.
</abstract>
<content>
<section id="scenario">Scenario assumptions, threat model, scope, and participating services.</section>

Check notice on line 93 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L93

Expected: 80; Actual: 105
<section id="formal_methods">TLA+ safety invariants, model-checking results, and unresolved counterexamples.</section>

Check notice on line 94 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L94

Expected: 80; Actual: 120
<section id="execution_evidence">Sentinel traces, OPA decisions, WORM hashes, attestation records, and operator actions.</section>

Check notice on line 95 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L95

Expected: 80; Actual: 132
<section id="lessons_learned">Findings, root causes, owners, due dates, and validation plan.</section>

Check notice on line 96 in docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md#L96

Expected: 80; Actual: 104
</content>
Comment thread
OneFineStarstuff marked this conversation as resolved.
```


</content>
62 changes: 62 additions & 0 deletions tool_tests/test_validate_governance_reports.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
validate_manifest,
validate_manifest_schema,
validate_readme_index,
markdown_without_fenced_code_blocks,
)


Expand All @@ -31,7 +32,29 @@
path.write_text(json.dumps(payload, indent=2), encoding="utf-8")


class ValidateGovernanceReportsTests(unittest.TestCase):

Check notice on line 35 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

codefactor.io / CodeFactor

tool_tests/test_validate_governance_reports.py#L35

Too many public methods (22/20) (too-many-public-methods)
def test_markdown_without_fenced_code_blocks_handles_markdown_fence_variants(self):

Check notice on line 36 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

codefactor.io / CodeFactor

tool_tests/test_validate_governance_reports.py#L36

Missing function or method docstring (missing-function-docstring)

Check notice on line 36 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

tool_tests/test_validate_governance_reports.py#L36

Missing function or method docstring
text = (
"keep before\n"
" ```xml\n"
"<title>Ignored</title>\n"
"```` not a closer because it is inside the fenced block content\n"
" ```\n"
"keep middle\n"
"~~~~ json\n"
"## Ignored Heading\n"
"~~~~~~\n"
"keep after\n"
)

stripped = markdown_without_fenced_code_blocks(text)

self.assertIn("keep before", stripped)
self.assertIn("keep middle", stripped)
self.assertIn("keep after", stripped)
self.assertNotIn("<title>Ignored</title>", stripped)
self.assertNotIn("## Ignored Heading", stripped)

def test_validate_file_accepts_valid_document(self):
with tempfile.TemporaryDirectory() as tmpdir:
path = Path(tmpdir) / "doc.md"
Expand Down Expand Up @@ -84,6 +107,45 @@
errors = validate_file(path, ["## Required Heading"])
self.assertTrue(any("expected exactly one <content> block" in e for e in errors))

def test_validate_file_ignores_wrapper_tags_inside_fenced_code_blocks(self):

Check notice on line 110 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

codefactor.io / CodeFactor

tool_tests/test_validate_governance_reports.py#L110

Missing function or method docstring (missing-function-docstring)

Check notice on line 110 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

tool_tests/test_validate_governance_reports.py#L110

Missing function or method docstring
with tempfile.TemporaryDirectory() as tmpdir:
path = Path(tmpdir) / "doc.md"
path.write_text(
VALID_DOC
+ """
```xml
<title>Example Regulator Template</title>
<abstract>Example abstract.</abstract>
<content>Example content.</content>
```
""",
encoding="utf-8",
)
errors = validate_file(path, ["## Required Heading"])
self.assertEqual(errors, [])

def test_validate_file_does_not_accept_required_headings_inside_fenced_code_blocks(self):

Check notice on line 127 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

codefactor.io / CodeFactor

tool_tests/test_validate_governance_reports.py#L127

Missing function or method docstring (missing-function-docstring)

Check notice on line 127 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

tool_tests/test_validate_governance_reports.py#L127

Method test_validate_file_does_not_accept_required_headings_inside_fenced_code_blocks has 21 lines of code (limit is 20)

Check notice on line 127 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

tool_tests/test_validate_governance_reports.py#L127

Missing function or method docstring
with tempfile.TemporaryDirectory() as tmpdir:
path = Path(tmpdir) / "doc.md"
path.write_text(
"""<title>
Sample Title For Validation
</title>
<abstract>
Short abstract text.
</abstract>
<content>
```markdown
## Required Heading
```
Body without the required heading outside examples.
</content>
""",
encoding="utf-8",
)
errors = validate_file(path, ["## Required Heading"])
self.assertTrue(any("missing required heading" in e for e in errors))

def test_validate_file_rejects_missing_file(self):
with tempfile.TemporaryDirectory() as tmpdir:
missing = Path(tmpdir) / "missing.md"
Expand Down Expand Up @@ -337,7 +399,7 @@
capture_output=True,
text=True,
)
payload = json.loads(result.stdout.strip())

Check warning on line 402 in tool_tests/test_validate_governance_reports.py

View check run for this annotation

Precaution / Precaution Basic

PY009: Deserialization of Untrusted Data

Potential unsafe usage of 'json.loads' that can allow instantiation of arbitrary objects.
self.assertEqual(payload["status"], "passed")
self.assertIn("validated_report_files", payload)

Expand Down
Loading
Loading