OneFineStarstuff.github.io
835ef34d - Decadal Strategic & Technical Plan 2026–2035 (Sentinel v2.4 / Omni-Sentinel Mesh v4.0 / SCP v3.0) (#139)

Commit
8 days ago
Decadal Strategic & Technical Plan 2026–2035 (Sentinel v2.4 / Omni-Sentinel Mesh v4.0 / SCP v3.0) (#139) * docs(governance): consolidated Decadal Strategic & Technical Plan 2026-2035 Authoritative consolidation of Sentinel v2.4 / Omni-Sentinel Mesh v4.0 / SCP v3.0 program. Every technical claim anchored to a runnable, verified in-repo artifact (11/11 assurance checks green), with A/B/C/D feasibility tiering and an explicit integrity statement that ASI containment is control discipline, not a safety proof. Covers: zero-trust TEE architecture (TDX/SEV-SNP + vTPM PCR_MATCH); confidential enclave deployment + remote attestation; StaR-MoE (SARA+ACR) routing stabilization; telemetry attestation + G-SRI; PQC WORM (ML-DSA-65/Dilithium/SPHINCS+ + Kafka/S3 Object Lock); zk systemic-risk proofs (Circom/Groth16 -> zk-STARK migration) + zk-SNARK/zk-STARK relayer pipelines; OSCAL 1.1.2 + OPA/Rego compliance-as-code with mappings to EU AI Act/Annex IV, NIST AI RMF, ISO/IEC 42001, Basel III/IV, DORA, NIS2, GDPR Art.22, MAS/HKMA FEAT, FCA SMCR, ECOA, ICGC/GASO; TLA+ SentinelContainmentProtocol + SIP v3.0 invariants; HSM + Terraform multi-region enclaves; GIEN/SIP v3.0 federated collective defense; security-review patterns (Solidity/OPA/React); 24h monitor + integrity checks; zkML transition-validity; OmegaActual dead-man's switch; DevSecOps/ GitOps (ArgoCD/Flux); 6-month 2028 G-SIFI pilot; supervisory adoption model; KPIs/KRIs; phased roadmap through 2035 (consistent with roadmap_2026_2035.yaml); verification ledger. All cross-referenced artifacts confirmed present; roadmap YAML parses (5 phases + 4 ext). * feat(governance): roadmap phases 5-8 first-class, runnable 2028 pilot gates, close dashboard High findings - Roadmap YAML: promoted extension entries to first-class segments phase_5..phase_8 (2031-2035), each with feasibility_tier, objectives, exit_criteria, and gating preconditions for the Tier C/D phases. 9 phases total; YAML parses clean. - Pilot: governance_artifacts/pilot/run_pilot_acceptance_gates.py operationalizes decadal-plan section 14 as a runnable checklist. Executes the 6 Tier-A gates (terraform validate, OPA gates, PQC WORM tamper, containment TLC, zk relayer, full assurance) and reports 6 Tier-B/hardware gates as PENDING-EVIDENCE with precise criteria (never faked). Current: 6/6 automated gates PASS. + README. - Dashboard security: closed DASH-01/02/03/05/08. * lib/auth/session.ts - HMAC-signed tokens; principal derived server-side only (Bearer/cookie), constant-time sig check, expiry enforced; canAccessSubject authz. * lib/http/guard.ts - 16 KiB body cap + safe JSON parse; SSE/log-injection sanitizer. * consent route: identity bound to authenticated principal (no body userId); export requires ownership or dpo role (IDOR closed). * chat stream route: authn + body cap; unauthenticated GET text-gen removed; moderation 'block' now ENFORCED (suppresses reply); SSE values sanitized. * intent route: authn + body cap + validation. * tests rewritten to assert FIXED behaviour: vitest 14/14 pass (11 security + 3 gov). * DASHBOARD_SECURITY_REVIEW.md status table updated (Resolved/Open). * My new files typecheck clean (0 TS errors); pre-existing repo TS errors untouched. - Decadal plan: noted first-class phases 0-8 and the runnable pilot checklist. Regression: run_runnable_assurance.sh still 11/11 PASS. * feat(dashboard+ci): close DASH-04/06/07, add login route, wire CI for pilot + dashboard tests Dashboard security — all 8 findings now resolved (was 5/8): - DASH-04: app/api/risk/scores returns synthetic:true + DEMO disclaimer so mock series can't be mistaken for an SR 11-7 model output. - DASH-06: next.config.js sets CSP + X-Content-Type-Options/X-Frame-Options/ Referrer-Policy/Permissions-Policy/HSTS; middleware.ts + lib/http/rateLimit.ts add per-client rate limiting (120 req/min) on /api/*. - DASH-07: consentLedger.ts signs each event hash (HMAC stand-in for the Dilithium/ML-DSA HSM signer), verifies the chain on export, and FAILS CLOSED on prevHash read errors (no silent new chain). Also fixed pre-existing invalid 'catch (e: Error)' TypeScript in this file. - Added app/api/auth/login/route.ts: demo login issuing a signed, HttpOnly, SameSite=Strict sentinel_session cookie via mintToken (real IdP/OIDC in prod). - Tests extended to assert the fixes: vitest 19/19 pass (16 security + 3 gov). New/modified files typecheck clean (0 TS errors). CI (.github/workflows/runnable-assurance.yml): - Install solc (contracts) so assurance steps 7 (zk relayer) + 10 (contract compile) actually run in CI; install Terraform 1.9.8 for the pilot IaC gate. - Add contract-logic pytest to unit tests. - Add '2028 pilot acceptance-gate checklist' step (6/6 automated gates). - Add separate 'dashboard-tests' job running next-app vitest. - Trigger on governance_blueprint/** and next-app/** too. Regression: run_runnable_assurance.sh 11/11 PASS; pilot 6/6 automated; vitest 19/19. * feat(oscal): runnable OSCAL 1.1.2 catalog conformance validator (12th assurance check) Closes a real compliance-as-code integrity gap: the OSCAL control catalogs carried machine-readable cross-references (tla-spec / rego-policy / circuit / simulator props and regime #href links) that nothing verified, and the regime links were in fact DANGLING (catalogs had no back-matter). - governance_artifacts/oscal/oscal_conformance.py (new): for every control in every catalog under oscal/, runs 8 falsifiable checks — C1 OSCAL 1.1.2 structure (catalog/metadata/groups, id + statement part) C2 feasibility-tier in {A,B,C,D} C3 freshness-sla is a valid ISO-8601 duration (or P.../P... retest pair) C4 tla-spec resolves to a real .tla module (handles Module::label) C5 rego-policy resolves to a real declared package C6 circuit logical id resolves via CIRCUIT_REGISTRY to a real .circom file C7 simulator path exists on disk C8 every internal #href resolves to a back-matter anchor (no dangling) --json for machine-readable output; exit non-zero on any failure. Result on repo catalogs: 43 passed, 0 failed across 2 catalogs. - Both catalogs: added back-matter resources defining each regime anchor (EU AI Act Art.12/14/15, DORA ICT-risk/resilience, Basel op-risk, NIST AI RMF MEASURE, SR 11-7, plus Tier-C/D design fixtures clearly remarked as speculative), so the previously-dangling regime links now resolve. - run_runnable_assurance.sh: renumbered to 12 steps; new step 12 runs the validator. Suite now 12/12 PASS. - tests/governance/test_governance_artifacts.py: +2 tests — positive (repo catalogs conform) and negative (a catalog with a dangling href / bad tla-spec / bad tier / bad SLA fails with exit 1), proving the check is not vacuous. - CI: unit-test job also runs the OSCAL pytest (-k oscal). - Docs synced to 12/12: RUNNABLE_ASSURANCE.md (new row 12), DECADAL plan (verification ledger + counts), pilot checklist P6-REPRO + README. Tier A (in-repo cross-reference integrity). Does NOT assert the named regimes are satisfied in production — only that the catalog's claims are internally consistent and anchored to real, runnable artifacts. Regression: assurance 12/12 PASS; pilot 6/6 automated PASS; governance pytest 12/12. * feat(oscal): OSCAL-native Annex IV dossier generator (13th assurance check) Turns the now-verified OSCAL catalogs + live assurance evidence into an auto-assembled EU AI Act Annex IV technical-documentation dossier — the regulator deliverable the compliance-as-code stack was built to produce. New artifacts: - governance_artifacts/oscal/annex_iv_section_map.yaml: auditable bridge mapping each Annex IV section (A-H) to the OSCAL control ids that evidence it, plus a provider narrative. Control ids must exist in a catalog (no dangling refs). - governance_artifacts/oscal/generate_annex_iv_dossier.py: assembles an OSCAL-flavoured JSON dossier + human-readable Markdown. For each section it resolves controls, pulls statement/tier/SLA/regime-citation/evidence-query, and attaches LIVE evidence by running each control's backing assurance check (TLA+ TLC, PQC WORM pytest, zk proof, routing simulator). Honesty model: * SATISFIED only when a mapped control's runnable check passed in this run; * PARTIAL when runnable-backed but not green this run; * PENDING-EVIDENCE for organisational/hardware-dependent evidence (e.g. env-02 enclave key custody, reported truthfully as n/a organisational). Refuses to assemble on a non-conformant catalog or an unknown control id. Embeds an integrity statement: assembly-integrity artifact, NOT a conformity assessment; does not assert the institution is compliant. Result on repo: 8/8 sections SATISFIED, catalog conformance 0 failures. - governance_artifacts/oscal/generated/annex_iv_dossier.{json,md}: sample output. - governance_artifacts/oscal/README.md: documents the OSCAL tooling + honesty model. Wired in: - run_runnable_assurance.sh: renumbered to 13 steps; step 13 verifies the dossier assembles end-to-end (8 sections A-H, 0 conformance failures). Suite 13/13 PASS. - tests/governance/test_governance_artifacts.py: +3 tests — all section-map controls resolve; live-evidence assembly (SATISFIED implies a green check; integrity statement disclaims conformity); --no-verify never fabricates SATISFIED. Governance pytest 15/15. - CI: unit-test job runs '-k "oscal or annex"'; new steps assemble the dossier with live evidence and upload it as a build artifact (annex-iv-dossier). - Docs synced to 13/13: RUNNABLE_ASSURANCE.md (new row 13 + count), DECADAL plan (ledger + counts), pilot P6-REPRO + README. Tier A (assembly integrity). Regression: assurance 13/13 PASS; pilot 6/6 automated; governance pytest 15/15. * feat(oscal): multi-framework regulator deliverables — DORA ICT-risk register + NIST AI RMF crosswalk (14th & 15th assurance checks) One verified OSCAL 1.1.2 catalog (source of truth) -> multiple regulator deliverables. Extends the round-4 Annex IV dossier generator to two more frameworks, all assembled from the same conformance-verified catalog + live re-run evidence. New shared engine: - crosswalk_common.py: load_catalogs, CONTROL_EVIDENCE, run_conformance (refuses to assemble against a non-conformant catalog), EvidenceRunner (re-runs each control's backing assurance check this run), status_for (SATISFIED / PARTIAL / PENDING-EVIDENCE), resolve_controls. New deliverables (Tier A, runnable): - generate_dora_ict_register.py + dora_framework_map.yaml: DORA (Reg. (EU) 2022/2554) 5-pillar ICT-risk register. Result 3/5 pillars SATISFIED; P4 (third-party) and P5 (info-sharing) reported as HONEST coverage gaps (is_coverage_gap=true, PENDING-EVIDENCE), not hidden. - generate_nist_rmf_crosswalk.py + nist_ai_rmf_map.yaml: NIST AI RMF 1.0 4-function (GOVERN/MAP/MEASURE/MANAGE) crosswalk with per-function coverage analysis. Result 4/4 functions SATISFIED (100%). - generated/{dora_ict_register,nist_ai_rmf_crosswalk}.{json,md} samples. Honesty guarantees (preserved): each generator embeds an integrity_statement ('not a DORA conformity attestation' / 'not a certification'); both refuse a non-conformant catalog and raise on unknown control ids (falsifiable — negative tests confirm exit 1). Wiring: - run_runnable_assurance.sh: 13 -> 15 steps (14=DORA, 15=NIST), using --no-verify --print piped to inline python validators. - tests/governance: +3 tests (18 total): DORA gaps reported, NIST full coverage with live evidence, and --no-verify does not fabricate SATISFIED. - CI: pytest selector adds dora/nist/crosswalk; assembles all 3 deliverables and uploads them as the 'regulator-deliverables' artifact. Docs synced: RUNNABLE_ASSURANCE.md (rows 14-15, thirteen->fifteen), DECADAL plan (13/13 -> 15/15 + 2 verification-ledger rows), pilot P6-REPRO 15/15, oscal/README.md. Verification (this commit): - bash governance_artifacts/run_runnable_assurance.sh -> 15/15 PASS - pytest tests/governance/test_governance_artifacts.py -> 18 passed - pilot acceptance gates -> 6/6 automated PASS (P6-REPRO 15/15) - DORA 3/5 SATISFIED (P4/P5 gaps); NIST 4/4 SATISFIED (100%); catalog conformance 0 failures for both. * feat(packaging): verified distribution-bundle packager — finalize, package & distribute the stack (16th assurance check) Adds the 'finalize, package, and distribute' step the stack has been building toward: instead of asserting regulator-readiness in prose, this PRODUCES an auditable, tamper-evident distribution bundle whose contents are exactly the artifacts that passed THIS run. New tool — governance_artifacts/package_distribution_bundle.py: - Re-runs the 3 OSCAL-native regulator-deliverable generators with LIVE evidence (Annex IV dossier, DORA ICT-risk register, NIST AI RMF crosswalk). - Collects all 6 deliverable artifacts (JSON+MD) into governance_artifacts/dist/. - Emits MANIFEST.json: per-artifact SHA-256 + byte size, the live SATISFIED/PARTIAL/PENDING-EVIDENCE status per unit, declared coverage gaps, and a single bundle_sha256 = SHA-256 over the sorted per-artifact digests (whole-bundle tamper evidence). - Writes a regulator-facing DISTRIBUTION_README.md + a guided EXECUTION_CHECKLIST.md (command-by-command independent reproduction). - --with-suite runs the full runnable-assurance suite and gates on it. Honesty guarantees (falsifiable): - REFUSES to package (exit 1) if any deliverable reports a catalog-conformance failure — verified by a negative test (monkeypatched conformance failure). - bundle_sha256 recomputes from the per-artifact digests (verified in suite + test). - Coverage gaps (DORA P4/P5) are reported, never inflated to SATISFIED. - Explicitly an assembly-integrity + reproducibility bundle, NOT a conformity assessment, certification, or safety proof; ASI containment is a control discipline, not a guarantee. Result this run: 6 artifacts across 3 deliverables; 15/17 units SATISFIED; 2 declared gaps (DORA P4/P5); all catalogs conformant. Wiring: - run_runnable_assurance.sh: 15 -> 16 steps (step 16 packages the bundle, --no-regenerate --print, asserts 3 deliverables / 6 artifacts / digest recomputes / all conformant). - tests/governance: +3 tests -> 21 total (manifest tamper-evidence, DORA gaps not hidden, refuses non-conformant deliverable). - CI: pytest selector adds 'bundle'; packages bundle with --with-suite and uploads it as the 'distribution-bundle' artifact (dist/ stays gitignored — fully reproducible output). Docs synced: RUNNABLE_ASSURANCE.md (row 16, fifteen->sixteen), DECADAL plan (15/15 -> 16/16 + verification-ledger row), pilot P6-REPRO 16/16, governance_artifacts/README.md (package & distribute section), oscal/README.md. Verification (this commit): - bash governance_artifacts/run_runnable_assurance.sh -> 16/16 PASS - pytest tests/governance/test_governance_artifacts.py -> 21 passed - pilot acceptance gates -> 6/6 automated PASS (P6-REPRO 16/16) * fix(packaging): make distribution bundle deterministically reproducible (content_digest) Closes a real honesty gap in the round-6 packager: the EXECUTION_CHECKLIST claimed the bundle digest "matches the value above (timestamps aside)", but bundle_sha256 in fact changed on EVERY regeneration because each deliverable embeds a fresh generated_at timestamp. A supervisor following the checklist would get a different digest each run, undermining the reproducibility claim. Root cause (verified): the ONLY non-deterministic content in a deliverable is the ISO-8601 generated_at instant (JSON "generated_at" + Markdown **Generated:**). All live evidence and everything else is byte-stable. Fix - two distinct digests, each with a clear purpose: - bundle_sha256 (provenance / tamper-evidence): SHA-256 over the sorted per-artifact BYTE digests. Pins THIS exact build; changes each run. Use to detect tampering with a specific distributed bundle. - content_digest (reproducibility): SHA-256 over the sorted per-artifact digests with embedded ISO-8601 instants normalized to a fixed sentinel. Depends only on the catalog + live-evidence state, so an independent party who re-runs the generators derives the SAME value. VERIFIED stable across 3+ regenerations (f6fa38c7...) while bundle_sha256 varies. Each artifact entry now carries both sha256 and content_sha256. Honesty wording corrected: - DISTRIBUTION_README.md: new 'Two digests, two purposes' section. - EXECUTION_CHECKLIST.md: step 4 now says compare the CONTENT digest (stable), not bundle_sha256; step 5 adds a runnable standalone command to recompute an artifact's content_sha256 (verified to match the manifest). Wiring: - run_runnable_assurance.sh step 16: now asserts BOTH digests recompute and that they are distinct. - tests/governance: +2 tests -> 23 total: content_digest reproducible across regenerations + recomputes; timestamp normalization changes byte digest only (falsifiable - a real content change still moves the normalized digest). - RUNNABLE_ASSURANCE.md row 16, governance_artifacts/README.md, DECADAL ledger row updated to document the two-digest model. Verification (this commit): - bash governance_artifacts/run_runnable_assurance.sh -> 16/16 PASS - pytest tests/governance/test_governance_artifacts.py -> 23 passed - pilot acceptance gates -> 6/6 automated PASS - content_digest stable across 3 regenerations; bundle_sha256 varies as intended * feat(assurance): recipient-side bundle verifier + detached ML-DSA-65 manifest signing (17th assurance check) Closes the trust gap left by the round-6/7 packager: a bundle recipient previously had to trust the packager's own digest arithmetic. This adds the missing recipient-side half of the distribution story. New tool — governance_artifacts/verify_distribution_bundle.py: - Standalone and deliberately INDEPENDENT: stdlib-only (optional dilithium-py only for the signature branch) and never imports the packager — the digest rules (byte SHA-256, timestamp-normalized content SHA-256, sorted-digest bundle digests) are re-implemented from scratch so a bug or backdoor in the packager cannot vouch for itself (enforced by an AST-based test). - 10 named, falsifiable checks: manifest-parse, artifact-presence, artifact-byte-digest, artifact-content-digest, bundle-digest-recompute, content-digest-recompute, digests-distinct, summary-consistency, conformance-claims, signature. - summary-consistency recomputes the manifest's claimed unit counts / coverage gaps / conformance from the bundled deliverable JSONs themselves — a manifest that inflates units_satisfied or hides a DORA P4/P5 gap FAILS even if every digest still recomputes. - Exit 0 iff every executed check passes; missing dilithium-py reports the signature check SKIPPED (never silently passed); --require-signature turns absence/skip into FAIL. Packager — package_distribution_bundle.py --sign / --signing-key: - Emits a detached ML-DSA-65 (FIPS 204) MANIFEST.sig.json over the EXACT MANIFEST.json bytes, embedding the public key + its SHA-256 fingerprint. - Honest key semantics: --signing-key FILE persists one signing identity (0600) so fingerprints are stable across bundles; without it the key is EPHEMERAL and the signature file says so (key_persistence) — it then proves integrity-since-packaging, not identity. Identity always requires an out-of-band fingerprint comparison (stated in the artifact). Wiring: - run_runnable_assurance.sh: 16 -> 17 steps. Step 17 packages a signed bundle and verifies it with the independent verifier in strict --require-signature mode, asserting all 10 checks PASS. - Generated DISTRIBUTION_README.md + EXECUTION_CHECKLIST.md now include a 'verify as received' section / step 6 for the recipient. - RUNNABLE_ASSURANCE.md: row 17 documented. - Refreshed generated OSCAL deliverables from the final suite run. Tamper negatives (all verified by tests, 30/30 governance tests pass): - Artifact byte edit -> artifact-byte-digest + artifact-content-digest FAIL. - Forged manifest claims (inflated SATISFIED, hidden gaps) -> summary-consistency FAILs (and the signature breaks). - Single-byte whitespace change to MANIFEST.json with digests intact -> ONLY the ML-DSA-65 signature check fails (precise localization). - --require-signature on an unsigned bundle -> FAILED with explicit error. - Persistent-key double-signing -> identical public-key fingerprints; both bundles VERIFIED in strict mode. Full suite result: 17/17 runnable assurance checks PASS. * feat(assurance): evidence freshness-SLA gate — catalog SLAs enforced against a digest-protected ledger (18th assurance check) The OSCAL catalogs declare per-control freshness-sla props (env-01 PT5M, cry-02/rte-01 P1D, con-07 P7D, cry-05 P3M, con-04 P1D/P90D) but check C3 only validated their FORMAT — nothing recorded when evidence was produced and nothing failed when it went stale. The SLA was prose. This makes it enforced. New tool — governance_artifacts/check_evidence_freshness.py: - --run executes every control's mapped runnable assurance check using the SAME single-source-of-truth CONTROL_EVIDENCE map the regulator deliverable generators use (no parallel drift-prone map) and writes a freshness ledger (oscal/generated/evidence_freshness_ledger.json) recording pass/fail, the UTC instant evidence was produced, and duration. Entries are protected by a SHA-256 ledger digest over the canonical entries JSON. - --audit enforces each catalog-declared SLA against those instants with named, falsifiable checks: ledger-digest, evidence-recorded, evidence-passed, evidence-fresh. Per-control statuses: FRESH / STALE / FAILED / NOT-RECORDED / FUTURE-DATED / SLA-MISSING / SLA-MALFORMED / NOT-RUNNABLE. Exit 0 iff every runnable control is recorded, passed and fresh with an intact digest. - Honest semantics: organisational-evidence controls (env-02) are disclosed NOT-RUNNABLE, never counted fresh and never silently passed; a failed check is never fresh; future-dated evidence (forged timestamp/clock skew) fails; a missing ledger fails, never passes vacuously. Stated conversion convention (1M=30d, 1Y=365d; compound P1D/P90D enforces the first period) so audits are reproducible. The ledger digest detects casual edits, is NOT a signature — pair with the ML-DSA-65-signed bundle (checks 16/17) for signed provenance. --as-of enables reproducible point-in-time audits. Wiring: - run_runnable_assurance.sh: 17 -> 18 steps. Step 18 runs --run --audit --print and asserts PASS, intact digest, zero failing controls, all runnable controls FRESH, and >=1 organisational control disclosed. - RUNNABLE_ASSURANCE.md: row 18 documents the gate and its honesty limits. Tests (tests/governance/test_governance_artifacts.py — round 8, +7): - SLA parser conventions (PT5M=300s, P3M=90d, P1D/P90D first period; malformed P/PT/5M/P-1D/'' rejected). - Fresh synthetic ledger -> PASS with env-02 disclosed NOT-RUNNABLE. - Auditing 10 min later flips env-01 (PT5M) STALE and fails the gate while cry-05 (P3M) stays FRESH — SLA granularity actually matters. - Timestamp edit without re-digesting -> ledger-digest MISMATCH -> FAIL. - passed=false is never FRESH; future-dated evidence FAILs; a control missing from the ledger is NOT-RECORDED; missing ledger file FAILs. - Single-source-of-truth check: every runnable CONTROL_EVIDENCE control with a declared SLA is covered by the committed ledger. Full suite result: 18/18 runnable assurance checks PASS; 37/37 governance tests PASS.
Loading