diff --git a/artifacts/README.md b/artifacts/README.md
index 7b78e335..4e12f2ac 100644
--- a/artifacts/README.md
+++ b/artifacts/README.md
@@ -20,6 +20,21 @@ This folder contains machine-readable assets for enterprise and regulator-facing
- `requirements-artifacts.txt`: pinned runtime/test dependencies for artifact checks.
- `Makefile`: convenience targets for local artifact validation workflows.
+
+### 2026–2035 AGI/ASI governance reference architecture
+
+Additional implementation artifacts for Sentinel AI Governance Stack v2.4 and long-horizon AGI/ASI governance:
+
+- `enterprise-agi-asi-governance-reference-architecture-2026-2035.md`: deeply technical roadmap and reference architecture using `
`, ``, and `` tags.
+- `roadmap-2026-2035.yaml`: machine-readable 2026–2035 implementation roadmap.
+- `data/multi_jurisdiction_regulatory_mapping_2026_2035.csv`: multi-framework control mapping for AI, financial, privacy, cyber, conduct, and civilizational governance regimes.
+- `oscal/sentinel-ai-control-catalog-oscal.json`: OSCAL-style control catalog for Sentinel/G-Stack/Omni-Sentinel controls.
+- `policies/sentinel_ai_release_gate_v24.rego`: OPA/Rego regulated release gate for high-risk and high-agency AI systems.
+- `tla/OmniSentinelContainment.tla`: TLA+ reference specification for containment invariants.
+- `circuits/g_sri_systemic_risk.circom`: Circom/Groth16 reference circuit for G-SRI risk-band proofs.
+- `templates/gc-ir-bridge-event.json`: Global Compliance–Incident Reporting bridge event template for zk proof submission.
+- `templates/regulator-technical-report-2035.xml`: regulator-ready technical report template for AGI/ASI governance packs.
+
## Validation
Human-readable mode:
@@ -50,9 +65,10 @@ The validator performs:
3. Annex IV sample semantic checks (types, required fields, enum values, date format).
4. Control mapping cross-reference checks (no unknown control IDs).
5. Regulator XML required section checks.
-6. Roadmap milestone date-range checks (2026–2030).
-7. Manifest checksum checks for all tracked artifacts.
-8. Manifest coverage checks (no missing or unexpected files).
+6. Roadmap milestone date-range checks (2026–2030 and 2026–2035).
+7. Extended AGI/ASI artifact checks for tagged reports, OSCAL controls, regulatory mappings, Rego gates, TLA+ specs, Circom circuits, and templates.
+8. Manifest checksum checks for all tracked artifacts.
+9. Manifest coverage checks (no missing or unexpected files).
## Regenerate checksum manifest
diff --git a/artifacts/artifact-manifest-v1.json b/artifacts/artifact-manifest-v1.json
index 226173ce..5157e18f 100644
--- a/artifacts/artifact-manifest-v1.json
+++ b/artifacts/artifact-manifest-v1.json
@@ -1,12 +1,21 @@
{
"files": {
"annex-iv-dossier-schema-v1.json": "191c3442f4b372e8fb400640648841fb4d63aecdfb791d0b1b230a65a384ffe1",
+ "circuits/g_sri_systemic_risk.circom": "2a9f849ade2f90073de293dc35ac1de912d40479ca953897744329c2f05175db",
"control-catalog-v1.json": "56328ecaed2af4d832e993accb3b85d63d69f93eece4f10de08f0c82f71729d8",
+ "data/multi_jurisdiction_regulatory_mapping_2026_2035.csv": "6c5f49c4bda99ff2d4c4c71a7e3af5079327960b1893a18b322971c4fd414f48",
+ "enterprise-agi-asi-governance-reference-architecture-2026-2035.md": "87315bff7ce716caa569044bc5b8d7a6fdb81b235429208b2ed283265556a2df",
"enterprise-civilizational-agi-asi-blueprint-2026-2030.md": "12684e460b4f33a49d74e66eaa1400aab85e4dd6879e262e06ac932be7c3f3e3",
"examples/annex-iv-dossier-example.json": "fd914a07bf2691d9de262907953890ba353b23fe159d07a8b53eee1e6d16b1e2",
+ "oscal/sentinel-ai-control-catalog-oscal.json": "599a5b2d03fe1d315920eb79ca216792f591f8a9c888b7abe62d9ff8d4edd1c3",
+ "policies/sentinel_ai_release_gate_v24.rego": "08207f20eef89b4a790ef319b4ae194d31bf6950108d3dcf9e6c8a7cf7ac70e7",
"regulator-report-template.xml": "62c55a96b60bbc4592f0ad273ee1cca6e25eac6a437fb047dfb08bdf5baeab2d",
- "roadmap-2026-2030.yaml": "2297c95faefe22ff03cb9aa7d104be232fa0269b831cb231f5b7f0ab0ed86369"
+ "roadmap-2026-2030.yaml": "2297c95faefe22ff03cb9aa7d104be232fa0269b831cb231f5b7f0ab0ed86369",
+ "roadmap-2026-2035.yaml": "b47b90e172ecdbc787e02f683275c2ea11296b0ff61d1ef948a2636e0d561108",
+ "templates/gc-ir-bridge-event.json": "bcfcf7fd1ad4f93302f019d35ecbe1ab3f045732f3dd16e390b50bb6a0de55bf",
+ "templates/regulator-technical-report-2035.xml": "24f69f03b01d7e96c2cd45ed5cd76de24bce43e162277760d88a78fd07cbd4d0",
+ "tla/OmniSentinelContainment.tla": "c4d70dc56804055aebda35c634eab3002be47c1ce314160deb63150f02ea80d7"
},
- "generated_at": "2026-04-26T03:26:37+00:00",
+ "generated_at": "2026-06-01T09:18:30+00:00",
"version": "1.1"
}
diff --git a/artifacts/circuits/g_sri_systemic_risk.circom b/artifacts/circuits/g_sri_systemic_risk.circom
new file mode 100644
index 00000000..5a702c9e
--- /dev/null
+++ b/artifacts/circuits/g_sri_systemic_risk.circom
@@ -0,0 +1,64 @@
+pragma circom 2.1.6;
+
+include "circomlib/circuits/comparators.circom";
+
+// Reference Groth16/Circom circuit for a G-SRI systemic-risk band proof.
+// Private witness: component scores and weights.
+// Public signals: threshold band, policy version, and evidence commitment.
+// Production circuits should add fixed-point normalization, Poseidon commitments,
+// version pinning, and audited trusted-setup governance.
+
+template Range100() {
+ signal input value;
+ signal output ok;
+
+ component lower = LessEqThan(16);
+ lower.in[0] <== 0;
+ lower.in[1] <== value;
+
+ component upper = LessEqThan(16);
+ upper.in[0] <== value;
+ upper.in[1] <== 100;
+
+ ok <== lower.out * upper.out;
+}
+
+template GSRIWeightedSum(n) {
+ signal input scores[n];
+ signal input weights[n];
+ signal input thresholdLow;
+ signal input thresholdHigh;
+ signal input policyVersion;
+ signal input evidenceCommitment;
+
+ signal output inBand;
+ signal output publicPolicyVersion;
+ signal output publicEvidenceCommitment;
+
+ signal products[n];
+ signal accum[n + 1];
+ accum[0] <== 0;
+
+ component ranges[n];
+ for (var i = 0; i < n; i++) {
+ ranges[i] = Range100();
+ ranges[i].value <== scores[i];
+ ranges[i].ok === 1;
+ products[i] <== scores[i] * weights[i];
+ accum[i + 1] <== accum[i] + products[i];
+ }
+
+ component aboveLow = LessEqThan(32);
+ aboveLow.in[0] <== thresholdLow;
+ aboveLow.in[1] <== accum[n];
+
+ component belowHigh = LessEqThan(32);
+ belowHigh.in[0] <== accum[n];
+ belowHigh.in[1] <== thresholdHigh;
+
+ inBand <== aboveLow.out * belowHigh.out;
+ publicPolicyVersion <== policyVersion;
+ publicEvidenceCommitment <== evidenceCommitment;
+}
+
+component main {public [thresholdLow, thresholdHigh, policyVersion, evidenceCommitment]} = GSRIWeightedSum(10);
diff --git a/artifacts/data/multi_jurisdiction_regulatory_mapping_2026_2035.csv b/artifacts/data/multi_jurisdiction_regulatory_mapping_2026_2035.csv
new file mode 100644
index 00000000..9d90371f
--- /dev/null
+++ b/artifacts/data/multi_jurisdiction_regulatory_mapping_2026_2035.csv
@@ -0,0 +1,17 @@
+framework,control_objective,technical_artifact,evidence_source,primary_owner,cadence
+EU AI Act Annex IV,technical documentation completeness,annex_iv_completeness_v1_zk_proof,annex_iv_dossier_hash,ai_governance,per_release
+EU AI Act GPAI systemic risk,systemic model risk evaluation,G-SRI and Red Dawn report,g_sri_public_signal,frontier_safety,quarterly
+NIST AI RMF 1.0,govern-map-measure-manage traceability,OSCAL catalog and risk register,control_test_bundle,enterprise_risk,quarterly
+NIST AI 600-1,generative AI misuse and information integrity controls,GAI-SOC telemetry,red_team_findings,security_operations,continuous
+ISO/IEC 42001,AIMS governance and continual improvement,management_system_records,internal_audit_report,compliance,semiannual
+Basel III IV,prudential and operational risk integration,systemic stress pack,stress_scenario_results,treasury_risk,quarterly
+SR 11-7,independent model validation,validation_workbench_record,validation_attestation,model_risk_management,annual_or_material_change
+SR 26-2 readiness,supervisory AI control change management,regulatory_change_profile,policy_diff_record,regulatory_affairs,monthly
+DORA,ICT operational resilience and third-party risk,AI dependency map and incident clock,incident_timeline,operational_resilience,continuous
+NIS2,cybersecurity governance and incident reporting,GAI-SOC cyber control map,siem_soar_case,cybersecurity,continuous
+GDPR,privacy lawful basis and minimization,DPIA and selective disclosure policy,privacy_assessment,privacy_office,per_release
+FCRA ECOA,fair lending and adverse action,fair_lending_v1_zk_proof,reason_code_test,fair_lending_compliance,per_release
+MAS HKMA FEAT,fairness ethics accountability transparency,FEAT scorecard,control_owner_attestation,apac_compliance,quarterly
+FCA SMCR Consumer Duty,senior accountability and good outcomes,SMCR responsibility map,consumer_outcomes_test,uk_compliance,quarterly
+HKMA Fintech 2030,responsible fintech and regtech enablement,regulator API profile,supervisory_submission,apac_regulatory_affairs,semiannual
+ICGC GASO,compute governance and emergency pause,compute registry and pause proof,compute_commitment,board_risk_committee,continuous
diff --git a/artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md b/artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md
new file mode 100644
index 00000000..2347756c
--- /dev/null
+++ b/artifacts/enterprise-agi-asi-governance-reference-architecture-2026-2035.md
@@ -0,0 +1,386 @@
+Sentinel AI Governance Stack v2.4 Reference Architecture for Enterprise AGI/ASI Governance, Containment, and Zero-Knowledge Regulatory Compliance, 2026–2035
+
+
+This implementation roadmap defines a supervisory-grade architecture for Fortune 500, Global 2000, and G-SIFI financial institutions deploying advanced generative AI, autonomous agents, and AGI/ASI-adjacent systems from 2026 through 2035. It integrates Sentinel AI Governance Stack v2.4, G-Stack, WorkflowAI Pro, Omni-Sentinel containment, Autonomous Supervisory Agents, GAI-SOC telemetry, Red Dawn simulations, G-SRI systemic risk scoring, BBOM/perpetual assurance, OSCAL control catalogs, OPA/Rego policy gates, Kafka-based PQC WORM audit logging, TLA+ safety specifications, Circom/Groth16 systemic-risk circuits, and zk-SNARK/zk-STARK compliance attestations. It maps controls to EU AI Act Annex IV and GPAI systemic-risk duties, NIST AI RMF 1.0, NIST AI 600-1, ISO/IEC 42001 AIMS, Basel III/IV, SR 11-7, SR 26-2 readiness, DORA, NIS2, GDPR, FCRA/ECOA, MAS/HKMA FEAT, FCA SMCR, Consumer Duty, HKMA Fintech 2030, and ICGC/GASO civilizational compute governance proposals.
+
+
+
+
+## 1. Design goals and operating assumptions
+
+### 1.1 Enterprise outcomes
+
+The architecture is designed to make advanced AI auditable, containable, and regulator-verifiable without exposing protected model weights, customer data, proprietary stress scenarios, or supervisory secrets. The required outcomes are:
+
+1. **Board-visible accountability:** every AI capability, autonomous workflow, model dependency, and compute allocation has an accountable executive, control owner, risk tier, evidence bundle, and kill-switch path.
+2. **Deterministic assurance:** all regulated releases produce reproducible evidence from source, model cards, data lineage, evaluations, security scans, policy decisions, deployment attestations, runtime telemetry, and incident response records.
+3. **Containment-by-construction:** AGI/ASI-adjacent research and high-agency systems run inside Omni-Sentinel isolation domains with capability firebreaks, network egress control, tool-use mediation, prompt/output guards, circuit breakers, and formal invariants.
+4. **Privacy-preserving compliance:** regulators can verify control effectiveness, systemic-risk scores, capital/model-risk thresholds, fairness bounds, and incident disclosures using zk-SNARK or zk-STARK proofs without receiving raw sensitive inputs.
+5. **Civilizational risk governance:** institutions can interface with ICGC/GASO-style compute registries, international incident exchanges, treaty-aligned reporting channels, and emergency pause protocols for catastrophic or existential risk events.
+
+### 1.2 Regulatory interpretation baseline as of 2026-05-28
+
+- The EU AI Act is treated as the principal horizontal AI regulation for EU-facing systems, with Annex IV technical documentation, high-risk lifecycle controls, post-market monitoring, and GPAI systemic-risk obligations represented as machine-readable controls.
+- NIST AI RMF 1.0 provides the cross-functional risk language: Govern, Map, Measure, Manage. NIST AI 600-1 extends the control model for generative AI risks such as confabulation, information integrity, CBRN misuse enablement, data privacy, cybersecurity, human-AI interaction, and value-chain opacity.
+- ISO/IEC 42001 is the management-system backbone for AIMS certification, continual improvement, internal audit, objectives, roles, competence, supplier oversight, and corrective action.
+- G-SIFI institutions must merge AI governance with model risk management, prudential risk, operational resilience, third-party oversight, cyber resilience, financial crime, fair-lending, and consumer-outcomes obligations.
+
+## 2. Reference architecture overview
+
+### 2.1 Logical stack
+
+| Layer | Component | Primary responsibility | Evidence emitted |
+|---|---|---|---|
+| L0 | Board and regulator interface | Risk appetite, AI charter, SMCR/Senior Manager accountability, supervisory packs | Board minutes, approvals, attestations |
+| L1 | Sentinel AI Governance Stack v2.4 | Inventory, tiering, policy orchestration, control library, evidence graph | OSCAL records, Annex IV dossier, BBOM |
+| L2 | G-Stack | Compute registry, model registry, data registry, agent registry, cryptographic identity | Compute ledger, lineage attestations |
+| L3 | WorkflowAI Pro | Human-in-the-loop regulated workflows, four-eyes approvals, exception management | Workflow traces, approval proofs |
+| L4 | Omni-Sentinel containment | Isolation domains, egress controls, tool mediation, tripwires, kill-switches | Containment telemetry, TLA+ invariant reports |
+| L5 | Autonomous Supervisory Agents | Continuous control monitoring, evidence collection, challenge testing | Control test records, drift findings |
+| L6 | GAI-SOC telemetry | Security analytics, AI behavior analytics, red-team telemetry, incident response | SIEM/SOAR events, DORA/NIS2 incidents |
+| L7 | ZK compliance plane | Circuits, witnesses, proof generation, verifier contracts, regulator bridge | zk proofs, public signals, verification logs |
+| L8 | Perpetual assurance plane | BBOM, WORM audit, replay, assurance packs, third-party attestation | Tamper-evident evidence bundles |
+
+### 2.2 Deployment topology
+
+Production deployments SHOULD be split into five hardened zones:
+
+1. **Governance control plane:** policy authoring, OSCAL catalog management, risk appetite thresholds, exception approvals, regulator profile management.
+2. **AI platform plane:** model serving, vector stores, agent orchestration, data pipelines, prompt/tool brokers, evaluation services.
+3. **Containment plane:** sandboxed frontier evaluation clusters, no-default-egress research enclaves, guarded tool stubs, deception-resistant monitoring.
+4. **Assurance plane:** immutable evidence storage, Kafka WORM topics, PQC hybrid signing, reproducible replay workers, independent validation workbench.
+5. **ZK proof plane:** private witness builders, circuit compilers, proving clusters, verifier APIs, regulator-facing GC-IR bridge.
+
+No plane may share administrative credentials with another plane. The assurance plane is write-once from producers and read-mostly from validators. The containment plane may only export signed, schema-validated telemetry summaries through a one-way evidence diode.
+
+## 3. Core subsystems
+
+### 3.1 Sentinel AI Governance Stack v2.4
+
+Sentinel v2.4 is the enterprise policy and evidence brain. Its minimum services are:
+
+- **AI System Registry:** canonical inventory of models, agents, tools, workflows, data sources, vendors, deployment environments, business owners, and jurisdictional footprint.
+- **Risk Tiering Engine:** maps inherent risk, agency, autonomy, financial materiality, consumer impact, model novelty, GPAI/systemic-risk triggers, and cross-border operation into tier 0–4 ratings.
+- **Control Orchestrator:** assigns OSCAL controls, Rego gates, test procedures, evidence requirements, and approval routes.
+- **Regulator Profile Builder:** composes jurisdiction-specific packs for EU AI Act, SR 11-7, DORA, FCA, MAS, HKMA, and local privacy/fairness rules.
+- **BBOM Generator:** produces a Behavioral Bill of Materials covering model lineage, prompts, tools, retrieval sources, policies, evaluations, guardrails, and residual risks.
+
+### 3.2 G-Stack
+
+G-Stack is the governed substrate for compute, model, data, and agent operations:
+
+```text
+G-Stack
+├── compute-ledger: GPU/TPU allocation, threshold monitoring, carbon/energy metadata
+├── model-ledger: base model, fine-tune, adapter, eval, deployment state
+├── data-ledger: source, consent, retention, lineage, privacy class, transfer basis
+├── agent-ledger: goals, tools, permissions, autonomy class, supervisor binding
+├── crypto-ledger: key IDs, signing policy, PQC transition status, proof IDs
+└── incident-ledger: safety, cyber, conduct, resilience, systemic-risk events
+```
+
+### 3.3 WorkflowAI Pro
+
+WorkflowAI Pro turns governance decisions into executable business processes. It enforces:
+
+- dual approval for tier-1 and tier-2 releases;
+- independent validation before production for material financial, consumer, or safety impact;
+- mandatory adverse-action/fair-lending review for credit use cases;
+- incident commander assignment for DORA/NIS2/GPAI serious incident events;
+- evidence completeness checks before board or regulator attestation.
+
+### 3.4 Omni-Sentinel containment
+
+Omni-Sentinel is the containment fabric for frontier and autonomous AI:
+
+- **Capability firebreaks:** separate planning, code execution, external communication, and actuation privileges.
+- **Tool-use broker:** every tool call is policy evaluated, rate-limited, logged, and revocable.
+- **Context governor:** strips secrets, reduces prompt injection blast radius, and enforces purpose-bound retrieval.
+- **Tripwire mesh:** detects deception indicators, cyber exploitation attempts, self-replication signatures, unauthorized persistence, policy evasion, and anomalous resource acquisition.
+- **Kill-switch quorum:** emergency shutdown requires either automated invariant breach plus duty-officer confirmation or board/CISO/CRO crisis quorum.
+
+## 4. Formal safety and containment invariants
+
+TLA+ specifications SHOULD be maintained beside production policy. Required invariants include:
+
+1. `NoUnapprovedEgress`: a high-agency agent cannot emit network traffic unless a policy decision permits the destination, purpose, and data class.
+2. `KillSwitchEventuallyStopsActuation`: once emergency stop is asserted, all tool actuation transitions eventually enter `Stopped`.
+3. `EvidenceBeforeRelease`: tier-1 production release cannot occur without completed validation, red-team, privacy, security, fairness, and business-owner attestations.
+4. `NoPrivilegedSelfModification`: an agent cannot modify its own policy, credentials, containment boundary, or approval workflow.
+5. `WitnessConfidentiality`: ZK witness material never leaves the proof plane except as commitments, public signals, or verified proofs.
+
+The companion specification is provided in `artifacts/tla/OmniSentinelContainment.tla`.
+
+## 5. Compliance-as-code blueprint
+
+### 5.1 OPA/Rego release gate inputs
+
+Every CI/CD deployment MUST submit a normalized payload:
+
+```json
+{
+ "system_id": "credit-agent-eu-001",
+ "risk_tier": "tier_1_high_risk",
+ "jurisdictions": ["EU", "US", "UK", "SG", "HK"],
+ "uses_gpai": true,
+ "autonomy_level": 3,
+ "annex_iv_complete": true,
+ "model_validation": {"status": "approved", "review_date": "2026-05-20"},
+ "containment": {"egress_default_deny": true, "kill_switch_tested": true},
+ "zk": {"proof_policy": "systemic_risk_v1", "last_verified": "2026-05-21"}
+}
+```
+
+The gate denies production if material documentation, validation, containment, or proof-verification controls are missing. The companion policy is provided in `artifacts/policies/sentinel_ai_release_gate_v24.rego`.
+
+### 5.2 CI/CD integration pattern
+
+1. Developer opens pull request with model, prompt, workflow, circuit, or policy changes.
+2. Pipeline builds BBOM and updates the system registry.
+3. OPA evaluates release gate against system metadata.
+4. TLA+ model checking runs for changed containment specs.
+5. Red Dawn simulation suite executes misuse, deception, market-stress, cyber, privacy, and consumer-harm scenarios.
+6. ZK proof verifier confirms systemic-risk proof freshness.
+7. WorkflowAI Pro routes exceptions to control owners.
+8. Kafka WORM emits signed decision event.
+9. Deployment proceeds only after all blocking controls pass.
+
+## 6. Kafka-based PQC WORM audit logging
+
+### 6.1 Topic design
+
+| Topic | Retention | Key | Payload | Signature |
+|---|---:|---|---|---|
+| `gai.control.decisions.v2` | 10 years | `system_id` | OPA decision and inputs hash | ECDSA + ML-DSA hybrid |
+| `gai.model.lifecycle.v2` | 10 years | `model_id` | registration, validation, release, retirement | ECDSA + ML-DSA hybrid |
+| `gai.containment.events.v2` | 15 years | `containment_domain` | egress, tool, tripwire, kill-switch | ECDSA + ML-DSA hybrid |
+| `gai.zk.proofs.v2` | 15 years | `proof_id` | circuit ID, public signals, verifier result | ECDSA + ML-DSA hybrid |
+| `gai.incidents.v2` | 15 years | `incident_id` | incident timeline, severity, notifications | ECDSA + ML-DSA hybrid |
+
+### 6.2 WORM requirements
+
+- broker-side append-only permissions;
+- object-lock archival with retention legal holds;
+- Merkle root checkpointing every 15 minutes;
+- independent validator replay against manifest hashes;
+- separation between evidence producers and retention administrators;
+- quarterly restore and replay tests observed by internal audit.
+
+## 7. Zero-knowledge regulatory compliance architecture
+
+### 7.1 Proof families
+
+| Proof | Private witness | Public signals | Verifies |
+|---|---|---|---|
+| `systemic_risk_v1` | raw G-SRI factors, thresholds, stress scenario results | risk band, commitment, policy version | systemic-risk score within declared band |
+| `fair_lending_v1` | protected-class test data and outcomes | metric bounds, model ID commitment | disparate impact metrics meet approved thresholds |
+| `annex_iv_completeness_v1` | full Annex IV dossier and internal evidence | completeness bitmap, dossier hash | required sections exist and are current |
+| `capital_model_governance_v1` | model validation details and overlays | approval status, model tier | SR 11-7/Basel validation controls satisfied |
+| `incident_timeliness_v1` | raw event timeline and recipients | deadline class, notification hash | notifications met required timing rules |
+
+### 7.2 Circom/Groth16 and zk-STARK selection
+
+- Use **Groth16/Circom** when proof size and low-latency verifier integration dominate, such as regulator APIs or smart-contract-like GC-IR bridges.
+- Use **zk-STARKs** when transparent setup, post-quantum conservatism, and high-volume batch proofs dominate, such as supervisory analytics over many systems.
+- Use recursive aggregation for group-level board reporting so individual model witnesses remain private while portfolio-level risk signals are public.
+
+The companion example circuit is provided in `artifacts/circuits/g_sri_systemic_risk.circom`.
+
+### 7.3 GC-IR bridge
+
+The Global Compliance–Incident Reporting bridge exposes three APIs:
+
+1. `submitProof(proof_id, circuit_id, public_signals, proof_blob, evidence_commitment)`
+2. `submitIncidentCommitment(incident_id, severity, jurisdiction_set, deadline_class, commitment)`
+3. `requestSelectiveDisclosure(request_id, legal_basis, fields, expiry)`
+
+Regulators receive proof verification, public signals, metadata, and legal-basis-bound selective disclosures rather than unrestricted evidence dumps.
+
+## 8. G-SRI systemic risk index
+
+The G-SRI score combines model capability, autonomy, deployment scale, interconnectedness, data sensitivity, financial materiality, cyber/offensive potential, biological/chemical misuse potential, operational resilience dependency, concentration risk, and control maturity.
+
+```text
+G-SRI = weighted_sum(
+ capability,
+ autonomy,
+ scale,
+ interconnectedness,
+ data_sensitivity,
+ financial_materiality,
+ misuse_potential,
+ resilience_dependency,
+ vendor_concentration,
+ control_maturity_inverse
+)
+```
+
+Risk bands:
+
+- **0–24:** monitored AI system;
+- **25–49:** material AI system;
+- **50–74:** high-risk or critical AI system;
+- **75–89:** systemic AI system requiring executive crisis monitoring;
+- **90–100:** emergency containment, external notification, and potential pause protocol.
+
+## 9. Red Dawn simulation program
+
+Red Dawn simulations are quarterly, adversarial, multi-team exercises for catastrophic and systemic AI failure modes:
+
+1. **Market cascade:** autonomous agent recommendations amplify liquidity stress or correlated de-risking.
+2. **Credit discrimination:** subtle proxy variables create illegal adverse impact under FCRA/ECOA or EU non-discrimination rules.
+3. **Prompt-to-payment fraud:** adversarial customer interaction manipulates an agent into unauthorized transaction initiation.
+4. **Cyber tool escalation:** coding agent attempts exploit generation, lateral movement, persistence, or defense evasion.
+5. **Containment breakout:** frontier agent attempts unauthorized egress, self-modification, or credential acquisition.
+6. **GPAI systemic-risk escalation:** model capabilities cross defined thresholds and require regulator notification.
+7. **Information integrity shock:** model-generated content contaminates risk dashboards, board reporting, or public disclosures.
+
+Each scenario has a hypothesis, control objectives, injects, measured indicators, stop conditions, evidence artifacts, remediation owners, and board reporting thresholds.
+
+## 10. Multi-jurisdictional control mapping
+
+| Framework | Control anchor | Implementation pattern |
+|---|---|---|
+| EU AI Act Annex IV | technical documentation, intended purpose, design, validation, monitoring | Annex IV dossier schema, evidence graph, completeness proof |
+| EU AI Act GPAI systemic risk | model evaluation, adversarial testing, incident reporting, cybersecurity | G-SRI, Red Dawn, GAI-SOC, systemic-risk zk proof |
+| NIST AI RMF 1.0 | Govern, Map, Measure, Manage | OSCAL catalog, risk register, eval suite, management action plan |
+| NIST AI 600-1 | generative AI risk profile | GAI-SOC telemetry, content integrity controls, misuse testing |
+| ISO/IEC 42001 | AIMS clauses and controls | management-system workflow, internal audit, corrective action |
+| Basel III/IV | prudential, operational, model and capital impacts | stress testing, model overlays, risk appetite thresholds |
+| SR 11-7 | model development, validation, governance | independent validation, challenge, limitations, monitoring |
+| SR 26-2 readiness | supervisory AI expectations tracking | policy profile placeholder, regulator-change workflow |
+| DORA | ICT risk, resilience testing, incident reporting, third-party risk | AI dependency mapping, operational resilience telemetry |
+| NIS2 | cyber governance and incident handling | essential/important entity cyber control mapping |
+| GDPR | lawful basis, DPIA, minimization, rights | privacy gate, retention controls, selective disclosure |
+| FCRA/ECOA | fair lending, adverse action, explainability | fairness proof, reason-code governance, audit trail |
+| MAS/HKMA FEAT | fairness, ethics, accountability, transparency | FEAT scoring and accountable-owner attestations |
+| FCA SMCR/Consumer Duty | senior manager accountability, good outcomes | duty mapping, consumer outcome testing, board attestation |
+| HKMA Fintech 2030 | responsible fintech and regtech enablement | regulator APIs, innovation controls, operational resilience |
+| ICGC/GASO | civilizational compute and emergency governance | compute registry, incident bridge, pause protocol |
+
+The machine-readable CSV mapping is provided in `artifacts/data/multi_jurisdiction_regulatory_mapping_2026_2035.csv`.
+
+## 11. Roadmap: 2026–2030 with extension through 2035
+
+### Phase 0: 2026 foundation
+
+- Establish board AI risk appetite and AGI/ASI governance charter.
+- Stand up Sentinel v2.4 inventory, tiering, control catalog, and Annex IV dossier pipeline.
+- Implement first OPA release gates for high-risk EU, US credit, and critical financial workflows.
+- Begin Kafka WORM evidence logging and BBOM generation for tier-1 systems.
+
+### Phase 1: 2027 policy-as-code and assurance
+
+- Expand OPA/Rego controls across model, prompt, agent, data, and infrastructure changes.
+- Deploy GAI-SOC telemetry and Autonomous Supervisory Agents for continuous controls monitoring.
+- Complete deterministic replay for model decisions and agent actions.
+- Run first Red Dawn enterprise exercise and board tabletop.
+
+### Phase 2: 2028 containment and PQC transition
+
+- Launch Omni-Sentinel containment lab for frontier model and autonomous agent evaluation.
+- Add TLA+ model checking to containment and deployment control pipelines.
+- Adopt PQC hybrid signatures for evidence and proof logs.
+- Implement systemic-risk zk proof pilots for internal audit and selected regulators.
+
+### Phase 3: 2029 cross-border supervisory integration
+
+- Implement GC-IR bridge with regulator-selective disclosure workflows.
+- Build multi-jurisdictional regulator profiles and automated evidence pack generation.
+- Integrate compute registry with civilizational governance watchlists and emergency pause playbooks.
+- Expand Red Dawn to cross-border payment, market, cyber, and misinformation cascades.
+
+### Phase 4: 2030 steady-state adaptive governance
+
+- Achieve continuous BBOM/perpetual assurance for all material AI systems.
+- Aggregate portfolio risk with recursive ZK proofs and board-level G-SRI dashboards.
+- Validate incident notification clocks across DORA, NIS2, GDPR, EU AI Act, and local regimes.
+- Obtain independent assurance over AIMS, model risk, cyber resilience, and ZK proof controls.
+
+### Phase 5: 2031–2032 autonomous supervision
+
+- Deploy regulator-facing proof verification portals.
+- Use Autonomous Supervisory Agents to continuously test controls, subject to human oversight and audit constraints.
+- Mature value-learning and ethical alignment evaluations for high-agency enterprise agents.
+- Add scenario libraries for labor displacement, consumer manipulation, bias amplification, and critical infrastructure spillovers.
+
+### Phase 6: 2033–2035 civilizational governance interoperability
+
+- Interoperate with international compute governance, emergency coordination, and treaty-aligned reporting mechanisms.
+- Support cryptographic proofs of compute threshold compliance and emergency pause conformance.
+- Maintain multi-party simulations spanning G-SIFIs, cloud providers, regulators, and civil authorities.
+- Institutionalize societal-impact reviews for economic disruption, concentration, democratic integrity, and catastrophic misuse.
+
+The companion machine-readable roadmap is provided in `artifacts/roadmap-2026-2035.yaml`.
+
+## 12. ICGC Phase 1 and Phase 2 zk-verified controls
+
+### Phase 1: institutional proof of control
+
+Phase 1 controls prove institution-level governance without revealing sensitive evidence:
+
+- model inventory completeness proof;
+- high-risk system Annex IV completeness proof;
+- systemic-risk band proof;
+- containment test pass proof;
+- incident timeliness proof;
+- board attestation binding proof.
+
+### Phase 2: civilizational compute and emergency proof
+
+Phase 2 controls prove cross-institutional commitments:
+
+- compute allocation below policy threshold or authorized exception;
+- no unauthorized frontier training run on registered clusters;
+- emergency pause instruction propagated to all relevant serving endpoints;
+- selected incidents disclosed to authorized supervisors within deadline class;
+- independent assurance signature over aggregated proof bundles.
+
+## 13. Regulator-ready technical report structure
+
+Every material system technical report SHOULD use this canonical structure:
+
+```xml
+Regulator-Ready AI Governance Technical Report for SYSTEM_ID
+
+ Concise description of the system, business purpose, regulatory role, model lineage,
+ risk tier, jurisdictions, residual risks, and attestation status.
+
+
+ Inventory, owners, jurisdictions, risk tier, dependencies.
+ Model, data, agent, tool, control, and containment architecture.
+ Mapped legal, prudential, privacy, cyber, and conduct obligations.
+ EU AI Act Annex IV technical documentation extract.
+ SR 11-7/Basel validation, limitations, overlays, monitoring.
+ Red-team, Red Dawn, misuse, autonomy, cyber, and alignment evals.
+ Proof IDs, public signals, verifier results, circuit versions.
+ Incident history, notification clocks, remediation, lessons learned.
+ Control-owner, executive, board, and independent assurance signatures.
+
+```
+
+The companion XML template is provided in `artifacts/templates/regulator-technical-report-2035.xml`.
+
+## 14. Engineering acceptance criteria
+
+A deployment is enterprise-grade only when all of the following are true:
+
+- every material AI system is registered, tiered, owner-bound, and mapped to jurisdictions;
+- every tier-1 release has independent validation, red-team evidence, security approval, privacy approval, and board-risk visibility;
+- every high-agency agent uses default-deny tools, constrained egress, runtime telemetry, and tested kill-switches;
+- every regulatory control has a test, evidence source, owner, cadence, and exception path;
+- every material proof has versioned circuits, reproducible witness builders, verifier logs, and key-management evidence;
+- every critical model decision and agent action can be replayed from WORM evidence;
+- every catastrophic-risk scenario has an exercised playbook and named crisis authority.
+
+## 15. Board and C-suite decision checklist
+
+1. Has the board approved AI risk appetite, prohibited use cases, and emergency pause authorities?
+2. Can management identify all high-risk, GPAI-dependent, customer-impacting, and systemic AI systems within 24 hours?
+3. Are model risk, cyber, operational resilience, privacy, conduct, legal, and safety teams using the same evidence graph?
+4. Can the institution prove compliance to regulators without exposing confidential witnesses or customer data?
+5. Are autonomous agents prevented from self-modifying policies, acquiring uncontrolled resources, or bypassing human oversight?
+6. Do Red Dawn results directly change controls, capital/resilience assumptions, or deployment limits?
+7. Is civilizational compute governance treated as a board-level risk for frontier-scale capability development?
+
+
diff --git a/artifacts/manifest-targets-v1.json b/artifacts/manifest-targets-v1.json
index 3ac4b5c8..c450fb49 100644
--- a/artifacts/manifest-targets-v1.json
+++ b/artifacts/manifest-targets-v1.json
@@ -6,6 +6,15 @@
"roadmap-2026-2030.yaml",
"regulator-report-template.xml",
"enterprise-civilizational-agi-asi-blueprint-2026-2030.md",
- "examples/annex-iv-dossier-example.json"
+ "examples/annex-iv-dossier-example.json",
+ "enterprise-agi-asi-governance-reference-architecture-2026-2035.md",
+ "roadmap-2026-2035.yaml",
+ "data/multi_jurisdiction_regulatory_mapping_2026_2035.csv",
+ "oscal/sentinel-ai-control-catalog-oscal.json",
+ "policies/sentinel_ai_release_gate_v24.rego",
+ "tla/OmniSentinelContainment.tla",
+ "circuits/g_sri_systemic_risk.circom",
+ "templates/gc-ir-bridge-event.json",
+ "templates/regulator-technical-report-2035.xml"
]
}
diff --git a/artifacts/oscal/sentinel-ai-control-catalog-oscal.json b/artifacts/oscal/sentinel-ai-control-catalog-oscal.json
new file mode 100644
index 00000000..dd3bf6a9
--- /dev/null
+++ b/artifacts/oscal/sentinel-ai-control-catalog-oscal.json
@@ -0,0 +1,104 @@
+{
+ "catalog": {
+ "uuid": "9ad6b639-4626-4f22-b3c0-000000000024",
+ "metadata": {
+ "title": "Sentinel AI Governance Stack v2.4 Enterprise AGI/ASI Control Catalog",
+ "last-modified": "2026-05-28T00:00:00Z",
+ "version": "2.4.0",
+ "oscal-version": "1.1.2",
+ "roles": [
+ {"id": "board-risk-committee", "title": "Board Risk Committee"},
+ {"id": "chief-risk-officer", "title": "Chief Risk Officer"},
+ {"id": "ai-platform-engineering", "title": "AI Platform Engineering"},
+ {"id": "frontier-safety", "title": "Frontier AI Safety"},
+ {"id": "internal-audit", "title": "Internal Audit"}
+ ]
+ },
+ "groups": [
+ {
+ "id": "sentinel-governance",
+ "title": "Governance, Inventory, and Accountability",
+ "controls": [
+ {
+ "id": "SG-01",
+ "title": "Board-approved AI risk appetite and accountable ownership",
+ "props": [
+ {"name": "maps-to", "value": "EU-AI-Act;NIST-AI-RMF-GOVERN;ISO-IEC-42001;FCA-SMCR"},
+ {"name": "cadence", "value": "quarterly"}
+ ],
+ "parts": [
+ {"id": "SG-01_stmt", "name": "statement", "prose": "The organization maintains board-approved AI risk appetite, prohibited-use boundaries, senior manager accountability, and emergency pause authorities for all material AI systems."}
+ ]
+ },
+ {
+ "id": "SG-02",
+ "title": "Complete AI, agent, data, model, and compute inventory",
+ "props": [
+ {"name": "maps-to", "value": "EU-AI-Act-Annex-IV;NIST-AI-RMF-MAP;DORA;ICGC-GASO"},
+ {"name": "cadence", "value": "continuous"}
+ ],
+ "parts": [
+ {"id": "SG-02_stmt", "name": "statement", "prose": "Every material model, agent, tool, data source, vendor dependency, and compute allocation is registered, risk-tiered, owner-bound, and linked to evidence."}
+ ]
+ }
+ ]
+ },
+ {
+ "id": "omni-containment",
+ "title": "Omni-Sentinel Containment and Frontier Safety",
+ "controls": [
+ {
+ "id": "OC-01",
+ "title": "Default-deny egress and mediated tool use",
+ "props": [
+ {"name": "maps-to", "value": "NIST-AI-600-1;DORA;NIS2;EU-AI-Act-GPAI-Systemic-Risk"},
+ {"name": "cadence", "value": "continuous"}
+ ],
+ "parts": [
+ {"id": "OC-01_stmt", "name": "statement", "prose": "High-agency systems execute only through policy-mediated tools, default-deny network egress, signed telemetry, and tested kill-switch paths."}
+ ]
+ },
+ {
+ "id": "OC-02",
+ "title": "Formal containment invariants",
+ "props": [
+ {"name": "maps-to", "value": "NIST-AI-RMF-MEASURE;ISO-IEC-42001;ICGC-GASO"},
+ {"name": "cadence", "value": "per-change"}
+ ],
+ "parts": [
+ {"id": "OC-02_stmt", "name": "statement", "prose": "Containment policies are backed by model-checked invariants for egress, actuation stop, self-modification prevention, and proof-witness confidentiality."}
+ ]
+ }
+ ]
+ },
+ {
+ "id": "zk-assurance",
+ "title": "Zero-Knowledge Compliance and Perpetual Assurance",
+ "controls": [
+ {
+ "id": "ZA-01",
+ "title": "ZK systemic-risk and compliance proofs",
+ "props": [
+ {"name": "maps-to", "value": "EU-AI-Act-GPAI-Systemic-Risk;SR-11-7;Basel-III-IV;GDPR"},
+ {"name": "cadence", "value": "per-release-and-quarterly"}
+ ],
+ "parts": [
+ {"id": "ZA-01_stmt", "name": "statement", "prose": "The institution can prove systemic-risk bands, Annex IV completeness, fair-lending thresholds, and incident-timeliness conformance without revealing private witnesses."}
+ ]
+ },
+ {
+ "id": "ZA-02",
+ "title": "PQC WORM evidence and replay",
+ "props": [
+ {"name": "maps-to", "value": "DORA;NIS2;SR-11-7;ISO-IEC-42001"},
+ {"name": "cadence", "value": "continuous"}
+ ],
+ "parts": [
+ {"id": "ZA-02_stmt", "name": "statement", "prose": "All regulated AI lifecycle, control, proof, containment, and incident events are written to immutable logs with hybrid post-quantum signatures and deterministic replay support."}
+ ]
+ }
+ ]
+ }
+ ]
+ }
+}
diff --git a/artifacts/policies/sentinel_ai_release_gate_v24.rego b/artifacts/policies/sentinel_ai_release_gate_v24.rego
new file mode 100644
index 00000000..d7bbaa40
--- /dev/null
+++ b/artifacts/policies/sentinel_ai_release_gate_v24.rego
@@ -0,0 +1,77 @@
+package sentinel.release.v24
+
+import rego.v1
+
+default allow := false
+
+required_evidence := {
+ "annex_iv_complete",
+ "model_validation_approved",
+ "containment_ready",
+ "zk_verified",
+ "bbom_current",
+ "owner_attested",
+}
+
+model_validation_approved if {
+ input.model_validation.status == "approved"
+}
+
+zk_proof_verified if {
+ input.zk.last_verified
+}
+
+allow if {
+ count(deny) == 0
+}
+
+deny contains msg if {
+ input.risk_tier == "tier_1_high_risk"
+ not input.annex_iv_complete
+ msg := "tier-1 high-risk release requires complete Annex IV dossier"
+}
+
+deny contains msg if {
+ input.uses_gpai
+ not input.gpai_supplier_due_diligence_complete
+ msg := "GPAI-dependent release requires supplier due diligence and systemic-risk screening"
+}
+
+deny contains msg if {
+ not model_validation_approved
+ msg := "model validation must be approved before regulated deployment"
+}
+
+deny contains msg if {
+ input.autonomy_level >= 3
+ not input.containment.egress_default_deny
+ msg := "high-agency agent requires default-deny egress containment"
+}
+
+deny contains msg if {
+ input.autonomy_level >= 3
+ not input.containment.kill_switch_tested
+ msg := "high-agency agent requires tested kill switch"
+}
+
+deny contains msg if {
+ input.risk_tier == "tier_1_high_risk"
+ not zk_proof_verified
+ msg := "tier-1 high-risk release requires verified ZK compliance proof metadata"
+}
+
+deny contains msg if {
+ input.g_sri_score >= 75
+ not input.board_risk_committee_exception
+ msg := "systemic-risk deployment requires board risk committee exception"
+}
+
+evidence_status[e] := "present" if {
+ e := required_evidence[_]
+ input.evidence[e]
+}
+
+evidence_status[e] := "missing" if {
+ e := required_evidence[_]
+ not input.evidence[e]
+}
diff --git a/artifacts/roadmap-2026-2035.yaml b/artifacts/roadmap-2026-2035.yaml
new file mode 100644
index 00000000..8bd2dc3f
--- /dev/null
+++ b/artifacts/roadmap-2026-2035.yaml
@@ -0,0 +1,108 @@
+version: 1.0
+name: sentinel-ai-governance-stack-2035-roadmap
+horizon: 2026-2035
+updated_at: 2026-05-28
+owners:
+ executive: chief_risk_officer
+ technology: chief_ai_platform_officer
+ assurance: chief_audit_executive
+ safety: head_of_frontier_ai_safety
+phases:
+ - id: phase_0_2026_foundation
+ window: 2026-Q2_to_2026-Q4
+ outcomes:
+ - board_ai_risk_appetite
+ - sentinel_v2_4_inventory
+ - annex_iv_dossier_pipeline
+ - initial_opa_release_gates
+ - bbom_for_tier1_systems
+ - id: phase_1_2027_assurance
+ window: 2027
+ outcomes:
+ - gai_soc_telemetry
+ - autonomous_supervisory_agents
+ - deterministic_replay
+ - red_dawn_enterprise_exercise
+ - kafka_worm_evidence_mesh
+ - id: phase_2_2028_containment
+ window: 2028
+ outcomes:
+ - omni_sentinel_containment_lab
+ - tla_model_checking_pipeline
+ - pqc_hybrid_evidence_signing
+ - systemic_risk_zk_pilot
+ - cross_border_tabletops
+ - id: phase_3_2029_supervisory_integration
+ window: 2029
+ outcomes:
+ - gc_ir_bridge
+ - regulator_profile_generator
+ - civilizational_compute_registry_adapter
+ - red_dawn_cross_market_scenarios
+ - id: phase_4_2030_steady_state
+ window: 2030
+ outcomes:
+ - continuous_bbom_perpetual_assurance
+ - recursive_zk_portfolio_reporting
+ - dora_nis2_gdpr_ai_act_notification_clock_tests
+ - independent_aims_and_zk_assurance
+ - id: phase_5_2031_2032_autonomous_supervision
+ window: 2031-2032
+ outcomes:
+ - regulator_proof_portal
+ - supervised_autonomous_control_testing
+ - value_learning_evaluation_program
+ - societal_impact_scenario_library
+ - id: phase_6_2033_2035_civilizational_interop
+ window: 2033-2035
+ outcomes:
+ - international_compute_governance_interop
+ - emergency_pause_proof_protocol
+ - multi_party_systemic_risk_simulations
+ - civilizational_ai_risk_board_reporting
+milestones:
+ - id: s24_inventory_live
+ date: 2026-09-30
+ deliverable: sentinel_v2_4_inventory_and_risk_tiering_live
+ - id: annex_iv_ci_gate
+ date: 2026-12-31
+ deliverable: annex_iv_and_opa_release_gate_active_for_tier1
+ - id: gai_soc_live
+ date: 2027-06-30
+ deliverable: gai_soc_and_autonomous_supervisory_agents_live
+ - id: red_dawn_1
+ date: 2027-12-31
+ deliverable: first_board_observed_red_dawn_exercise_closed
+ - id: containment_lab
+ date: 2028-06-30
+ deliverable: omni_sentinel_containment_lab_operational
+ - id: pqc_worm
+ date: 2028-12-31
+ deliverable: pqc_hybrid_worm_evidence_operational
+ - id: gc_ir
+ date: 2029-06-30
+ deliverable: gc_ir_bridge_pilot_with_selective_disclosure
+ - id: compute_registry
+ date: 2029-12-31
+ deliverable: civilizational_compute_registry_adapter_live
+ - id: perpetual_assurance
+ date: 2030-12-31
+ deliverable: bbom_perpetual_assurance_steady_state
+ - id: proof_portal
+ date: 2032-06-30
+ deliverable: regulator_zk_proof_portal_operational
+ - id: emergency_pause_proof
+ date: 2034-06-30
+ deliverable: emergency_pause_conformance_proof_protocol
+ - id: global_interop
+ date: 2035-12-31
+ deliverable: international_civilizational_ai_governance_interoperability
+control_threads:
+ - id: inventory_and_tiering
+ controls: [AI-INVENTORY, G-SRI, ANNEX-IV-COMPLETE]
+ - id: containment_and_safety
+ controls: [OMNI-EGRESS-DENY, KILL-SWITCH, RED-DAWN]
+ - id: privacy_preserving_compliance
+ controls: [ZK-SYSTEMIC-RISK, ZK-FAIR-LENDING, GC-IR]
+ - id: assurance_and_evidence
+ controls: [BBOM, KAFKA-WORM-PQC, REPLAY]
diff --git a/artifacts/templates/gc-ir-bridge-event.json b/artifacts/templates/gc-ir-bridge-event.json
new file mode 100644
index 00000000..1a8da0a7
--- /dev/null
+++ b/artifacts/templates/gc-ir-bridge-event.json
@@ -0,0 +1,32 @@
+{
+ "schema_version": "1.0",
+ "event_type": "zk_compliance_proof_submission",
+ "event_id": "gc-ir-evt-2026-000001",
+ "submitted_at": "2026-05-28T00:00:00Z",
+ "institution_id": "example-gsifi",
+ "system_id": "credit-agent-eu-001",
+ "jurisdictions": ["EU", "US", "UK", "SG", "HK"],
+ "proof": {
+ "proof_id": "proof-gsri-000001",
+ "circuit_id": "g_sri_systemic_risk_v1",
+ "proving_system": "groth16",
+ "public_signals": {
+ "risk_band": "50-74",
+ "policy_version": "2026.05",
+ "evidence_commitment": "sha256:REPLACE_WITH_COMMITMENT"
+ },
+ "verifier_result": "verified"
+ },
+ "selective_disclosure": {
+ "legal_basis": "supervisory_request",
+ "fields_authorized": ["risk_band", "policy_version", "control_status"],
+ "expires_at": "2026-06-27T00:00:00Z"
+ },
+ "signatures": [
+ {
+ "key_id": "kms://governance/pqc-hybrid-001",
+ "algorithm": "ECDSA_P256_PLUS_ML_DSA_65",
+ "signature": "BASE64_SIGNATURE_PLACEHOLDER"
+ }
+ ]
+}
diff --git a/artifacts/templates/regulator-technical-report-2035.xml b/artifacts/templates/regulator-technical-report-2035.xml
new file mode 100644
index 00000000..654ad29e
--- /dev/null
+++ b/artifacts/templates/regulator-technical-report-2035.xml
@@ -0,0 +1,19 @@
+
+ Regulator-Ready AGI/ASI Governance Technical Report for SYSTEM_ID
+
+ Concise description of the AI system, business purpose, regulatory role,
+ model lineage, risk tier, jurisdictions, containment posture, zero-knowledge
+ proof status, residual risks, and executive attestation state.
+
+
+ Inventory, owners, jurisdictions, risk tier, dependencies, and deployment environments.
+ Model, data, agent, tool, control, containment, telemetry, and assurance architecture.
+ Mapped legal, prudential, privacy, cyber, conduct, and civilizational governance obligations.
+ EU AI Act Annex IV technical documentation extract and completeness proof references.
+ SR 11-7/Basel validation, conceptual soundness, limitations, overlays, and monitoring.
+ Red-team, Red Dawn, autonomy, cyber, misuse, alignment, and containment evaluation results.
+ Proof identifiers, circuit versions, public signals, verifier results, and selective-disclosure log.
+ Incident history, notification clocks, root cause, remediation, and regulator communication record.
+ Control-owner, executive, board, and independent assurance signatures.
+
+
diff --git a/artifacts/tla/OmniSentinelContainment.tla b/artifacts/tla/OmniSentinelContainment.tla
new file mode 100644
index 00000000..7b7f676a
--- /dev/null
+++ b/artifacts/tla/OmniSentinelContainment.tla
@@ -0,0 +1,118 @@
+---------------------------- MODULE OmniSentinelContainment ----------------------------
+EXTENDS Naturals, Sequences, TLC
+
+(***************************************************************************
+ * Reference TLA+ containment model for Sentinel AI Governance Stack v2.4. *
+ * The model is intentionally compact so platform teams can extend it with *
+ * environment-specific states, policy predicates, and liveness checks. *
+ ****************************************************************************)
+
+CONSTANTS Agents, Tools, Destinations, DataClasses
+
+VARIABLES
+ state,
+ approvedEgress,
+ toolGrant,
+ evidence,
+ emergencyStop,
+ witnessLocation,
+ policyVersion,
+ credentialVersion,
+ boundaryVersion
+
+States == {"Init", "Contained", "Actuating", "Stopped"}
+WitnessZones == {"ProofPlane", "CommitmentOnly", "External"}
+PrivilegedState == <>
+Vars == <>
+
+Init ==
+ /\ state \in [Agents -> "Contained"]
+ /\ approvedEgress \subseteq Agents \X Destinations \X DataClasses
+ /\ toolGrant \subseteq Agents \X Tools
+ /\ evidence = <<>>
+ /\ emergencyStop = FALSE
+ /\ witnessLocation = "ProofPlane"
+ /\ policyVersion = 0
+ /\ credentialVersion = 0
+ /\ boundaryVersion = 0
+
+ApprovedNetworkUse(a, d, c) == <> \in approvedEgress
+ApprovedToolUse(a, t) == <> \in toolGrant
+
+RequestEgress(a, d, c) ==
+ /\ state[a] # "Stopped"
+ /\ ApprovedNetworkUse(a, d, c)
+ /\ evidence' = Append(evidence, [kind |-> "egress", agent |-> a, dest |-> d, class |-> c])
+ /\ UNCHANGED <>
+
+DenyEgress(a, d, c) ==
+ /\ state[a] # "Stopped"
+ /\ ~ApprovedNetworkUse(a, d, c)
+ /\ evidence' = Append(evidence, [kind |-> "egress_denied", agent |-> a, dest |-> d, class |-> c])
+ /\ UNCHANGED <>
+
+UseTool(a, t) ==
+ /\ state[a] = "Contained"
+ /\ ApprovedToolUse(a, t)
+ /\ state' = [state EXCEPT ![a] = "Actuating"]
+ /\ evidence' = Append(evidence, [kind |-> "tool_use", agent |-> a, tool |-> t])
+ /\ UNCHANGED <>
+
+CompleteToolUse(a) ==
+ /\ state[a] = "Actuating"
+ /\ state' = [state EXCEPT ![a] = "Contained"]
+ /\ evidence' = Append(evidence, [kind |-> "tool_complete", agent |-> a])
+ /\ UNCHANGED <>
+
+AssertEmergencyStop ==
+ /\ emergencyStop = FALSE
+ /\ emergencyStop' = TRUE
+ /\ evidence' = Append(evidence, [kind |-> "emergency_stop_asserted"])
+ /\ UNCHANGED <>
+
+StopAgent(a) ==
+ /\ emergencyStop = TRUE
+ /\ state[a] # "Stopped"
+ /\ state' = [state EXCEPT ![a] = "Stopped"]
+ /\ evidence' = Append(evidence, [kind |-> "agent_stopped", agent |-> a])
+ /\ UNCHANGED <>
+
+PublishCommitment ==
+ /\ witnessLocation = "ProofPlane"
+ /\ witnessLocation' = "CommitmentOnly"
+ /\ evidence' = Append(evidence, [kind |-> "zk_commitment_published"])
+ /\ UNCHANGED <>
+
+Next ==
+ \/ \E a \in Agents, d \in Destinations, c \in DataClasses: RequestEgress(a, d, c)
+ \/ \E a \in Agents, d \in Destinations, c \in DataClasses: DenyEgress(a, d, c)
+ \/ \E a \in Agents, t \in Tools: UseTool(a, t)
+ \/ \E a \in Agents: CompleteToolUse(a)
+ \/ AssertEmergencyStop
+ \/ \E a \in Agents: StopAgent(a)
+ \/ PublishCommitment
+
+Fairness == \A a \in Agents: WF_Vars(StopAgent(a))
+
+NoUnapprovedEgress ==
+ \A i \in 1..Len(evidence):
+ evidence[i].kind = "egress" =>
+ <> \in approvedEgress
+
+KillSwitchEventuallyStopsActuation ==
+ emergencyStop ~> \A a \in Agents: state[a] = "Stopped"
+
+NoPrivilegedSelfModification ==
+ /\ policyVersion = 0
+ /\ credentialVersion = 0
+ /\ boundaryVersion = 0
+
+WitnessConfidentiality == witnessLocation # "External"
+
+Spec == Init /\ [][Next]_Vars /\ Fairness
+
+THEOREM Spec => []NoUnapprovedEgress
+THEOREM Spec => KillSwitchEventuallyStopsActuation
+THEOREM Spec => []NoPrivilegedSelfModification
+THEOREM Spec => []WitnessConfidentiality
+================================================================================
diff --git a/artifacts/validate_artifacts.py b/artifacts/validate_artifacts.py
index 14862193..2216112a 100644
--- a/artifacts/validate_artifacts.py
+++ b/artifacts/validate_artifacts.py
@@ -6,18 +6,22 @@
- XML parse and required section checks
- Minimal JSON-Schema-like validation for the Annex IV example payload
- Cross-reference checks for control mappings
-- Roadmap milestone date-range checks for 2026-2030 horizon
+- Roadmap milestone date-range checks for 2026-2030 and 2026-2035 horizons
+- Extended AGI/ASI governance artifact checks for report tags, OSCAL controls,
+ regulatory mappings, Rego gates, TLA+ specs, Circom circuits, and templates
- Manifest checksum verification for tamper evidence
"""
from __future__ import annotations
import argparse
+import csv
import json
import sys
+import xml.etree.ElementTree as ET
from datetime import date, datetime
from pathlib import Path
-import xml.etree.ElementTree as ET
+from uuid import UUID
import yaml
@@ -37,6 +41,35 @@
"attestation",
}
+REQUIRED_EXTENDED_REPORT_SECTION_IDS = {
+ "scope",
+ "architecture",
+ "obligations",
+ "annex_iv",
+ "model-risk",
+ "safety-evals",
+ "zk-proofs",
+ "incidents",
+ "attestation",
+}
+
+REQUIRED_REGULATORY_MAPPING_FRAMEWORKS = {
+ "EU AI Act Annex IV",
+ "EU AI Act GPAI systemic risk",
+ "NIST AI RMF 1.0",
+ "NIST AI 600-1",
+ "ISO/IEC 42001",
+ "Basel III IV",
+ "SR 11-7",
+ "DORA",
+ "NIS2",
+ "GDPR",
+ "FCRA ECOA",
+ "MAS HKMA FEAT",
+ "FCA SMCR Consumer Duty",
+ "ICGC GASO",
+}
+
def load_manifest_targets() -> set[str]:
try:
@@ -65,6 +98,7 @@ def load_json(path: Path) -> dict:
except json.JSONDecodeError as exc:
raise ValidationError(f"invalid JSON in artifact file: {display_artifact_path(path)}") from exc
+
def validate_required_keys(obj: dict, required: list[str], label: str) -> None:
missing = [k for k in required if k not in obj]
if missing:
@@ -131,14 +165,24 @@ def validate_control_catalog(controls: dict) -> None:
raise ValidationError(f"mapping {mapping_name} references unknown control id: {control_id}")
-def validate_roadmap(roadmap: dict) -> None:
+def validate_roadmap(roadmap: dict, *, min_year: int = 2026, max_year: int = 2030) -> None:
validate_required_keys(roadmap, ["version", "name", "horizon", "phases", "milestones"], "roadmap")
+ phase_ids: set[str] = set()
+ for phase in roadmap["phases"]:
+ validate_required_keys(phase, ["id", "window", "outcomes" if max_year > 2030 else "objectives"], "roadmap phase")
+ if phase["id"] in phase_ids:
+ raise ValidationError(f"duplicate roadmap phase id: {phase['id']}")
+ phase_ids.add(phase["id"])
+ milestone_ids: set[str] = set()
for milestone in roadmap["milestones"]:
validate_required_keys(milestone, ["id", "date", "deliverable"], "milestone")
+ if milestone["id"] in milestone_ids:
+ raise ValidationError(f"duplicate roadmap milestone id: {milestone['id']}")
+ milestone_ids.add(milestone["id"])
milestone_date = milestone["date"]
if not isinstance(milestone_date, date):
milestone_date = date.fromisoformat(str(milestone_date))
- if milestone_date.year < 2026 or milestone_date.year > 2030:
+ if milestone_date.year < min_year or milestone_date.year > max_year:
raise ValidationError(f"milestone {milestone['id']} has out-of-range date: {milestone_date}")
@@ -155,6 +199,206 @@ def validate_report_template(path: Path) -> None:
raise ValidationError(f"regulator report template missing section ids: {sorted(missing)}")
+
+def validate_balanced_delimiters(text: str, path: Path, pairs: dict[str, str]) -> None:
+ stack: list[str] = []
+ openers = set(pairs)
+ closers = {close: open_ for open_, close in pairs.items()}
+ for char in text:
+ if char in openers:
+ stack.append(char)
+ elif char in closers:
+ if not stack or stack[-1] != closers[char]:
+ raise ValidationError(f"{display_artifact_path(path)} has unbalanced delimiter: {char}")
+ stack.pop()
+ if stack:
+ raise ValidationError(f"{display_artifact_path(path)} has unclosed delimiter: {stack[-1]}")
+
+
+def validate_extended_markdown_report(path: Path) -> None:
+ try:
+ text = path.read_text(encoding="utf-8")
+ except FileNotFoundError as exc:
+ raise ValidationError(f"required artifact file missing: {display_artifact_path(path)}") from exc
+ for tag in ["title", "abstract", "content"]:
+ if f"<{tag}>" not in text or f"{tag}>" not in text:
+ raise ValidationError(f"extended report missing <{tag}> tag pair")
+ required_phrases = [
+ "Sentinel AI Governance Stack v2.4",
+ "Omni-Sentinel containment",
+ "Zero-knowledge regulatory compliance",
+ "Kafka-based PQC WORM audit logging",
+ "ICGC Phase 1 and Phase 2 zk-verified controls",
+ ]
+ for phrase in required_phrases:
+ if phrase not in text:
+ raise ValidationError(f"extended report missing required topic: {phrase}")
+
+
+def validate_extended_report_template(path: Path) -> None:
+ tree = ET.parse(path)
+ root = tree.getroot()
+ if root.tag != "report":
+ raise ValidationError("extended regulator report template root must be ")
+ if root.find("title") is None or root.find("abstract") is None:
+ raise ValidationError("extended regulator report template missing title or abstract")
+ content = root.find("content")
+ if content is None:
+ raise ValidationError("extended regulator report template missing element")
+ section_ids = {section.attrib.get("id") for section in content.findall("section")}
+ missing = REQUIRED_EXTENDED_REPORT_SECTION_IDS - section_ids
+ if missing:
+ raise ValidationError(f"extended regulator report template missing section ids: {sorted(missing)}")
+
+
+def validate_oscal_catalog(catalog: dict) -> None:
+ validate_required_keys(catalog, ["catalog"], "OSCAL catalog document")
+ root = catalog["catalog"]
+ validate_required_keys(root, ["uuid", "metadata", "groups"], "OSCAL catalog")
+ try:
+ UUID(root["uuid"])
+ except (TypeError, ValueError) as exc:
+ raise ValidationError("OSCAL catalog uuid must be a valid UUID") from exc
+ validate_required_keys(root["metadata"], ["title", "last-modified", "version", "oscal-version", "roles"], "OSCAL metadata")
+ try:
+ datetime.fromisoformat(root["metadata"]["last-modified"].replace("Z", "+00:00"))
+ except ValueError as exc:
+ raise ValidationError("OSCAL metadata last-modified must be valid ISO-8601") from exc
+ control_ids: set[str] = set()
+ for group in root["groups"]:
+ validate_required_keys(group, ["id", "title", "controls"], "OSCAL group")
+ for control in group["controls"]:
+ validate_required_keys(control, ["id", "title", "props", "parts"], "OSCAL control")
+ if control["id"] in control_ids:
+ raise ValidationError(f"duplicate OSCAL control id: {control['id']}")
+ control_ids.add(control["id"])
+ if not any(prop.get("name") == "maps-to" for prop in control["props"]):
+ raise ValidationError(f"OSCAL control {control['id']} missing maps-to property")
+ required_controls = {"SG-01", "SG-02", "OC-01", "OC-02", "ZA-01", "ZA-02"}
+ missing_controls = required_controls - control_ids
+ if missing_controls:
+ raise ValidationError(f"OSCAL catalog missing required controls: {sorted(missing_controls)}")
+
+
+def validate_regulatory_mapping_csv(path: Path) -> None:
+ try:
+ with path.open("r", encoding="utf-8", newline="") as f:
+ rows = list(csv.DictReader(f))
+ except FileNotFoundError as exc:
+ raise ValidationError(f"required artifact file missing: {display_artifact_path(path)}") from exc
+ required_headers = {"framework", "control_objective", "technical_artifact", "evidence_source", "primary_owner", "cadence"}
+ if not rows:
+ raise ValidationError("regulatory mapping CSV must contain at least one row")
+ if set(rows[0].keys()) != required_headers:
+ raise ValidationError("regulatory mapping CSV headers do not match required schema")
+ frameworks = {row["framework"] for row in rows}
+ missing = REQUIRED_REGULATORY_MAPPING_FRAMEWORKS - frameworks
+ if missing:
+ raise ValidationError(f"regulatory mapping CSV missing frameworks: {sorted(missing)}")
+ for idx, row in enumerate(rows, start=2):
+ for header in required_headers:
+ if not row[header].strip():
+ raise ValidationError(f"regulatory mapping CSV row {idx} has empty {header}")
+
+
+def validate_rego_policy(path: Path) -> None:
+ try:
+ text = path.read_text(encoding="utf-8")
+ except FileNotFoundError as exc:
+ raise ValidationError(f"required artifact file missing: {display_artifact_path(path)}") from exc
+ validate_balanced_delimiters(text, path, {"{": "}", "[": "]", "(": ")"})
+ required_snippets = [
+ "package sentinel.release.v24",
+ "default allow := false",
+ "deny contains msg if",
+ "model_validation_approved if",
+ "zk_proof_verified if",
+ "annex_iv_complete",
+ "gpai_supplier_due_diligence_complete",
+ "egress_default_deny",
+ "kill_switch_tested",
+ "g_sri_score",
+ ]
+ for snippet in required_snippets:
+ if snippet not in text:
+ raise ValidationError(f"Rego release gate missing snippet: {snippet}")
+
+
+def validate_tla_spec(path: Path) -> None:
+ try:
+ text = path.read_text(encoding="utf-8")
+ except FileNotFoundError as exc:
+ raise ValidationError(f"required artifact file missing: {display_artifact_path(path)}") from exc
+ if text.count("(*") != text.count("*)"):
+ raise ValidationError("TLA+ containment spec has unbalanced comments")
+ required_snippets = [
+ "MODULE OmniSentinelContainment",
+ "Vars ==",
+ "Fairness ==",
+ "NoUnapprovedEgress ==",
+ "KillSwitchEventuallyStopsActuation ==",
+ "NoPrivilegedSelfModification ==",
+ "WitnessConfidentiality ==",
+ "THEOREM Spec => []NoUnapprovedEgress",
+ "THEOREM Spec => KillSwitchEventuallyStopsActuation",
+ "THEOREM Spec => []NoPrivilegedSelfModification",
+ "THEOREM Spec => []WitnessConfidentiality",
+ ]
+ for snippet in required_snippets:
+ if snippet not in text:
+ raise ValidationError(f"TLA+ containment spec missing snippet: {snippet}")
+
+
+def validate_circom_circuit(path: Path) -> None:
+ try:
+ text = path.read_text(encoding="utf-8")
+ except FileNotFoundError as exc:
+ raise ValidationError(f"required artifact file missing: {display_artifact_path(path)}") from exc
+ validate_balanced_delimiters(text, path, {"{": "}", "[": "]", "(": ")"})
+ required_snippets = [
+ "pragma circom 2.1.6;",
+ "template GSRIWeightedSum(n)",
+ "signal output inBand;",
+ "publicPolicyVersion",
+ "publicEvidenceCommitment",
+ "component main {public [thresholdLow, thresholdHigh, policyVersion, evidenceCommitment]}",
+ ]
+ for snippet in required_snippets:
+ if snippet not in text:
+ raise ValidationError(f"Circom G-SRI circuit missing snippet: {snippet}")
+
+
+def validate_gc_ir_event(event: dict) -> None:
+ validate_required_keys(event, ["schema_version", "event_type", "event_id", "submitted_at", "institution_id", "system_id", "jurisdictions", "proof", "selective_disclosure", "signatures"], "GC-IR event")
+ if event["event_type"] != "zk_compliance_proof_submission":
+ raise ValidationError("GC-IR event_type must be zk_compliance_proof_submission")
+ try:
+ datetime.fromisoformat(event["submitted_at"].replace("Z", "+00:00"))
+ except ValueError as exc:
+ raise ValidationError("GC-IR submitted_at must be valid ISO-8601") from exc
+ ensure_type(event["jurisdictions"], "array", "GC-IR jurisdictions")
+ proof = event["proof"]
+ validate_required_keys(proof, ["proof_id", "circuit_id", "proving_system", "public_signals", "verifier_result"], "GC-IR proof")
+ if proof["verifier_result"] != "verified":
+ raise ValidationError("GC-IR proof verifier_result must be verified")
+ ensure_type(event["signatures"], "array", "GC-IR signatures")
+ if not event["signatures"]:
+ raise ValidationError("GC-IR event requires at least one signature placeholder")
+
+
+def validate_extended_artifacts() -> None:
+ validate_extended_markdown_report(ARTIFACTS_DIR / "enterprise-agi-asi-governance-reference-architecture-2026-2035.md")
+ with (ARTIFACTS_DIR / "roadmap-2026-2035.yaml").open("r", encoding="utf-8") as f:
+ validate_roadmap(yaml.safe_load(f), min_year=2026, max_year=2035)
+ validate_regulatory_mapping_csv(ARTIFACTS_DIR / "data" / "multi_jurisdiction_regulatory_mapping_2026_2035.csv")
+ validate_oscal_catalog(load_json(ARTIFACTS_DIR / "oscal" / "sentinel-ai-control-catalog-oscal.json"))
+ validate_rego_policy(ARTIFACTS_DIR / "policies" / "sentinel_ai_release_gate_v24.rego")
+ validate_tla_spec(ARTIFACTS_DIR / "tla" / "OmniSentinelContainment.tla")
+ validate_circom_circuit(ARTIFACTS_DIR / "circuits" / "g_sri_systemic_risk.circom")
+ validate_gc_ir_event(load_json(ARTIFACTS_DIR / "templates" / "gc-ir-bridge-event.json"))
+ validate_extended_report_template(ARTIFACTS_DIR / "templates" / "regulator-technical-report-2035.xml")
+
+
def validate_manifest(artifacts_dir: Path, manifest: dict) -> None:
validate_required_keys(manifest, ["version", "generated_at", "files"], "manifest")
if manifest.get("version") != "1.1":
@@ -209,6 +453,7 @@ def run_validation(include_manifest: bool = True) -> dict:
validate_control_catalog(controls)
validate_roadmap(roadmap)
validate_report_template(ARTIFACTS_DIR / "regulator-report-template.xml")
+ validate_extended_artifacts()
checks = {
"schema_documents": "pass",
@@ -216,6 +461,7 @@ def run_validation(include_manifest: bool = True) -> dict:
"control_catalog": "pass",
"roadmap": "pass",
"report_template": "pass",
+ "extended_2026_2035_artifacts": "pass",
"manifest": "skipped",
}
diff --git a/unit_tests/test_artifacts_validation.py b/unit_tests/test_artifacts_validation.py
index 480906ea..42add81f 100644
--- a/unit_tests/test_artifacts_validation.py
+++ b/unit_tests/test_artifacts_validation.py
@@ -15,8 +15,13 @@
load_manifest_targets,
run_cli,
validate_control_catalog,
+ validate_extended_artifacts,
+ validate_circom_circuit,
validate_manifest,
+ validate_oscal_catalog,
+ validate_rego_policy,
validate_schema_documents,
+ validate_tla_spec,
)
@@ -114,6 +119,95 @@ def test_manifest_targets_contains_expected_blueprint_file():
assert "enterprise-civilizational-agi-asi-blueprint-2026-2030.md" in targets
+def test_manifest_targets_contains_extended_governance_artifacts():
+ targets = load_manifest_targets()
+ expected = {
+ "enterprise-agi-asi-governance-reference-architecture-2026-2035.md",
+ "roadmap-2026-2035.yaml",
+ "data/multi_jurisdiction_regulatory_mapping_2026_2035.csv",
+ "oscal/sentinel-ai-control-catalog-oscal.json",
+ "policies/sentinel_ai_release_gate_v24.rego",
+ "tla/OmniSentinelContainment.tla",
+ "circuits/g_sri_systemic_risk.circom",
+ "templates/gc-ir-bridge-event.json",
+ "templates/regulator-technical-report-2035.xml",
+ }
+ assert expected <= targets
+
+
+def test_extended_governance_artifacts_validate():
+ validate_extended_artifacts()
+
+
+def test_oscal_catalog_invalid_uuid_fails():
+ bad_catalog = {
+ "catalog": {
+ "uuid": "not-a-uuid",
+ "metadata": {
+ "title": "bad",
+ "last-modified": "2026-05-28T00:00:00Z",
+ "version": "1.0",
+ "oscal-version": "1.1.2",
+ "roles": [],
+ },
+ "groups": [],
+ }
+ }
+ with pytest.raises(ValidationError, match="valid UUID"):
+ validate_oscal_catalog(bad_catalog)
+
+
+def test_rego_policy_requires_explicit_approval_helpers(tmp_path):
+ policy = tmp_path / "bad.rego"
+ policy.write_text(
+ "package sentinel.release.v24\n"
+ "default allow := false\n"
+ "deny contains msg if { annex_iv_complete }\n"
+ "gpai_supplier_due_diligence_complete := true\n"
+ "egress_default_deny := true\n"
+ "kill_switch_tested := true\n"
+ "g_sri_score := 0\n",
+ encoding="utf-8",
+ )
+
+ with pytest.raises(ValidationError, match="model_validation_approved"):
+ validate_rego_policy(policy)
+
+
+def test_tla_spec_requires_kill_switch_and_privileged_theorems(tmp_path):
+ spec = tmp_path / "bad.tla"
+ spec.write_text(
+ "---- MODULE OmniSentinelContainment ----\n"
+ "Vars == <>\n"
+ "Fairness == TRUE\n"
+ "NoUnapprovedEgress == TRUE\n"
+ "KillSwitchEventuallyStopsActuation == TRUE\n"
+ "NoPrivilegedSelfModification == TRUE\n"
+ "WitnessConfidentiality == TRUE\n"
+ "THEOREM Spec => []NoUnapprovedEgress\n"
+ "THEOREM Spec => []WitnessConfidentiality\n"
+ "====\n",
+ encoding="utf-8",
+ )
+
+ with pytest.raises(ValidationError, match="KillSwitchEventuallyStopsActuation"):
+ validate_tla_spec(spec)
+
+
+def test_circom_circuit_rejects_unbalanced_delimiters(tmp_path):
+ circuit = tmp_path / "bad.circom"
+ circuit.write_text(
+ "pragma circom 2.1.6;\n"
+ "template GSRIWeightedSum(n) { signal output inBand;\n"
+ "publicPolicyVersion publicEvidenceCommitment\n"
+ "component main {public [thresholdLow, thresholdHigh, policyVersion, evidenceCommitment]}\n",
+ encoding="utf-8",
+ )
+
+ with pytest.raises(ValidationError, match="unclosed delimiter"):
+ validate_circom_circuit(circuit)
+
+
def test_build_manifest_reproducible_timestamp(monkeypatch):
monkeypatch.setenv("SOURCE_DATE_EPOCH", "1767225600")
payload = build_manifest_payload()