Sentinel v2.4 ZK-Compliance & Civilizational Governance Deep-Dive Volume (2026–2035)#133
Merged
Merged
Conversation
|
The files' contents are under analysis for test generation. |
|
Review these changes at https://app.gitnotebooks.com/OneFineStarstuff/OneFineStarstuff.github.io/pull/133 |
❌ Deploy Preview for onefinestarstuff failed.
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @OneFineStarstuff, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
View changes in DiffLens |
github-actions
Bot
added
the
documentation
Contributor
|
Warning Review limit reached
More reviews will be available in 39 minutes and 34 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (3)
📒 Files selected for processing (44)
📝 WalkthroughWalkthroughAdded comprehensive governance stack (SENTINEL v2.4) covering 2026–2035, featuring: (1) 514-line specification document defining governance data models, formal policy layers (TLA+/OPA/Rego), cryptographic compliance architecture (Kafka audit logging, Circom circuits, GC-IR bridge), jurisdictional mappings, civilizational governance principles, regulatory templates, and feasibility taxonomy; (2) concrete artifact examples (OSCAL control catalog, GC-IR obligation with fixtures); (3) Rego policies for fairness validation and release gating with comprehensive tests; (4) TLA+ containment kill-switch model with safety invariants; (5) two Circom circuits (concentration bound, reason-code validation) with witness calculators; (6) cross-target harness validating policy/circuit agreement; (7) proof orchestration and runnable assurance suite with five-stage verification workflow; (8) CI integration and artifact validation. ChangesSENTINEL v2.4 Specification and Control Artifacts
Policy Layer Implementation and Formal Verification
Cryptographic Proof Circuits and Witness Generation
Cross-Target Validation, Proof Orchestration, and Runnable Assurance
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
|
 |
|
Overall Grade |
Security Reliability Complexity Hygiene |
Code Review Summary
| Analyzer | Status | Updated (UTC) | Details |
|---|---|---|---|
| Python |  |
Jun 17, 2026 8:28a.m. | Review ↗ |
| JavaScript | |
Jun 17, 2026 8:28a.m. | Review ↗ |
| Shell |  |
Jun 17, 2026 8:28a.m. | Review ↗ |
Important
AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.
Not up to standards ⛔🔴 Issues
|
| Category | Results |
|---|---|
| BestPractice | 40 medium 2 minor |
| Documentation | 8 minor |
| ErrorProne | 23 high |
| Security | 2 medium 1 minor 4 high |
| CodeStyle | 16 minor |
| Complexity | 4 minor |
🟢 Metrics 131 complexity · 12 duplication
Metric Results Complexity 131 Duplication 12
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
|
View changes in DiffLens |
![gstraccini[bot]](https://avatars.githubusercontent.com/in/480132?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@governance_artifacts/oscal/catalog_sentinel_v24_excerpt.json`:
- Line 3: Replace the non‑RFC4122 value currently set in catalog.uuid
("8f3c2a1e-sentinel-v24-excerpt") with a valid RFC 4122 UUID string (e.g., a
standard 8-4-4-4-12 hex format) and move any human-readable label or excerpt
text into catalog.metadata.remarks so the UUID field contains only a valid UUID
and the descriptive text remains preserved in metadata. Ensure you update the
value referenced as catalog.uuid and add or append the label under
catalog.metadata.remarks.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 7ac0faf0-251d-42bc-b03f-88079d5df763
📒 Files selected for processing (3)
docs/reports/SENTINEL_V24_ZK_COMPLIANCE_CIVILIZATIONAL_GOVERNANCE_2026_2035.mdgovernance_artifacts/oscal/catalog_sentinel_v24_excerpt.jsongovernance_artifacts/zk/gcir_obligation_example.yaml
OneFineStarstuff
force-pushed
the
genspark_ai_developer
branch
from
bb5596f to
87d0c7c
Compare
|
View changes in DiffLens |
Vulnerable Libraries (1)
More info on how to fix Vulnerable Libraries in JavaScript. 👉 Go to the dashboard for detailed results. 📥 Happy? Share your feedback with us. |
Micro-Learning Topic: Vulnerable library (Detected by phrase)Matched on "Vulnerable Libraries"Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process. Try a challenge in Secure Code Warrior |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
View changes in DiffLens |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 11
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
governance_artifacts/zk/circuits/src1_concentration_bound_js/witness_calculator.js (1)
1-338:⚠️ Potential issue | 🟠 MajorDeno lint failures in generated witness runtime are blocking CI.
This file contains multiple violations of enforced Deno lint rules:
- 7
vardeclarations (violatesprefer-const)- Multiple nested function declarations (violates
no-inner-declarations)Since this is generated code, add a file-level Deno lint ignore header to unblock the pipeline.
Quick unblock for generated file
+/* deno-lint-ignore-file no-var prefer-const no-inner-declarations */ module.exports = async function builder(code, options) {Note: The same issue affects the duplicate file at
governance_artifacts/zk/circuits/src_fair1_reason_code_check_js/witness_calculator.js.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@governance_artifacts/zk/circuits/src1_concentration_bound_js/witness_calculator.js` around lines 1 - 338, Add a file-level Deno lint ignore header at the very beginning of the witness_calculator.js file, before the module.exports declaration, to suppress the prefer-const and no-inner-declarations lint violations. The header should disable both rules since the file is generated code. Apply the identical fix to the duplicate witness_calculator.js file mentioned in the comment that has the same Deno lint violations.Source: Pipeline failures
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/runnable-assurance.yml:
- Around line 12-15: The pull_request trigger in the runnable-assurance.yml
workflow only watches for changes to governance_artifacts/** but not the
workflow file itself, meaning PRs that modify the workflow file won't trigger
this job. Add the workflow file path (.github/workflows/runnable-assurance.yml)
to the pull_request.paths list alongside the existing governance_artifacts/**
entry so that changes to the workflow file also trigger the job execution.
- Around line 17-37: The workflow lacks critical security hardening measures
that increase supply-chain attack risk. Add a `permissions: contents: read`
block at the workflow level to restrict token scope. Pin the four actions
referenced in the setup steps (actions/checkout@v4, actions/setup-python@v5,
actions/setup-node@v4, and actions/setup-java@v4) to their full-length commit
SHAs instead of mutable version tags, keeping the version tags as comments for
readability. Add `persist-credentials: false` to the checkout step to disable
credential persistence on disk. Additionally, update the pull_request trigger to
include `.github/workflows/runnable-assurance.yml` in its paths filter so that
modifications to this workflow file itself will trigger execution.
In
`@docs/reports/SENTINEL_V24_ZK_COMPLIANCE_CIVILIZATIONAL_GOVERNANCE_2026_2035.md`:
- Around line 39-43: The "Deadline machinery" section in the document lists
specific regulatory timelines (DORA 4h/72h/1-month, Reg B 30-day, EU AI Act Art.
73 15-day) without capturing important nuances or providing source citations.
Revise this section to either add explicit hyperlinks or footnote references to
the authoritative regulatory sources for each deadline mentioned, or reframe the
timeline statements using conditional language such as "current DORA timelines
include..." and add a prominent disclaimer that these deadlines are
jurisdiction-specific and subject to regulatory change. Ensure the revised text
captures the full complexity: for DORA include mention of the dual constraint (4
hours from classification OR 24 hours from detection) and weekend-holiday
extensions; for EU AI Act Art. 73 include the expedited windows (2 days for
widespread infringements, 10 days for deaths) in addition to the base 15-day
window.
In `@governance_artifacts/README.md`:
- Around line 12-14: The bash command in the README.md file uses a relative path
that only works when executed from within the governance_artifacts directory.
Update the command to use the full relative path from the repository root by
changing bash run_runnable_assurance.sh to bash
governance_artifacts/run_runnable_assurance.sh. This makes the command
location-agnostic and allows users to run it successfully from any directory in
the repository.
In `@governance_artifacts/rego/fairness_credit_decision.rego`:
- Around line 38-41: The deny rule for insufficient_reason_codes in the in_scope
decision check does not handle cases where input.decision.reason_codes is
missing or undefined, which prevents the explicit denial from triggering. Modify
the rule to default the reason_codes to an empty array when the path does not
exist, so that the count check explicitly evaluates missing reason_codes as
having zero elements and triggers the "insufficient_reason_codes" denial with
clear feedback. Use a default expression or alternative operator to ensure the
count comparison always evaluates even when reason_codes is absent.
In `@governance_artifacts/tla/KillSwitchAbstract.tla`:
- Around line 24-26: The TLA+ module documents a liveness property named
CanAlwaysReachTerminated for con-04 reachability (in the comments at lines
24-26), but this operator is never defined in the KillSwitchAbstract.tla module
and is not listed in the .cfg file's PROPERTY declarations (which currently only
checks ASANeverLowers and DeEscalationNeedsQuorum). Define the
CanAlwaysReachTerminated operator in the module to formally specify that from
every reachable state, given a human quorum, the system can reach the L4
TERMINATED state, then add this property to the .cfg file's PROPERTY section so
it is actually checked by the model checker.
In `@governance_artifacts/zk/circuits/src_fair1_reason_code_check.circom`:
- Around line 60-77: The comparators GreaterEqThan and LessEqThan at lines 60–75
require bit-constrained operands for soundness, but the operands code[i],
approved_k, and min_codes lack explicit in-circuit range validation, allowing
malicious provers to provide unbounded field elements. Add Num2Bits
decomposition components to explicitly constrain each of these variables to
their intended bit widths (code[i] to K_MAX_BITS, approved_k to K_MAX_BITS, and
min_codes to 8 bits), verifying the decompositions before passing the values to
the comparators to ensure bounded integer semantics are enforced independently.
In
`@governance_artifacts/zk/circuits/src1_concentration_bound_js/generate_witness.js`:
- Around line 4-19: The CLI argument validation in the if statement checking
process.argv.length currently prints a usage message but does not exit with a
non-zero status code; additionally, the promise chain initiated by
wc(buffer).then() lacks error handling. Import node:process explicitly at the
top of the file, then add process.exit(1) when the argument count is incorrect,
and add a .catch() handler to the promise chain to handle errors from the
witness calculator and file write operations, ensuring errors are logged and the
process exits with a non-zero status code.
In `@governance_artifacts/zk/circuits/src1_concentration_bound.circom`:
- Around line 50-109: The ConcentrationBound template feeds unconstrained field
elements to three LessEqThan(64) comparator gadgets (upper, lower, and within)
at lines 92, 100, and 106, which violates Circomlib's requirement that
comparator inputs be range-constrained to their bit-width parameter. This can
cause proof soundness issues through field arithmetic aliasing. Additionally,
the template allows T to equal 0 (computed from SumOf at line 68), violating the
HHI definition which requires T ≠ 0 as a denominator. To fix this: add Num2Bits
range constraints for the input signals v[i], total_commit, hhi_bps, and
threshold_bps before they are used in any comparator checks, and add an IsZero
component to ensure T is not zero before the mathematical constraints are
applied. These constraints must be placed early in the template, before the
comparator components are instantiated.
In `@governance_artifacts/zk/gcir_harness.py`:
- Around line 70-74: The subprocess.run calls for external tool invocations lack
timeout and error handling, which can cause indefinite hangs or unhandled launch
failures. Wrap the subprocess.run calls for the OPA eval command (and the other
external tool invocation mentioned in the comment) with a timeout parameter.
Additionally, catch OSError and subprocess.TimeoutExpired exceptions, and when
either is raised, log an appropriate error message and exit with code 3 to
ensure deterministic failure behavior as specified by the harness contract.
- Around line 87-91: The code at line 90 silently truncates reason_codes to MAXC
length by padding and slicing with `slots = (slots + [0] * MAXC)[:MAXC]`, which
can hide unapproved codes and cause disagreement between rego (seeing all codes)
and the circuit (seeing only first MAXC). Instead of truncating, add a
validation check: if the length of slots exceeds MAXC, raise an error as a
fixture-contract violation; otherwise, pad with zeros to MAXC without
truncating. This ensures overflow is treated as an explicit error condition
rather than silently hidden.
---
Outside diff comments:
In
`@governance_artifacts/zk/circuits/src1_concentration_bound_js/witness_calculator.js`:
- Around line 1-338: Add a file-level Deno lint ignore header at the very
beginning of the witness_calculator.js file, before the module.exports
declaration, to suppress the prefer-const and no-inner-declarations lint
violations. The header should disable both rules since the file is generated
code. Apply the identical fix to the duplicate witness_calculator.js file
mentioned in the comment that has the same Deno lint violations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 89dfc33a-7882-4082-9a51-36973b5960a5
⛔ Files ignored due to path filters (3)
governance_artifacts/zk/circuits/src1_concentration_bound_js/src1_concentration_bound.wasmis excluded by!**/*.wasmgovernance_artifacts/zk/circuits/src_fair1_reason_code_check_js/src_fair1_reason_code_check.wasmis excluded by!**/*.wasmgovernance_artifacts/zk/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (34)
.github/workflows/runnable-assurance.ymldocs/reports/SENTINEL_V24_ZK_COMPLIANCE_CIVILIZATIONAL_GOVERNANCE_2026_2035.mdgovernance_artifacts/README.mdgovernance_artifacts/RUNNABLE_ASSURANCE.mdgovernance_artifacts/oscal/catalog_sentinel_v24_excerpt.jsongovernance_artifacts/rego/fairness_credit_decision.regogovernance_artifacts/rego/high_impact_credit.regogovernance_artifacts/rego/high_impact_credit_test.regogovernance_artifacts/rego/release_gate.regogovernance_artifacts/rego/release_gate_test.regogovernance_artifacts/run_runnable_assurance.shgovernance_artifacts/tla/KillSwitchAbstract.cfggovernance_artifacts/tla/KillSwitchAbstract.tlagovernance_artifacts/tla/tools/.gitignoregovernance_artifacts/validate_artifacts.pygovernance_artifacts/zk/.gitignoregovernance_artifacts/zk/circuits/src1_concentration_bound.circomgovernance_artifacts/zk/circuits/src1_concentration_bound.r1csgovernance_artifacts/zk/circuits/src1_concentration_bound.symgovernance_artifacts/zk/circuits/src1_concentration_bound_js/generate_witness.jsgovernance_artifacts/zk/circuits/src1_concentration_bound_js/witness_calculator.jsgovernance_artifacts/zk/circuits/src_fair1_reason_code_check.circomgovernance_artifacts/zk/circuits/src_fair1_reason_code_check.r1csgovernance_artifacts/zk/circuits/src_fair1_reason_code_check.symgovernance_artifacts/zk/circuits/src_fair1_reason_code_check_js/generate_witness.jsgovernance_artifacts/zk/circuits/src_fair1_reason_code_check_js/witness_calculator.jsgovernance_artifacts/zk/gcir_harness.pygovernance_artifacts/zk/gcir_obligation_example.yamlgovernance_artifacts/zk/inputs/src1_compliant.jsongovernance_artifacts/zk/inputs/src1_compliant.witness.jsongovernance_artifacts/zk/inputs/src1_violation.jsongovernance_artifacts/zk/inputs/src1_violation.witness.jsongovernance_artifacts/zk/package.jsongovernance_artifacts/zk/run_src1_proof.sh
✅ Files skipped from review due to trivial changes (8)
- governance_artifacts/tla/tools/.gitignore
- governance_artifacts/zk/inputs/src1_violation.witness.json
- governance_artifacts/zk/.gitignore
- governance_artifacts/zk/inputs/src1_compliant.json
- governance_artifacts/tla/KillSwitchAbstract.cfg
- governance_artifacts/zk/package.json
- governance_artifacts/rego/release_gate.rego
- governance_artifacts/zk/circuits/src_fair1_reason_code_check.sym
🚧 Files skipped from review as they are similar to previous changes (2)
- governance_artifacts/zk/gcir_obligation_example.yaml
- governance_artifacts/oscal/catalog_sentinel_v24_excerpt.json
|
View changes in DiffLens |
1 similar comment
|
View changes in DiffLens |
OneFineStarstuff
force-pushed
the
genspark_ai_developer
branch
from
8ed84e5 to
00e43e9
Compare
|
View changes in DiffLens |
|
View changes in DiffLens |
Not up to standards ⛔🔴 Issues
|
| Category | Results |
|---|---|
| UnusedCode | 2 medium |
| BestPractice | 13 medium |
| Documentation | 23 minor |
| ErrorProne | 16 high |
| Security | 3 medium 1 minor 22 high |
| CodeStyle | 12 minor |
| Complexity | 1 medium 5 minor |
| Performance | 2 medium |
🟢 Metrics 191 complexity · 12 duplication
Metric Results Complexity 191 Duplication 12
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
…with machine-readable artifacts
…-IR cross-target harness, OPA tests Upgrade Sentinel v2.4 governance artifacts from declarative to executable/verifiable: - ZK (cry-05): SRC-1 ConcentrationBound Circom circuit proving foundation-model decision-volume HHI <= board threshold in zero knowledge; full Groth16 flow (run_src1_proof.sh) with verified proof + soundness negative test. Emitted proof_statement.json validates against proof_statement_schema.json. - TLA+ (con-04/con-07): complete KillSwitchAbstract spec with Init/Next; TLC model-checks ASA one-way containment ratchet + human dual-control quorum for terminal actuation/de-escalation (13 states, no error). - GC-IR: gcir_harness.py enforces the 'all targets agree' claim by running shared fixtures through real Rego (opa eval) AND the SRC-fair-1 Circom circuit; any disagreement fails the build. - OPA: 12 passing tests for release_gate + high_impact_credit; migrated policies to Rego v1 syntax; updated validator token checks accordingly. - run_runnable_assurance.sh runs all five checks; CI workflow added. - RUNNABLE_ASSURANCE.md documents control->proof mapping and reproduction.
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: 𝐎𝐧𝐞 𝐅𝐢𝐧𝐞 𝐒𝐭𝐚𝐫𝐬𝐭𝐮𝐟𝐟 <onefinestarstuff@gmail.com>
…nable assurance Extend the runnable-assurance suite into four net-new verifiable domains: - Confidential computing (env-01): rego/attestation_gate.rego enforces SEV-SNP/TDX + vTPM PCR_MATCH admission (golden measurement, TCB anti-rollback, fresh nonce), with structured denial reasons; 9 OPA tests (21/21 total). TLA+ AdmissionWithAttestation proves no T0 workload runs without valid attestation and that TCB rollback / PCR drift force eviction (TLC, 64 states, no error). - MoE routing stability (rte-01): routing/sara_acr_router.py implements SARA (load-aware gating) + ACR (capacity regulation); demonstrates baseline expert collapse (entropy 0.38, load ratio 5.6) vs stabilized (entropy 0.99, ratio 1.25) satisfying entropy/load/drop invariants; 4 pytests. - PQC WORM (cry-02): kafka/pqc_worm_logger_v2.py replaces the HMAC placeholder with real CRYSTALS-Dilithium (ML-DSA-65 / FIPS 204) signatures + tamper-evident hash chain + S3 Object Lock COMPLIANCE retention; verify_chain() detects entry mutation, batch reorder, and signature forgery; 6 pytests. - OSCAL: new catalog_sentinel_v24_env_rte.json adding ENV and RTE control groups, each backed by a runnable artifact. run_runnable_assurance.sh now runs 8 checks (all PASS); CI + docs + requirements updated. No regressions in existing governance tests.
OneFineStarstuff
force-pushed
the
genspark_ai_developer
branch
from
3ff9a59 to
5f43a93
Compare
|
View changes in DiffLens |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the deep-technical companion volume to the Sentinel v2.4 roadmap merged in PR #129:
docs/reports/SENTINEL_V24_ZK_COMPLIANCE_CIVILIZATIONAL_GOVERNANCE_2026_2035.md— Enterprise AGI/ASI governance, containment, and zero-knowledge regulatory compliance reference for Fortune 500 / Global 2000 / G-SIFI institutions (2026–2035), formatted with<title>/<abstract>/<content>tags.Contents (9 parts)
<title>/<abstract>/<content>tags: periodic supervisory technical report, Art. 73/DORA serious-incident report, board quarterly AI risk pack.Machine-readable artifacts
governance_artifacts/oscal/catalog_sentinel_v24_excerpt.json— valid OSCAL-style catalog excerpt (con-04 kill-switch reachability, con-07 ASA ratchet, cry-02 hybrid PQC signatures, cry-05 SRC-1 zk attestation) with feasibility-tier props and fixture-flagged regime links.governance_artifacts/zk/gcir_obligation_example.yaml— worked GC-IR obligation (ECOA/GDPR Art. 22 reason codes) with predicate, tri-target emission (Rego/circuit/TLA+), integrity chain, and conformance fixtures.Notes
Testing
python3 -c "json.load(...); yaml.safe_load(...)"— both artifacts parse cleanly.Summary by CodeRabbit