Decadal Roadmap and Technical Requirements (2026-2035) for G-SIFI AGI Governance

[OneFineStarstuff]

This PR implements the comprehensive decadal roadmap and technical requirements (2026-2035) for G-SIFI enterprise-grade AGI/ASI governance.

Key highlights:

• Sentinel AI Governance Stack v2.4: Integration of advanced containment and compliance modules.
• StaR-MoE Routing: SARA (Self-correction & Alignment Routing Agent) and ACR (Autonomous Compliance Router) for inference stabilization.
• Post-Quantum Cryptography: ML-DSA (FIPS 204) signatures for WORM audit logging and CRYSTALS-Dilithium for SIP v3.0 interop.
• Execution Security: Hardware-rooted trust via AMD SEV-SNP/Intel TDX and vTPM attestation.
• Regulatory Mapping: OSCAL 1.1.2 mapping to major frameworks (EU AI Act, Basel III/IV, SR 26-2, DORA, NIS2).
• Visualization: New dashboard HTML report and Next.js documentation page for architect-level briefing.

---

PR created automatically by Jules for task 1497350307987278774 started by @OneFineStarstuff

Summary by Sourcery

Update the decadal AGI/ASI governance roadmap to version 2.4 and surface it through new dashboard and documentation artifacts.

New Features:

• Define an updated 2026–2035 governance roadmap with enhanced phases, objectives, and exit criteria for PQC, StaR-MoE routing, hardware attestation, and zero-knowledge risk proofs.
• Expose the decadal roadmap as a rendered HTML report in the RAG agentic dashboard backed by a JSON-driven generator script.
• Add a decadal roadmap documentation page to the Next.js app for architect-level briefing.

Enhancements:

• Introduce rate limiting to the RAG agentic dashboard via express-rate-limit.
• Adjust Next.js dependency configuration and dependency list ordering in the web app.

Documentation:

• Add technical markdown documentation describing the 2026–2035 G-SIFI AGI/ASI governance requirements and phased rollout.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
v0-one-fine-starstuff-github-io	Ready	Preview, Comment, Open in v0	Jun 10, 2026 9:56pm

[code-genius-code-coverage]

The files' contents are under analysis for test generation.

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
next-app/package.json	100% smaller
governance_blueprint/roadmap_2026_2035.yaml	8% smaller
.deepsource.toml	Unsupported file format
_headers	Unsupported file format
_redirects	Unsupported file format
fix_agi.py	0% smaller
fix_server_final.py	0% smaller
fix_workflows_v4.py	0% smaller
fix_yaml_v3.py	0% smaller
next-app/app/docs/decadal-roadmap-2035/page.tsx	0% smaller
next-app/docs/decadal-roadmap-2035.md	Unsupported file format
next-app/package-lock.json	0% smaller
next-app/public/_headers	Unsupported file format
next-app/public/_redirects	Unsupported file format
rag-agentic-dashboard/data/gsifi-decadal-roadmap-2035.json	0% smaller
rag-agentic-dashboard/gen-gsifi-decadal-roadmap-2035.py	0% smaller
rag-agentic-dashboard/package-lock.json	0% smaller
rag-agentic-dashboard/package.json	0% smaller
rag-agentic-dashboard/public/gsifi-decadal-roadmap-2035.html	0% smaller
rag-agentic-dashboard/server.js	0% smaller

[gitnotebooks]

Review these changes at https://app.gitnotebooks.com/OneFineStarstuff/OneFineStarstuff.github.io/pull/131

[difflens]

View changes in DiffLens

[coderabbitai]

Warning

Review limit reached

@OneFineStarstuff, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 50 minutes and 12 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7c8bd519-47b0-43e9-ae7b-bbea67696079

📥 Commits

Reviewing files that changed from the base of the PR and between 0976ae1 and 37a1b08.

⛔ Files ignored due to path filters (2)

• next-app/package-lock.json is excluded by !**/package-lock.json
• rag-agentic-dashboard/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (18)

• .deepsource.toml
• _headers
• _redirects
• fix_agi.py
• fix_server_final.py
• fix_workflows_v4.py
• fix_yaml_v3.py
• governance_blueprint/roadmap_2026_2035.yaml
• next-app/app/docs/decadal-roadmap-2035/page.tsx
• next-app/docs/decadal-roadmap-2035.md
• next-app/package.json
• next-app/public/_headers
• next-app/public/_redirects
• rag-agentic-dashboard/data/gsifi-decadal-roadmap-2035.json
• rag-agentic-dashboard/gen-gsifi-decadal-roadmap-2035.py
• rag-agentic-dashboard/package.json
• rag-agentic-dashboard/public/gsifi-decadal-roadmap-2035.html
• rag-agentic-dashboard/server.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch gsifi-decadal-roadmap-2035-1497350307987278774

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's Guide

Updates the decadal AGI/ASI governance roadmap data and milestones, wires it into both a static HTML dashboard and a Next.js docs page, and adds minimal dependency and security hardening updates for the web apps.

Sequence diagram for generating the static HTML roadmap dashboard

sequenceDiagram
  actor Dev
  participant JSON as gsifi_decadal_roadmap_2035_json
  participant GEN as gen_gsifi_decadal_roadmap_2035_py
  participant HTML as gsifi_decadal_roadmap_2035_html

  Dev->>GEN: run script
  GEN->>JSON: read_text
  JSON-->>GEN: roadmap data
  GEN->>GEN: render_list
  GEN->>HTML: write_text
  HTML-->>Dev: file generated message

Loading

File-Level Changes

Change	Details	Files
Refines the 2026–2035 governance roadmap phases with new PQC, hardware attestation, and routing/containment objectives and exit criteria.	Bumps roadmap version from 1.1 to 2.4.0 in the YAML blueprint Adds ML-DSA PQC audit plane initialization and verification criteria to early phases Introduces StaR-MoE SARA/ACR stabilization and drift metrics to policy and prudential phases Adds hardware kill-switch attestation and failure-rate SLOs to containment phases Updates later-phase objectives to include zk systemic risk proofs, SIP v3.0 telemetry constraints, and ASA deployment	governance_blueprint/roadmap_2026_2035.yaml
Adds a generated, styled HTML roadmap report and a JSON-driven renderer script for the RAG dashboard.	Adds a static, hand-authored HTML roadmap report to the public assets for quick visualization Introduces a Python generator that reads roadmap content from a JSON data file and renders a consistent HTML report Defines the JSON data model for metadata, phases, regulatory mapping, and technical specifications used by the renderer	rag-agentic-dashboard/public/gsifi-decadal-roadmap-2035.html rag-agentic-dashboard/gen-gsifi-decadal-roadmap-2035.py rag-agentic-dashboard/data/gsifi-decadal-roadmap-2035.json
Exposes the decadal roadmap as a developer-facing document within the Next.js app.	Adds a Markdown document describing technical requirements, PQC posture, StaR-MoE routing, and regulatory alignment Creates a Next.js docs route that reads the Markdown from disk at build time and renders it as preformatted content for architect briefings	next-app/docs/decadal-roadmap-2035.md next-app/app/docs/decadal-roadmap-2035/page.tsx
Adjusts web app dependencies and adds basic rate limiting to the RAG dashboard API layer.	Normalizes Next.js dependency to a caret range and keeps classnames/zustand as app dependencies Introduces express-rate-limit to the RAG dashboard to guard websocket/HTTP endpoints against abuse Regenerates npm lockfiles to reflect dependency tree changes	next-app/package.json next-app/package-lock.json rag-agentic-dashboard/package.json rag-agentic-dashboard/package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
Low	pkg:npm/next@16.1.5 upgrade to: 16.2.5,15.5.16

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[difflens]

View changes in DiffLens

[deepsource-io]

DeepSource Code Review

We reviewed changes in 0976ae1...37a1b08 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
Python		Jun 10, 2026 9:57p.m.	Review ↗
JavaScript		Jun 10, 2026 9:57p.m.	Review ↗
Shell		Jun 10, 2026 9:57p.m.	Review ↗

---

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

[secure-code-warrior-for-github]

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Libraries"

What is this? (2min video)

Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.

Try a challenge in Secure Code Warrior

[codacy-production]

Not up to standards ⛔

🔴 Issues 1 critical · 6 high · 14 medium · 65 minor

Alerts:
⚠ 86 issues (≤ 0 issues of at least minor severity)

Results:
86 new issues

Category	Results
Compatibility	3 medium 4 high
BestPractice	8 medium 4 minor
Documentation	3 minor
ErrorProne	1 critical
Security	2 high
CodeStyle	56 minor
Complexity	1 medium 1 minor
Performance	2 medium
Comprehensibility	1 minor

View in Codacy

🟢 Metrics 10 complexity · 0 duplication

Metric	Results
Complexity	10
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[difflens]

View changes in DiffLens

[netlify]

❌ Deploy Preview for onefinestarstuff failed.

Name	Link
🔨 Latest commit	16cae5f
🔍 Latest deploy log	https://app.netlify.com/projects/onefinestarstuff/deploys/6a29c8e26ef05b0008e6708e

[netlify]

❌ Deploy Preview for onefinestarstuff failed.

Name	Link
🔨 Latest commit	37a1b08
🔍 Latest deploy log	https://app.netlify.com/projects/onefinestarstuff/deploys/6a29dd772f9f1600080c62ae

[difflens]

View changes in DiffLens

[difflens]

View changes in DiffLens

[sourcery-ai]

Sorry @OneFineStarstuff, your pull request is larger than the review limit of 150000 diff characters

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[charliecreates]

Blocking feedback

1. Global rate limiting now applies to static assets and WebSocket upgrade requests, not just API traffic — rag-agentic-dashboard/server.js#L26

If you want me to push a fix, reply with item numbers (for example: please fix 1).