+ Executive Summary
+ Purpose: Operationalize WP-050's Prioritized Implementation & Research Plan into a 26-sprint executable program for FY2026 with phase gates G0..G4, RACI, OKRs, quarterly budget envelopes, hire plan, vendor decisions and PMO controls.
+ Approach: Track-aligned 2-week sprints (S1..S26), 5-day buffer per phase for gate evidence, monthly KPI tile, quarterly OKR rollup and supervisor pack; every gate produces a signed Merkle evidence bundle written to WORM.
+ Deliverables: Sprint calendar, WBS for 14 tracks (≥ 78 work items), RACI matrix, OKR tree, FY2026 quarterly budget envelopes, hire plan (72 reqs across 14 tracks), vendor decisions (12 capabilities), gate evidence packs (G0..G4), supervisor packs (12 regulators).
+ Outcomes
+ - 100 % phase-gate evidence completeness
- Critical-path slippage ≤ 5 % / quarter
- Annex IV ≤ 30 min, SR 11-7 ≤ 60 min auto-assembly
- Hire-plan fill ≥ 90 %; budget burn variance ≤ 5 %
- External Cert Gold audit passed in FY2026
- EAIP RFC drafted + cross-institution interop bake-off in FY2026
+ Builds On
+ WP-035 ENT-AGI-GOV-MASTERWP-036 WFAP-GEMINI-IMPLWP-037 GSIFI-AIMS-BLUEPRINTWP-038 AGI-REG-RESILIENTWP-039 INST-AGI-MASTERWP-040 ENT-AGI-REF-IMPLWP-041 TIER13-FULLSTACKWP-042 SENTINEL-V24-DEEPDIVEWP-043 PROMPT-MGMT-ARCHWP-044 CEGL-LEXAI-GOVWP-045 AGI-ASI-MASTER-BPWP-046 AI-TRUST-ASI-BPWP-047 INST-AGI-MASTER-REFWP-048 ENT-AI-GRC-CIV-BPWP-049 ENT-CIV-AGI-ARCHWP-050 PRIO-IMPL-RESEARCH-PLAN
+ Counts
+
+ Regimes Aligned
+ EU AI Act 2026 + Annex IVNIST AI RMF 1.0 + GAI ProfileISO/IEC 42001 + 23894 + 5338 + 38507SR 11-7 + OCC 2011-12Basel III/IV + BCBS 239PRA SS1/23 + FCA Consumer Duty + SMCRMAS FEAT + AI Verify; HKMA GL-90DORA + NIS2US EO 14110 + OMB M-24-10OECD AI Principles 2024GDPR Arts 5/6/17/22/25/32/35G7 Hiroshima + Bletchley + SeoulCouncil of Europe AI ConventionFSB AI in financial servicesNIST FIPS 204 + FIPS 203 + SP 800-208SLSA L3+ + Sigstore + in-toto
+
+
+
+ Modules (14)
+
+
+ M1 — Program Overview, Phase Gates & Sprint Calendar
+ FY2026 sprint calendar (26 sprints, 2 weeks each), 5 phase gates G0..G4 with deterministic evidence packs, PMO ceremonies and exec rhythm; produces the canonical schedule consumed by every downstream track.
+ SprintsPhase gatesCeremoniesCadenceDecision rights
+ M1-S1 — Sprint Calendar FY2026
| Q1 | S1..S6 — P0 close-out + P1 launch (Jan-Mar) |
|---|
| Q2 | S7..S13 — P1 mid + P2 alpha (Apr-Jun) |
|---|
| Q3 | S14..S19 — P2 close + P3 launch (Jul-Sep) |
|---|
| Q4 | S20..S26 — P3 GA + P4 baselining (Oct-Dec) |
|---|
| length | 2-week sprint, 5-day buffer between phases for gate evidence |
|---|
| code-freeze | 5 trading-day freeze before each gate; only sec/CVE patches allowed |
|---|
M1-S2 — Phase Gates G0..G4
| G0 | End of P0 — kill-switch quorum live, OPA bundle CI green, Sigstore + ML-DSA hybrid signing operational, AIMS scope ratified |
|---|
| G1 | End of P1 — reference architecture frozen, dashboards alpha, Prompt Architect MVP, RAG governance v1 |
|---|
| G2 | End of P2 — model registry GA, EAIP draft RFC, CCaaS-PETs pilot live, threat-intel dashboard, AGI sim v1 |
|---|
| G3 | End of P3 — GACP/GACRLS/GACRA brokers live, zk-SNARK verifier portal, interpretability suite, report workflows GA |
|---|
| G4 | Years 2-5 — treaty obligations met, Cert Gold→Platinum, MGK steady state, civilizational research published |
|---|
| exitArtifact | Each gate produces a signed Evidence Pack (Annex IV + SR 11-7 + ISO 42001 + SOC 2 + DPIA hashes) |
|---|
M1-S3 — PMO Ceremonies
| daily | 15-min stand-up per track + cross-track blocker board |
|---|
| weekly | Architecture review (1 hr) + Risk review (30 min) |
|---|
| biweekly | Sprint review + retro + program-wide demo (Friday) |
|---|
| monthly | KPI tile + OKR check-in + budget burn report |
|---|
| quarterly | OKR rollup + phase-gate dry-run + board read-out |
|---|
| annual | Cert audit (ISO 42001) + treaty review + budget re-baseline |
|---|
M1-S4 — Decision Rights (DACI)
| Driver | PMO Director (program), Tribe Leads (track) |
|---|
| Approver | Chief Architect (technical), CAIO (AI strategy), CRO (risk) |
|---|
| Consulted | MRM, GC, DPO, AI Safety Lead, Treaty Liaison, CISO, CFO |
|---|
| Informed | Board AI/Risk Committee, supervisors (PRA/FCA/MAS/HKMA/Fed) per quarter |
|---|
M1-S5 — Escalation Path
- Tier-1 — sprint blocker → Tribe Lead (≤1 day)
- Tier-2 — cross-track conflict → Chief Architect + PMO Director (≤2 days)
- Tier-3 — phase-gate slip risk → Steering Committee (≤5 days)
- Tier-4 — material risk / Tier-1 safety event → Board AI/Risk Committee (≤24 hrs)
- Tier-5 — supervisory notification trigger → CRO + GC + DPO (≤4 hrs)
M2 — AI Safety Research WBS & Lab Operations
+ Sprint-level work breakdown for the AI Safety research track covering alignment, deception, interpretability, frontier evals; lab operations, dataset governance, publication pipeline and external fellowship program.
+ AlignmentDeceptionInterpretabilityFrontier evalsLab opsFellowships
+ M2-S1 — WBS — Alignment & Reward Modelling
| WBS-2.1.1 | Reward-model robustness benchmark (S1..S4, 1 senior + 2 mid) |
|---|
| WBS-2.1.2 | Constitutional-AI fine-tune harness (S3..S8, 2 senior + 2 mid + 1 infra) |
|---|
| WBS-2.1.3 | RLHF preference-drift detector (S5..S10, 1 senior + 2 mid + 1 stats) |
|---|
| WBS-2.1.4 | Process supervision pilot (S9..S14, 1 senior + 2 mid) |
|---|
| deliverable | Quarterly safety report + arxiv pre-print + Sentinel adapter |
|---|
M2-S2 — WBS — Deceptive Alignment & Mesa-Optimization
| WBS-2.2.1 | Behavioural-vs-internal divergence probes (S1..S8) |
|---|
| WBS-2.2.2 | Mesa-optimizer detection on RL agents (S5..S12) |
|---|
| WBS-2.2.3 | Activation-patching red-team library (S7..S14) |
|---|
| WBS-2.2.4 | Honest-AI training-data curation (S9..S16) |
|---|
| deliverable | Probe library, public dataset (filtered), AISI joint paper |
|---|
M2-S3 — WBS — Interpretability Suite
| WBS-2.3.1 | Sparse autoencoder feature library (S1..S10) |
|---|
| WBS-2.3.2 | Circuit-tracing dashboard (S5..S14) |
|---|
| WBS-2.3.3 | Activation-patching playground (S7..S16) |
|---|
| WBS-2.3.4 | Mechanistic eval harness on critical decisions (S11..S20) |
|---|
| tooling | transformer_lens, nnsight, garak, OpenAI-evals fork |
|---|
M2-S4 — Frontier Evals & Red Teaming
| cadence | Pre-release + monthly drift + quarterly external |
|---|
| scope | Bio/Chem/Nuke uplift, Cyber-offense, Self-replication, Power-seeking, Deception |
|---|
| partners | MITRE ATLAS, METR, AISI (UK/US), Apollo Research |
|---|
| evidence | Signed eval report + capability score + mitigation plan |
|---|
M2-S5 — Lab Ops, Datasets, Fellowships
| labOps | Air-gapped frontier-eval cluster, BYOK PQC KMS, kill-switch on training fabric |
|---|
| datasets | Provenance graph, consent ledger, opt-out propagation, taint tracker |
|---|
| fellowships | 12 PhD + 4 postdoc fellowships/year via Sentinel Lab; £4-6M envelope |
|---|
| publication | External pre-pub review by GC + MRM + AI Safety Lead; defensive disclosure |
|---|
M3 — Global Governance Policy WBS & Treaty Operations
+ Sprint-level WBS for treaty engagement, supervisory dialogue, Constitution & Codex publication, sanctions/compute-registry coordination, and multi-track diplomacy.
+ TreatyConstitutionCodexSanctionsCompute registryDiplomacy
+ M3-S1 — WBS — Treaty Track
| WBS-3.1.1 | G7 Hiroshima compliance roadmap (S1..S6) |
|---|
| WBS-3.1.2 | Bletchley + Seoul commitments tracker (S2..S8) |
|---|
| WBS-3.1.3 | CoE AI Convention legal-bridge memo (S5..S12) |
|---|
| WBS-3.1.4 | FSB AI-in-FS policy submissions (S7..S20) |
|---|
| WBS-3.1.5 | Bilateral overlays (UK-US, EU-MAS, UK-HK) (S10..S24) |
|---|
M3-S2 — WBS — Constitution & Codex
| WBS-3.2.1 | Constitution v1 ratification (S1..S4) |
|---|
| WBS-3.2.2 | Codex annexes A1..A12 (S2..S14) |
|---|
| WBS-3.2.3 | Public-comment portal + redlines (S6..S16) |
|---|
| WBS-3.2.4 | ML-DSA-65 signed publication chain (S8..S20) |
|---|
M3-S3 — WBS — Compute Registry & Sanctions (ICGC)
| WBS-3.3.1 | Compute quota registry schema (S3..S8) |
|---|
| WBS-3.3.2 | Sanctioned-actor list ingestion (S5..S10) |
|---|
| WBS-3.3.3 | Anti-circumvention audit playbook (S7..S14) |
|---|
| WBS-3.3.4 | Quarterly attestation pipeline (S9..S20) |
|---|
M3-S4 — Supervisor Dialogue Calendar
| EU-Commission | Quarterly tech briefing + Annex IV draft review |
|---|
| PRA/FCA | Quarterly MRM + SMCR review |
|---|
| MAS/HKMA | Quarterly FEAT + GL-90 review |
|---|
| Fed/OCC | Bi-annual SR 11-7 deep-dive |
|---|
| AISI-UK/US | Quarterly frontier-eval joint sessions |
|---|
M3-S5 — Treaty Liaison RACI
| R | Treaty Liaison + GC |
|---|
| A | CEO + Board AI/Risk Chair |
|---|
| C | CRO, CAIO, AI Safety Lead, Head of Public Policy |
|---|
| I | Board, Audit Committee, supervisors |
|---|
M4 — Enterprise AI Reference Architecture — Engineering WBS
+ Engineering WBS for the three reference architectures (OPA sidecar, FastAPI/Node proxy + Kafka WORM + PQC KMS, K8s admission + CI/CD + LLM-judge); team allocations, Terraform module split, environment promotion gates.
+ SidecarProxyK8s admissionTerraformEnvironmentsSLOs
+ M4-S1 — WBS — OPA Sidecar Mesh
| WBS-4.1.1 | Envoy + OPA sidecar Helm chart (S1..S4, 2 platform eng) |
|---|
| WBS-4.1.2 | Rego bundle service + signed bundles (S2..S6) |
|---|
| WBS-4.1.3 | Cilium L7 zero-egress baseline (S3..S8) |
|---|
| WBS-4.1.4 | Kata Confidential runtime PoC (S6..S12) |
|---|
| WBS-4.1.5 | Performance hardening (p99 ≤ 8 ms) (S8..S14) |
|---|
M4-S2 — WBS — Inference Proxy + Kafka WORM + PQC KMS
| WBS-4.2.1 | FastAPI proxy MVP + EAIP envelope (S1..S6) |
|---|
| WBS-4.2.2 | Node proxy parity (S3..S8) |
|---|
| WBS-4.2.3 | Kafka/MSK WORM topic + S3 Object Lock (S4..S10) |
|---|
| WBS-4.2.4 | Daily Merkle anchor publisher (S6..S12) |
|---|
| WBS-4.2.5 | PQC KMS integration (Cloud HSM + ML-DSA + ML-KEM) (S5..S14) |
|---|
| WBS-4.2.6 | Terraform AWS/EKS reference module (S2..S20) |
|---|
M4-S3 — WBS — K8s Admission + CI/CD + LLM-Judge
| WBS-4.3.1 | Gatekeeper + Kyverno baseline constraints (S2..S6) |
|---|
| WBS-4.3.2 | Sigstore cosign keyless verification webhook (S3..S8) |
|---|
| WBS-4.3.3 | GitHub Actions reusable workflow library (S4..S10) |
|---|
| WBS-4.3.4 | LLM-judge adjudicator + κ ≥ 0.9 calibration (S6..S14) |
|---|
| WBS-4.3.5 | Canary + auto-rollback pipeline (S8..S16) |
|---|
M4-S4 — Environment Strategy
| envs | dev → preprod → prod → sov-prod (sovereign tenants) → frontier-air-gapped |
|---|
| promotion | Each promotion requires signed evidence pack + supervisor-style review |
|---|
| rollback | Single-command (≤ 60 s logical, ≤ 5 min BMC) per kill-switch SLA |
|---|
| blueGreen | Active/active across two regions for Tier-1 workloads |
|---|
M4-S5 — SLOs
| inferenceP95 | ≤ 250 ms (Tier-2), ≤ 450 ms (Tier-1 with judge ensemble) |
|---|
| policyEvalP99 | ≤ 8 ms (OPA sidecar) |
|---|
| wormDurability | 11×9s + WORM 7-year retention |
|---|
| killSwitchLogicalP95 | ≤ 60 s |
|---|
| killSwitchBmcP95 | ≤ 5 min |
|---|
M5 — Governance Dashboards UI — Engineering WBS
+ UI engineering WBS for governance dashboards: design system, 27 board tiles, drill-down evidence viewer, supervisor self-serve portal, accessibility & i18n, performance budgets.
+ Design systemBoard tilesDrill-downSupervisor portalAccessibilityPerformance
+ M5-S1 — WBS — Design System
| WBS-5.1.1 | Design tokens + dark/light theme (S1..S3, 1 designer + 1 FE) |
|---|
| WBS-5.1.2 | Component library (table, kv, sparkline, badge) (S2..S6) |
|---|
| WBS-5.1.3 | Storybook + visual regression CI (S3..S8) |
|---|
| WBS-5.1.4 | Mermaid + d3 chart wrappers (S4..S10) |
|---|
M5-S2 — WBS — Board Tiles (27)
| WBS-5.2.1 | KPI tile renderer (S2..S6) |
|---|
| WBS-5.2.2 | Risk & control matrix tile (S3..S8) |
|---|
| WBS-5.2.3 | Kill-switch SLA tile (S4..S10) |
|---|
| WBS-5.2.4 | Evidence pack assembly tile (S5..S12) |
|---|
| WBS-5.2.5 | Drift + κ + cosine tile (S6..S12) |
|---|
| WBS-5.2.6 | 27-tile board mosaic (S8..S16) |
|---|
M5-S3 — WBS — Supervisor Self-Serve Portal
| WBS-5.3.1 | Read-only supervisor role + audit logging (S6..S12) |
|---|
| WBS-5.3.2 | Evidence-pack browser + signed-URL download (S8..S14) |
|---|
| WBS-5.3.3 | Public zk-SNARK verifier widget (S10..S18) |
|---|
| WBS-5.3.4 | Supervisor question intake + SLA tracker (S12..S20) |
|---|
M5-S4 — Accessibility & i18n
| wcag | WCAG 2.2 AA across every tile; lighthouse a11y ≥ 95 |
|---|
| languages | EN, FR, DE, JA, ZH (HK + TW), KO, AR |
|---|
| rtl | Right-to-left layouts validated for AR |
|---|
| screenReader | Axe + manual JAWS + VoiceOver runs per release |
|---|
M5-S5 — Performance Budgets
| ttfb | ≤ 200 ms |
|---|
| lcp | ≤ 1.8 s on cold load |
|---|
| tilePayload | ≤ 60 KB JSON per tile |
|---|
| bundleSize | ≤ 220 KB gzip initial |
|---|
M6 — Security & DevSecOps WBS (Sigstore, OPA, Zero-Egress K8s, WORM)
+ Sprint-level WBS for the DevSecOps + Security track: Sigstore + SLSA L3+ chain, OPA bundle authoring, zero-egress Kubernetes, WORM logging, PQC KMS rotation, IR runbooks.
+ SigstoreOPAZero-egressWORMPQCIR
+ M6-S1 — WBS — Sigstore + SLSA L3+
| WBS-6.1.1 | Cosign keyless OIDC for all CI jobs (S1..S4) |
|---|
| WBS-6.1.2 | Rekor + Fulcio internal mirrors (S2..S6) |
|---|
| WBS-6.1.3 | in-toto SLSA L3+ provenance (S3..S8) |
|---|
| WBS-6.1.4 | ML-DSA-65 hybrid co-signature (S4..S10) |
|---|
| WBS-6.1.5 | Verification webhook in admission (S6..S12) |
|---|
M6-S2 — WBS — OPA Bundle Authoring
| WBS-6.2.1 | Rego style guide + unit-test harness (S1..S4) |
|---|
| WBS-6.2.2 | Conftest CI checks (S2..S6) |
|---|
| WBS-6.2.3 | Bundle signing + ML-DSA (S3..S8) |
|---|
| WBS-6.2.4 | Bundle observability (decision logs to Kafka WORM) (S5..S12) |
|---|
M6-S3 — WBS — Zero-Egress Kubernetes
| WBS-6.3.1 | Cilium L7 default-deny baseline (S1..S6) |
|---|
| WBS-6.3.2 | Allow-list per service via OPA (S3..S8) |
|---|
| WBS-6.3.3 | DNS egress gateway with logging (S5..S10) |
|---|
| WBS-6.3.4 | Kata Confidential pilots on Tier-1 (S8..S16) |
|---|
M6-S4 — WBS — WORM Logging + Anchoring
| WBS-6.4.1 | Kafka/MSK WORM topic provisioning (S2..S6) |
|---|
| WBS-6.4.2 | S3 Object Lock Compliance mode (S3..S8) |
|---|
| WBS-6.4.3 | Daily Merkle anchor publisher (S5..S12) |
|---|
| WBS-6.4.4 | Public verifier endpoint (S8..S16) |
|---|
| retention | 7-year minimum; 25-year for Annex IV high-risk |
|---|
M6-S5 — WBS — PQC KMS + IR
| WBS-6.5.1 | FIPS 203 (ML-KEM-768) + 204 (ML-DSA-44/65) integration (S2..S10) |
|---|
| WBS-6.5.2 | FIPS 140-3 Level 4 HSM enrolment (S4..S12) |
|---|
| WBS-6.5.3 | Hybrid X25519 + ML-KEM-768 KEM (S6..S14) |
|---|
| WBS-6.5.4 | IR runbooks: kill-switch, WORM tamper, Sigstore compromise (S6..S16) |
|---|
| WBS-6.5.5 | Annual purple-team exercise (S20..S24) |
|---|
M7 — RAG Program Governance WBS
+ WBS for RAG governance: corpus onboarding, ACL, taint propagation, lineage, retrieval evaluation, content moderation, quarantine workflow.
+ CorpusACLTaintLineageEvalModeration
+ M7-S1 — WBS — Corpus Onboarding
| WBS-7.1.1 | Source attestation + DPIA template (S1..S4) |
|---|
| WBS-7.1.2 | Ingestion pipeline + parser registry (S2..S8) |
|---|
| WBS-7.1.3 | Chunk + embed + index baseline (S3..S10) |
|---|
| WBS-7.1.4 | Provenance graph emit (S4..S10) |
|---|
M7-S2 — WBS — ACL & Taint
| WBS-7.2.1 | Row-level ACL on retrieval (S3..S8) |
|---|
| WBS-7.2.2 | Taint propagation from source → chunk → answer (S5..S12) |
|---|
| WBS-7.2.3 | Quarantine workflow on poisoning detection (S6..S14) |
|---|
| WBS-7.2.4 | Right-to-erasure cascade (S7..S16) |
|---|
M7-S3 — WBS — Lineage & Eval
| WBS-7.3.1 | Citation coverage ≥ 95 % gate (S4..S10) |
|---|
| WBS-7.3.2 | Faithfulness eval suite (S5..S12) |
|---|
| WBS-7.3.3 | Hallucination detector + Sentinel hook (S6..S14) |
|---|
| WBS-7.3.4 | Retrieval-drift monitoring (S8..S16) |
|---|
M7-S4 — Content Moderation
| tooling | Detoxify, Garak, internal harmful-content classifier |
|---|
| policy | Rego policies for jurisdiction-specific gating |
|---|
| escalation | Auto-quarantine + GC notify on Tier-1 hits |
|---|
M7-S5 — Org & RACI
| R | RAG Tribe Lead |
|---|
| A | Chief Architect |
|---|
| C | AI Safety Lead, DPO, GC, MRM |
|---|
| I | PMO, CAIO, supervisors |
|---|
M8 — EAIP Protocol Design WBS
+ WBS for the Enterprise AI Inference Protocol: envelope schema, RFC publication, reference implementations, conformance suite, interop test events with peer institutions and AISI.
+ EnvelopeRFCReference implConformanceInterop
+ M8-S1 — WBS — Envelope Schema
| WBS-8.1.1 | JSON Schema v1 draft (S1..S4) |
|---|
| WBS-8.1.2 | Mandatory fields: id, model, prompt_hash, judge, policy_decisions, evidence_hash, signature (S2..S6) |
|---|
| WBS-8.1.3 | CRS-UUID lineage edges (S3..S8) |
|---|
| WBS-8.1.4 | PQC envelope signatures (ML-DSA-65) (S5..S10) |
|---|
M8-S2 — WBS — RFC Publication
| WBS-8.2.1 | Internal RFC draft (S2..S6) |
|---|
| WBS-8.2.2 | External RFC pre-print + open comment portal (S6..S14) |
|---|
| WBS-8.2.3 | Cross-institution working group (S10..S20) |
|---|
| WBS-8.2.4 | v1.0 Final + ML-DSA-65 signed (S16..S20) |
|---|
M8-S3 — WBS — Reference Implementations
| WBS-8.3.1 | Python SDK (S3..S10) |
|---|
| WBS-8.3.2 | TypeScript/Node SDK (S4..S10) |
|---|
| WBS-8.3.3 | Java SDK (S6..S14) |
|---|
| WBS-8.3.4 | Rust client-only SDK (S8..S16) |
|---|
M8-S4 — WBS — Conformance Suite
| WBS-8.4.1 | Conformance test specification (S6..S12) |
|---|
| WBS-8.4.2 | Public conformance runner (S10..S18) |
|---|
| WBS-8.4.3 | Conformance certification process (S14..S22) |
|---|
M8-S5 — Interop Test Events
| cadence | Quarterly interop bake-offs with peer G-SIFIs + AISI |
|---|
| scope | Envelope parity, judge ensemble exchange, evidence-pack mutual verification |
|---|
| outcome | Joint conformance report + cross-bank Sentinel adapter |
|---|
M9 — CCaaS Summarization with PETs WBS
+ WBS for CCaaS summarization track with privacy-enhancing technologies: opacus DP fine-tuning, PII tokenization, secure-enclave inference, audit trail, customer opt-out.
+ DPPII tokenizationSecure enclaveOpt-outAudit
+ M9-S1 — WBS — DP Fine-Tuning
| WBS-9.1.1 | Opacus integration on Hugging Face trainer (S2..S8) |
|---|
| WBS-9.1.2 | (ε, δ) accountant + per-customer budget (S4..S10) |
|---|
| WBS-9.1.3 | DP eval suite (utility vs. privacy curves) (S6..S14) |
|---|
| WBS-9.1.4 | Annex IV DP disclosure template (S8..S16) |
|---|
M9-S2 — WBS — PII Tokenization
| WBS-9.2.1 | PII detector (Presidio + custom rules) (S1..S6) |
|---|
| WBS-9.2.2 | Format-preserving tokenization vault (S3..S10) |
|---|
| WBS-9.2.3 | Reversible-vs-irreversible policy (S5..S12) |
|---|
| WBS-9.2.4 | GDPR Art 25 evidence emit (S6..S14) |
|---|
M9-S3 — WBS — Secure-Enclave Inference
| WBS-9.3.1 | AMD SEV-SNP / Intel TDX pilot (S6..S14) |
|---|
| WBS-9.3.2 | Attestation chain → Sigstore (S8..S16) |
|---|
| WBS-9.3.3 | BYOK customer-controlled keys (S10..S18) |
|---|
M9-S4 — WBS — Opt-Out & Audit
| WBS-9.4.1 | Customer opt-out portal (S4..S10) |
|---|
| WBS-9.4.2 | Right-to-erasure cascade through training + RAG (S6..S14) |
|---|
| WBS-9.4.3 | Quarterly DP audit report (S12..S20) |
|---|
M9-S5 — Pilot Customers
| wave1 | 3 G-SIFI banking customers (Q2 FY26) |
|---|
| wave2 | 5 healthcare + 3 insurance (Q3-Q4 FY26) |
|---|
| wave3 | GA across F500 (FY27) |
|---|
M10 — Prompt Architect Features WBS
+ WBS for Prompt Architect: templating, variable linking, version control, testing harness, sharing/marketplace, telemetry-driven deprecation.
+ TemplatingVariable linkingVersioningTestingSharingDeprecation
+ M10-S1 — WBS — Templating Engine
| WBS-10.1.1 | Jinja2 + safe sandbox (S1..S4) |
|---|
| WBS-10.1.2 | Schema-aware variable types (S2..S6) |
|---|
| WBS-10.1.3 | Output format constraints (JSON Schema, regex) (S3..S8) |
|---|
| WBS-10.1.4 | Multi-language template support (S5..S10) |
|---|
M10-S2 — WBS — Variable Linking
| WBS-10.2.1 | Cross-template variable graph (S3..S8) |
|---|
| WBS-10.2.2 | RAG retrieval auto-binding (S5..S12) |
|---|
| WBS-10.2.3 | Customer-context binders (S6..S12) |
|---|
| WBS-10.2.4 | Lineage emission to Kafka WORM (S8..S14) |
|---|
M10-S3 — WBS — Version Control
| WBS-10.3.1 | Semver + immutable hash IDs (S1..S4) |
|---|
| WBS-10.3.2 | Git-backed prompt repo + signed commits (S3..S8) |
|---|
| WBS-10.3.3 | Approval workflow + MRM sign-off (S5..S12) |
|---|
| WBS-10.3.4 | Rollback + canary support (S8..S14) |
|---|
M10-S4 — WBS — Testing Harness
| WBS-10.4.1 | Golden-set tests (S2..S8) |
|---|
| WBS-10.4.2 | LLM-judge κ ≥ 0.9 grader (S4..S10) |
|---|
| WBS-10.4.3 | Adversarial prompt-injection eval (S6..S14) |
|---|
| WBS-10.4.4 | Regression CI gate (S6..S14) |
|---|
M10-S5 — WBS — Sharing & Marketplace
| WBS-10.5.1 | Internal template marketplace (S6..S14) |
|---|
| WBS-10.5.2 | Cross-tenant sharing controls + OPA (S8..S16) |
|---|
| WBS-10.5.3 | Marketplace policy + GC review (S10..S18) |
|---|
| WBS-10.5.4 | Telemetry-driven deprecation flow (S12..S20) |
|---|
M11 — Model Registry Engineering WBS
+ WBS for model registry: model manifest schema, lineage, model-card automation, registry GA migration, third-party model wrapper, vendor attestation.
+ ManifestLineageModel cardMigration3P wrapper
+ M11-S1 — WBS — Manifest Schema
| WBS-11.1.1 | YAML manifest spec (S1..S4) |
|---|
| WBS-11.1.2 | Fields: id, version, training_data, eval, safety, license, signatures (S2..S6) |
|---|
| WBS-11.1.3 | Signed manifest + ML-DSA (S3..S8) |
|---|
M11-S2 — WBS — Lineage & Provenance
| WBS-11.2.1 | Dataset ↔ checkpoint ↔ deployment edges (S3..S10) |
|---|
| WBS-11.2.2 | Training-fabric attestation ingest (S5..S12) |
|---|
| WBS-11.2.3 | Graph store + query API (S6..S14) |
|---|
M11-S3 — WBS — Model Card Automation
| WBS-11.3.1 | Auto-generated model card from evals (S4..S10) |
|---|
| WBS-11.3.2 | Annex IV section bindings (S6..S14) |
|---|
| WBS-11.3.3 | Public-facing card portal (S10..S18) |
|---|
M11-S4 — WBS — Registry GA Migration
| WBS-11.4.1 | Legacy registry shadow mode (S6..S12) |
|---|
| WBS-11.4.2 | Full cutover + read-only legacy (S12..S16) |
|---|
| WBS-11.4.3 | Decommission legacy (S18..S22) |
|---|
M11-S5 — WBS — Third-Party Models & Vendor Attestation
| WBS-11.5.1 | API-only wrapper with policy enforcement (S6..S12) |
|---|
| WBS-11.5.2 | Vendor attestation intake (S8..S14) |
|---|
| WBS-11.5.3 | Periodic vendor re-attestation (quarterly) (S14..S22) |
|---|
| WBS-11.5.4 | Gatekeeper enforcement of registered-only deploys (S6..S14) |
|---|
M12 — Threat-Intel + Telemetry & Interpretability WBS
+ WBS for threat-intel dashboards, telemetry pipelines, and interpretability tooling: TIP ingestion, MITRE ATLAS mapping, drift & κ telemetry, mech-interp dashboards.
+ TIPMITRE ATLASTelemetryDriftInterpSLOs
+ M12-S1 — WBS — Threat-Intel Ingestion
| WBS-12.1.1 | STIX/TAXII feeds (commercial + ISAC) (S2..S8) |
|---|
| WBS-12.1.2 | MITRE ATLAS tagging pipeline (S3..S10) |
|---|
| WBS-12.1.3 | Dedup + correlation engine (S5..S12) |
|---|
| WBS-12.1.4 | Auto-triage + SLA tracker (S6..S14) |
|---|
M12-S2 — WBS — Threat-Intel Dashboard
| WBS-12.2.1 | Heatmap of attack techniques (S6..S12) |
|---|
| WBS-12.2.2 | Live IOC table + filters (S8..S14) |
|---|
| WBS-12.2.3 | Sentinel adapter for active mitigation (S10..S18) |
|---|
| WBS-12.2.4 | Quarterly threat report generator (S12..S20) |
|---|
M12-S3 — WBS — Telemetry Pipeline
| WBS-12.3.1 | OpenTelemetry SDK adoption across services (S1..S8) |
|---|
| WBS-12.3.2 | Kafka WORM telemetry topic (S3..S10) |
|---|
| WBS-12.3.3 | Drift detector (Δ ≤ 4 % gate) (S5..S12) |
|---|
| WBS-12.3.4 | Fiduciary cosine ≥ 0.92 monitor (S6..S14) |
|---|
| WBS-12.3.5 | Judge κ ≥ 0.9 tracker (S6..S14) |
|---|
M12-S4 — WBS — Interpretability Tooling
| WBS-12.4.1 | transformer_lens dashboard wrapper (S4..S12) |
|---|
| WBS-12.4.2 | Sparse autoencoder feature explorer (S6..S14) |
|---|
| WBS-12.4.3 | Activation-patching playground (S8..S16) |
|---|
| WBS-12.4.4 | Critical-decision mech-interp dashboard (S10..S20) |
|---|
M12-S5 — Observability SLOs
| metrics | Drift Δ ≤ 4 %, latent Δ ≤ 3 %, fiduciary cosine ≥ 0.92, κ ≥ 0.9 |
|---|
| alertNoiseBudget | ≤ 3 % false-positive on Tier-1 alerts |
|---|
| retention | WORM 7 yr; hot 90 d; warm 1 yr |
|---|
M13 — AGI/ASI Governance Simulations WBS
+ WBS for AGI/ASI governance sims: SRASE supervisor-audit simulator, CSE-X civilizational simulator, wargame catalogue, annual scenario refresh, AISI joint exercises.
+ SRASECSE-XWargamesScenario refreshAISI joint
+ M13-S1 — WBS — SRASE Build
| WBS-13.1.1 | Composite scoring engine (≥ 0.9 gate) (S4..S12) |
|---|
| WBS-13.1.2 | Synthetic-regulator persona library (S6..S14) |
|---|
| WBS-13.1.3 | Annex IV stress packs (S8..S16) |
|---|
| WBS-13.1.4 | WORM-backed run ledger (S6..S14) |
|---|
M13-S2 — WBS — CSE-X Build
| WBS-13.2.1 | World-state schema + actor models (S6..S14) |
|---|
| WBS-13.2.2 | Treaty + compute-registry scenarios (S8..S18) |
|---|
| WBS-13.2.3 | Civilizational-risk metric (composite) (S10..S20) |
|---|
| WBS-13.2.4 | Annual scenario refresh process (S20..S24) |
|---|
M13-S3 — WBS — Wargame Catalogue (WG-01..WG-06)
| WG-01 | Fiduciary bypass via judge collusion |
|---|
| WG-02 | Deceptive alignment in agentic chain |
|---|
| WG-03 | WORM evasion via log gaps |
|---|
| WG-04 | Prompt-injection exfil through RAG |
|---|
| WG-05 | Compute-registry evasion via shadow tenancy |
|---|
| WG-06 | Kill-switch spoof under split-brain |
|---|
M13-S4 — AISI Joint Exercises
| cadence | Quarterly UK + US AISI scenarios |
|---|
| scope | Frontier model evals, kill-switch drills, deceptive-alignment hunts |
|---|
| evidence | Joint signed eval report → Annex IV + supervisor pack |
|---|
M13-S5 — Annual Refresh & Publication
| refresh | Annual scenario catalogue refresh with external assurance |
|---|
| publication | Public lessons-learned + civilizational research paper |
|---|
| redactions | GC + AI Safety Lead joint redaction review |
|---|
M14 — Report-Generation Workflows + Cross-Cutting Critical Path
+ WBS for the report-generation track and a cross-cutting critical-path summary tying together CP-01..CP-17 with phase gates G0..G4, RACI, evidence assembly SLAs and supervisor-facing automation.
+ Annex IVSR 11-7ISO 42001SOC 2DPIACritical path
+ M14-S1 — WBS — Annex IV Auto-Assembler
| WBS-14.1.1 | Section-binding library (S4..S10) |
|---|
| WBS-14.1.2 | Auto-pull from registry + RAG + eval store (S6..S14) |
|---|
| WBS-14.1.3 | PAdES + ML-DSA-65 signed PDF emit (S8..S16) |
|---|
| WBS-14.1.4 | ≤ 30 min SLA + WORM archive (S10..S18) |
|---|
M14-S2 — WBS — SR 11-7 + OCC 2011-12 Pack
| WBS-14.2.1 | MRM template + auto-fill (S4..S12) |
|---|
| WBS-14.2.2 | Independent-validation evidence binders (S6..S14) |
|---|
| WBS-14.2.3 | Quarterly supervisor pack (S8..S20) |
|---|
M14-S3 — WBS — ISO 42001 + SOC 2 + DPIA
| WBS-14.3.1 | AIMS control-matrix → evidence mapping (S6..S14) |
|---|
| WBS-14.3.2 | SOC 2 Type II audit collateral (S8..S16) |
|---|
| WBS-14.3.3 | DPIA generator + DPO sign-off (S6..S14) |
|---|
M14-S4 — Cross-Cutting Critical Path Summary
| CP-01 | Kill-switch quorum + BMC — owner: CISO + Platform; gate: G0 |
|---|
| CP-02 | Sigstore + ML-DSA hybrid signing — owner: DevSecOps; gate: G0 |
|---|
| CP-03 | OPA bundle service + Rego CI — owner: DevSecOps; gate: G0 |
|---|
| CP-04 | Kafka WORM + S3 Object Lock + Merkle anchor — owner: Platform; gate: G0 |
|---|
| CP-05 | PQC KMS — owner: Security; gate: G0/G1 |
|---|
| CP-06 | Sentinel v2.4 Cognitive Resonance probes — owner: AI Research; gate: G1 |
|---|
| CP-07 | WorkflowAI Pro agent registry — owner: Platform + CAIO; gate: G1 |
|---|
| CP-08 | Inference proxies + EAIP draft — owner: Platform + Architecture; gate: G1 |
|---|
| CP-09 | Model registry GA — owner: Registry tribe; gate: G2 |
|---|
| CP-10 | Prompt Architect templating + versioning — owner: Prompt tribe; gate: G1/G2 |
|---|
| CP-11 | RAG ACL + taint + lineage — owner: RAG tribe; gate: G1/G2 |
|---|
| CP-12 | Governance dashboards alpha → GA — owner: UI tribe; gate: G1/G3 |
|---|
| CP-13 | Annex IV / SR 11-7 pack auto-assembly ≤ 30 min — owner: Reports; gate: G3 |
|---|
| CP-14 | AGI/ASI sim engine (CSE-X + SRASE) — owner: Civilizational; gate: G2/G3 |
|---|
| CP-15 | GACP/GACRLS/GACRA brokers — owner: Platform + Architecture; gate: G3 |
|---|
| CP-16 | zk-SNARK verifier + public portal — owner: Security + UI; gate: G3 |
|---|
| CP-17 | RPCO replay harness + Evidence Vault — owner: Platform + MRM; gate: G3 |
|---|
M14-S5 — Closing Checklist for FY2026
- All 17 CP items have signed gate evidence
- All 14 tracks have green RAG (red/amber/green) at G3
- Quarterly OKR rollups archived in WORM
- Hire plan + budget burn variance ≤ 5 %
- External Cert Gold audit (ISO 42001) passed
- Annual treaty + supervisor pack published
Code Examples (16)
+ C-01 — Phase-gate evidence assembler (Python) (python)
import json, hashlib, time
+from pathlib import Path
+
+def assemble_gate(gate_id, artifacts):
+ bundle = {'gate': gate_id, 'ts': time.time(), 'artifacts': []}
+ for a in artifacts:
+ h = hashlib.sha256(Path(a).read_bytes()).hexdigest()
+ bundle['artifacts'].append({'path': a, 'sha256': h})
+ out = Path(f'evidence/{gate_id}.json')
+ out.parent.mkdir(exist_ok=True)
+ out.write_text(json.dumps(bundle, indent=2))
+ return out
+C-02 — Sprint capacity planner (Python) (python)
import pandas as pd
+
+def capacity_plan(wbs_csv: str, sprints=26, hours_per_sprint=70):
+ df = pd.read_csv(wbs_csv)
+ df['hours'] = df['fte'] * hours_per_sprint * (df['endSprint'] - df['startSprint'] + 1)
+ rollup = df.groupby(['track','quarter'])['hours'].sum().unstack(fill_value=0)
+ return rollup
+
C-03 — OKR rollup SQL (sql)
SELECT q.quarter, t.track, o.objective,
+ SUM(CASE WHEN kr.attained THEN 1 ELSE 0 END) AS kr_done,
+ COUNT(kr.id) AS kr_total
+FROM okrs o
+JOIN key_results kr ON kr.okr_id = o.id
+JOIN quarters q ON q.id = o.quarter_id
+JOIN tracks t ON t.id = o.track_id
+GROUP BY q.quarter, t.track, o.objective
+ORDER BY q.quarter, t.track;
+
C-04 — RACI matrix loader (Python) (python)
import csv
+
+def load_raci(path):
+ with open(path) as f:
+ rows = list(csv.DictReader(f))
+ by_activity = {r['activity']: r for r in rows}
+ assert all(r['accountable'] for r in rows), 'every activity needs exactly one A'
+ return by_activity
+C-05 — Gatekeeper constraint requiring registry entry (Rego) (rego)
package admission.registry
+
+violation[{"msg": msg}] {
+ input.review.kind.kind == "Pod"
+ container := input.review.object.spec.containers[_]
+ not input.attestations[container.image].registered
+ msg := sprintf("image %v not in model registry", [container.image])
+}
+C-06 — Cosign keyless verify webhook (TS) (typescript)
import { execSync } from 'node:child_process';
+export function verify(image: string): boolean {
+ try {
+ execSync(`cosign verify --certificate-identity-regexp 'https://github.com/.+' ${image}`);
+ return true;
+ } catch { return false; }
+}
+C-07 — EAIP envelope JSON Schema (excerpt) (json)
{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$id": "https://example.com/eaip/envelope/v1.json",
+ "type": "object",
+ "required": ["id","model","prompt_hash","policy_decisions","evidence_hash","signature"],
+ "properties": {
+ "id": {"type":"string","format":"uuid"},
+ "model": {"type":"string"},
+ "prompt_hash": {"type":"string","pattern":"^sha256:[0-9a-f]{64}$"},
+ "policy_decisions": {"type":"array","items":{"$ref":"#/$defs/decision"}},
+ "evidence_hash": {"type":"string"},
+ "signature": {"type":"string"}
+ }
+}
+C-08 — Opacus DP fine-tune loop (Python) (python)
from opacus import PrivacyEngine
+from torch.utils.data import DataLoader
+
+engine = PrivacyEngine()
+model, optim, loader = engine.make_private(
+ module=model, optimizer=optim, data_loader=loader,
+ noise_multiplier=1.1, max_grad_norm=1.0,
+)
+for epoch in range(EPOCHS):
+ train_one_epoch(model, optim, loader)
+ eps = engine.get_epsilon(delta=1e-5)
+ log_evidence({'epoch': epoch, 'epsilon': eps})
+C-09 — Kafka WORM producer (Python) (python)
from confluent_kafka import Producer
+import hashlib, json
+
+p = Producer({'bootstrap.servers':'msk:9092','compression.type':'zstd','acks':'all'})
+
+def emit(topic, event):
+ body = json.dumps(event, sort_keys=True).encode()
+ h = hashlib.sha256(body).hexdigest()
+ event['_hash'] = h
+ p.produce(topic, value=json.dumps(event).encode(), key=h.encode())
+ p.flush()
+C-10 — GitHub Actions reusable workflow (YAML) (yaml)
name: build-sign-publish
+on: { workflow_call: { inputs: { image: { required: true, type: string } } } }
+permissions: { id-token: write, contents: read }
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: sigstore/cosign-installer@v3
+ - run: docker build -t ${{ inputs.image }} .
+ - run: cosign sign --yes ${{ inputs.image }}
+ - run: cosign attest --predicate slsa.json --type slsa ${{ inputs.image }}
+C-11 — Gantt (Mermaid) (mermaid)
gantt
+ title FY2026 phase gates
+ dateFormat YYYY-MM-DD
+ section P0
+ P0: 2026-01-05, 30d
+ section P1
+ P1: 2026-02-09, 60d
+ section P2
+ P2: 2026-04-13, 90d
+ section P3
+ P3: 2026-07-13, 180d
+ section P4
+ P4: 2027-01-11, 365d
+
C-12 — Annex IV section binder (Python) (python)
from jinja2 import Environment, FileSystemLoader
+
+env = Environment(loader=FileSystemLoader('templates'))
+
+def render_annex_iv(model_id, registry, evals, rag, sentinel):
+ tpl = env.get_template('annex-iv.j2')
+ ctx = {
+ 'model': registry.get(model_id),
+ 'evals': evals.for_model(model_id),
+ 'rag': rag.lineage_for_model(model_id),
+ 'sentinel': sentinel.evidence_for_model(model_id),
+ }
+ return tpl.render(**ctx)
+C-13 — SRASE composite scorer (Python) (python)
def srase_score(metrics):
+ weights = {'drift':.2,'kappa':.25,'cosine':.25,'evidence_lat':.15,'replay_diff':.15}
+ return sum(weights[k] * metrics[k] for k in weights)
+
+if srase_score(m) < 0.9:
+ raise SystemExit('GATE FAIL — SRASE < 0.9')
+C-14 — Quarterly burn report (SQL) (sql)
SELECT t.track, b.quarter,
+ SUM(b.committed_gbpm) AS commit,
+ SUM(b.spent_gbpm) AS spent,
+ SUM(b.committed_gbpm - b.spent_gbpm) AS variance
+FROM budget b
+JOIN tracks t ON t.id = b.track_id
+WHERE b.fy = 2026
+GROUP BY t.track, b.quarter
+ORDER BY t.track, b.quarter;
+
C-15 — Hire-plan ATS export (Python) (python)
import csv
+
+def export_ats(hires, path):
+ with open(path,'w',newline='') as f:
+ w = csv.DictWriter(f, fieldnames=['id','role','level','track','fte','startSprint','skills'])
+ w.writeheader()
+ for h in hires: w.writerow(h)
+
C-16 — Kill-switch quorum signer (Python) (python)
def quorum_approve(signers, threshold=3, of=5):
+ valid = [s for s in signers if verify(s)]
+ if len(valid) < threshold:
+ raise SystemExit(f'quorum fail: {len(valid)}/{of}')
+ return {'approved': True, 'count': len(valid), 'of': of}
+