# ============================================================
# SOaC-Enterprise: AI Governance Baseline
# Component: brain/ai/governance
# ============================================================
# Publisher: SOaC Core Team
# Version: 1.0.1
# Date: March 2026
# License: Apache 2.0
# Repository: github.com/ge0mant1s/SOaC-Enterprise
# ============================================================

apiVersion: brain.soac.io/v1
kind: AIGovernanceBaseline

metadata:
  name: claude-security-governance-baseline
  version: "1.0.1"
  author: soac-core-team
  created: "2026-03-01T00:00:00Z"
  tags:
    - ai-governance
    - brain
    - compliance
    - eu-ai-act
  description: >
    Defines the governance rules, safety controls, and audit requirements
    for The Brain (security decision support) within the SOaC Distributed
    Intelligence Architecture. AI-assisted decisions must conform
    to this baseline before execution is permitted.

# ============================================================
# 1. MODEL CONFIGURATION
# ============================================================

model:
  provider: anthropic
  model_id: claude-3-5-sonnet-20241022
  fallback_model_id: claude-3-haiku-20240307
  temperature: 0.1
  max_tokens: 4096
  timeout: 30s
  retry:
    max_attempts: 3
    backoff: exponential

# ============================================================
# 2. PROMPT REGISTRY
# ============================================================

# All prompts are version-controlled. The Brain may ONLY use
# prompts registered here. Ad-hoc prompts are forbidden.

prompt_registry:
  storage: git
  path: brain/prompts/
  versioning: semver
  audit_on_change: true
  prompts:
    - id: intent-inference
      version: "1.2.0"
      file: brain/prompts/intent_inference_v1.2.0.txt
      mitre_context: true
      description: Infers adversarial intent from normalized detection telemetry

    - id: anomaly-quantification
      version: "1.1.0"
      file: brain/prompts/anomaly_quantification_v1.1.0.txt
      description: Quantifies deviation from behavioral baseline (0-100 score)

    - id: risk-synthesis
      version: "1.3.0"
      file: brain/prompts/risk_synthesis_v1.3.0.txt
      description: Synthesizes intent + anomaly into a structured risk verdict

    - id: playbook-selector
      version: "1.0.0"
      file: brain/prompts/playbook_selector_v1.0.0.txt
      description: Maps risk verdict to the correct CLAW playbook ID

# ============================================================
# 3. INPUT SAFETY CONTROLS
# ============================================================

input_safety:
  prompt_injection:
    enabled: true
    strategy: semantic_and_rules
    canary_tokens: true
    max_input_length: 8192
    block_on_detection: true

  pii_detection:
    enabled: true
    scan_fields:
      - actor_email
      - host_id
      - source_ips
    action_on_detection: redact

  input_schema_validation:
    enabled: true
    schema: brain/schemas/detection_input_schema.json
    block_on_invalid: true

# ============================================================
# 4. OUTPUT SAFETY CONTROLS
# ============================================================

output_safety:
  structured_output_only: true
  output_schema: brain/schemas/verdict_output_schema.json
  pii_scan_output: true

  confidence_threshold:
    minimum: 0.70
    auto_execute_threshold: 0.95

  hallucination_guard:
    enabled: true
    strategy: schema_enforcement

  max_blast_radius_override: org

# ============================================================
# 5. DECISION PIPELINE (Structured Reasoning)
# ============================================================

# NOTE: We require a *sanitized rationale* suitable for audit and incident review.
# Do NOT store internal chain-of-thought. The rationale must avoid secrets/PII.

decision_pipeline:
  steps:
    - id: step-1-intent
      prompt_id: intent-inference
      output_field: intent_classification

    - id: step-2-anomaly
      prompt_id: anomaly-quantification
      output_field: anomaly_score

    - id: step-3-risk
      prompt_id: risk-synthesis
      inputs:
        - intent_classification
        - anomaly_score
      output_field: risk_verdict

    - id: step-4-playbook
      prompt_id: playbook-selector
      inputs:
        - risk_verdict
      output_field: playbook_id

  rationale_required: true
  rationale_field: rationale
  rationale_rules:
    - no_pii
    - no_secrets
    - concise
    - human_readable

# ============================================================
# 6. VERDICT SCHEMA (Contract)
# ============================================================

verdict_schema:
  fields:
    decision:
      type: enum
      values: [BLOCK, MONITOR, ESCALATE, DENY]
      required: true

    confidence_score:
      type: float
      range: [0.0, 1.0]
      required: true

    playbook_id:
      type: string
      required: true

    rationale:
      type: string
      description: Sanitized explanation of the decision (no PII/secrets)
      required: true

    mitre_techniques:
      type: array
      items: string
      description: MITRE ATT&CK technique IDs identified
      required: false

    audit_hash:
      type: string
      description: SHA-256 hash of the full decision context
      required: true

# ============================================================
# 7. AUDIT & COMPLIANCE
# ============================================================

audit:
  level: verbose
  storage: immutable
  retention_days: 365
  fields_logged:
    - timestamp
    - detection_id
    - prompt_ids_used
    - prompt_versions
    - rationale
    - verdict
    - confidence_score
    - audit_hash

compliance_frameworks:
  - eu_ai_act
  - nist_ai_rmf
  - iso_27001

human_oversight:
  required_above_blast_radius: team
  approval_timeout: 5m
  timeout_action: abort

# ============================================================
# 8. BEHAVIORAL BASELINE
# ============================================================

behavioral_baseline:
  enabled: true
  storage: brain/baselines/
  update_frequency: 24h
  metrics:
    - user_login_patterns
    - api_call_frequency
    - geo_location_variance
    - privilege_escalation_frequency
  anomaly_scoring:
    algorithm: isolation_forest
    sensitivity: 0.85

# ============================================================
# 9. FAILURE HANDLING
# ============================================================

failure_handling:
  on_model_timeout: escalate
  on_schema_validation_failure: deny
  on_prompt_injection_detected: deny
  on_low_confidence: escalate
  on_model_unavailable: escalate
  fallback_to_human: true

# ============================================================
# 10. VERSIONING & CHANGELOG
# ============================================================

versioning:
  policy: semver
  changelog:
    - version: "1.0.1"
      date: "2026-03-13"
      changes:
        - Align component metadata with product architecture (brain/ai/governance)
        - Replace chain-of-thought requirement with sanitized rationale contract
        - Make prompt-injection strategy implementation-neutral

    - version: "1.0.0"
      date: "2026-03-01"
      changes:
        - Initial release of AI Governance Baseline