{"doctrine":"v11","kernel_commit":"c7c0ba17","matrix":[{"control":"A.2.2","framework":"ISO 42001","title":"AI policy","mechanism":"Doctrine v11 is the published AI policy; versioned + change-controlled","coverage":"COVERED"},{"control":"A.3.2","framework":"ISO 42001","title":"AI roles & responsibilities","mechanism":"Operator role + clearance captured in every DSSE receipt (AC-2/AC-3)","coverage":"COVERED"},{"control":"A.3.3","framework":"ISO 42001","title":"AI risk reporting","mechanism":"Λ score reported per-inference; no formal periodic risk REPORT output yet","coverage":"PARTIAL"},{"control":"A.4.6","framework":"ISO 42001","title":"Human oversight & monitoring","mechanism":"human_override_required Rego gate fires before irreversible actions / low Λ","coverage":"COVERED"},{"control":"A.5.4","framework":"ISO 42001","title":"AI system risk management","mechanism":"13-axis Λ score computed per inference; sealed into the DSSE receipt","coverage":"COVERED"},{"control":"A.6.4","framework":"ISO 42001","title":"Data provenance","mechanism":"Input hash + model version + lineage recorded in the receipt","coverage":"COVERED"},{"control":"A.6.6","framework":"ISO 42001","title":"AI system verification","mechanism":"Output hash + Lean-verified formula path; locked-proven = 8 @ c7c0ba17","coverage":"PARTIAL"},{"control":"A.9.3","framework":"ISO 42001","title":"Human oversight (use)","mechanism":"Human-override gate; irreversible actions require human confirmation","coverage":"COVERED"},{"control":"A.9.4","framework":"ISO 42001","title":"Incident management","mechanism":"Incident receipt + tamper-evident re-verification at /cosign.pub","coverage":"PARTIAL"},{"control":"A.10.4","framework":"ISO 42001","title":"Supplier monitoring","mechanism":"Third-party model attestation; vendor DSSE receipt verification","coverage":"PARTIAL"},{"control":"GOVERN 1.1","framework":"NIST AI RMF","title":"AI policies & processes","mechanism":"Doctrine v11 + policy-gate configuration inventory","coverage":"COVERED"},{"control":"MAP 2.3","framework":"NIST AI RMF","title":"AI capability characterization","mechanism":"Λ scoring methodology + model registry classification","coverage":"COVERED"},{"control":"MEASURE 2.8","framework":"NIST AI RMF","title":"Transparency / explainability","mechanism":"Lean-proven formula output exposed in the receipt","coverage":"COVERED"},{"control":"MEASURE 3.1","framework":"NIST AI RMF","title":"Risk tracking over time","mechanism":"Continuous Λ score with a timestamp chain of receipts","coverage":"PARTIAL"},{"control":"GOVERN 3.2","framework":"NIST AI RMF","title":"Workforce DEI","mechanism":"Out of scope for an orchestration layer (organizational control)","coverage":"NA"},{"control":"MANAGE 4.1","framework":"NIST AI RMF","title":"Post-incident after-action","mechanism":"Incident receipt replay + independent re-verification","coverage":"PARTIAL"},{"control":"MEASURE 4.2","framework":"NIST AI RMF","title":"Measurement-effectiveness feedback","mechanism":"Λ-score calibration feedback loop","coverage":"ROADMAP"},{"control":"AU-2","framework":"NIST 800-53r5","title":"Event logging","mechanism":"DSSE-signed audit event per inference (verdict + rule ID)","coverage":"COVERED"},{"control":"AU-3","framework":"NIST 800-53r5","title":"Content of audit records","mechanism":"Timestamp + input/output hash in every receipt","coverage":"COVERED"},{"control":"AU-9","framework":"NIST 800-53r5","title":"Protection of audit information","mechanism":"Records sealed in DSSE envelopes signed by ECDSA-P256; tamper-detectable","coverage":"COVERED"},{"control":"CM-8","framework":"NIST 800-53r5","title":"System component inventory","mechanism":"Model ID + version + digest recorded per inference","coverage":"COVERED"},{"control":"RA-3","framework":"NIST 800-53r5","title":"Risk assessment","mechanism":"13-axis Λ trust score is the per-inference risk assessment","coverage":"COVERED"},{"control":"SI-10","framework":"NIST 800-53r5","title":"Information input validation","mechanism":"Input hash + classification-boundary gate","coverage":"PARTIAL"},{"control":"Article 12","framework":"EU AI Act","title":"Record-keeping / logging","mechanism":"Immutable DSSE receipt per inference satisfies automatic logging","coverage":"COVERED"},{"control":"Article 14","framework":"EU AI Act","title":"Human oversight","mechanism":"Human-in-the-loop override gate; human-on-loop for SIMULATED effectors","coverage":"COVERED"},{"control":"Article 9","framework":"EU AI Act","title":"Risk management system (High-Risk)","mechanism":"Λ-gated policy enforcement; no formal QMS document yet","coverage":"ROADMAP"},{"control":"SA-8","framework":"NIST 800-53r5","title":"Security engineering principles (economy of mechanism)","mechanism":"Restraint 6-rung frugality ladder runs before every diff; the agent emits the minimal viable code (fewest files, smallest surface); each decision is a signed DSSE receipt + Λ score (/api/a11oy/v1/restraint/evaluate)","coverage":"COVERED"},{"control":"CM-7","framework":"NIST 800-53r5","title":"Least functionality","mechanism":"YAGNI rung skips speculative abstractions; the ladder prefers stdlib/native over bespoke code, minimising functionality + attack surface. Auto-Review rule AR-006 (prefer-minimal-diff) narrows a bloated diff that skipped the ladder","coverage":"COVERED"},{"control":"SA-15","framework":"NIST 800-53r5","title":"Development process, standards & tools","mechanism":"Restraint is wired into the dev path as a pre-write reflex with a promptfoo-style two-arm benchmark (baseline vs restraint), honestly labelled MEASURED-or-SAMPLE/ROADMAP; restraint: ceiling comments name each deliberate simplification's upgrade path","coverage":"PARTIAL"},{"control":"SR-3","framework":"NIST 800-53r5","title":"Supply chain controls & processes","mechanism":"Dependency-frugality: the 'already-installed dependency' rung prefers deps already in the image and discourages adding new third-party packages, shrinking supply-chain exposure. No formal SBOM gate on the restraint path yet","coverage":"PARTIAL"},{"control":"MANAGE 2.3","framework":"NIST AI RMF","title":"Manage residual / supply-chain risk (code & dependency frugality)","mechanism":"Restraint reduces residual maintenance + supply-chain risk by minimising generated code and new dependencies; the Auto-Review classifier consumes the restraint verdict as a governance signal (AR-006) and seals the rung into the signed verdict","coverage":"COVERED"},{"control":"A.6.2","framework":"ISO 42001","title":"AI system lifecycle — responsible design & development","mechanism":"Frugality ladder is applied in the design/development phase of the AI code agent; deliberate simplifications are documented via restraint: ceiling comments and signed receipts, supporting responsible, auditable development","coverage":"PARTIAL"}],"summary":{"COVERED":19,"PARTIAL":10,"NA":1,"ROADMAP":2},"frameworks":["EU AI Act","ISO 42001","NIST 800-53r5","NIST AI RMF"],"eu_ai_act_self_classification":"High-Risk (defense-tech agentic orchestrator)","honest":"Coverage assessments reflect a11oy's INTERNAL analysis of its mechanisms against published framework control text. a11oy ALIGNS WITH / MAPS TO these frameworks; it does NOT claim certification. No third-party certification has been obtained for any framework as of Doctrine v11. Gaps are shown honestly. Λ = Conjecture 1; locked-proven = 8 @ c7c0ba17; trust never 100%.","framing":"aligns with / maps to — NOT certified / compliant","status":"ALIGNMENT (no third-party certification)","sources":{"ISO/IEC 42001:2023 (AI management system)":"https://www.iso.org/standard/81230.html","ISO 42001 Annex A control list (reference)":"https://mindsetcyber.com.au/iso-42001-controls-list/","NIST AI RMF 1.0 Core":"https://airc.nist.gov/airmf-resources/airmf/5-sec-core/","NIST AI RMF Playbook (subcategory detail)":"https://airc.nist.gov/docs/AI_RMF_Playbook.pdf","NIST SP 800-53 Rev 5 catalog (OSCAL JSON)":"https://raw.githubusercontent.com/usnistgov/oscal-content/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json","OSCAL (usnistgov/OSCAL)":"https://github.com/usnistgov/OSCAL","OSCAL content (usnistgov/oscal-content)":"https://github.com/usnistgov/oscal-content","Open Policy Agent / Rego":"https://www.openpolicyagent.org/docs/latest/policy-language/","Credo AI risk taxonomy / MIT AI Risk Repository":"https://airisk.mit.edu/","EU AI Act high-level summary":"https://artificialintelligenceact.eu/high-level-summary/"},"restraint_contribution":{"capability":"a11oy Restraint — governed code-minimization / dependency-frugality","endpoints":"/api/a11oy/v1/restraint/{evaluate,bench,info}","rows":6,"controls":["A.6.2","CM-7","MANAGE 2.3","SA-15","SA-8","SR-3"],"frameworks":["ISO 42001","NIST 800-53r5","NIST AI RMF"],"auto_review_rule":"AR-006-prefer-minimal-diff (OSCAL SA-8/SA-15/CM-7; NIST AI RMF MANAGE 2.3)","honest":"a11oy Restraint contributes a code-minimization / dependency-frugality control: every code diff descends a governed 6-rung frugality ladder (YAGNI, stdlib, native, installed dependency, one line, then minimal viable code) BEFORE it is written, and each decision is a signed DSSE receipt + advisory Λ score. Less code and fewer dependencies => smaller attack/maintenance surface. ALIGNS WITH / MAPS TO the controls below — NOT a certification. Numbers are MODELED/MEASURED, never overclaimed.","framing":"aligns with / maps to — NOT certified / compliant","label":"ALIGNMENT"}}