Metadata-Version: 2.4
Name: aiep-genome-sdk
Version: 1.2.0
Summary: AIEP GENOME SDK — zero-friction Python toolkit for building and adopting AIEP-compliant software
Author: AIEP Contributors
License-Expression: Apache-2.0
Project-URL: Repository, https://github.com/NeilGrassby/AIEP-GENOME-SDK
Project-URL: Changelog, https://github.com/NeilGrassby/AIEP-GENOME-SDK/blob/main/CHANGELOG.md
Project-URL: Patent, https://www.ipo.gov.uk/p-ipsum/Case/ApplicationNumber/GB2519711.2
Project-URL: AIEP Hub, https://aiep.protocol
Keywords: aiep,evidence,deterministic,governance,protocol
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Operating System :: OS Independent
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Provides-Extra: dev
Requires-Dist: pytest>=7; extra == "dev"
Requires-Dist: jsonschema>=4; extra == "dev"
Dynamic: license-file

# AIEP GENOME SDK v1.1 — Kernel Architecture

**Architected Instruction and Evidence Protocol**  
**Classification:** Protocol Reference Implementation + Production SaaS Foundation  
**Kernel:** FROZEN at v1.0.0

---

## Architecture

```
AIEP-GENOME-SDK/
│
├── kernel/                 ← FROZEN. Cryptographic OS kernel.
│   ├── canon/              ← Canonical serialisation (R1–R8)
│   ├── hashing/            ← Algorithm registry + collision policy
│   ├── validation/         ← Invariants I1–I6, GateResult
│   ├── negative_proof/     ← Temporal gap commitment (P16)
│   ├── arbitration/        ← Constitutional arbitration (Layer 1)
│   └── LOCKFILE.json       ← Kernel checksum. Mutation = version fracture.
│
├── governance/             ← Protocol logic above kernel
│   ├── policy_engine/
│   ├── dissent_registry/
│   ├── replay_engine/      ← Third-party verification (AIEP-REPLAY-001)
│   └── audit_export/
│
├── mirror/                 ← First-class. Not bolt-on.
│   ├── visibility_controller/
│   ├── registry_interface/
│   ├── public_adapter/
│   ├── private_adapter/
│   └── mirror_policy.json  ← All artefacts mirrorable. Visibility governed.
│
├── enterprise/             ← Configuration only. Never logic.
│   ├── auth/
│   ├── tenancy/
│   ├── access_control/
│   └── config/             ← What operators may configure (and what they may not)
│
├── examples/
│   ├── deterministic_trace_v1/  ← Executable conformance proof
│   └── governance_trace_v1/
│
└── security/
    ├── threat_model.md     ← AV-001 through AV-008
    ├── hash_assumptions.md ← SHA-256 assumptions + migration path
    └── attack_surface.md   ← Layer boundary rules
```

---

## The Kernel is Frozen

`kernel/` contains zero UI logic. Zero SaaS configuration. Zero external dependencies beyond Python stdlib.

Any change to any file in `kernel/` requires:
1. New `LOCKFILE_VERSION`
2. New `KERNEL_VERSION` in affected module
3. Registry update
4. All downstream repos re-pin

This is not a feature release. It is a constitutional amendment.

**Check current kernel freeze:** `cat kernel/LOCKFILE.json`

---

## Deterministic Replay

Run the conformance proof:

```bash
python examples/deterministic_trace_v1/trace.py
```

Expected output hashes (any conformant implementation must match):

| Step | Expected Hash |
|------|---------------|
| Canonical JSON (step 1) | `7da3d0cf50986a44d34dfd66e46d54b26d6685d508dfdada80f79153c855d7e8` |
| EvidenceCommitment (step 2) | `3bc275ffb68f68e72c9e71c20e1fdf5f924c9b16298426f0bfe29a225a5ad4af` |
| ReplayPack hash (step 5) | `827955f221a3115fe0d58e43f3bacfe9e0490c45d0aed7dbd4d6884a4e8d4075` |
| NegativeProof hash (step 6) | `5309c9344c1bc9af01f46a79dd07ec27975a6dec58509b55b2fdf870093bff56` |

If your run produces different hashes: your implementation has a canonicalisation defect.

---

## Layer Boundary Rules

| Layer | May call | May NOT call | May NOT do |
|-------|----------|--------------|------------|
| `kernel/` | itself | anything outside `kernel/` | network, filesystem, UI, config |
| `governance/` | `kernel/` | `enterprise/`, `mirror/` directly | modify kernel logic |
| `mirror/` | `kernel/`, `governance/` | `enterprise/` | override content_hash |
| `enterprise/` | all layers | — | modify kernel arbitration, inject alternative validation, override deterministic state |

**Violation of layer boundaries is a constitutional violation, not a configuration error.**

---

## What Enterprise Config May Control

✅ Mirror visibility (PUBLIC / PRIVATE / SELECTIVE)  
✅ Storage backend and location  
✅ Authentication provider  
✅ Multi-tenancy mode  

❌ Kernel hash algorithm  
❌ Unicode normalisation mode  
❌ Invariant definitions  
❌ MAX_ACTIVE_FRONTIER  
❌ Constitutional constraints  

---

## Mirror Policy

All artefacts are mirrorable. Visibility is governed, not optional at code level.

Default visibility:
- Hub deployments: `PUBLIC`
- GENOME SaaS deployments: `PRIVATE`
- Per-record override: available under `SELECTIVE` mode

Mirror `content_hash = sha256(canonical_json(data))` is a kernel-level binding. It cannot be overridden.

See `mirror/mirror_policy.json`.

---

## Security

See `security/` for:
- `threat_model.md` — 8 attack vectors, controls, residual risk
- `hash_assumptions.md` — SHA-256 assumptions, migration path
- `attack_surface.md` — Layer boundary rules, per-component surface

---

## Licence

Apache License 2.0. See `LICENSE`.
