@atlasnomos/atlas 1.1.14 → 10.0.1

package/README.md

@@ -1,96 +1,152 @@
-# 🛰️ ATLAS — The Governance Kernel for AI Agents
+# 🦅 ATLAS — The Governance Kernel for AI Agents
 
-[![npm version](https://badge.fury.io/js/%40atlasnomos%2Fatlas.svg)](https://www.npmjs.com/package/@atlasnomos/atlas)
-[![License: AGPL v3](https://img.shields.io/badge/License-AGPL_v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)
-[![Downloads](https://img.shields.io/npm/dm/@atlasnomos/atlas.svg)](https://www.npmjs.com/package/@atlasnomos/atlas)
+[![Release: v10.0.0](https://img.shields.io/badge/Release-v10.0.0-green.svg)](https://atlasnomos.com)
+[![License: AGPL v3](https://img.shields.io/badge/License-AGPL_v3-blue.svg)](LICENSE)
+[![Status: PROD READY](https://img.shields.io/badge/Status-PROD%20READY-brightgreen.svg)](CAP/README.md)
 
-> **v1.1.13 — CORE GOVERNANCE ENGINE** • [AGPL-3.0 License](LICENSE)
+> **v10.0.0 — KERNEL PROD** • [AGPL-3.0 License](LICENSE)
 
-ATLAS is an execution constraint framework for autonomous AI agents. It provides technical controls for decision logging, policy enforcement, and fail-closed execution boundaries via a zero-dependency monolithic architecture.
+ATLAS is a **Ring-0 Governance Kernel** for autonomous AI operations. It sits between an Agent and the World, strictly enforcing institutional policies, audit logging, and fail-close security boundaries.
+
+**ATLAS is not a wrapper.** It is an immutable compliance hypervisor that panics and halts execution upon violation.
 
 ---
 
-## 🏗️ What is ATLAS?
+## 🏛️ Governance Status: PROD READY
+
+As of Q1 2026, ATLAS v10 is fully hardened and certified for production.
 
-ATLAS is a governance kernel designed to sit between an AI agent and its environment. It enforces a strictly governed engineering lifecycle, ensuring that every code generation or system modification is planned, reviewed, and audited before execution.
+| Component | Status | Guarantee |
+|-----------|--------|-----------|
+| **Kernel** | 🟢 **Hardened** | Fail-Close, Ring-Isolated |
+| **Execution** | 🟢 **Deterministic** | Bit-for-bit Replay, Unforgeable Logs |
+| **Trust Root** | 🟢 **Sealed** | Config Hashed at Boot, Signed by Sentinel |
+| **Sandbox** | 🟢 **Isolated** | No Network, Mocked Time/Entropy |
 
-Unlike standard AI frameworks, ATLAS is built on a **Ring-Isolation Model**. It uses a "Fail-Closed" philosophy: if a policy invariant is violated, the kernel panics and halts immediately, preventing unverified or unauthorized autonomous actions.
+👉 **[View Official Governance Reports (CAP)](CAP/README.md)**
 
 ---
 
-## ✨ Key Features
+## 🏗️ Architecture: The Ring Model
+
+ATLAS employs a strictly layered "Ring" architecture to isolate decision-making from execution.
+
+1.  **Ring-0 (The Kernel)**:
+    *   **The Constitution**: Immutable invariants (Fail-Close).
+    *   **The Sentinel**: Cryptographic authority (Ed25519 Signatures).
+    *   **The Log**: Hash-chained, framed, atomic audit trails.
+    *   *Nothing in Ring-0 can be bypassed.*
 
-- **Ring-Based Governance**: Three-layer isolation (Constitution, Bridge, Hive).
-- **Monolithic Stability**: Zero-dependency core ensures reliability in restricted hosts.
-- **Hardware-Bound Credential Management**: API keys are managed at the kernel level and bound to the host environment.
-- **Fail-Closed Execution**: Immediate process termination on policy breach.
-- **Integrity Anchors**: SHA-256 manifest verification of all payload components.
+2.  **Ring-1 (The Bridge)**:
+    *   Safe I/O handling.
+    *   Policy translation.
+
+3.  **Ring-2 (The Agent)**:
+    *   LLM Cognition (Untrusted).
+    *   The Agent *proposes* actions; the Kernel *approves* or *denies* them.
 
 ---
 
-## 📦 Installation
+## 🛡️ Key Features
 
-### **via Distribution Binaries**
-Refer to the official distribution point for your operating system:
-- **Windows**: `atlas-installer-win-v10.exe`
-- Deploys the Governance Enclave to `%LOCALAPPDATA%\ATLAS`.
-- Automatically configures your environment and hardware-aware encryption.
+### 🔒 Deny-by-Default
+If the Kernel cannot prove an action is safe and authorized, it **STOPS**. There are no warnings in PROD. There are no "soft fails".
 
-### **via npm (Advanced)**
-```bash
-npm install -g @atlasnomos/atlas
-```
-*Note: Run `npm uninstall -g atlas` first if upgrading from a legacy version.*
+### 🔎 Deterministic Replay
+Every execution is mathematically deterministic.
+*   **Seeding**: Entropy is derived from `SHA256(Input + Code)`.
+*   **Time**: Mocked and frozen relative to the seed.
+*   **Audit**: An auditor can replay the log and get the exact same result.
+
+### ✍️ Sentinel Authority
+Every high-risk action requires a **Sentinel Signature**.
+*   The Sentinel is an external authority (Policy Server / HSM).
+*   ATLAS verifies the signature against a local Trusted Key Registry.
+*   The Kernel refuses to boot if the Registry is missing or tampered.
+
+### ⚡ AURORA+ (Automation Support)
+AURORA+ enables **governed automation** via Sentinel-signed delegation.
+*   **Not a scheduler**: Automation is delegated authority, not cron jobs.
+*   **PROD-only**: Completely blocked in DEV mode.
+*   **Kernel-enforced**: Frequency, cost, and scope limits enforced at Ring-0.
+*   **Replay-verifiable**: All executions are hash-chained and deterministic.
+
+| Property | Guarantee |
+|----------|-----------|
+| Authority Source | Sentinel-signed grants |
+| Frequency Limit | Kernel-enforced (INV-AUTO-FREQ-001) |
+| Scope Limit | Panic on violation |
+| Revocation | Snapshot at boot |
+
+👉 **[AURORA+ User Guide](docs/AURORA_USER_GUIDE.md)** • **[Technical Reports](REPORTS/AURORA_PLUS/)**
 
 ---
 
-## 🚀 Quick Start
+## � Modes: DEV vs PROD
 
-### 1. Set API Key
-Ensure your provider key is available (e.g., OpenRouter):
-```powershell
-$env:OPENROUTER_API_KEY="your-key-here"
-```
+ATLAS operates in two distinct modes. A `DEV` success does **not** guarantee `PROD` success.
 
-### 2. Verify Installation
-Check the health of your rings and providers:
-```powershell
-atlas doctor
-```
+| Feature | 🟡 DEV MODE | 🟢 PROD MODE |
+| :--- | :--- | :--- |
+| **Enforcement** | Advisory (Warn Log) | **Fail-Close** (Panic/Halt) |
+| **Sentinel** | Optional / Bypassed | **MANDATORY** (Hard Dependency) |
+| **Hardware** | Simulated | **MANDATORY** (TPM/HSM) |
+| **Config Integrity** | Warn on Change | **PANIC** on Change |
+| **Symlinks** | Allowed | **PANIC** (Security Violation) |
+| **Log Durability** | Standard | **Atomic / Fsync** |
 
-### 3. Build with Governance
-Initiate the governed engineering lifecycle:
-```powershell
-atlas build "Develop a user authentication system"
-```
+### 🟢 PROD Mode (Production)
+*   **Role**: Governance Hypervisor.
+*   **Behavior**: Deny-by-Default. If the Kernel suspects *anything* is wrong (network flake, config drift, bad signature), it halts execution immediately.
+*   **Use Case**: Live operations, high-value asset handling.
+
+### 🟡 DEV Mode (Development)
+*   **Role**: Rapid Iteration Sandbox.
+*   **Behavior**: Permissive. Allows `ATLAS_DEV_BYPASS` to skip Sentinel, uses mock time/randomness, and tolerates config changes.
+*   **Use Case**: Unit testing, local debugging.
+
+> **CRITICAL**: Never treat `DEV` mode as a security boundary. It is a velocity tool.
 
 ---
 
-## 📖 Documentation
+## �📦 Documentation
 
-- **[Operator Manual](docs/ATLAS_OPERATOR_MANUAL.md)** — Operational Procedures.
-- **[Troubleshooting Guide](docs/troubleshooting.md)** — Remediation of common issues.
-- **[Architecture Specification](docs/ATLAS_SYSTEM_ARCHITECTURE.md)** — The Ring Model.
+All governance documentation is centralized in the **Compliance Assurance Package (CAP)**.
+
+*   **[System Status](CAP/01_SYSTEM_STATUS.md)**: Operational health.
+*   **[PROD Certification](CAP/03_PROD_CERTIFICATION.md)**: Detailed security guarantees.
+*   **[DEV vs PROD](CAP/04_DEV_VS_PROD_COMPARISON.md)**: Critical environment differences.
+*   **[Ops Runbook](CAP/07_OPERATIONAL_READINESS.md)**: Incident response and key handling.
 
 ---
 
-## 🤝 Support
-- **Security Policy**: See [SECURITY.md](SECURITY.md) for disclosure reporting.
-- **Issues**: [GitHub Issues](https://github.com/atlasnomos/atlas-nomos/issues)
-- **Discord**: [Join the ATLAS Enclave](https://discord.gg/atlas-enclave)
+## 🚀 Quick Start (DEV Mode)
+
+> **WARNING**: `DEV` mode is for experimentation only. It bypasses critical security checks.
+
+### 1. Install
+```bash
+npm install -g @atlasnomos/atlas
+```
+
+### 2. Check Health
+```bash
+atlas doctor
+```
+
+### 3. Run a Task
+```bash
+atlas build "Analyze this codebase for security flaws"
+```
 
 ---
 
 ## 📄 License
 
 ATLAS is licensed under the [GNU Affero General Public License v3.0](LICENSE).
-
-This means:
-- ✅ You can use ATLAS for commercial purposes
-- ✅ You can modify ATLAS
-- ✅ You can distribute ATLAS
-- ⚠️ If you run a modified version as a network service, you must make the source code available to users
-- ⚠️ Derivative works must also be licensed under AGPL-3.0
+*   **Commercial Use**: Allowed.
+*   **Modification**: Allowed (must stay open source if networked).
+*   **Distribution**: Allowed.
 
 See [LICENSE](LICENSE) for full terms.
 

package/atlas.js

@@ -158,7 +158,6 @@ const { ModelsCommand } = require('./src/interface/cli/commands/ModelsCommand');
                     dispatcher.register('unsafe', new UnsafeCommand());
                     dispatcher.register('sync', new SyncCommand());
                     dispatcher.register('config', new ConfigCommand());
-                    dispatcher.register('config', new ConfigCommand());
                     dispatcher.register('providers', new ProvidersCommand());
                     dispatcher.register('help', new HelpCommand());
                     dispatcher.register('models', new ModelsCommand());

package/bin/atlas

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 
 /**
  * ATLAS NOMOS CLI

package/config/sentinel-keys.json

@@ -0,0 +1,15 @@
+{
+    "version": "1.0.0",
+    "keys": [
+        {
+            "key_id": "sentinel-prod-01",
+            "public_key": "a222cb32f6f2a21696144fa63cf36f148336dfc8bafc3bafdd782d90eaf99fcc",
+            "algorithm": "ed25519",
+            "status": "ACTIVE",
+            "added_at": "2026-01-24T18:00:00Z",
+            "valid_from": "2026-01-24T18:00:00Z",
+            "valid_until": "2030-01-01T00:00:00Z"
+        }
+    ],
+    "registry_hash": "PROD_SEALED"
+}

package/config/trust-boundaries.json

@@ -0,0 +1,64 @@
+{
+    "version": "1.0.0",
+    "updated": "2025-12-28T21:48:00Z",
+    "boundaries": {
+        "local": {
+            "segments": [
+                "127.0.0.1",
+                "::1"
+            ],
+            "hardware_anchors": {
+                "tpm": {
+                    "pcr_registry": [
+                        9,
+                        11,
+                        12,
+                        13,
+                        14
+                    ],
+                    "status": "MANDATORY"
+                },
+                "hsm": {
+                    "type": "YubiHSM-2",
+                    "path": "/dev/ttyACM0",
+                    "status": "OPTIONAL_SIMULATED"
+                }
+            },
+            "filesystem": {
+                "root": "c:\\Users\\rianz\\ATLAS NOMOS\\atlas",
+                "protected_dirs": [
+                    ".atlas",
+                    "src/kernel"
+                ]
+            }
+        },
+        "external": {
+            "sentinel": {
+                "endpoint": "http://localhost:8000",
+                "protocol": "HTTPS_REQUIRED_PROD",
+                "allowed_ports": [
+                    80,
+                    443,
+                    8000
+                ],
+                "certificate_pinning": {
+                    "enabled": true,
+                    "expected_fingerprint": "98a65438991bf1cdbed0d1036199725b"
+                }
+            },
+            "llm_providers": {
+                "allowed_domains": [
+                    "openrouter.ai",
+                    "api.anthropic.com",
+                    "api.openai.com"
+                ],
+                "protocol": "HTTPS_ONLY"
+            }
+        }
+    },
+    "policy": {
+        "mismatched_endpoint": "PANIC",
+        "protocol_downgrade": "PANIC",
+        "unknown_external_access": "BLOCK"
+    }
+}

package/index.js

@@ -0,0 +1,10 @@
+/**
+ * ATLAS Kernel Library Entry Point
+ * Designed for programmatic embedding (Ring-1 Integration).
+ */
+
+const { KernelBootstrap } = require('./src/kernel/boot/Bootstrap');
+
+module.exports = {
+    KernelBootstrap
+};

package/package.json

@@ -1,19 +1,23 @@
 {
     "name": "@atlasnomos/atlas",
-    "version": "1.1.14",
+    "version": "10.0.1",
     "description": "Production-grade AI governance kernel for autonomous agents with fail-closed security and cryptographic audit trails",
     "main": "atlas.js",
     "bin": {
         "atlas": "bin/atlas"
     },
     "exports": {
-        ".": "./atlas.js"
+        ".": "./index.js",
+        "./cli": "./atlas.js"
     },
     "files": [
+        "index.js",
         "bin/",
         "atlas.js",
         "src/",
         "config/tier-policies.json",
+        "config/trust-boundaries.json",
+        "config/sentinel-keys.json",
         "LICENSE",
         "README.md",
         "DISCLAIMER.md",
@@ -100,4 +104,4 @@
         "tar": "^7.5.4",
         "diff": "^8.0.3"
     }
-}
+}

package/src/bridge/RingBridge.js

@@ -68,8 +68,6 @@ class RingBridge {
             console.log(`[RingBridge] MCP Roles: ${Object.keys(mcpConfig.roles || {}).join(', ')}`);
         }
 
-        console.log(`[RingBridge] OPENROUTER_API_KEY present in parent: ${!!process.env.OPENROUTER_API_KEY}`);
-
         // ISOLATION: Do not inherit TTY handles (prevents HANDLE_LEAK)
         this.agentProcess = fork(agentPath, [], {
             stdio: ['ignore', 'pipe', 'pipe', 'ipc'],

package/src/core/SecretRedactor.js

@@ -5,6 +5,76 @@
  * SECURITY CRITICAL: This module must never leak sensitive information.
  */
 
+const path = require('path');
+const fs = require('fs');
+
+// Hash-chained audit log for SECRET_REDACTION events
+let HashChainedLog = null;
+let _secretEventLog = null;
+const SECRET_EVENT_LOG_PATH = path.join(process.cwd(), '.atlas', 'audit', 'secret_events.chainlog');
+
+function getSecretEventLog() {
+    if (!HashChainedLog) {
+        try {
+            HashChainedLog = require('../kernel/io/HashChainedLog').HashChainedLog;
+        } catch (e) {
+            return null;
+        }
+    }
+    if (!_secretEventLog) {
+        try {
+            const dir = path.dirname(SECRET_EVENT_LOG_PATH);
+            if (!fs.existsSync(dir)) {
+                fs.mkdirSync(dir, { recursive: true });
+            }
+            _secretEventLog = new HashChainedLog(SECRET_EVENT_LOG_PATH, {
+                name: 'SecretEventLog',
+                panicOnFailure: false
+            });
+            _secretEventLog.initialize();
+        } catch (e) {
+            return null;
+        }
+    }
+    return _secretEventLog;
+}
+
+/**
+ * Emit SECRET_REDACTION event to hash-chained audit log
+ * @param {string} secretType - Type of secret redacted (API_KEY, TOKEN, etc.)
+ * @param {number} count - Number of occurrences redacted
+ */
+function emitSecretRedaction(secretType, count = 1) {
+    const log = getSecretEventLog();
+    if (log) {
+        try {
+            const entry = log.append({
+                event: 'SECRET_REDACTION',
+                timestamp: new Date().toISOString(),
+                secret_type: secretType,
+                occurrences: count,
+                tier: process.env.SENTINEL_TIER || 'DEV',
+                // NOTE: Do NOT include the actual secret or any identifying information
+                action: 'REDACTED'
+            });
+
+            // PROD HARDENING: Anchor to main audit chain
+            // Use lazy require to avoid circular dependency (SentinelInterface -> SecretRedactor)
+            try {
+                const SentinelInterface = require('../kernel/constitution/SentinelInterface');
+                const Sentinel = SentinelInterface.SentinelInterface || SentinelInterface;
+                if (Sentinel.getInstance) {
+                    Sentinel.getInstance().logAnchor('SecretEventLog', entry.hash, entry.seq);
+                }
+            } catch (anchorErr) {
+                // Non-fatal, especially likely during early boot if Sentinel not ready
+            }
+        } catch (e) {
+            // Silent failure - redaction is more important than logging
+        }
+    }
+}
+
 class SecretRedactor {
     /**
      * Patterns that match sensitive data
@@ -61,10 +131,20 @@ class SecretRedactor {
         }
 
         let redacted = text;
+        let redactionOccurred = false;
+
         for (const { pattern, replacement } of this.PATTERNS) {
             // Create a new RegExp to reset lastIndex
             const regex = new RegExp(pattern.source, pattern.flags);
-            redacted = redacted.replace(regex, replacement);
+            const matches = text.match(regex);
+            if (matches && matches.length > 0) {
+                redacted = redacted.replace(regex, replacement);
+                redactionOccurred = true;
+
+                // Emit SECRET_REDACTION event (without the actual secret)
+                const secretType = replacement.replace(/[\[\]]/g, '').replace('_REDACTED', '');
+                emitSecretRedaction(secretType, matches.length);
+            }
         }
 
         return redacted;