Glossary

Glossary

• Coherence Ops: The governance discipline OVERWATCH implements — maintaining institutional coherence across claims, authority, canons, episodes, and tensions
• OVERWATCH: Sigma OVERWATCH — the execution-governance platform (formerly RAL)
• DTE: Decision Timing Envelope (time budgets)
• TTL/TOCTOU: freshness gating and time-of-check/time-of-use risk
• Safe Action Contract: blast radius + idempotency + rollback + auth
• DecisionEpisode: sealed audit unit
• DriftEvent: structured variance/failure signal that triggers patching
• SSI: System Stability Index — 0-100 composite detecting unsustainable KPI swings (volatility 35%, drift acceleration 30%, authority 20%, economic 15%)
• TEC Sensitivity: Economic fragility analysis measuring C-TEC cost impact when RCF/CCF shift by one tier
• Security Proof Pack: Integrity-chain-aware security gate checking key lifecycle, crypto proof, seal chain, and contract fingerprint
• Kill-Switch: Stale artifact gate validating version match, radar existence, badge freshness, history, and contract fingerprint before release
• KPI Eligibility Tier: Evidence-based score cap — unverified (3.0), simulated (6.0), real (8.5), production (10.0)
• Drift Acceleration: Second derivative of KPI movements across releases; high values indicate unsustainable change velocity
• CI-Eligible Evidence: Benchmark output produced with --ci-mode that sets kpi_eligible=true and evidence_level=real_workload, uncapping telemetry-derived KPI scores from the 4.0 simulated ceiling
• Scalability Regression Gate: CI gate preventing throughput regressions — enforces 80% throughput floor vs. previous benchmark and requires real_workload evidence level
• Benchmark Trend: Historical throughput visualization from benchmark_history.json showing records/sec over time with 80% regression floor overlay
• Refusal Authority: Explicit block on a specific action type via AUTHORITY_REFUSAL ledger entry and REFUSE action contract; triggers AUTHORITY_REFUSED drift signal
• Decision Cost Ledger: Per-decision cost tracking derived from TEC pipeline — avg cost per decision, total cost, drift remediation delta, and patch value ratio
• Economic Evidence: Dedicated economic_metrics.json artifact with kpi_eligible=true sourced from TEC + benchmark data, uncapping economic_measurability KPI
• Authority Custody: Production signing key lifecycle — generation (openssl rand), env-based storage (DEEPSIGMA_SIGNING_KEY), 90-day rotation, revocation via authority ledger, with signing_key_id tracking
• KPI Gate: Release gate requiring all 8 KPI axes >= 7.0; satisfied as of v2.0.9 with authority_modeling at 9.72 and economic_measurability at 10.0
• Drift Acceleration Index: Normalized 0–1 measure of how quickly KPI movements are accelerating across releases; computed as the windowed average of second-derivative KPI deltas. Values > 0.80 indicate unsustainable velocity. v2.1.0 value: 0.68 (WARN band)
• C-TEC: Complexity-adjusted Time/Effort/Cost — edition-scoped variant of TEC that applies live governance factors (ICR for infrastructure coherence, PCR for PR complexity) to base hours, producing Internal, Executive, and Public Sector cost tiers
• Evidence Source Binding: Schema linking an evidence artifact to its originating source with provenance metadata, hash verification, and authority reference — ensures every claim traces to auditable evidence
• Intent Mutation: Detection of drift between the intent packet hash at episode seal time and the hash at a later replay or audit; flags unauthorized changes to decision intent as governance violations
• FEEDS: Federated Event Envelope Distribution Surface — a 5-stage event-driven pipeline connecting governance primitives (TS, ALS, DLR, DS, CE) via file-based pub/sub with manifest-first ingest, deterministic drift detection, authority validation, triage state machine, and canon versioning
• Runtime Gate: Composable pre-execution policy constraint evaluator with 5 gate types (freshness, verification, latency_slo, quota, custom expression). Returns allow/deny/degrade with machine-readable rationale. See src/engine/runtime_gate.py
• SLO Circuit Breaker: Trips when a monitored metric (e.g. P99 latency) breaches a threshold for a sustained time window, triggering automatic degradation. Resets when the metric recovers
• Connector Auto-Instrumentation: @traced decorator and InstrumentedConnector mixin that auto-wrap adapter methods with OTel spans. Provides per-connector operation visibility without manual instrumentation
• W3C Trace Context: Cross-service trace propagation via traceparent header injection/extraction. Enables distributed tracing across connector calls and downstream services
• Encryption at Rest: Fernet (AES-128-CBC + HMAC-SHA256) file-level encryption for sealed episodes and compliance export artifacts. Key sourced from DEEPSIGMA_ENCRYPTION_KEY env var or key file
• Fairness Drift Types: Three drift types for external fairness monitoring: demographic_parity_violation, disparate_impact, fairness_metric_degradation. Ingested from AIF360/Fairlearn via the fairness adapter
• DomainMode: Base class for IntelOps, FranOps, ReflectionOps, AuthorityOps, ParadoxOps, and ActionOps. Provides handle(function_id, event, context) → FunctionResult dispatch and replay() for deterministic verification. See src/core/modes/base.py
• FunctionResult: Return type from every domain mode handler — contains function_id, success, events_emitted, drift_signals, mg_updates, elapsed_ms, replay_hash (SHA-256)
• IntelOps: Intelligence Operations domain mode — 12 function handlers (INTEL-F01–F12) for claim lifecycle automation: ingest, validate, drift detect, patch recommend, MG update, canon promote, authority check, evidence verify, triage, supersede, half-life, confidence recalc
• FranOps: Franchise Operations domain mode — 12 function handlers (FRAN-F01–F12) for canon enforcement: propose, bless, enforce, retcon assess/execute/propagate, inflation monitor, expire, supersede, scope check, drift detect, rollback
• ReflectionOps: Reflection Operations domain mode — 19 function handlers (RE-F01–F19) for gate enforcement: episode begin/seal/archive, gate evaluate/degrade/killswitch, non-coercion audit, severity score, coherence check, reflection ingest, IRIS resolve, replay + institutional memory (precedent ingest, pattern fingerprint, precedent match, knowledge consolidate, temporal recall, knowledge decay, IRIS precedent resolve)
• AuthorityOps: Authority Operations domain mode — 19 function handlers (AUTH-F01–F19) for authority enforcement: action intake, actor/resource resolve, policy load, DLR presence, assumption validate, half-life check, blast radius threshold + simulation + propagation + seal, kill-switch check, decision gate, audit emit, delegation chain validate, authority drift detect + history + cross-domain correlation, assumption sweep. 6 verdicts: ALLOW, BLOCK, ESCALATE, EXPIRED, MISSING_REASONING, KILL_SWITCH_ACTIVE
• ParadoxOps: Paradox Operations domain mode — 12 function handlers (PDX-F01–F12) for paradox tension detection: tension set create, pole manage, dimension attach/shift, pressure/imbalance compute, threshold evaluate, drift promote, inter-dimensional drift detect, seal snapshot, patch issue, lifecycle transition
• ActionOps: Action Operations domain mode — 19 function handlers (ACTION-F01–F19) for commitment tracking: intake, validate, deliverable track, deadline check, compliance evaluate, risk assess, breach detect, escalation, remediation, adjust, complete, report + decision accounting (cost record, time-to-decision, value assess, debt detect, ROI compute, budget enforce, accounting report)
• DecisionSurface: Portable Coherence Ops runtime — adapter ABC (8 methods), claim-event engine (7 functions), notebook/CLI/Vantage adapters. Sits above domain modes with no function IDs or routing table entries. See src/core/decision_surface/
• Drift Radar: Cross-domain drift intelligence surface — correlation, trending, forecasting, remediation prioritization. Sits above domain modes (like DecisionSurface). See src/core/drift_radar/
• Institutional Memory: Precedent registry, pattern fingerprinting, knowledge consolidation, temporal decay. Extension of ReflectionOps (RE-F13–F19). See src/core/institutional_memory/
• Decision Accounting: Cost tracking, value scoring, debt engine, ROI computation, budget enforcement. Extension of ActionOps (ACTION-F13–F19). See src/core/decision_accounting/
• Cascade Engine: Cross-domain event propagation with 27 declarative rules and depth-limited cascading. When an event in one domain triggers a rule, the target domain handler is invoked. See src/core/modes/cascade.py
• Event Contracts: Routing table mapping 79 functions + 91 events to FEEDS topics, subtypes, handler paths, required payload fields, and emitted events. See src/core/feeds/contracts/routing_table.json
• Canon Workflow: State machine for canon entry lifecycle: PROPOSED → BLESSED → ACTIVE → UNDER_REVIEW → SUPERSEDED/RETCONNED/EXPIRED. Transition validation prevents illegal state changes
• Episode State Machine: Episode lifecycle: PENDING → ACTIVE → SEALED → ARCHIVED. Supports FROZEN state for killswitch. freeze_all() halts all active episodes
• Non-Coercion Audit Log: Append-only, hash-chained NDJSON audit log. Each entry chains to previous via SHA-256 hash. verify_chain() for tamper detection. See src/core/audit_log.py
• Domain Killswitch: Emergency freeze — halts all ACTIVE episodes, emits sealed halt proof with authorization, logs to audit trail. Requires explicit authority to resume. See src/core/killswitch.py
• Severity Scorer: Centralized drift severity computation with drift-type weights, multi-signal aggregation, and GREEN/YELLOW/RED classification. See src/core/severity.py
• Retcon Executor: Impact assessment + execution for retroactive corrections: dependent claim enumeration, supersede chain, audit trail, drift signal emission. See src/core/feeds/canon/retcon_executor.py
• Inflation Monitor: Per-domain canon health monitoring — claim count, contradiction density, avg age, supersedes depth thresholds. Breaches emit canon_inflation drift signal. See src/core/feeds/canon/inflation_monitor.py
• JRM: Judgment Refinement Module — log-agnostic coherence engine that ingests external telemetry (Suricata EVE, Snort fast.log, Copilot agent logs), normalizes events via format-specific adapters, runs a 5-stage pipeline (Truth → Reasoning → Drift → Patch → Memory), and outputs JRM-X packet zips. See src/core/jrm/
• JRM-X Packet: Standardized 6-file zip output from the JRM pipeline: truth_snapshot.json, authority_slice.json, decision_lineage.jsonl, drift_signal.jsonl, memory_graph.json, canon_entry.json + manifest.json with SHA-256 per-file hashes. Rolling thresholds: 50k events or 25MB zip
• JRM Adapter: Lossless parser converting a specific log format into normalized JRMEvent records. Built-in adapters: Suricata EVE (JSON), Snort fast.log (regex), Copilot agent (JSONL). Malformed lines become MALFORMED event type with raw preserved. Pluggable via register_adapter(). See src/core/jrm/adapters/
• JRMEvent: Normalized event dataclass output by adapters — includes event_id, source_system, event_type, timestamp, severity, actor, object, action, confidence, evidence_hash (sha256:<hex>), raw_pointer, environment_id, assumptions, and raw_bytes
• Decision Lane: JRM reasoning classification for events: LOG_ONLY (low/info), NOTIFY (medium), QUEUE_PATCH (high + low confidence), REQUIRE_REVIEW (critical/high + high confidence). Determines routing through the coherence pipeline
• JRM Drift Types: Four local coherence drift types: FP_SPIKE (high-count low-confidence alerts), MISSING_MAPPING (unclaimed events), STALE_LOGIC (conflicting signature revisions), ASSUMPTION_EXPIRED (expired assumptions past half-life)
• Cross-Env Drift Types: Enterprise federation drift types: VERSION_SKEW (same signature, different active rev across environments), POSTURE_DIVERGENCE (confidence delta >0.3), REFINEMENT_CONFLICT (incompatible patches)
• JRM Federation Gate: Enterprise packet validation: manifest integrity checks, environment scope enforcement via allowlist, field redaction with recursive stripping. See enterprise/src/deepsigma/jrm_ext/federation/gate.py
• JRM Federation Hub: Multi-environment packet aggregation: ingest packets from multiple SOC environments, detect cross-env drift (VERSION_SKEW, POSTURE_DIVERGENCE), merge memory graphs, produce federation reports. See enterprise/src/deepsigma/jrm_ext/federation/hub.py
• JRM Advisory Engine: Cross-environment drift advisory workflow: publish advisories from detected drift, accept/decline with status tracking and per-drift-type recommendations. See enterprise/src/deepsigma/jrm_ext/federation/advisory.py
• JRM Packet Signer: HMAC-SHA256 manifest signing using canonical JSON serialization. Pluggable interface (subclass for KMS). Paired with PacketValidator for signature verification on ingest. See enterprise/src/deepsigma/jrm_ext/security/
• EDGE: Exportable Decision Governance Engine — standalone single-file HTML applications with embedded governance, zero dependencies, offline-capable
• JRM EDGE: Browser-based JRM pipeline explorer (v1.0.7). 9-stage seeded pipeline, events table, packets, health ring, test lab, stream mode, So What panel, policy drawer. File: edge/EDGE_JRM_EDGE_v1.0.7.html
• So What Panel: JRM EDGE v1.0.7 — per-stage what/why/next analysis auto-generated from pipeline metrics
• Analyzer View: JRM EDGE v1.0.7 — presentation toggle between SOC terminology (Signature, Alert, Rev) and Deep Sigma governance terminology (Claim Key, Evidence, Confidence)
• Stream Mode: JRM EDGE v1.0.7 — simulated tail -f rendering with rolling window, freeze, and seal snapshot
• Policy Drawer: JRM EDGE v1.0.7 — locked-by-default editable pipeline thresholds with regression rerun and delta comparison
• RFP Co-Pilot: EDGE module for government RFP extraction → JSON → Excel Power Query → 6 role action packets. File: edge/edge_rfp_copilot_excel_json.html
• RFP Co-Pilot Exec Brief: 1-page executive summary of RFP Co-Pilot workflow with Print/PDF. File: edge/edge_rfp_copilot_exec_brief.html