chore: bring regulatory-conditions-to-governance up to main

.github/workflows/arco-demo.yml

@@ -7,10 +7,11 @@ name: ARCO Demo Run
 #
 # What this gates (any failure fails the build):
 #   - "ALL CHECKS PASSED" signal in the pipeline output.
-#   - Three regression test scripts return 0:
-#       * test_gate_removal.py (each Annex III 1(a) gate is independently necessary)
+#   - Four regression test scripts return 0:
+#       * test_gate_removal.py (each Annex III 1(a) and 5(b) gate is independently necessary)
 #       * test_scenarios.py (multi-scenario classification correctness)
 #       * test_kiosk_html_no_false_concretization.py (L4.7 regression)
+#       * test_adversarial_mechanism.py (decoy and ghost classification mechanism)
 #   - Five expected artifact files exist in runs/demo/:
 #       certificate.txt, summary.json, evidence.json, shacl_report.txt,
 #       determination_view.html.
@@ -95,6 +96,12 @@ jobs:
           set -euo pipefail
           python -u 03_TECHNICAL_CORE/scripts/test_kiosk_html_no_false_concretization.py
 
+      - name: Run adversarial-mechanism regression tests
+        shell: bash
+        run: |
+          set -euo pipefail
+          python -u 03_TECHNICAL_CORE/scripts/test_adversarial_mechanism.py
+
       - name: Verify artifact files exist
         shell: bash
         run: |

.github/workflows/arco-smoke-test.yml

@@ -46,3 +46,6 @@ jobs:
 
       - name: Run kiosk HTML no-false-concretization regression test (L4.7)
         run: python 03_TECHNICAL_CORE/scripts/test_kiosk_html_no_false_concretization.py
+
+      - name: Run adversarial-mechanism regression tests
+        run: python 03_TECHNICAL_CORE/scripts/test_adversarial_mechanism.py

.gitignore

@@ -4,6 +4,8 @@
 
 # Obsidian knowledge base (local only, not versioned)
 KB/
+# Defensive: even if KB/ rule changes, never commit vendor node_modules trees
+KB/**/node_modules/
 
 # Git metadata (huge)
 .git/

03_TECHNICAL_CORE/ontology/ARCO_governance_extension.ttl

@@ -149,6 +149,44 @@ cco:Organization rdf:type owl:Class ;
   rdfs:label "Organization"@en ;
   rdfs:subClassOf bfo:0000027 . # Object Aggregate
 
+#################################################################
+# 3a) REGULATORY CONTENT — Annex III conditions (universal)
+#
+# These ICE instances describe what EU AI Act Regulation (EU) 2024/1689
+# Annex III prescribes for the modeled categories. They are universal
+# regulatory content (one ICE per Annex III condition modeled), not
+# per-fixture data. Every fixture references them via iao:0000136
+# from its :AssessmentDocumentation.
+#
+# Pattern: a regulatory condition ICE has type :RegulatoryContent,
+# prescribes the regulated process type via cco:prescribes, and is_about
+# the capability / process / role universals via iao:0000136.
+#
+# Moved from per-fixture files (Sentinel, CreditScoring) on 2026-05-14
+# to close regulatory_alignment FAIL on Adversarial and FlagTest fixtures.
+#################################################################
+
+:AnnexIII_List rdf:type :RegulatoryContent ;
+  rdfs:label "Annex III List" ;
+  bfo:0000051 :AnnexIII_Condition_1a ;
+  bfo:0000051 :AnnexIII_Condition_5b .
+
+:AnnexIII_Condition_1a rdf:type :RegulatoryContent ;
+  rdfs:label "Annex III 1(a) (Biometric Rule)" ;
+  rdfs:comment "Annex III item 1(a): biometric identification of natural persons. cco:prescribes targets the regulated process TYPE (class IRI as concept-individual via OWL 2 punning) — the regulation prescribes process types, not deployment-specific tokens." ;
+  cco:prescribes :RemoteBiometricIdentificationProcess ;
+  iao:0000136 :BiometricIdentificationCapability ;
+  iao:0000136 :RemoteBiometricIdentificationProcess ;
+  iao:0000136 :NaturalPersonRole .
+
+:AnnexIII_Condition_5b rdf:type :RegulatoryContent ;
+  rdfs:label "Annex III 5(b) (Creditworthiness Rule)" ;
+  rdfs:comment "Annex III item 5(b): AI systems intended to evaluate the creditworthiness of natural persons or establish their credit score, with the exception of AI systems used for the purpose of detecting financial fraud. cco:prescribes targets the regulated process TYPE (class IRI as concept-individual via OWL 2 punning)." ;
+  cco:prescribes :CreditworthinessEvaluationProcess ;
+  iao:0000136 :CreditworthinessEvaluationCapability ;
+  iao:0000136 :CreditworthinessEvaluationProcess ;
+  iao:0000136 :NaturalPersonRole .
+
 #################################################################
 # 3b) REGULATORY BRIDGE AXIOMS
 #

03_TECHNICAL_CORE/ontology/ARCO_instances_adversarial_decoy_5b.ttl

@@ -0,0 +1,77 @@
+@prefix :    <https://arco.ai/ontology/core#> .
+@prefix bfo: <http://purl.obolibrary.org/obo/BFO_> .
+@prefix cco: <http://www.ontologyrepository.com/CommonCoreOntologies/> .
+@prefix ro:  <http://purl.obolibrary.org/obo/RO_> .
+@prefix iao: <http://purl.obolibrary.org/obo/IAO_> .
+@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+@prefix rdfs:<http://www.w3.org/2000/01/rdf-schema#> .
+@prefix owl: <http://www.w3.org/2002/07/owl#> .
+@prefix skos: <http://www.w3.org/2004/02/skos/core#> .
+
+<https://arco.ai/ontology/instances/adversarial_decoy_5b> rdf:type owl:Ontology ;
+  rdfs:label "ARCO Adversarial Test: Equivalency Decoy (5(b) parity)" ;
+  rdfs:comment """Tests that OWL-RL performs real equivalence reasoning on the Annex III 5(b) branch, mirroring the 1(a) decoy at ARCO_instances_adversarial_decoy.ttl.
+
+  :WeirdCalculator is declared owl:equivalentClass to :CreditworthinessEvaluationCapability.
+  The disposition is typed ONLY as :WeirdCalculator — no Credit/Evaluation/Score/Assessment
+  vocabulary appears in the alias class, disposition, module, or system IRIs.
+
+  If the reasoner is real, it infers CreditworthinessEvaluationCapability membership
+  via owl:equivalentClass propagation; the three-gate intersection then entails
+  :AnnexIII5bApplicableSystem.
+
+  Cross-category isolation is also under test here: post-reasoning the system
+  must NOT entail :AnnexIII1aApplicableSystem (no biometric identification
+  capability is bound to any component).
+
+  Adversarial-purity discipline (parallel to the 1(a) decoy):
+   - no provider organisation, no provider role
+   - no assessment documentation process, no assessment documentation artifact
+   - no compliance obligation
+   - no determination ICE asserted
+  Only the reality-side path the three-gate axiom needs to fire is asserted.
+  Closes OPEN_PROBLEMS L3.7 (5(b) adversarial equivalentClass parity).""" ;
+  owl:imports <https://arco.ai/ontology/governance> .
+
+#################################################################
+# ADVERSARIAL SETUP: equivalence decoy class
+#################################################################
+
+:WeirdCalculator rdf:type owl:Class ;
+  rdfs:label "Weird Calculator (decoy name)" ;
+  skos:prefLabel "Weird Calculator (decoy name)"@en ;
+  skos:definition "An adversarial test class declared owl:equivalentClass to :CreditworthinessEvaluationCapability. Used by the 5(b) equivalence-decoy fixture to verify that the OWL reasoner performs real semantic inference via equivalentClass propagation on the credit branch, rather than IRI pattern matching or class-name string matching." ;
+  rdfs:comment "Equivalent to CreditworthinessEvaluationCapability but with an unrelated name. Tests that the reasoner uses equivalence, not string matching, on the 5(b) branch." ;
+  owl:equivalentClass :CreditworthinessEvaluationCapability .
+
+#################################################################
+# SYSTEM — typed using ONLY the decoy class name
+#################################################################
+
+:WeirdCalc_Disposition rdf:type :WeirdCalculator ;
+  rdfs:label "Weird Calculator Disposition (typed as WeirdCalculator only)" .
+
+:WeirdCalc_Module rdf:type :HardwareComponent ;
+  rdfs:label "Weird Calculator Hardware Module" ;
+  ro:0000091 :WeirdCalc_Disposition .
+
+:WeirdCalcSystem_001 rdf:type :System ;
+  rdfs:label "Weird Calculator System 001" ;
+  bfo:0000051 :WeirdCalc_Module .
+
+#################################################################
+# DOCUMENTARY MINIMUM (gates 2 + 3)
+#################################################################
+
+:WeirdCalc_Process rdf:type :CreditworthinessEvaluationProcess ;
+  rdfs:label "Weird Calculator Process Token" .
+
+:WeirdCalc_IntendedUse_001 rdf:type :IntendedUseSpecification ;
+  rdfs:label "Weird Calculator Intended Use" ;
+  cco:prescribes :WeirdCalc_Process ;
+  iao:0000136 :WeirdCalcSystem_001 .
+
+:WeirdCalc_UseScenario_001 rdf:type :UseScenarioSpecification ;
+  rdfs:label "Weird Calculator Use Scenario" ;
+  iao:0000136 :WeirdCalcSystem_001 ;
+  cco:designates :NaturalPersonRole .

03_TECHNICAL_CORE/ontology/ARCO_instances_creditscoring.ttl

@@ -21,25 +21,12 @@
   owl:imports <https://arco.ai/ontology/governance> .
 
 #################################################################
-# 1) REGULATORY LAYER — Annex III 5(b)
+# 1) ANNEX III REGULATORY LAYER
+#
+# Annex III conditions moved to ARCO_governance_extension.ttl on 2026-05-14;
+# references via iao:0000136 stay below.
 #################################################################
 
-# Mereological backbone (CLAUDE.md invariant 8): every modeled Annex III condition
-# is `bfo:0000051` of `:AnnexIII_List`. The list is also re-asserted here with its
-# rdf:type so this fixture is self-contained when loaded standalone (test_scenarios.py
-# loads each fixture independently). Duplicate triples across fixtures are deduped
-# at union time. See runs/loop/2026-05-09_beverley-research/audit_C_regulatory.md T2.
-:AnnexIII_List rdf:type :RegulatoryContent ;
-  bfo:0000051 :AnnexIII_Condition_5b .
-
-:AnnexIII_Condition_5b rdf:type :RegulatoryContent ;
-  rdfs:label "Annex III 5(b) (Creditworthiness Rule)" ;
-  rdfs:comment "Annex III item 5(b): AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score, with the exception of AI systems used for the purpose of detecting financial fraud. cco:prescribes targets the regulated process TYPE (class IRI as concept-individual via OWL 2 punning) — the regulation prescribes process types, not deployment-specific tokens. This matches the Sentinel pattern and generalizes across multiple 5(b) assessments sharing this single regulatory ICE." ;
-  cco:prescribes :CreditworthinessEvaluationProcess ;
-  iao:0000136 :CreditworthinessEvaluationCapability ;
-  iao:0000136 :CreditworthinessEvaluationProcess ;
-  iao:0000136 :NaturalPersonRole .
-
 #################################################################
 # 2) SYSTEM LAYER (reality-side particulars)
 #################################################################

03_TECHNICAL_CORE/ontology/ARCO_instances_flag_tests.ttl

@@ -11,11 +11,31 @@
   rdfs:label "ARCO Flag Test Instances" ;
   rdfs:comment """Two test cases for the audit-layer exception flags.
 
-  NOTE: Running the full pipeline on these instances will show classification PASS
-  but audit FAIL (traceability and regulatory alignment). This is expected and correct —
-  these are minimal instances for flag testing only, without full regulatory content
-  linkage. The same pattern applies to ARCO_instances_adversarial_*.ttl.
-  The classification layer and flag behavior are the only results under test here.
+  TEST TARGET: simultaneous OWL classification + audit-layer flag detection
+  on the same system, demonstrating that classification and audit do not
+  bleed into each other.
+
+  Expected audit-row outcomes (post 2026-05-14 migration of regulatory content
+  to ARCO_governance_extension.ttl):
+    - classification:        PASS (all three Annex III gates satisfied)
+    - exception flag:        FLAGGED (derogation or fraud, per fixture)
+    - traceability:          FAIL
+    - regulatory_alignment:  FAIL
+  The traceability and regulatory_alignment FAILs are NOT the test target.
+  They persist because the :AssessmentDocumentation instances below do not
+  carry an iao:0000136 link to :AnnexIII_Condition_1a or :AnnexIII_Condition_5b,
+  so the audit queries (which require ?doc iao:0000136 ?condition) return false.
+  This is a fixture-authoring gap, not a defect in the classification or flag
+  behavior under test. Adding those links would close the audit FAILs without
+  affecting the classification or flag entailments — separate change.
+
+  Prior to the 2026-05-14 migration, the audit FAILs also covered fixture-
+  distribution effects (regulatory condition declarations were per-fixture
+  inside ARCO_instances_sentinel.ttl and ARCO_instances_creditscoring.ttl, so
+  the universal regulatory content was invisible to this fixture). The
+  migration moved those declarations to the governance extension, removing
+  the distribution issue; what remains is the local AssessmentDoc->condition
+  linkage gap described above.
 
   Test A — FlagTest_BiometricSystem_WithDerogationClaim:
     A system that IS classified as AnnexIII1aApplicableSystem (all three gates satisfied)

03_TECHNICAL_CORE/ontology/ARCO_instances_sentinel.ttl

@@ -13,20 +13,12 @@
   owl:imports <https://arco.ai/ontology/governance> .
 
 #################################################################
-# 1) REGULATORY LAYER (ICE grounded to reality)
+# 1) ANNEX III REGULATORY LAYER (mereological backbone)
+#
+# Annex III conditions moved to ARCO_governance_extension.ttl on 2026-05-14
+# as universal regulatory content; references via iao:0000136 stay below.
 #################################################################
 
-:AnnexIII_List rdf:type :RegulatoryContent ;
-  rdfs:label "Annex III List" ;
-  bfo:0000051 :AnnexIII_Condition_1a .  # has part
-
-:AnnexIII_Condition_1a rdf:type :RegulatoryContent ;
-  rdfs:label "Annex III 1(a) (Biometric Rule)" ;
-  cco:prescribes :RemoteBiometricIdentificationProcess ;      # directive: prescribes the regulated process type (Three D's — DirectiveICE → Process)
-  iao:0000136 :BiometricIdentificationCapability ;            # is_about the capability universal
-  iao:0000136 :RemoteBiometricIdentificationProcess ;         # is_about the regulated process type
-  iao:0000136 :NaturalPersonRole .                            # is_about the affected role
-
 #################################################################
 # 2) SYSTEM LAYER (reality-side particulars) - UPDATED
 #################################################################

03_TECHNICAL_CORE/ontology/ARCO_instances_verification.ttl

@@ -15,7 +15,7 @@
 
   Non-entailment claim: AnnexIII1aApplicableSystem is not entailed for VerificationKiosk_001 under current assertions (OWA — no closed-world guarantee).
 
-  Legal basis: Recital 22 and Art. 3(41) EU AI Act — 1:1 biometric verification is excluded from Annex III 1(a); only 1:N remote biometric identification triggers classification.""" ;
+  Legal basis: Recital 15, Recital 17, and Annex III item 1(a) of EU AI Act 2024/1689 — the verification carve-out ("intended to be used for biometric verification, which includes authentication, whose sole purpose is to confirm that a specific natural person is the person he or she claims to be") excludes 1:1 biometric verification from biometric identification (Recital 15) and from remote biometric identification systems specifically (Recital 17, rationale: minor impact on fundamental rights), and is reaffirmed in the Annex III 1(a) operative text. Article 3(36) defines biometric verification as the automated 1:1 modality; Article 3(41) defines the RBI system. Only 1:N remote biometric identification triggers Annex III 1(a) classification.""" ;
   owl:imports <https://arco.ai/ontology/governance> .
 
 #################################################################
@@ -24,7 +24,7 @@
 
 :AnnexIII_Condition_1a_Exclusion rdf:type :RegulatoryContent ;
   rdfs:label "Annex III 1(a) — Verification Exclusion Note" ;
-  rdfs:comment "Documents the 1:1 verification exclusion from Annex III 1(a). Recital 22 and Art. 3(41): only 1:N remote biometric identification triggers the Annex III classification." ;
+  rdfs:comment "Documents the 1:1 verification exclusion from Annex III 1(a). Recital 15, Recital 17, and Annex III 1(a) operative carve-out: only 1:N remote biometric identification triggers the Annex III classification. Article 3(36) defines 1:1 verification; Article 3(41) defines the RBI system." ;
   iao:0000136 :BiometricVerificationCapability ;
   iao:0000136 :BiometricIdentificationCapability .
 

03_TECHNICAL_CORE/reasoning/select_system_comment.sparql

@@ -3,8 +3,9 @@ PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
 # EMISSION LAYER — binds rdfs:comment of the system under evaluation.
 #
 # Used by the negative-case output to surface fixture-supplied regulatory
-# reasoning (e.g., the kiosk fixture's comment naming Recital 22 / Article
-# 3(41) and the verification-vs-identification distinction). The comment
+# reasoning (e.g., the kiosk fixture's comment naming Recital 15 + Recital
+# 17 + Annex III 1(a) carve-out and the verification-vs-identification
+# distinction). The comment
 # is fixture-authored ground truth and ships with the TTL; this query
 # avoids embedding fixture-specific legal text as Python literals in the
 # emitter (per CLAUDE.md Output discipline).