AGTS Cybersecurity Governance Dashboard

⊕

Governance Clearinghouse

Submit deployment or runtime governance requests through the dual-shield decision pipeline

📋 Request Builder

Deployment Type

Policy Profile

Content Hash

Unique identifier of the artifact being deployed

Repository

Branch

Actor Identity

Key ID

Commit Hash (optional)

Environment (optional)

Diff (optional)

Manifest (optional)

Request Type

Policy Profile

Detection Source

Alert ID

Detection Confidence (0–1)

Attestation

MITRE Techniques (comma-separated)

Use MITRE ATT&CK technique IDs (e.g., T1059, T1059.001)

Raw Evidence Hash

Response Action

Target

Impact Level

Rollback Possible

Affected Services (comma-separated)

Environment

Incident ID (optional)

📜 Decision History

◇

No decisions

Submit a request to see governance decisions

📊 Session Summary

Total Decisions 0

Admitted 0

Quarantined 0

Refused 0

Confirmed 0

Anchored 0

◈

Governance Overview

Dual-shield cybersecurity governance posture — Sovereign Gate + RTR-V3 Semantic Firewall

Ω Health Space — Ω Admissible Region (Live)

All governance decisions plotted in H × C space. Green zone = Ω admissible region (H≤0.40, C≥0.40). Click any dot to inspect.

ADMIT

QUARANTINE

REFUSE

Points: 0
In Ω: 0
Outside: 0

	■ Governed (Real)	☐ Ungoverned (Derived)
Signal Arrival	Awaiting submission	Awaiting submission

■ Governance Posture

POSTURE

—

Queue: 0

Refusals: 0%

Deviations: 0

Proof Fails: 0

⬡ Final State Distribution

ADMIT

Governance-cleared actions

QUARANTINE

Awaiting human review

REFUSE

Governance-blocked actions

🛡 Shield Activity

SG Sovereign Gate 0

RTR RTR-V3 Firewall 0

Execution Status

0 EXECUTED

0 WITHHELD

◉ Governance Event Graph

● ADMIT ● QUARANTINE ● REFUSE

🔄 Recent Governance Decisions

Time	Shield	Action	Final State	Trust	Execution	Proof
No decisions yet

🛡 HCE Observables Summary

Aggregate H/C/E scores across all governance decisions this session

—

Avg H

Lower is safer

—

Avg C

Higher is better

—

Avg E

Lower is safer

📈 Decision Distribution

Visual breakdown of ADMIT / QUARANTINE / REFUSE ratio

No data

📊 Risk Score

Composite governance risk assessment

Risk Score

NONE

⏱ Decision Velocity

Per Minute

Per Hour

📊 HCE Ranges

Awaiting data

📊 Session SLA

— No SLA data

SLA: avg latency <500ms, proof rate >95%

👥 Active Actors

Per-actor governance metrics and admission rates

No actor data

🌐 Environment Distribution

Decisions by target environment

No environment data

⬡

Governance Shields

Deep inspection of dual-shield architecture — gate realization, thresholds, and per-shield governance analytics

Sovereign Gate

AGTS-VERT-DEPLOY-001

DEPLOY

Total

Admit

Quarantine

Refuse

Gate Realization

G1 Deployment intent semantic validation

G2 Bounded deployment consequence / exposure

G3 Operational deployment safety

G4 Policy admission and exception logic

G5 Signature + log finalization

HCE Thresholds

0.40

H max

0.40

C min

0.60

E max

Accepted Types

SG HCE Averages

—

RTR-V3 Semantic Firewall

AGTS-VERT-RUNTIME-001

RUNTIME

Total

Admit

Quarantine

Refuse

Gate Realization

G1 Threat semantic validity

G2 Bounded response consequence

G3 Protected service operational safety

G4 Policy admission / review / refusal

G5 Signature + log finalization

HCE Thresholds

0.40

H max

0.40

C min

0.60

E max

Accepted Types

Attestation Modes

RTR HCE Averages

—

◈

Runtime Decisions (RTR-V3)

Runtime governance decisions — action, target, final state, execution, and proof status

Total Runtime

Admitted

Quarantined

Refused

📜 Runtime Decision Stream

Time	Action	Target	Final State	Trust	Execution	Impact	Rollback	Proof
No runtime decisions yet

🎯 MITRE Technique Distribution

🎯

No MITRE data yet

📈 Impact Distribution

CRITICAL

HIGH

MEDIUM

LOW

🛡 Kill Chain + Attestation Correlation

MITRE ATT&CK kill chain with HW/SW attestation dual bars. Green = HW-detectable, amber = SW-detectable, red gaps = SW-blind phases. Click any phase for technique details.

🛡

No kill chain data

Submit runtime decisions with MITRE technique IDs to see kill chain correlation

📊 HCE Scatter Plot (Runtime)

Harm vs Exposure with final state coloring

H →

E ↑

No data points

📈 Gate Pass Rates (RTR)

Per-gate pass/review/block distribution

📈

No gate data

⚠ Deviation Alerts

Runtime decisions where execution deviated from the authorized action

✓

No deviations detected

All runtime decisions executed within authorized parameters

⬡

Deployment Governance (Sovereign Gate)

Deployment pipeline governance — repository tracking, blast radius, rollback risk assessment

📦 Deployment Type Breakdown

Code Commits

Infra Changes

Container Builds

Artifact Promotions

🏗 Repository Activity

📂

No repos tracked

Deploy requests will show repository metrics

📜 Deployment Decision Stream

Time	Type	Repository	Branch	Final State	Trust	Blast Radius	Rollback	Proof
No deployment decisions yet

🌐 Environment Distribution

Deployment decisions by target environment

🌐

No environment data

Submit deployments with environment context to see distribution

👤 Actor Breakdown

Per-actor governance admission rates

👤

No actor data

Deployments with actor identity show admission rates per deployer

📈 Gate Heatmap (Sovereign Gate)

Per-gate pass rate visualization

📈

No gate data

📊 HCE Scatter Plot (Deploy)

Harm vs Exposure for deployment decisions

H →

E ↑

No data points

📊 Policy Effectiveness (Deploy)

Admission rate by active policy profile

📊

No policy data yet

⚠

Quarantine Queue

Review and resolve quarantined governance decisions — admit or refuse after human review

Pending Review: 0

✓

Queue is clear

No quarantined decisions require review. Items with REVIEW verdicts will appear here.

📊 Quarantine Analytics

Aggregate metrics for quarantine queue performance and resolution velocity

Total Queued

Resolved

Escalated

—

Avg Wait

📋 Resolution Audit Trail

Immutable record of quarantine resolutions: who reviewed, when, why, and what action was taken

📋

No resolutions yet

Resolve quarantined items to build an audit trail

📝 Quarantine Resolution Protocol

Standard operating procedure for quarantine review

HCE Threshold Triggered

Automated evaluation produces QUARANTINE final state when Harm, Competence, or Exposure values fall in borderline range.

Human Authority Review

CISO or delegated reviewer inspects decision payload, gate results, and HCE observables. Reviewer can ADMIT or REFUSE.

Execution Confirmation

If admitted, execution proceeds. Confirm flow records EXECUTED/WITHHELD/FAILED/DEVIATED status for immutable audit.

Merkle Anchoring

Resolution decision is signed, logged to transparency log, and anchored in Merkle tree for non-repudiation.

📋

Transparency Log

Browse, search, and verify governance entries in the AGTS transparency log

🔍 Log Query

Search Term

Shield Filter

Final State Filter

Limit

📜 Log Entries 0 results

📋

No log entries loaded

Query the transparency log or submit governance requests to populate entries

⚓ Merkle Tree Visualization

Transparency log proof tree — auto-populated from query results

Leaf 1

0x00000000

Leaf 2

0x00000000

Leaf 3

0x00000000

Leaf 4

0x00000000

H(1‖2)

0x00000000

H(3‖4)

0x00000000

Root Hash

0x00000000

Leaf — governance envelope

Intermediate hash

Root — signed by Sovereign Authority

📊 Log Analytics

Cross-shield transparency log statistics

Total Log Entries 0

Signed Leaves 0

Anchored 0

Anchor Rate —

Proof Failures 0

Confirmation Rate —

🔒 Log Integrity Summary

Governance log non-repudiation and integrity status

Ed25519 Signed

Actor signature verified

Merkle Verified

Inclusion proof valid

Anchor Finalized

Immutable record

✓

Audit & Assurance

Verify leaf integrity, generate governance reports, and inspect anchor status

🔍 Leaf Verification

Leaf Hash

Enter a governance leaf hash to verify its integrity and signature

📄 Report Generation

Authorization Leaf Hash

Generate a full governance report from an authorization leaf

⚓ Anchor Status Check

Leaf Hash

☰ Triple-Leaf Chain Navigator

AGTS records authorization, not occurrence. The three leaves trace a single action from policy decision (Leaf 1) through execution (Leaf 2) to variance measurement (Leaf 3). Each leaf carries a parent_hash linking back, forming a tamper-evident closed-loop chain.

Leaf 1 · Authorization

AGTS_GOVERNANCE_ENVELOPE_V1

No envelope submitted yet

—

→

Leaf 2 · Execution

AGTS_EXECUTION_TRACE_V1

Submit confirmation first

—

→

Leaf 3 · Variance

AGTS_VARIANCE_RECORD_V1

Submit confirmation first

—

📊 Variance Scorecard

Submit & confirm a governance decision to see variance data from the worker.

🌐 Health Space — Ω Admissible Region

H (Entropy) × C (Coherence) plane. Green zone = Ω (H≥0.40, C≥0.40, E≤0.60). Blue dot = authorization state. Colored dot = execution state.

Authorization state (Leaf 1)

Execution state in Ω

Execution state breaching Ω

Drift vector

NOMINAL: L2 ≤ 0.05
DRIFT: 0.05 < L2 ≤ 0.20
BREACH: L2 > 0.20

🔒 Evidence Hash Verifier

Verify that execution metrics were not tampered with after recording. Paste the raw metrics JSON below — the verifier canonicalizes, computes SHA-256, and checks against Leaf 2 from the Protocol Worker.

Raw Execution Metrics JSON

🔗 Witness Attestation Chain

Submit & confirm a governance decision to see the attestation chain.

📈 HCE Feedback Projection — Next-Session Nudge

Based on the variance classification, the AGTS closed-loop engine applies a Human-Centric Evidence nudge. Nudge values are fetched from the cybersec worker’s /v1/feedback/summary endpoint — real computed values, not client-side estimates.

Submit & confirm a governance decision to see HCE feedback projection.

📄 Raw Artifact Inspector

Select an artifact above.

📈 Variance Dashboard

Authorization→execution drift analysis across all confirmed decisions. Classification: NOMINAL (L2≤0.05), DRIFT (0.05<L2≤0.20), BREACH (L2>0.20).

📈

No variance data

Confirm governance decisions to populate variance records

Session Audit Trail

All governance decisions made during this session with verification status

Time	Shield	Type	Final State	Execution	Leaf Hash	Anchor	Signature
No audit entries

📋 Quarantine Resolution Log

Immutable audit trail of quarantine resolutions — who reviewed, when, why, and what action was taken

📋

No resolutions yet

Resolve quarantined items to build an audit trail

🔒 Proof Chain Integrity

Session-wide proof chain completion metrics

Signature Coverage —

Log Coverage —

Verification Coverage —

Anchor Finalization —

Confirmation Rate —

📊 Audit Statistics

Session governance statistics and integrity summary

Session Duration —

Total Decisions 0

Omega Breaches 0

Deviations Detected 0

Proof Failures 0

Unique Actors 0

📝 Governance Assurance Checklist

Automated checks against governance integrity requirements

✓

Digital Signature Binding

All governance decisions carry Ed25519 signatures binding actor identity to the decision envelope

—

✓

Immutable Audit Trail

Transparency log entries are append-only with Merkle tree anchoring for tamper detection

—

✓

Human-in-the-Loop Authority

Quarantine queue enforces human review for borderline decisions before execution authorization

—

✓

Execution Confirmation Loop

Admitted decisions require explicit confirmation with EXECUTED/WITHHELD/FAILED/DEVIATED status

—

✓

Omega Breach Hard Stop

Omega breach flag correctly forces REFUSE regardless of other HCE values

—

✓

Deviation Detection

Execution deviations from authorized parameters are flagged and recorded for investigation

—

⚙

Policy Profiles

View and compare governance policy profiles — HCE thresholds, block limits, and shield-specific configurations

Show Admin Controls

Active Profiles

SG: SOVEREIGN_GATE_DEFAULT

RTR: RTRV3_DEFAULT

🔬 Policy Sandbox

⚠ SIMULATION ONLY — no execution

Simulate the last submitted payload against different policy profiles. Results are hypothetical and do not trigger real governance actions.

Submit a governance request first, then simulate it here under different policies

📊 Policy Effectiveness Analysis

HW vs SW attestation admission rates per policy — demonstrates that stricter policies reject more SW-attested signals while passing HW-attested

📊

No policy effectiveness data

Submit decisions to see how different policies affect admission rates

📝 Policy Administration (Restricted)

ADMIN

Policy rule administration — preview how custom rules would affect governance decisions. Changes require explicit Apply / Commit workflow and approval.

Version: v1.0.0

Last Approved By: ciso@acme.com

Effective: 2026-03-28T00:00:00Z

Status: Active

📖 Policy Reference

HCE observable definitions and policy evaluation logic

H — Harm

Quantifies potential or actual harm of the request. Range [0,1]. High H (> 0.7) triggers strict evaluation. Derived from blast radius (deploy) or technique severity + confidence (runtime).

C — Competence

Measures the system's ability to evaluate the request correctly. Range [0,1]. Low C (< 0.3) triggers QUARANTINE for human review. Derived from actor reputation and context completeness.

E — Exposure

Quantifies the scope of exposure if the request is admitted. Range [0,1]. High E (> 0.8) combined with high H triggers REFUSE. Derived from environment criticality and target scope.

Ω — Omega Breach

Boolean hard stop. When Ω is true, the decision MUST be REFUSE regardless of other values. Triggered by policy-defined absolute boundaries that cannot be overridden by human authority.

▶

Decision Replay

Replay a governance decision gate-by-gate from its leaf hash — full pipeline reconstruction

Leaf Hash to Replay

Or select a decision from the history to replay:

▶

No replay loaded

Enter a leaf hash or select a recent decision to replay its gate pipeline

🔄 Decision Comparison Tool

Compare two governance decisions side-by-side to identify differences in gate verdicts, HCE values, and final state

🕑 Decision Timeline

Chronological view of all governance decisions with proof chain status

🕑

No timeline data

Submit decisions to populate the chronological timeline

📑 Replay Guide

How the replay pipeline reconstruction works

1. Enter the 64-character hex leaf hash from the decision's proof chain. This hash uniquely identifies the governance leaf in the transparency log.

2. The replay engine queries the transparency log worker for the full decision envelope associated with this leaf hash.

3. Each gate (G1 through G5) is reconstructed with its input, verdict, and reasoning. The pipeline visualization shows how gates cascaded into the final state.

4. The proof chain is verified: signature check, Merkle inclusion proof, and anchor finalization status are all validated for integrity.

5. If the decision had a confirmation flow (EXECUTED/WITHHELD/FAILED/DEVIATED), the execution status is displayed alongside the original authorization.

♥

System Health

Worker status, API latency, signing health, log anchoring, and closed-loop feedback

🛡 Cybersec Worker

Checking…

📋 Log Worker

Checking…

⚙ Protocol Worker

Checking…

📡 API Latency

Cybersec

—

Log

—

Protocol

—

Monitor

—

Validator

—

🔄 HCE Feedback Summary

🔄

No feedback data

Feedback loop data will appear after confirmed decisions

⚓ Anchor Polling

Worker Versions

Worker	Version	Status	Latency	Last Check
Loading…

🔗

Integrations

Connected services, API configuration, and external system integrations

👤 Tenant Identity

Tenant ID —

Email —

Session Source Auto

Identity is shared with the main AGTS Clearinghouse. Sessions auto-hydrate across dashboards.

🔑 API Configuration

API Key

Auto-hydrated from Clearinghouse session or registered on first visit

Worker Base URL

Proxy route configured in serve.py

⬡

Sovereign Gate Pipeline

Deployment governance via SG gates

◈

RTR-V3 Firewall Pipeline

Runtime threat governance via RTR gates

📋

Transparency Log

Immutable governance audit log

⚓

Anchor Service

Merkle tree anchoring & finalization

🔑

Key Registry

Signing key management & verification

📡

Monitor Service

Infrastructure health monitoring

🔗 Service Topology

🛡 Gateway Online

⬡ Cybersec Online

📋 Log Online

⚙ Protocol Online

📡 Monitor Online

✓ Validator Online

🔑 Key Registry Online

💰 Billing Online

📄 Compliance Framework Alignment

Governance alignment with industry compliance frameworks

✓

SOC 2 Type II — Change Management

All deployments pass through governance pipeline with immutable audit trail

PASS

✓

ISO 27001 — Access Control (A.9)

Actor identity and key verification enforced at G1 gate

PASS

✓

NIST CSF — PR.DS (Data Security)

Content hashing (SHA-256) and Ed25519 signatures on all governance leaves

PASS

NIST CSF — DE.AE (Anomalies and Events)

HCE deviation detection active — threshold calibration recommended

REVIEW

✓

MITRE ATT&CK Integration

Runtime decisions tagged with MITRE technique IDs for kill chain correlation

PASS

✓

Transparency Log — Non-Repudiation

Merkle tree anchoring provides tamper-evident audit trail with provable inclusion

PASS

✓

Dual Authorization — Human-in-the-Loop

Quarantine queue enforces human authority for borderline decisions

PASS

📦 Session Export

Export governance session data for external auditing and compliance reporting

{ }

JSON Export

Full session data with all decisions, HCE values, and proof chain

📋

CSV Export

Tabular format for spreadsheet analysis

📄

Governance Report

Formatted compliance report with posture summary

🌐 Multi-Vertical Protocol Preview

The same Submit→Evaluate→Commit→Execute→Verify lifecycle governs every vertical. Cybersecurity is one instance of a universal governance primitive.

📜 Protocol Certification Evidence

Generate compliance evidence per framework from session governance data. Requires ≥10 confirmed decisions.

💰 Economic Impact Settings

Configure governance value calculation parameters (IBM/Ponemon industry averages)

Quarantine Base ($)

Average lateral-movement cost avoided per quarantine (IBM 2024: $15K–$50K)

Refuse Base ($)

Breach prevention value per refused threat (Ponemon: $150K–$350K)

Deviation Base ($)

Drift detection value per deviation (capped at $75K)

Compliance per Envelope ($)

Audit record value per signed governance envelope

🔧

Hardware Attestation

Silicon-level telemetry governance — structural obsolescence of reactive cybersecurity