Regulatory Baseline of Thought
Founder rule: "Regulations drive the calculations and the writing. Every tool cites the controls it implements; every gap is published, not hidden."
This page is the human-readable face of the regulatory layer that bounds every Guardian Posse cyber tool, agent action, and published article. It lives next to the Cross-Platform Agent Standard because trust without a citation is just a marketing claim.
23
Regulations in catalog
33
Tools registered
127
Active citations
100.0%
Tool citation coverage
Citation Registry — every tool, every control
Each tool below is bound by the regulations cited next to it. A tool with zero citations is an open question we publish in the gap report, not a quiet exception.
| Tool | Layer | Route / Module | Citations |
|---|---|---|---|
|
CPAS Standard — Public Explainer Public, human-readable explanation of the Kojie Standard contract that binds all 16 agents. |
platform | /cpas/standard |
5 · NIST CSF 2.0 §GV.OC-01; NIST AI RMF 1.0 GOVERN-1.1; ISO/IEC 27001:2022 A.5.1; FedRAMP Rev. 5 Moderate … |
|
CPAS Manifest (machine-readable) Authoritative inventory of every agent, platform, consensus pair, and signing identity. |
platform | /cpas/manifest.json |
7 · NIST CSF 2.0 §ID.AM-02; NIST AI RMF 1.0 MAP-1.1; NIST 800-53 r5 CM-8; FedRAMP Rev. 5 Moderate … |
|
Kojie Standard Contract (machine-readable) The five-pattern contract every certified agent must obey, with HMAC-SHA256 audit identities. |
platform | /cpas/standard.json |
3 · NIST AI RMF 1.0 GOVERN-1.4; NIST CSF 2.0 §GV.PO-01; EU AI Act Art. 9 |
|
Sovereign 144 Baseline — Live Certification Live pass/fail of all 16 agents against 49 verifiers of the Master Equation Ω = N · (Φ_W · r · Ψ_B · δ_A) = 1.0. |
platform | /cpas/baseline.json |
4 · NIST AI RMF 1.0 MEASURE-2.5; NIST CSF 2.0 §ID.RA-05; SOC 2 TSC CC4.1; FISMA 2014 §3554(b) |
|
Per-Agent Certification Endpoint On-demand certification of a single agent against the 49-verifier baseline. |
platform | /cpas/certify/<agent_id> |
2 · NIST AI RMF 1.0 MEASURE-1.1; ISO/IEC 27001:2022 A.8.16 |
|
User Authentication (Replit OAuth + password fallback) Identity proofing, credential handling, and session management for all human users. |
platform | /login |
5 · NIST CSF 2.0 §PR.AA-01; NIST 800-53 r5 IA-2; NIST 800-53 r5 IA-5; ISO/IEC 27001:2022 A.5.16 … |
|
Stripe Checkout — Booking Payments Payment authorization and capture for class bookings; no PAN ever stored on application servers. |
platform | /api/customer-bookings/create-checkout-session |
4 · PCI DSS 4.0.1 Req 3; PCI DSS 4.0.1 Req 4; PCI DSS 4.0.1 Req 6; NIST CSF 2.0 §PR.DS-02 |
|
CPWE AI Security Middleware Pre-flight safety, prompt-injection defense, and rate-shaping for every LLM call. |
intelligence | security_middleware.py |
4 · NIST AI RMF 1.0 MAP-1.1; NIST AI RMF 1.0 MANAGE-2.3; EU AI Act Art. 15; NIST CSF 2.0 §PR.PS-06 |
|
SOC Playbook Engine — Red/Blue/Compliance Ops Codified, repeatable response procedures for incident handling, threat hunting, and compliance evidence. |
agent | /secure-api-playbook |
5 · NIST CSF 2.0 §RS.MA-01; NIST CSF 2.0 §RS.AN-03; NIST 800-53 r5 IR-4; NIST 800-53 r5 IR-8 … |
|
Activity & Bookmark Audit Logging Tamper-evident logging of user and agent actions for forensics and compliance. |
data | /api/advanced-controls/activity-bookmarks/<project_id> |
4 · NIST CSF 2.0 §DE.CM-09; NIST 800-53 r5 AU-2; NIST 800-53 r5 AU-12; 45 CFR §164.312(b) |
|
Class Booking — PII Capture & Storage Capture, store, and process customer name / email / phone for class bookings. |
data | /api/customer-bookings |
4 · GDPR Art. 5; GDPR Art. 6; Cal. Civ. Code 1798.100; NIST CSF 2.0 §PR.DS-01 |
|
Transactional Email (SendGrid + Resend) Outbound booking confirmations, password resets, and compliance notices. |
platform | payment_email_service.py |
3 · GDPR Art. 6; GDPR Art. 7; NIST CSF 2.0 §PR.DS-02 |
|
Cross-Platform Agent Consensus No single agent decides alone — every action requires agreement from at least one peer on another platform. |
agent | cross_platform_agent_manifest.py |
3 · NIST AI RMF 1.0 GOVERN-3.1; NIST CSF 2.0 §GV.RR-02; EU AI Act Art. 14 |
|
Liveness / Readiness Probe Operational availability signal for orchestrators and uptime monitors. |
platform | /healthz |
2 · NIST CSF 2.0 §ID.BE-04; SOC 2 TSC A1.2 |
|
Regulatory Baseline of Thought — Public Surface Public, citable index of every regulation the platform operates under and every tool's mapping to controls. |
intelligence | /regulations |
6 · NIST CSF 2.0 §GV.OC-03; NIST AI RMF 1.0 GOVERN-1.1; ISO/IEC 27001:2022 A.5.31; NIST 800-53 r5 PM-31 … |
|
Kojie Nuclear Decommissioning Agents Four agents supporting nuclear decommissioning operations under defense-in-depth oversight. |
agent | https://kojie.works |
4 · 10 CFR §73.54 b; DOE O 205.1C Ch. III; IAEA NSS 17 r1 §4; NIST 800-82 r3 §5 |
|
KOJIE AI Tools Showcase Public catalog of every AI tool the KOJIE platform exposes, with capability summaries. |
intelligence | /kojie-tools |
3 · NIST CSF 2.0 §ID.AM-02; NIST AI RMF 1.0 MAP-1.1; NIST AI RMF 1.0 GOVERN-1.1 |
|
AI Tools Dashboard User-facing dashboard of AI capabilities available across the platform. |
intelligence | /ai-tools |
3 · NIST AI RMF 1.0 GOVERN-1.1; NIST AI RMF 1.0 MAP-1.1; EU AI Act Art. 13 |
|
AI Tools Simple View Beginner-friendly UI surfacing the same AI tools as /ai-tools with simplified labelling. |
intelligence | /simple-ai-tools |
2 · NIST AI RMF 1.0 GOVERN-1.1; EU AI Act Art. 13 |
|
Cybersecurity Services — Public Page Public listing of cybersecurity services offered to customers; sets contractual scope expectations. |
platform | /cybersecurity-services |
5 · NIST CSF 2.0 §GV.OC-01; ISO/IEC 27001:2022 A.5.31; SOC 2 TSC CC2.3; NIST 800-171 r3 03.13-SC … |
|
Cybersecurity Mathematics — Educational Page Public educational content on the mathematical foundations underlying cybersecurity primitives. |
intelligence | /cybersecurity-mathematics |
2 · NIST CSF 2.0 §PR.AT-02; NIST AI RMF 1.0 GOVERN-2.2 |
|
Supply Chain Security Guide Public guide to supply-chain security practices, vendor diligence, and SBOM handling. |
platform | /supply-chain-security-guide |
3 · NIST CSF 2.0 §GV.SC-01; NIST 800-53 r5 SR-3; ISO/IEC 27001:2022 A.5.19 |
|
Copilot Security Scan On-demand security scan that inspects code, config, and deployment artifacts and reports findings. |
agent | /api/copilot/security-scan |
6 · NIST CSF 2.0 §ID.RA-01; NIST CSF 2.0 §ID.RA-08; NIST 800-53 r5 RA-5; PCI DSS 4.0.1 Req 11.3 … |
|
Blue Team Telemetry Analyzer Analyzes incoming defensive telemetry (logs, alerts) and returns triaged findings for the responder. |
agent | /api/blue-team/analyze |
4 · NIST CSF 2.0 §RS.AN-03; NIST CSF 2.0 §DE.AE-02; NIST 800-53 r5 IR-4; NIST 800-82 r3 §6-Architecture |
|
Security Sentinel — Live Monitoring Dashboard Live security monitoring and alerting dashboard for the on-call responder. |
agent | /security-sentinel |
4 · NIST CSF 2.0 §DE.CM-01; NIST CSF 2.0 §DE.AE-02; SOC 2 TSC CC7.2; 17 CFR Form 8-K Item 1.05 |
|
Blue Team Command Center Defensive security operations command center — incident workspace, ticketing, and timeline view. |
agent | /blue-team-command-center |
3 · NIST CSF 2.0 §RS.MA-01; NIST CSF 2.0 §DE.CM-01; SOC 2 TSC CC7.3 |
|
Unified Security Command Single pane of glass aggregating signals across the platform's security tools. |
agent | /unified-security-command |
6 · NIST CSF 2.0 §GV.RM-01; NIST CSF 2.0 §RS.CO-02; NIST 800-53 r5 PM-31; 17 CFR 229.106(b) … |
|
Security Command (alias of unified-security-command) Alias route preserved for inbound links; renders the same surface as /unified-security-command. |
agent | /security-command |
2 · NIST CSF 2.0 §GV.RM-01; NIST CSF 2.0 §RS.CO-02 |
|
Operations Mission Guide — Operator Playbook Owner-facing operator playbook covering daily, weekly, and incident-response missions for running this DOE capital-project platform. |
platform | /operations-mission-guide |
4 · DOE O 413.3B CD-2; DOE G 413.3-10A §3-Surveillance; NIST 800-53 r5 PL-2; DOE O 205.1C Ch. III-Reqs |
|
Oracle Primavera P6 Integration Guide Developer-facing integration guide for the Primavera P6 schedule data feed that drives the platform's EVMS calculations. |
platform | /oracle-p6-integration-guide |
2 · DOE O 413.3B Att-4-EVMS; DOE G 413.3-10A §2-EIA-748 |
|
Project Controls Workflow Guide Owner-gated canonical workflow walkthrough for the project-controls cycle: schedule update → cost actuals → variance analysis → forecast → reporting. |
platform | /project-controls/workflow-guide |
2 · DOE O 413.3B CD-2; DOE G 413.3-10A §4-Certification |
|
Pentest Compliance Precision Engine Maps pen-test findings (CWE) and adversary techniques (MITRE ATT&CK) onto the NIST 800-53 control catalog, scores compliance impact, and auto-drafts POA&M entries — turning a red-team finding into a defensible control-level remediation plan. |
intelligence | pentest_compliance_precision_engine.py |
6 · NIST 800-53 r5 CA-8; NIST 800-53 r5 RA-5; NIST 800-53 r5 CA-5; NIST 800-53 r5 RA-3 … |
|
Physical Pen Test Command Center Authorized operator console for physical/RF penetration-testing engagements (Hak5-class devices, RF capture, payload curation, evidence chain) — every action is gated by login and tied to a recorded engagement so offensive activity is always attributed. |
agent | /physical-pentest/ |
5 · NIST 800-53 r5 CA-8; NIST 800-53 r5 PE-3; NIST 800-53 r5 AU-2; NIST 800-53 r5 AC-6 … |
Catalog — the regulations themselves
23 frameworks across federal mandate, voluntary baseline, sectoral, privacy, AI governance, and operational technology.
| Short name | Authority | Jurisdiction | Version | Effective | Source |
|---|---|---|---|---|---|
| NIST CSF 2.0 | National Institute of Standards and Technology (NIST) | US Federal / Voluntary Global | 2.0 | 2024-02-26 | link |
| NIST 800-53 r5 | NIST | US Federal | Rev. 5 | 2020-09-23 | link |
| NIST 800-171 r3 | NIST | US Federal Contractor | Rev. 3 | 2024-05-14 | link |
| NIST SSDF | NIST | US Federal / Voluntary Global | v1.1 | 2022-02-03 | link |
| NIST AI RMF 1.0 | NIST | US Federal / Voluntary Global | 1.0 | 2023-01-26 | link |
| CISA CPGs | Cybersecurity and Infrastructure Security Agency | US Federal / Critical Infrastructure | v1.0.1 | 2023-03-21 | link |
| ISO 27001:2022 | ISO/IEC | International | 2022 | 2022-10-25 | link |
| SOC 2 TSC | American Institute of CPAs (AICPA) | US / Service Organizations | 2017 (revised 2022) | 2022-12-15 | link |
| CMMC 2.0 | US Department of Defense | US Federal — Defense Industrial Base | Final Rule | 2024-12-16 | link |
| FedRAMP Rev. 5 | FedRAMP PMO / GSA | US Federal — Cloud Service Providers | Rev. 5 | 2023-05-30 | link |
| FISMA 2014 | US Congress / OMB | US Federal | 2014 (Pub. L. 113-283) | 2014-12-18 | link |
| SEC Cyber Disclosure | US Securities and Exchange Commission | US Public Companies | Final Rule | 2023-09-05 | link |
| HIPAA Security | US Department of Health and Human Services (HHS/OCR) | US — Healthcare | 2013 Omnibus + ongoing | 2013-09-23 | link |
| PCI DSS 4.0.1 | PCI Security Standards Council | Global — Payment Card Industry | 4.0.1 | 2024-06-30 | link |
| GDPR | European Parliament & Council | EU / EEA | 2016/679 | 2018-05-25 | link |
| CCPA/CPRA | California Attorney General / CPPA | California, USA | CPRA effective Jan 1, 2023 | 2023-01-01 | link |
| EU AI Act | European Parliament & Council | EU / EEA | 2024/1689 | 2024-08-01 | link |
| NRC 10 CFR 73.54 | US Nuclear Regulatory Commission | US — Nuclear Power Reactors | Current as of 2024 | 2009-03-27 | link |
| DOE O 205.1C | US Department of Energy | US Federal — DOE Enterprise | 205.1C | 2023-04-13 | link |
| IAEA NSS 17 r1 | International Atomic Energy Agency | International — Nuclear Facilities | Rev. 1 | 2021-12-01 | link |
| NIST 800-82 r3 | NIST | US Federal / Voluntary Global | Rev. 3 | 2023-09-28 | link |
| DOE O 413.3B | US Department of Energy | US Federal | Chg 7 (2023) | 2010-11-29 | link |
| DOE G 413.3-10A | US Department of Energy | US Federal | Rev. A | 2012-09-12 | link |
Live Gap Report
Open questions, published in plain English so the team (humans + agents) can close them on the record.
Citation gaps — registered tools without a citation (0)
Zero citation gaps — every registered tool has at least one regulatory citation.
Coverage gaps — regulations in catalog never cited (0)
Zero coverage gaps — every regulation in the catalog is cited by at least one tool.
Public + Agent-Facing API
The regulatory layer is callable. Any client — human, agent, or auditor — can verify the receipt by hand.
GET /api/regulations.json
GET /api/regulations/catalog.json
GET /api/regulations/citations.json
GET /api/regulations/gaps.json
GET /api/regulations/<regulation_id>.json
GET /api/regulations/cite?tool=<tool_id>&max=3