sovereign-ai-stack 1.1.0a2

Local-first RAG with policy gating and audit-friendly logging — reference implementation

🛰️ Sovereign AI Stack (Research Preview)

Exploring Deterministic RAG Verification & Forensic Accountability.

[!WARNING] Experimental Alpha: This is a research prototype, not a production-grade security system. It is designed to explore Natural Language Inference (NLI) as a grounding mechanism and Ed25519 signatures for audit integrity. It has not undergone external security audits.

---

🔬 The Concept

The Sovereign AI Stack is a technical exploration into "Verify then Trust" architectures for local AI. Instead of relying on generative LLM judges—which are slow and prone to their own hallucinations—this stack tests a deterministic pipeline using NLI Cross-Encoders.

Key Hypotheses

1. Efficiency: A specialized NLI model (DeBERTa-v3) can verify grounding in 80ms, compared to 2000ms+ for a generative judge.
2. Determinism: Cross-encoders provide a repeatable entailment score rather than a generative "grade."
3. Accountability: Asymmetric cryptography (Ed25519) can provide non-repudiable audit trails even in local-first environments.

---

🛠️ Components

1. Verify (NLI Gate): An experimental gate that blocks responses if the NLI entailment score between the answer and sources falls below a threshold (default 0.85).
2. Audit (Signed Chain): Every decision is cryptographically signed using Ed25519 and linked into a SHA-256 hash chain.
3. Govern (ABAC): A simple Attribute-Based Access Control engine to gate retrieval by role and classification.

---

🚀 Quick Start (Alpha)

1. Install

pip install sovereign-ai-stack==1.1.0a2

2. Basic Usage

from sovereign_ai import SovereignPipeline

# Initializing with default NLI model (deberta-v3-base)
pipeline = SovereignPipeline(tenant_id="research_test")

# Run a governed query
result = pipeline.query("What is the protocol?", role="analyst")
print(f"Verified Answer: {result['answer']}")
print(f"Grounding Score: {result['verification']['score']}")

---

⚠️ Known Limitations & Experimental Status

• Model Specificity: The default NLI model is trained on general entailment; domain-specific grounding (medical/legal) may require fine-tuning.
• Hardware Binding: While the system uses the OS Keyring, true hardware-level attestation (TPM 2.0) is a roadmap item.
• Security Review: This codebase is for research purposes. Do not use it to secure sensitive production data without a comprehensive security review.
• Adversarial Robustness: We are actively seeking feedback on adversarial prompts that might bypass the NLI gate.

---

🤝 Contributing & Feedback

This is an open technical exploration. We value "Brutal Feedback" on the architecture, the cryptographic implementation, and the NLI thresholding logic.

• Issues: Report bugs or architectural flaws.
• Discussions: Suggest better verification models or faster forensic methods.

---

📜 License

MIT