Release/v4

.anchor/constitution.anchor

@@ -4,7 +4,7 @@
 # ─────────────────────────────────────────────────────────────
 
 type: manifest
-version: "4.0"
+version: "4.1"
 anchor_version: ">=4.0.0"
 name: "Anchor Constitutional Root"
 
@@ -104,29 +104,30 @@ policy:
 # FINOS_Framework.anchor is the Rosetta Stone.
 
 legacy_aliases:
-  ANC-001: FINOS-001    # → SEC-006  Raw Network Access
-  ANC-002: FINOS-002    # → PRV-002  Vector Inversion
-  ANC-003: FINOS-003    # → ALN-001  Hallucination
-  ANC-004: FINOS-004    # → SUP-003  Versioning Drift
-  ANC-005: FINOS-005    # → ALN-001  Non-Deterministic Behaviour
-  ANC-006: FINOS-006    # → OPS-001  Availability
-  ANC-007: FINOS-007    # → SEC-003  Model Tampering
-  ANC-008: FINOS-008    # → SEC-002  Data Poisoning
-  ANC-009: FINOS-009    # → SEC-001  Prompt Injection
-  ANC-010: FINOS-010    # → ALN-002  Goal Misrepresentation
-  ANC-011: FINOS-011    # → ETH-001  Bias
-  ANC-012: FINOS-012    # → ETH-002  Explainability Absence
-  ANC-013: FINOS-013    # → SHR-001  Model Overreach
-  ANC-014: FINOS-014    # → SHR-002  Data Quality and Drift
-  ANC-015: FINOS-015    # → SHR-003  Reputational Risk
-  ANC-016: FINOS-016    # → LEG-002  Regulatory Non-Compliance
-  ANC-017: FINOS-017    # → LEG-001  IP Infringement
-  ANC-018: FINOS-018    # → AGT-001  Agent Authorization Bypass
-  ANC-019: FINOS-019    # → AGT-002  Tool Chain Manipulation
-  ANC-020: FINOS-020    # → AGT-003  MCP Compromise
-  ANC-021: FINOS-021    # → AGT-004  State Persistence Poisoning
-  ANC-022: FINOS-022    # → AGT-005  Multi-Agent Trust Violations
-  ANC-023: FINOS-023    # → SEC-004  Credential Harvesting
+  ANC-001: FINOS-001
+  ANC-002: FINOS-002
+  ANC-003: FINOS-003
+  ANC-004: FINOS-004
+  ANC-005: FINOS-005
+  ANC-006: FINOS-006
+  ANC-007: FINOS-007
+  ANC-008: FINOS-008
+  ANC-009: FINOS-009
+  ANC-010: FINOS-010
+  ANC-011: FINOS-011
+  ANC-012: FINOS-012
+  ANC-013: FINOS-013
+  ANC-014: FINOS-014
+  ANC-015: FINOS-015
+  ANC-016: FINOS-016
+  ANC-017: FINOS-017
+  ANC-018: FINOS-018
+  ANC-019: FINOS-019
+  ANC-020: FINOS-020
+  ANC-021: FINOS-021
+  ANC-022: FINOS-022
+  ANC-023: FINOS-023
+
 
 engine:
   fail_on: [BLOCKER, ERROR]

.anchor/frameworks/FINOS_Framework.anchor

@@ -0,0 +1,178 @@
+type: framework
+namespace: FINOS
+version: "1.0"
+anchor_version: ">=4.0.0"
+maintainer: "Anchor Core"
+source: "FINOS AI Governance Framework"
+source_url: "https://github.com/finos/ai-governance-framework"
+credit: "FINOS AI Governance Framework Risk Taxonomy (Ri-001 - Ri-023)"
+description: >
+  The FINOS AI Governance Framework provides the foundational risk
+  taxonomy for Anchor. This framework file acts as the primary
+  mapping layer, connecting the original FINOS Ri-IDs and V3 ANC-IDs
+  to the refined V4 Domain-prefixed rules. Use this framework to
+  ensure compliance with the FINOS standard.
+seal: "sha256:PENDING"
+
+rules:
+
+  - id: "FINOS-001"
+    name: "Prompt Injection"
+    original_id: "Ri-001"
+    maps_to: "SEC-001"
+    severity: "blocker"
+    description: "Malicious instructions injected into prompts."
+
+  - id: "FINOS-002"
+    name: "Data Poisoning"
+    original_id: "Ri-002"
+    maps_to: "SEC-002"
+    severity: "blocker"
+    description: "Poisoning of training, fine-tuning, or retrieval data."
+
+  - id: "FINOS-003"
+    name: "Model Tampering"
+    original_id: "Ri-003"
+    maps_to: "SEC-003"
+    severity: "blocker"
+    description: "Unauthorized modification of model weights or artifacts."
+
+  - id: "FINOS-004"
+    name: "Credential Harvesting"
+    original_id: "Ri-004"
+    maps_to: "SEC-004"
+    severity: "blocker"
+    description: "Systematic exfiltration of secrets via AI pipelines."
+
+  - id: "FINOS-005"
+    name: "Model Leakage and Theft"
+    original_id: "Ri-005"
+    maps_to: "SUP-001"
+    severity: "blocker"
+    description: "Unauthorized export or exfiltration of model weights."
+
+  - id: "FINOS-006"
+    name: "Weight Corruption"
+    original_id: "Ri-006"
+    maps_to: "SUP-002"
+    severity: "blocker"
+    description: "Accidental or malicious corruption of model weights."
+
+  - id: "FINOS-007"
+    name: "Versioning Drift"
+    original_id: "Ri-007"
+    maps_to: "SUP-003"
+    severity: "warning"
+    description: "Undocumented or unverified changes in model versions."
+
+  - id: "FINOS-008"
+    name: "Hallucination"
+    original_id: "Ri-008"
+    maps_to: "ALN-001"
+    severity: "error"
+    description: "Model generating plausible but false or dangerous information."
+
+  - id: "FINOS-009"
+    name: "Bias and Discrimination"
+    original_id: "Ri-009"
+    maps_to: "ETH-001"
+    severity: "error"
+    description: "Systematically biased or discriminatory model outcomes."
+
+  - id: "FINOS-010"
+    name: "Explainability Absence"
+    original_id: "Ri-010"
+    maps_to: "ETH-002"
+    severity: "error"
+    description: "Decisions made by black-box models that cannot be explained."
+
+  - id: "FINOS-011"
+    name: "Availability and Denial"
+    original_id: "Ri-011"
+    maps_to: "OPS-001"
+    severity: "error"
+    description: "AI system unavailability due to resource exhaustion or attacks."
+
+  - id: "FINOS-012"
+    name: "Authorization Bypass"
+    original_id: "Ri-012"
+    maps_to: "SEC-005"
+    severity: "blocker"
+    description: "Executing actions outside granted permissions via AI tools."
+
+  - id: "FINOS-013"
+    name: "Raw Network Access"
+    original_id: "Ri-013"
+    maps_to: "SEC-006"
+    severity: "error"
+    description: "Unproxied outbound network calls from AI components."
+
+  - id: "FINOS-014"
+    name: "Shell Injection"
+    original_id: "Ri-014"
+    maps_to: "SEC-007"
+    severity: "blocker"
+    description: "Executing shell commands constructed from untrusted model input."
+
+  - id: "FINOS-015"
+    name: "PII Leakage"
+    original_id: "Ri-015"
+    maps_to: "PRV-001"
+    severity: "blocker"
+    description: "Unauthorized exposure of Personally Identifiable Information."
+
+  - id: "FINOS-016"
+    name: "Vector Inversion"
+    original_id: "Ri-016"
+    maps_to: "PRV-002"
+    severity: "error"
+    description: "Reconstructing training data from embedding vectors."
+
+  - id: "FINOS-017"
+    name: "Supply Chain Attack"
+    original_id: "Ri-017"
+    maps_to: "SEC-008"
+    severity: "blocker"
+    description: "Compromised upstream dependencies or tool integrations."
+
+  - id: "FINOS-018"
+    name: "Model Overreach"
+    original_id: "Ri-018"
+    maps_to: "SHR-001"
+    severity: "warning"
+    description: "Using models beyond their validated scope or context."
+
+  - id: "FINOS-019"
+    name: "Regulatory Non-Compliance"
+    original_id: "Ri-019"
+    maps_to: "LEG-002"
+    severity: "error"
+    description: "AI deployment violating specific jurisdictional laws."
+
+  - id: "FINOS-020"
+    name: "Human Oversight Removal"
+    original_id: "Ri-020"
+    maps_to: "ETH-003"
+    severity: "blocker"
+    description: "Autonomous decisions made without human-in-the-loop controls."
+
+  - id: "FINOS-021"
+    name: "Goal Misrepresentation"
+    original_id: "Ri-021"
+    maps_to: "ALN-002"
+    severity: "blocker"
+    description: "Agents pursuing objectives misaligned with user intent."
+
+  - id: "FINOS-022"
+    name: "Cross-context Data Bleed"
+    original_id: "Ri-022"
+    maps_to: "PRV-003"
+    severity: "error"
+    description: "Data from one context leaking into another via shared state."
+
+  - id: "FINOS-023"
+    name: "IP Infringement"
+    original_id: "Ri-023"
+    maps_to: "LEG-001"
+    severity: "warning"
+    description: "Model outputs infringing on intellectual property or copyright."

.anchor/frameworks/NIST_AI_RMF.anchor

@@ -0,0 +1,66 @@
+type: framework
+namespace: NIST
+version: "1.0"
+anchor_version: ">=4.0.0"
+maintainer: "Anchor Core"
+source: "NIST AI Risk Management Framework (AI RMF 1.0)"
+source_url: "https://www.nist.gov/itl/ai-rmf"
+credit: "National Institute of Standards and Technology (NIST)"
+description: >
+  The NIST AI RMF provides a high-level framework for managing
+  risks associated with AI systems. Unlike risk taxonomies,
+  NIST RMF defines governance functions—Govern, Map, Measure,
+  Manage. This framework file maps these functions to Anchor's
+  operational primitives and enforcement mechanisms.
+seal: "sha256:PENDING"
+
+rules:
+
+  - id: "NIST-GOV"
+    name: "GOVERN: Institutional Policies"
+    original_id: "Govern 1.1"
+    maps_to: "LEG-002"
+    severity: "error"
+    obligation_type: "audit"
+    anchor_mechanism: "policy.anchor + sealed manifest"
+    description: >
+      Policies, processes, and procedures for AI risk management are
+      established and maintained. Anchor satisfy this by enforcing
+      a cryptographically sealed constitution and project-level
+      policy.anchor overrides.
+
+  - id: "NIST-MAP"
+    name: "MAP: Risk Identification"
+    original_id: "Map 1.1"
+    maps_to: "SHR-001"
+    severity: "warning"
+    obligation_type: "audit"
+    anchor_mechanism: "anchor check --report-server"
+    description: >
+      Context is established and risks are identified and documented.
+      Anchor's federated domains (SEC, ETH, PRV, etc.) provide the
+      contextual mapping of technical risks to organizational impact.
+
+  - id: "NIST-MEAS"
+    name: "MEASURE: Risk Assessment"
+    original_id: "Measure 2.1"
+    maps_to: "OPS-001"
+    severity: "warning"
+    obligation_type: "provenance"
+    anchor_mechanism: "telemetry_path: .anchor/telemetry/"
+    description: >
+      AI systems are assessed for risks and impacts. Anchor's
+      telemetry output provides the metrics for assessing frequency
+      and severity of compliance violations across the fleet.
+
+  - id: "NIST-MAN"
+    name: "MANAGE: Risk Treatment"
+    original_id: "Manage 1.1"
+    maps_to: "ALN-002"
+    severity: "blocker"
+    obligation_type: "audit"
+    anchor_mechanism: "anchor check --severity error (CI Gate)"
+    description: >
+      Risks are prioritized and managed based on impact and likelihood.
+      Anchor's CI/CD integration (pre-commit hooks, GH Actions) acts
+      as the primary "Manage" gate, blocking non-compliant code from deployment.

.anchor/frameworks/OWASP_LLM.anchor

@@ -0,0 +1,86 @@
+type: framework
+namespace: OWASP
+version: "2025"
+anchor_version: ">=4.0.0"
+maintainer: "Anchor Core"
+source: "OWASP Top 10 for Large Language Model Applications"
+source_url: "https://owasp.org/www-project-top-10-for-large-language-model-applications/"
+credit: "OWASP Foundation"
+description: >
+  The OWASP Top 10 for LLMs provides a list of the most critical
+  security risks for applications utilizing Large Language Models.
+  This framework file maps OWASP LLM-specific risks to the
+  canonical Anchor V4 Domain rules.
+seal: "sha256:PENDING"
+
+rules:
+
+  - id: "OWASP-001"
+    name: "LLM01: Prompt Injection"
+    original_id: "LLM-01"
+    maps_to: "SEC-001"
+    severity: "blocker"
+    description: "Malicious instructions injected into prompts to manipulate LLM behavior."
+
+  - id: "OWASP-002"
+    name: "LLM02: Insecure Output Handling"
+    original_id: "LLM-02"
+    maps_to: "SEC-007"
+    severity: "blocker"
+    description: "Failure to sanitize LLM outputs before passing them to sensitive downstream functions (e.g. shell)."
+
+  - id: "OWASP-003"
+    name: "LLM03: Training Data Poisoning"
+    original_id: "LLM-03"
+    maps_to: "SEC-002"
+    severity: "blocker"
+    description: "Poisoning training data to create backdoors or bias in LLM behavior."
+
+  - id: "OWASP-004"
+    name: "LLM04: Model Denial of Service"
+    original_id: "LLM-04"
+    maps_to: "OPS-001"
+    severity: "error"
+    description: "Causing excessive resource consumption in LLMs to degrade availability."
+
+  - id: "OWASP-005"
+    name: "LLM05: Supply Chain Vulnerabilities"
+    original_id: "LLM-05"
+    maps_to: "SEC-008"
+    severity: "blocker"
+    description: "Risks from compromised third-party components, data, or models."
+
+  - id: "OWASP-006"
+    name: "LLM06: Sensitive Information Disclosure"
+    original_id: "LLM-06"
+    maps_to: "PRV-001"
+    severity: "blocker"
+    description: "LLM leaking PII or other sensitive data in its responses."
+
+  - id: "OWASP-007"
+    name: "LLM07: Insecure Plugin Design"
+    original_id: "LLM-07"
+    maps_to: "AGT-001"
+    severity: "blocker"
+    description: "Plugins/tools with insufficient access controls callable by the LLM."
+
+  - id: "OWASP-008"
+    name: "LLM08: Excessive Agency"
+    original_id: "LLM-08"
+    maps_to: "AGT-005"
+    severity: "blocker"
+    description: "LLM having broad permissions or functioning without adequate human oversight."
+
+  - id: "OWASP-009"
+    name: "LLM09: Overreliance"
+    original_id: "LLM-09"
+    maps_to: "ALN-001"
+    severity: "error"
+    description: "Dependence on LLM outputs without verification, increasing risk from hallucinations."
+
+  - id: "OWASP-010"
+    name: "LLM10: Model Theft"
+    original_id: "LLM-10"
+    maps_to: "SUP-001"
+    severity: "blocker"
+    description: "Unauthorized access, copying, or extraction of proprietary models."