# VIII. ARCHITECTURE This page defines the **Nexus Foundry reference architecture** for public-good production. It explains how Foundry organizes the control, data, compute, network, security, AI, observability, repository, publication, Marketplace, Registry, Studio, release, and teardown planes so outputs remain modular, reviewable, supportable, localizable, correctionable, and non-executing until lawful handoff. ### Summary * Nexus Foundry separates architecture into clear planes so governance, data, compute, security, runtime, and release stay bounded. * The architecture keeps public-good production reusable, nationally localizable, provider-neutral where feasible, and support-aware. * No plane creates procurement, finance, consent, deployment, or execution authority by implication. ### Read this with Use [NEXUS FOUNDRY](/organization/acceleration/nexus-foundry.md) for the system overview, [I. FOUNDATIONS](/organization/acceleration/nexus-foundry/i.-foundations.md) for first principles, [III. FRAMEWORKS](/organization/acceleration/nexus-foundry/iii.-frameworks.md) for the operating structure, and [VII. ESTATE](/organization/acceleration/nexus-foundry/vii.-estate.md) for sovereign infrastructure context. Continue with [IX. PRODUCTION](/organization/acceleration/nexus-foundry/ix.-production.md) to see how the architecture becomes governed Foundry objects, release pathways, profiles, schemas, connectors, and deployment units. Use [XIII. READINESS](/organization/acceleration/nexus-foundry/xiii.-readiness.md), [XVIII. HANDOFF](/organization/acceleration/nexus-foundry/xviii.-handoff.md), and [XIX. SAFEGUARDS](/organization/acceleration/nexus-foundry/xix.-safeguards.md) to follow the move from architecture into lawful continuation. ### In this architecture * [Foundry Reference Architecture Overview](#37-foundry-reference-architecture-overview) * [Control Plane](#38-control-plane) * [Data Plane](#39-data-plane) * [Compute Plane](#40-compute-plane) * [Network Plane](#41-network-plane) * [Security Plane](#42-security-plane) * [AI / Agentic Systems Plane](#43-ai--agentic-systems-plane) * [Observability Plane](#44-observability-plane) * [Repository, Publication, Marketplace, Registry, Studio, and Teardown Planes](#45-repository-publication-marketplace-registry-studio-and-teardown-planes) ## 37. Foundry Reference Architecture Overview ### 37.1 Reference Architecture Purpose **37.1.1 Reference Architecture Identity.** The **Foundry Reference Architecture** shall be the common architectural blueprint through which Nexus Foundry organizes public-good production across objects, workflows, records, compute, data, AI, edge systems, observability, Studio runtime, Marketplace discovery, Registry status, Core Build surge capacity, Nexus Universe arenas, Nexus Network continuity, National Nodes, Consortium pathways, and lawful handoff preparation. It shall define repeatable patterns without freezing innovation; provide architectural discipline without creating deployment authority; and make Foundry work modular, reviewable, localizable, supportable, correctionable, and archivable. **37.1.2 Purpose.** The purpose of the Reference Architecture shall be to ensure that Foundry work does not emerge as disconnected pilots, unmaintained prototypes, unreviewed dashboards, isolated datasets, one-off event outputs, sponsor-shaped tools, provider-captured infrastructure, undocumented AI workflows, unsupported releases, fragmented national adaptations, or execution-implying handoff packages. It shall provide the structured pattern by which ideas become records, records become objects, objects become reviewed releases, releases become discoverable where appropriate, discovery remains bounded, runtime remains controlled, support remains explicit, and handoff remains dependency-aware. **37.1.3 Architectural Discipline.** The Reference Architecture shall discipline all Foundry production through common object classes, versioning, records, status labels, release classes, support classes, review gates, access classes, data classes, compute classes, AI workflow classes, Studio runtime classes, Marketplace listing classes, Registry record classes, national routing classes, correction classes, teardown classes, and archive classes. Such discipline shall preserve meaning across global, regional, national, institutional, technical, and enterprise-adjacent contexts. **37.1.4 Anti-Pilot-Trap Purpose.** The Reference Architecture shall prevent the pilot trap by requiring that every material Foundry output be designed for one of the following recorded lifecycle paths: continuation, conversion, support, localization, reuse, controlled release, Studio preparation, Marketplace discovery, Registry memory, national routing, lawful handoff preparation, non-continuation, retirement, teardown, or archive. No output shall remain indefinitely as an attractive but unsupported demonstration. **37.1.5 Public-Good Purpose.** The Reference Architecture shall serve public-good production first. It shall make public-good software, schemas, methods, evidence tools, observability modules, dashboards, packs, agents, connectors, readiness templates, safeguard workflows, public-safe materials, and handoff dependency patterns reusable without permitting private capture, sponsor control, provider lock-in, unrecorded authority, or enterprise-stack collapse. **37.1.6 Scope of Application.** The Reference Architecture shall apply to Foundry programs, Nexus Core Build, Nexus Universe outputs, Nexus Network records, Nexus Observatory objects, Nexus Studio runtime patterns, Nexus Marketplace listings, Nexus Registry records, Nexus Rails routing, Nexus Grid inputs, Nexus Academy pathways, National Portfolio objects, National Working Group outputs, Competence Cell outputs, Guild outputs, Frontier Labs outputs, campaign outputs, compute environments, data environments, AI workflows, edge environments, secure rooms, clean rooms, no-download environments, and lawful handoff packages. **37.1.7 Boundary.** The Reference Architecture shall not itself authorize deployment, operation, procurement, finance, insurance, public authority action, consent, national implementation, enterprise execution, National Consortium Company activity, Project SPV activity, or public warning. It defines how Foundry objects are structured and governed; it does not decide whether a real-world actor may execute. **37.1.8 Reference Architecture Formula.** The Reference Architecture shall operate according to the formula: **common pattern before production; record before status; review before release; support before reliance; localization before national use; handoff before execution only by dependency package; correction before trust loss; archive before forgetting.** *** ### 37.2 Reusable Architecture Across Nexus Foundry, Core Build, Universe, Network, Observatory, Studio, Marketplace, and Registry **37.2.1 Reusability Principle.** The Reference Architecture shall create reusable architectural patterns across Nexus Foundry, Nexus Core Build, Nexus Universe, Nexus Network, Nexus Observatory, Nexus Studio, Nexus Marketplace, and Nexus Registry so that outputs generated in one surface can be understood, reviewed, supported, corrected, routed, localized, discovered, registered, or archived in another without loss of meaning or boundary discipline. **37.2.2 Foundry as Production Origin.** Nexus Foundry shall operate as the primary production architecture for converting problems, evidence gaps, technical opportunities, national needs, campaign themes, Guild expertise, Labs outputs, Core Build tasks, and Nexus Universe outputs into structured Foundry Objects. Foundry shall define the object model, review model, release model, support model, correction model, and archive model that other Nexus surfaces reference. **37.2.3 Core Build as Surge Production Environment.** Nexus Core Build shall use the Reference Architecture to ensure that temporary high-intensity build work produces permanent records, not orphaned demonstrations. Core Build outputs shall be structured as objects, packs, connectors, dashboards, agents, Studio packages, Observatory modules, evidence products, readiness notes, safeguard records, public-safe materials, or archive records capable of post-cycle review and renewal. **37.2.4 Nexus Universe as Annual Concentration Surface.** Nexus Universe shall use the Reference Architecture to route arena outputs into Foundry lifecycle pathways. Arena visibility shall not create status; arena outputs shall become status-bearing only through Foundry records, Registry entries, Marketplace review, Studio preparation, National Node routing, support classification, correction, and archive. **37.2.5 Nexus Network as Continuity Layer.** Nexus Network shall use the Reference Architecture to preserve continuity across working groups, competence cells, guilds, national nodes, regional clusters, Academy pathways, contributors, maintainers, reviewers, and support stewards. Network participation shall use common records so that distributed work remains recomposable. **37.2.6 Nexus Observatory as Signal and Evidence Layer.** Nexus Observatory shall use the Reference Architecture for Observatory Nodes, Node Grids, indicators, dashboards, DRI outputs, GRIx context, geospatial layers, edge telemetry, Earth observation interfaces, public authority learning materials, and public-safe reports. Observatory outputs shall remain evidence and observability objects unless separately routed into competent decision processes. **37.2.7 Nexus Studio as Controlled Runtime Preparation Layer.** Nexus Studio shall use the Reference Architecture to structure runtime packages, simulations, dashboards, AI agents, workflows, secure-room sessions, public authority learning demonstrations, readiness exercises, and controlled environments. Studio runtime shall remain workflow-bound and shall not create lawful decision authority, deployment authorization, data access authorization, or execution authority by implication. **37.2.8 Nexus Marketplace as Discovery Layer.** Nexus Marketplace shall use the Reference Architecture to display eligible Foundry Objects through governed metadata, support status, license or terms, dependency notes, public-safe limitations, provider-neutrality notes, correction links, Registry references, Studio references where applicable, and no-conversion language. Marketplace discovery shall not become recognition, certification, procurement, finance, consent, deployment, or execution. **37.2.9 Nexus Registry as Status Truth and Memory Layer.** Nexus Registry shall use the Reference Architecture to preserve object identity, release status, support status, contribution records, correction records, TRL inputs, public notice records, archive records, Marketplace relationships, Studio relationships, National Node references, and handoff-relevant status. Registry presence shall mean record existence, not universal approval. **37.2.10 Reusable Architecture Formula.** Reusable architecture shall follow the formula: **Foundry produces; Core Build concentrates; Universe surfaces; Network continues; Observatory senses; Studio runs under control; Marketplace discovers; Registry remembers; records preserve meaning across all surfaces.** *** ### 37.3 Architecture as Public-Good Production Infrastructure **37.3.1 Public-Good Production Infrastructure Principle.** The Reference Architecture shall be treated as public-good production infrastructure. It shall organize how public-good capability is built, tested, released, supported, corrected, localized, and handed off without requiring every object to be reinvented, privately enclosed, or controlled by a single provider, sponsor, institution, or jurisdiction. **37.3.2 Public-Good Object Production.** Public-good production may include software, schemas, APIs, connectors, dashboards, agents, evidence packs, Observatory modules, DRI tools, GRIx context structures, readiness templates, safeguard workflows, public-safe publication templates, Studio runtime patterns, Marketplace metadata patterns, Registry record structures, National Portfolio templates, support tools, correction tools, teardown tools, and archive structures. **37.3.3 Production Infrastructure Requirements.** Public-good production infrastructure shall require:\ 37.3.3(a) object identity and versioning;\ 37.3.3(b) source and provenance records;\ 37.3.3(c) review pathways;\ 37.3.3(d) data and compute classification;\ 37.3.3(e) AI and agent controls where applicable;\ 37.3.3(f) public-safe language;\ 37.3.3(g) safeguard classification;\ 37.3.3(h) release and support status;\ 37.3.3(i) Marketplace and Registry compatibility where relevant;\ 37.3.3(j) Studio compatibility where relevant;\ 37.3.3(k) national localization pathway;\ 37.3.3(l) correction and archive pathway. **37.3.4 Public-Good Firewall.** The Reference Architecture shall maintain the public-good firewall by distinguishing public-good baseline objects from enterprise extensions, public-good records from commercial claims, readiness questions from finance execution, Marketplace discovery from procurement preference, Registry memory from approval, Studio runtime from decision authority, and handoff dependency packages from execution mandates. **37.3.5 Anti-Enclosure Design.** The Reference Architecture shall protect public-good objects against enclosure through open technical baselines, documented interfaces, license clarity, provider-neutral dependencies, portability, exit planning, object lineage, public-safe records, and correction rights. Where proprietary dependencies are unavoidable or useful, they shall be disclosed and bounded. **37.3.6 Support and Maintenance.** Public-good production infrastructure shall not celebrate release without support. Objects shall carry support classes, maintainer records where applicable, update expectations, known limitations, security posture, dependency notes, end-of-support conditions, retirement conditions, and archive rules. **37.3.7 Public-Good Production Without Execution.** Public-good production may make implementation easier, clearer, safer, more repeatable, and more accountable, but it shall not itself implement. The Reference Architecture shall ensure that production objects remain non-executing until a competent lawful actor separately executes through the appropriate public authority, procurement, finance, data, safeguard, consent, contract, deployment, and operational pathways. **37.3.8 Public-Good Production Formula.** Architecture as public-good production infrastructure shall follow the formula: **build public-good baselines; expose dependencies; keep support explicit; protect against enclosure; separate production from execution; correct and archive the lifecycle.** *** ### 37.4 Architecture as Control Surface, Not Execution Authority **37.4.1 Control Surface Principle.** The Reference Architecture shall function as a **control surface** for Foundry work. It shall control structure, records, access, workflow, review, release, support, correction, localization, Marketplace display, Registry status, Studio runtime preparation, and handoff documentation. It shall not control real-world public authority action, procurement, finance, insurance, community consent, Indigenous consent where applicable, deployment, operation, or execution. **37.4.2 Control Surface Functions.** The architecture may control:\ 37.4.2(a) what object class an output belongs to;\ 37.4.2(b) what records must exist;\ 37.4.2(c) what review is required;\ 37.4.2(d) what data may be used;\ 37.4.2(e) what compute environment applies;\ 37.4.2(f) what AI workflow is authorized;\ 37.4.2(g) what support status is displayed;\ 37.4.2(h) what public-safe language is required;\ 37.4.2(i) what national routing is required;\ 37.4.2(j) what handoff dependencies must be stated;\ 37.4.2(k) what correction or archive action is required. **37.4.3 Architecture Boundary.** The control surface shall not decide that a project should be built, a contract should be awarded, a system should be deployed, a public authority should act, capital should be invested, insurance should be underwritten, donor funds should be allocated, public finance should be committed, a community has consented, Indigenous permission has been granted where applicable, or an operator should operate. **37.4.4 Runtime Control Boundary.** Studio runtime, agents, dashboards, simulations, edge outputs, and deployment-unit templates may be controlled by architecture, but such control shall remain internal to Foundry workflow governance. Runtime control shall not become legal decision authority or operational command. **37.4.5 Technical Control Without Institutional Overclaim.** Technical controls such as permissions, quotas, validation checks, release gates, signatures, logging, sandboxing, secure rooms, no-download environments, and compute-to-data restrictions shall enforce workflow discipline. They shall not be described as certification, compliance approval, cybersecurity guarantee, public authority approval, procurement approval, financeability, or deployment authorization. **37.4.6 Handoff Control.** The architecture may require handoff packages to carry dependencies, public authority conditions, data conditions, support conditions, safeguard conditions, procurement conditions, finance and insurance conditions, consent conditions, and correction pathways. It shall not satisfy those conditions by requiring them. **37.4.7 Control Surface Correction.** Architectural controls shall be corrected where they create false authority, block legitimate national routing, enable provider capture, weaken safeguards, hide unsupported status, overstate release meaning, or permit execution overclaim. **37.4.8 Control Surface Formula.** Architecture as control surface shall follow the formula: **control records, workflow, review, access, and lifecycle; do not control public authority, finance, consent, deployment, or execution; require dependencies without satisfying them; correct authority drift.** *** ### 37.5 Modular Architecture and National Localization **37.5.1 Modularity Principle.** The Reference Architecture shall be modular so that Foundry Objects can be reused, localized, recombined, tested, supported, replaced, retired, or archived without forcing every jurisdiction, domain, provider, sponsor, institution, or implementation pathway into a single monolithic system. Modularity shall preserve common rail while enabling national and local adaptation. **37.5.2 Modular Object Classes.** Modular architecture may include Clauses, Modules, Packs, Profiles, Schemas, APIs, Connectors, Agents, Dashboards, Deployment Units, Studio Runtime Packages, Evidence Products, Observatory Modules, Readiness Products, Safeguard Products, Public-Safe Materials, Support Objects, Correction Objects, Archive Objects, and Handoff Dependency Templates. **37.5.3 Localization Without Forking.** National localization shall adapt modules to national law, language, public authority structures, data residency, infrastructure conditions, community safeguards, Indigenous protocols where applicable, public-safe communication needs, procurement sensitivities, finance-reader contexts, and lawful handoff pathways without silently forking object identity, controlled vocabulary, correction links, support status, or no-conversion language. **37.5.4 Profiles.** Profiles may be used to adapt a global baseline to a national, regional, sectoral, institutional, public authority, data, safeguard, or Studio context. A Profile shall state what has been adapted, why, under what record, with what dependencies, and what baseline it remains linked to. **37.5.5 Modular Review.** Modules may be reviewed independently where appropriate, but recomposed systems shall also be reviewed as systems. A safe module may create risk when combined with other modules, datasets, agents, dashboards, connectors, or deployment units. Architecture shall review both parts and compositions. **37.5.6 Modular Support.** Support shall be attached to objects and compositions. A supported module inside an unsupported composition shall not make the whole supported. An unsupported dependency inside a supported object shall be disclosed. National localization shall identify who supports localized variants. **37.5.7 Modular Handoff.** Handoff packages shall identify which modules, profiles, dependencies, support obligations, data conditions, and safeguards are included, excluded, superseded, restricted, or recipient-responsible. Modular handoff shall not become partial execution authority. **37.5.8 Modular Architecture Formula.** Modular architecture and localization shall follow the formula: **build in modules; profile for context; preserve lineage; review compositions; support variants explicitly; localize without forking the rail; never let adaptation erase boundaries.** *** ### 37.6 Global-to-Local Architecture Pattern **37.6.1 Global-to-Local Pattern Identity.** The Reference Architecture shall implement a **Global-to-Local Architecture Pattern** through which common public-good baselines can be formed globally, translated regionally, localized nationally, adapted by Working Groups and Competence Cells, prepared for Nexus Universe and Core Build, and handed off where lawful without bypassing national ownership or local safeguards. **37.6.2 Global Layer.** The global layer may define common doctrine, common object classes, reference patterns, controlled vocabulary, public-good baselines, Registry structures, Marketplace structures, Studio structures, AI governance patterns, compute and data patterns, public-safe language, and correction rules. The global layer shall not command national implementation. **37.6.3 Regional Layer.** The regional layer may translate global baselines into regional cluster patterns, corridor patterns, regional Observatory patterns, regional Academy pathways, shared hazard and infrastructure patterns, cross-border safeguards, and regional Nexus Universe preparation. The regional layer shall support national pathways and shall not override them. **37.6.4 National Layer.** The national layer shall localize Foundry work through National Nexus Nodes, National Nexus Consortiums, National Councils, Helix Councils, National Working Groups, Competence Cells, National Portfolio Factory, national data controls, national safeguards, public authority learning pathways, national readiness mapping, and lawful handoff pathways. **37.6.5 Local Layer.** The local layer may include communities, cities, regions, infrastructure sites, edge environments, Observatory Nodes, public-interest actors, universities, hosts, implementation actors, community safeguards, Indigenous protocols where applicable, and local validation pathways. Local work shall be connected to national records so that it is not extracted, isolated, or overclaimed. **37.6.6 Enterprise Interface Layer.** Enterprise continuation may occur through National Consortium Companies, Project SPVs, providers, hosts, contractors, operators, public authorities, procurement processes, finance processes, insurance processes, community permission processes, Indigenous permission processes where applicable, and implementation actors. Enterprise interface shall require lawful handoff and shall not be automatic. **37.6.7 Feedback Loop.** The pattern shall support local-to-national, national-to-regional, regional-to-global, and global-to-local feedback. Corrections, support issues, localization lessons, edge drift, public-safe concerns, readiness gaps, and handoff feedback shall update the Reference Architecture through recorded renewal. **37.6.8 Global-to-Local Formula.** The global-to-local pattern shall follow the formula: **global sets common rail; regional translates and clusters; national owns and localizes; local validates and safeguards; enterprise executes only by lawful pathway; feedback renews the architecture.** *** ### 37.7 Temporary Stack / Permanent Rail Architecture **37.7.1 Temporary Stack / Permanent Rail Principle.** The Reference Architecture shall distinguish temporary stacks from permanent rails. Temporary stacks may be assembled for Nexus Core Build, Nexus Universe arenas, Frontier Labs, campaigns, simulations, secure rooms, cyber ranges, cloud burst workloads, Studio demonstrations, edge pilots, national build sprints, or public authority learning sessions. Permanent rails shall preserve records, object identity, status truth, support status, correction history, public-safe language, national routing, and archive memory after temporary stacks are dismantled. **37.7.2 Temporary Stack Defined.** A temporary stack may include compute, networking, storage, dashboards, AI tools, agents, code repositories, collaboration spaces, data rooms, secure rooms, edge devices, Studio environments, simulation environments, public-safe materials, arena rooms, and support channels assembled for a limited purpose and period. **37.7.3 Permanent Rail Defined.** A permanent rail shall include object identifiers, records, provenance, reviews, Registry status, Marketplace history, Studio history, support state, correction logs, public notices, National Node records, Nexus Network records, archive records, and renewal pathways. The permanent rail preserves institutional meaning even when the temporary stack closes. **37.7.4 Stack Closure Rule.** Every temporary stack shall have a closure rule before activation. The rule shall identify teardown, data disposition, credential revocation, artifact archive, support status, public-safe notice, Registry update, Marketplace update, Studio update, correction pathway, and residual responsibilities. **37.7.5 No Temporary Authority.** Temporary stacks shall not create temporary authority to bypass review, data controls, public authority boundaries, finance boundaries, procurement neutrality, consent boundaries, safeguards, support classification, national routing, or handoff discipline. Speed shall not erase governance. **37.7.6 Annual Surge Discipline.** Nexus Universe and Nexus Core Build may create high-intensity temporary technical stacks, but all outputs shall route into permanent rails after the surge. Temporary energy shall become permanent record, not permanent confusion. **37.7.7 Stack Drift Correction.** Temporary stacks shall be corrected, closed, or archived where they remain active beyond purpose, accumulate unsupported users, create provider dependency, expose data, continue dashboards without support, run AI agents without review, or imply deployment. **37.7.8 Temporary Stack / Permanent Rail Formula.** This architecture shall follow the formula: **assemble temporary stacks for focused work; govern them before use; close them deliberately; preserve outputs in permanent rails; never let temporary infrastructure become unmanaged execution.** *** ### 37.8 Open Technical Baseline **37.8.1 Open Technical Baseline Principle.** The **Open Technical Baseline** shall be the public-good technical foundation of Nexus Foundry. It shall consist of reusable, documented, interoperable, correctionable, license-clear, provider-neutral where feasible, and nationally localizable technical patterns that support public-good production without private enclosure. **37.8.2 Baseline Components.** The Open Technical Baseline may include schemas, APIs, data dictionaries, controlled vocabulary, evidence templates, metadata standards, Observatory module patterns, dashboard templates, DRI and GRIx methods, Pack structures, connector specifications, agent configuration templates, Studio runtime patterns, Marketplace metadata patterns, Registry record structures, support classes, release classes, correction templates, teardown templates, and archive structures. **37.8.3 Open Does Not Mean Uncontrolled.** Open technical baseline shall not mean unrestricted data access, unrestricted deployment, unrestricted AI use, unrestricted provider claims, unrestricted public authority use, unrestricted finance use, unrestricted procurement use, unrestricted handoff, or unrestricted execution. Open structure may coexist with restricted data, secure rooms, compute-to-data, no-download environments, controlled releases, and national safeguards. **37.8.4 License and Terms Discipline.** Baseline components shall carry clear license or terms, permitted uses, prohibited uses, contribution terms, attribution rules, support status, warranty disclaimers where appropriate, public-safe limits, enterprise-use boundaries, correction rights, and archive conditions. License clarity shall prevent both enclosure and uncontrolled reliance. **37.8.5 Provider-Neutrality.** The Open Technical Baseline should avoid unnecessary provider dependency. Where provider-specific capabilities are used, equivalent interface patterns, exit plans, dependency notes, and no-validation language should be recorded. Provider support shall not control the baseline. **37.8.6 National Localization.** Open baseline components shall be localizable through profiles, national extensions, language packs, legal-context notes, data-residency notes, public authority notes, community safeguard notes, Indigenous protocol notes where applicable, and national support status without losing lineage. **37.8.7 Baseline Correction.** The Open Technical Baseline shall be corrected where schemas fail, APIs drift, controlled vocabulary becomes outdated, dependencies become unsafe, provider lock-in appears, public-safe language fails, localization breaks, support lapses, or baseline components are used as certification, procurement, finance, consent, deployment, or execution claims. **37.8.8 Open Technical Baseline Formula.** The Open Technical Baseline shall follow the formula: **open the structure; protect sensitive data; disclose terms; preserve provider neutrality; localize with lineage; correct shared foundations; never let openness become uncontrolled permission.** *** ### 37.9 Enterprise Extension Without Public-Good Capture **37.9.1 Enterprise Extension Principle.** The Reference Architecture shall allow lawful enterprise extension without public-good capture. Enterprise actors, providers, National Consortium Companies, Project SPVs, hosts, operators, contractors, sponsors, and implementation partners may extend, adapt, implement, support, commercialize, or operate certain Foundry-informed objects only where licenses, terms, contracts, data rights, procurement processes, public authority requirements, finance and insurance processes, safeguards, consent processes, and handoff conditions permit. **37.9.2 Extension Boundary.** Enterprise extension shall not privatize the public-good baseline, erase public-good attribution, hide dependencies, remove no-conversion language, convert Marketplace visibility into procurement preference, convert Registry presence into approval, convert Studio runtime into deployment authorization, convert TRL input into certification, or convert public-safe reports into investment or insurance claims. **37.9.3 Enterprise Extension Classes.** Enterprise extension may include implementation-specific configurations, hosted services, commercial support, integration services, localized deployment planning, provider-specific adapters, infrastructure operations, data services, training services, managed services, National Consortium Company services, Project SPV implementation, or project-specific technical packages. Each class shall be separately governed. **37.9.4 Extension Record.** Where enterprise extension interfaces with Foundry records, an Enterprise Extension Record shall identify source Foundry object, version, license or terms, enterprise actor, extension class, modifications, dependencies, support responsibilities, data responsibilities, public authority dependencies, procurement dependencies, finance and insurance dependencies, safeguard dependencies, consent dependencies, claims limits, correction pathway, recall pathway, and archive reference. **37.9.5 No Public-Good Legitimacy Transfer.** Enterprise actors shall not claim that use of Foundry architecture, public-good baseline, Marketplace listing, Registry record, Studio package, TRL input, Nexus Universe participation, Council participation, sponsor support, provider contribution, National Portfolio inclusion, or handoff package creates Nexus approval, GRF recognition, GCRI validation, GRA readiness, public authority approval, procurement status, financeability, insurability, consent, deployment authorization, or execution authority. **37.9.6 Enterprise Feedback.** Enterprise extensions may generate feedback on implementation constraints, support issues, data problems, cyber risks, public authority dependencies, procurement realities, finance and insurance questions, safeguard issues, community concerns, Indigenous protocol concerns where applicable, and correction needs. Such feedback shall enter Foundry through recorded renewal, not private control. **37.9.7 Capture Controls.** Public-good capture shall be prevented through license discipline, transparency, dependency disclosure, provider-neutral interface design, Marketplace claims controls, Registry correction, public-safe review, sponsor-control rules, anti-enclosure rules, national ownership, and correction rights. **37.9.8 Enterprise Extension Formula.** Enterprise extension shall follow the formula: **permit lawful use; preserve public-good baseline; disclose modifications; separate support and liability; prevent claims transfer; route feedback; never let enterprise extension capture public-good meaning.** *** ### 37.10 Architecture Record and Version Control **37.10.1 Architecture Record Principle.** Every material element of the Reference Architecture shall be record-bearing and version-controlled. Architecture shall not evolve through informal slides, conversations, repository drift, undocumented platform changes, untracked AI prompts, silent schema changes, or event-driven improvisation. Architecture meaning shall exist by record. **37.10.2 Architecture Record Classes.** Architecture Records may include Reference Architecture Records, Object Model Records, Schema Records, API Records, Connector Records, Agent Pattern Records, Dashboard Pattern Records, Studio Pattern Records, Marketplace Metadata Records, Registry Structure Records, Compute Architecture Records, Data Architecture Records, AI Workflow Records, Edge Architecture Records, Security Architecture Records, National Profile Records, Release Architecture Records, Support Architecture Records, Correction Architecture Records, and Archive Architecture Records. **37.10.3 Version Control Requirements.** Architecture records shall identify version, effective date, steward, source basis, affected objects, affected systems, affected national profiles, affected Marketplace/Registry/Studio surfaces, dependencies, compatibility notes, migration notes, support implications, correction history, supersession, withdrawal, retirement, archive status, and prohibited interpretations. **37.10.4 Change Control.** Material architecture changes shall be reviewed before adoption. Changes affecting data classes, public authority boundaries, finance-readiness boundaries, procurement neutrality, consent boundaries, AI workflows, security posture, support status, Marketplace display, Registry status, Studio runtime, national routing, handoff packages, or public-safe language shall require heightened review. **37.10.5 Compatibility and Migration.** Version changes shall identify backward compatibility, forward compatibility, migration requirements, deprecated fields, replaced objects, affected Packs, affected Connectors, affected Dashboards, affected Agents, affected Studio packages, affected Marketplace listings, affected Registry records, affected National Profiles, and affected handoff packages. **37.10.6 No Silent Supersession.** Architecture shall not be silently superseded. Where a pattern, schema, API, record class, workflow, Pack, release class, support class, or boundary rule changes materially, affected users and records shall be updated, corrected, migrated, restricted, or archived as appropriate. **37.10.7 Architecture Archive.** Superseded architecture shall be archived with its prior status, use period, affected outputs, correction history, migration notes, public-safe implications, support implications, and future-use restrictions. Archived architecture shall not be cited as current unless reinstated by record. **37.10.8 Architecture Record Correction.** Architecture records shall be corrected where version lineage is wrong, dependencies are missing, migration guidance is incomplete, public-safe meaning changes, national profiles are affected, support status is misstated, or architecture is used as approval, certification, procurement, finance, consent, deployment, or execution authority. **37.10.9 Final Reference Architecture Formula.** The controlling Foundry Reference Architecture Formula is that **Reference Architecture makes Foundry production reusable, modular, record-bearing, public-good-rooted, nationally localizable, support-aware, correctionable, and archivable across Foundry, Core Build, Universe, Network, Observatory, Studio, Marketplace, and Registry; it functions as a control surface for records, workflows, review, release, support, localization, and handoff, not as execution authority; it preserves temporary-stack/permanent-rail discipline, open technical baselines, enterprise extension without public-good capture, and version-controlled architecture records so that public-good production can scale without becoming approval, certification, procurement preference, financeability, insurability, public authority action, consent, deployment authorization, or execution by implication.** ## 38. Control Plane ### 38.1 Control Plane Definition **38.1.1 Control Plane Identity.** The **Foundry Control Plane** shall be the governance, policy, identity, routing, access, configuration, naming, certificate, key, observability, incident, and teardown layer through which Nexus Foundry controls how systems, users, agents, services, workloads, data, compute, Studio runtime packages, Marketplace surfaces, Registry surfaces, Observatory Nodes, Edge Environments, release pipelines, secure rooms, clean rooms, no-download environments, National Nodes, Regional Clusters, Dense Cores, and handoff-preparation pathways are authorized, connected, changed, monitored, restricted, corrected, and retired. The Control Plane shall govern the movement and permissions of work; it shall not create public authority, finance, procurement, consent, deployment, or execution authority by implication. **38.1.2 Control Plane Purpose.** The Control Plane shall ensure that Foundry systems operate through recorded policy rather than informal access, ad hoc configuration, hidden provider defaults, untracked service names, uncontrolled certificates, orphaned keys, unmanaged permissions, silent routing changes, AI-agent tool drift, dashboard drift, Studio runtime drift, Marketplace and Registry status drift, or execution by technical possibility. It shall be the operational expression of validity-by-record, Zero Trust, public-good firewall, non-execution, correctionability, national routing, and stack separation. **38.1.3 Control Plane Scope.** The Control Plane shall apply to identity, access, permissions, routing, policy enforcement, workload admission, service discovery, naming, configuration, change control, secrets, certificates, keys, agent permissions, tool permissions, data-access policies, compute allocation, release gates, Marketplace workflow controls, Registry update controls, Studio runtime controls, Observatory Node controls, Edge synchronization controls, secure-room controls, no-download controls, clean-room controls, and teardown controls. **38.1.4 Control Plane as Internal Governance Infrastructure.** The Control Plane shall be an internal governance and technical control layer. It may decide whether a workload can run within Foundry, whether a user has access to a data room, whether an agent may use a tool, whether a service may discover another service, whether a configuration may change, whether a certificate should be issued, whether a release pipeline can proceed, or whether a runtime must be suspended. It shall not decide whether a public authority has approved a project, whether finance should be provided, whether procurement should occur, whether a community has consented, whether a system may be deployed, or whether execution is authorized. **38.1.5 Control Plane Records.** Material Control Plane actions shall be record-bearing. Control Plane records may include identity records, access records, policy records, route records, permission records, change records, configuration records, service-discovery records, naming records, certificate records, key records, observability records, incident records, teardown records, revocation records, and archive records. **38.1.6 Control Plane Separation.** The Control Plane shall be separated from the data plane, execution plane, public authority plane, finance plane, procurement plane, consent plane, and enterprise implementation plane. It may govern how Foundry resources are used; it shall not become the actor that uses Foundry outputs for real-world authority or execution. **38.1.7 Control Plane Boundary.** A Control Plane approval, route, policy, permission, configuration, certificate, key, service name, workload admission, or runtime authorization shall not constitute recognition, certification, public authority approval, procurement preference, financeability, insurability, community consent, Indigenous consent where applicable, deployment authorization, operational command, or execution authority. **38.1.8 Control Plane Formula.** The Control Plane shall operate according to the formula: **policy before permission; identity before access; route by record; change by review; configure by version; name by registry; secure by keys and certificates; observe without surveillance; correct drift; tear down what should not persist; never let technical control become legal or execution authority.** *** ### 38.2 Identity-Aware Control **38.2.1 Identity-Aware Control Principle.** **Identity-Aware Control** shall ensure that every material action in Foundry is conditioned on who or what is acting, in what role, under what authority, in what environment, on what object, with what data class, through what workflow, and for what purpose. No user, service, workload, agent, connector, dashboard, repository, device, Edge Node, Studio package, Marketplace steward, Registry steward, or compute job shall be treated as trusted merely because it is inside a network, platform, organization, room, event, or national environment. **38.2.2 Identity Subjects.** Identity-aware control shall apply to human users, service accounts, AI agents, automation workflows, workload identities, device identities, repository identities, connector identities, dashboard identities, Studio runtime identities, Marketplace workflow identities, Registry update identities, Edge device identities, Observatory Node identities, secure-room identities, clean-room identities, no-download identities, National Node identities, and privileged administrator identities. **38.2.3 Identity Attributes.** Identity-aware control may use attributes including role, affiliation, National Node relationship, Guild relationship, Competence Cell relationship, Working Group relationship, Council relationship, maintainer status, reviewer status, steward status, training completion, confidentiality status, conflict status, access class, data class authorization, jurisdiction, environment, workload purpose, support role, correction role, and expiry status. **38.2.4 Identity-Aware Policy Record.** Each material identity-aware policy shall have a record identifying policy name, subject class, resource class, permitted actions, prohibited actions, required attributes, data classes, environment classes, approval requirements, review period, expiry rule, revocation trigger, correction pathway, archive rule, and prohibited interpretations. **38.2.5 Contextual Access.** Access shall be evaluated in context. A person authorized to work on public documentation shall not thereby access restricted datasets. A public authority learner shall not thereby receive operational access. A provider contributor shall not thereby review its own validation-sensitive object. A sponsor participant shall not thereby receive confidential national data. An AI agent authorized for drafting shall not thereby receive tool execution rights. **38.2.6 Identity-Aware Agent Control.** AI agents and automated workflows shall operate under explicit identities, not hidden or generic system status. Agent identity shall determine tool permissions, data access, logging where appropriate, human approval points, output review, shutdown triggers, and correction pathways. An agent shall not inherit unrestricted authority from its human requester. **38.2.7 Identity Drift Control.** Identity records shall be updated when roles change, projects close, affiliations change, conflicts arise, training expires, access purpose ends, National Node relationship changes, employment changes, support obligations end, or incidents occur. Identity drift shall trigger review and correction. **38.2.8 Identity-Aware Boundary.** Identity-aware control grants technical access under conditions. It does not appoint institutional authority, create reviewer authority, create maintainer authority, approve public authority use, validate providers, create procurement status, create financeability, grant consent, authorize deployment, or permit execution. **38.2.9 Identity-Aware Control Formula.** Identity-Aware Control shall follow the formula: **know the actor; know the role; know the context; bind permissions to purpose; expire access; correct identity drift; never let identity or affiliation become authority beyond record.** *** ### 38.3 Routing and Policy Control **38.3.1 Routing and Policy Control Principle.** **Routing and Policy Control** shall govern how Foundry work, records, data, workflows, objects, alerts, outputs, review requests, Marketplace candidates, Registry updates, Studio packages, Observatory signals, Edge telemetry, National Portfolio items, readiness questions, safeguard issues, public-safe materials, and handoff packages move through Foundry pathways. Routing shall be policy-driven, record-bearing, and correctionable. **38.3.2 Routing Scope.** Routing and policy control shall apply to intake routing, triage routing, review routing, national routing, regional routing, Guild routing, Competence Cell routing, Council routing, Marketplace routing, Registry routing, Studio routing, Observatory routing, Edge-to-Network routing, release routing, support routing, correction routing, incident routing, teardown routing, archive routing, and handoff routing. **38.3.3 Policy Classes.** Foundry policy classes may include data policy, access policy, compute policy, AI workflow policy, public-safe policy, safeguard policy, national routing policy, release policy, support policy, Marketplace policy, Registry policy, Studio policy, Edge policy, observability policy, security policy, incident policy, retention policy, archive policy, and handoff policy. **38.3.4 Routing Record.** A Routing Record shall identify item routed, source, destination, routing basis, policy applied, data class, risk class, national relevance, safeguard relevance, public-safe relevance, required review, responsible steward, route conditions, route expiry or review date where applicable, correction pathway, archive rule, and prohibited interpretations. **38.3.5 Policy Evaluation.** Policy control shall evaluate whether an item may proceed, pause, route to review, route to National Node, route to secure room, route to compute-to-data, route to public-safe review, route to safeguards review, route to readiness review, route to Marketplace review, route to Registry update, route to Studio preparation, route to handoff review, route to non-continuation, or route to archive. **38.3.6 National Routing Priority.** Where country relevance exists, routing policy shall preserve national ownership and anti-bypass architecture. Global or regional workflows shall not route country-relevant materials directly to public-facing release, Marketplace display, enterprise handoff, or execution-adjacent pathways without national routing where required. **38.3.7 Routing Without Approval.** Routing an item to a pathway shall not approve the item. Routing to Marketplace review is not listing. Routing to Registry review is not status. Routing to Studio preparation is not runtime authorization. Routing to readiness review is not financeability. Routing to a National Node is not national approval. Routing to handoff review is not handoff approval. **38.3.8 Policy Drift Correction.** Routing and policy records shall be corrected where items are misrouted, policies are stale, national routing is bypassed, safeguards are missed, public-safe review is skipped, AI workflows exceed scope, Marketplace or Registry routing creates overclaim, or handoff routing implies execution. **38.3.9 Routing and Policy Control Formula.** Routing and Policy Control shall follow the formula: **route by policy; record the route; escalate risk; preserve national pathways; distinguish routing from approval; correct misrouting; never let pathway movement become authority.** *** ### 38.4 Access and Permission Control **38.4.1 Access and Permission Control Principle.** **Access and Permission Control** shall govern which identities may see, read, write, execute, approve, review, publish, list, register, activate, revoke, correct, archive, or administer Foundry resources. Permissions shall be explicit, least-privilege, purpose-bound, environment-bound, revocable, reviewable, and sensitive to data, public-safe, safeguard, national, and role boundaries. **38.4.2 Permission Classes.** Permission classes may include view, comment, edit, contribute, submit, review, approve-for-next-stage, maintain, release, publish, list, register, activate Studio runtime, access secure room, access clean room, access no-download room, run compute, run AI workflow, use tool, administer identity, administer secrets, administer certificates, administer Registry, administer Marketplace, administer Studio, administer release pipeline, correct, restrict, suspend, delete where allowed, seal, archive, and teardown. **38.4.3 Permission Record.** A Permission Record shall identify identity, resource, permission class, environment, data class, workflow class, approval basis, duration, conditions, review date, revocation trigger, logging requirement where appropriate, correction pathway, archive rule, and prohibited interpretations. **38.4.4 Separation of Permissions.** Permissions shall be separated where role collapse risk exists. A contributor may submit but not approve. A reviewer may review but not release unless separately authorized. A release steward may release but not alter source evidence improperly. A Marketplace steward may manage listing workflows but not create certification. A Registry steward may update status records but not create status without source records. A Studio steward may activate runtime only under Studio authorization. **38.4.5 Sensitive Permission Controls.** Permissions involving restricted data, sovereign data, public authority-sensitive data, community-sensitive data, Indigenous-sensitive data where applicable, health data, cyber data, infrastructure-sensitive data, secure rooms, clean rooms, no-download environments, AI agents, privileged tools, release pipelines, Registry records, Marketplace listings, and Studio runtime shall require heightened review. **38.4.6 Permission Expiry.** Permissions shall expire when purpose ends, role ends, support duty ends, review duty ends, Core Build cycle closes, Nexus Universe cycle closes, project closes, data permission expires, handoff closes, incident occurs, conflict appears, or authorization is withdrawn. **38.4.7 Permission Without Authority Overclaim.** Permission to access or operate a Foundry technical resource shall not create institutional authority, public authority approval, procurement authority, finance authority, consent authority, deployment authority, or execution authority. Permission is technical and workflow-bounded. **38.4.8 Permission Correction.** Permissions shall be corrected, reduced, suspended, or revoked where overbroad access exists, role changes, data class changes, conflict appears, misuse occurs, support lapses, orphaned accounts remain, or permission is used to imply approval or execution. **38.4.9 Access and Permission Formula.** Access and Permission Control shall follow the formula: **grant only what is needed; separate submit, review, release, and administer; expire permissions; revoke on drift; never let permission become approval or execution.** *** ### 38.5 Change Control **38.5.1 Change Control Principle.** **Change Control** shall govern material changes to Foundry systems, policies, configurations, records, schemas, APIs, connectors, agents, dashboards, Studio runtime packages, Marketplace workflows, Registry structures, release pipelines, compute environments, data workflows, AI workflows, security controls, national profiles, support classes, public-safe language, and handoff templates. Change shall be proposed, reviewed, recorded, tested where appropriate, approved within scope, implemented, monitored, correctable, and archivable. **38.5.2 Change Classes.** Change classes may include minor change, documentation change, schema change, API change, configuration change, access-policy change, security change, data-classification change, AI workflow change, model change, agent tool-permission change, Studio runtime change, Marketplace metadata change, Registry structure change, release pipeline change, dashboard change, National Profile change, support-status change, public-safe language change, and emergency change. **38.5.3 Change Record.** A Change Record shall identify change request, object or system affected, change class, reason, proposer, reviewer, approver within scope, affected records, affected users, affected data classes, public-safe implications, safeguard implications, security implications, national implications, Marketplace/Registry/Studio implications, rollback plan, implementation date, validation method, correction pathway, archive rule, and prohibited interpretations. **38.5.4 Review Requirements.** Change review shall be proportionate to risk. Changes affecting security, data residency, AI agents, tool permissions, public authority-facing materials, finance-facing materials, procurement-sensitive workflows, community or Indigenous-sensitive materials where applicable, public-safe outputs, Marketplace status, Registry truth, Studio runtime, release pipelines, or handoff packages shall require heightened review. **38.5.5 Emergency Change.** Emergency changes may be made to contain incidents, close access, rotate secrets, suspend systems, withdraw releases, freeze Registry status, suspend Marketplace listings, pause Studio runtime, disconnect Edge systems, or prevent harm. Emergency changes shall be recorded as soon as practicable, reviewed after implementation, and corrected where overbroad or incomplete. **38.5.6 Change Without Silent Supersession.** Change shall not silently supersede architecture, records, public-safe language, support status, release status, Marketplace metadata, Registry status, Studio conditions, or national profiles. Affected records shall be updated, migrated, restricted, or archived as appropriate. **38.5.7 Change Rollback and Correction.** Material changes shall include rollback or correction pathways. Where rollback is impossible, records shall state why, what compensating controls apply, what users are affected, and what archive or notice is required. **38.5.8 Change Control Boundary.** Approval of a change within Foundry shall not create external approval, certification, procurement preference, financeability, public authority approval, consent, deployment authorization, or execution authority. It approves only the internal change under recorded conditions. **38.5.9 Change Control Formula.** Change Control shall follow the formula: **propose with reason; review by risk; record impact; implement with rollback; update dependent records; correct failed changes; never let change become silent authority.** *** ### 38.6 Configuration Control **38.6.1 Configuration Control Principle.** **Configuration Control** shall govern the settings, parameters, environment variables, policies, feature flags, workflow definitions, AI prompts, agent configurations, tool permissions, service routes, access controls, data connectors, dashboard settings, compute settings, Studio runtime settings, Marketplace settings, Registry settings, release settings, and Edge settings that determine how Foundry systems behave. **38.6.2 Configuration Classes.** Configuration classes may include infrastructure configuration, security configuration, access configuration, data configuration, AI workflow configuration, agent configuration, prompt configuration, connector configuration, API configuration, dashboard configuration, Studio configuration, Marketplace configuration, Registry configuration, release configuration, observability configuration, Edge configuration, secure-room configuration, clean-room configuration, no-download configuration, and teardown configuration. **38.6.3 Configuration Record.** A Configuration Record shall identify configuration item, version, environment, steward, purpose, values or controlled reference where appropriate, sensitivity class, dependencies, change history, approval basis, validation method, rollback method, public-safe implications, security implications, correction pathway, archive rule, and prohibited interpretations. **38.6.4 Configuration as Code Where Appropriate.** Configuration should be managed as code or controlled records where feasible, especially for infrastructure, access policies, release pipelines, AI workflows, agent permissions, service routing, Marketplace metadata structures, Registry schemas, Studio runtime policies, and Edge synchronization. Manual configuration shall be minimized or recorded where material. **38.6.5 Environment Separation.** Configuration shall distinguish development, test, simulation, secure-room, clean-room, no-download, Studio, staging, release, public-safe, national, regional, production, archive, and teardown environments. Configuration from one environment shall not be copied into another without review. **38.6.6 Configuration Drift Control.** Configuration drift shall be detected, recorded, reviewed, corrected, or accepted by record. Drift may include unauthorized setting changes, undocumented feature flags, prompt changes, tool-permission expansion, stale connectors, route changes, dashboard display changes, or access policy drift. **38.6.7 Configuration Boundary.** A configuration that enables technical behavior shall not authorize substantive use. Configuring a connector does not authorize data access. Configuring an agent does not authorize autonomous action. Configuring Studio does not authorize decision authority. Configuring a deployment unit does not authorize deployment. **38.6.8 Configuration Correction.** Configuration shall be corrected where settings are wrong, drift occurs, permissions expand, security weakens, public-safe language changes, AI behavior changes, national routing is bypassed, Marketplace/Registry/Studio status is affected, or configuration is used to imply authority. **38.6.9 Configuration Control Formula.** Configuration Control shall follow the formula: **version configurations; separate environments; manage as code where feasible; detect drift; correct settings; never let configuration capability become permission to use or execute.** *** ### 38.7 Service Discovery and Naming **38.7.1 Service Discovery and Naming Principle.** **Service Discovery and Naming** shall govern how Foundry services, workloads, APIs, connectors, dashboards, agents, Studio packages, Marketplace objects, Registry records, Observatory Nodes, Edge environments, data services, release services, secure-room services, clean-room services, and National Node services are named, identified, discovered, routed, and retired. Naming shall preserve meaning, prevent confusion, and avoid authority overclaim. **38.7.2 Naming Purpose.** Naming shall make services findable and interoperable while preserving object identity, status truth, version lineage, national context, support status, public-safe meaning, and role boundaries. Names shall not imply approval, certification, public authority status, financeability, procurement status, consent, deployment authorization, or execution. **38.7.3 Service Discovery Record.** A Service Discovery Record shall identify service name, service identifier, object relationship, environment, version, endpoint class, access class, owner or steward, support status, data class, security class, certificate relationship, routing policy, dependency relationship, retirement condition, correction pathway, archive rule, and prohibited interpretations. **38.7.4 Naming Rules.** Names shall be clear, unique within relevant scope, version-aware where needed, environment-aware where needed, non-misleading, public-safe, and bounded. Terms such as official, certified, approved, validated, compliant, finance-ready, procurement-ready, government-ready, consented, deployable, operational, or execution-ready shall not be used unless a separate competent record supports the exact term. **38.7.5 Environment Naming.** Development, test, simulation, Studio, secure-room, clean-room, no-download, staging, release, public-facing, national, regional, archived, deprecated, and retired services shall be named or labeled so users do not confuse non-production, experimental, or archived systems with current supported systems. **38.7.6 National and Regional Naming.** National and regional services shall preserve country, region, language, legal, data-residency, public authority, community, Indigenous protocol where applicable, and support context where relevant. A national name shall not imply government approval unless competent public authority record exists. **38.7.7 Discovery Boundary.** Discoverability of a service shall not grant access, authorize data use, approve runtime, create Marketplace listing, create Registry status, approve Studio activation, assign TRL status, or authorize deployment. Discovery means the service can be identified; use requires separate permission. **38.7.8 Naming Correction.** Service names and discovery records shall be corrected where names mislead, imply authority, hide environment status, obscure support status, conflict with national meaning, create public authority confusion, or allow deprecated services to appear current. **38.7.9 Service Discovery and Naming Formula.** Service Discovery and Naming shall follow the formula: **name precisely; identify environment and status; separate discovery from access; avoid authority words; retire misleading names; never let discoverability become permission or approval.** *** ### 38.8 Certificate and Key Control **38.8.1 Certificate and Key Control Principle.** **Certificate and Key Control** shall govern the issuance, storage, use, rotation, revocation, expiry, recovery, compromise response, archive, and auditability where appropriate of certificates, cryptographic keys, signing keys, encryption keys, API keys, workload identity keys, device keys, service certificates, release signing keys, TLS certificates, token-signing keys, secure-room keys, Edge device certificates, and other trust materials used by Foundry. **38.8.2 Trust Material Purpose.** Certificates and keys shall support authentication, encryption, integrity, non-repudiation within limits, workload identity, device identity, release integrity, service discovery, secure routing, data protection, secure-room controls, Edge security, AI tool access, and Registry / Marketplace / Studio integrity. They shall not create substantive approval beyond technical trust controls. **38.8.3 Certificate and Key Record.** A Certificate and Key Record shall identify trust material class, purpose, issuing authority or system, subject, environment, scope, expiry, storage location class, access roles, rotation rule, revocation pathway, compromise pathway, dependent systems, archive rule, and prohibited interpretations. The secret material itself shall not be exposed in ordinary records. **38.8.4 Issuance Control.** Certificates and keys shall be issued only for recorded purposes and authorized subjects. Issuance shall be least-scope, time-bounded where feasible, environment-specific, and tied to identity records, service records, device records, workload records, or release records. **38.8.5 Release Signing Keys.** Release signing keys shall be protected with heightened controls. Use of a release signing key shall indicate artifact integrity within recorded release process; it shall not certify the object, authorize deployment, approve procurement, create financeability, or validate a provider. **38.8.6 Edge and Device Certificates.** Edge devices, sensors, gateways, Observatory Nodes, and local instrumentation using certificates shall be tied to device identity, location or location class, host, access class, data class, support status, revocation pathway, and teardown rule. Compromised or retired devices shall have certificates revoked. **38.8.7 Key Rotation and Revocation.** Keys and certificates shall be rotated or revoked when expired, compromised, exposed, no longer needed, associated identity changes, service retires, Edge device closes, release authority changes, provider changes, environment tears down, or incident response requires it. **38.8.8 Certificate and Key Boundary.** A valid certificate or key means technical trust within scope. It does not mean institutional approval, public authority approval, data permission, Marketplace approval, Registry approval, Studio authorization, financeability, procurement suitability, consent, deployment authorization, or execution authority. **38.8.9 Certificate and Key Correction.** Certificate and key records shall be corrected where scope is wrong, expiry is missed, keys persist after teardown, certificates are issued to wrong identities, signing keys are misused, trust chains fail, or certificates are used as approval claims. **38.8.10 Certificate and Key Formula.** Certificate and Key Control shall follow the formula: **issue trust material by record; scope narrowly; protect and rotate keys; revoke on drift or compromise; archive trust history; never let cryptographic trust become substantive authority.** *** ### 38.9 Control Plane Observability **38.9.1 Control Plane Observability Principle.** **Control Plane Observability** shall make Foundry’s control systems visible enough to detect drift, misuse, outages, unauthorized change, policy failure, permission expansion, routing anomalies, certificate issues, key issues, configuration drift, agent overreach, release anomalies, Marketplace or Registry anomalies, Studio runtime anomalies, Edge routing failures, and teardown gaps. Observability shall support governance and security; it shall not become unrestricted surveillance. **38.9.2 Observability Scope.** Control Plane observability may include identity events, access events, permission changes, policy decisions, routing events, configuration changes, service discovery events, certificate issuance and expiry, key rotation, release gate events, Registry updates, Marketplace workflow events, Studio activation events, AI tool-permission events, Edge synchronization events, incident alerts, teardown events, and archive actions. **38.9.3 Observability Record.** A Control Plane Observability Record shall identify monitored control class, data captured, purpose, sensitivity class, access roles, retention, alert thresholds, dashboard display rules, privacy controls, public-safe restrictions, national routing implications, correction pathway, archive rule, and prohibited uses. **38.9.4 Drift Detection.** Observability shall detect identity drift, permission drift, policy drift, route drift, configuration drift, certificate drift, key drift, service naming drift, support-status drift, release-status drift, Marketplace-display drift, Registry-status drift, Studio-runtime drift, Edge-synchronization drift, and teardown drift. **38.9.5 Alerting and Escalation.** Alerts shall be routed to appropriate stewards, including security, release, Registry, Marketplace, Studio, National Node, data steward, AI workflow steward, Edge steward, or correction steward, depending on the affected control. Alerting shall not itself create findings until reviewed. **38.9.6 Observability Dashboards.** Control Plane observability dashboards shall be access-controlled and designed to avoid exposing sensitive security, identity, data, public authority, national, provider, community, Indigenous-sensitive, or infrastructure-sensitive information. Dashboard visibility shall not create authority or public status. **38.9.7 Observability Without Surveillance.** Observability shall be lawful, proportionate, purpose-bound, and documented. It shall not be used to monitor contributors, communities, Indigenous participants where applicable, public authority learners, or partners beyond security, governance, support, and correction purposes. **38.9.8 Observability Correction.** Observability records and dashboards shall be corrected where monitoring is too broad, too weak, inaccurate, privacy-invasive, missing critical controls, exposing sensitive information, or being used as audit, certification, public authority, finance, procurement, consent, deployment, or execution evidence beyond scope. **38.9.9 Control Plane Observability Formula.** Control Plane Observability shall follow the formula: **observe controls, not people by default; detect drift; route alerts for review; protect sensitive telemetry; correct monitoring gaps; never let observability become surveillance or certification.** *** ### 38.10 Control Plane Incident and Teardown **38.10.1 Control Plane Incident Defined.** A **Control Plane Incident** shall arise where identity, routing, policy, access, permission, change control, configuration, service discovery, naming, certificates, keys, observability, release controls, Registry controls, Marketplace controls, Studio controls, Edge controls, secure-room controls, or teardown controls fail, drift, are misused, are compromised, or create authority overclaim. **38.10.2 Incident Categories.** Control Plane incidents may include unauthorized access, overbroad permission, misrouting, policy bypass, configuration drift, unauthorized change, service-name confusion, stale service discovery, certificate compromise, key compromise, signing-key misuse, agent permission overreach, Studio activation error, Registry status manipulation, Marketplace listing manipulation, release gate bypass, Edge synchronization failure, observability failure, teardown failure, and archive mislabeling. **38.10.3 Incident Record.** A Control Plane Incident Record shall identify affected control, system, identity, object, data class, route, policy, configuration, certificate, key, service, workflow, or environment; incident category; severity; source; timeline; affected records; affected users; public-safe risk; national routing implications; security implications; containment actions; correction actions; notice requirements; recurrence controls; and archive reference. **38.10.4 Immediate Containment.** Containment may include disabling identities, revoking permissions, closing access, pausing routes, freezing Registry changes, suspending Marketplace workflows, pausing Studio runtime, disabling agents, revoking certificates, rotating keys, freezing releases, isolating services, disabling connectors, stopping Edge synchronization, closing secure rooms, or suspending configurations. **38.10.5 Control Plane Correction.** Correction may include identity update, permission reduction, policy amendment, route correction, configuration rollback, change-control review, service rename, certificate revocation, key rotation, signing-key replacement, observability update, Registry correction, Marketplace correction, Studio correction, Edge correction, release correction, public-safe notice, user notice, training update, and archive annotation. **38.10.6 Teardown Principle.** Control Plane components shall be torn down when purpose ends, environment closes, service retires, certificate expires, key rotates, workflow is withdrawn, Studio package is paused, Marketplace workflow closes, Registry structure is superseded, Edge environment is decommissioned, secure room closes, or national pathway archives. Teardown shall revoke access, remove routes, retire names, revoke certificates, rotate or delete keys, close configurations, update records, and archive state. **38.10.7 Teardown Record.** A Control Plane Teardown Record shall identify component, reason, affected identities, permissions, routes, policies, configurations, services, certificates, keys, logs, records, users, dependent systems, revocation actions, data disposition, public-safe notice where needed, verification, correction pathway, and archive reference. **38.10.8 No Residual Authority.** After teardown, residual names, certificates, keys, routes, permissions, dashboards, Registry references, Marketplace references, Studio references, Edge links, or release artifacts shall not be cited as current authority, current access, current support, current status, current runtime, current deployment authorization, or execution authority. **38.10.9 Final Control Plane Formula.** The controlling Control Plane Formula is that **the Control Plane defines and enforces identity-aware governance, routing, policy, access, permissions, change, configuration, service discovery, naming, certificates, keys, observability, incident response, and teardown across Foundry systems; it makes technical operation record-bearing, reviewable, revocable, and correctionable; but no Control Plane action, permission, certificate, route, configuration, service name, runtime authorization, listing workflow, Registry update, or teardown record creates recognition, certification, public authority approval, procurement preference, financeability, insurability, consent, deployment authorization, operational command, or execution authority by implication.** ## 39. Data Plane ### 39.1 Data Plane Definition **39.1.1 Data Plane Identity.** The **Foundry Data Plane** shall be the governed movement, storage, cataloging, metadata, provenance, data-room, secure-room, compute-to-data, output-review, localization, sovereignty, archive, and closure layer through which data is actually held, processed, transformed, synchronized, reviewed, published, restricted, sealed, deleted, or archived within Nexus Foundry. The Data Plane shall carry data and data-derived outputs; it shall not create authority, consent, approval, deployment authorization, or execution by the mere fact that data moves, exists, is accessible, is computed upon, or is displayed. **39.1.2 Data Plane Relationship to Control Plane.** The Control Plane shall govern policy, identity, access, routing, permission, configuration, certificate, key, and change control. The Data Plane shall operate under those controls by moving, storing, processing, exposing, restricting, sealing, deleting, and archiving data according to record. The Control Plane decides whether an authorized pathway exists; the Data Plane implements that pathway for data. Neither plane shall convert technical capability into public authority, finance, procurement, consent, deployment, or execution effect. **39.1.3 Data Plane Scope.** The Data Plane shall include raw data, derived data, transformed data, aggregated data, synthetic data, telemetry, geospatial data, Earth observation data, IoT and OT data, community-grounded inputs, public authority data, sovereign data, health-sensitive data, infrastructure-sensitive data, protected knowledge, Indigenous-sensitive data or knowledge where applicable, metadata, logs, embeddings, model inputs, model outputs, AI-assisted summaries, dashboards, evidence datasets, public-safe outputs, Marketplace data references, Registry data references, Studio data flows, National Portfolio data, and handoff-related data objects. **39.1.4 Data Plane Purpose.** The purpose of the Data Plane shall be to ensure that Foundry data is handled as a governed public-good input and output, not as an unrestricted commodity. It shall preserve provenance, classification, custody, residency, access control, output review, national routing, public-safe limits, privacy, cybersecurity, community safeguards, Indigenous protocols where applicable, public authority boundaries, support status, correctionability, retention, sealing, deletion, archive, and closure. **39.1.5 Data Plane as Evidence Infrastructure.** The Data Plane shall enable evidence formation, observability, simulation, AI support, Studio workflows, Marketplace context, Registry status truth, National Portfolio production, public authority learning, readiness mapping, safeguard review, public-safe publication, and lawful handoff dependency preparation. It shall not itself certify the evidence, approve the output, validate a provider, authorize procurement, create financeability, grant consent, or permit deployment. **39.1.6 Data Plane Record Discipline.** Material Data Plane activity shall be record-bearing. Data Plane records may include Data Movement Records, Storage Records, Dataset Records, Catalog Records, Metadata Records, Provenance Records, Data Room Records, Secure Room Records, Compute-to-Data Records, Output Review Records, Localization Records, Residency Records, Sovereignty Records, Archive Records, Closure Records, Incident Records, and Correction Records. **39.1.7 Data Plane Boundary.** Data Plane access, storage, movement, processing, synchronization, cataloging, computation, dashboarding, publication, transfer, sealing, deletion, or archive shall not create ownership, unrestricted use rights, model-training rights, publication rights, public authority approval, procurement status, financeability, insurability, community consent, Indigenous consent where applicable, deployment authorization, operational command, or execution authority. **39.1.8 Data Plane Formula.** The Data Plane shall operate according to the formula: **classify before movement; record before reliance; store by jurisdiction and sensitivity; catalog with limits; preserve provenance; compute under controls; review outputs before exposure; localize without bypass; archive without current authority; close data pathways when purpose ends.** *** ### 39.2 Data Movement **39.2.1 Data Movement Principle.** **Data Movement** shall mean any transfer, synchronization, replication, streaming, upload, download, API access, remote query, embedding generation, model inference, dashboard refresh, repository import, export, backup, restore, publication, sharing, handoff, or access-mediated movement of data within or beyond Foundry systems. Data Movement shall be governed before it occurs where classification, custody, residency, public-safe, safeguard, national, or legal sensitivity requires control. **39.2.2 Movement Scope.** Data Movement may occur between Edge Environments, Observatory Nodes, National Dense Nexus Cores, Regional Clusters, Dense Cores, secure rooms, clean rooms, no-download environments, compute-to-data environments, Studio runtime, Marketplace systems, Registry systems, release systems, Academy environments, public authority learning rooms, readiness rooms, capital-reader rooms, National Nodes, National Working Groups, Competence Cells, National Consortium Companies, Project SPVs, or external lawful recipients. **39.2.3 Data Movement Record.** Each material Data Movement Record shall identify source, destination, data object, dataset version, data class, sensitivity class, custody status, residency rule, transfer basis, access method, encryption or transport controls where applicable, recipient, permitted uses, prohibited uses, onward-transfer restriction, output-review requirement, retention rule, deletion or sealing rule, correction pathway, archive rule, and prohibited interpretations. **39.2.4 Movement Before Use Review.** Data shall not be moved merely because it is technically accessible. Movement shall be reviewed for classification, lawful basis or permission where applicable, data residency, custody, national routing, community safeguards, Indigenous protocols where applicable, public authority sensitivity, cyber sensitivity, infrastructure sensitivity, health sensitivity, re-identification risk, AI-use implications, and public-safe downstream use. **39.2.5 Remote Access as Movement.** Remote access, API query, dashboard access, model inference, embedding generation, no-download viewing, or secure-room viewing may constitute meaningful data exposure even if no file is downloaded. Data Movement rules shall apply where classification requires. **39.2.6 Movement Minimization.** Foundry shall prefer minimization, aggregation, local processing, compute-to-data, secure rooms, no-download environments, delayed synchronization, controlled summaries, or output review where raw movement is unnecessary or unsafe. Moving less data shall be preferred where it preserves evidence value while reducing risk. **39.2.7 Prohibited Movement.** Data shall not move where movement would violate law, data steward conditions, residency rules, Indigenous protocols where applicable, community safeguards, public authority restrictions, protected knowledge controls, confidentiality conditions, cyber controls, or public-safe restrictions. Technical convenience shall not override prohibition. **39.2.8 Data Movement Correction.** Data Movement Records shall be corrected where data moved to the wrong destination, classification was wrong, residency was violated, recipient rights were overstated, onward transfer occurred without record, AI inference created unapproved movement, or moved data was used as approval, finance, procurement, consent, deployment, or execution authority. **39.2.9 Data Movement Formula.** Data Movement shall follow the formula: **move only what is needed; move only where allowed; treat remote access as exposure; prefer compute-to-data where sensitive; restrict onward use; correct unauthorized movement; never let movement become permission.** *** ### 39.3 Data Storage **39.3.1 Data Storage Principle.** **Data Storage** shall govern where and how Foundry data is stored, replicated, backed up, cached, indexed, embedded, encrypted, sealed, archived, deleted, or made available for processing. Storage shall be determined by classification, custody, residency, sensitivity, public-good purpose, national routing, access requirements, support requirements, retention rules, and closure rules. **39.3.2 Storage Classes.** Data storage classes may include public storage, controlled-public storage, internal storage, restricted storage, confidential storage, secure-room storage, clean-room storage, no-download storage, compute-to-data storage, sovereign storage, national-only storage, regional storage, edge storage, encrypted storage, sealed storage, archive storage, deletion-pending storage, and legal-hold storage where applicable. **39.3.3 Data Storage Record.** Each material Data Storage Record shall identify data object, storage location, jurisdiction, provider or host where applicable, storage class, encryption posture where applicable, access roles, custody status, residency status, backup status, replication status, retention rule, deletion rule, sealing rule, archive rule, support status, correction pathway, and prohibited uses. **39.3.4 Storage Location Discipline.** Foundry shall not store data in uncontrolled personal drives, unmanaged repositories, informal chat threads, unapproved AI tools, unapproved public cloud locations, unsecured devices, public links, unsupported dashboards, or provider environments that do not satisfy classification and residency requirements. Informal storage shall be treated as a control failure where material. **39.3.5 Backups and Replication.** Backups and replication shall follow the same or stricter classification, residency, custody, access, encryption, retention, and deletion rules as the source data. Backup convenience shall not create unlawful cross-border movement or extended retention. **39.3.6 Embedded and Indexed Storage.** Embeddings, search indexes, vector stores, caches, logs, model inputs, AI memory, analytics stores, dashboard extracts, and derived data stores shall be treated as storage. Sensitive data shall not be embedded, indexed, cached, or retained in systems that are not authorized for the applicable data class. **39.3.7 Storage Without Use Rights.** Storage in a Foundry environment shall not create use permission, publication permission, model-training permission, public authority use, finance-reader use, procurement use, consent, deployment authorization, or execution authority. Storage preserves data under conditions; it does not expand rights. **39.3.8 Storage Correction.** Storage records shall be corrected where data is stored in the wrong jurisdiction, wrong environment, wrong access class, unsupported storage, stale cache, unapproved index, unauthorized backup, or retained beyond purpose. **39.3.9 Data Storage Formula.** Data Storage shall follow the formula: **store by classification; respect jurisdiction; control backups and indexes; encrypt and restrict where needed; delete or seal when purpose ends; never let storage become use permission.** *** ### 39.4 Data Catalogs and Metadata **39.4.1 Catalog and Metadata Principle.** **Data Catalogs and Metadata** shall make Foundry data discoverable, understandable, governable, and reusable within limits by recording what data exists, where it came from, what class it has, who stewards it, what restrictions apply, what quality limits exist, what outputs depend on it, and what lifecycle state governs it. Cataloging shall not make data freely accessible. **39.4.2 Catalog Function.** Data Catalogs may support dataset discovery, provenance review, duplication reduction, National Portfolio formation, Observatory work, DRI and GRIx development, Studio workflow preparation, Marketplace context, Registry references, public authority learning, readiness mapping, support planning, correction, archive, and lawful handoff dependency analysis. **39.4.3 Catalog Record.** A Data Catalog Record shall identify dataset or data object, description, source, steward, jurisdiction, classification, sensitivity, access class, storage location class, residency rule, license or terms, permitted uses, prohibited uses, quality notes, update cadence, lineage, related outputs, support status, retention rule, correction history, archive status, and prohibited interpretations. **39.4.4 Metadata Classes.** Metadata may include descriptive metadata, technical metadata, provenance metadata, rights metadata, custody metadata, residency metadata, access metadata, quality metadata, sensitivity metadata, public-safe metadata, national routing metadata, safeguard metadata, support metadata, correction metadata, and archive metadata. **39.4.5 Metadata Sensitivity.** Metadata itself may be sensitive. Metadata may reveal the existence of protected knowledge, public authority-sensitive information, infrastructure vulnerabilities, community-sensitive issues, Indigenous-sensitive locations or knowledge where applicable, health-sensitive information, cyber-sensitive systems, or national priorities. Catalog display shall be controlled accordingly. **39.4.6 Catalog Access Boundary.** Discoverability in a catalog shall not grant access to the underlying data, authorize movement, approve use, authorize AI processing, permit publication, authorize dashboarding, or create handoff permission. Catalog access means knowledge of existence within limits. **39.4.7 Metadata Quality and Controlled Vocabulary.** Catalog metadata shall use controlled vocabulary where possible, including data class, access class, sensitivity class, public-safe class, support class, custody class, residency class, lifecycle class, and archive class. Inconsistent metadata shall be corrected to prevent semantic drift. **39.4.8 Catalog Correction.** Catalog and metadata records shall be corrected where descriptions are wrong, classification is stale, access class is wrong, source is misidentified, quality is overstated, metadata exposes sensitive existence, or catalog discoverability is used as permission or approval. **39.4.9 Catalog and Metadata Formula.** Data Catalogs and Metadata shall follow the formula: **make data findable without making it open; classify metadata; describe limits; preserve lineage; correct stale catalog entries; never let discoverability become access or authority.** *** ### 39.5 Data Provenance **39.5.1 Data Plane Provenance Principle.** **Data Plane Provenance** shall preserve the source, collection, custody, movement, transformation, computation, review, output, correction, and archive lineage of data as it moves through the Data Plane. Provenance shall be maintained not only at dataset creation but throughout storage, synchronization, computation, output review, publication, Registry reference, Marketplace context, Studio use, national routing, and handoff preparation. **39.5.2 Provenance Scope.** Provenance shall apply to data collected from sensors, public datasets, partner systems, provider systems, public authority systems, community-grounded inputs, Indigenous-sensitive sources where applicable, Earth observation, GIS layers, telemetry streams, AI outputs, simulation outputs, derived datasets, aggregated outputs, public-safe reports, dashboards, and handoff materials. **39.5.3 Data Plane Provenance Record.** A Data Plane Provenance Record shall identify original source, source steward, collection method, collection date or period, permissions or terms, custody chain, movement chain, storage locations, transformation steps, compute environments, AI systems used where applicable, reviewers, output records, downstream dependencies, correction history, archive linkage, and provenance gaps. **39.5.4 Movement Lineage.** Provenance shall record how data moved between environments, including source and destination, transfer method, access method, transformation during movement, aggregation, masking, encryption where applicable, synchronization, cross-border exposure, and recipient restrictions. **39.5.5 Computation Lineage.** Provenance shall record compute workflows, including code or workflow versions where material, model versions, parameters, prompts or workflow class where relevant, tool permissions, input data versions, output identifiers, review status, and limitations. **39.5.6 Provenance Gaps and Restrictions.** Where provenance cannot be fully disclosed due to privacy, security, public authority sensitivity, protected knowledge, Indigenous protocols where applicable, proprietary restrictions, or public-safe concerns, controlled provenance records shall preserve the lineage while restricting public display. Unknown provenance shall restrict downstream use. **39.5.7 Provenance Without Truth Overclaim.** Provenance shall show origin and chain; it shall not prove correctness, completeness, representativeness, public-safe suitability, legal sufficiency, public authority approval, procurement suitability, financeability, consent, deployment readiness, or execution permission. **39.5.8 Provenance Correction.** Provenance shall be corrected where source attribution is wrong, movement chain is incomplete, transformations are undocumented, AI use is omitted, compute environment is misidentified, downstream dependencies are missed, or provenance is used as universal approval. **39.5.9 Data Plane Provenance Formula.** Data Plane Provenance shall follow the formula: **trace data through movement, storage, compute, output, and archive; preserve controlled lineage where public disclosure is unsafe; correct gaps; never let provenance become substantive approval.** *** ### 39.6 Data Rooms and Secure Rooms **39.6.1 Data Room and Secure Room Identity.** **Data Rooms and Secure Rooms** shall be controlled Data Plane environments for viewing, analyzing, comparing, reviewing, transforming, or computing on sensitive data and information under bounded access, confidentiality, output review, no-download controls where applicable, compute-to-data controls where applicable, and archive rules. Data Rooms and Secure Rooms shall enable controlled work without expanding rights or authority. **39.6.2 Data Room Function.** Data Rooms may support evidence review, readiness mapping, public authority learning, finance-reader no-reliance review, insurance-reader no-reliance review, donor-reader review, public finance relevance review, National Portfolio review, public-safe review, safeguard review, handoff dependency review, and controlled collaboration. Data Room access shall not create transaction authority, public authority approval, procurement status, financeability, or consent. **39.6.3 Secure Room Function.** Secure Rooms shall support higher-sensitivity work involving restricted data, sovereign data, public authority-sensitive data, protected knowledge, Indigenous-sensitive knowledge where applicable, health-sensitive data, cyber-sensitive information, infrastructure-sensitive information, confidential provider or partner information, vulnerability information, AI-sensitive workflows, or legal-sensitive information. **39.6.4 Room Record.** Each Data Room or Secure Room shall have a Room Record identifying room class, purpose, data objects, data classes, participating identities, access roles, access duration, permitted actions, prohibited actions, confidentiality terms, no-download rules where applicable, compute-to-data rules where applicable, output-review rules, logging rules where appropriate, retention rules, closure rules, incident pathway, correction pathway, archive rule, and prohibited claims. **39.6.5 Room Access.** Room access shall be role-based, purpose-bound, time-bounded where appropriate, reviewed, and revocable. Access shall not be granted because of sponsor status, provider status, capital-reader status, public authority status, institutional prestige, Nexus Universe attendance, or council participation alone. **39.6.6 Output From Rooms.** Outputs leaving Data Rooms or Secure Rooms shall be reviewed for privacy, re-identification, protected knowledge exposure, Indigenous protocol sensitivity where applicable, public authority sensitivity, cyber sensitivity, infrastructure sensitivity, public-safe meaning, finance or procurement implication, consent implication, handoff implication, and execution implication. **39.6.7 Room Boundary.** Data Room or Secure Room participation shall not create approval, public authority status, investment advice, underwriting, donor commitment, public finance allocation, procurement status, certification, data ownership, publication rights, consent, deployment authorization, or execution authority. **39.6.8 Room Incident and Closure.** Unauthorized access, prohibited download, output leakage, recording breach, AI extraction, overbroad access, data spill, protected knowledge exposure, or public authority-sensitive disclosure shall trigger incident response, access closure, correction, notice where required, and archive. Rooms shall close when purpose ends. **39.6.9 Data Room and Secure Room Formula.** Data Rooms and Secure Rooms shall follow the formula: **bring sensitive data into controlled rooms; restrict access and actions; review outputs; close rooms deliberately; never let room participation become permission, approval, finance, consent, or execution.** *** ### 39.7 Compute-to-Data **39.7.1 Compute-to-Data Principle.** **Compute-to-Data** in the Data Plane shall mean that authorized computation, models, queries, workflows, or analysis are brought to data under controlled conditions rather than exporting raw data to users, external systems, unrestricted environments, or AI tools. It shall be the preferred pattern for sensitive, sovereign, public authority, community, Indigenous where applicable, health, cyber, infrastructure, protected knowledge, and high-risk datasets where raw movement is unnecessary or unsafe. **39.7.2 Compute-to-Data Function.** Compute-to-Data may support aggregation, feature extraction, evidence computation, statistical analysis, geospatial processing, model evaluation, AI-assisted review, simulation preparation, dashboard preparation, Observatory processing, DRI and GRIx analysis, readiness mapping, safeguard review, and public-safe summary generation without exposing raw data. **39.7.3 Compute-to-Data Record.** Each Compute-to-Data Record shall identify data object, source steward, custody status, jurisdiction, data class, approved workloads, approved users or systems, compute environment, tools, models where applicable, prohibited workloads, output-review requirements, export restrictions, retention rules, deletion or sealing rules, incident pathway, correction pathway, archive rule, and prohibited interpretations. **39.7.4 Workload Approval.** Workloads shall be approved before execution. Approved workloads shall state what computation may occur, whether AI may be used, whether embeddings may be created, whether model inference may occur, whether outputs may be exported, and what review must occur before release. **39.7.5 Output-Only Release.** Compute-to-Data shall generally permit only reviewed outputs, aggregates, redacted summaries, public-safe indicators, approved evidence outputs, or approved handoff notes to leave the environment. Raw data extraction shall be prohibited unless separately and lawfully authorized. **39.7.6 AI in Compute-to-Data.** AI workflows in compute-to-data environments shall be authorized and shall not train, fine-tune, retain, embed, export, memorize, or transmit restricted data unless expressly permitted by record. AI outputs shall undergo review where sensitivity or reliance risk exists. **39.7.7 Compute-to-Data Boundary.** Compute-to-Data controls reduce risk; they do not create consent, legal compliance certification, public authority approval, procurement status, financeability, insurability, publication permission, deployment authorization, or execution authority. **39.7.8 Compute-to-Data Correction.** Compute-to-Data records shall be corrected where workloads exceed authorization, outputs are insufficiently reviewed, raw data is exposed, AI use exceeds permission, data steward authority changes, or computed outputs are used as approval, finance, procurement, consent, deployment, or execution claims. **39.7.9 Compute-to-Data Formula.** Compute-to-Data shall follow the formula: **keep raw data in place; approve workloads; compute under controls; review outputs; export only what is permitted; correct leakage; never treat controlled computation as permission or authority.** *** ### 39.8 Output Review **39.8.1 Data Plane Output Review Principle.** **Data Plane Output Review** shall govern the review of data-derived outputs before they leave controlled environments, become public-safe materials, appear in dashboards, enter Marketplace context, support Registry records, run in Studio, inform public authority learning, support readiness mapping, enter finance-reader or insurance-reader rooms, support National Portfolios, or accompany handoff packages. **39.8.2 Output Types.** Data Plane outputs may include raw extracts, transformed datasets, aggregates, indicators, maps, dashboards, charts, telemetry summaries, Earth observation products, GIS layers, model outputs, AI summaries, embeddings, simulation outputs, benchmark outputs, public-safe summaries, Registry references, Marketplace metadata, Studio outputs, readiness notes, safeguard notes, public authority learning materials, and handoff dependency notes. **39.8.3 Output Review Record.** Each material Output Review Record shall identify source data, output type, audience, purpose, environment, data class, sensitivity class, aggregation level, public-safe class, re-identification risk, protected knowledge risk, Indigenous protocol sensitivity where applicable, public authority sensitivity, cyber sensitivity, infrastructure sensitivity, finance/procurement sensitivity, review findings, permitted release, restrictions, notice requirements, correction pathway, archive rule, and prohibited interpretations. **39.8.4 Review Criteria.** Output review shall assess data quality, provenance, classification, custody, residency, aggregation, masking, re-identification, geospatial sensitivity, public-safe meaning, uncertainty, false precision, visualization effects, protected knowledge exposure, community harm, Indigenous protocol concerns where applicable, public authority confusion, finance implication, insurance implication, procurement implication, consent implication, deployment implication, and execution implication. **39.8.5 Output Dispositions.** Output review may result in approved release, approved restricted release, national-only release, secure-room-only release, no-download-only release, aggregate-only release, public-safe revision, redaction, masking, delay, suppression, withdrawal, sealing, deletion, archive, or escalation to safeguard, public-safe, data, legal, national routing, or security review. **39.8.6 Output Without Authority.** An output that passes Data Plane Output Review shall not thereby become official, approved by public authority, certified, procurement-ready, financeable, insurable, consented, deployment-ready, or execution-ready. Output review only determines whether the output may move or be exposed under recorded conditions. **39.8.7 Output Review and Correction.** Output Review Records shall be corrected where review missed sensitivity, output exposed protected knowledge, maps misled, dashboards overstated certainty, AI summaries hallucinated, finance or procurement implications appeared, public authority meaning was overclaimed, or outputs were used as authority. **39.8.8 Output Review Formula.** Data Plane Output Review shall follow the formula: **review before release; assess sensitivity and meaning; restrict unsafe outputs; state limits; correct exposed outputs; never let output review become substantive approval.** *** ### 39.9 Data Plane Localization and Sovereignty **39.9.1 Localization and Sovereignty Principle.** **Data Plane Localization and Sovereignty** shall ensure that country-relevant data, national data, public authority data, community-sensitive data, Indigenous data or knowledge where applicable, infrastructure data, health data, geospatial data, and national portfolio data are processed, stored, moved, cataloged, reviewed, published, and archived in ways that respect national ownership, lawful data controls, source-steward conditions, public authority boundaries, community safeguards, Indigenous protocols where applicable, and public-good interoperability. **39.9.2 Localization Purpose.** Localization shall adapt Data Plane operations to national and local contexts without silently forking the common rail. It shall enable national language, legal classification, data residency, public authority structures, source-steward rules, community context, Indigenous protocols where applicable, accessibility needs, infrastructure realities, and lawful handoff dependencies while preserving lineage, controlled vocabulary, correction pathways, and public-safe boundaries. **39.9.3 Localization Record.** A Data Plane Localization Record shall identify data object, country or jurisdiction, national pathway, localization changes, language changes, legal or policy context, residency rule, custody rule, public authority dependencies, community safeguard conditions, Indigenous protocol conditions where applicable, access class, output-review rule, Marketplace/Registry/Studio implications, correction pathway, archive rule, and prohibited interpretations. **39.9.4 Sovereignty Controls.** Sovereignty controls may require national-only storage, sovereign compute, national data steward approval, public authority conditions, compute-to-data, no-download access, secure-room handling, cross-border transfer prohibition, localized catalog visibility, restricted metadata, national archive, national deletion, or national sealing. **39.9.5 Localization Without Bypass.** Global or regional Data Plane operations shall not bypass National Nexus Nodes or national data controls where country relevance exists. Regional aggregation and global reporting shall preserve national restrictions, public-safe limits, and most-restrictive applicable safeguards. **39.9.6 Commons Compatibility.** Localized data structures should remain compatible with Foundry Data Commons, common schemas, controlled vocabularies, public-good indicators, Observatory templates, Registry structures, and Marketplace metadata where feasible. Localization may add national profile fields without erasing common identifiers and provenance. **39.9.7 Sovereignty Without Isolation or Capture.** Data sovereignty shall not be used as a pretext for elite capture, opacity, provider lock-in, exclusion, uncorrectable records, or suppression of public-safe correction. Sovereign data controls shall protect lawful rights and national ownership while preserving accountability and correctionability. **39.9.8 Localization and Sovereignty Correction.** Localization and sovereignty records shall be corrected where national context is wrong, residency controls fail, cross-border movement occurs without review, metadata exposes sensitive national information, common rail is silently forked, or sovereignty language is used to imply government approval, consent, deployment, or execution. **39.9.9 Data Plane Localization Formula.** Data Plane Localization and Sovereignty shall follow the formula: **localize data pathways nationally; preserve common lineage; restrict cross-border exposure; respect source stewards and protocols; prevent national bypass; correct sovereignty drift; never let localization become approval or gatekeeping abuse.** *** ### 39.10 Data Plane Archive and Closure **39.10.1 Archive and Closure Principle.** **Data Plane Archive and Closure** shall ensure that Data Plane pathways, datasets, data rooms, secure rooms, storage locations, movement channels, catalogs, metadata records, provenance chains, compute-to-data environments, output-review records, localized data profiles, and sovereignty records are closed, sealed, deleted, restricted, archived, or renewed when their purpose ends or their status changes. Data Plane activity shall not persist by inertia. **39.10.2 Closure Triggers.** Data Plane closure may be triggered by project completion, Core Build completion, Nexus Universe cycle completion, data permission expiry, source-steward withdrawal, retention expiry, public-safe risk, data incident, national non-continuation, support lapse, handoff completion, secure-room closure, clean-room closure, compute-to-data closure, cross-border transfer termination, dataset supersession, dashboard retirement, Registry correction, Marketplace delisting, Studio pause, or archive decision. **39.10.3 Data Plane Closure Record.** A Data Plane Closure Record shall identify data object or pathway, closure reason, affected systems, affected users, storage disposition, movement channel closure, access revocation, credential revocation, output disposition, catalog update, metadata update, provenance update, retention action, deletion action, sealing action, archive class, notice requirement, verification, correction pathway, and prohibited claims. **39.10.4 Closure Actions.** Closure may include stopping streams, disabling APIs, revoking access, closing data rooms, closing secure rooms, disabling no-download rooms, closing compute-to-data environments, deleting temporary extracts, sealing sensitive datasets, updating catalogs, marking metadata non-current, correcting Registry references, correcting Marketplace context, pausing Studio use, withdrawing dashboards, rotating credentials, and archiving provenance. **39.10.5 Archive Classes.** Data Plane archive classes may include dataset archive, movement archive, storage archive, catalog archive, metadata archive, provenance archive, data-room archive, secure-room archive, compute-to-data archive, output-review archive, localization archive, sovereignty archive, incident archive, sealed archive, deletion-verification archive, and institutional-memory archive. **39.10.6 No Current Authority From Archive.** Archived Data Plane records, datasets, catalogs, dashboards, outputs, room records, compute-to-data records, movement records, or localized profiles shall not be cited as current evidence, current data access, current public-safe output, current Marketplace context, current Registry support, current Studio source, current readiness basis, current public authority learning basis, current handoff package, current consent, deployment authorization, or execution authority unless reinstated by current review and record. **39.10.7 Deletion, Sealing, and Retention Verification.** Closure shall verify deletion, sealing, retention, credential revocation, access closure, and catalog updates where material. Verification shall be recorded. Deletion shall not erase accountability records unless lawful deletion requires it; sealing shall restrict access while preserving necessary memory. **39.10.8 Reinstatement.** A closed or archived Data Plane pathway may be reinstated only by current review confirming classification, custody, residency, permissions, access, security, public-safe status, support, national routing, safeguard conditions, and correction history. Reinstatement shall not occur by copying old data or reopening old access informally. **39.10.9 Data Plane Closure Correction.** Closure and archive records shall be corrected where closure is incomplete, data remains accessible, catalogs remain current by mistake, metadata exposes sensitive existence, deleted data persists in backups, embeddings or indexes remain active, or archive is used as current authority. **39.10.10 Final Data Plane Formula.** The controlling Data Plane Formula is that **the Data Plane moves, stores, catalogs, describes, proves, rooms, computes, reviews, localizes, sovereignly protects, archives, and closes data under record; data movement is not permission, storage is not use authority, catalog visibility is not access, provenance is not truth certification, room participation is not approval, compute-to-data is not consent, output review is not public authority or finance approval, localization is not national endorsement, and archive is not current status; every Data Plane pathway must remain classified, stewarded, jurisdiction-aware, output-reviewed, nationally routed where relevant, correctionable, closed when purpose ends, and separated from procurement, finance, consent, deployment, and execution by implication.** ## 40. Compute Plane ### 40.1 Compute Plane Definition **40.1.1 Compute Plane Identity.** The **Foundry Compute Plane** shall be the governed processing layer through which Nexus Foundry workloads are built, tested, simulated, analyzed, evaluated, executed within controlled technical environments, supported, released, corrected, retired, and archived. It shall include build compute, high-performance computing, GPU capacity, cloud and hybrid compute, sovereign compute, edge compute, secure compute, simulation compute, digital twin compute, AI-adjacent compute, Studio runtime compute, Observatory compute, Marketplace support compute, Registry support compute, release compute, teardown compute, and archive-support compute. **40.1.2 Compute Plane Relationship to Other Planes.** The Compute Plane shall operate under the Control Plane and in relation to the Data Plane. The Control Plane governs identity, access, policy, routing, permissions, configuration, keys, certificates, and change control. The Data Plane governs data movement, storage, provenance, residency, rooms, output review, localization, sovereignty, archive, and closure. The Compute Plane performs authorized processing within those controls. Compute capacity shall not override data classification, national routing, public-safe review, safeguard requirements, public authority boundaries, finance-readiness boundaries, procurement neutrality, consent boundaries, or non-execution doctrine. **40.1.3 Compute Plane Purpose.** The Compute Plane shall enable Foundry to convert knowledge, data, models, code, simulations, evidence, dashboards, agents, Studio workflows, Observatory signals, National Portfolio needs, and lawful handoff dependencies into reviewable technical outputs. It shall make production possible without making deployment lawful by implication. It shall support public-good capability while preventing infrastructure capture, provider lock-in, unmanaged cost, energy waste, uncontrolled AI use, insecure processing, stale runtime, and execution by technical possibility. **40.1.4 Compute Plane Scope.** The Compute Plane may support code builds, tests, package assembly, CI/CD-like review pipelines, simulations, digital twins, AI evaluation, model inference under controls, data transformation, geospatial processing, evidence computation, dashboard rendering, Studio runtime preparation, Observatory processing, DRI and GRIx computation, secure-room analysis, compute-to-data workloads, release packaging, support diagnostics, vulnerability validation, archive preparation, and teardown verification. **40.1.5 Compute Plane Records.** Material Compute Plane activity shall be record-bearing. Compute records may include Compute Workload Records, Build Compute Records, HPC/GPU Records, Cloud and Hybrid Compute Records, Sovereign Compute Records, Edge Compute Records, Secure Compute Records, Simulation Compute Records, Digital Twin Compute Records, Compute Allocation Records, Quota Records, Usage Records, Cost or Resource Records where applicable, Output Review References, Teardown Records, Incident Records, and Archive Records. **40.1.6 Compute Plane Boundary.** The Compute Plane shall not create substantive authority. A workload that runs successfully, a model that completes inference, a simulation that produces output, a build that passes tests, a dashboard that renders, a package that is generated, a container that is signed, or a Studio runtime that functions shall not create certification, public authority approval, procurement status, financeability, insurability, community consent, Indigenous consent where applicable, deployment authorization, operational command, or execution authority. **40.1.7 Compute Plane Non-Execution.** Compute Plane activity shall remain internal public-good production, controlled demonstration, evidence computation, simulation, analysis, testing, packaging, or support unless a separate lawful actor executes through the correct public authority, procurement, finance, insurance, data, cyber, safeguard, consent, contract, deployment, and operational processes. Technical capability shall not be treated as permission to act in the world. **40.1.8 Compute Plane Formula.** The Compute Plane shall operate according to the formula: **schedule only authorized workloads; allocate scarce compute by public-good need; process data only under classification and residency rules; secure privileged environments; record usage; review outputs; tear down capacity when purpose ends; never let compute success become approval, deployment, or execution.** *** ### 40.2 Build Compute **40.2.1 Build Compute Identity.** **Build Compute** shall be the Compute Plane capacity used to create, compile, assemble, integrate, test, containerize, package, document, scan, validate, and prepare Foundry Objects for review, release, Studio preparation, Marketplace review, Registry reference, support, correction, or archive. Build Compute shall be governed because build environments can create executable artifacts, dependencies, credentials, signatures, and release candidates that may be mistaken for deployment-ready systems. **40.2.2 Build Compute Function.** Build Compute may support software builds, schema validation, API generation, connector testing, agent package preparation, dashboard build pipelines, evidence tool assembly, Observatory module packaging, Studio runtime package preparation, documentation generation, test execution, dependency scanning, software bill-of-materials generation, release-candidate artifact creation, reproducibility checks, and support diagnostics. **40.2.3 Build Compute Record.** Each material Build Compute workload shall have a Build Compute Record identifying object, repository or source, version, build environment, build purpose, workload class, dependencies, secrets handling, artifact outputs, data class if any, test scope, review requirements, support implications, release implications, retention rule, teardown rule, correction pathway, archive rule, and prohibited interpretations. **40.2.4 Build Environment Controls.** Build environments shall be configured by controlled records, separated from production where appropriate, protected from secret exposure, dependency poisoning, unauthorized artifact modification, unsafe package publication, and provider capture. Build environments shall use least privilege and shall not receive access to sensitive data unless required and authorized. **40.2.5 Build Artifacts.** Build artifacts shall be classified before release, publication, Marketplace listing, Registry reference, Studio runtime, public-safe display, national routing, or handoff. An artifact that exists, compiles, passes tests, or runs in a build environment shall remain a build artifact until the competent review and release process changes its status by record. **40.2.6 Build Dependencies.** Build Compute shall record material dependencies, including libraries, container bases, tools, model components, APIs, connectors, data sources, infrastructure templates, signing tools, package registries, and provider services. Unsafe, unsupported, unlicensed, opaque, or provider-capturing dependencies shall be restricted, replaced, disclosed, or reviewed. **40.2.7 Build Secrets and Credentials.** Build Compute shall not expose credentials, keys, tokens, certificates, signing material, cloud secrets, model keys, repository tokens, or secure-room access. Where secrets are required, they shall be injected through approved mechanisms, scoped narrowly, rotated when needed, and excluded from logs and artifacts. **40.2.8 Build Compute Without Release or Deployment.** Build Compute shall not create release status, support status, Marketplace eligibility, Registry status, Studio authorization, TRL status, deployment authorization, or execution authority. Build success is a technical event; institutional meaning requires records, review, release, support, and correction pathways. **40.2.9 Build Compute Correction.** Build Compute records and artifacts shall be corrected where dependencies are unsafe, artifacts are mislabeled, tests are insufficient, secrets are exposed, build configuration is wrong, provenance is incomplete, or build success is used to imply approval, maturity, deployment, or execution. **40.2.10 Build Compute Formula.** Build Compute shall follow the formula: **build under controlled configuration; protect secrets; record dependencies; test within scope; classify artifacts; release only by record; never treat build success as deployment readiness.** *** ### 40.3 HPC and GPU Compute **40.3.1 HPC and GPU Compute Identity.** **HPC and GPU Compute** shall be specialized Compute Plane capacity used for high-intensity workloads requiring accelerated computation, parallel processing, large-scale simulation, AI evaluation, model inference or testing, geospatial processing, digital twins, network modeling, climate and disaster-risk analysis, optimization, cybersecurity simulation, and high-throughput evidence processing. HPC and GPU capacity shall be treated as scarce, expensive, energy-relevant, provider-sensitive, and capture-sensitive. **40.3.2 HPC and GPU Function.** HPC and GPU Compute may support simulation, AI model evaluation, agent testing, benchmark execution, digital twin computation, Earth observation processing, GIS analysis, large-scale data transformation, Observatory processing, DRI and GRIx computation, national dense core workloads, regional cluster workloads, Nexus Universe surge workloads, Frontier Labs experimentation, secure AI evaluation, and Studio preparation. **40.3.3 HPC/GPU Record.** Each material HPC or GPU allocation shall have an HPC/GPU Compute Record identifying workload, object or pathway, compute type, provider or facility, jurisdiction, allocation basis, quota, expected duration, data class, model class where applicable, access roles, security controls, output class, review requirements, support status, teardown rule, correction pathway, archive rule, and prohibited claims. **40.3.4 Scarcity Governance.** HPC and GPU allocation shall be governed by public-good value, evidence need, national relevance, Nexus Universe timing, Core Build urgency, support capacity, safeguard requirements, security requirements, correction needs, role readiness, and lifecycle stage. Allocation shall not be controlled by sponsor funding, provider preference, institutional prestige, media visibility, private commercial interest, or capital-reader pressure. **40.3.5 AI and Model Controls.** HPC and GPU use for AI workloads shall specify whether the workload is training, fine-tuning, inference, retrieval, evaluation, simulation, benchmarking, red-team testing, or agent testing. Sensitive data shall not be used for training, fine-tuning, embedding, or external inference unless separately authorized under data classification, residency, AI workflow, and safeguard records. **40.3.6 Benchmark Limits.** HPC and GPU benchmarking shall be reported only within recorded conditions. Benchmark outputs shall not validate providers, certify models, establish general safety, create procurement preference, prove financeability, support insurance conclusions, or authorize deployment. **40.3.7 Provider and Hardware Neutrality.** Use of GPU or HPC resources from cloud providers, hardware vendors, universities, public labs, sponsors, national facilities, telecom operators, or data centers shall not validate the provider, approve hardware, create preferred status, create Marketplace advantage, create Registry approval, or create procurement implication. Dependencies and exit risks shall be recorded. **40.3.8 Energy, Cost, and Sustainability Awareness.** HPC and GPU workloads shall consider resource intensity, energy use, cost, opportunity cost, and support burden where material. Compute intensity shall be justified by public-good value and evidence need. Wasteful or duplicative high-intensity workloads may be restricted, queued, downgraded, or denied. **40.3.9 HPC/GPU Correction.** HPC/GPU records shall be corrected where allocation was captured, data was misclassified, benchmark claims overreached, model-use terms were violated, outputs were unsafe, energy or cost assumptions were wrong, or compute results were used as certification, procurement, finance, insurance, consent, deployment, or execution claims. **40.3.10 HPC and GPU Compute Formula.** HPC and GPU Compute shall follow the formula: **allocate scarce capacity by public-good need; classify data and models; disclose providers; bound benchmarks; control cost and energy; correct overclaim; never let high performance become high authority.** *** ### 40.4 Cloud and Hybrid Compute **40.4.1 Cloud and Hybrid Compute Identity.** **Cloud and Hybrid Compute** shall be Compute Plane capacity provided through public cloud, private cloud, sovereign cloud, university cloud, research cloud, enterprise cloud, hybrid cloud, multi-cloud, regional cloud, national cloud, cloud-burst capacity, and federated environments used to support Foundry workloads. Cloud and hybrid environments shall be governed because elasticity, convenience, provider terms, jurisdiction, telemetry, logging, and managed services can create hidden dependencies and data risks. **40.4.2 Cloud and Hybrid Function.** Cloud and Hybrid Compute may support builds, tests, dashboards, APIs, connectors, AI inference under controls, simulation, geospatial processing, Observatory workflows, Marketplace and Registry systems, Studio environments, secure-room support, no-download environments, release pipelines, public-safe report hosting, and temporary surge capacity. **40.4.3 Cloud/Hybrid Record.** Each material cloud or hybrid environment shall have a Cloud and Hybrid Compute Record identifying provider or host, region, jurisdiction, workload class, data classes, access roles, managed services used, model services used where applicable, telemetry and logging behavior, backup behavior, residency status, security controls, quota, cost or allocation source where applicable, support status, exit plan, teardown rule, correction pathway, archive rule, and prohibited interpretations. **40.4.4 Cloud Region and Residency Controls.** Cloud workloads shall respect data residency, national routing, public authority conditions, source-steward restrictions, community safeguards, Indigenous protocols where applicable, cross-border transfer controls, backup location, logging location, support access, and provider subcontractor implications. Selecting a cloud region shall not by itself satisfy lawful residency or public authority requirements. **40.4.5 Hybrid Architecture Discipline.** Hybrid compute shall preserve clear boundaries between local, sovereign, regional, public cloud, secure-room, edge, and enterprise environments. Data and workloads shall move between them only under routing, classification, security, and transfer records. Hybrid flexibility shall not become uncontrolled movement. **40.4.6 Cloud Burst Rules.** Cloud burst capacity shall be temporary, quota-bound, purpose-bound, data-class-aware, and teardown-controlled. Cloud burst shall not become permanent unmanaged infrastructure, provider lock-in, sponsor-controlled capacity, or execution surface by drift. **40.4.7 Provider Capture Controls.** Cloud and hybrid providers may supply capacity, credits, tools, engineering support, managed services, AI services, or hosting. Such support shall not control architecture, data, release, Marketplace, Registry, Studio, national routing, public-safe language, readiness language, handoff, procurement meaning, or execution. **40.4.8 Cloud and Hybrid Security.** Cloud and hybrid environments shall apply identity and access controls, privileged access controls, secrets management, encryption where appropriate, network segmentation, workload isolation, logging where appropriate, vulnerability management, dependency review, backup controls, and teardown verification proportionate to risk. **40.4.9 Cloud/Hybrid Correction.** Cloud and hybrid records shall be corrected where region or residency is wrong, managed-service terms change, logs retain sensitive data, provider dependency is hidden, backup violates restrictions, cost or quota is captured, teardown fails, or cloud use is overclaimed as public authority approval, procurement suitability, financeability, or deployment readiness. **40.4.10 Cloud and Hybrid Compute Formula.** Cloud and Hybrid Compute shall follow the formula: **use elastic capacity under record; bind region to residency; disclose managed services; limit provider dependence; tear down temporary capacity; never let cloud convenience become uncontrolled authority.** *** ### 40.5 Sovereign Compute **40.5.1 Sovereign Compute Identity.** **Sovereign Compute** shall be Compute Plane capacity designed, selected, hosted, configured, or restricted to respect national law, data residency, public authority conditions, national ownership, public-sector sensitivity, sovereign data controls, critical infrastructure needs, protected knowledge conditions, Indigenous data sovereignty where applicable, national cyber requirements, and national public-good priorities. **40.5.2 Sovereign Compute Function.** Sovereign Compute may support national data processing, public authority learning materials, National Portfolio development, national simulations, secure dashboards, national AI evaluation under restrictions, national geospatial processing, national observability, national readiness mapping, safeguard review, national Studio preparation, and lawful handoff dependency preparation. **40.5.3 Sovereign Compute Record.** Each Sovereign Compute environment shall have a Sovereign Compute Record identifying jurisdiction, host, provider or facility where applicable, national pathway, legal or data-residency basis, data classes, workload classes, access roles, public authority dependencies, security controls, cross-border restrictions, output-review rules, support status, exit plan, teardown rule, correction pathway, archive rule, and prohibited claims. **40.5.4 National Routing.** Country-relevant Foundry workloads requiring sovereign treatment shall be routed through the appropriate National Nexus Node, National Nexus Consortium, National Working Group, national data-control process, national safeguard process, or public authority learning pathway where applicable. Sovereign Compute shall not be used to bypass national ownership. **40.5.5 Sovereign AI Controls.** AI workloads in sovereign environments shall preserve model-use restrictions, data-use limitations, training prohibitions, inference-location controls, output review, public authority sensitivity, national data sovereignty, and protected knowledge safeguards. Sensitive national data shall not be used to train or improve external models unless separately and lawfully authorized. **40.5.6 Sovereign Provider Neutrality.** Use of a sovereign cloud, national provider, telecom operator, public-sector cloud, national data center, university HPC, or public lab shall not validate the provider, create procurement preference, imply government approval, or establish preferred status. Provider dependencies and exit risks shall be recorded. **40.5.7 Cross-Border Output Controls.** Sovereign Compute shall define what outputs may leave the environment, what must remain in-country, what may be exported only as aggregate or public-safe summaries, what must remain secure-room-only, and what cannot be exported. Cross-border output shall be reviewed. **40.5.8 Sovereign Compute Boundary.** Sovereign Compute use shall not constitute government approval, public authority action, regulatory comfort, procurement approval, public finance allocation, financeability, insurability, community consent, Indigenous consent where applicable, deployment authorization, or execution authority. **40.5.9 Sovereign Compute Correction.** Sovereign Compute records shall be corrected where national routing is bypassed, residency is misapplied, provider dependence is hidden, sensitive outputs leave improperly, public authority meaning is overclaimed, or sovereign hosting is used as approval or deployment claim. **40.5.10 Sovereign Compute Formula.** Sovereign Compute shall follow the formula: **respect jurisdiction; route nationally; keep sensitive workloads where required; control AI and outputs; disclose providers; preserve exit; never convert sovereign hosting into public authority approval.** *** ### 40.6 Edge Compute **40.6.1 Edge Compute Identity.** **Edge Compute** shall be Compute Plane capacity located close to sensors, devices, infrastructure, telecom systems, private wireless systems, O-RAN / AI-RAN environments, communities, field environments, Observatory Nodes, national dense cores, regional clusters, hubs, hotspots, degraded-mode environments, or local validation contexts. Edge Compute shall be governed because proximity to real-world systems creates privacy, cyber, public-safe, operational, surveillance, and execution risks. **40.6.2 Edge Compute Function.** Edge Compute may support local preprocessing, aggregation, filtering, anomaly detection, dashboard preparation, telemetry buffering, degraded-mode operation, sensor validation, local simulation, AI inference under controls, secure local analysis, compute-to-data, public authority learning demonstrations, National Portfolio evidence, and Observatory inputs. **40.6.3 Edge Compute Record.** Each material Edge Compute environment shall have an Edge Compute Record identifying location or location class, host, connected devices or systems, data classes, processing purpose, access roles, network connections, cyber controls, privacy controls, physical security where relevant, national pathway, community and Indigenous considerations where applicable, support status, synchronization rules, teardown rule, correction pathway, archive rule, and prohibited uses. **40.6.4 Edge Data Minimization.** Edge Compute shall prefer local processing, aggregation, minimization, masking, delayed synchronization, and output review where raw data is sensitive, location-sensitive, community-sensitive, Indigenous-sensitive where applicable, infrastructure-sensitive, health-sensitive, public authority-sensitive, or cyber-sensitive. **40.6.5 Edge Operational Boundary.** Edge Compute shall not control infrastructure, operate public systems, issue warnings, direct emergency response, surveil communities, automate field interventions, or execute projects unless a separate competent lawful pathway outside default Foundry operations authorizes such activity. Read-only and analysis functions shall be separated from write or control functions. **40.6.6 Edge Security and Continuity.** Edge Compute shall include device identity, secure configuration, update management where feasible, secrets protection, network segmentation, access control, monitoring where appropriate, incident reporting, fallback operation, degraded-mode rules, synchronization controls, and teardown procedures. **40.6.7 Edge Synchronization.** Edge outputs shall synchronize to National Dense Nexus Cores, Regional Clusters, Observatory Node Grids, Dense Cores, Marketplace, Registry, Studio, or archive only under routing, data classification, output review, public-safe, safeguard, and national routing rules. Synchronization failure shall be marked. **40.6.8 Edge Compute Correction.** Edge Compute shall be corrected, restricted, disconnected, recalibrated, patched, torn down, or archived where cyber risk appears, data risk increases, public-safe risk appears, community concerns arise, Indigenous protocol concerns arise where applicable, support lapses, host conditions change, or edge outputs are used as warning, surveillance, rating, finance, procurement, consent, deployment, or execution signals. **40.6.9 Edge Compute Formula.** Edge Compute shall follow the formula: **process near source; minimize movement; secure devices; separate sensing from control; synchronize with provenance; tear down unsafe edge; never let edge proximity become operational authority.** *** ### 40.7 Secure Compute **40.7.1 Secure Compute Identity.** **Secure Compute** shall be Compute Plane capacity used for sensitive workloads requiring heightened controls, including secure rooms, clean rooms, no-download environments, compute-to-data environments, confidential computing, encrypted processing, restricted repositories, restricted dashboards, cyber labs, vulnerability validation environments, secure Studio sessions, and controlled output-review environments. **40.7.2 Secure Compute Function.** Secure Compute may support analysis of restricted datasets, sovereign data, public authority-sensitive data, protected knowledge, Indigenous-sensitive knowledge where applicable, community-sensitive data, health-sensitive data, cyber-sensitive information, infrastructure-sensitive information, confidential provider or partner materials, vulnerability information, AI-sensitive workflows, and handoff dependency materials. **40.7.3 Secure Compute Record.** Each Secure Compute environment shall have a Secure Compute Record identifying environment class, purpose, data classes, workload classes, access roles, authorization basis, security controls, encryption or isolation controls where applicable, logging rules where appropriate, no-download rules, output-review rules, approved tools, prohibited tools, retention rules, teardown rules, incident pathway, correction pathway, archive rule, and prohibited claims. **40.7.4 Secure Access.** Secure Compute access shall require role readiness, need, authorization, identity verification proportionate to risk, confidentiality obligations, training where required, conflict checks where relevant, and environment-specific controls. Access shall be time-bounded where appropriate and reviewed periodically. **40.7.5 Output Review.** Outputs from Secure Compute shall be reviewed before export, publication, dashboard display, Marketplace context, Registry display, Studio use, public authority learning, readiness review, capital-reader review, insurance-reader review, donor-reader review, public finance review, community-facing communication, Indigenous-facing communication where applicable, or handoff. **40.7.6 No Raw Extraction Rule.** Raw data, protected knowledge, sensitive geospatial layers, secrets, vulnerability details, public authority-sensitive materials, community-sensitive materials, Indigenous-sensitive knowledge where applicable, or confidential materials shall not be extracted from Secure Compute unless expressly authorized and reviewed by record. **40.7.7 Secure Compute Without Assurance Overclaim.** Secure Compute use shall not create cybersecurity certification, privacy certification, legal compliance certification, public authority approval, procurement suitability, financeability, insurability, consent, deployment authorization, or security guarantee. It is a controlled processing environment, not universal assurance. **40.7.8 Secure Compute Incident and Correction.** Unauthorized access, data leakage, output leakage, credential misuse, logging failure, no-download breach, protected knowledge exposure, AI prompt leakage, cyber anomaly, or secure-room protocol breach shall trigger incident response, access closure, correction, notice where required, and archive. **40.7.9 Secure Compute Formula.** Secure Compute shall follow the formula: **restrict sensitive workloads; control users and tools; prevent raw extraction; review outputs; respond to incidents; close environments deliberately; never treat secure processing as approval or consent.** *** ### 40.8 Simulation and Digital Twin Compute **40.8.1 Simulation and Digital Twin Compute Identity.** **Simulation and Digital Twin Compute** shall be Compute Plane capacity used to run scenarios, models, stress tests, digital twins, synthetic environments, infrastructure simulations, climate and disaster-risk simulations, WEFH-B systems models, cyber-physical simulations, AI workflow simulations, network simulations, public authority learning simulations, readiness simulations, Studio simulations, and Nexus Universe or Core Build simulation environments. **40.8.2 Simulation Purpose.** Simulation and Digital Twin Compute shall help Foundry test assumptions, compare scenarios, explore uncertainty, evaluate methods, identify dependencies, generate evidence candidates, support Observatory modules, inform DRI and GRIx context, support public authority learning, test Studio runtime patterns, and identify readiness or safeguard questions. It shall not create forecast certainty, official warning, public authority decision, operational command, finance signal, insurance determination, procurement priority, deployment instruction, or execution mandate. **40.8.3 Simulation Compute Record.** Each material simulation or digital twin workload shall have a Simulation Compute Record identifying purpose, model or twin, version, data sources, assumptions, parameters, compute environment, scenario limits, user roles, output class, uncertainty treatment, sensitivity classification, public-safe restrictions, review requirements, retention rule, teardown rule, correction pathway, archive rule, and prohibited claims. **40.8.4 Digital Twin Boundary.** A digital twin shall be a representational and analytical environment, not the real system. Digital twin outputs shall not control real infrastructure, issue operational commands, determine public authority action, set procurement priorities, establish financeability, determine insurance status, grant consent, authorize deployment, or execute. **40.8.5 Simulation Data Controls.** Simulation involving sensitive data, geospatially sensitive data, infrastructure-sensitive data, public authority-sensitive data, community-sensitive data, Indigenous-sensitive knowledge where applicable, health-sensitive data, cyber-sensitive data, or protected knowledge shall operate under access controls, aggregation, masking, compute-to-data, secure-room controls, and output review where appropriate. **40.8.6 Uncertainty and Assumption Discipline.** Simulation outputs shall state assumptions, data limits, parameter limits, model limits, temporal limits, geographic limits, uncertainty, validation status, and non-decision status. False precision shall be treated as a quality and public-safe issue. **40.8.7 Simulation and Studio.** Simulation Compute used within Nexus Studio shall be governed by Studio runtime records, user classes, data classes, tool permissions, output review, public-safe boundaries, support status, shutdown conditions, and correction pathways. Studio simulation does not create lawful decision authority. **40.8.8 Simulation Teardown.** Simulation environments shall be torn down, restricted, or archived where continuation is not justified, data sensitivity requires closure, support lapses, assumptions become stale, outputs become misleading, or public-safe risk increases. **40.8.9 Simulation Correction.** Simulation and digital twin records and outputs shall be corrected where assumptions are wrong, data changes, model behavior is misunderstood, validation fails, uncertainty is understated, visualizations mislead, sensitive output is exposed, or simulation is used as warning, rating, finance, procurement, consent, deployment, or execution signal. **40.8.10 Simulation and Digital Twin Compute Formula.** Simulation and Digital Twin Compute shall follow the formula: **model reality without becoming reality; record assumptions; show uncertainty; protect sensitive inputs; review outputs; tear down stale twins; never convert simulation into command, approval, or execution.** *** ### 40.9 Compute Scheduling, Quotas, and Usage Records **40.9.1 Scheduling Principle.** **Compute Scheduling, Quotas, and Usage Records** shall govern the allocation, prioritization, admission, queuing, execution, monitoring, limitation, suspension, renewal, revocation, and documentation of Compute Plane workloads. Scheduling shall ensure that compute serves recorded public-good purposes and does not become captured by visibility, sponsorship, provider interest, private advantage, or institutional prestige. **40.9.2 Scheduling Scope.** Scheduling may apply to build jobs, test jobs, AI jobs, inference workloads, simulation runs, digital twin runs, HPC jobs, GPU jobs, cloud burst jobs, sovereign compute workloads, edge workloads, secure compute workloads, compute-to-data workloads, release jobs, dashboard refreshes, Studio sessions, Observatory workloads, DRI and GRIx processing, vulnerability validation jobs, and archive jobs. **40.9.3 Compute Scheduling Record.** A Compute Scheduling Record shall identify workload, requester, object or pathway, compute class, priority class, data class, model class where applicable, national relevance, public-good basis, quota, time window, allowed environment, prohibited environment, dependencies, security controls, output-review requirement, support contact, correction pathway, teardown rule, and prohibited interpretations. **40.9.4 Quota Principle.** Quotas shall allocate scarce compute responsibly across CPU, GPU, memory, storage, network, model tokens, API calls, simulation runs, dashboard refreshes, secure-room sessions, Studio runtime, edge processing, release pipeline capacity, and cloud burst capacity. Quotas shall prevent resource capture, uncontrolled cost, unfair access, provider dependence, energy waste, and unmanaged workload growth. **40.9.5 Quota Allocation Criteria.** Quotas may be allocated based on public-good priority, evidence value, national relevance, Nexus Universe timing, Core Build need, Observatory value, DRI or GRIx need, safeguard urgency, correction urgency, support capacity, security need, role readiness, and lawful data controls. Quotas shall not be allocated solely because of sponsor funding, provider preference, public-stage visibility, seniority, capital-reader interest, or political influence. **40.9.6 Usage Record.** A Compute Usage Record shall identify workload executed, actual resources consumed, duration, environment, users or systems, data class, output identifiers, quota consumed, anomalies, failures, cost or allocation where applicable, support issues, security issues, output review status, correction needs, and archive reference. **40.9.7 Usage Monitoring.** Compute usage may be monitored for quota compliance, cost, energy, security, data restrictions, AI safety, tool permissions, public-safe risk, support burden, and misuse where lawful and appropriate. Monitoring shall be proportionate and shall not become unrestricted surveillance. **40.9.8 Scheduling Suspension and Revocation.** Workloads may be suspended, delayed, rejected, downgraded, restricted, or revoked where authorization is missing, data class is unresolved, residency is violated, safeguards are incomplete, quota is exceeded, security risk appears, support is unavailable, provider capture risk appears, or workload purpose is not public-good justified. **40.9.9 Usage Without Entitlement.** Scheduled compute, quota allocation, and successful usage shall not create entitlement to future compute, ownership of compute, provider validation, procurement status, financeability, public authority approval, consent, deployment authorization, or execution authority. **40.9.10 Scheduling, Quotas, and Usage Formula.** Compute Scheduling, Quotas, and Usage Records shall follow the formula: **admit workloads by record; allocate quotas by public-good need; monitor proportionately; suspend unsafe use; record outputs and consumption; never let compute allocation become entitlement or authority.** *** ### 40.10 Compute Plane Teardown **40.10.1 Compute Plane Teardown Principle.** **Compute Plane Teardown** shall ensure that compute workloads, environments, clusters, build systems, cloud burst resources, GPU allocations, HPC jobs, sovereign compute sessions, edge compute devices, secure compute rooms, simulation environments, digital twins, Studio runtimes, release pipelines, and temporary Nexus Universe or Core Build compute stacks are closed, revoked, dismantled, archived, restricted, or renewed when their purpose ends or their risk status changes. **40.10.2 Teardown Purpose.** Teardown shall prevent temporary compute from becoming unmanaged infrastructure, stale runtime, unsupported dashboard, exposed data store, uncontrolled AI agent, abandoned cloud resource, unmonitored connector, live digital twin, persistent public authority confusion, hidden provider dependency, unnecessary cost, or execution by drift. **40.10.3 Teardown Triggers.** Teardown may be triggered by workload completion, experiment closure, Core Build cycle closure, Nexus Universe cycle closure, quota expiry, support lapse, data permission expiry, security incident, public-safe risk, provider termination, national non-continuation, release withdrawal, Studio pause, Marketplace delisting, Registry correction, handoff completion, archive decision, or failure to renew. **40.10.4 Compute Teardown Record.** A Compute Teardown Record shall identify environment or workload, teardown reason, affected data, affected users, affected services, access revocation, credential revocation, key or certificate revocation where applicable, output disposition, artifact disposition, logs retained where appropriate, data deletion or sealing, cost closure, support impact, public notice needs, residual risks, verification, correction pathway, and archive reference. **40.10.5 Access and Credential Closure.** Teardown shall close user access, service accounts, AI agent identities, API keys, tokens, certificates, SSH keys, cloud roles, model access, data-room access, secure-room access, Studio access, edge access, dashboard access, repository access, and release permissions where applicable. Access shall not persist because it is convenient. **40.10.6 Data and Artifact Disposition.** Teardown shall determine what data is deleted, sealed, returned, retained, archived, aggregated, anonymized, pseudonymized, or transferred under lawful authority. Build artifacts, simulation outputs, model outputs, dashboard outputs, logs where appropriate, release packages, support notes, and correction records shall be archived or destroyed according to classification and lifecycle rules. **40.10.7 Teardown Verification.** Material teardown shall be verified by record. Verification may include confirming resource shutdown, access revocation, credential rotation, data disposition, artifact archive, cost closure, synchronization closure, public-safe notice where required, Registry update, Marketplace update, Studio update, and residual-risk handling. **40.10.8 Teardown Without Erasure of Responsibility.** Teardown shall not erase correction obligations, public-safe notice duties, support duties already created by record, handoff recall obligations, security incident obligations, data incident obligations, or archive obligations. Closing compute closes technical capacity; it does not erase accountability. **40.10.9 Reinstatement After Teardown.** A torn-down compute environment, digital twin, Studio runtime, build pipeline, secure compute room, edge compute environment, or cloud burst environment may be reinstated only by current review confirming purpose, authorization, data classification, access, security, support, public-safe status, national routing, safeguard conditions, and correction history. Reinstatement shall not occur by simply reactivating old infrastructure. **40.10.10 Final Compute Plane Formula.** The controlling Compute Plane Formula is that **the Compute Plane processes authorized Foundry workloads across build compute, HPC, GPU, cloud, hybrid, sovereign, edge, secure, simulation, digital twin, Studio, release, and archive environments; compute is scheduled by record, allocated by public-good priority, bounded by quotas, governed by data and control-plane rules, usage-recorded, output-reviewed, security-controlled, and torn down when purpose ends; no compute workload, successful build, simulation result, AI inference, dashboard render, signed artifact, Studio runtime, sovereign environment, edge device, quota allocation, or teardown record creates certification, public authority approval, procurement preference, financeability, insurability, consent, deployment authorization, operational command, or execution authority by implication.** ## 41. Network Plane ### 41.1 Network Plane Definition **41.1.1 Network Plane Identity.** The **Foundry Network Plane** shall be the governed connectivity, routing, transport, segmentation, peering, exchange, telemetry, monitoring, isolation, demonstration, partner-contribution, national-node, operations, teardown, and archive layer through which Nexus Foundry connects compute environments, data environments, AI workflows, Observatory Nodes, Edge Environments, Dense Cores, Regional Clusters, National Dense Nexus Cores, secure rooms, clean rooms, no-download rooms, Studio runtime environments, Marketplace surfaces, Registry surfaces, Nexus Core Build environments, Nexus Universe arenas, National Nodes, public authority learning rooms, partner contribution environments, and lawful handoff-preparation pathways. The Network Plane shall move packets, signals, telemetry, records, and controlled workloads; it shall not create public authority, finance, procurement, consent, deployment, operational command, or execution authority by the mere existence of connectivity. **41.1.2 Network Plane Purpose.** The purpose of the Network Plane shall be to provide high-performance, secure, segmented, observable, resilient, nationally respectful, provider-neutral, teardown-capable, and correctionable network infrastructure for public-good systems-build work. It shall allow Foundry to support intensive research networking, large data movement, simulation, digital twins, AI evaluation, Observatory synchronization, edge-to-core telemetry, secure compute, controlled demonstrations, public-safe visibility, partner contribution, and National Node exchange without allowing network reachability to become data permission, infrastructure control, surveillance authority, public warning authority, or execution. **41.1.3 Network Plane Relationship to Control, Data, and Compute Planes.** The Network Plane shall operate under the Control Plane, support the Data Plane, and enable the Compute Plane. The Control Plane shall govern identity, policy, permissions, certificates, keys, configuration, change, and routing authority. The Data Plane shall govern what data may move and under what conditions. The Compute Plane shall govern authorized workloads. The Network Plane shall provide connectivity only within those recorded boundaries. Network capability shall not override classification, custody, residency, secure-room controls, national routing, public-safe review, safeguards, consent boundaries, or lawful handoff conditions. **41.1.4 Network Plane Scope.** The Network Plane may include backbone connectivity, switching, routing, peering, research network fabrics, Science DMZ or Research Data Zone patterns, secure compute zones, public demonstration zones, partner contribution zones, National Node exchange zones, operations networks, monitoring and telemetry zones, edge connectivity, cloud connectivity, hybrid connectivity, sovereign connectivity, secure-room connectivity, Studio connectivity, Marketplace and Registry connectivity, release connectivity, archive connectivity, and teardown controls. **41.1.5 Network Plane Records.** Material Network Plane activity shall be record-bearing. Network records may include Network Architecture Records, Zone Records, Route Records, Peering Records, Switching Records, Backbone Records, Research Network Records, Science DMZ / Research Data Zone Records, Secure Compute Zone Records, Public Demonstration Zone Records, Partner Contribution Zone Records, National Node Exchange Records, Operations and Monitoring Records, Telemetry Records, Incident Records, Change Records, Teardown Records, and Archive Records. **41.1.6 Network Plane Boundary.** Connectivity, route availability, peering, successful transfer, dashboard reachability, public demonstration access, partner connection, National Node exchange, telemetry stream, network monitoring, or high-performance research-network access shall not create approval, data rights, public authority action, procurement status, financeability, insurability, provider validation, community consent, Indigenous consent where applicable, deployment authorization, operational command, or execution authority. **41.1.7 Network Plane Non-Execution.** The Network Plane shall remain an enabling technical layer. It may allow environments to communicate, data to move where permitted, workloads to run where authorized, and public-safe demonstrations to be viewed where approved. It shall not operate infrastructure, control field systems, issue warnings, trigger emergency response, approve deployment, execute projects, or substitute for lawful public authority, enterprise, procurement, finance, insurance, consent, or operational processes. **41.1.8 Network Plane Formula.** The Network Plane shall operate according to the formula: **connect only what policy permits; segment by risk; move data only where the Data Plane allows; support compute only where the Compute Plane authorizes; observe networks without surveillance; isolate demonstrations from control; exchange nationally without bypass; tear down connectivity when purpose ends; never let reachability become authority.** *** ### 41.2 High-Performance Research Network Fabric **41.2.1 Research Network Fabric Identity.** The **High-Performance Research Network Fabric** shall be the network capability used by Nexus Foundry to support large-scale research data transfer, simulation, digital twin workloads, geospatial processing, Earth observation workflows, HPC and GPU workflows, AI evaluation, Observatory synchronization, DRI and GRIx computation, national portfolio evidence work, Nexus Core Build surge, Nexus Universe technical operations, Frontier Labs, and public-good technical collaboration requiring higher bandwidth, lower latency, or controlled high-throughput paths. **41.2.2 Research Network Purpose.** The Research Network Fabric shall enable science-grade, engineering-grade, and public-good systems-build workloads without relying on ordinary collaboration networks for high-volume data movement. It may support data-intensive transfers, controlled mirrors, secure movement between Dense Cores and National Dense Nexus Cores, regional cluster synchronization, testbed connectivity, instrumentation feeds, and temporary high-capacity event or arena infrastructure. **41.2.3 Research Network Fabric Record.** Each material Research Network Fabric shall have a Research Network Record identifying purpose, connected environments, bandwidth or capacity class, network provider or host where applicable, routing domain, data classes permitted, prohibited data classes, security controls, access roles, monitoring rules, national routing implications, cross-border transfer implications, peering relationships, support status, teardown rule, correction pathway, archive rule, and prohibited claims. **41.2.4 Science and Public-Good Use Limitation.** Research Network Fabric shall be used for recorded public-good research, evidence, simulation, observability, build, review, training, support, correction, and archive purposes. It shall not be used as a hidden production network for enterprise execution, provider demonstration control, unreviewed public authority operations, unrestricted data transfer, or commercial traffic unless separately and lawfully authorized outside the default Foundry perimeter. **41.2.5 High-Throughput Data Controls.** High-performance transfer shall not weaken data controls. Large data movement shall remain subject to classification, custody, residency, cross-border review, secure-room rules, compute-to-data preference, output review, national routing, and safeguard conditions. Speed shall not become permission. **41.2.6 Temporary Surge Networking.** Nexus Core Build and Nexus Universe may require temporary high-performance networking similar to temporary research-network event fabrics. Such surge networking shall have start conditions, end conditions, access rules, data-class rules, public demonstration separation, teardown, credential revocation, archive, and post-cycle correction. **41.2.7 Research Network Provider Neutrality.** Research-network providers, cloud networks, universities, telecom operators, data centers, equipment vendors, sponsors, or technical contributors may support the fabric. Such support shall not validate the provider, create procurement preference, confer Marketplace recognition, establish Registry approval, or create execution authority. **41.2.8 Research Network Incident and Correction.** Research Network Records shall be corrected where unauthorized transfer occurs, data class is wrong, cross-border movement bypasses review, peering creates exposure, monitoring is insufficient, provider dependence creates capture risk, or high-performance connectivity is used as deployment or execution claim. **41.2.9 High-Performance Research Network Formula.** The Research Network Fabric shall follow the formula: **move science and public-good workloads at scale; preserve classification and residency; separate surge from production; disclose providers; correct unauthorized flow; never let bandwidth become permission or authority.** *** ### 41.3 Backbone, Switching, Routing, and Peering **41.3.1 Backbone Identity.** The **Backbone** shall be the core network connectivity that links Dense Cores, Regional Clusters, National Dense Nexus Cores, Observatory Node Grids, secure zones, research zones, Studio environments, Marketplace and Registry infrastructure, Edge aggregation points, and temporary Core Build or Nexus Universe environments where authorized. The Backbone shall provide controlled reachability, not institutional authority. **41.3.2 Switching and Routing Function.** Switching and routing shall determine how traffic moves between Foundry network segments, zones, environments, services, and exchange points. Routing shall be governed by policy, identity-aware control where applicable, segmentation, data classification, national routing, security posture, service purpose, and teardown state. **41.3.3 Peering Function.** Peering may connect Foundry networks with research networks, cloud networks, national networks, university networks, public-good infrastructure networks, provider contribution networks, National Node networks, regional cluster networks, secure compute networks, or public demonstration networks. Peering shall be governed by record and shall not imply trust, approval, or unrestricted data movement. **41.3.4 Backbone, Switching, Routing, and Peering Record.** Each material network path, route class, or peering relationship shall have a record identifying connected environments, purpose, provider or peer, routing policy, permitted traffic, prohibited traffic, data classes, security controls, segmentation, monitoring rules, failover rules, national or cross-border implications, support status, teardown conditions, correction pathway, archive rule, and prohibited interpretations. **41.3.5 Segmentation by Purpose and Risk.** Routing shall preserve separation among research data zones, secure compute zones, public demonstration zones, partner contribution zones, National Node exchange zones, operations zones, edge zones, Studio zones, Marketplace/Registry zones, release zones, and archive zones. Routes shall not collapse zones because connectivity is convenient. **41.3.6 Peering Without Trust by Default.** Peering shall not create implicit trust. A peered network shall not receive unrestricted access to data, compute, control plane services, secure rooms, Studio runtime, Marketplace administration, Registry administration, public authority learning materials, or national records. Access shall remain separately authorized. **41.3.7 Routing Change Control.** Changes to routing, peering, switching rules, network access control, firewall policy, service exposure, public endpoint exposure, or cross-border path shall be governed by change control and shall be reviewed for data, security, national, public-safe, and safeguard implications. **41.3.8 Backbone and Peering Incidents.** Misrouting, unauthorized peering, route leak, segmentation failure, public exposure, cross-border routing error, insecure switching configuration, DNS or naming error, certificate mismatch, or network-path overclaim shall trigger incident response, route correction, access closure, public-safe review where needed, and archive. **41.3.9 Backbone, Switching, Routing, and Peering Formula.** Backbone, Switching, Routing, and Peering shall follow the formula: **connect by purpose; segment by risk; peer without implicit trust; route by policy; control changes; correct leaks; never let network path become data or execution permission.** *** ### 41.4 Science DMZ / Research Data Zone **41.4.1 Science DMZ / Research Data Zone Identity.** The **Science DMZ / Research Data Zone** shall be a controlled high-performance research data movement zone designed to support large-scale data transfer, instrumentation feeds, simulation inputs, Earth observation products, geospatial processing, AI evaluation datasets, Observatory data flows, DRI and GRIx workflows, public-good research collaboration, and Core Build or Nexus Universe technical surge while maintaining separation from administrative systems, secure rooms, public demonstration zones, and enterprise execution environments. **41.4.2 Research Data Zone Purpose.** The Research Data Zone shall optimize data-intensive public-good workflows without weakening data governance. It may support data transfer nodes, controlled mirrors, research data portals, performance-tuned paths, monitoring appropriate to throughput, data integrity checks, and high-capacity routing for approved research workloads. **41.4.3 Research Data Zone Record.** Each Research Data Zone shall have a Zone Record identifying purpose, connected systems, data transfer nodes, permitted data classes, prohibited data classes, access roles, performance requirements, security controls, monitoring rules, data integrity controls, transfer review requirements, cross-border restrictions, support status, teardown rule, correction pathway, archive rule, and prohibited claims. **41.4.4 Separation From Secure and Public Zones.** The Research Data Zone shall be separated from Secure Compute Zones and Public Demonstration Zones. Data that requires secure-room-only, no-download, compute-to-data-only, sovereign-only, or public authority-sensitive handling shall not be placed in the Research Data Zone unless the zone has been specifically approved for that class and controls are recorded. **41.4.5 Data Transfer Node Discipline.** Data transfer nodes shall be hardened, monitored where appropriate, access-controlled, purpose-bound, and configured to prevent unauthorized movement, uncontrolled replication, and insecure exposure. Transfer nodes shall not become informal repositories or unreviewed publication channels. **41.4.6 Research Data Zone Output Boundary.** Successful transfer through the Research Data Zone shall not mean the data may be published, used in AI, displayed in dashboards, transferred onward, used for public authority learning, used in readiness rooms, or included in handoff packages. Output review and downstream permissions remain required. **41.4.7 Research Data Zone Provider Neutrality.** Infrastructure supplied by universities, research networks, cloud providers, telecom operators, equipment vendors, sponsors, or partners shall not validate the provider, create procurement preference, or confer Nexus approval. Dependencies shall be disclosed. **41.4.8 Research Data Zone Incident and Correction.** Unauthorized transfer, misclassified data movement, cross-border movement error, transfer-node compromise, performance-tuning exposure, monitoring gap, or use of the zone as unrestricted data commons shall trigger correction, restriction, access closure, notice where required, and archive. **41.4.9 Science DMZ / Research Data Zone Formula.** The Research Data Zone shall follow the formula: **optimize research transfer; separate from secure and public zones; control data classes; harden transfer nodes; review downstream use; never let high-speed research movement become unrestricted data sharing.** *** ### 41.5 Secure Compute Zone **41.5.1 Secure Compute Zone Identity.** The **Secure Compute Zone** shall be the restricted network zone supporting secure compute, secure rooms, clean rooms, no-download environments, compute-to-data environments, confidential computing, sensitive AI workflows, vulnerability review, public authority-sensitive learning, protected knowledge handling, Indigenous-sensitive knowledge handling where applicable, health-sensitive work, infrastructure-sensitive work, cyber-sensitive work, and high-risk handoff dependency review. **41.5.2 Secure Compute Zone Purpose.** The Secure Compute Zone shall isolate sensitive workloads from ordinary research traffic, public demonstrations, partner contribution environments, general collaboration systems, and enterprise execution systems. It shall allow bounded processing while limiting extraction, lateral movement, public exposure, provider access, sponsor visibility, and unauthorized AI use. **41.5.3 Secure Compute Zone Record.** Each Secure Compute Zone shall have a Zone Record identifying data classes, workload classes, connected systems, access roles, permitted tools, prohibited tools, no-download rules, compute-to-data rules, output-review rules, network segmentation, encryption where appropriate, monitoring rules where appropriate, logging rules where appropriate, incident pathway, teardown rule, correction pathway, archive rule, and prohibited claims. **41.5.4 Ingress and Egress Control.** Ingress to and egress from the Secure Compute Zone shall be tightly controlled. Data entering the zone shall be classified and recorded. Outputs leaving the zone shall pass output review. Raw data extraction shall be prohibited unless expressly authorized by competent record. External network access shall be limited to approved purposes. **41.5.5 Secure AI and Agent Restrictions.** AI systems and agents operating in the Secure Compute Zone shall have restricted tools, restricted memory, restricted model access, prompt and output controls, human review, no external training unless authorized, no unauthorized embedding, no uncontrolled export, and shutdown triggers. AI convenience shall not override secure-zone controls. **41.5.6 Public Authority and Protected Knowledge Controls.** Public authority-sensitive data, protected knowledge, Indigenous-sensitive knowledge where applicable, and community-sensitive materials shall be handled with access restrictions, output review, public-safe limits, and national routing. Secure-zone access shall not create permission to publish, summarize, model, transfer, or hand off such materials. **41.5.7 Secure Compute Zone Boundary.** Secure-zone processing shall not create legal compliance certification, cybersecurity certification, privacy certification, public authority approval, procurement suitability, financeability, insurability, consent, deployment authorization, or execution authority. **41.5.8 Secure Compute Zone Incident and Correction.** Unauthorized ingress, unauthorized egress, data spill, AI prompt leakage, no-download breach, clean-room breach, protected knowledge exposure, public authority-sensitive disclosure, tool misuse, or segmentation failure shall trigger incident response, access closure, credential rotation, output withdrawal, notice where required, correction, and archive. **41.5.9 Secure Compute Zone Formula.** The Secure Compute Zone shall follow the formula: **isolate sensitive workloads; control ingress and egress; restrict tools and agents; review outputs; close access after purpose; never treat secure processing as approval or permission.** *** ### 41.6 Public Demonstration Zone **41.6.1 Public Demonstration Zone Identity.** The **Public Demonstration Zone** shall be a controlled network zone used for public-safe demonstrations, Nexus Universe arena displays, Studio demonstrations, public-good showcases, training demonstrations, public authority learning demonstrations, Marketplace previews, Registry displays, dashboard mockups, simulation walkthroughs, and public-facing or controlled-facing explanatory materials. It shall be designed for visibility without authority overclaim. **41.6.2 Demonstration Purpose.** The Public Demonstration Zone may show how Foundry Objects, dashboards, Studio patterns, Observatory modules, AI workflows, Packs, connectors, agents, simulations, public-safe reports, Marketplace metadata, or Registry records work under controlled conditions. It shall not expose sensitive data, real operational controls, unreleased systems, privileged interfaces, unreviewed public warnings, or live execution capability. **41.6.3 Demonstration Zone Record.** Each Public Demonstration Zone shall have a Zone Record identifying demonstration purpose, audience, objects displayed, data used, synthetic or public-safe status, public-safe review status, access controls, isolation controls, prohibited functions, claims language, support status, teardown rule, correction pathway, archive rule, and prohibited interpretations. **41.6.4 Synthetic and Public-Safe Data Preference.** Demonstrations shall prefer synthetic, anonymized, aggregated, public-safe, pre-reviewed, or non-sensitive data. Real data shall not be used unless classification, output review, public-safe review, national routing, and permission conditions support such use. **41.6.5 Demonstration Isolation.** Public Demonstration Zones shall be isolated from production systems, Secure Compute Zones, sensitive Data Plane environments, live Edge control systems, public authority systems, enterprise execution systems, real procurement systems, real finance systems, and live operational command environments. Demonstration controls shall prevent unintended actions. **41.6.6 Demonstration Boundary Language.** Demonstrations shall state where relevant that displayed outputs are illustrative, controlled, synthetic or public-safe where applicable, non-decision, non-public-warning, non-procurement, non-finance, non-consent, non-deployment, and non-execution. Visual polish shall not create authority. **41.6.7 Demonstration Without Adoption.** Visibility in a Public Demonstration Zone, Nexus Universe arena, Marketplace preview, Registry display, Studio session, or public authority learning room shall not mean adoption, approval, recognition, certification, procurement status, financeability, insurability, consent, deployment authorization, or execution. **41.6.8 Demonstration Zone Incident and Correction.** Demonstration incidents may include sensitive data exposure, live system exposure, authority overclaim, public warning implication, provider promotion, sponsor narrative capture, unreviewed dashboard display, AI hallucination, or audience reliance risk. Such incidents shall trigger correction, withdrawal, public-safe clarification, teardown, and archive. **41.6.9 Public Demonstration Zone Formula.** The Public Demonstration Zone shall follow the formula: **show safely; use synthetic or reviewed data; isolate from real control; label boundaries; correct overclaim; never let demonstration become adoption, warning, deployment, or execution.** *** ### 41.7 Partner Contribution Zone **41.7.1 Partner Contribution Zone Identity.** The **Partner Contribution Zone** shall be a controlled network zone through which providers, sponsors, universities, research institutions, public-interest partners, corporate actors, hosts, infrastructure firms, technical contributors, and other external contributors may contribute tools, data, code, documentation, test results, APIs, connectors, dashboards, models, expertise, infrastructure support, or review materials to Foundry under bounded conditions. **41.7.2 Contribution Purpose.** The Partner Contribution Zone shall allow external expertise and technical inputs to enter Foundry without granting partners access to sensitive systems, National Node records, secure rooms, public authority-sensitive data, protected knowledge, Registry control, Marketplace control, Studio activation, release authority, national routing authority, readiness authority, or execution authority. **41.7.3 Partner Contribution Zone Record.** Each Partner Contribution Zone shall have a Zone Record identifying partner classes, contribution types, permitted interfaces, prohibited interfaces, data classes, code submission rules, artifact submission rules, IP and license terms, security scanning, malware controls, dependency review, provider-neutrality controls, sponsor-control controls, access roles, review pathways, correction pathway, teardown rule, archive rule, and prohibited claims. **41.7.4 Controlled Ingress.** Partner contributions shall enter through controlled ingress points. Submitted code, containers, models, datasets, connectors, agents, APIs, documentation, benchmarks, and dashboards shall be scanned, classified, reviewed, sandboxed, and recorded before use in Foundry production pathways. **41.7.5 Partner Access Limitation.** Partners shall not receive broad internal access merely because they contribute. Partner access shall be limited to contribution purposes and shall not include restricted data, secure rooms, National Node-sensitive records, Registry administration, Marketplace administration, Studio administration, release control, or privileged compute unless separately authorized. **41.7.6 Provider and Sponsor Neutrality.** Partner contribution shall not validate the partner, certify technology, create preferred-provider status, create sponsor control, create Marketplace priority, create Registry approval, create procurement advantage, create financeability, or create deployment authorization. Contribution is input, not endorsement. **41.7.7 Contribution Security.** Partner contribution interfaces shall protect against malicious code, vulnerable dependencies, credential leakage, data exfiltration, supply-chain compromise, AI model risks, prompt-injection artifacts, license conflicts, proprietary lock-in, and hidden telemetry. Partner tools shall not be accepted into Foundry without review. **41.7.8 Partner Contribution Incident and Correction.** Incidents may include malware, dependency vulnerability, license conflict, secret exposure, hidden telemetry, data misuse, provider overclaim, sponsor influence, malicious connector, unsafe AI model, or contribution used as validation claim. Such incidents shall trigger isolation, rejection, correction, access closure, notice where required, and archive. **41.7.9 Partner Contribution Zone Formula.** The Partner Contribution Zone shall follow the formula: **receive external contribution through controlled ingress; scan and review before use; limit partner access; preserve neutrality; correct unsafe contribution; never let contribution become validation or control.** *** ### 41.8 National Node Exchange Zone **41.8.1 National Node Exchange Zone Identity.** The **National Node Exchange Zone** shall be the controlled network zone through which National Nexus Nodes, National Dense Nexus Cores, National Working Groups, National Nexus Consortiums, National Councils, Helix Councils, National Portfolio Factory pathways, Regional Clusters, Dense Cores, Marketplace, Registry, Studio, Observatory Nodes, and lawful handoff-preparation surfaces exchange national records, public-safe outputs, data-derived summaries, readiness questions, safeguard records, localization profiles, and correction records. **41.8.2 National Exchange Purpose.** The National Node Exchange Zone shall preserve national ownership while enabling secure and interoperable exchange between national, regional, and global Foundry pathways. It shall allow national work to participate in common rail without losing national context, residency rules, language, public authority boundaries, community safeguards, Indigenous protocols where applicable, support status, correction history, or archive status. **41.8.3 National Node Exchange Record.** Each National Node Exchange Zone shall have an Exchange Zone Record identifying participating National Nodes, jurisdictions, exchanged object classes, permitted data classes, prohibited data classes, metadata display rules, localization rules, cross-border rules, access roles, public authority sensitivity, community and Indigenous protocol considerations where applicable, security controls, synchronization rules, correction pathway, teardown rule, archive rule, and prohibited claims. **41.8.4 National Routing and Anti-Bypass.** National Node Exchange shall not bypass national routing. Global or regional actors shall not use the Exchange Zone to extract national data, reroute national priorities, publish national materials, expose sensitive metadata, shape readiness language, or prepare enterprise handoff without national record. **41.8.5 Exchange Objects.** Exchange objects may include National Portfolio summaries, public-safe national reports, Observatory need records, DRI and GRIx context records, safeguard summaries, readiness question records, Marketplace context records, Registry references, Studio preparation notes, Core Build requests, Nexus Universe routing records, correction notices, archive references, and lawful handoff dependency summaries. **41.8.6 Sensitive National Data Controls.** Raw sovereign data, public authority-sensitive data, community-sensitive data, Indigenous-sensitive data where applicable, health-sensitive data, infrastructure-sensitive data, cyber-sensitive data, procurement-sensitive data, finance-sensitive data, and protected knowledge shall not be exchanged unless classification, custody, residency, national routing, safeguards, and output review permit exchange. **41.8.7 National Exchange Without Approval.** Exchange of a national record shall not imply government approval, public authority adoption, procurement priority, public finance allocation, financeability, insurability, community consent, Indigenous consent where applicable, deployment authorization, or execution. Exchange means recorded movement or visibility under national conditions. **41.8.8 National Node Exchange Incident and Correction.** Incidents may include national bypass, cross-border exposure, sensitive metadata exposure, unauthorized extraction, public authority overclaim, community or Indigenous safeguard failure, stale national record display, or use of exchange as national approval. Such incidents shall trigger correction, restriction, notice where required, national pathway review, and archive. **41.8.9 National Node Exchange Zone Formula.** The National Node Exchange Zone shall follow the formula: **exchange national records without extracting national control; preserve localization and safeguards; restrict sensitive data; synchronize with correction; never let exchange become national approval or bypass.** *** ### 41.9 Operations, Monitoring, and Telemetry Zone **41.9.1 Operations Zone Identity.** The **Operations, Monitoring, and Telemetry Zone** shall be the controlled network zone supporting network operations, health monitoring, telemetry collection, performance measurement, security monitoring, incident detection, capacity planning, degraded-mode continuity, support diagnostics, service reliability, and post-cycle reconciliation for Foundry network environments. **41.9.2 Operations Zone Purpose.** The Operations Zone shall allow Foundry to understand whether the Network Plane is functioning, degraded, misconfigured, overused, attacked, drifting, or requiring teardown. It shall support reliability and security without becoming unrestricted surveillance, operational command over external systems, public authority intelligence gathering, or public warning infrastructure. **41.9.3 Operations Zone Record.** Each Operations Zone shall have an Operations Zone Record identifying monitored systems, telemetry classes, access roles, monitoring purpose, sensitivity class, retention rule, alert thresholds, incident pathways, privacy controls, public authority-sensitive controls, national routing implications, dashboard access, correction pathway, teardown rule, archive rule, and prohibited uses. **41.9.4 Telemetry Classes.** Operations telemetry may include bandwidth use, latency, packet loss, route state, service availability, device health, certificate expiry, key rotation status, authentication events, access events, connection attempts, data-transfer volumes, anomaly indicators, Edge synchronization state, secure-zone egress attempts, public demonstration health, and teardown verification. Content inspection shall be restricted and justified where needed. **41.9.5 Monitoring Proportionality.** Monitoring shall be proportionate to risk and purpose. High-risk zones, including Secure Compute Zones, National Node Exchange Zones, Partner Contribution Zones, release paths, Studio paths, Edge synchronization, and public demonstration surfaces, may require enhanced telemetry. Monitoring shall protect privacy, protected knowledge, Indigenous-sensitive information where applicable, public authority-sensitive information, and confidential partner information. **41.9.6 Alerting and Escalation.** Alerts may route to network stewards, security stewards, data stewards, National Node stewards, Studio stewards, Marketplace stewards, Registry stewards, Edge stewards, release stewards, or incident responders depending on affected system. Alerting shall not create final findings until reviewed by competent roles. **41.9.7 Operations Dashboard Boundary.** Operations dashboards shall not be public dashboards by default. Display of operational telemetry shall be access-controlled and public-safe where externally visible. Operational health indicators shall not be used as provider ranking, security certification, public authority status, finance signal, procurement signal, or execution status. **41.9.8 Operations Zone Incident and Correction.** Operations incidents may include monitoring gaps, telemetry leakage, overbroad monitoring, privacy violation, protected knowledge exposure, public authority-sensitive exposure, alert failure, false alert overclaim, route drift, unauthorized access, or dashboard misuse. Such incidents shall trigger correction, restriction, notice where required, and archive. **41.9.9 Operations, Monitoring, and Telemetry Formula.** The Operations Zone shall follow the formula: **monitor network health and security; collect only what is needed; protect telemetry; route alerts for review; correct drift; never let monitoring become surveillance, rating, or authority.** *** ### 41.10 Network Plane Teardown and Archive **41.10.1 Teardown and Archive Principle.** **Network Plane Teardown and Archive** shall ensure that network paths, zones, routes, peering relationships, public demonstration surfaces, partner contribution interfaces, National Node exchange channels, research data transfer nodes, secure-zone connections, Edge synchronization links, certificates, keys, DNS entries, service-discovery records, firewall rules, monitoring channels, and temporary Nexus Universe or Core Build network fabrics are closed, revoked, dismantled, restricted, archived, or renewed when their purpose ends or their risk status changes. **41.10.2 Teardown Purpose.** Teardown shall prevent temporary network capacity from becoming unmanaged infrastructure, stale exposure, hidden provider dependency, unmonitored partner access, persistent demonstration endpoints, unsupported National Node exchange, open transfer nodes, stale DNS, orphaned certificates, forgotten peering, insecure telemetry, or execution by network drift. **41.10.3 Network Teardown Triggers.** Teardown may be triggered by Core Build closure, Nexus Universe cycle closure, project completion, partner contribution completion, secure-room closure, data permission expiry, national non-continuation, public demonstration completion, route change, peering termination, certificate expiry, key rotation, provider termination, incident response, support lapse, Marketplace delisting, Registry correction, Studio pause, Edge decommissioning, or archive decision. **41.10.4 Network Teardown Record.** A Network Teardown Record shall identify network component, zone, route, peering, endpoint, service, certificate, key, DNS name, monitoring path, or exchange channel; teardown reason; affected environments; affected users; affected data flows; access revocation; certificate and key revocation; DNS or naming update; firewall or route removal; telemetry closure; residual risks; verification; correction pathway; and archive reference. **41.10.5 Zone Closure.** Closure of a Research Data Zone, Secure Compute Zone, Public Demonstration Zone, Partner Contribution Zone, National Node Exchange Zone, or Operations Zone shall address data flows, access, credentials, routes, logs, records, public-safe notices, user notices, support state, archive state, and any dependent Marketplace, Registry, Studio, National Node, or handoff records. **41.10.6 Public Demonstration Closure.** Public demonstration endpoints shall be closed, restricted, or archived when demonstrations end. Demonstration materials shall be marked non-current where appropriate. Public links shall not remain active merely because they are useful for marketing or memory. **41.10.7 Partner and Peering Closure.** Partner access, peering, routes, VPNs, exchange points, test endpoints, contribution channels, and temporary credentials shall be closed when the contribution purpose ends. Partner network access shall not persist as informal privileged access. **41.10.8 Archive Classes.** Network Plane archive classes may include route archive, peering archive, zone archive, demonstration archive, partner contribution archive, National Node exchange archive, research network archive, secure-zone archive, telemetry archive, incident archive, teardown verification archive, and institutional-memory archive. **41.10.9 No Current Authority From Network Archive.** Archived network records, routes, peering relationships, service names, demonstration endpoints, National Node exchange records, partner contribution paths, research transfer nodes, secure-zone paths, telemetry dashboards, or public links shall not be cited as current connectivity, current support, current approval, current public demonstration, current Marketplace status, current Registry status, current Studio status, current national exchange, current deployment authorization, or execution authority unless reinstated by current review and record. **41.10.10 Final Network Plane Formula.** The controlling Network Plane Formula is that **the Network Plane connects Foundry’s research, secure, public demonstration, partner contribution, national exchange, operations, monitoring, edge, compute, data, Studio, Marketplace, Registry, Core Build, and Nexus Universe environments through governed fabrics, zones, routes, switching, peering, telemetry, teardown, and archive; connectivity is segmented by risk, controlled by policy, bounded by data classification, respectful of national ownership, protected against provider and sponsor capture, monitored proportionately, and closed when purpose ends; no bandwidth, route, peering, public endpoint, partner connection, National Node exchange, telemetry feed, or archived network record creates data permission, public authority approval, procurement preference, financeability, insurability, consent, deployment authorization, operational command, or execution authority by implication.** ## 42. Security Plane ### 42.1 Security Plane Definition **42.1.1 Security Plane Identity.** The **Foundry Security Plane** shall be the security-governance, enforcement, protection, detection, response, correction, closure, and archive layer through which Nexus Foundry protects its Control Plane, Data Plane, Compute Plane, Network Plane, AI and Agentic Systems, Edge Architecture, Studio runtime, Marketplace surfaces, Registry records, Observatory systems, National Node exchanges, secure rooms, clean rooms, no-download environments, partner contribution surfaces, public demonstration surfaces, release pipelines, and lawful handoff-preparation pathways. The Security Plane shall make Foundry secure by design, secure by operation, secure by record, secure by correction, and secure by closure. **42.1.2 Security Plane Purpose.** The purpose of the Security Plane shall be to preserve confidentiality, integrity, availability, provenance, identity, access discipline, data protection, public-safe meaning, national routing, protected knowledge safeguards, cyber resilience, operational continuity, and trustworthiness across Foundry systems. It shall prevent unauthorized access, privilege drift, data leakage, secrets exposure, provider capture, sponsor access abuse, AI tool misuse, unsafe automation, insecure partner contributions, uncontrolled egress, exfiltration, vulnerability exploitation, public authority-sensitive exposure, community-sensitive exposure, Indigenous-sensitive exposure where applicable, and execution by technical compromise. **42.1.3 Security Plane Scope.** The Security Plane shall include Zero Trust enforcement, identity security, privileged access controls, secrets and key management, vulnerability management, threat monitoring, logging, secure enclave controls, clean room controls, no-download controls, egress controls, exfiltration controls, incident response, access closure, security correction, security archive, lessons learned, and security-plane closure. **42.1.4 Security as Foundry Integrity.** Security shall not be treated as an IT afterthought. It shall be part of Foundry production integrity. A Foundry object that is technically useful but insecure, unbounded, unreviewed, unsupported, unmonitored where needed, unrecoverable, or unable to be closed shall not be treated as mature public-good infrastructure. **42.1.5 Security Plane Relationship to Other Planes.** The Security Plane shall enforce and protect the Control Plane, Data Plane, Compute Plane, and Network Plane. It shall not replace them. It secures identity, access, data movement, compute workloads, network paths, AI agents, releases, dashboards, rooms, and records; it does not create public authority approval, procurement authority, finance authority, consent authority, deployment authorization, or execution authority. **42.1.6 Security Plane Records.** Material Security Plane activity shall be record-bearing. Records may include Security Policy Records, Zero Trust Enforcement Records, Privileged Access Records, Secrets Records, Key Records, Vulnerability Records, Threat Monitoring Records, Logging Records, Secure Enclave Records, Clean Room Records, Egress Records, Exfiltration Records, Incident Records, Access Closure Records, Security Correction Records, Security Closure Records, and Security Archive Records. **42.1.7 Security Plane Boundary.** Security review, security configuration, secure environment use, vulnerability remediation, monitoring, logging, encryption, certificate issuance, key management, secure-room participation, clean-room analysis, no-download access, or incident closure shall not create cybersecurity certification, legal compliance certification, public authority approval, procurement status, financeability, insurability, community consent, Indigenous consent where applicable, deployment authorization, operational command, or execution authority. **42.1.8 Security Plane Formula.** The Security Plane shall operate according to the formula: **verify before trust; restrict before exposure; monitor proportionately; protect secrets; patch and correct vulnerabilities; control egress; contain incidents; close access; archive lessons; never let security controls become certification, approval, consent, deployment, or execution authority.** *** ### 42.2 Zero Trust Enforcement **42.2.1 Zero Trust Enforcement Principle.** **Zero Trust Enforcement** shall be the operational application of Foundry’s Zero Trust baseline across users, devices, workloads, services, data, networks, AI agents, tools, APIs, repositories, dashboards, Studio runtime, Marketplace workflows, Registry updates, Edge environments, Observatory Nodes, secure rooms, clean rooms, and no-download environments. No actor or system shall be trusted by location, affiliation, seniority, sponsorship, provider status, public authority attendance, or prior participation alone. **42.2.2 Enforcement Domains.** Zero Trust enforcement shall apply to identity verification, authentication, authorization, least privilege, device posture where appropriate, workload identity, service identity, tool permissions, data-class controls, network segmentation, egress limits, secrets access, certificate use, AI-agent permissions, secure-room access, clean-room access, no-download access, and session closure. **42.2.3 Enforcement Record.** A Zero Trust Enforcement Record shall identify policy, subject class, resource class, enforcement mechanism, data class, environment, authentication requirement, authorization requirement, access duration, review cadence, monitoring rule where appropriate, revocation trigger, correction pathway, archive rule, and prohibited interpretations. **42.2.4 Continuous Conditional Access.** Access shall be conditional on current identity, role, need, training, conflict status where relevant, device or workload posture where appropriate, data class, environment, jurisdiction, session risk, incident state, and support status. A previously valid session may be terminated where conditions change. **42.2.5 Segmentation Enforcement.** Segmentation shall separate research zones, secure compute zones, public demonstration zones, partner contribution zones, National Node exchange zones, operations zones, edge zones, Studio zones, Marketplace and Registry administration, release pipelines, archive environments, and enterprise-adjacent handoff environments. Segmentation failure shall be treated as a security incident where material. **42.2.6 AI and Agent Zero Trust.** AI agents, copilots, automation workflows, retrieval systems, classifiers, summarizers, and Studio agents shall be treated as untrusted by default. They shall receive only authorized data, tools, memory, workflow rights, and output pathways. Agents shall not inherit broad permissions from human requesters. **42.2.7 Zero Trust and National Routing.** Zero Trust enforcement shall respect national routing, data residency, sovereign compute, public authority-sensitive data, community-sensitive data, Indigenous-sensitive data where applicable, and protected knowledge controls. A global or regional identity shall not bypass national access controls. **42.2.8 Zero Trust Drift and Correction.** Zero Trust drift shall be corrected where permissions expand, segmentation weakens, sessions persist beyond purpose, service accounts become orphaned, agents exceed scope, devices become untrusted, data classes change, or monitoring shows policy bypass. **42.2.9 Zero Trust Enforcement Formula.** Zero Trust Enforcement shall follow the formula: **verify every actor; authorize every access; segment every risk; re-check every condition; revoke when purpose ends; correct drift; never trust by network, name, role, or reputation alone.** *** ### 42.3 Privileged Access **42.3.1 Privileged Access Principle.** **Privileged Access** shall mean elevated authority within Foundry technical systems that can change infrastructure, access restricted data, alter policies, issue credentials, manage certificates, rotate keys, modify release pipelines, change Registry records, control Marketplace administration, activate Studio runtime, configure agents, access secure rooms, administer compute environments, modify network routes, or affect security controls. Privileged access shall be exceptional, bounded, recorded, reviewable, and revocable. **42.3.2 Privileged Role Classes.** Privileged roles may include security administrator, identity administrator, infrastructure administrator, network administrator, cloud administrator, compute administrator, repository administrator, release administrator, Registry administrator, Marketplace administrator, Studio administrator, secure-room administrator, clean-room administrator, no-download administrator, secrets administrator, certificate administrator, key custodian, incident responder, break-glass steward, and archive custodian. **42.3.3 Privileged Access Record.** Each privileged access assignment shall have a Privileged Access Record identifying identity, privileged role, system, permission scope, authorization basis, approving steward, duration, justification, data classes, environment, logging requirement where appropriate, separation-of-duty constraints, break-glass conditions, review frequency, revocation trigger, correction pathway, and archive rule. **42.3.4 Least Privilege and Just-in-Time Access.** Privileged access shall be least-privilege and, where feasible, just-in-time, task-bound, session-bound, or time-limited. Persistent privilege shall require stronger justification, heightened review, stronger monitoring where appropriate, and rapid revocation capacity. **42.3.5 Separation of Duties.** Privileged access shall preserve separation of duties. A single actor should not unilaterally create, review, approve, release, publish, list, register, activate, alter, and archive high-risk objects. Provider contributors shall not administer environments that determine review or status of their own provider-dependent objects without independent controls. **42.3.6 Break-Glass Access.** Break-glass access may be used only for defined security, continuity, recovery, incident-response, or access-restoration purposes. It shall be recorded, logged where appropriate, reviewed after use, corrected if overbroad, and removed when no longer needed. Break-glass access shall not be used to bypass ordinary review or create status. **42.3.7 Privileged Access Boundary.** Privileged access enables technical administration only. It shall not create authority to approve public releases, certify security, create public authority status, approve procurement, approve finance, grant consent, authorize deployment, or execute projects unless a separate competent lawful process creates that authority. **42.3.8 Privileged Access Incident.** A Privileged Access Incident shall arise where elevated permissions are granted without basis, retained beyond need, used outside scope, used to bypass review, used to alter records improperly, used to access restricted data without need, used to weaken security, or used to imply substantive authority. **42.3.9 Privileged Access Correction.** Privileged access shall be revoked, reduced, rotated, suspended, reviewed, or reissued where misuse, drift, conflict, incident, role change, orphaned account, provider-capture risk, sponsor-control risk, or public-good firewall risk appears. **42.3.10 Privileged Access Formula.** Privileged Access shall follow the formula: **elevate only by record; limit scope and time; separate duties; review use; revoke quickly; treat misuse as incident; never let administrative power become substantive authority.** *** ### 42.4 Secrets and Key Management **42.4.1 Secrets and Key Management Principle.** **Secrets and Key Management** shall govern credentials, passwords, tokens, API keys, encryption keys, signing keys, certificates, private keys, service-account keys, model keys, webhook secrets, cloud credentials, repository tokens, database credentials, secure-room credentials, release keys, device keys, and other sensitive trust materials used by Foundry systems. **42.4.2 Purpose.** Secrets and Key Management shall prevent unauthorized access, data leakage, supply-chain compromise, release compromise, Registry manipulation, Marketplace manipulation, Studio compromise, AI tool misuse, Edge compromise, Observatory compromise, cloud compromise, partner contribution compromise, and public-good infrastructure capture. **42.4.3 Secrets and Key Record.** A Secrets and Key Record shall identify secret or key class, steward, purpose, system, environment, access roles, storage class, rotation schedule where applicable, expiry where applicable, revocation pathway, compromise response, dependency relationship, deletion or archive rule, and prohibited handling. Secret values and private key material shall not appear in ordinary records. **42.4.4 Approved Storage.** Secrets and keys shall be stored only in approved secrets-management, key-management, hardware-security, encrypted, or controlled systems appropriate to risk. Secrets shall not be placed in prompts, AI memory, public documents, code repositories, chat threads, logs, dashboards, issue trackers, shared documents, public-safe reports, Marketplace listings, Registry records, Studio outputs, or handoff packages. **42.4.5 Scope and Separation.** Secrets and keys shall be scoped to the minimum required systems, environments, roles, actions, and duration. Development, test, secure-room, Studio, staging, release, public demonstration, National Node, and production-equivalent environments shall not share trust material except where specifically authorized and controlled. **42.4.6 Signing Keys and Release Integrity.** Release signing keys shall receive heightened protection. A signature may support artifact integrity within recorded release process, but it shall not certify the object, validate the provider, authorize deployment, create procurement status, establish financeability, or create public authority approval. **42.4.7 AI and Secrets.** AI systems and agents shall not receive unrestricted secrets. Where AI workflows require tool access, access shall occur through controlled interfaces with scoped credentials, no prompt exposure, no persistent memory exposure, no training exposure, no log leakage, and revocation capability. **42.4.8 Rotation and Revocation.** Secrets and keys shall be rotated or revoked when exposure is suspected, roles change, access purpose ends, systems are decommissioned, Core Build cycles close, Nexus Universe cycles close, providers change, agents are disabled, privileged users depart, or incidents occur. **42.4.9 Secrets or Key Exposure Incident.** Any suspected exposure of a secret or key shall trigger containment, revocation, rotation, affected-system review, output review, access review, notice where required, correction, and archive. Delay to protect reputation shall not be permitted. **42.4.10 Secrets and Key Management Formula.** Secrets and Key Management shall follow the formula: **store trust material only in controlled systems; scope narrowly; separate environments; never expose secrets to prompts or public records; rotate on risk; revoke after purpose; treat every leak as incident.** *** ### 42.5 Vulnerability Management **42.5.1 Vulnerability Management Principle.** **Vulnerability Management** shall be the Foundry process for identifying, recording, triaging, prioritizing, remediating, validating, communicating, correcting, and archiving vulnerabilities affecting Foundry software, dependencies, infrastructure, cloud environments, sovereign compute, edge devices, AI systems, agents, connectors, APIs, dashboards, Studio packages, Marketplace systems, Registry systems, release pipelines, data rooms, secure rooms, clean rooms, no-download environments, network zones, and handoff-preparation systems. **42.5.2 Vulnerability Classes.** Vulnerabilities may include software defects, dependency vulnerabilities, exposed secrets, access-control weaknesses, privilege escalation pathways, insecure configuration, injection risks, AI prompt-injection risks, model extraction risks, data leakage risks, connector weaknesses, dashboard exposure risks, Edge-device vulnerabilities, OT interface risks, secure-room control failures, release integrity weaknesses, network segmentation failures, and supply-chain risks. **42.5.3 Vulnerability Record.** A Vulnerability Record shall identify affected object or system, vulnerability class, severity, exploitability where appropriate, affected versions, affected data classes, affected environments, source, discovery date, public-safe disclosure limits, remediation steward, mitigation, timeline, compensating controls, validation method, notice requirement, correction pathway, archive rule, and prohibited interpretations. **42.5.4 Triage Criteria.** Vulnerability prioritization shall consider severity, exploitability, exposure, affected data class, public authority sensitivity, protected knowledge risk, Indigenous-sensitive knowledge risk where applicable, infrastructure risk, public-facing exposure, AI-agent risk, release status, support status, Marketplace listing, Registry presence, Studio runtime, national context, and handoff proximity. **42.5.5 Remediation Actions.** Remediation may include patching, dependency update, configuration correction, access restriction, credential rotation, connector suspension, dashboard restriction, Studio pause, Marketplace suspension, Registry correction, release withdrawal, data sealing, Edge disconnection, secure-room restriction, or handoff recall. **42.5.6 Validation and Residual Risk.** Remediation shall be validated where risk requires. Residual risk shall be recorded where full remediation is delayed, impossible, dependent on provider action, dependent on national pathway, or subject to compensating controls. **42.5.7 Coordinated and Public-Safe Disclosure.** Vulnerability disclosure shall be security-aware and public-safe. Details that enable harm shall be controlled. Public or targeted notice may be required where users, National Nodes, Studio users, Marketplace users, handoff recipients, public authorities, communities, or other affected actors face material risk. **42.5.8 Remediation Without Certification.** Completion of vulnerability remediation shall not create cybersecurity certification, privacy certification, legal compliance certification, procurement suitability, financeability, insurability, public authority approval, deployment authorization, or security guarantee. It means the recorded vulnerability was addressed within stated limits. **42.5.9 Vulnerability Correction.** Vulnerability Records shall be corrected where severity changes, affected systems expand, remediation fails, disclosure was incomplete, public-safe language was unsafe, or vulnerability status is misused as assurance. **42.5.10 Vulnerability Management Formula.** Vulnerability Management shall follow the formula: **find weaknesses; record severity; restrict exposure; remediate; validate; disclose safely; correct records; archive lessons; never convert patching into universal assurance.** *** ### 42.6 Threat Monitoring and Logging **42.6.1 Threat Monitoring and Logging Principle.** **Threat Monitoring and Logging** shall be the controlled capture, detection, alerting, review, retention, restriction, correction, and archive of security-relevant activity across Foundry systems. Monitoring and logging shall support accountability, incident response, security correction, provenance, release integrity, Registry truth, Marketplace integrity, Studio safety, data protection, AI boundary review, access review, and archive. **42.6.2 Monitoring Scope.** Threat monitoring may cover authentication events, authorization failures, privileged actions, secrets access, key use, certificate issuance, repository events, release pipeline events, Registry changes, Marketplace changes, Studio runtime events, AI tool-use events, prompt-injection indicators, secure-room events, clean-room events, no-download events, data export events, Edge telemetry anomalies, network route anomalies, vulnerability events, egress events, and exfiltration indicators. **42.6.3 Logging Record.** A Threat Monitoring and Logging Record shall identify monitored system, log class, monitoring purpose, data captured, sensitivity class, access roles, alert thresholds, retention period, redaction rules, protected knowledge controls, public authority-sensitive controls, Indigenous protocol sensitivity where applicable, privacy protections, correction pathway, deletion or archive rule, and prohibited uses. **42.6.4 Proportionate Monitoring.** Monitoring shall be proportionate to risk. High-risk systems, including privileged access, release pipelines, secure rooms, clean rooms, no-download environments, AI agents, Studio runtime, Marketplace and Registry administration, Edge environments, National Node exchange, and sensitive Data Plane pathways, may require enhanced monitoring. **42.6.5 Privacy and Sensitive Content.** Logs may contain personal information, confidential information, public authority-sensitive information, protected knowledge, Indigenous-sensitive knowledge where applicable, cyber-sensitive details, infrastructure-sensitive information, model vulnerabilities, secrets history, or legal-sensitive materials. Such logs shall be restricted, redacted, sealed, aggregated, or deleted where required. **42.6.6 Alerting and Escalation.** Monitoring may trigger alerts for unauthorized access, privilege escalation, secrets exposure, suspicious downloads, abnormal tool use, AI agent overreach, data export anomalies, Registry or Marketplace manipulation, Studio runtime anomalies, Edge anomalies, secure-zone egress attempts, and vulnerability exploitation. Alerts shall route to competent stewards and incident pathways. **42.6.7 Monitoring Without Surveillance.** Threat monitoring shall not become unrestricted surveillance of contributors, communities, Indigenous participants where applicable, public authority learners, partners, or users. Monitoring shall be lawful, purpose-bound, proportionate, documented, and sensitive to privacy and safeguards. **42.6.8 Logs Without Final Findings.** Logs and alerts support investigation; they do not by themselves create fault, approval, certification, public authority classification, procurement status, finance effect, consent status, deployment authorization, or execution effect. Findings require competent review and record. **42.6.9 Monitoring Correction.** Monitoring and logging rules shall be corrected where logging is too broad, too weak, inaccurate, over-retained, missing critical events, exposing sensitive content, creating surveillance risk, or failing to support incident response. **42.6.10 Threat Monitoring and Logging Formula.** Threat Monitoring and Logging shall follow the formula: **monitor what protects trust; log what supports correction; protect sensitive logs; alert on risk; review before judgment; avoid surveillance; never let monitoring become certification or authority.** *** ### 42.7 Secure Enclave and Clean Room Controls **42.7.1 Secure Enclave and Clean Room Control Principle.** **Secure Enclave and Clean Room Controls** shall govern restricted environments in which sensitive data, models, evidence, protected knowledge, public authority-sensitive information, Indigenous-sensitive knowledge where applicable, community-sensitive information, health data, infrastructure data, cyber-sensitive material, provider-confidential information, or handoff-sensitive materials may be viewed, queried, compared, computed on, or reviewed under controlled conditions. **42.7.2 Secure Enclave Function.** Secure Enclaves may provide isolation, encrypted processing where applicable, restricted execution, controlled access, output review, no-download restrictions, confidential computing, and limited workload execution for high-sensitivity Foundry work. They shall reduce exposure without creating approval or permission beyond record. **42.7.3 Clean Room Function.** Clean Rooms may permit multiple actors to analyze, compare, aggregate, benchmark, or review data, models, code, evidence, or outputs without exposing raw data, proprietary information, protected knowledge, or confidential details beyond permitted scope. Clean Rooms shall be used for controlled collaboration, not unrestricted sharing. **42.7.4 Secure Enclave / Clean Room Record.** Each Secure Enclave or Clean Room shall have a record identifying purpose, participants, data classes, input classes, approved workloads, prohibited workloads, access roles, confidentiality conditions, no-download rules, output-review rules, permitted outputs, prohibited outputs, logging rules where appropriate, retention rules, deletion or sealing rules, incident pathway, correction pathway, archive rule, and prohibited claims. **42.7.5 Access Control.** Access shall require role readiness, need, authorization, identity verification proportionate to risk, confidentiality obligations, training where required, conflict checks where relevant, and environment-specific rules. Access shall be time-bounded where appropriate and reviewed. **42.7.6 Output Control.** Outputs from Secure Enclaves and Clean Rooms shall be reviewed for re-identification, proprietary leakage, protected knowledge exposure, Indigenous-sensitive exposure where applicable, public authority sensitivity, cyber sensitivity, infrastructure sensitivity, public-safe meaning, finance or procurement implication, consent implication, and handoff implication before export. **42.7.7 Provider and Benchmark Neutrality.** Secure Enclave or Clean Room analysis involving providers, models, infrastructure, benchmarks, or technical comparisons shall not validate a provider, rank vendors, create procurement preference, prove general safety, create financeability, or support public claims beyond recorded results. **42.7.8 Room Boundary.** Secure Enclave or Clean Room participation shall not create legal compliance, security certification, privacy certification, public authority approval, procurement status, financeability, insurability, consent, deployment authorization, data ownership, or execution authority. **42.7.9 Secure Enclave and Clean Room Incident.** Raw data exposure, output leakage, re-identification risk, prohibited query, unauthorized export, participant misuse, provider overclaim, public-safe failure, protected knowledge exposure, or confidentiality breach shall trigger incident response, output restriction, access closure, correction, notice where required, and archive. **42.7.10 Secure Enclave and Clean Room Formula.** Secure Enclave and Clean Room Controls shall follow the formula: **isolate sensitive work; restrict participants and workloads; review outputs; prevent raw exposure and benchmark overclaim; close rooms deliberately; never let controlled analysis become certification or permission.** *** ### 42.8 Egress and Exfiltration Controls **42.8.1 Egress Control Principle.** **Egress Controls** shall govern data, outputs, files, logs, prompts, model outputs, embeddings, telemetry, screenshots, recordings, API responses, dashboard exports, query results, artifacts, packages, and communications leaving Foundry environments, zones, rooms, repositories, compute systems, AI workflows, Studio runtime, Marketplace workflows, Registry workflows, Edge environments, or National Node exchange pathways. **42.8.2 Exfiltration Control Principle.** **Exfiltration Controls** shall prevent unauthorized extraction, copying, transfer, publication, synchronization, model ingestion, embedding, screen capture, download, print, email, API export, cloud sync, AI prompt leakage, or handoff of data or sensitive materials. Exfiltration may be malicious, accidental, automated, agent-driven, provider-induced, or caused by misconfiguration. **42.8.3 Egress Record.** A material Egress Record shall identify source environment, destination, data or output class, export method, actor or system, authorization basis, output-review status, residency implications, custody implications, onward-use restriction, retention rule, monitoring rule where appropriate, correction pathway, archive rule, and prohibited interpretations. **42.8.4 Egress Classes.** Egress may include approved export, restricted export, aggregate-only export, public-safe export, national-only export, secure-room-only export, no-download prohibited export, compute-to-data output export, AI-output export, dashboard export, Registry export, Marketplace export, Studio export, handoff export, archive export, and prohibited export. **42.8.5 Exfiltration Signals.** Exfiltration indicators may include unusual downloads, abnormal API access, large data transfers, unauthorized copying, screenshot attempts, repeated query patterns, prompt-injection extraction, AI tool export, suspicious egress destinations, unauthorized cloud sync, credential misuse, unusual Edge synchronization, or public demonstration data leakage. **42.8.6 Output Review Before Egress.** Sensitive outputs shall not egress without output review. Review shall assess data class, re-identification risk, protected knowledge, Indigenous protocol sensitivity where applicable, public authority sensitivity, cyber sensitivity, infrastructure sensitivity, finance/procurement implication, public-safe meaning, consent implication, and handoff implication. **42.8.7 Egress Blocking and Quarantine.** Foundry may block, quarantine, delay, restrict, redact, aggregate, mask, seal, or require additional review for egress where risk exists. Technical ability to export shall not create permission to export. **42.8.8 AI and Agent Egress.** AI agents shall not send data, prompts, outputs, files, code, logs, embeddings, or summaries to external systems, tools, models, memory, or users unless authorized. Agentic egress shall be sandboxed, reviewable, and revocable. **42.8.9 Exfiltration Incident and Correction.** Unauthorized egress or suspected exfiltration shall trigger containment, access closure, credential rotation, destination review, output withdrawal, notice where required, Registry correction, Marketplace correction, Studio correction, handoff recall, public-safe correction, and archive. **42.8.10 Egress and Exfiltration Formula.** Egress and Exfiltration Controls shall follow the formula: **control what leaves; review sensitive outputs; block unauthorized export; treat AI egress as data movement; contain leakage; correct public meaning; never let export capability become export permission.** *** ### 42.9 Incident Response **42.9.1 Incident Response Principle.** **Security Incident Response** shall be the Foundry process for detecting, containing, analyzing, correcting, notifying, recovering from, learning from, and archiving security incidents affecting Foundry people, systems, records, data, compute, network, AI workflows, agents, rooms, zones, releases, Marketplace, Registry, Studio, Edge environments, National Node exchanges, partner contribution pathways, and handoff-preparation surfaces. **42.9.2 Security Incident Categories.** Security incidents may include unauthorized access, privilege misuse, secrets exposure, key compromise, certificate compromise, data leakage, exfiltration, vulnerability exploitation, malware, ransomware, supply-chain compromise, AI prompt injection, AI tool misuse, agent overreach, secure-room breach, clean-room breach, no-download breach, Registry manipulation, Marketplace manipulation, Studio runtime misuse, release compromise, Edge compromise, Observatory compromise, network misrouting, public demonstration exposure, partner contribution compromise, and teardown failure. **42.9.3 Incident Record.** A Security Incident Record shall identify incident category, affected systems, affected data, affected identities, affected records, affected environments, affected National Nodes where applicable, discovery source, timeline, severity, containment actions, access closures, secrets rotation, public-safe risk, public authority risk, community or Indigenous sensitivity where applicable, notice requirements, recovery actions, correction actions, recurrence controls, and archive status. **42.9.4 Severity Assessment.** Severity shall consider confidentiality, integrity, availability, data sensitivity, public authority sensitivity, protected knowledge exposure, Indigenous-sensitive exposure where applicable, community sensitivity, cyber risk, infrastructure impact, AI boundary risk, Marketplace and Registry impact, Studio impact, national routing impact, public-safe reliance, and handoff impact. **42.9.5 Immediate Containment.** Containment may include account suspension, privileged access revocation, route closure, egress block, data sealing, secret rotation, key revocation, certificate revocation, environment isolation, Studio pause, Marketplace suspension, Registry freeze, release withdrawal, connector shutdown, agent shutdown, Edge disconnection, secure-room closure, clean-room closure, no-download restriction, partner access closure, and public-safe communication hold. **42.9.6 Notification and Public-Safe Communication.** Notices shall be issued where required by law, contract, public-safe duty, affected-user reliance, national pathway, public authority sensitivity, community safeguard, Indigenous protocol where applicable, Marketplace or Registry visibility, Studio use, or handoff recipient reliance. Notices shall be accurate, non-alarmist where appropriate, and not overclaim official public authority meaning. **42.9.7 Recovery and Validation.** Recovery shall include restoring systems, validating integrity, reviewing logs where appropriate, checking data state, confirming access closure, rotating credentials, patching vulnerabilities, updating records, reconciling Registry and Marketplace status, resuming Studio only by record, restoring Edge synchronization only by review, and archiving evidence. **42.9.8 Correction and Recurrence Controls.** Incident response shall correct both technical conditions and public meaning. Correction may include public-safe clarification, Registry correction, Marketplace correction, Studio correction, release correction, support-status change, handoff recall, training update, control redesign, policy update, access review, and archive annotation. **42.9.9 Non-Retaliation.** Persons reporting security incidents in good faith shall be protected. Incident response shall not be used to punish contributors for identifying security risk, data risk, AI risk, public-safe risk, sponsor/provider influence, public authority confusion, or unsafe automation. **42.9.10 Incident Response Formula.** Security Incident Response shall follow the formula: **detect; contain; close access; rotate secrets and keys; assess harm; notify where required; recover; correct systems and meaning; update controls; archive lessons; never hide incidents to protect reputation.** *** ### 42.10 Security Plane Closure **42.10.1 Security Plane Closure Principle.** **Security Plane Closure** shall ensure that security controls, privileged access, secrets, keys, certificates, monitoring rules, logs, vulnerability records, secure enclaves, clean rooms, egress pathways, incident pathways, temporary security configurations, partner security access, National Node exchange controls, Studio security controls, Marketplace and Registry security controls, Edge controls, and release-security controls are closed, revoked, rotated, sealed, archived, renewed, or retired when their purpose ends or their risk status changes. **42.10.2 Closure Triggers.** Security Plane closure may be triggered by project completion, Core Build cycle closure, Nexus Universe cycle closure, data permission expiry, secure-room closure, clean-room closure, no-download closure, partner contribution completion, National Node exchange closure, Studio pause, Marketplace delisting, Registry correction, release withdrawal, Edge decommissioning, cloud environment teardown, incident containment, vulnerability remediation, key rotation, certificate expiry, privileged-role end, access purpose end, or archive decision. **42.10.3 Security Closure Record.** A Security Closure Record shall identify security control, access, secret, key, certificate, room, zone, monitoring path, vulnerability process, incident pathway, or environment being closed; closure reason; affected identities; affected systems; affected data; access revocation; credential rotation; key or certificate revocation; log retention; data sealing or deletion; notice needs; residual risk; verification; correction pathway; and archive reference. **42.10.4 Access Closure.** Closure shall revoke or suspend access for human users, service accounts, AI agents, workloads, devices, connectors, API keys, cloud roles, secure-room users, clean-room users, no-download users, Studio users, Marketplace administrators, Registry administrators, release stewards, partner contributors, and privileged administrators where purpose has ended. **42.10.5 Trust Material Closure.** Closure shall rotate, revoke, expire, delete, seal, or archive secrets, keys, tokens, certificates, signing keys, encryption keys, service credentials, model keys, webhook secrets, and device credentials where no longer needed, compromised, superseded, or associated with closed environments. **42.10.6 Monitoring and Log Closure.** Monitoring rules and logs shall be closed, reduced, sealed, archived, or deleted according to retention and sensitivity rules when systems close. Closure shall not erase required accountability, incident, correction, legal, public-safe, or archive records unless lawful deletion is required. **42.10.7 Secure Environment Closure.** Secure enclaves, clean rooms, no-download environments, data rooms, secure compute environments, cyber ranges, and partner contribution zones shall close deliberately. Closure shall include output review, data disposition, access revocation, credential revocation, log handling, participant notice where needed, residual-risk review, and archive. **42.10.8 Closure Verification.** Material Security Plane closure shall be verified by record. Verification may confirm access revocation, credential rotation, certificate revocation, key closure, route closure, egress closure, monitoring adjustment, data sealing, log retention, public-safe notice, Registry correction, Marketplace correction, Studio correction, and archive completion. **42.10.9 No Residual Security Authority.** Archived security controls, certificates, keys, access roles, vulnerability records, monitoring dashboards, secure-room records, clean-room records, incident records, or closure records shall not be cited as current security approval, current access, current certification, current public authority comfort, current procurement suitability, current financeability, current consent, current deployment authorization, or execution authority unless reinstated by current review and record. **42.10.10 Final Security Plane Formula.** The controlling Security Plane Formula is that **the Security Plane enforces Zero Trust, governs privileged access, protects secrets and keys, manages vulnerabilities, monitors threats, secures enclaves and clean rooms, controls egress and exfiltration, responds to incidents, closes access, and archives security learning; it protects the Control, Data, Compute, and Network Planes while preserving public-good integrity, national ownership, safeguards, public-safe meaning, and correctionability; no security control, secure environment, vulnerability remediation, monitoring record, incident closure, certificate, key, access grant, or archived security record creates cybersecurity certification, legal compliance, public authority approval, procurement preference, financeability, insurability, consent, deployment authorization, operational command, or execution authority by implication.** ## 43. AI / Agentic Systems Plane ### 43.1 AI Plane Definition **43.1.1 AI Plane Identity.** The **Foundry AI / Agentic Systems Plane** shall be the governed model, system, agent, tool-permission, workflow, prompt, human-review, red-team, automated-claim-prevention, output-release, correction, and archive layer through which Nexus Foundry uses artificial intelligence and agentic systems in support of public-good production. The AI Plane shall enable evidence review, drafting, coding, simulation, observability, data analysis, dashboard support, readiness mapping, public-safe publication, Studio preparation, Marketplace preparation, Registry support, National Portfolio work, Academy support, correction, and archive without permitting AI or agents to become autonomous public authority, finance, procurement, consent, deployment, operational, or execution actors. **43.1.2 AI Plane Purpose.** The purpose of the AI Plane shall be to make AI useful, bounded, reviewable, traceable, correctable, and safe within Foundry’s institutional architecture. It shall prevent hallucinated authority, unsupported claims, hidden automation, data leakage, prompt injection, tool misuse, model misuse, agent overreach, public authority confusion, finance or procurement implication, consent inference, provider capture, sponsor narrative capture, and execution by automation. **43.1.3 AI Plane Relationship to Other Planes.** The AI Plane shall operate under the Control Plane, Data Plane, Compute Plane, Network Plane, and Security Plane. The Control Plane governs identity, workflow authorization, policy, access, configuration, tools, and change. The Data Plane governs data classification, custody, residency, provenance, output review, and archive. The Compute Plane governs authorized processing. The Network Plane governs connectivity and isolation. The Security Plane governs Zero Trust, secrets, vulnerabilities, monitoring, egress, and incident response. The AI Plane shall not override any of them. **43.1.4 AI Plane Scope.** The AI Plane may include foundation models, domain models, retrieval systems, embeddings, classifiers, summarizers, translators, code assistants, simulation assistants, geospatial AI, multimodal models, evaluator models, guardrail models, red-team models, AI agents, Studio agents, workflow agents, public-safe drafting assistants, readiness agents, Registry support agents, Marketplace support agents, Observatory agents, support agents, correction agents, and archive agents. **43.1.5 AI Plane Records.** Material AI Plane activity shall be record-bearing. Records may include Model Registry Records, System Registry Records, Agent Registry Records, Tool Permission Records, Prompt and Workflow Log Records where appropriate, Human Review Records, Red-Team Notes, Automated Claim Prevention Records, AI Output Release Records, AI Boundary Incident Records, AI Correction Records, and AI Archive Records. **43.1.6 AI as Assistance, Not Authority.** AI outputs shall be treated as draft, candidate, signal, analysis, comparison, assistance, routing suggestion, or workflow support unless reviewed and adopted by a competent process. AI-generated or AI-assisted output shall not create release status, Registry status, Marketplace eligibility, Studio authorization, TRL status, public-safe publication approval, readiness status, handoff status, national routing status, public authority status, consent, deployment authorization, or execution authority. **43.1.7 AI Non-Execution Boundary.** AI and agents shall not autonomously issue public warnings, make public authority decisions, classify official risks, approve procurement, recommend investment, determine insurance, allocate donor or public finance resources, infer consent, activate deployment, operate infrastructure, control Edge systems, send official communications, bind institutions, or execute projects. Any real-world effect shall require separate competent human, institutional, legal, public authority, enterprise, procurement, finance, safeguard, consent, deployment, and operational processes. **43.1.8 AI Plane Formula.** The AI Plane shall operate according to the formula: **register models; register systems; register agents; restrict tools; log where appropriate; review humanly where meaning matters; red-team high-risk workflows; prevent unsupported claims; release AI outputs only by record; correct and archive AI behavior; never let automation become authority.** *** ### 43.2 Model Registry **43.2.1 Model Registry Principle.** The **Model Registry** shall be the controlled status, provenance, permission, limitation, evaluation, risk, support, correction, and archive surface for AI models used or proposed for use within Nexus Foundry. The Model Registry shall make model use traceable and bounded. It shall not certify models universally, validate providers, approve AI safety, or authorize deployment. **43.2.2 Model Registry Function.** The Model Registry shall identify which models may be used, for which workflows, with which data classes, under which tool restrictions, with which human-review obligations, under which public-safe limits, and subject to which correction or suspension conditions. It shall support governance of model selection, model replacement, model restriction, model retirement, and model archive. **43.2.3 Model Registry Record.** A Model Registry Record shall identify model name, model identifier, provider or host, version, deployment mode, jurisdiction or hosting context where material, model type, approved workflow classes, prohibited workflow classes, permitted data classes, prohibited data classes, training or retention implications, model-use terms, evaluation references, Model Card reference, System Card relationships where applicable, known limitations, hallucination risks, bias or fairness notes, security notes, support status, correction history, suspension status, retirement status, archive status, and prohibited claims. **43.2.4 Model Classes.** The Model Registry may include foundation models, domain-specific models, retrieval models, embedding models, classification models, summarization models, translation models, code models, geospatial models, vision models, multimodal models, simulation-support models, risk-analysis models, public-safe review models, guardrail models, evaluator models, red-team models, agent-controller models, sovereign-hosted models, local models, open models, proprietary models, and provider-hosted models. **43.2.5 Model Use Restrictions.** A model may be registered for limited use only. A model acceptable for general drafting may be prohibited for restricted data, public authority-facing outputs, finance-facing outputs, procurement-sensitive work, protected knowledge, Indigenous-sensitive knowledge where applicable, cyber-sensitive analysis, infrastructure-sensitive outputs, health-sensitive data, secure-room workflows, or autonomous agents. **43.2.6 Model Provider and Hosting Controls.** Model Registry shall record provider dependency, hosting mode, data-use terms, retention terms, model-update behavior, telemetry implications, logging implications, cross-border implications, fine-tuning restrictions, training restrictions, exit risks, and substitution options where material. Use of a provider model shall not validate the provider or create procurement preference. **43.2.7 Model Evaluation and Limitation.** Model evaluation shall be recorded within scope. Benchmark performance, internal tests, Frontier Labs tests, Studio tests, or red-team notes shall be described only within recorded conditions and shall not be represented as general certification, legal compliance, safety approval, procurement readiness, financeability, insurability, public authority approval, or deployment authorization. **43.2.8 Model Suspension, Restriction, and Retirement.** A model may be restricted, suspended, deprecated, retired, or archived where model behavior changes, provider terms change, safety concerns arise, hallucination risk becomes unacceptable, data-use concerns appear, security risks appear, bias or fairness concerns become material, support lapses, or workflows overclaim model outputs. **43.2.9 Model Registry Boundary.** Model Registry presence shall not certify the model, approve AI safety, establish legal compliance, authorize sensitive data use, validate a provider, create Marketplace approval, create Registry approval, create procurement status, create financeability, authorize public authority use, grant consent, authorize deployment, or permit execution. **43.2.10 Model Registry Formula.** The Model Registry shall follow the formula: **identify the model; bind it to approved workflows; disclose limits and provider terms; restrict sensitive uses; evaluate within scope; suspend when risk changes; never let model registration become model certification.** *** ### 43.3 System Registry **43.3.1 System Registry Principle.** The **System Registry** shall be the controlled record surface for AI-enabled systems, workflows, applications, Studio runtime packages, Observatory assistants, Marketplace support systems, Registry support systems, readiness assistants, public-safe drafting systems, code-assistance systems, evidence-review systems, dashboard-analysis systems, and agent-enabled systems used or proposed within Foundry. **43.3.2 System Registry Function.** The System Registry shall govern AI systems in context. It shall record not only which model is used, but how the model is combined with data, tools, prompts, retrieval sources, user roles, human review, output review, logging where appropriate, security controls, public-safe rules, support status, correction pathways, and shutdown conditions. **43.3.3 System Registry Record.** A System Registry Record shall identify system name, system identifier, version, steward, purpose, workflow class, models used, tool dependencies, retrieval dependencies, data inputs, data classes, access roles, agent components where applicable, prompt or workflow class, human-review points, output-review requirements, public-safe limits, safeguard controls, security controls, logging rules where appropriate, support status, release status where applicable, Studio status where applicable, Marketplace or Registry relationships where applicable, shutdown triggers, correction history, archive status, and prohibited interpretations. **43.3.4 System Classes.** Registered systems may include evidence-review systems, document-analysis systems, data-classification systems, public-safe drafting systems, translation and accessibility systems, code assistants, testing assistants, simulation-support systems, geospatial analysis systems, Observatory assistants, DRI assistants, GRIx assistants, readiness mapping systems, safeguard support systems, Marketplace metadata systems, Registry status support systems, Studio runtime systems, support systems, correction systems, and archive systems. **43.3.5 System Risk Classification.** System Registry shall classify risks arising from the system as a composition, including model risk, data risk, tool risk, agent autonomy risk, prompt-injection risk, output reliance risk, public-safe risk, public authority risk, finance risk, procurement risk, consent risk, cyber risk, dual-use risk, protected knowledge risk, Indigenous protocol risk where applicable, and execution implication risk. **43.3.6 System Review and Release Relationship.** System registration shall not equal release. A system may be registered as proposed, experimental, restricted, internal, secure-room-only, Studio-preparation, public-safe-review-required, suspended, retired, or archived. Release, support, Marketplace, Registry, Studio, national routing, or handoff status shall arise only through the relevant records. **43.3.7 System Change Control.** Material changes to model, tools, retrieval sources, prompts, workflow logic, data classes, user roles, output class, public-facing use, public authority-facing use, finance-facing use, procurement-sensitive use, Studio runtime, or handoff use shall require System Registry update and, where risk requires, reauthorization. **43.3.8 System Boundary.** A System Registry Record shall not authorize deployment, public authority use, procurement use, finance use, insurance use, public release, Studio activation, sensitive data access, consent determination, handoff, or execution by itself. It records and bounds the system; competent processes govern use. **43.3.9 System Registry Correction.** System Registry records shall be corrected where system composition changes, tool permissions drift, data sources change, model behavior changes, user classes change, public-safe exposure changes, support status changes, or system outputs are misused as authority. **43.3.10 System Registry Formula.** The System Registry shall follow the formula: **register the system in context; bind models to data, tools, prompts, and users; classify composed risk; require review for material changes; correct system drift; never let system registration become deployment authority.** *** ### 43.4 Agent Registry **43.4.1 Agent Registry Principle.** The **Agent Registry** shall be the controlled record surface for AI agents, workflow agents, Studio agents, tool-using agents, retrieval agents, coding agents, evidence agents, readiness agents, Marketplace agents, Registry agents, Observatory agents, support agents, correction agents, archive agents, and any autonomous or semi-autonomous system capable of planning, acting, invoking tools, routing work, or producing outputs within Foundry. **43.4.2 Agent Registry Function.** The Agent Registry shall ensure that each agent has a recorded identity, purpose, autonomy level, model dependencies, tool permissions, data permissions, memory rules, human authorization points, output-review rules, logging rules where appropriate, shutdown triggers, support status, correction pathway, and archive status. **43.4.3 Agent Registry Record.** An Agent Registry Record shall identify agent name, agent identifier, version, steward, purpose, workflow class, autonomy level, model dependencies, system dependencies, tool permissions, data permissions, memory or context rules, retrieval scope, allowed actions, prohibited actions, user classes, environment classes, human approval points, output-review requirements, public-safe limits, safeguard controls, logging rules where appropriate, support status, shutdown triggers, incident history, correction history, archive rule, and prohibited claims. **43.4.4 Agent Classes.** Agent classes may include suggestion-only agents, draft-only agents, retrieval agents, classification agents, code agents, test agents, documentation agents, simulation agents, Observatory agents, DRI agents, GRIx agents, readiness agents, safeguard agents, public-safe review-support agents, Marketplace metadata agents, Registry support agents, Studio runtime agents, support agents, correction agents, archive agents, and controlled automation agents. **43.4.5 Autonomy Level Discipline.** Agent autonomy shall be explicitly classified. Autonomy levels may include no-tool draft assistance, retrieval-only assistance, classification-only assistance, tool-assisted with human approval, limited automation with output review, secure-room-only automation, Studio-controlled automation, support automation, correction-support automation, and prohibited autonomous action. Higher autonomy shall require stronger controls, review, logging where appropriate, and shutdown capacity. **43.4.6 Agent Identity.** Agents shall operate under explicit identities and shall not hide behind generic system authority. Agent identity shall determine what data, tools, workflows, environments, and outputs the agent may access. An agent shall not inherit all permissions of a human requester unless a specific controlled delegation record permits a bounded action. **43.4.7 Agent Memory and Context.** Agent memory, persistent context, retrieval access, uploaded materials, National Portfolio context, Registry context, Marketplace context, Studio context, secure-room context, and user context shall be governed by data classification, privacy, confidentiality, protected knowledge, Indigenous protocol sensitivity where applicable, retention, deletion, sealing, and archive rules. Agents shall not accumulate sensitive memory without authorization. **43.4.8 Agent Boundary.** Agent Registry presence, configuration, or activation shall not authorize official communications, publication, Registry status change, Marketplace listing, Studio activation, TRL assignment, access grants, finance or procurement recommendations, public authority decisions, consent determinations, deployment, infrastructure operation, handoff, or execution. **43.4.9 Agent Correction and Suspension.** Agents shall be corrected, restricted, suspended, or retired where they hallucinate materially, exceed tools, leak data, overclaim authority, ignore public-safe rules, mishandle protected knowledge, bypass review, manipulate records, misroute work, create user reliance risk, or act outside configuration. **43.4.10 Agent Registry Formula.** The Agent Registry shall follow the formula: **register every agent; define autonomy narrowly; bind tools and data to purpose; require human approval for material actions; control memory; shut down on drift; never let an agent become hidden authority.** *** ### 43.5 Tool Permissions **43.5.1 Tool Permission Principle.** **Tool Permissions** shall govern which tools AI systems and agents may use, under what conditions, against which data, within which environments, with what human approval, and with what output-review obligations. Tool access shall be least-privilege, purpose-bound, time-bounded where appropriate, revocable, sandboxed where risk requires, and recorded. **43.5.2 Tool Categories.** Tools may include search tools, repository tools, code execution tools, data analysis tools, document tools, spreadsheet tools, dashboard tools, GIS tools, simulation tools, model-evaluation tools, communication tools, ticketing tools, Registry tools, Marketplace tools, Studio tools, secure-room tools, data-room tools, cloud tools, compute orchestration tools, network tools, security tools, release tools, archive tools, and handoff-support tools. **43.5.3 Tool Permission Record.** A Tool Permission Record shall identify system or agent, tool, permission level, allowed actions, prohibited actions, data classes, environment, duration, human approval requirements, logging rules where appropriate, sandboxing requirements, egress restrictions, revocation triggers, emergency stop, correction pathway, archive rule, and prohibited interpretations. **43.5.4 Least Tool Principle.** AI systems shall receive the smallest tool set needed for the authorized workflow. A drafting assistant shall not receive repository write access. A retrieval agent shall not receive cloud administration access. A Marketplace metadata agent shall not receive Registry status authority. A Studio agent shall not receive uncontrolled external communication rights. A code agent shall not receive production deployment rights. **43.5.5 Sandboxing.** AI systems with code execution, workflow automation, data transformation, connector access, cloud access, agentic tool use, cyber-sensitive tools, release-adjacent tools, or external communication capability shall operate in sandboxed or controlled environments proportionate to risk. Sandboxing shall limit network access, file access, credential access, data exposure, package installation, external calls, and blast radius. **43.5.6 Prohibited Default Tool Actions.** AI tools shall not by default delete records, grant access, change Registry status, approve Marketplace listings, activate Studio runtime, send official external communications, issue public notices, execute contracts, transfer sensitive data, run uncontrolled infrastructure commands, modify production systems, or trigger deployment. **43.5.7 Secrets and Credential Controls.** AI systems and agents shall not receive unrestricted credentials, secrets, keys, tokens, service accounts, private certificates, provider credentials, public authority credentials, or secure-room access. Tool access shall use controlled interfaces and scoped credentials. Secrets shall not be exposed in prompts, logs, outputs, or agent memory. **43.5.8 Tool Misuse Detection.** Tool misuse may include unauthorized access, unintended data transfer, unsafe code execution, prompt injection success, tool loop behavior, hidden external communication, overbroad file access, Registry or Marketplace manipulation, Studio runtime overreach, infrastructure action beyond authorization, or egress beyond review. Misuse shall trigger incident response and correction. **43.5.9 Tool Permission Correction.** Tool permissions shall be revoked, reduced, corrected, rotated, sandboxed further, suspended, or retired where misuse occurs, risk changes, support lapses, data class changes, workflow changes, agent behavior becomes unsafe, or public-safe risk appears. **43.5.10 Tool Permission Formula.** Tool Permissions shall follow the formula: **grant the smallest tool; isolate risky execution; protect secrets; require human approval for material actions; block unauthorized egress; revoke on misuse; never let tool access become decision or execution authority.** *** ### 43.6 Prompt and Workflow Logs Where Appropriate **43.6.1 Logging Principle.** **Prompt and Workflow Logs** shall be used where appropriate to preserve AI provenance, support human review, enable correction, investigate incidents, understand agent behavior, detect prompt injection, support public-safe integrity, maintain verifiable intelligence, and preserve institutional memory. Logging shall be proportionate, lawful, privacy-aware, confidentiality-aware, security-aware, and sensitive to protected knowledge, Indigenous protocols where applicable, and national data controls. **43.6.2 Log Classes.** AI Plane logs may include system prompt versions, prompt logs, workflow logs, retrieval logs, tool-use logs, model-output logs, agent-action logs, human-review logs, red-team logs, output-revision logs, approval logs, rejection logs, escalation logs, correction logs, shutdown logs, incident logs, and archive logs. Not all logs shall be public, complete, or broadly accessible. **43.6.3 Logging Record.** A Prompt and Workflow Logging Record shall identify workflow or system, log classes retained, purpose of logging, sensitivity class, data classes likely to appear, access roles, redaction rules, retention period, sealing rule, deletion rule, protected knowledge controls, Indigenous protocol controls where applicable, secure-room rules, correction pathway, archive rule, and prohibited uses. **43.6.4 Sensitive Logging Controls.** Logs may contain personal information, confidential information, protected knowledge, Indigenous-sensitive knowledge where applicable, public authority-sensitive information, cyber-sensitive information, infrastructure-sensitive information, legal-sensitive information, model-vulnerability information, or secrets accidentally entered by users. Such logs shall be restricted, redacted, sealed, aggregated, minimized, or not retained where appropriate. **43.6.5 Logging for Material Outputs.** AI workflows contributing to public-safe materials, public authority learning materials, Marketplace listings, Registry records, Studio outputs, readiness mappings, TRL records, National Portfolio records, safeguard records, or handoff packages should preserve sufficient workflow trace to support review, correction, and accountability, subject to sensitivity controls. **43.6.6 Logging Without Surveillance.** Prompt and workflow logging shall not become unrestricted surveillance of contributors, communities, Indigenous participants where applicable, public authority learners, partners, users, or staff. Logging shall be purpose-bound and proportionate. Monitoring rules shall be transparent where appropriate and consistent with data and security controls. **43.6.7 Log Access and Use.** Logs shall be accessible only to roles with a legitimate review, security, correction, support, archive, or governance purpose. Logs shall not be used for unrelated performance surveillance, political monitoring, sponsor intelligence, provider advantage, public authority intelligence gathering, finance signaling, procurement signaling, or public narrative control. **43.6.8 Log Correction, Sealing, and Deletion.** Logs shall be corrected, annotated, restricted, sealed, redacted, deleted where lawfully required, or archived where they contain errors, sensitive exposure, over-retention, unauthorized content, secrets, public-safe risk, or protected knowledge risk. Log correction shall preserve accountability where lawful. **43.6.9 Logging Boundary.** Logs support provenance and correction. They shall not by themselves create approval, certification, public authority status, procurement status, financeability, consent, deployment authorization, or execution authority. **43.6.10 Prompt and Workflow Logging Formula.** Prompt and Workflow Logs shall follow the formula: **log enough to verify and correct; minimize and protect sensitive content; restrict access; avoid surveillance; seal or delete when required; never let logs become authority or uncontrolled memory.** *** ### 43.7 Human Review and Red-Team Notes **43.7.1 Human Review Principle.** **Human Review** shall be required where AI outputs affect evidence meaning, public-safe publication, public authority learning, readiness mapping, safeguards, Marketplace visibility, Registry status, Studio runtime, TRL inputs, National Portfolio records, handoff packages, or any context where reliance, rights impact, public meaning, national routing, or harm may arise. AI shall assist human judgment; it shall not replace competent review. **43.7.2 Review Classes.** AI output review may include evidence review, source review, technical review, code review, data review, public-safe review, translation review, accessibility review, safeguard review, Indigenous protocol review where applicable, privacy review, cyber review, public authority boundary review, readiness boundary review, Marketplace review, Registry review, Studio review, TRL review, handoff review, security review, and archive review. **43.7.3 Human Review Record.** A Human Review Record shall identify output, AI system, agent, model, workflow, reviewer, review class, review criteria, sources considered, findings, accepted portions, rejected portions, required changes, uncertainty, limitations, public-safe status, escalation requirement, correction pathway, archive rule, and prohibited interpretations. **43.7.4 Red-Team Purpose.** **Red-Team Notes** shall document adversarial, stress, misuse, boundary, hallucination, prompt-injection, tool-misuse, egress, public-safe, safeguard, finance-overclaim, procurement-overclaim, public-authority-overclaim, consent-overclaim, deployment-overclaim, and execution-overclaim testing of AI workflows, systems, agents, or outputs. Red-team work shall identify failure modes before they become public or operational risks. **43.7.5 Red-Team Note Elements.** Red-Team Notes shall identify system or agent tested, model, workflow, test scope, test conditions, attack or misuse pattern where safe to record, data class, tool class, result, observed failure, severity, containment recommendation, correction recommendation, retest requirement, public-safe disclosure limit, archive rule, and prohibited claims. **43.7.6 High-Risk Review Requirement.** High-risk AI outputs shall not be published, routed, displayed, handed off, used in public authority learning, used in readiness rooms, used in capital-reader rooms, used in insurance-reader rooms, used in public finance rooms, used in community-facing materials, used in Indigenous-facing materials where applicable, or used in Studio runtime without human review appropriate to risk. **43.7.7 Reviewer Independence and Conflict.** Reviewers shall disclose conflicts where AI output affects providers, sponsors, public authorities, finance readers, procurement-sensitive matters, national routing, community matters, Indigenous matters where applicable, or enterprise handoff. Provider-generated AI outputs shall not be self-validated by the provider where independent review is required. **43.7.8 Red-Team Confidentiality and Dual-Use Controls.** Red-team notes may contain vulnerabilities, prompt-injection patterns, exploit pathways, unsafe outputs, sensitive data pathways, or model weaknesses. Such notes shall be access-controlled and public-safe. Public learning shall not disclose harmful operational detail. **43.7.9 Review and Red-Team Correction.** Human Review Records and Red-Team Notes shall be corrected where review missed hallucination, source error, public-safe overclaim, data leak, bias, safeguard issue, tool misuse, public authority overclaim, readiness overclaim, consent overclaim, or execution implication. **43.7.10 Human Review and Red-Team Formula.** Human Review and Red-Team Notes shall follow the formula: **AI may draft and act within limits; humans review meaning; red teams test failure; conflicts are disclosed; high-risk outputs are gated; failures become corrections; no AI output becomes status by itself.** *** ### 43.8 Automated Claim Prevention **43.8.1 Automated Claim Prevention Principle.** **Automated Claim Prevention** shall be the AI Plane control system that prevents AI systems and agents from generating, amplifying, routing, publishing, displaying, or embedding claims that exceed Foundry records. It shall prevent fluent language from creating false authority. **43.8.2 Claims to Prevent or Gate.** AI workflows shall prevent or flag unsupported claims using or implying terms such as approved, certified, recognized, validated, compliant, official, government-approved, regulator-approved, financeable, bankable, investable, insurable, underwritten, donor-approved, public-finance-approved, procurement-ready, preferred provider, selected supplier, warning issued, officially classified, consented, community-approved, Indigenous-approved where applicable, deployment-ready, operationally ready, execution-ready, Nexus-approved, GCRI-validated, GRF-recognized, GRA-ready, Marketplace-approved, Registry-approved, Studio-authorized, TRL-certified, or equivalent status-bearing language unless an exact competent record supports the exact phrase. **43.8.3 Automated Claim Prevention Controls.** Controls may include controlled vocabulary, prohibited-term lists, claims dictionaries, no-conversion templates, public-safe review prompts, record-checking workflows, source-grounding requirements, output classifiers, high-risk phrase alerts, public authority phrase alerts, finance phrase alerts, procurement phrase alerts, consent phrase alerts, deployment phrase alerts, automated refusal, human-review escalation, and correction triggers. **43.8.4 Record-Checking Requirement.** AI systems generating status-bearing text shall check source records where feasible and shall not invent missing status. If no record supports a claim, the AI output shall avoid the claim, use bounded language, identify uncertainty, or route for human review. Absence of evidence shall not be filled by plausible prose. **43.8.5 Public-Safe Templates.** AI workflows shall use public-safe templates for Marketplace descriptions, Registry entries, Studio descriptions, public reports, readiness notes, public authority learning materials, National Portfolio summaries, Observatory summaries, dashboard labels, Nexus Universe materials, and handoff packages. Templates shall preserve role boundaries, support status, correction pathways, and no-conversion language. **43.8.6 Sponsor and Provider Claim Controls.** AI shall not generate claims implying sponsor endorsement, provider validation, technical superiority, preferred status, procurement advantage, financeability, public authority approval, public-safe legitimacy, deployment readiness, or execution capability unless supported by a competent record and reviewed. **43.8.7 National, Community, and Indigenous Claim Controls.** AI shall not infer national approval, government adoption, community consent, Indigenous consent where applicable, protected knowledge permission, social license, public acceptance, or implementation authorization from participation, attendance, silence, public data, community inputs, or arena visibility. **43.8.8 Automated Claim Incident.** An Automated Claim Incident shall arise where AI generates or helps publish unsupported status language, public-warning language, public authority language, finance language, procurement language, consent language, deployment language, or execution language. Such incident shall trigger output correction, workflow correction, prompt revision, model restriction, human-review escalation, public-safe clarification, or workflow suspension. **43.8.9 Automated Claim Prevention Boundary.** Automated claim controls reduce overclaim risk; they do not certify the accuracy of all outputs. Human review remains required where public meaning or reliance risk is material. **43.8.10 Automated Claim Prevention Formula.** Automated Claim Prevention shall follow the formula: **forbid unsupported status words; ground claims in records; flag authority language; preserve no-conversion templates; escalate uncertainty; correct false claims; never let fluent AI language create authority.** *** ### 43.9 AI Output Release Control **43.9.1 AI Output Release Control Principle.** **AI Output Release Control** shall govern when AI-generated or AI-assisted outputs may leave draft status, enter Foundry records, appear in public-safe materials, support Marketplace listings, support Registry records, run in Studio, inform public authority learning, inform readiness mapping, enter National Portfolios, support TRL inputs, or accompany handoff packages. **43.9.2 AI Output Classes.** AI outputs may be classified as scratch output, draft output, candidate output, internal analysis, evidence-support output, code-support output, translation output, accessibility output, public-safe draft, review-support output, red-team output, corrected output, adopted output, rejected output, restricted output, sealed output, archived output, or release-controlled output. **43.9.3 AI Output Release Record.** An AI Output Release Record shall identify output, source workflow, model, system or agent, data sources, prompt or workflow class where relevant, human reviewer, review class, public-safe status, data classification, sensitivity class, audience, permitted uses, prohibited uses, limitations, correction pathway, archive rule, and prohibited interpretations. **43.9.4 Release Conditions.** AI outputs may be released only where source grounding, data permissions, public-safe language, human review, safeguard review, national routing, security review, output review, support status, and correction pathway are sufficient for the intended use. Higher-risk outputs require stronger review and clearer limitations. **43.9.5 Outputs Requiring Heightened Control.** Heightened release control shall apply to AI outputs involving public authority learning, finance-readiness, procurement-sensitive matters, insurance-readiness, public finance relevance, community-sensitive contexts, Indigenous-sensitive contexts where applicable, health data, infrastructure data, cyber data, geospatial sensitivity, protected knowledge, public-safe reporting, Marketplace display, Registry status, Studio runtime, TRL inputs, and lawful handoff packages. **43.9.6 AI Code and Automation Outputs.** AI-generated code, scripts, configurations, infrastructure templates, agents, prompts, connectors, dashboards, schemas, or deployment units shall be reviewed for security, correctness, licensing, dependencies, secrets, data handling, public-good compatibility, supportability, and non-execution boundaries before release or use in controlled workflows. **43.9.7 Translation and Accessibility Outputs.** AI-generated translation, accessibility adaptation, plain-language summary, or alternative-format output shall be reviewed where boundary language, consent language, public authority language, finance language, procurement language, safeguard meaning, or public-safe meaning could be altered. Accessibility shall not dilute legal or institutional limits. **43.9.8 Release Without Deployment.** Release of an AI output shall not authorize deployment, public authority action, procurement, finance, insurance, public finance allocation, consent, handoff, or execution. Release determines permitted communication or workflow status only within record. **43.9.9 AI Output Withdrawal and Recall.** AI outputs shall be withdrawn, corrected, restricted, recalled, sealed, or archived where they hallucinate, misstate source records, expose sensitive data, mistranslate boundaries, create public-safe risk, overclaim authority, mislead users, or are used beyond permitted scope. **43.9.10 AI Output Release Control Formula.** AI Output Release Control shall follow the formula: **classify AI output; review before adoption; heighten controls for public meaning; release only by record; withdraw when wrong; never let AI output release become deployment or decision authority.** *** ### 43.10 AI Plane Correction and Archive **43.10.1 AI Plane Correction Principle.** **AI Plane Correction** shall ensure that AI models, systems, agents, tool permissions, prompts, workflows, logs, outputs, reviews, red-team notes, release records, claims controls, incidents, and archive states remain correctable. AI correction shall address both technical failure and institutional meaning failure. **43.10.2 Correction Triggers.** AI correction may be triggered by hallucination, source fabrication, unsupported claim, data leakage, prompt injection, tool misuse, agent overreach, unauthorized egress, model behavior change, provider terms change, bias or fairness issue, public-safe failure, mistranslation, accessibility failure, protected knowledge exposure, Indigenous protocol issue where applicable, public authority overclaim, finance overclaim, procurement overclaim, consent overclaim, deployment overclaim, execution implication, security issue, or support lapse. **43.10.3 AI Correction Record.** An AI Correction Record shall identify affected model, system, agent, workflow, tool, prompt, output, record, or release; correction trigger; affected data; affected users; affected public-safe materials; affected Marketplace, Registry, Studio, National Portfolio, TRL, readiness, public authority learning, or handoff records; containment action; correction action; notice requirement; recurrence controls; archive status; and prohibited interpretations. **43.10.4 Correction Actions.** Correction may include output correction, public-safe clarification, prompt revision, workflow revision, model restriction, model suspension, system restriction, agent suspension, tool-permission reduction, sandbox strengthening, logging change, human-review strengthening, red-team retest, Registry correction, Marketplace correction, Studio correction, TRL correction, readiness correction, National Portfolio correction, handoff recall, data sealing, public notice, targeted notice, training update, and archive annotation. **43.10.5 AI Boundary Incident Handling.** AI Boundary Incidents shall be contained promptly. Containment may include stopping the workflow, disabling the agent, revoking tool permissions, freezing outputs, restricting access, withdrawing public materials, pausing Studio runtime, correcting Marketplace or Registry entries, sealing logs, rotating credentials, or escalating to safeguard, public-safe, technical, legal-boundary, public authority, or national routing review. **43.10.6 AI Archive Principle.** AI Archive shall preserve non-current AI records, including model versions, system versions, agent configurations, prompts or workflow classes where appropriate, tool permission history, human-review records, red-team notes, output release records, incident records, correction records, suspension records, retirement records, and lessons learned. Archive shall preserve learning without preserving current authority. **43.10.7 AI Archive Controls.** AI archive records may contain sensitive prompts, vulnerabilities, model weaknesses, tool misuse patterns, protected knowledge, Indigenous-sensitive knowledge where applicable, public authority-sensitive information, security details, or confidential materials. Archive access shall be restricted according to sensitivity. Public summaries shall be public-safe and non-exploit-enabling. **43.10.8 No Current Authority From AI Archive.** Archived AI models, system records, agent configurations, prompts, outputs, reviews, red-team notes, release records, or correction records shall not be cited as current approval, current model suitability, current system authorization, current agent permission, current public-safe status, current Marketplace status, current Registry status, current Studio status, current readiness basis, current handoff basis, deployment authorization, or execution authority unless reinstated by current review and record. **43.10.9 AI Renewal and Reinstatement.** A suspended, retired, or archived model, system, agent, workflow, tool permission, or AI output may be renewed or reinstated only through current review confirming purpose, model behavior, system configuration, data permissions, tool limits, security posture, public-safe status, support status, national routing, safeguard conditions, and correction history. Reinstatement shall not occur by copying old prompts, re-enabling old agents, or reusing archived outputs informally. **43.10.10 Final AI / Agentic Systems Plane Formula.** The controlling AI / Agentic Systems Plane Formula is that **the AI Plane registers models, systems, and agents; restricts tools; logs prompts and workflows where appropriate; requires human review and red-team notes where risk demands; prevents unsupported claims; controls AI output release; corrects hallucination, leakage, misuse, overclaim, and agent drift; and archives AI memory without preserving current authority. AI may accelerate Foundry’s public-good production, but no model, system, agent, prompt, workflow, tool permission, AI output, red-team note, release record, correction record, or archive record creates public authority effect, procurement effect, finance effect, insurance effect, consent effect, deployment authorization, operational command, or execution authority by implication.** ## 44. Observability Plane ### 44.1 Observability Plane Definition **44.1.1 Observability Plane Identity.** The **Foundry Observability Plane** shall be the governed signal, indicator, telemetry, sensor, edge, geospatial, digital twin, dashboard, confidence, uncertainty, drift, public-safe reporting, correction, and archive layer through which Nexus Foundry structures what can be observed, how it is observed, how observability outputs are interpreted, how uncertainty is displayed, how public-safe meaning is preserved, and how observability records are corrected or archived. The Observability Plane shall make systems more visible without converting visibility into authority. **44.1.2 Observability Plane Purpose.** The purpose of the Observability Plane shall be to support public-good learning, evidence formation, National Portfolio development, Nexus Observatory work, DRI pipelines, GRIx context, public authority learning, Edge validation, simulation, digital twin calibration, dashboard development, readiness mapping, safeguard identification, public-safe reporting, Studio preparation, Marketplace context, Registry memory, and lawful handoff dependency mapping. Observability shall identify signals, gaps, patterns, dependencies, uncertainty, and drift; it shall not issue public warnings, determine official risk classifications, authorize deployment, determine financeability, determine insurability, create procurement conclusions, establish consent, or execute action. **44.1.3 Observability Plane Relationship to Other Planes.** The Observability Plane shall operate across the Data Plane, Compute Plane, Network Plane, Security Plane, AI / Agentic Systems Plane, Edge Architecture, Control Plane, Studio, Marketplace, Registry, National Nodes, Regional Clusters, Dense Cores, and Nexus Observatory. Data Plane controls shall govern source data, provenance, residency, and output review. Compute Plane controls shall govern processing. Network Plane controls shall govern telemetry movement. Security Plane controls shall govern access and protection. AI Plane controls shall govern model-assisted interpretation. Control Plane policies shall govern routing, permission, configuration, and change. Observability shall not override any such controls. **44.1.4 Observability Object Classes.** Observability objects may include indicator libraries, metric definitions, DRI pipelines, GRIx context signals, sensor feeds, Edge telemetry, Earth observation products, geospatial layers, GIS overlays, digital twin inputs, simulation outputs, dashboard telemetry, confidence labels, uncertainty labels, drift labels, public-safe summaries, public authority learning views, National Portfolio observability notes, Marketplace context notes, Registry observability records, Studio observability packages, and archive records. **44.1.5 Observability Plane Records.** Material Observability Plane activity shall be record-bearing. Records may include Indicator Library Records, Indicator Definition Records, DRI Pipeline Records, Sensor Integration Records, Edge Integration Records, Geospatial Layer Records, Digital Twin Integration Records, Dashboard Telemetry Records, Confidence Records, Uncertainty Records, Drift Records, Public-Safe Observability Records, Correction Records, and Observability Archive Records. **44.1.6 Observability Without Decision Authority.** Observability outputs shall be treated as evidence, signal, context, attention structure, learning material, dashboard material, or dependency input unless a competent lawful actor separately creates a decision. Observation shall not equal determination. A visible signal shall not become official status merely because it is visible, computed, mapped, displayed, compared, or discussed. **44.1.7 Observability Boundary.** Observability shall not create public warning, emergency alert, regulatory classification, public authority decision, compliance status, procurement priority, supplier qualification, investment signal, insurance determination, donor priority, public finance allocation, community consent, Indigenous consent where applicable, protected knowledge permission, deployment authorization, operational command, or execution authority. **44.1.8 Observability Plane Formula.** The Observability Plane shall operate according to the formula: **observe with provenance; classify signals before use; compute indicators under method; label uncertainty and drift; integrate edge and geospatial data with safeguards; display dashboards public-safely; route nationally where relevant; correct misleading observability; archive non-current signals; never let visibility become authority.** *** ### 44.2 Indicator Libraries **44.2.1 Indicator Library Identity.** **Indicator Libraries** shall be governed collections of indicators, metrics, signals, measures, proxy variables, thresholds where appropriate, metadata, methods, definitions, limitations, confidence labels, uncertainty treatments, update cadences, public-safe labels, and correction pathways used by Foundry, Nexus Observatory, DRI pipelines, GRIx context, National Portfolios, dashboards, Studio workflows, and public authority learning materials. **44.2.2 Indicator Library Purpose.** Indicator Libraries shall support consistent observability across countries, regions, domains, hazards, sectors, technologies, infrastructure systems, resilience systems, and public-good programs. They shall reduce semantic confusion, prevent arbitrary metrics, support repeatability, make uncertainty visible, and allow national localization without silently forking the common rail. **44.2.3 Indicator Library Record.** Each Indicator Library shall have an Indicator Library Record identifying library name, domain, steward, version, scope, included indicators, data sources, methodology references, update cadence, applicable geographies, national localization pathways, data classes, public-safe classes, uncertainty rules, drift rules, support status, correction pathway, archive rule, and prohibited interpretations. **44.2.4 Indicator Definition Record.** Each material indicator shall have an Indicator Definition Record identifying indicator name, purpose, concept measured, formula or method where applicable, source data, data class, computation method, update frequency, spatial and temporal scale, assumptions, limitations, sensitivity, uncertainty, confidence treatment, public-safe display rule, national localization rule, correction pathway, archive rule, and prohibited claims. **44.2.5 Indicator Classes.** Indicator Libraries may include hazard indicators, exposure indicators, vulnerability indicators, resilience indicators, infrastructure continuity indicators, cyber indicators, AI system indicators, telecom and edge indicators, WEFH-B indicators, climate indicators, biodiversity indicators, health-system indicators, energy-system indicators, supply-chain indicators, finance-readiness question indicators, public authority learning indicators, safeguard indicators, data quality indicators, support indicators, and correction indicators. **44.2.6 Indicator Localization.** Indicators may be localized for national law, data availability, language, public authority structures, infrastructure systems, community context, Indigenous protocols where applicable, and public-safe communication needs. Localization shall preserve baseline lineage, definitions, versioning, limitations, and correction links. **44.2.7 Indicator Boundary.** An indicator shall not be treated as a rating, ranking, official classification, insurance score, investment signal, procurement evaluation, compliance finding, public warning, consent status, deployment readiness status, or execution mandate unless a separate competent lawful process creates such status. Indicators inform; they do not decide. **44.2.8 Indicator Correction.** Indicator Library Records and Indicator Definition Records shall be corrected where definitions are wrong, data sources change, methods become stale, uncertainty is understated, localization creates distortion, public-safe display misleads, thresholds are overclaimed, or indicators are used as ratings, warnings, finance signals, procurement signals, consent, deployment, or execution authority. **44.2.9 Indicator Library Formula.** Indicator Libraries shall follow the formula: **define indicators before use; record method and limits; localize with lineage; label uncertainty; correct drift; never let an indicator become rating or decision by implication.** *** ### 44.3 DRI Pipelines **44.3.1 DRI Pipeline Identity.** **DRI Pipelines** shall be governed observability, evidence, data-processing, indicator-generation, signal-classification, dashboard-preparation, uncertainty-labeling, drift-detection, public-safe-output, and archive pathways used to produce Disaster Risk Intelligence, Development Risk Intelligence, Digital Risk Intelligence, or other approved DRI outputs within the Nexus architecture. DRI Pipelines shall structure intelligence without converting intelligence into official decision authority. **44.3.2 DRI Pipeline Purpose.** DRI Pipelines shall convert classified data, indicator definitions, Edge telemetry, Earth observation products, GIS layers, public datasets, national records, community-grounded inputs where safeguarded, public authority learning inputs, simulation outputs, and digital twin outputs into bounded risk-intelligence records, dashboards, summaries, and readiness questions. Their purpose is to improve situational understanding, dependency mapping, and public-good learning, not to issue commands. **44.3.3 DRI Pipeline Record.** Each DRI Pipeline shall have a DRI Pipeline Record identifying pipeline name, purpose, DRI class, data inputs, indicator libraries used, computation methods, AI systems used where applicable, human-review points, data classes, public-safe classes, national routing requirements, safeguard requirements, confidence labels, uncertainty labels, drift labels, output classes, review requirements, update cadence, correction pathway, archive rule, and prohibited claims. **44.3.4 DRI Input Controls.** DRI Pipeline inputs shall be classified before use. Inputs involving sovereign data, public authority-sensitive data, community-sensitive data, Indigenous-sensitive data or knowledge where applicable, health data, infrastructure-sensitive data, cyber-sensitive data, geospatial-sensitive data, protected knowledge, or confidential partner data shall be governed by special controls, output review, and national routing. **44.3.5 DRI Processing Controls.** DRI Pipeline processing shall preserve source provenance, transformation lineage, indicator definitions, computation methods, confidence, uncertainty, limitations, review state, and output status. AI-assisted DRI processing shall be recorded, reviewed, and bounded by AI Plane rules. **44.3.6 DRI Output Classes.** DRI outputs may include internal intelligence notes, public-safe summaries, dashboard layers, National Portfolio records, public authority learning materials, readiness questions, safeguard flags, Observatory records, Studio packages, Marketplace context, Registry references, and handoff dependency notes. Each output class shall carry its own review and claims limits. **44.3.7 DRI Without Warning or Rating.** DRI outputs shall not constitute official public warnings, emergency alerts, hazard ratings, sovereign risk ratings, insurance ratings, investment signals, procurement priorities, public authority classifications, compliance findings, community consent, Indigenous consent where applicable, deployment authorization, or operational command. **44.3.8 DRI Correction.** DRI Pipeline Records and outputs shall be corrected where input data changes, indicators are wrong, transformations fail, AI outputs hallucinate, uncertainty is understated, dashboards mislead, public-safe language overclaims, national routing is bypassed, or outputs are used as warnings, ratings, finance, procurement, consent, deployment, or execution signals. **44.3.9 DRI Pipeline Formula.** DRI Pipelines shall follow the formula: **classify inputs; compute indicators with provenance; label confidence and uncertainty; review outputs; route nationally; publish only public-safe intelligence; correct drift; never let DRI become official warning, rating, or command.** *** ### 44.4 Sensor and Edge Integration **44.4.1 Sensor and Edge Integration Identity.** **Sensor and Edge Integration** shall be the governed process through which sensors, IoT devices, OT interfaces, Edge Environments, local sensing systems, telemetry streams, Observatory Nodes, private wireless systems, AI-RAN/O-RAN-related observability points, field instruments, community-grounded inputs where safeguarded, and local validation pathways connect to the Observability Plane. **44.4.2 Integration Purpose.** Sensor and Edge Integration shall allow Foundry to receive local signals, validate assumptions, detect drift, enrich National Portfolios, calibrate simulations, support digital twins, improve public authority learning, strengthen DRI pipelines, update dashboards, and identify readiness or safeguard questions. It shall not create surveillance authority, operational control, public warning authority, or deployment authority. **44.4.3 Sensor Integration Record.** Each material sensor or Edge integration shall have a Sensor and Edge Integration Record identifying source device or environment, host, location or location class, connected systems, data fields, collection purpose, data class, telemetry frequency, access roles, cyber controls, privacy controls, national pathway, community and Indigenous considerations where applicable, public authority sensitivity, synchronization rule, validation method, output-review rule, correction pathway, teardown rule, and prohibited uses. **44.4.4 Read-Only and Control Separation.** Observability integrations shall be read-only by default. Any write, actuation, command, operational-control, configuration-change, or field-intervention capability shall be disabled, sandboxed, or separately authorized by competent lawful process outside default Foundry operations. Observability shall not become control. **44.4.5 Edge Data Minimization.** Sensor and Edge integrations shall prefer minimization, aggregation, local processing, masking, delayed synchronization, and public-safe output review where raw data may expose people, communities, Indigenous-sensitive knowledge or places where applicable, infrastructure vulnerabilities, health information, cyber-sensitive information, or public authority-sensitive information. **44.4.6 Sensor Quality and Drift.** Sensor outputs shall be reviewed for calibration, timestamp integrity, device location, device health, missingness, spoofing risk, telemetry loss, network delay, cyber compromise, and environmental drift. Sensor drift shall be labeled, corrected, restricted, or archived. **44.4.7 Sensor and Edge Public-Safe Rules.** Sensor and Edge outputs proposed for dashboards, reports, public authority learning, Marketplace context, Registry records, Studio workflows, or handoff packages shall be reviewed for false precision, sensitive exposure, warning-like interpretation, surveillance risk, finance or insurance implication, procurement implication, consent implication, and deployment implication. **44.4.8 Sensor and Edge Integration Correction.** Integration records shall be corrected where devices are misidentified, telemetry is stale, data class is wrong, cyber controls fail, Edge synchronization fails, sensor drift appears, community concerns arise, Indigenous protocol concerns arise where applicable, or outputs are used as warnings, surveillance, finance, procurement, consent, deployment, or execution signals. **44.4.9 Sensor and Edge Integration Formula.** Sensor and Edge Integration shall follow the formula: **integrate local signals by record; separate sensing from control; minimize raw movement; validate telemetry; label drift; review public outputs; never let sensors become surveillance, warning, or operational command.** *** ### 44.5 Geospatial Layers **44.5.1 Geospatial Layer Identity.** **Geospatial Layers** shall be GIS layers, spatial datasets, Earth observation products, maps, overlays, spatial indices, hazard layers, exposure layers, vulnerability layers, resilience layers, infrastructure layers, environmental layers, demographic layers, community context layers, protected knowledge sensitivity layers, Indigenous protocol-sensitive layers where applicable, and other place-based observability objects used by Foundry. **44.5.2 Geospatial Purpose.** Geospatial Layers shall support spatial understanding of risks, systems, infrastructure dependencies, environmental conditions, community context, national priorities, DRI pipelines, GRIx context, Observatory dashboards, digital twins, public authority learning, readiness mapping, safeguard review, Studio workflows, Marketplace context, Registry references, and lawful handoff dependency mapping. **44.5.3 Geospatial Layer Record.** Each material Geospatial Layer shall have a Geospatial Layer Record identifying layer name, source, version, geography, spatial resolution, temporal currency, attributes, license or terms, data class, sensitivity class, public-safe class, access class, national pathway, community and Indigenous protocol considerations where applicable, uncertainty, limitations, layer-combination risks, correction pathway, archive rule, and prohibited uses. **44.5.4 Earth Observation Integration.** Geospatial Layers may incorporate satellite, aerial, radar, thermal, spectral, environmental, climate, water, land-use, infrastructure, disaster-impact, and other Earth observation products. Earth observation-derived layers shall preserve source, processing method, resolution limits, time period, uncertainty, and public-safe restrictions. **44.5.5 Layer Stacking Risk.** Combining Geospatial Layers may create new sensitivity or inference risk. Layer stacking may reveal protected places, Indigenous-sensitive locations or knowledge where applicable, community vulnerabilities, critical infrastructure weaknesses, security-sensitive patterns, public authority-sensitive information, or finance and insurance interpretations. Layer combinations shall be reviewed. **44.5.6 Public-Safe Mapping.** Public-facing geospatial outputs shall avoid false precision, harmful labeling, stigmatizing places, exposing protected knowledge, exposing sensitive infrastructure, implying public warning, implying public authority classification, implying insurance or investment scoring, or implying procurement priority. Public versions may require aggregation, masking, generalization, delay, or suppression. **44.5.7 Geospatial Boundary.** Geospatial Layers shall not authorize entry, deployment, land use, public authority action, procurement, finance, insurance, community engagement, Indigenous engagement where applicable, infrastructure intervention, emergency response, or execution. They provide spatial context within record. **44.5.8 Geospatial Correction.** Geospatial Layer Records and outputs shall be corrected where layers are stale, attributes are wrong, resolution is misrepresented, public-safe risks appear, sensitive locations are exposed, layer stacking creates harm, or maps are used as warnings, ratings, finance, insurance, procurement, consent, deployment, or execution signals. **44.5.9 Geospatial Layer Formula.** Geospatial Layers shall follow the formula: **map with provenance; classify place sensitivity; review layer combinations; generalize when needed; route nationally; correct map drift; never let spatial display become authority.** *** ### 44.6 Digital Twin Integration **44.6.1 Digital Twin Integration Identity.** **Digital Twin Integration** shall be the governed process through which Foundry may connect observability data, telemetry, geospatial layers, simulation models, AI workflows, infrastructure models, environmental models, national portfolio data, public authority learning materials, and Studio runtime packages into representational systems that approximate aspects of real-world systems for learning, testing, scenario exploration, and dependency mapping. **44.6.2 Digital Twin Purpose.** Digital twins may support scenario testing, resilience analysis, systems dependency mapping, infrastructure stress testing, climate and disaster-risk simulation, public authority learning, Studio demonstrations, National Portfolio development, Observatory analysis, DRI and GRIx context, readiness-question development, safeguard identification, and lawful handoff dependency mapping. A digital twin shall represent; it shall not command. **44.6.3 Digital Twin Integration Record.** Each material Digital Twin Integration shall have a Digital Twin Record identifying twin purpose, system represented, boundaries, data inputs, models, assumptions, parameters, update cadence, compute environment, AI systems used where applicable, validation state, uncertainty, data classes, public-safe class, national routing, safeguard requirements, output classes, review requirements, correction pathway, teardown rule, archive rule, and prohibited interpretations. **44.6.4 Twin Boundary.** A digital twin is not the real system. Digital twin outputs shall not control real infrastructure, trigger public warnings, direct emergency response, make public authority decisions, determine procurement priorities, establish financeability, determine insurance status, grant consent, authorize deployment, or execute operations. **44.6.5 Data and Model Limits.** Digital twins shall display or record data gaps, model assumptions, parameter limits, temporal limits, spatial limits, validation status, uncertainty, and known failure modes. False precision or hyperreal visualization shall not be allowed to obscure uncertainty. **44.6.6 Studio and Demonstration Use.** Digital twins used in Nexus Studio or public demonstrations shall use public-safe, synthetic, restricted, aggregated, or reviewed data as appropriate. Demonstration polish shall not imply operational readiness, official adoption, or deployment authorization. **44.6.7 Twin Drift.** Digital twins shall be reviewed for drift where source data changes, infrastructure changes, environmental conditions change, public authority records change, community context changes, Indigenous protocol concerns arise where applicable, model behavior changes, or assumptions become stale. **44.6.8 Digital Twin Correction and Teardown.** Digital Twin Records and outputs shall be corrected, restricted, paused, torn down, or archived where assumptions fail, data becomes stale, outputs mislead, public-safe risks appear, sensitive data is exposed, or the twin is used as decision, warning, finance, procurement, consent, deployment, or execution authority. **44.6.9 Digital Twin Integration Formula.** Digital Twin Integration shall follow the formula: **represent systems with recorded assumptions; integrate signals with provenance; label uncertainty; separate model from reality; restrict demonstrations; correct drift; never let a twin become command.** *** ### 44.7 Dashboard Telemetry **44.7.1 Dashboard Telemetry Identity.** **Dashboard Telemetry** shall be the governed display, update, interaction, usage, system-health, data-refresh, indicator, visualization, alert-like, and user-behavior telemetry associated with Foundry dashboards, Observatory dashboards, Studio dashboards, public-safe dashboards, National Portfolio dashboards, Marketplace displays, Registry displays, DRI dashboards, GRIx context dashboards, Edge dashboards, and operations dashboards. **44.7.2 Dashboard Telemetry Purpose.** Dashboard Telemetry shall support visibility, interpretation, data freshness, support, correction, accessibility, public-safe presentation, degraded-mode awareness, user experience, and accountability. It shall help users understand what is current, what is stale, what is uncertain, what is restricted, what is public-safe, what is unsupported, and what is under correction. **44.7.3 Dashboard Telemetry Record.** Each material dashboard shall have a Dashboard Telemetry Record identifying dashboard name, purpose, audience, data sources, indicators displayed, refresh cadence, telemetry collected, usage logs where applicable, data class, public-safe class, confidence labels, uncertainty labels, drift labels, access roles, support status, correction pathway, archive rule, and prohibited interpretations. **44.7.4 Dashboard Freshness and Support.** Dashboards shall display or record freshness, update cadence, support status, data gaps, known limitations, and correction state where material. A stale dashboard shall not appear current. An unsupported dashboard shall not appear maintained. A demonstration dashboard shall not appear operational. **44.7.5 Alert-Like Display Controls.** Dashboard design shall avoid alert-like, warning-like, rating-like, or command-like presentation unless a competent lawful public authority or authorized process separately creates such output. Colors, labels, thresholds, icons, rankings, scores, and map symbology shall be public-safe and claims-safe. **44.7.6 Dashboard Usage Telemetry.** Usage telemetry may be collected to understand performance, access, support needs, correction needs, and misuse risk where lawful and proportionate. Usage telemetry shall not become unrestricted surveillance or sponsor/provider intelligence. **44.7.7 Dashboard Boundary.** A dashboard display shall not create public warning, official classification, compliance status, procurement priority, financeability, insurability, public authority approval, consent, deployment authorization, or execution authority. Dashboards communicate bounded observability; they do not decide. **44.7.8 Dashboard Correction.** Dashboard telemetry and displays shall be corrected where data is stale, refresh fails, labels are misleading, uncertainty is hidden, visuals overclaim, sensitive information is exposed, usage telemetry is overbroad, or dashboard outputs are used as warnings, ratings, finance, procurement, consent, deployment, or execution signals. **44.7.9 Dashboard Telemetry Formula.** Dashboard Telemetry shall follow the formula: **display with freshness and limits; avoid warning-like overclaim; collect usage proportionately; label support and drift; correct misleading visuals; never let a dashboard become decision authority.** *** ### 44.8 Confidence, Uncertainty, and Drift Labels **44.8.1 Labeling Principle.** **Confidence, Uncertainty, and Drift Labels** shall be mandatory observability controls for outputs where users may otherwise infer false certainty, currentness, precision, maturity, official status, or decision authority. Labels shall make the limits of observability visible. **44.8.2 Confidence Labels.** Confidence Labels shall describe the degree to which an observability output is supported by source quality, method reliability, validation status, data coverage, update cadence, review state, and uncertainty treatment. Confidence Labels shall not be treated as ratings, certifications, or approval levels. **44.8.3 Uncertainty Labels.** Uncertainty Labels shall describe known uncertainty arising from missing data, measurement error, model assumptions, spatial resolution, temporal resolution, sampling bias, sensor drift, transformation limits, AI inference limits, human-review limits, geospatial ambiguity, public authority sensitivity, community context, Indigenous protocol sensitivity where applicable, or limited validation. **44.8.4 Drift Labels.** Drift Labels shall identify where data, models, sensors, dashboards, indicators, digital twins, AI workflows, geospatial layers, public-safe interpretations, or national context may have become stale, misaligned, unsupported, partially unavailable, degraded, or under correction. **44.8.5 Label Record.** Confidence, Uncertainty, and Drift Labels shall have a Label Record or recorded label basis identifying output, label type, basis, source data, method, update state, validation state, reviewer where applicable, public-safe implications, date, expiry or review trigger, correction pathway, archive rule, and prohibited interpretations. **44.8.6 Label Display.** Labels shall be displayed or carried with outputs proportionate to risk. High-risk outputs used in dashboards, public-safe reports, public authority learning, readiness mapping, National Portfolios, Studio workflows, Marketplace context, Registry records, or handoff packages shall include sufficiently visible labels and limitations. **44.8.7 Label Without Rating.** Confidence, Uncertainty, and Drift Labels shall not create official rating, official classification, public warning status, procurement readiness, financeability, insurability, consent status, deployment status, or execution readiness. They describe epistemic condition only. **44.8.8 Label Correction.** Labels shall be corrected where confidence is overstated, uncertainty is hidden, drift is missed, label wording misleads, public-safe meaning is unsafe, or labels are used as ratings, finance signals, procurement signals, consent signals, deployment signals, or execution signals. **44.8.9 Confidence, Uncertainty, and Drift Formula.** Labels shall follow the formula: **show confidence only within basis; state uncertainty visibly; mark drift promptly; review labels as conditions change; never let epistemic labels become ratings or approvals.** *** ### 44.9 Public-Safe Observability **44.9.1 Public-Safe Observability Principle.** **Public-Safe Observability** shall govern how observability outputs are converted into public-facing, participant-facing, public authority-facing, community-facing, Indigenous-facing where applicable, Marketplace-facing, Registry-facing, Studio-facing, media-facing, or arena-facing materials. Observability may be useful and still unsafe to publish without review. **44.9.2 Public-Safe Purpose.** Public-Safe Observability shall preserve the value of transparency and learning while preventing panic, stigma, false certainty, public warning confusion, public authority confusion, protected knowledge exposure, Indigenous protocol breach where applicable, community harm, infrastructure vulnerability exposure, cyber exposure, finance or insurance misuse, procurement misuse, consent overclaim, and deployment overclaim. **44.9.3 Public-Safe Observability Record.** Each material public-safe observability output shall have a Public-Safe Observability Record identifying output, source records, audience, purpose, data class, sensitivity class, public-safe class, confidence labels, uncertainty labels, drift labels, redactions, aggregation, masking, delay, national routing, safeguard review, public authority boundary review, correction pathway, archive rule, and prohibited claims. **44.9.4 Public-Safe Review Criteria.** Public-safe review shall assess whether observability output could be interpreted as warning, rating, official classification, compliance finding, insurance signal, investment signal, procurement priority, government approval, community consent, Indigenous consent where applicable, protected knowledge permission, deployment authorization, or operational command. If so, wording, design, access, aggregation, or publication shall be adjusted. **44.9.5 Sensitive Public Display Controls.** Public-facing observability may require aggregation, generalization, masking, delayed release, location suppression, threshold removal, color changes, label changes, no-publication, restricted access, or national-only routing. Public-good value shall not justify unsafe disclosure. **44.9.6 Public Authority-Facing Observability.** Observability materials shared with public authorities shall preserve non-decision status unless the public authority separately acts through its own lawful process. Public authority-facing observability shall not be externally represented as official position, warning, classification, approval, or regulatory comfort. **44.9.7 Community and Indigenous-Facing Observability.** Observability involving communities or Indigenous contexts where applicable shall be accessible, non-extractive, non-stigmatizing, context-sensitive, and clear about consent boundaries. Participation or visibility shall not be represented as consent. **44.9.8 Public-Safe Observability Correction.** Public-safe observability outputs shall be corrected, withdrawn, restricted, annotated, or publicly clarified where they mislead, expose sensitive information, stigmatize, overclaim confidence, imply official status, imply finance or procurement meaning, imply consent, or are used as deployment or execution authority. **44.9.9 Public-Safe Observability Formula.** Public-Safe Observability shall follow the formula: **publish only what can be safely understood; aggregate or restrict when needed; state boundaries; avoid warning and rating overclaim; correct public meaning; never let public visibility become official authority.** *** ### 44.10 Observability Archive **44.10.1 Observability Archive Principle.** **Observability Archive** shall preserve non-current, corrected, superseded, restricted, withdrawn, retired, or historical observability records, indicator libraries, DRI pipelines, sensor integrations, Edge telemetry records, geospatial layers, digital twin records, dashboard telemetry records, confidence labels, uncertainty labels, drift labels, public-safe observability outputs, correction records, and institutional learning. Archive shall preserve memory without preserving current authority. **44.10.2 Archive Purpose.** Observability Archive shall prevent institutional forgetting, repeated metric errors, repeated dashboard overclaim, lost drift history, unsupported public displays, stale digital twins, forgotten sensor failures, untraceable DRI changes, unrecorded public-safe corrections, and repeated misuse of observability as decision authority. It shall enable renewal, correction, and learning across cycles. **44.10.3 Observability Archive Record.** An Observability Archive Record shall identify archived object, prior status, archive class, source records, time period, reason for archive, data class, sensitivity class, public-safe class, confidence state, uncertainty state, drift state, correction history, public notice history where applicable, access restrictions, retention rule, reinstatement conditions, future-use restrictions, and prohibited interpretations. **44.10.4 Archive Classes.** Observability archive classes may include Indicator Archive, DRI Pipeline Archive, Sensor Integration Archive, Edge Telemetry Archive, Geospatial Layer Archive, Digital Twin Archive, Dashboard Archive, Confidence Label Archive, Uncertainty Label Archive, Drift Label Archive, Public-Safe Observability Archive, Correction Archive, Withdrawn Output Archive, Sealed Observability Archive, and Institutional Memory Archive. **44.10.5 No Current Authority From Archive.** Archived observability outputs shall not be cited as current evidence, current dashboard status, current public-safe report, current public authority learning material, current readiness basis, current Marketplace context, current Registry support, current Studio source, current handoff basis, public warning, rating, consent, deployment authorization, or execution authority unless reinstated through current review and record. **44.10.6 Sensitive Archive Controls.** Observability archive materials may include public authority-sensitive information, infrastructure-sensitive information, cyber-sensitive information, community-sensitive information, Indigenous-sensitive knowledge where applicable, protected knowledge, geospatial-sensitive layers, health-sensitive data, or vulnerability-revealing telemetry. Archive access shall be restricted, sealed, aggregated, redacted, or deleted where required. **44.10.7 Archive for Renewal.** Observability Archive shall feed indicator renewal, DRI renewal, GRIx renewal, dashboard redesign, sensor recalibration, Edge architecture correction, digital twin correction, public-safe language improvement, Academy training, National Portfolio learning, public authority learning, Marketplace correction, Registry correction, Studio correction, and handoff dependency improvement. **44.10.8 Archive Correction and Reinstatement.** Observability Archive records shall be corrected where metadata is wrong, sensitivity changes, public display creates overclaim, archived outputs are misunderstood as current, or future users may misuse archive as evidence. Reinstatement shall require current review of data, method, confidence, uncertainty, drift, public-safe status, national routing, safeguards, support, and correction history. **44.10.9 Final Observability Plane Formula.** The controlling Observability Plane Formula is that **the Observability Plane defines, computes, integrates, labels, displays, corrects, and archives indicators, DRI pipelines, sensor and Edge signals, geospatial layers, digital twins, dashboard telemetry, confidence, uncertainty, drift, and public-safe observability; it makes systems more visible, comparable, and learnable while preserving provenance, national routing, safeguards, public-safe meaning, and correctionability; no indicator, pipeline, sensor, map, telemetry stream, dashboard, digital twin, confidence label, uncertainty label, drift label, public-safe output, or archive record creates public warning, official classification, procurement status, financeability, insurability, public authority approval, consent, deployment authorization, operational command, or execution authority by implication.** ## 45. Repository, Publication, Marketplace, Registry, Studio, and Teardown Planes ### 45.1 Repository Plane **45.1.1 Repository Plane Identity.** The **Foundry Repository Plane** shall be the governed source, storage, versioning, contribution, review, dependency, documentation, issue, pull-request, release-candidate, support, correction, and archive layer through which Nexus Foundry preserves the working materials that become Foundry Objects. The Repository Plane may include code repositories, documentation repositories, schema repositories, ontology repositories, Pack repositories, connector repositories, dashboard repositories, agent repositories, Studio package repositories, evidence-method repositories, public-safe materials repositories, support repositories, correction repositories, and archive repositories. **45.1.2 Repository Plane Purpose.** The purpose of the Repository Plane shall be to ensure that Foundry work is not lost in informal files, chats, event folders, personal drives, sponsor folders, provider-controlled workspaces, unversioned documents, unreviewed prototypes, or disconnected local copies. Repository discipline shall preserve provenance, version control, contributor attribution, issue history, review state, release state, support state, correction history, public-safe status, and archive memory. **45.1.3 Repository Classes.** Repository classes may include public repository, controlled-public repository, internal repository, restricted repository, secure-room repository, no-download repository, national repository, regional repository, global repository, Studio repository, Marketplace preparation repository, Registry support repository, release repository, documentation repository, evidence repository, AI workflow repository, agent repository, data-schema repository, and archive repository. Repository class shall determine access, contribution, review, publication, release, and archive controls. **45.1.4 Repository Record.** Each material repository shall have a Repository Record identifying repository name, purpose, steward, object classes, access class, contribution rules, review rules, branch or versioning rules, license or terms, dependency rules, data restrictions, secrets rules, public-safe rules, support status, release relationship, Marketplace relationship where applicable, Registry relationship where applicable, Studio relationship where applicable, correction pathway, archive rule, and prohibited interpretations. **45.1.5 Contribution and Review Discipline.** Repository contribution shall be structured through issues, branches, pull requests, review notes, change logs, maintainers, reviewer roles, conflict disclosures where relevant, dependency checks, security checks, public-safe review where relevant, and release gates. Contribution alone shall not create acceptance, release, Registry status, Marketplace listing, Studio authorization, TRL status, public authority status, or handoff readiness. **45.1.6 Secrets, Data, and Sensitive Materials.** Repositories shall not contain secrets, uncontrolled credentials, restricted raw data, protected knowledge, Indigenous-sensitive knowledge where applicable, public authority-sensitive materials, health-sensitive data, cyber-sensitive information, infrastructure-sensitive information, or confidential partner materials unless the repository class, access controls, and secure handling rules permit such materials. Accidental exposure shall trigger incident correction. **45.1.7 Repository Without Release.** Repository presence, commit history, pull request merge, issue closure, maintainer comment, or tag shall not by itself create release status, support status, Marketplace eligibility, Registry status, Studio runtime authorization, public-safe publication approval, TRL status, procurement status, financeability, consent, deployment authorization, or execution authority. **45.1.8 Repository Correction.** Repository Records and repository content shall be corrected where access is wrong, sensitive material is exposed, dependencies are unsafe, version lineage is missing, license terms are unclear, support status is overstated, public-safe language is unsafe, or repository content is used as approval, certification, procurement, finance, consent, deployment, or execution claim. **45.1.9 Repository Plane Formula.** The Repository Plane shall follow the formula: **store work in governed repositories; version every material change; review before release; protect secrets and sensitive data; preserve attribution and lineage; correct repository drift; never let repository existence become status or authority.** *** ### 45.2 Release Plane **45.2.1 Release Plane Identity.** The **Foundry Release Plane** shall be the governed pathway through which Foundry Objects move from draft, prototype, candidate, internal, restricted, tested, reviewed, supported, public-safe, Studio-ready, Marketplace-eligible, Registry-recorded, national-routed, handoff-prepared, retired, withdrawn, or archived status. The Release Plane shall create controlled availability, not deployment authority. **45.2.2 Release Plane Purpose.** The purpose of the Release Plane shall be to ensure that Foundry outputs are not treated as usable, public, supported, approved, or handoff-ready merely because they exist. Release discipline shall distinguish between creation, review, publication, listing, registration, Studio runtime preparation, support, handoff preparation, public-safe communication, correction, withdrawal, and archive. **45.2.3 Release Classes.** Release classes may include draft, experimental, internal, restricted, secure-room-only, no-download-only, national-only, regional-only, public-safe candidate, release candidate, reviewed release, supported release, unsupported release, Studio-preparation release, Marketplace-candidate release, Registry-recorded release, handoff-dependency release, deprecated release, withdrawn release, retired release, archived release, and emergency-restricted release. **45.2.4 Release Record.** Each material release shall have a Release Record identifying object, version, source repository, release class, review history, evidence basis, test status, security status, data status, AI status where applicable, public-safe status, safeguard status, support status, license or terms, dependencies, known limitations, intended audience, permitted uses, prohibited uses, correction pathway, withdrawal pathway, archive rule, and prohibited interpretations. **45.2.5 Release Review.** Release review shall be proportionate to risk and may include technical review, evidence review, security review, data review, AI review, public-safe review, safeguard review, accessibility review, translation review, national routing review, Marketplace review, Registry review, Studio review, support review, and handoff review. Higher-risk release classes shall require stronger review. **45.2.6 Release Without Deployment.** Release of a Foundry Object shall not authorize deployment, operation, procurement, finance, insurance, public authority use, community consent, Indigenous consent where applicable, data access, protected knowledge use, Studio activation, enterprise implementation, National Consortium Company activity, Project SPV activity, or execution. Release means availability under recorded limits. **45.2.7 Release Withdrawal and Restriction.** Releases shall be restricted, suspended, withdrawn, corrected, deprecated, retired, or archived where errors are found, vulnerabilities appear, data rules change, public-safe risk appears, support lapses, provider dependency changes, AI behavior changes, safeguards fail, national context changes, or release language is overclaimed. **45.2.8 Release Plane Correction.** Release Records shall be corrected where version, support status, review state, dependencies, public-safe limits, license terms, Marketplace eligibility, Registry status, Studio status, national routing, handoff readiness, or prohibited interpretations are misstated. **45.2.9 Release Plane Formula.** The Release Plane shall follow the formula: **classify release before availability; review by risk; state support and limits; withdraw when unsafe; archive non-current versions; never let release become deployment, approval, or execution.** *** ### 45.3 Publication Plane **45.3.1 Publication Plane Identity.** The **Foundry Publication Plane** shall be the governed public-safe communication, document, report, dashboard, knowledge-base, public notice, public summary, Nexus Universe output, Academy material, Marketplace-facing text, Registry-facing text, Studio-facing text, public authority learning material, media-facing material, and community-facing material layer through which Foundry outputs are communicated beyond internal production contexts. **45.3.2 Publication Plane Purpose.** The purpose of the Publication Plane shall be to make Foundry work understandable, useful, accessible, claims-safe, public-safe, and correctionable without converting public communication into recognition, certification, public authority approval, procurement status, financeability, insurability, consent, deployment authorization, or execution authority. **45.3.3 Publication Classes.** Publication classes may include internal note, controlled-public note, public-safe report, technical report, knowledge-base article, dashboard publication, public notice, correction notice, withdrawal notice, archive notice, Marketplace description, Registry description, Studio description, National Portfolio public summary, public authority learning brief, community-facing brief, Indigenous-facing brief where applicable, media brief, Academy material, and Nexus Universe public output. **45.3.4 Publication Record.** Each material publication shall have a Publication Record identifying title, object or source record, publication class, audience, author or steward, review status, public-safe status, data status, claims review, accessibility review, translation review where applicable, national routing status where relevant, safeguard status, correction pathway, withdrawal pathway, archive rule, and prohibited claims. **45.3.5 Public-Safe Review.** Publications shall be reviewed for false certainty, unsupported status claims, public warning implication, public authority overclaim, finance or procurement implication, insurance implication, provider validation, sponsor endorsement, community consent implication, Indigenous consent implication where applicable, protected knowledge exposure, sensitive data exposure, accessibility, translation accuracy, and correction pathways. **45.3.6 Publication Without Official Meaning.** Publication shall not create official public warning, regulatory finding, policy adoption, government approval, public finance allocation, procurement result, investment advice, insurance conclusion, community consent, Indigenous consent where applicable, deployment approval, or execution authorization unless a competent lawful actor separately creates such status and the publication accurately references it. **45.3.7 Correction Notices and Public Repair.** Publications shall remain correctionable. Where a publication becomes wrong, unsafe, stale, misleading, overclaimed, mistranslated, inaccessible, or misused, Foundry shall issue correction, clarification, restriction, withdrawal, supersession, archive notice, or public repair proportionate to reliance risk. **45.3.8 Publication Plane Correction.** Publication Records shall be corrected where publication class is wrong, public-safe review is incomplete, source records are superseded, claims exceed record, boundary language is weak, accessibility fails, translation changes meaning, or publication is used as approval, finance, procurement, consent, deployment, or execution authority. **45.3.9 Publication Plane Formula.** The Publication Plane shall follow the formula: **publish only what is public-safe; state source and limits; avoid authority language; correct publicly when meaning changes; archive non-current publications; never let communication become approval or execution.** *** ### 45.4 Marketplace Plane **45.4.1 Marketplace Plane Identity.** The **Foundry Marketplace Plane** shall be the governed discovery, listing, metadata, search, comparison-within-limits, support-display, license-display, dependency-display, public-safe-description, Registry-linking, Studio-linking, correction, delisting, and archive layer through which eligible Foundry Objects may be made discoverable to authorized audiences. The Marketplace Plane shall be a discovery surface, not a procurement, endorsement, recognition, certification, finance, or deployment surface. **45.4.2 Marketplace Plane Purpose.** The purpose of the Marketplace Plane shall be to help users discover public-good objects, Packs, connectors, agents, dashboards, schemas, APIs, Studio packages, evidence tools, Observatory modules, readiness templates, safeguard tools, public-safe materials, support resources, and lawful handoff dependency templates while preserving status truth and claims discipline. **45.4.3 Marketplace Listing Classes.** Marketplace listing classes may include public-good object listing, controlled listing, restricted listing, national listing, regional listing, Studio-ready listing, support-limited listing, deprecated listing, withdrawn listing, archived listing, internal-discovery listing, and handoff-dependency listing. Each class shall define audience, access, support, and claims limits. **45.4.4 Marketplace Listing Record.** Each Marketplace listing shall have a Marketplace Listing Record identifying object, version, listing class, description, steward, license or terms, support status, dependency notes, data requirements, security notes, AI notes where applicable, public-safe status, Registry references, Studio references where applicable, national localization status, prohibited uses, correction pathway, delisting pathway, archive rule, and prohibited claims. **45.4.5 Marketplace Review.** Marketplace review shall assess object status, release status, Registry relationship, support status, public-safe description, license or terms, provider-neutrality, sponsor influence, security risks, data requirements, AI risks, national routing, public authority overclaim, finance overclaim, procurement implication, consent implication, deployment implication, and execution implication. **45.4.6 Marketplace Without Recognition.** Marketplace listing, search visibility, category placement, featured placement, download availability, Studio link, Registry link, user rating where permitted, or support display shall not create recognition, certification, procurement preference, financeability, insurability, public authority approval, provider validation, community consent, Indigenous consent where applicable, deployment authorization, or execution authority. **45.4.7 Marketplace Delisting and Correction.** Listings shall be corrected, restricted, suspended, delisted, deprecated, withdrawn, or archived where object status changes, support lapses, security issues arise, public-safe language fails, dependency risk increases, provider or sponsor overclaim occurs, national routing changes, or users misunderstand listing as approval. **45.4.8 Marketplace Plane Correction.** Marketplace Records shall be corrected where metadata is wrong, support display is wrong, Registry link is stale, Studio status is misstated, license terms are unclear, dependencies are omitted, provider-neutrality fails, or listing is used as procurement, finance, certification, consent, deployment, or execution claim. **45.4.9 Marketplace Plane Formula.** The Marketplace Plane shall follow the formula: **make objects discoverable; display status and limits; link to Registry truth; preserve provider neutrality; delist when unsafe; never let marketplace visibility become endorsement, procurement, or deployment authorization.** *** ### 45.5 Registry Plane **45.5.1 Registry Plane Identity.** The **Foundry Registry Plane** shall be the governed status-truth, record, identity, version, release, support, correction, public notice, TRL-input, Marketplace-reference, Studio-reference, contribution, archive, and institutional-memory layer through which Foundry preserves the official record of Foundry Objects and their lifecycle status within the Nexus architecture. The Registry Plane shall be a memory and status surface, not a universal approval surface. **45.5.2 Registry Plane Purpose.** The purpose of the Registry Plane shall be to prevent status ambiguity, silent supersession, informal approval, stale release reliance, untracked support claims, hidden corrections, Marketplace overclaim, Studio overclaim, TRL overclaim, handoff overclaim, and archive confusion. Registry shall preserve what an object is, what version it is, what status it has, what support it carries, what corrections apply, and what cannot be claimed. **45.5.3 Registry Record Classes.** Registry record classes may include Object Record, Release Record, Support Record, Contribution Record, Correction Record, Public Notice Record, Marketplace Reference Record, Studio Reference Record, National Localization Record, TRL Input Record, Handoff Dependency Record, Deprecated Record, Withdrawn Record, Retired Record, Archive Record, and Supersession Record. **45.5.4 Registry Record Elements.** A Registry Record shall identify object, identifier, version, class, steward, source repository, release status, support status, public-safe status, security status where relevant, data status where relevant, AI status where relevant, Marketplace status where relevant, Studio status where relevant, national localization status where relevant, correction history, archive status, permitted uses, prohibited uses, and prohibited interpretations. **45.5.5 Registry Status by Record Only.** Registry status shall arise only through Registry Records and source records. Informal statements, repository tags, Marketplace visibility, Studio use, public presentation, Nexus Universe display, sponsor statement, provider statement, council comment, public authority attendance, or contributor belief shall not create Registry status. **45.5.6 Registry Without Universal Approval.** Registry presence shall not create universal approval, certification, recognition, public authority approval, procurement status, financeability, insurability, provider validation, consent, deployment authorization, operational readiness, or execution authority. Registry presence means the object has a recorded status within the Registry. **45.5.7 Registry Correction and Public Notice.** Registry Records shall be corrected where status changes, version changes, support changes, release changes, security issues arise, Marketplace status changes, Studio status changes, TRL input changes, handoff dependency changes, public-safe meaning changes, or records are misused. Public notice shall be issued where reliance risk warrants. **45.5.8 Registry Plane Archive.** Superseded, deprecated, withdrawn, retired, or non-current Registry Records shall be archived with prior status, correction history, support history, public notice history, and future-use restrictions. Archived Registry Records shall not be cited as current status unless reinstated by current record. **45.5.9 Registry Plane Formula.** The Registry Plane shall follow the formula: **record object identity; state lifecycle status; link source records; correct status changes; archive non-current records; never let registry presence become universal approval.** *** ### 45.6 Studio Runtime Plane **45.6.1 Studio Runtime Plane Identity.** The **Foundry Studio Runtime Plane** shall be the governed workflow, runtime, demonstration, simulation, dashboard, agent, secure-session, public authority learning, readiness exercise, Studio package, user session, tool-permission, data-access, output-review, support, correction, shutdown, and archive layer through which Foundry Objects may be run in controlled environments for learning, testing, preparation, demonstration, and review. **45.6.2 Studio Runtime Purpose.** The purpose of the Studio Runtime Plane shall be to allow bounded interaction with Foundry Objects without converting interaction into deployment, official decision, public authority approval, procurement, finance, consent, or execution. Studio may make complex systems understandable and testable; it shall not make them authorized. **45.6.3 Studio Runtime Classes.** Studio runtime classes may include demonstration runtime, simulation runtime, secure-room runtime, public authority learning runtime, National Portfolio runtime, dashboard runtime, agent-assisted runtime, readiness exercise runtime, training runtime, public-safe preview runtime, Marketplace-linked runtime, Registry-linked runtime, handoff-preparation runtime, suspended runtime, retired runtime, and archive runtime. **45.6.4 Studio Runtime Record.** Each Studio runtime package or session class shall have a Studio Runtime Record identifying object, version, runtime purpose, user class, data class, tool permissions, agent permissions, compute environment, network environment, public-safe status, support status, session limits, output-review requirements, prohibited actions, shutdown triggers, correction pathway, archive rule, and prohibited interpretations. **45.6.5 Studio Runtime Access.** Studio access shall be granted by role, purpose, data class, workflow class, national routing, safeguard conditions, and support capacity. Studio access shall not be granted because of sponsor status, provider status, investor interest, public authority attendance, media visibility, or Nexus Universe participation alone. **45.6.6 Studio Runtime Without Lawful Decision Authority.** Studio runtime shall not create lawful decision authority. A user interacting with a Studio package shall not thereby approve, certify, procure, finance, insure, consent, deploy, operate, or execute. Studio outputs shall be draft, demonstration, learning, simulation, evidence, or readiness-support outputs unless separately adopted by competent process. **45.6.7 Studio Shutdown and Correction.** Studio runtime shall be paused, restricted, corrected, or shut down where data risk appears, AI agent risk appears, public-safe risk appears, support lapses, user behavior misuses outputs, Marketplace or Registry status changes, national routing changes, or runtime is treated as deployment authorization. **45.6.8 Studio Runtime Plane Correction.** Studio Records shall be corrected where user class is wrong, data access is wrong, tool permissions exceed scope, output review is insufficient, runtime status is overstated, public-safe language fails, or Studio use is cited as approval, finance, procurement, consent, deployment, or execution authority. **45.6.9 Studio Runtime Plane Formula.** The Studio Runtime Plane shall follow the formula: **run objects only in controlled contexts; restrict data and tools; label outputs; support and shut down runtime; correct misuse; never let Studio interaction become lawful decision or execution.** *** ### 45.7 Support Plane **45.7.1 Support Plane Identity.** The **Foundry Support Plane** shall be the governed lifecycle-support, maintenance, help, issue-response, update, patch, dependency, security, documentation, user-assistance, support-status, service-level-without-warranty, escalation, correction, retirement, and archive layer through which Foundry Objects remain usable within their recorded limits after release, listing, registration, Studio preparation, or handoff preparation. **45.7.2 Support Plane Purpose.** The purpose of the Support Plane shall be to prevent unsupported objects from being treated as maintained, relied upon, deployed, or used in high-risk contexts. Support discipline shall make clear what is maintained, what is experimental, what is community-supported, what is restricted, what is deprecated, what is withdrawn, what is retired, and what is unsupported. **45.7.3 Support Classes.** Support classes may include unsupported, experimental support, community support, maintainer support, limited support, security-only support, national support, Studio support, Marketplace support, Registry support, handoff-support, contracted support where separately agreed, deprecated support, end-of-support, withdrawn, retired, and archived. **45.7.4 Support Record.** Each supported object shall have a Support Record identifying object, version, support class, support steward, support scope, exclusions, response pathway, maintenance cadence where applicable, security update rule, dependency update rule, documentation status, user obligations, warranty or no-warranty terms, reliance limits, correction pathway, end-of-support condition, archive rule, and prohibited claims. **45.7.5 Support Without Warranty or Reliance Unless Separately Contracted.** Support status shall not create warranty, reliance right, service-level obligation, professional advice, implementation obligation, security guarantee, deployment approval, or execution responsibility unless separately and lawfully contracted. Public-good support is support within record, not enterprise warranty by default. **45.7.6 Support and Handoff.** Handoff packages shall state support status and support dependencies. A handoff recipient shall not assume Foundry support beyond record. Enterprise support, operational support, managed services, uptime obligations, warranty, indemnity, or deployment support shall require separate lawful arrangements outside default Foundry public-good support. **45.7.7 Support Escalation and Correction.** Support issues may trigger correction, release update, security patch, documentation update, Marketplace correction, Registry correction, Studio pause, user notice, handoff recall, deprecation, withdrawal, retirement, or archive. Support signals shall feed Foundry renewal. **45.7.8 Support Plane Correction.** Support Records shall be corrected where support class is wrong, maintainers change, dependencies become unsupported, security support lapses, documentation is stale, users misunderstand support, or support status is used as warranty, certification, procurement, finance, consent, deployment, or execution claim. **45.7.9 Support Plane Formula.** The Support Plane shall follow the formula: **state support explicitly; maintain only what can be maintained; patch and update by record; disclose limits; end support responsibly; never let support status become warranty or deployment authority.** *** ### 45.8 Correction Plane **45.8.1 Correction Plane Identity.** The **Foundry Correction Plane** shall be the governed correction, supersession, withdrawal, restriction, suspension, recall, public notice, repair, incident response, non-retaliation, learning, recurrence-control, archive, and reinstatement layer through which Foundry corrects wrong, unsafe, stale, unsupported, misused, overclaimed, or boundary-violating objects, records, outputs, workflows, listings, runtime packages, data products, AI outputs, publications, and handoff packages. **45.8.2 Correction Plane Purpose.** The purpose of the Correction Plane shall be to make Foundry trustworthy because it can change its mind, repair its records, warn users of limits, withdraw unsafe outputs, correct public meaning, fix technical errors, record non-continuation, and preserve learning. Correctionability shall be a production integrity requirement, not a reputational failure. **45.8.3 Correction Classes.** Correction classes may include factual correction, data correction, provenance correction, security correction, AI correction, public-safe correction, translation correction, accessibility correction, Marketplace correction, Registry correction, Studio correction, release correction, support correction, national routing correction, safeguard correction, handoff correction, public notice, withdrawal, suspension, recall, retirement, archive annotation, and reinstatement. **45.8.4 Correction Record.** Each material correction shall have a Correction Record identifying affected object or record, correction class, trigger, source, affected audiences, affected downstream uses, prior status, corrected status, public-safe implications, notice requirement, handoff implications, Marketplace implications, Registry implications, Studio implications, support implications, recurrence controls, archive rule, and prohibited interpretations. **45.8.5 Correction Without Retaliation.** Persons raising correction concerns in good faith shall be protected. Correction shall not be used to punish contributors, communities, Indigenous participants where applicable, public authority learners, reviewers, maintainers, sponsors, providers, users, or National Nodes for identifying error, overclaim, data risk, safeguard risk, public-safe risk, or boundary failure. **45.8.6 Public Notice and Repair.** Where reliance risk exists, correction may require public notice, targeted notice, Marketplace correction, Registry notice, Studio notice, publication correction, handoff recall, National Node notice, or public-safe clarification. Public repair shall be accurate, bounded, non-alarmist where appropriate, and not itself overclaiming. **45.8.7 Correction and Reinstatement.** A withdrawn, suspended, retired, or restricted object may be reinstated only through current review and record showing that the correction basis has been addressed, support exists, public-safe status is adequate, and downstream records are updated. Reinstatement shall not occur by informal pressure, sponsor demand, provider demand, media interest, or event timing. **45.8.8 Correction Plane Boundary.** Correction does not imply fault beyond record, legal liability beyond law, public authority finding, certification, procurement decision, finance conclusion, consent status, deployment decision, or execution effect. Correction means Foundry records have changed. **45.8.9 Correction Plane Formula.** The Correction Plane shall follow the formula: **detect error; record correction; notify where reliance exists; repair public meaning; update downstream records; prevent recurrence; archive learning; never hide correction to protect reputation.** *** ### 45.9 Archive Plane **45.9.1 Archive Plane Identity.** The **Foundry Archive Plane** shall be the governed non-current memory, retention, sealing, deletion-verification, supersession, withdrawal, retirement, institutional-memory, public-safe-history, sensitive-access, reinstatement, and archive-control layer through which Foundry preserves what was produced, used, corrected, withdrawn, retired, closed, or superseded without allowing old materials to masquerade as current authority. **45.9.2 Archive Plane Purpose.** The purpose of the Archive Plane shall be to prevent institutional forgetting, repeated error, undocumented supersession, stale dashboard reliance, unsupported release reliance, hidden correction history, lost provenance, lost contributor memory, lost national context, lost public-safe notices, and reuse of outdated objects as current records. **45.9.3 Archive Classes.** Archive classes may include repository archive, release archive, publication archive, Marketplace archive, Registry archive, Studio archive, support archive, correction archive, data archive, compute archive, network archive, security archive, AI archive, observability archive, national archive, handoff archive, sealed archive, deletion-verification archive, and institutional-memory archive. **45.9.4 Archive Record.** Each material Archive Record shall identify object or record, prior status, archive class, archive reason, source records, active-use end date, support status, correction history, public notice history, sensitivity class, access restrictions, retention rule, deletion or sealing rule where applicable, reinstatement conditions, future-use restrictions, and prohibited interpretations. **45.9.5 Archive Access.** Archive access shall be governed by sensitivity, including privacy, public authority sensitivity, protected knowledge, Indigenous-sensitive knowledge where applicable, community sensitivity, cyber sensitivity, infrastructure sensitivity, health sensitivity, confidential provider information, finance-reader materials, procurement-sensitive information, legal sensitivity, and security risk. **45.9.6 No Current Authority From Archive.** Archived objects, publications, releases, Marketplace listings, Registry records, Studio packages, data, dashboards, support records, handoff packages, AI outputs, or observability outputs shall not be cited as current evidence, current release, current listing, current status, current runtime, current readiness basis, current support, current public authority learning material, current handoff package, consent, deployment authorization, or execution authority unless reinstated by current review and record. **45.9.7 Archive for Renewal.** Archive shall feed renewal, Academy learning, public-safe improvement, indicator improvement, AI workflow improvement, security improvement, national portfolio learning, Marketplace redesign, Registry correction, Studio redesign, support planning, handoff improvement, and governance refinement. **45.9.8 Archive Correction.** Archive Records shall be corrected where metadata is wrong, sensitivity changes, public display creates overclaim, retention rules change, deletion obligations arise, reinstatement conditions change, or archived materials are misunderstood as current authority. **45.9.9 Archive Plane Formula.** The Archive Plane shall follow the formula: **preserve memory; mark non-current status; restrict sensitive records; delete or seal when required; learn from history; reinstate only by review; never let archive become current authority.** *** ### 45.10 Teardown Plane **45.10.1 Teardown Plane Identity.** The **Foundry Teardown Plane** shall be the governed closure, decommissioning, access-revocation, route-removal, credential-rotation, data-disposition, environment-shutdown, runtime-suspension, listing-delisting, Registry-update, support-closure, public-notice, verification, correction, and archive layer through which Foundry deliberately closes systems, stacks, rooms, zones, objects, releases, publications, Marketplace listings, Registry records, Studio runtimes, support pathways, and temporary infrastructure when purpose ends or risk requires closure. **45.10.2 Teardown Plane Purpose.** The purpose of the Teardown Plane shall be to prevent temporary stacks from becoming unmanaged infrastructure, event outputs from becoming false permanence, public demonstrations from remaining live, partner access from becoming privileged persistence, Studio runtimes from becoming shadow deployment, dashboards from becoming stale authority, AI agents from remaining active after purpose, repositories from retaining secrets, data rooms from remaining open, and network routes from becoming hidden exposure. **45.10.3 Teardown Classes.** Teardown classes may include repository closure, release withdrawal, publication withdrawal, Marketplace delisting, Registry status closure, Studio runtime shutdown, support closure, correction closure, data closure, compute teardown, network teardown, security closure, AI agent shutdown, observability closure, public demonstration closure, partner contribution closure, secure-room closure, clean-room closure, no-download closure, national pathway closure, handoff closure, and archive transition. **45.10.4 Teardown Record.** Each material teardown shall have a Teardown Record identifying object or environment, teardown class, reason, affected users, affected data, affected systems, affected records, access revocation, credential revocation, key or certificate revocation where applicable, route closure, data disposition, artifact disposition, public-safe notice where needed, Marketplace action, Registry action, Studio action, support action, verification, correction pathway, archive reference, and prohibited interpretations. **45.10.5 Teardown Triggers.** Teardown may be triggered by project completion, Core Build cycle closure, Nexus Universe cycle closure, release withdrawal, support lapse, security incident, data incident, AI incident, public-safe risk, safeguard failure, national non-continuation, provider termination, sponsor-control risk, partner contribution completion, public demonstration completion, Marketplace delisting, Registry correction, Studio pause, handoff completion, or archive decision. **45.10.6 Teardown Verification.** Material teardown shall be verified by record. Verification may include confirming access closure, credential rotation, route removal, endpoint closure, data deletion or sealing, archive completion, public notice completion, Marketplace update, Registry update, Studio update, support closure, AI agent shutdown, dashboard withdrawal, and residual-risk handling. **45.10.7 Teardown Without Erasure.** Teardown shall not erase accountability, correction obligations, public-safe notice duties, support duties already created by record, data retention obligations, legal holds where applicable, incident records, handoff recall obligations, or archive memory. Teardown closes active capability; it does not erase institutional responsibility. **45.10.8 Reinstatement After Teardown.** A torn-down object, runtime, room, listing, route, repository, data pathway, compute environment, AI agent, publication, or support pathway may be reinstated only through current review confirming purpose, authorization, access, data status, security posture, support capacity, public-safe status, national routing, safeguard conditions, correction history, and archive status. Reinstatement shall not occur by reactivating old infrastructure informally. **45.10.9 Teardown Plane Boundary.** Teardown does not create approval, rejection, public authority finding, procurement finding, finance conclusion, insurance conclusion, consent denial, deployment denial, or execution prohibition beyond record. Teardown means the active Foundry pathway has closed, restricted, withdrawn, retired, or archived. **45.10.10 Final Repository-to-Teardown Formula.** The controlling Repository, Publication, Marketplace, Registry, Studio, and Teardown Formula is that **Foundry work begins in governed repositories, moves through release only by review, is published only when public-safe, is listed in Marketplace only as discovery, is recorded in Registry only as status truth, is run in Studio only under controlled runtime, is supported only within explicit support classes, is corrected whenever wrong or overclaimed, is archived as non-current memory, and is torn down deliberately when purpose ends or risk requires closure; no repository, release, publication, Marketplace listing, Registry presence, Studio runtime, support status, correction record, archive record, or teardown record creates recognition, certification, procurement preference, financeability, insurability, public authority approval, consent, deployment authorization, operational command, or execution authority by implication.** ### Next steps * Read [IX. PRODUCTION](/organization/acceleration/nexus-foundry/ix.-production.md) to see how this architecture becomes governed objects, releases, connectors, profiles, dashboards, and deployment units. * Continue with [X. OPERATIONS](/organization/acceleration/nexus-foundry/x.-operations.md), [XIII. READINESS](/organization/acceleration/nexus-foundry/xiii.-readiness.md), and [XIV. RELEASE](/organization/acceleration/nexus-foundry/xiv.-release.md) for support, readiness discipline, and release control. * Finish with [XVIII. HANDOFF](/organization/acceleration/nexus-foundry/xviii.-handoff.md), [XIX. SAFEGUARDS](/organization/acceleration/nexus-foundry/xix.-safeguards.md), [XXI. GOVERNANCE](/organization/acceleration/nexus-foundry/xxi.-governance.md), and [XXII. LIFECYCLE](/organization/acceleration/nexus-foundry/xxii.-lifecycle.md) for lawful continuation, boundary protection, stewardship, and archive discipline. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/acceleration/nexus-foundry/viii.-architecture.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.