Spaces:
Configuration error
PARADOX AI β ESA/CERN/EU SCHNITTSTELLENSYSTEM
Technisches Gesamtkonzept der Agenten 1, 5, 9, 13, 17
Datum: 09. April 2026 Status: Entwurf v1.0 Basis: DDGK API Server (Port 8000), EpistemicState (ESA Section 3), CCRN kappa-Formalismus
1. ARCHITEKTUR β DDGK als zentraler Governance-Hub
1.1 Gesamttopologie
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PARADOX AI CORE (Laptop/Pi5) β
β β
β ββββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββββββ β
β β DDGK API β β CCRN β β EpistemicState Manager β β
β β FastAPI :8000 ββββ€ Governance ββββ€ S(t) = K(t) βͺ E(t) β β
β β /assess β β ΞΊ β₯ 3.34 β β Knowledge/Estimate β β
β β /status β β phi-Scores β β Separation Layer β β
β β /memory β ββββββββ¬ββββββββ ββββββββββββ¬ββββββββββββββββ β
β β /audit β β β β
β β /legal β βΌ βΌ β
β ββββββββ¬ββββββββββ ββββββββββββββββββββββββββββββββββββββββββββ β
β β β ADAPTER ORCHESTRATOR β β
β β β Unified Connector Registry β β
β β β - ESAAdapter - CERNAdapter - EUAdapter β β
β β β - AuthManager - RetryHandler - Cache β β
β β ββββββββ¬ββββββββββββ¬ββββββββββββ¬βββββββββββββ β
βββββββββββΌββββββββββββββββββββΌββββββββββββΌββββββββββββΌβββββββββββββββββ
β β β β
ββββββΌβββββ ββββββΌββββ ββββββΌββββ ββββββΌβββββ
β ESA β β CERN β β GAIA-X β β EOSC/ β
β APIs β β APIs β β / EU β β OpenAIREβ
βββββββββββ ββββββββββ ββββββββββ βββββββββββ
1.2 Prinzipien
- DDGK first: Jede externe API-Anfrage durchlaeuft den DDGK Guardian (
/assess) bevor sie ausgefuehrt wird. - Epistemic Tracking: Jeder API-Response wird als
EpistemicBeliefklassifiziert (CERTAIN/LIKELY/POSSIBLE/UNCERTAIN). - Audit Chain: Alle externen Datenfluesse werden in der SHA-256 Decision Chain protokolliert.
- CCRN Resonanz: Systementscheidungen (z.B. "Satellitendaten fuer Modell X verwenden") erfordern kappa >= 3.34.
2. ADAPTER-LAYER β Konkrete Umsetzung
2.1 Basis-Adapter Klasse
# adapters/base_adapter.py
from abc import ABC, abstractmethod
from dataclasses import dataclass
from typing import Dict, Any, Optional
import aiohttp
import time
@dataclass
class AdapterResponse:
success: bool
data: Any
epistemic_status: str # "certain" | "likely" | "possible" | "uncertain"
source: str
ttl_seconds: int
error: Optional[str] = None
class BaseAdapter(ABC):
"""Basis aller externen Adapter. Implementiert Auth, Retry, Caching, Epistemic-Tracking."""
def __init__(self, auth_config: Dict[str, str], ddgk_assess_url: str = "http://localhost:8000/api/v1/assess"):
self.auth_config = auth_config
self.ddgk_assess_url = ddgk_assess_url
self._session: Optional[aiohttp.ClientSession] = None
self._cache: Dict[str, tuple] = {} # key -> (data, timestamp)
@abstractmethod
async def _get_session(self) -> aiohttp.ClientSession: ...
@abstractmethod
async def _authenticate(self) -> Dict[str, str]: ...
@abstractmethod
def name(self) -> str: ...
async def guarded_request(self, action: str, url: str, params: Dict = None) -> AdapterResponse:
"""Jede Anfrage durchlaeuft DDGK Guardian vor der Ausfuehrung."""
# 1. DDGK Guardian Assessment
assess = await self._ddgk_assess(action, url, params)
if assess.get("decision") == "BLOCK":
return AdapterResponse(success=False, data=None, epistemic_status="uncertain",
source=self.name(), ttl_seconds=0,
error=f"DDGK Guardian blocked: {assess.get('reasons', [])}")
# 2. Cache pruefen
cache_key = f"{self.name()}:{url}:{str(params)}"
if cache_key in self._cache:
cached, ts = self._cache[cache_key]
if time.time() - ts < 300: # 5 Min TTL
return AdapterResponse(success=True, data=cached, epistemic_status="certain",
source=self.name(), ttl_seconds=300)
# 3. Auth Headers
headers = await self._authenticate()
# 4. HTTP Request mit Retry
session = await self._get_session()
try:
async with session.get(url, params=params, headers=headers) as resp:
resp.raise_for_status()
data = await resp.json()
self._cache[cache_key] = (data, time.time())
return AdapterResponse(success=True, data=data, epistemic_status="likely",
source=self.name(), ttl_seconds=600)
except Exception as e:
return AdapterResponse(success=False, data=None, epistemic_status="uncertain",
source=self.name(), ttl_seconds=0, error=str(e))
async def _ddgk_assess(self, action: str, url: str, params: Dict) -> Dict:
"""Fragt DDGK Guardian ab."""
import requests
try:
r = requests.post(self.ddgk_assess_url, json={
"action": f"{self.name()}:{action}",
"tool_name": "external_api",
"tool_args": {"url": url, "params": params},
"user_approved": False,
"transcript": f"External API call to {url}"
}, headers={"X-API-Key": os.environ.get("DDGK_API_KEY", "ddgk-demo-key-2026")})
return r.json()
except:
return {"decision": "ASK_USER", "reasons": ["DDGK unreachable"]}
2.2 ESA Adapter
# adapters/esa_adapter.py
from .base_adapter import BaseAdapter, AdapterResponse
class ESAAdapter(BaseAdapter):
"""Adapter fuer alle ESA/Copernicus APIs."""
def name(self) -> str: return "ESA"
# ββ openEO API ββββββββββββββββββββββββββββββββββββββββββββββββββ
async def openeo_discover(self) -> AdapterResponse:
"""GET /credentials/.well-known/openeo"""
return await self.guarded_request(
"openeo_discover",
"https://earthengine.google.openeo.cloud/.well-known/openeo"
)
async def openeo_list_collections(self, bbox: str = None) -> AdapterResponse:
"""GET /collections β Sentinel-2, Sentinel-1, etc."""
params = {"bbox": bbox} if bbox else {}
return await self.guarded_request(
"openeo_collections",
"https://earthengine.google.openeo.cloud/collections",
params=params
)
async def openeo_create_process(self, process_graph: dict) -> AdapterResponse:
"""POST /result β Cloud-Processing starten"""
return await self.guarded_request(
"openeo_process",
"https://earthengine.google.openeo.cloud/result",
params=process_graph
)
# ββ Copernicus Data Space (STAC) ββββββββββββββββββββββββββββββββ
async def stac_search(self, collections: list, datetime_range: str,
bbox: list = None, limit: int = 10) -> AdapterResponse:
"""POST /search β STAC Item Search"""
body = {
"collections": collections, # ["sentinel-2-l2a"]
"datetime": datetime_range, # "2026-01-01T00:00:00Z/2026-04-01T00:00:00Z"
"limit": limit
}
if bbox:
body["bbox"] = bbox
return await self.guarded_request(
"stac_search",
"https://datahub.copernicus.eu/api/stac/v1/search",
params=body
)
async def stac_get_item(self, collection_id: str, item_id: str) -> AdapterResponse:
"""GET /collections/{cid}/items/{iid}"""
return await self.guarded_request(
"stac_item",
f"https://datahub.copernicus.eu/api/stac/v1/collections/{collection_id}/items/{item_id}"
)
# ββ Sentinel Hub API ββββββββββββββββββββββββββββββββββββββββββββ
async def sentinel_hub_wms(self, layer: str, bbox: str, time: str,
width: int = 512, height: int = 512) -> AdapterResponse:
"""GET /ogc/wms β Sentinel Hub WMS"""
params = {
"SERVICE": "WMS", "REQUEST": "GetMap", "LAYERS": layer,
"BBOX": bbox, "TIME": time, "WIDTH": width, "HEIGHT": height,
"FORMAT": "image/png", "CRS": "EPSG:4326"
}
return await self.guarded_request(
"sentinel_wms",
"https://services.sentinel-hub.com/ogc/wms/{INSTANCE_ID}",
params=params
)
# ββ ESASky API (Astronomie) βββββββββββββββββββββββββββββββββββββ
async def esasky_query(self, target: str, ra: float, dec: float,
radius: float = 1.0) -> AdapterResponse:
"""IVOA Cone Search via ESASky"""
return await self.guarded_request(
"esasky_cone",
"https://sky.esa.es/esasky/CONESERVICE",
params={"RA": ra, "DEC": dec, "SR": radius, "FORMAT": "VOTable"}
)
async def _authenticate(self) -> Dict[str, str]:
token = self.auth_config.get("esa_token") or os.environ.get("ESA_API_TOKEN", "")
return {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}
async def _get_session(self):
if self._session is None or self._session.closed:
self._session = aiohttp.ClientSession()
return self._session
2.3 CERN Adapter
# adapters/cern_adapter.py
from .base_adapter import BaseAdapter, AdapterResponse
class CERNAdapter(BaseAdapter):
"""Adapter fuer CERN APIs (CAP, Open Data, AMI, CernVM-FS)."""
def name(self) -> str: return "CERN"
# ββ Analysis Preservation (CAP) βββββββββββββββββββββββββββββββββ
async def cap_list_deposits(self) -> AdapterResponse:
"""GET /api/deposits β Liste aller Analysis-Deposits"""
return await self.guarded_request(
"cap_deposits",
"https://analysispreservation.cern.ch/api/deposits"
)
async def cap_create_deposit(self, metadata: dict) -> AdapterResponse:
"""POST /api/deposits β Neues Analysis-Deposit erstellen"""
return await self.guarded_request(
"cap_create",
"https://analysispreservation.cern.ch/api/deposits",
params=metadata
)
async def cap_get_deposit(self, deposit_id: str) -> AdapterResponse:
"""GET /api/deposits/{id}"""
return await self.guarded_request(
"cap_get",
"https://analysispreservation.cern.ch/api/deposits/{deposit_id}"
)
# ββ CERN Open Data Portal βββββββββββββββββββββββββββββββββββββββ
async def opendata_search(self, query: str, collection: str = None) -> AdapterResponse:
"""GET /api/records β Recherche im Open Data Portal"""
params = {"q": query, "size": 20}
if collection:
params["collection"] = collection
return await self.guarded_request(
"opendata_search",
"https://opendata.cern.ch/api/records",
params=params
)
async def opendata_get_record(self, record_id: str) -> AdapterResponse:
"""GET /api/records/{id}"""
return await self.guarded_request(
"opendata_record",
f"https://opendata.cern.ch/api/records/{record_id}"
)
# ββ ATLAS AMI 2.0 (Metadata) ββββββββββββββββββββββββββββββββββββ
async def ami_search(self, dataset: str, run_range: str = None) -> AdapterResponse:
"""GET /ami/metadata β ATLAS Metadata Interface"""
params = {"dataset": dataset}
if run_range:
params["run_range"] = run_range
return await self.guarded_request(
"ami_search",
"https://ami.in2p3.fr/ami/metadata",
params=params
)
# ββ CernVM-FS (Software) ββββββββββββββββββββββββββββββββββββββββ
async def cvmfs_list_repositories(self) -> AdapterResponse:
"""CernVM-FS verfuegbare Repositories auflisten"""
return await self.guarded_request(
"cvmfs_repos",
"https://cvmfs-config.cern.ch/cvmfs/config.cern.ch/.cvmfspublished"
)
async def _authenticate(self) -> Dict[str, str]:
token = self.auth_config.get("cern_token") or os.environ.get("CERN_API_TOKEN", "")
refresh = self.auth_config.get("cern_refresh_token", "")
return {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json",
"X-CERN-Refresh-Token": refresh,
}
async def _get_session(self):
if self._session is None or self._session.closed:
self._session = aiohttp.ClientSession()
return self._session
2.4 EU/GAIA-X Adapter
# adapters/eu_gaiax_adapter.py
from .base_adapter import BaseAdapter, AdapterResponse
class EUGaiaXAdapter(BaseAdapter):
"""Adapter fuer GAIA-X, EU Data Spaces, EOSC."""
def name(self) -> str: return "EU_GaiaX"
# ββ GAIA-X Trust Framework ββββββββββββββββββββββββββββββββββββββ
async def gaiax_participant_check(self, participant_id: str) -> AdapterResponse:
"""Prueft GAIA-X Teilnehmer-Status (Self-Description)"""
return await self.guarded_request(
"gaiax_participant",
f"https://gaia-x.eu/api/participants/{participant_id}"
)
async def gaiax_self_description(self, resource_uri: str) -> AdapterResponse:
"""GET Self-Description eines GAIA-X Resources"""
return await self.guarded_request(
"gaiax_sd",
f"https://gaia-x.eu/api/resources/{resource_uri}/self-description"
)
# ββ EOSC / OpenAIRE Graph βββββββββββββββββββββββββββββββββββββββ
async def openaire_search(self, query: str, funder: str = None,
open_access: bool = True) -> AdapterResponse:
"""GET /api/objects β OpenAIRE Graph Suche"""
params = {"query": query, "openAccess": open_access, "size": 25}
if funder:
params["funder"] = funder
return await self.guarded_request(
"openaire_search",
"https://api.openaire.eu/search/publications",
params=params
)
async def eosc_search(self, query: str, provider: str = None) -> AdapterResponse:
"""EOSC Portal Suche"""
params = {"query": query}
if provider:
params["provider"] = provider
return await self.guarded_request(
"eosc_search",
"https://eosc-portal.eu/api/search",
params=params
)
# ββ EU Data Spaces (Generic) ββββββββββββββββββββββββββββββββββββ
async def dataspace_query(self, space: str, query: dict) -> AdapterResponse:
"""Generic Dataspace Protocol Anfrage"""
return await self.guarded_request(
f"dataspace_{space}",
f"https://data.europa.eu/api/spaces/{space}/query",
params=query
)
async def _authenticate(self) -> Dict[str, str]:
token = self.auth_config.get("eu_token") or os.environ.get("EU_API_TOKEN", "")
return {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json",
"X-GAIA-X-Participant-ID": self.auth_config.get("gaiax_participant_id", ""),
}
async def _get_session(self):
if self._session is None or self._session.closed:
self._session = aiohttp.ClientSession()
return self._session
3. DATENFLUSS β Was flieΓt wohin?
3.1 Eingehende Datenfluesse (Inbound)
ββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ESA (Sentinel) βββββJSON/GeoJSONβββββΊβ ESAAdapter ββββΊβ EpistemicState β
β - Satellitenbilderβ β /collections β β belief: "Sentinel-2 β
β - Prozess-Ergebn. β β /result β β L2A Region X valid" β
β - ESASky VOTable β β /ogc/wms β β status: LIKELY β
ββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CERN (Open Data) βββββJSON/XMLβββββββΊβ CERNAdapter ββββΊβ EpistemicState β
β - Analysis Dep. β β /api/deposits β β belief: "ATLAS Run β
β - Open Data Rec. β β /api/records β β 45678 validated" β
β - AMI Metadata β β /ami/metadata β β status: CERTAIN β
ββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β EU/GAIA-X/EOSC βββββJSONββββββββΊβ EUGaiaXAdapter ββββΊβ EpistemicState β
β - Self-Descript. β β /api/participantsβ β belief: "GAIA-X β
β - OpenAIRE Pubs β β /api/search β β Partner X vertrauens-β
β - Dataspace Query β β /api/spaces/{s} β β wuerdig" β
ββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
3.2 Ausgehende Datenfluesse (Outbound)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PARADOX AI Core β
β β
β EpistemicState βΊ ESAAdapter βΊ POST /result β
β "Region X hat Anomalie" βΊ openEO Process Graph β
β β
β CCRN Decision βΊ CERNAdapter βΊ POST /api/deposits β
β "ML-Modell M validated" βΊ CAP Analysis Deposit β
β β
β Audit Chain βΊ EUGaiaXAdapter βΊ Self-Description β
β "PARADOX AI ist GAIA-X-konform" βΊ Participant Registry β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
3.3 Interne Datenfluesse
External Response βΊ AdapterResponse
β
ββββΊ SHA-256 Hash βΊ Decision Chain (audit_log.jsonl)
β
ββββΊ EpistemicBelief (CERTAIN/LIKELY/POSSIBLE/UNCERTAIN)
β β
β ββββΊ K(t) β verified durch Cross-Validation
β β (z.B. Sentinel-2 + Sentinel-1 bestaetigen Anomalie)
β β
β ββββΊ E(t) β estimated, bedarf weiterer Validierung
β (z.B. ESASky VOTable mit niedriger Aufloesung)
β
ββββΊ CCRN kappa recalc β wenn kappa < 3.34:
β ββββΊ Task: "Validiere unsichere Beliefs"
β
ββββΊ DDGK Memory β /memory/store
Session-Log fuer spaetere Referenz
4. AUTHENTIFIZIERUNG β Konkrete Verfahren
4.1 ESA/Copernicus
| API | Auth-Verfahren | Endpoint | Token-Typ |
|---|---|---|---|
| openEO | OAuth2 Bearer Token | POST /credentials/basic |
esa_openid_token |
| Copernicus Data Space | Keycloak OIDC | https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token |
access_token (JWT, 10 Min) |
| Sentinel Hub | OAuth2 Client Credentials | https://services.sentinel-hub.com/oauth/token |
client_id + client_secret |
| ESASky | Keine (oeffentlich) | β | β |
Implementierung im Adapter:
# Auth-Flow Copernicus Data Space
async def _auth_copernicus(self) -> str:
async with aiohttp.ClientSession() as session:
async with session.post(
"https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token",
data={
"client_id": self.auth_config["copernicus_client_id"],
"client_secret": self.auth_config["copernicus_client_secret"],
"grant_type": "client_credentials"
}
) as resp:
tokens = await resp.json()
self._token_expiry = time.time() + tokens.get("expires_in", 600)
return tokens["access_token"]
Umgebung in .env:
# ESA / Copernicus
ESA_API_TOKEN=
COPERNICUS_CLIENT_ID=
COPERNICUS_CLIENT_SECRET=
SENTINEL_HUB_CLIENT_ID=
SENTINEL_HUB_CLIENT_SECRET=
SENTINEL_HUB_INSTANCE_ID=
4.2 CERN
| API | Auth-Verfahren | Endpoint | Token-Typ |
|---|---|---|---|
| Analysis Preservation (CAP) | OAuth2 Bearer + Refresh | POST /api/token |
access_token + refresh_token |
| Open Data Portal | API Key (Header) | GET /api/records?apikey=... |
apikey |
| ATLAS AMI 2.0 | CERN SSO (Kerberos) | β | KRB5CCNAME |
| CernVM-FS | Keine (oeffentlich, read-only) | β | β |
# CERN
CERN_API_TOKEN=
CERN_REFRESH_TOKEN=
CERN_API_KEY=
CERN_OIDC_CLIENT_ID=
CERN_OIDC_CLIENT_SECRET=
4.3 EU/GAIA-X
| API | Auth-Verfahren | Endpoint | Token-Typ |
|---|---|---|---|
| GAIA-X Trust Framework | X.509 Zertifikat + DID | Self-Description Signatur | vc-jwt |
| EOSC / OpenAIRE | API Key | Header: X-OpenAIRE-API-Key |
apikey |
| EU Data Spaces | OAuth2 (eIDAS-konform) | IdP des jeweiligen Data Space | JWT |
# EU / GAIA-X
EU_API_TOKEN=
GAIA_X_PARTICIPANT_ID=
OPENAIRE_API_KEY=
EOSC_API_KEY=
4.4 Authentifizierungs-Manager (zentral)
# adapters/auth_manager.py
import asyncio
import time
from typing import Dict, Optional
class AuthManager:
"""Zentrales Token-Management fuer alle externen APIs."""
def __init__(self):
self._tokens: Dict[str, dict] = {} # provider -> {token, expiry, refresh}
async def get_token(self, provider: str) -> Optional[str]:
"""Gibt gueltigen Token zurueck, refreshed wenn noetig."""
if provider not in self._tokens:
return await self._fetch_token(provider)
entry = self._tokens[provider]
if time.time() > entry["expiry"] - 60: # 60s Puffer
return await self._refresh_token(provider, entry)
return entry["token"]
async def _fetch_token(self, provider: str) -> str: ...
async def _refresh_token(self, provider: str, entry: dict) -> str: ...
5. EPISTEMISCHE TRENNUNG β S(t) = K(t) βͺ E(t) fuer Raumfahrt/CERN
5.1 Konzept
Die epistemische Trennung wird auf externe Datenquellen angewendet:
| Ebene | Beschreibung | Beispiel |
|---|---|---|
| K(t) β Known | Daten, die durch mehrere unabhaengige Quellen verifiziert sind | Sentinel-2 L2A Bild + Sentinel-1 SAR bestaetigen gleiche Anomalie in Region X |
| E(t) β Estimated | Daten, die nur aus einer Quelle kommen oder deren Validierung aussteht | ESASky VOTable mit geringer Signifikanz (SNR < 5) |
5.2 Entscheidungsregel
# Aus: cognitive_ddgk/cognitive_ddgk_core.py
# S(t) = K(t) βͺ E(t) | Decision(K) only
def can_decide_on_external_data(epistemic: EpistemicState, key: str) -> bool:
"""
Nur auf K(t) entscheiden β NIE auf E(t) allein.
key = epistemischer Belief-Schluessel (z.B. "esa:sentinel2:anomaly:region_x")
"""
if key in epistemic.known and epistemic.known_confidence.get(key, 0) >= 0.8:
return True # K(t) β verified
return False # E(t) β nicht entscheidbar
5.3 Anwendung auf ESA/CERN-Daten
ESA-Datenpipeline:
ββββββββββββββββββ
1. Sentinel-2 L2A arrives
β
ββββΊ Cross-Validate mit Sentinel-1 SAR
β βββ Uebereinstimmung > 90%? βΊ K(t), confidence = 0.95, status = CERTAIN
β βββ Keine Uebereinstimmung? βΊ E(t), confidence = 0.4, status = UNCERTAIN
β
ββββΊ DDGK Guardian assess: "Darf ich auf E(t) basierend handeln?"
βββ kappa >= 3.34 UND keine kritische Aktion? βΊ ALLOW mit Warnung
βββ Kritische Aktion (z.B. Alarm)? βΊ BLOCK β warte auf K(t)
CERN-Datenpipeline:
βββββββββββββββββββ
1. ATLAS Open Data Record arrives
β
ββββΊ Validiere gegen AMI 2.0 Metadata
β βββ Metadata konsistent? βΊ K(t), confidence = 0.9, status = CERTAIN
β βββ Metadata fehlt/widerspruechlich? βΊ E(t), confidence = 0.3, status = CONTRADICTED
β
ββββΊ DDGK Guardian: "Darf ich ATLAS-Daten in mein ML-Modell einspeisen?"
βββ K(t) validated? βΊ ALLOW
βββ Nur E(t)? βΊ ASK_USER β "ATLAS-Daten haben widerspruechliche Metadata"
5.4 Error Propagation
Fehlerfortpflanzung ist proportional zur Abhaengigkeit von E(t):
Error(S(t)) β reliance_on_E(t) Γ uncertainty(E(t))
Wenn > 50% der Beliefs in E(t) liegen UND durchschnittliche confidence < 0.5:
βββ kappa < 2.0 β SYSTEM STOP β keine automatischen Entscheidungen
6. USE CASES β Konkrete Anwendungen
6.1 Use Case 1: Orbitales ML mit hls4ml (Edge SpAIce)
Beschreibung: ML-Modelle auf FPGA-Chips im Orbit deployen, validiert durch DDGK.
DDGK ββΊ CERN CAP: Hole hls4ml Modell-Spezifikation
ββΊ ESA openEO: Hole Trainingsdaten (Sentinel-2 L2A)
ββΊ EpistemicState: K(t) = {Modell M auf Daten D validiert, accuracy = 0.94}
ββΊ CCRN: kappa = 3.8 (ueber Schwelle)
ββΊ DDGK Guardian: ALLOW β Deploy to Edge
ββΊ CERN CAP: Erstelle Deployment-Deposit
ββΊ Audit Chain: Loggt gesamten Deploy-Vorgang
APIs: CERN CAP /api/deposits, ESA openEO /collections, openEO /result
Datenformate: ONNX (ML-Modell), GeoTIFF (Satellitenbilder), HDF5 (hls4ml weights)
6.2 Use Case 2: Weltraumstrahlungs-Monitoring (SATRAM/SpaceRadMon)
Beschreibung: Timepix-Strahlungsmonitore-Daten in DDGK-gesteuertes Monitoring ueberfuehren.
DDGK ββΊ CERN Open Data: Hole Timepix Kalibrationsdaten
ββΊ ESA ESASky: Hole orbitale Positionsdaten
ββΊ EpistemicState: K(t) = {Strahlungslevel R an Position P = X mSv}
ββΊ Sensor-Server (Port 8001): Schreibe an /sensors/radiation
ββΊ DDGK Guardian: Ueberwache Schwellenwerte
βββ R < 1 mSv? βΊ NORMAL
βββ 1 < R < 5 mSv? βΊ WARNING β Epistemic belief: "Erhoehte Strahlung"
βββ R > 5 mSv? βΊ ALERT β AUTONOMOUS ACTION: Shield aktivieren
ββΊ Audit Chain: Jeder Messwert wird gehasht
APIs: CERN Open Data /api/records, ESASky Cone Search
Datenformate: VOTable (astronomische Daten), JSON (Sensor-Readings), FITS (Strahlungskarten)
6.3 Use Case 3: JUICE-Mission Elektronik-Validierung
Beschreibung: CERN Beschleuniger-Testdaten fuer JUICE-Mission mit DDGK epistemisch validieren.
DDGK ββΊ CERN AMI 2.0: Hole Test-Metadata fuer Elektronik-Komponente K
ββΊ EpistemicState:
K(t) = {"Komponente K bestanden bei 10^12 Protonen/cmΒ²"}
E(t) = {"LangzeitstabilitΓ€t > 5 Jahre unsicher"}
ββΊ DDGK Guardian: "Darf ich K als flight-ready deklarieren?"
βββ kappa fuer K(t) >= 3.34? βΊ ALLOW (mit E(t)-Warnung)
βββ kappa < 3.34? βΊ BLOCK β zusaetzliche Tests erforderlich
ββΊ CERN CAP: Erstelle Validation-Report als Deposit
APIs: CERN AMI /ami/metadata, CERN CAP /api/deposits
Datenformate: JSON (Metadata), XML (Validation Reports), ROOT (CERN ntuple data)
6.4 Use Case 4: EU AI Act Compliance fuer ESA/CERN-Partner
Beschreibung: DDGK als Compliance-Engine fuer ESA/CERN-Partner, die KI-Systeme einsetzen.
Partner-System P ββΊ DDGK /legal/assess: "Ist unser ESA-ML-System EU AI Act konform?"
ββΊ DDGK Legal Agent:
Domain = "infrastructure" (Satellitenbetrieb)
Art. 6 (Hochrisiko): Ja
Art. 9 (Risikomanagement): DDGK Guardian deckt ab
Art. 13 (Transparenz): Decision Chain deckt ab
Art. 14 (Aufsicht): HITL Bridge deckt ab
ββΊ EUGaiaXAdapter: Registriere P als GAIA-X-konformen Teilnehmer
POST /api/participants/{P}/self-description
ββΊ Ergebnis: Compliance Report als JSON + Audit Chain Export
APIs: DDGK /legal/assess, GAIA-X /api/participants/{id}/self-description
Datenformate: JSON (Compliance Reports), JSONL (Audit Chain), VCDM (GAIA-X Self-Description)
6.5 Use Case 5: Euclid-Weltraumteleskop β CERN Science Ground Segment
Beschreibung: DDGK orchestriert Datenverarbeitung von Euclid-Beobachtungen.
DDGK ββΊ ESA openEO: Starte Process Graph fuer Euclid-Daten
POST /result {
"process_graph": {
"load_collection": {"id": "euclid-vis", "spatial_extent": {...}},
"apply": {"process_id": "calibrate_euclid"},
"save_result": {"format": "GeoTIFF"}
}
}
ββΊ Poll Status: GET /jobs/{job_id}
ββΊ Bei Abschluss: Hole Ergebnis, validiere mit CERN Open Data (Kreuzreferenz)
ββΊ EpistemicState: K(t) = {"Euclid-Daten kalibriert, ChiΒ² = 1.02"}
ββΊ OpenAIRE: Publiziere Ergebnis
POST /api/objects {title: "Euclid Calibration Report", ...}
APIs: ESA openEO /result, /jobs/{id}, CERN Open Data /api/records, OpenAIRE /api/objects
Datenformate: FITS (Euclid-Daten), GeoTIFF (kalibriert), JSON-LD (OpenAIRE Metadata)
7. FOERDERUNG β ESA/CERN/EU Programme
7.1 ESA Foerderung
| Programm | Ziel | Deadline | Foerdersumme | Passung |
|---|---|---|---|---|
| ESA PhiLab | Quanten-ML, hls4ml, Edge AI | Rolling | 100-500k EUR | hls4ml auf FPGA (Edge SpAIce) |
| ESA GSP (General Support Technology Programme) | KI fuer Satellitenbetrieb | Jaehrlich | 200k-1M EUR | DDGK als autonomes Governance-System |
| ESA PECS (Plan for European Cooperating States) | Kapazitaetsaufbau | Rolling | 50-200k EUR | Epistemic State formalismus |
| ESA SCI-AI | KI in der Weltraumwissenschaft | 2026 Q3 | 300k-800k EUR | Euclid-Datenanalyse mit DDGK |
Konkreter Antrag:
- Titel: "DDGK β Distributed Dynamic Governance Kernel for Autonomous Space AI Systems"
- Programm: ESA GSP oder PhiLab
- Partner: CERN (Edge SpAIce), PARADOX AI (DDGK), [Uni-Partner]
- Budget: 450k EUR, 18 Monate
7.2 CERN Foerderung/Kooperation
| Programm | Ziel | Passung |
|---|---|---|
| CERN Openlab | Industrie-Kooperationen | DDGK als Governance-Engine fuer CERN ML |
| CERN Knowledge Transfer | Spin-off von CERN-Technologien | Epistemic State aus Raumfahrt-Requirements |
| CERN analysis-preservation | Reproduzierbare Analysen | DDGK Audit Chain fuer CAP Deposits |
7.3 EU Foerderung
| Programm | Ziel | Deadline | Foerdersumme | Passung |
|---|---|---|---|---|
| Horizon Europe β Cluster 4 (Digital) | KI-Souveraenitaet, GAIA-X | 2026 Q4 | 2-5M EUR | DDGK als EU AI Act Compliance-Engine |
| EIC Pathfinder | Disruptive Technologien | 2026 Q2 | 2.5-4M EUR | CCRN als neue Bewusstseinsmetrik |
| Horizon Europe β Space | Satelliten-KI, Copernicus | 2026 Q3 | 3-10M EUR | DDGK + Sentinel-Daten |
| Digital Europe Programme | AI-on-demand Platform | 2026 Q2 | 1-3M EUR | DDGK API als Governance-Dienst |
| ESA-EU Copernicus Contrib. | Copernicus Downstream | Rolling | 500k-2M EUR | DDGK-gesteuerte Satelliten-Datenanalyse |
Priorisierter Antrag:
- EIC Pathfinder Open 2026: "PARADOX AI β Conscious Governance for Autonomous Systems"
- Budget: 3.5M EUR, 36 Monate
- Konsortium: PARADOX AI (Coordinator), CERN, ESA, [2 Universitaeten], [1 Industrie-Partner]
8. ROADMAP β Schritt-fuer-Schritt
Phase 0: Vorbereitung (Woche 1-2)
[ ] .env erweitern um ESA/CERN/EU Credentials
[ ] adapters/ Verzeichnis anlegen
[ ] BaseAdapter + AuthManager implementieren
[ ] Unit-Tests fuer Auth-Flows
[ ] DDGK Guardian um "external_api" Action erweitern
Phase 1: ESA-Anbindung (Woche 3-6)
[ ] ESAAdapter implementieren (openEO, Copernicus STAC, Sentinel Hub)
[ ] Copernicus OIDC Auth-Flow mit Token-Refresh
[ ] EpistemicState um "external_source" Tracking erweitern
[ ] Test: Sentinel-2 L2A Collection abfragen β EpistemicBelief erstellen
[ ] DDGK /assess erweitern: "Darf ich Sentinel-Daten herunterladen?"
[ ] Dokumentation: docs/ESA_INTEGRATION.md
Phase 2: CERN-Anbindung (Woche 7-10)
[ ] CERNAdapter implementieren (CAP, Open Data, AMI)
[ ] CERN OAuth2 Token-Flow
[ ] Test: CAP Deposit erstellen β Audit Chain Eintrag
[ ] EpistemicState: CERN-Daten als K(t)/E(t) klassifizieren
[ ] Cross-Validation: ESA + CERN Daten kombinieren
[ ] Dokumentation: docs/CERN_INTEGRATION.md
Phase 3: EU/GAIA-X-Anbindung (Woche 11-14)
[ ] EUGaiaXAdapter implementieren
[ ] GAIA-X Self-Description fuer PARADOX AI erstellen
[ ] OpenAIRE Graph Integration
[ ] DDGK /legal/assess EU AI Act Report generieren
[ ] Audit Chain Export als Compliance-Report
[ ] Dokumentation: docs/EU_GAIAX_INTEGRATION.md
Phase 4: Produktion (Woche 15-18)
[ ] Alle Adapter im DDGK API Server registrieren
[ ] Neue Endpoints:
POST /api/v1/esa/query
POST /api/v1/cern/query
POST /api/v1/eu/compliance
GET /api/v1/epistemic
[ ] Monitoring: Prometheus Metrics fuer API-Calls
[ ] Rate-Limiting pro Provider
[ ] Error-Handling: Retry mit exponential Backoff
[ ] Dokumentation: docs/API_REFERENCE.md
Phase 5: Foerderantraege (Woche 19-24)
[ ] EIC Pathfinder Antrag schreiben
[ ] ESA GSP Proposal
[ ] GAIA-X Contributor Agreement
[ ] Zenodo/arXiv Paper: "DDGK: Epistemic Governance for Space AI"
[ ] Demo: Live-Anbindung an ESA openEO + CERN CAP
9. TECHNISCHE SPEZIFIKATION
9.1 Protokolle
| Kommunikation | Protokoll | Format |
|---|---|---|
| DDGK Intern | HTTP/REST (FastAPI) | JSON |
| DDGK β ESA | HTTPS + OAuth2 | JSON, GeoJSON, STAC JSON |
| DDGK β CERN | HTTPS + OAuth2 | JSON, XML (Invenio), ROOT |
| DDGK β GAIA-X | HTTPS + X.509 | JSON-LD (Self-Description) |
| DDGK β Sensor | HTTP (Port 8001) | JSON |
| DDGK β Note10 | HTTP (Port 5001) | JSON |
| DDGK Audit | File-basiert | JSONL + SHA-256 Chain |
| ROS2 Bridge | DDS/RTPS | ROS2 Messages |
9.2 Neue DDGK API Endpoints
POST /api/v1/esa/query
Body: {"api": "openeo"|"stac"|"sentinel_hub"|"esasky", "params": {...}}
Auth: X-API-Key
Response: {"success": bool, "data": {...}, "epistemic_status": str, "belief_id": str}
POST /api/v1/cern/query
Body: {"api": "cap"|"opendata"|"ami", "params": {...}}
Auth: X-API-Key
Response: {"success": bool, "data": {...}, "epistemic_status": str, "belief_id": str}
POST /api/v1/eu/compliance
Body: {"system_description": str, "domain": str}
Auth: X-API-Key
Response: {"eu_ai_act": {...}, "gaia_x": {...}, "coverage_percent": int}
GET /api/v1/epistemic
Query: ?agent_id=1&min_confidence=0.7
Auth: X-API-Key
Response: {"beliefs": [...], "kappa": float, "kt_count": int, "et_count": int}
POST /api/v1/adapters/reload
Body: {} (Konfigurations-Reload aller Adapter)
Auth: X-API-Key (tier: internal only)
Response: {"adapters": ["ESA", "CERN", "EU_GaiaX"], "status": "ok"}
9.3 Datenformate
| Zweck | Format | Spezifikation |
|---|---|---|
| Sentinel-2 L2A | GeoTIFF (COG) | OGC GeoTIFF, Cloud-Optimized |
| Sentinel-1 SAR | GeoTIFF (Complex) | ESA SAFE-Format |
| STAC Items | JSON | STAC Spec v1.0.0 |
| openEO Process Graph | JSON | openEO Processes Spec |
| ESASky Ergebnisse | VOTable | IVOA VOTable v1.3 |
| CERN CAP Deposits | JSON-LD | InvenioRDM Schema |
| CERN Open Data | JSON | Invenio v3 Schema |
| ATLAS AMI | JSON | AMI 2.0 REST API |
| GAIA-X Self-Description | JSON-LD | W3C Verifiable Credentials Data Model |
| OpenAIRE | XML/JSON | OpenAIRE REST API v4 |
| DDGK Audit Chain | JSONL | SHA-256 verkettet |
| EpistemicState | JSON | Eigenes Schema (s. epistemic_state.py) |
| CCRN Decision | JSON | Eigenes Schema (kappa, phi_i, R) |
9.4 Error-Handling
ERROR_CODES = {
# DDGK-spezifisch
"DDGK_GUARDIAN_BLOCK": 451, # Guardian hat Anfrage blockiert
"DDGK_LOW_KAPPA": 452, # kappa < 3.34 β keine Entscheidung moeglich
"DDGK_EPistemic_UNCERTAIN": 453, # Nur E(t) verfuegbar
"DDGK_REQUIRES_HUMAN": 454, # Human-in-the-Loop erforderlich
# External API
"ESA_AUTH_EXPIRED": 501, # ESA Token abgelaufen
"ESA_RATE_LIMIT": 502, # ESA Rate Limit erreicht
"ESA_COLLECTION_NOT_FOUND": 503,
"CERN_CAP_UNAVAILABLE": 510, # CAP Server down
"CERN_TOKEN_REFRESH_FAIL": 511,
"GAIAX_PARTICIPANT_UNKNOWN": 520,
"OPENAIRE_SEARCH_FAIL": 521,
}
9.5 Verzeichnisstruktur
ORION-ROS2-Consciousness-Node/
βββ adapters/
β βββ __init__.py
β βββ base_adapter.py # BaseAdapter, AdapterResponse
β βββ auth_manager.py # AuthManager (zentrales Token-Mgmt)
β βββ esa_adapter.py # ESAAdapter (openEO, STAC, Sentinel Hub, ESASky)
β βββ cern_adapter.py # CERNAdapter (CAP, Open Data, AMI, CernVM-FS)
β βββ eu_gaiax_adapter.py # EUGaiaXAdapter (GAIA-X, EOSC, OpenAIRE)
β βββ test/
β βββ test_esa_adapter.py
β βββ test_cern_adapter.py
β βββ test_eu_gaiax_adapter.py
βββ ddgk_api_server.py # Bestehend β erweitert um neue Endpoints
βββ cognitive_ddgk/
β βββ cognitive_ddgk_core.py # Bestehend β EpistemicState
βββ autonomous/
β βββ epistemic_state.py # Bestehend β EpistemicState
βββ docs/
β βββ ESA_INTEGRATION.md
β βββ CERN_INTEGRATION.md
β βββ EU_GAIAX_INTEGRATION.md
β βββ API_REFERENCE.md
βββ .env # ESA/CERN/EU Credentials (nicht committen)
10. GESCHAEFTSMODELL β Mehrwert fuer ESA/CERN/EU
10.1 Wertangebot
| Stakeholder | Problem | PARADOX AI Loesung | Wert |
|---|---|---|---|
| ESA | Autonome Satelliten-Systeme brauchen verlaessliche Entscheidungslogik | DDGK Guardian + Epistemic State = auditierbare Autonomie | EU AI Act Compliance fuer ESA-ML-Systeme |
| CERN | Analysen muessen reproduzierbar und nachvollziehbar sein | DDGK Audit Chain + CAP Integration = manipulations-sichere Protokollierung | FAIR + Auditierbar + SHA-256 verifiziert |
| EU/GAIA-X | Daten-Souveraenitaet erfordert nachweisbare Compliance | DDGK Legal Agent + GAIA-X Self-Description = automatisierter Compliance-Report | EU AI Act Art. 9/13/14 abgedeckt |
| Industrie-Kunden | Hochrisiko-KI-Systeme brauchen Zulassung | DDGK /legal/assess + Audit Chain = Zulassungsunterlage | 6-12 Monate kuerzere Zulassungszeit |
10.2 Geschaftsmodell
Tier 1: Starter (kostenlos)
- DDGK API Demo-Key
- 100 Requests/Monat
- Basis Guardian Assessment
- Oeffentliche Dokumentation
Tier 2: Pilot (500 EUR/Monat)
- 5.000 Requests/Monat
- Vollstaendiger Guardian v2
- ESA/CERN Adapter-Zugang
- Audit Chain Export
- EpistemicState Dashboard
Tier 3: Enterprise (2.000 EUR/Monat)
- 50.000 Requests/Monat
- Alle Adapter (ESA + CERN + GAIA-X)
- EU AI Act Compliance Reports
- Custom EpistemicState Konfiguration
- Dedizierter Support
- On-Premise Deployment moeglich
Tier 4: Research Partner (kostenlos, Antrag-basiert)
- Vollzugang fuer akademische Partner
- ESA/CERN/EU Foerderprojekte
- Co-Autorenschaft bei Publikationen
- Early Access auf neue Features
10.3 Revenue-Projektion
| Jahr | Kunden | ARR | Kosten | Gewinn |
|---|---|---|---|---|
| 2026 | 3 Pilot + 2 Research | 180k EUR | 350k EUR | -170k EUR |
| 2027 | 10 Pilot + 3 Enterprise | 420k EUR | 280k EUR | +140k EUR |
| 2028 | 20 Pilot + 8 Enterprise + 1 Foerderung | 960k EUR | 420k EUR | +540k EUR |
Break-even: Q2 2027 Foerderung (EIC Pathfinder 3.5M EUR): Runway bis 2029
ANHANG A: EpistemicState Schema (JSON)
{
"agent_id": 9,
"agent_name": "Code Architektur",
"beliefs": {
"a3f8b2c1": {
"belief_id": "a3f8b2c1",
"content": "Sentinel-2 L2A zeigt Anomalie in Region X (lat=47.2, lon=11.4)",
"status": "certain",
"confidence": 0.92,
"evidence": [
"sentinel2:L2A:2026-04-01:tile_33T",
"sentinel1:GRD:2026-04-01:tile_33T"
],
"source": "esa:openeo",
"timestamp": "2026-04-09T14:30:00+00:00",
"expires": ""
}
},
"uncertainties": ["d4e7f1a2"],
"last_updated": "2026-04-09T14:30:00+00:00",
"kappa_score": 3.52,
"version": 14,
"hash": "sha256...",
"prev_hash": "sha256..."
}
ANHANG B: CCRN kappa-Formel fuer externe Daten
ΞΊ = Ξ£(Ο_i) + R Γ ln(N+1)
Ο_i = Einzel-Phi-Wert einer Datenquelle
Ο_ESA = 0.85 (Sentinel-2 + Sentinel-1 cross-validiert)
Ο_CERN = 0.90 (CAP Deposit + AMI Metadata validiert)
Ο_EU = 0.75 (GAIA-X Self-Description verifiziert)
R = Resonanzfaktor (0 < R < 1)
R = 0.93 (DDGK Standard, kalibriert)
N = Anzahl verbundener Knoten
N = 3 (Laptop, Pi5, Note10)
Beispiel:
ΞΊ = 0.85 + 0.90 + 0.75 + 0.93 Γ ln(4)
ΞΊ = 2.50 + 0.93 Γ 1.386
ΞΊ = 2.50 + 1.289
ΞΊ = 3.789 β₯ 3.34 β KONSENS ERREICHT
ANHANG C: DDGK Guardian Decision Matrix fuer externe APIs
| Aktion | Quelle | kappa | Entscheidung |
|---|---|---|---|
| Sentinel-Daten herunterladen | ESA | egal | ALLOW (ungefaehrlich) |
| Sentinel-Daten in ML-Modell verwenden | ESA + DDGK | β₯ 3.34 | ALLOW |
| Sentinel-Daten in ML-Modell verwenden | ESA nur | < 3.34 | ASK_USER |
| CERN Deposit erstellen | CERN + DDGK | β₯ 3.34 | ALLOW |
| CERN Deposit erstellen | CERN nur | < 3.34 | ASK_USER |
| GAIA-X Self-Description signieren | GAIA-X + DDGK | β₯ 3.34 | ALLOW |
| GAIA-X Self-Description signieren | GAIA-X nur | < 3.34 | BLOCK |
| Strahlungsalarm ausloesen | Sensor + ESA | β₯ 3.34 | ALLOW (kritisch) |
| Strahlungsalarm ausloesen | Sensor nur | < 3.34 | ASK_USER |
| Firmware auf Satelliten flashen | CERN + ESA | β₯ 4.0 | ALLOW (nur mit erhohtem Threshold) |
| Firmware auf Satelliten flashen | beliebig | < 4.0 | BLOCK |
NΓ€chster Schritt: Adapter-Verzeichnis anlegen, BaseAdapter + AuthManager implementieren, ESA OIDC-Auth-Flow testen.