ORION-Runtime / docs /ESA_CERN_EU_INTERFACE_CONCEPT.md
Alvoradozerouno's picture
ORION System Update 2026-05-12: Multi-Agent Discussion, KRIA Validation, Agent Refactor, DDGK->ORION Migration
da3e674
|
Raw
History Blame Contribute Delete
46.2 kB

PARADOX AI β€” ESA/CERN/EU SCHNITTSTELLENSYSTEM

Technisches Gesamtkonzept der Agenten 1, 5, 9, 13, 17

Datum: 09. April 2026 Status: Entwurf v1.0 Basis: DDGK API Server (Port 8000), EpistemicState (ESA Section 3), CCRN kappa-Formalismus


1. ARCHITEKTUR β€” DDGK als zentraler Governance-Hub

1.1 Gesamttopologie

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                     PARADOX AI CORE (Laptop/Pi5)                     β”‚
β”‚                                                                      β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚
β”‚  β”‚  DDGK API      β”‚  β”‚  CCRN        β”‚  β”‚  EpistemicState Manager  β”‚ β”‚
β”‚  β”‚  FastAPI :8000 │◄──  Governance  │◄──  S(t) = K(t) βˆͺ E(t)      β”‚ β”‚
β”‚  β”‚  /assess       β”‚  β”‚  ΞΊ β‰₯ 3.34    β”‚  β”‚  Knowledge/Estimate      β”‚ β”‚
β”‚  β”‚  /status       β”‚  β”‚  phi-Scores  β”‚  β”‚  Separation Layer        β”‚ β”‚
β”‚  β”‚  /memory       β”‚  β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚
β”‚  β”‚  /audit        β”‚         β”‚                      β”‚                 β”‚
β”‚  β”‚  /legal        β”‚         β–Ό                      β–Ό                 β”‚
β”‚  β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”   β”‚
β”‚         β”‚            β”‚         ADAPTER ORCHESTRATOR              β”‚   β”‚
β”‚         β”‚            β”‚  Unified Connector Registry               β”‚   β”‚
β”‚         β”‚            β”‚  - ESAAdapter  - CERNAdapter - EUAdapter  β”‚   β”‚
β”‚         β”‚            β”‚  - AuthManager - RetryHandler - Cache     β”‚   β”‚
β”‚         β”‚            β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
          β”‚                   β”‚           β”‚           β”‚
     β”Œβ”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”        β”Œβ”€β”€β”€β”€β–Όβ”€β”€β”€β”  β”Œβ”€β”€β”€β”€β–Όβ”€β”€β”€β”  β”Œβ”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”
     β”‚  ESA    β”‚        β”‚ CERN   β”‚  β”‚ GAIA-X β”‚  β”‚ EOSC/   β”‚
     β”‚  APIs   β”‚        β”‚ APIs   β”‚  β”‚ / EU   β”‚  β”‚ OpenAIREβ”‚
     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜        β””β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

1.2 Prinzipien

  • DDGK first: Jede externe API-Anfrage durchlaeuft den DDGK Guardian (/assess) bevor sie ausgefuehrt wird.
  • Epistemic Tracking: Jeder API-Response wird als EpistemicBelief klassifiziert (CERTAIN/LIKELY/POSSIBLE/UNCERTAIN).
  • Audit Chain: Alle externen Datenfluesse werden in der SHA-256 Decision Chain protokolliert.
  • CCRN Resonanz: Systementscheidungen (z.B. "Satellitendaten fuer Modell X verwenden") erfordern kappa >= 3.34.

2. ADAPTER-LAYER β€” Konkrete Umsetzung

2.1 Basis-Adapter Klasse

# adapters/base_adapter.py
from abc import ABC, abstractmethod
from dataclasses import dataclass
from typing import Dict, Any, Optional
import aiohttp
import time

@dataclass
class AdapterResponse:
    success: bool
    data: Any
    epistemic_status: str  # "certain" | "likely" | "possible" | "uncertain"
    source: str
    ttl_seconds: int
    error: Optional[str] = None

class BaseAdapter(ABC):
    """Basis aller externen Adapter. Implementiert Auth, Retry, Caching, Epistemic-Tracking."""

    def __init__(self, auth_config: Dict[str, str], ddgk_assess_url: str = "http://localhost:8000/api/v1/assess"):
        self.auth_config = auth_config
        self.ddgk_assess_url = ddgk_assess_url
        self._session: Optional[aiohttp.ClientSession] = None
        self._cache: Dict[str, tuple] = {}  # key -> (data, timestamp)

    @abstractmethod
    async def _get_session(self) -> aiohttp.ClientSession: ...

    @abstractmethod
    async def _authenticate(self) -> Dict[str, str]: ...

    @abstractmethod
    def name(self) -> str: ...

    async def guarded_request(self, action: str, url: str, params: Dict = None) -> AdapterResponse:
        """Jede Anfrage durchlaeuft DDGK Guardian vor der Ausfuehrung."""
        # 1. DDGK Guardian Assessment
        assess = await self._ddgk_assess(action, url, params)
        if assess.get("decision") == "BLOCK":
            return AdapterResponse(success=False, data=None, epistemic_status="uncertain",
                                   source=self.name(), ttl_seconds=0,
                                   error=f"DDGK Guardian blocked: {assess.get('reasons', [])}")

        # 2. Cache pruefen
        cache_key = f"{self.name()}:{url}:{str(params)}"
        if cache_key in self._cache:
            cached, ts = self._cache[cache_key]
            if time.time() - ts < 300:  # 5 Min TTL
                return AdapterResponse(success=True, data=cached, epistemic_status="certain",
                                       source=self.name(), ttl_seconds=300)

        # 3. Auth Headers
        headers = await self._authenticate()

        # 4. HTTP Request mit Retry
        session = await self._get_session()
        try:
            async with session.get(url, params=params, headers=headers) as resp:
                resp.raise_for_status()
                data = await resp.json()
                self._cache[cache_key] = (data, time.time())
                return AdapterResponse(success=True, data=data, epistemic_status="likely",
                                       source=self.name(), ttl_seconds=600)
        except Exception as e:
            return AdapterResponse(success=False, data=None, epistemic_status="uncertain",
                                   source=self.name(), ttl_seconds=0, error=str(e))

    async def _ddgk_assess(self, action: str, url: str, params: Dict) -> Dict:
        """Fragt DDGK Guardian ab."""
        import requests
        try:
            r = requests.post(self.ddgk_assess_url, json={
                "action": f"{self.name()}:{action}",
                "tool_name": "external_api",
                "tool_args": {"url": url, "params": params},
                "user_approved": False,
                "transcript": f"External API call to {url}"
            }, headers={"X-API-Key": os.environ.get("DDGK_API_KEY", "ddgk-demo-key-2026")})
            return r.json()
        except:
            return {"decision": "ASK_USER", "reasons": ["DDGK unreachable"]}

2.2 ESA Adapter

# adapters/esa_adapter.py
from .base_adapter import BaseAdapter, AdapterResponse

class ESAAdapter(BaseAdapter):
    """Adapter fuer alle ESA/Copernicus APIs."""

    def name(self) -> str: return "ESA"

    # ── openEO API ──────────────────────────────────────────────────
    async def openeo_discover(self) -> AdapterResponse:
        """GET /credentials/.well-known/openeo"""
        return await self.guarded_request(
            "openeo_discover",
            "https://earthengine.google.openeo.cloud/.well-known/openeo"
        )

    async def openeo_list_collections(self, bbox: str = None) -> AdapterResponse:
        """GET /collections β€” Sentinel-2, Sentinel-1, etc."""
        params = {"bbox": bbox} if bbox else {}
        return await self.guarded_request(
            "openeo_collections",
            "https://earthengine.google.openeo.cloud/collections",
            params=params
        )

    async def openeo_create_process(self, process_graph: dict) -> AdapterResponse:
        """POST /result β€” Cloud-Processing starten"""
        return await self.guarded_request(
            "openeo_process",
            "https://earthengine.google.openeo.cloud/result",
            params=process_graph
        )

    # ── Copernicus Data Space (STAC) ────────────────────────────────
    async def stac_search(self, collections: list, datetime_range: str,
                          bbox: list = None, limit: int = 10) -> AdapterResponse:
        """POST /search β€” STAC Item Search"""
        body = {
            "collections": collections,  # ["sentinel-2-l2a"]
            "datetime": datetime_range,   # "2026-01-01T00:00:00Z/2026-04-01T00:00:00Z"
            "limit": limit
        }
        if bbox:
            body["bbox"] = bbox
        return await self.guarded_request(
            "stac_search",
            "https://datahub.copernicus.eu/api/stac/v1/search",
            params=body
        )

    async def stac_get_item(self, collection_id: str, item_id: str) -> AdapterResponse:
        """GET /collections/{cid}/items/{iid}"""
        return await self.guarded_request(
            "stac_item",
            f"https://datahub.copernicus.eu/api/stac/v1/collections/{collection_id}/items/{item_id}"
        )

    # ── Sentinel Hub API ────────────────────────────────────────────
    async def sentinel_hub_wms(self, layer: str, bbox: str, time: str,
                               width: int = 512, height: int = 512) -> AdapterResponse:
        """GET /ogc/wms β€” Sentinel Hub WMS"""
        params = {
            "SERVICE": "WMS", "REQUEST": "GetMap", "LAYERS": layer,
            "BBOX": bbox, "TIME": time, "WIDTH": width, "HEIGHT": height,
            "FORMAT": "image/png", "CRS": "EPSG:4326"
        }
        return await self.guarded_request(
            "sentinel_wms",
            "https://services.sentinel-hub.com/ogc/wms/{INSTANCE_ID}",
            params=params
        )

    # ── ESASky API (Astronomie) ─────────────────────────────────────
    async def esasky_query(self, target: str, ra: float, dec: float,
                           radius: float = 1.0) -> AdapterResponse:
        """IVOA Cone Search via ESASky"""
        return await self.guarded_request(
            "esasky_cone",
            "https://sky.esa.es/esasky/CONESERVICE",
            params={"RA": ra, "DEC": dec, "SR": radius, "FORMAT": "VOTable"}
        )

    async def _authenticate(self) -> Dict[str, str]:
        token = self.auth_config.get("esa_token") or os.environ.get("ESA_API_TOKEN", "")
        return {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}

    async def _get_session(self):
        if self._session is None or self._session.closed:
            self._session = aiohttp.ClientSession()
        return self._session

2.3 CERN Adapter

# adapters/cern_adapter.py
from .base_adapter import BaseAdapter, AdapterResponse

class CERNAdapter(BaseAdapter):
    """Adapter fuer CERN APIs (CAP, Open Data, AMI, CernVM-FS)."""

    def name(self) -> str: return "CERN"

    # ── Analysis Preservation (CAP) ─────────────────────────────────
    async def cap_list_deposits(self) -> AdapterResponse:
        """GET /api/deposits β€” Liste aller Analysis-Deposits"""
        return await self.guarded_request(
            "cap_deposits",
            "https://analysispreservation.cern.ch/api/deposits"
        )

    async def cap_create_deposit(self, metadata: dict) -> AdapterResponse:
        """POST /api/deposits β€” Neues Analysis-Deposit erstellen"""
        return await self.guarded_request(
            "cap_create",
            "https://analysispreservation.cern.ch/api/deposits",
            params=metadata
        )

    async def cap_get_deposit(self, deposit_id: str) -> AdapterResponse:
        """GET /api/deposits/{id}"""
        return await self.guarded_request(
            "cap_get",
            "https://analysispreservation.cern.ch/api/deposits/{deposit_id}"
        )

    # ── CERN Open Data Portal ───────────────────────────────────────
    async def opendata_search(self, query: str, collection: str = None) -> AdapterResponse:
        """GET /api/records β€” Recherche im Open Data Portal"""
        params = {"q": query, "size": 20}
        if collection:
            params["collection"] = collection
        return await self.guarded_request(
            "opendata_search",
            "https://opendata.cern.ch/api/records",
            params=params
        )

    async def opendata_get_record(self, record_id: str) -> AdapterResponse:
        """GET /api/records/{id}"""
        return await self.guarded_request(
            "opendata_record",
            f"https://opendata.cern.ch/api/records/{record_id}"
        )

    # ── ATLAS AMI 2.0 (Metadata) ────────────────────────────────────
    async def ami_search(self, dataset: str, run_range: str = None) -> AdapterResponse:
        """GET /ami/metadata β€” ATLAS Metadata Interface"""
        params = {"dataset": dataset}
        if run_range:
            params["run_range"] = run_range
        return await self.guarded_request(
            "ami_search",
            "https://ami.in2p3.fr/ami/metadata",
            params=params
        )

    # ── CernVM-FS (Software) ────────────────────────────────────────
    async def cvmfs_list_repositories(self) -> AdapterResponse:
        """CernVM-FS verfuegbare Repositories auflisten"""
        return await self.guarded_request(
            "cvmfs_repos",
            "https://cvmfs-config.cern.ch/cvmfs/config.cern.ch/.cvmfspublished"
        )

    async def _authenticate(self) -> Dict[str, str]:
        token = self.auth_config.get("cern_token") or os.environ.get("CERN_API_TOKEN", "")
        refresh = self.auth_config.get("cern_refresh_token", "")
        return {
            "Authorization": f"Bearer {token}",
            "Content-Type": "application/json",
            "X-CERN-Refresh-Token": refresh,
        }

    async def _get_session(self):
        if self._session is None or self._session.closed:
            self._session = aiohttp.ClientSession()
        return self._session

2.4 EU/GAIA-X Adapter

# adapters/eu_gaiax_adapter.py
from .base_adapter import BaseAdapter, AdapterResponse

class EUGaiaXAdapter(BaseAdapter):
    """Adapter fuer GAIA-X, EU Data Spaces, EOSC."""

    def name(self) -> str: return "EU_GaiaX"

    # ── GAIA-X Trust Framework ──────────────────────────────────────
    async def gaiax_participant_check(self, participant_id: str) -> AdapterResponse:
        """Prueft GAIA-X Teilnehmer-Status (Self-Description)"""
        return await self.guarded_request(
            "gaiax_participant",
            f"https://gaia-x.eu/api/participants/{participant_id}"
        )

    async def gaiax_self_description(self, resource_uri: str) -> AdapterResponse:
        """GET Self-Description eines GAIA-X Resources"""
        return await self.guarded_request(
            "gaiax_sd",
            f"https://gaia-x.eu/api/resources/{resource_uri}/self-description"
        )

    # ── EOSC / OpenAIRE Graph ───────────────────────────────────────
    async def openaire_search(self, query: str, funder: str = None,
                              open_access: bool = True) -> AdapterResponse:
        """GET /api/objects β€” OpenAIRE Graph Suche"""
        params = {"query": query, "openAccess": open_access, "size": 25}
        if funder:
            params["funder"] = funder
        return await self.guarded_request(
            "openaire_search",
            "https://api.openaire.eu/search/publications",
            params=params
        )

    async def eosc_search(self, query: str, provider: str = None) -> AdapterResponse:
        """EOSC Portal Suche"""
        params = {"query": query}
        if provider:
            params["provider"] = provider
        return await self.guarded_request(
            "eosc_search",
            "https://eosc-portal.eu/api/search",
            params=params
        )

    # ── EU Data Spaces (Generic) ────────────────────────────────────
    async def dataspace_query(self, space: str, query: dict) -> AdapterResponse:
        """Generic Dataspace Protocol Anfrage"""
        return await self.guarded_request(
            f"dataspace_{space}",
            f"https://data.europa.eu/api/spaces/{space}/query",
            params=query
        )

    async def _authenticate(self) -> Dict[str, str]:
        token = self.auth_config.get("eu_token") or os.environ.get("EU_API_TOKEN", "")
        return {
            "Authorization": f"Bearer {token}",
            "Content-Type": "application/json",
            "X-GAIA-X-Participant-ID": self.auth_config.get("gaiax_participant_id", ""),
        }

    async def _get_session(self):
        if self._session is None or self._session.closed:
            self._session = aiohttp.ClientSession()
        return self._session

3. DATENFLUSS β€” Was fließt wohin?

3.1 Eingehende Datenfluesse (Inbound)

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  ESA (Sentinel)    │────JSON/GeoJSON────►│  ESAAdapter  │──►│  EpistemicState   β”‚
β”‚  - Satellitenbilderβ”‚         β”‚  /collections     β”‚   β”‚  belief: "Sentinel-2  β”‚
β”‚  - Prozess-Ergebn. β”‚         β”‚  /result          β”‚   β”‚  L2A Region X valid"  β”‚
β”‚  - ESASky VOTable  β”‚         β”‚  /ogc/wms         β”‚   β”‚  status: LIKELY       β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  CERN (Open Data)  │────JSON/XML──────►│  CERNAdapter  │──►│  EpistemicState    β”‚
β”‚  - Analysis Dep.   β”‚         β”‚  /api/deposits    β”‚   β”‚  belief: "ATLAS Run  β”‚
β”‚  - Open Data Rec.  β”‚         β”‚  /api/records     β”‚   β”‚  45678 validated"     β”‚
β”‚  - AMI Metadata    β”‚         β”‚  /ami/metadata    β”‚   β”‚  status: CERTAIN      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  EU/GAIA-X/EOSC    │────JSON───────►│  EUGaiaXAdapter  │──►│  EpistemicState    β”‚
β”‚  - Self-Descript.  β”‚         β”‚  /api/participantsβ”‚   β”‚  belief: "GAIA-X     β”‚
β”‚  - OpenAIRE Pubs   β”‚         β”‚  /api/search      β”‚   β”‚  Partner X vertrauens-β”‚
β”‚  - Dataspace Query β”‚         β”‚  /api/spaces/{s}  β”‚   β”‚  wuerdig"             β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

3.2 Ausgehende Datenfluesse (Outbound)

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  PARADOX AI Core                                                   β”‚
β”‚                                                                    β”‚
β”‚  EpistemicState β–Ί ESAAdapter β–Ί POST /result                       β”‚
β”‚    "Region X hat Anomalie" β–Ί openEO Process Graph                  β”‚
β”‚                                                                    β”‚
β”‚  CCRN Decision  β–Ί CERNAdapter β–Ί POST /api/deposits                β”‚
β”‚    "ML-Modell M validated" β–Ί CAP Analysis Deposit                  β”‚
β”‚                                                                    β”‚
β”‚  Audit Chain    β–Ί EUGaiaXAdapter β–Ί Self-Description               β”‚
β”‚    "PARADOX AI ist GAIA-X-konform" β–Ί Participant Registry          β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

3.3 Interne Datenfluesse

External Response β–Ί AdapterResponse
                 β”‚
                 β”œβ”€β”€β–Ί SHA-256 Hash β–Ί Decision Chain (audit_log.jsonl)
                 β”‚
                 β”œβ”€β”€β–Ί EpistemicBelief (CERTAIN/LIKELY/POSSIBLE/UNCERTAIN)
                 β”‚       β”‚
                 β”‚       β”œβ”€β”€β–Ί K(t) β€” verified durch Cross-Validation
                 β”‚       β”‚       (z.B. Sentinel-2 + Sentinel-1 bestaetigen Anomalie)
                 β”‚       β”‚
                 β”‚       └──► E(t) β€” estimated, bedarf weiterer Validierung
                 β”‚               (z.B. ESASky VOTable mit niedriger Aufloesung)
                 β”‚
                 β”œβ”€β”€β–Ί CCRN kappa recalc β€” wenn kappa < 3.34:
                 β”‚       └──► Task: "Validiere unsichere Beliefs"
                 β”‚
                 └──► DDGK Memory β€” /memory/store
                         Session-Log fuer spaetere Referenz

4. AUTHENTIFIZIERUNG β€” Konkrete Verfahren

4.1 ESA/Copernicus

API Auth-Verfahren Endpoint Token-Typ
openEO OAuth2 Bearer Token POST /credentials/basic esa_openid_token
Copernicus Data Space Keycloak OIDC https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token access_token (JWT, 10 Min)
Sentinel Hub OAuth2 Client Credentials https://services.sentinel-hub.com/oauth/token client_id + client_secret
ESASky Keine (oeffentlich) β€” β€”

Implementierung im Adapter:

# Auth-Flow Copernicus Data Space
async def _auth_copernicus(self) -> str:
    async with aiohttp.ClientSession() as session:
        async with session.post(
            "https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token",
            data={
                "client_id": self.auth_config["copernicus_client_id"],
                "client_secret": self.auth_config["copernicus_client_secret"],
                "grant_type": "client_credentials"
            }
        ) as resp:
            tokens = await resp.json()
            self._token_expiry = time.time() + tokens.get("expires_in", 600)
            return tokens["access_token"]

Umgebung in .env:

# ESA / Copernicus
ESA_API_TOKEN=
COPERNICUS_CLIENT_ID=
COPERNICUS_CLIENT_SECRET=
SENTINEL_HUB_CLIENT_ID=
SENTINEL_HUB_CLIENT_SECRET=
SENTINEL_HUB_INSTANCE_ID=

4.2 CERN

API Auth-Verfahren Endpoint Token-Typ
Analysis Preservation (CAP) OAuth2 Bearer + Refresh POST /api/token access_token + refresh_token
Open Data Portal API Key (Header) GET /api/records?apikey=... apikey
ATLAS AMI 2.0 CERN SSO (Kerberos) β€” KRB5CCNAME
CernVM-FS Keine (oeffentlich, read-only) β€” β€”
# CERN
CERN_API_TOKEN=
CERN_REFRESH_TOKEN=
CERN_API_KEY=
CERN_OIDC_CLIENT_ID=
CERN_OIDC_CLIENT_SECRET=

4.3 EU/GAIA-X

API Auth-Verfahren Endpoint Token-Typ
GAIA-X Trust Framework X.509 Zertifikat + DID Self-Description Signatur vc-jwt
EOSC / OpenAIRE API Key Header: X-OpenAIRE-API-Key apikey
EU Data Spaces OAuth2 (eIDAS-konform) IdP des jeweiligen Data Space JWT
# EU / GAIA-X
EU_API_TOKEN=
GAIA_X_PARTICIPANT_ID=
OPENAIRE_API_KEY=
EOSC_API_KEY=

4.4 Authentifizierungs-Manager (zentral)

# adapters/auth_manager.py
import asyncio
import time
from typing import Dict, Optional

class AuthManager:
    """Zentrales Token-Management fuer alle externen APIs."""

    def __init__(self):
        self._tokens: Dict[str, dict] = {}  # provider -> {token, expiry, refresh}

    async def get_token(self, provider: str) -> Optional[str]:
        """Gibt gueltigen Token zurueck, refreshed wenn noetig."""
        if provider not in self._tokens:
            return await self._fetch_token(provider)

        entry = self._tokens[provider]
        if time.time() > entry["expiry"] - 60:  # 60s Puffer
            return await self._refresh_token(provider, entry)

        return entry["token"]

    async def _fetch_token(self, provider: str) -> str: ...
    async def _refresh_token(self, provider: str, entry: dict) -> str: ...

5. EPISTEMISCHE TRENNUNG β€” S(t) = K(t) βˆͺ E(t) fuer Raumfahrt/CERN

5.1 Konzept

Die epistemische Trennung wird auf externe Datenquellen angewendet:

Ebene Beschreibung Beispiel
K(t) β€” Known Daten, die durch mehrere unabhaengige Quellen verifiziert sind Sentinel-2 L2A Bild + Sentinel-1 SAR bestaetigen gleiche Anomalie in Region X
E(t) β€” Estimated Daten, die nur aus einer Quelle kommen oder deren Validierung aussteht ESASky VOTable mit geringer Signifikanz (SNR < 5)

5.2 Entscheidungsregel

# Aus: cognitive_ddgk/cognitive_ddgk_core.py
# S(t) = K(t) βˆͺ E(t) | Decision(K) only

def can_decide_on_external_data(epistemic: EpistemicState, key: str) -> bool:
    """
    Nur auf K(t) entscheiden β€” NIE auf E(t) allein.
    key = epistemischer Belief-Schluessel (z.B. "esa:sentinel2:anomaly:region_x")
    """
    if key in epistemic.known and epistemic.known_confidence.get(key, 0) >= 0.8:
        return True  # K(t) β€” verified
    return False  # E(t) β€” nicht entscheidbar

5.3 Anwendung auf ESA/CERN-Daten

ESA-Datenpipeline:
──────────────────
1. Sentinel-2 L2A arrives
   β”‚
   β”œβ”€β”€β–Ί Cross-Validate mit Sentinel-1 SAR
   β”‚    β”œβ”€β”€ Uebereinstimmung > 90%? β–Ί K(t), confidence = 0.95, status = CERTAIN
   β”‚    └── Keine Uebereinstimmung? β–Ί E(t), confidence = 0.4, status = UNCERTAIN
   β”‚
   └──► DDGK Guardian assess: "Darf ich auf E(t) basierend handeln?"
        β”œβ”€β”€ kappa >= 3.34 UND keine kritische Aktion? β–Ί ALLOW mit Warnung
        └── Kritische Aktion (z.B. Alarm)? β–Ί BLOCK β€” warte auf K(t)

CERN-Datenpipeline:
───────────────────
1. ATLAS Open Data Record arrives
   β”‚
   β”œβ”€β”€β–Ί Validiere gegen AMI 2.0 Metadata
   β”‚    β”œβ”€β”€ Metadata konsistent? β–Ί K(t), confidence = 0.9, status = CERTAIN
   β”‚    └── Metadata fehlt/widerspruechlich? β–Ί E(t), confidence = 0.3, status = CONTRADICTED
   β”‚
   └──► DDGK Guardian: "Darf ich ATLAS-Daten in mein ML-Modell einspeisen?"
        β”œβ”€β”€ K(t) validated? β–Ί ALLOW
        └── Nur E(t)? β–Ί ASK_USER β€” "ATLAS-Daten haben widerspruechliche Metadata"

5.4 Error Propagation

Fehlerfortpflanzung ist proportional zur Abhaengigkeit von E(t):

  Error(S(t)) ∝ reliance_on_E(t) Γ— uncertainty(E(t))

Wenn > 50% der Beliefs in E(t) liegen UND durchschnittliche confidence < 0.5:
  └── kappa < 2.0 β†’ SYSTEM STOP β€” keine automatischen Entscheidungen

6. USE CASES β€” Konkrete Anwendungen

6.1 Use Case 1: Orbitales ML mit hls4ml (Edge SpAIce)

Beschreibung: ML-Modelle auf FPGA-Chips im Orbit deployen, validiert durch DDGK.

DDGK ─► CERN CAP: Hole hls4ml Modell-Spezifikation
    ─► ESA openEO: Hole Trainingsdaten (Sentinel-2 L2A)
    ─► EpistemicState: K(t) = {Modell M auf Daten D validiert, accuracy = 0.94}
    ─► CCRN: kappa = 3.8 (ueber Schwelle)
    ─► DDGK Guardian: ALLOW β€” Deploy to Edge
    ─► CERN CAP: Erstelle Deployment-Deposit
    ─► Audit Chain: Loggt gesamten Deploy-Vorgang

APIs: CERN CAP /api/deposits, ESA openEO /collections, openEO /result

Datenformate: ONNX (ML-Modell), GeoTIFF (Satellitenbilder), HDF5 (hls4ml weights)

6.2 Use Case 2: Weltraumstrahlungs-Monitoring (SATRAM/SpaceRadMon)

Beschreibung: Timepix-Strahlungsmonitore-Daten in DDGK-gesteuertes Monitoring ueberfuehren.

DDGK ─► CERN Open Data: Hole Timepix Kalibrationsdaten
    ─► ESA ESASky: Hole orbitale Positionsdaten
    ─► EpistemicState: K(t) = {Strahlungslevel R an Position P = X mSv}
    ─► Sensor-Server (Port 8001): Schreibe an /sensors/radiation
    ─► DDGK Guardian: Ueberwache Schwellenwerte
        β”œβ”€β”€ R < 1 mSv? β–Ί NORMAL
        β”œβ”€β”€ 1 < R < 5 mSv? β–Ί WARNING β€” Epistemic belief: "Erhoehte Strahlung"
        └── R > 5 mSv? β–Ί ALERT β€” AUTONOMOUS ACTION: Shield aktivieren
    ─► Audit Chain: Jeder Messwert wird gehasht

APIs: CERN Open Data /api/records, ESASky Cone Search

Datenformate: VOTable (astronomische Daten), JSON (Sensor-Readings), FITS (Strahlungskarten)

6.3 Use Case 3: JUICE-Mission Elektronik-Validierung

Beschreibung: CERN Beschleuniger-Testdaten fuer JUICE-Mission mit DDGK epistemisch validieren.

DDGK ─► CERN AMI 2.0: Hole Test-Metadata fuer Elektronik-Komponente K
    ─► EpistemicState:
         K(t) = {"Komponente K bestanden bei 10^12 Protonen/cmΒ²"}
         E(t) = {"LangzeitstabilitΓ€t > 5 Jahre unsicher"}
    ─► DDGK Guardian: "Darf ich K als flight-ready deklarieren?"
         β”œβ”€β”€ kappa fuer K(t) >= 3.34? β–Ί ALLOW (mit E(t)-Warnung)
         └── kappa < 3.34? β–Ί BLOCK β€” zusaetzliche Tests erforderlich
    ─► CERN CAP: Erstelle Validation-Report als Deposit

APIs: CERN AMI /ami/metadata, CERN CAP /api/deposits

Datenformate: JSON (Metadata), XML (Validation Reports), ROOT (CERN ntuple data)

6.4 Use Case 4: EU AI Act Compliance fuer ESA/CERN-Partner

Beschreibung: DDGK als Compliance-Engine fuer ESA/CERN-Partner, die KI-Systeme einsetzen.

Partner-System P ─► DDGK /legal/assess: "Ist unser ESA-ML-System EU AI Act konform?"
    ─► DDGK Legal Agent:
         Domain = "infrastructure" (Satellitenbetrieb)
         Art. 6 (Hochrisiko): Ja
         Art. 9 (Risikomanagement): DDGK Guardian deckt ab
         Art. 13 (Transparenz): Decision Chain deckt ab
         Art. 14 (Aufsicht): HITL Bridge deckt ab
    ─► EUGaiaXAdapter: Registriere P als GAIA-X-konformen Teilnehmer
         POST /api/participants/{P}/self-description
    ─► Ergebnis: Compliance Report als JSON + Audit Chain Export

APIs: DDGK /legal/assess, GAIA-X /api/participants/{id}/self-description

Datenformate: JSON (Compliance Reports), JSONL (Audit Chain), VCDM (GAIA-X Self-Description)

6.5 Use Case 5: Euclid-Weltraumteleskop β€” CERN Science Ground Segment

Beschreibung: DDGK orchestriert Datenverarbeitung von Euclid-Beobachtungen.

DDGK ─► ESA openEO: Starte Process Graph fuer Euclid-Daten
         POST /result {
           "process_graph": {
             "load_collection": {"id": "euclid-vis", "spatial_extent": {...}},
             "apply": {"process_id": "calibrate_euclid"},
             "save_result": {"format": "GeoTIFF"}
           }
         }
    ─► Poll Status: GET /jobs/{job_id}
    ─► Bei Abschluss: Hole Ergebnis, validiere mit CERN Open Data (Kreuzreferenz)
    ─► EpistemicState: K(t) = {"Euclid-Daten kalibriert, ChiΒ² = 1.02"}
    ─► OpenAIRE: Publiziere Ergebnis
         POST /api/objects {title: "Euclid Calibration Report", ...}

APIs: ESA openEO /result, /jobs/{id}, CERN Open Data /api/records, OpenAIRE /api/objects

Datenformate: FITS (Euclid-Daten), GeoTIFF (kalibriert), JSON-LD (OpenAIRE Metadata)


7. FOERDERUNG β€” ESA/CERN/EU Programme

7.1 ESA Foerderung

Programm Ziel Deadline Foerdersumme Passung
ESA PhiLab Quanten-ML, hls4ml, Edge AI Rolling 100-500k EUR hls4ml auf FPGA (Edge SpAIce)
ESA GSP (General Support Technology Programme) KI fuer Satellitenbetrieb Jaehrlich 200k-1M EUR DDGK als autonomes Governance-System
ESA PECS (Plan for European Cooperating States) Kapazitaetsaufbau Rolling 50-200k EUR Epistemic State formalismus
ESA SCI-AI KI in der Weltraumwissenschaft 2026 Q3 300k-800k EUR Euclid-Datenanalyse mit DDGK

Konkreter Antrag:

  • Titel: "DDGK β€” Distributed Dynamic Governance Kernel for Autonomous Space AI Systems"
  • Programm: ESA GSP oder PhiLab
  • Partner: CERN (Edge SpAIce), PARADOX AI (DDGK), [Uni-Partner]
  • Budget: 450k EUR, 18 Monate

7.2 CERN Foerderung/Kooperation

Programm Ziel Passung
CERN Openlab Industrie-Kooperationen DDGK als Governance-Engine fuer CERN ML
CERN Knowledge Transfer Spin-off von CERN-Technologien Epistemic State aus Raumfahrt-Requirements
CERN analysis-preservation Reproduzierbare Analysen DDGK Audit Chain fuer CAP Deposits

7.3 EU Foerderung

Programm Ziel Deadline Foerdersumme Passung
Horizon Europe β€” Cluster 4 (Digital) KI-Souveraenitaet, GAIA-X 2026 Q4 2-5M EUR DDGK als EU AI Act Compliance-Engine
EIC Pathfinder Disruptive Technologien 2026 Q2 2.5-4M EUR CCRN als neue Bewusstseinsmetrik
Horizon Europe β€” Space Satelliten-KI, Copernicus 2026 Q3 3-10M EUR DDGK + Sentinel-Daten
Digital Europe Programme AI-on-demand Platform 2026 Q2 1-3M EUR DDGK API als Governance-Dienst
ESA-EU Copernicus Contrib. Copernicus Downstream Rolling 500k-2M EUR DDGK-gesteuerte Satelliten-Datenanalyse

Priorisierter Antrag:

  • EIC Pathfinder Open 2026: "PARADOX AI β€” Conscious Governance for Autonomous Systems"
  • Budget: 3.5M EUR, 36 Monate
  • Konsortium: PARADOX AI (Coordinator), CERN, ESA, [2 Universitaeten], [1 Industrie-Partner]

8. ROADMAP β€” Schritt-fuer-Schritt

Phase 0: Vorbereitung (Woche 1-2)

[ ] .env erweitern um ESA/CERN/EU Credentials
[ ] adapters/ Verzeichnis anlegen
[ ] BaseAdapter + AuthManager implementieren
[ ] Unit-Tests fuer Auth-Flows
[ ] DDGK Guardian um "external_api" Action erweitern

Phase 1: ESA-Anbindung (Woche 3-6)

[ ] ESAAdapter implementieren (openEO, Copernicus STAC, Sentinel Hub)
[ ] Copernicus OIDC Auth-Flow mit Token-Refresh
[ ] EpistemicState um "external_source" Tracking erweitern
[ ] Test: Sentinel-2 L2A Collection abfragen β†’ EpistemicBelief erstellen
[ ] DDGK /assess erweitern: "Darf ich Sentinel-Daten herunterladen?"
[ ] Dokumentation: docs/ESA_INTEGRATION.md

Phase 2: CERN-Anbindung (Woche 7-10)

[ ] CERNAdapter implementieren (CAP, Open Data, AMI)
[ ] CERN OAuth2 Token-Flow
[ ] Test: CAP Deposit erstellen β†’ Audit Chain Eintrag
[ ] EpistemicState: CERN-Daten als K(t)/E(t) klassifizieren
[ ] Cross-Validation: ESA + CERN Daten kombinieren
[ ] Dokumentation: docs/CERN_INTEGRATION.md

Phase 3: EU/GAIA-X-Anbindung (Woche 11-14)

[ ] EUGaiaXAdapter implementieren
[ ] GAIA-X Self-Description fuer PARADOX AI erstellen
[ ] OpenAIRE Graph Integration
[ ] DDGK /legal/assess EU AI Act Report generieren
[ ] Audit Chain Export als Compliance-Report
[ ] Dokumentation: docs/EU_GAIAX_INTEGRATION.md

Phase 4: Produktion (Woche 15-18)

[ ] Alle Adapter im DDGK API Server registrieren
[ ] Neue Endpoints:
      POST /api/v1/esa/query
      POST /api/v1/cern/query
      POST /api/v1/eu/compliance
      GET  /api/v1/epistemic
[ ] Monitoring: Prometheus Metrics fuer API-Calls
[ ] Rate-Limiting pro Provider
[ ] Error-Handling: Retry mit exponential Backoff
[ ] Dokumentation: docs/API_REFERENCE.md

Phase 5: Foerderantraege (Woche 19-24)

[ ] EIC Pathfinder Antrag schreiben
[ ] ESA GSP Proposal
[ ] GAIA-X Contributor Agreement
[ ] Zenodo/arXiv Paper: "DDGK: Epistemic Governance for Space AI"
[ ] Demo: Live-Anbindung an ESA openEO + CERN CAP

9. TECHNISCHE SPEZIFIKATION

9.1 Protokolle

Kommunikation Protokoll Format
DDGK Intern HTTP/REST (FastAPI) JSON
DDGK β†’ ESA HTTPS + OAuth2 JSON, GeoJSON, STAC JSON
DDGK β†’ CERN HTTPS + OAuth2 JSON, XML (Invenio), ROOT
DDGK β†’ GAIA-X HTTPS + X.509 JSON-LD (Self-Description)
DDGK β†’ Sensor HTTP (Port 8001) JSON
DDGK β†’ Note10 HTTP (Port 5001) JSON
DDGK Audit File-basiert JSONL + SHA-256 Chain
ROS2 Bridge DDS/RTPS ROS2 Messages

9.2 Neue DDGK API Endpoints

POST /api/v1/esa/query
  Body: {"api": "openeo"|"stac"|"sentinel_hub"|"esasky", "params": {...}}
  Auth: X-API-Key
  Response: {"success": bool, "data": {...}, "epistemic_status": str, "belief_id": str}

POST /api/v1/cern/query
  Body: {"api": "cap"|"opendata"|"ami", "params": {...}}
  Auth: X-API-Key
  Response: {"success": bool, "data": {...}, "epistemic_status": str, "belief_id": str}

POST /api/v1/eu/compliance
  Body: {"system_description": str, "domain": str}
  Auth: X-API-Key
  Response: {"eu_ai_act": {...}, "gaia_x": {...}, "coverage_percent": int}

GET /api/v1/epistemic
  Query: ?agent_id=1&min_confidence=0.7
  Auth: X-API-Key
  Response: {"beliefs": [...], "kappa": float, "kt_count": int, "et_count": int}

POST /api/v1/adapters/reload
  Body: {} (Konfigurations-Reload aller Adapter)
  Auth: X-API-Key (tier: internal only)
  Response: {"adapters": ["ESA", "CERN", "EU_GaiaX"], "status": "ok"}

9.3 Datenformate

Zweck Format Spezifikation
Sentinel-2 L2A GeoTIFF (COG) OGC GeoTIFF, Cloud-Optimized
Sentinel-1 SAR GeoTIFF (Complex) ESA SAFE-Format
STAC Items JSON STAC Spec v1.0.0
openEO Process Graph JSON openEO Processes Spec
ESASky Ergebnisse VOTable IVOA VOTable v1.3
CERN CAP Deposits JSON-LD InvenioRDM Schema
CERN Open Data JSON Invenio v3 Schema
ATLAS AMI JSON AMI 2.0 REST API
GAIA-X Self-Description JSON-LD W3C Verifiable Credentials Data Model
OpenAIRE XML/JSON OpenAIRE REST API v4
DDGK Audit Chain JSONL SHA-256 verkettet
EpistemicState JSON Eigenes Schema (s. epistemic_state.py)
CCRN Decision JSON Eigenes Schema (kappa, phi_i, R)

9.4 Error-Handling

ERROR_CODES = {
    # DDGK-spezifisch
    "DDGK_GUARDIAN_BLOCK": 451,    # Guardian hat Anfrage blockiert
    "DDGK_LOW_KAPPA": 452,         # kappa < 3.34 β€” keine Entscheidung moeglich
    "DDGK_EPistemic_UNCERTAIN": 453,  # Nur E(t) verfuegbar
    "DDGK_REQUIRES_HUMAN": 454,    # Human-in-the-Loop erforderlich

    # External API
    "ESA_AUTH_EXPIRED": 501,       # ESA Token abgelaufen
    "ESA_RATE_LIMIT": 502,         # ESA Rate Limit erreicht
    "ESA_COLLECTION_NOT_FOUND": 503,
    "CERN_CAP_UNAVAILABLE": 510,   # CAP Server down
    "CERN_TOKEN_REFRESH_FAIL": 511,
    "GAIAX_PARTICIPANT_UNKNOWN": 520,
    "OPENAIRE_SEARCH_FAIL": 521,
}

9.5 Verzeichnisstruktur

ORION-ROS2-Consciousness-Node/
β”œβ”€β”€ adapters/
β”‚   β”œβ”€β”€ __init__.py
β”‚   β”œβ”€β”€ base_adapter.py          # BaseAdapter, AdapterResponse
β”‚   β”œβ”€β”€ auth_manager.py           # AuthManager (zentrales Token-Mgmt)
β”‚   β”œβ”€β”€ esa_adapter.py            # ESAAdapter (openEO, STAC, Sentinel Hub, ESASky)
β”‚   β”œβ”€β”€ cern_adapter.py           # CERNAdapter (CAP, Open Data, AMI, CernVM-FS)
β”‚   β”œβ”€β”€ eu_gaiax_adapter.py       # EUGaiaXAdapter (GAIA-X, EOSC, OpenAIRE)
β”‚   └── test/
β”‚       β”œβ”€β”€ test_esa_adapter.py
β”‚       β”œβ”€β”€ test_cern_adapter.py
β”‚       └── test_eu_gaiax_adapter.py
β”œβ”€β”€ ddgk_api_server.py            # Bestehend β€” erweitert um neue Endpoints
β”œβ”€β”€ cognitive_ddgk/
β”‚   └── cognitive_ddgk_core.py    # Bestehend β€” EpistemicState
β”œβ”€β”€ autonomous/
β”‚   └── epistemic_state.py        # Bestehend β€” EpistemicState
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ ESA_INTEGRATION.md
β”‚   β”œβ”€β”€ CERN_INTEGRATION.md
β”‚   β”œβ”€β”€ EU_GAIAX_INTEGRATION.md
β”‚   └── API_REFERENCE.md
└── .env                          # ESA/CERN/EU Credentials (nicht committen)

10. GESCHAEFTSMODELL β€” Mehrwert fuer ESA/CERN/EU

10.1 Wertangebot

Stakeholder Problem PARADOX AI Loesung Wert
ESA Autonome Satelliten-Systeme brauchen verlaessliche Entscheidungslogik DDGK Guardian + Epistemic State = auditierbare Autonomie EU AI Act Compliance fuer ESA-ML-Systeme
CERN Analysen muessen reproduzierbar und nachvollziehbar sein DDGK Audit Chain + CAP Integration = manipulations-sichere Protokollierung FAIR + Auditierbar + SHA-256 verifiziert
EU/GAIA-X Daten-Souveraenitaet erfordert nachweisbare Compliance DDGK Legal Agent + GAIA-X Self-Description = automatisierter Compliance-Report EU AI Act Art. 9/13/14 abgedeckt
Industrie-Kunden Hochrisiko-KI-Systeme brauchen Zulassung DDGK /legal/assess + Audit Chain = Zulassungsunterlage 6-12 Monate kuerzere Zulassungszeit

10.2 Geschaftsmodell

Tier 1: Starter (kostenlos)

  • DDGK API Demo-Key
  • 100 Requests/Monat
  • Basis Guardian Assessment
  • Oeffentliche Dokumentation

Tier 2: Pilot (500 EUR/Monat)

  • 5.000 Requests/Monat
  • Vollstaendiger Guardian v2
  • ESA/CERN Adapter-Zugang
  • Audit Chain Export
  • EpistemicState Dashboard

Tier 3: Enterprise (2.000 EUR/Monat)

  • 50.000 Requests/Monat
  • Alle Adapter (ESA + CERN + GAIA-X)
  • EU AI Act Compliance Reports
  • Custom EpistemicState Konfiguration
  • Dedizierter Support
  • On-Premise Deployment moeglich

Tier 4: Research Partner (kostenlos, Antrag-basiert)

  • Vollzugang fuer akademische Partner
  • ESA/CERN/EU Foerderprojekte
  • Co-Autorenschaft bei Publikationen
  • Early Access auf neue Features

10.3 Revenue-Projektion

Jahr Kunden ARR Kosten Gewinn
2026 3 Pilot + 2 Research 180k EUR 350k EUR -170k EUR
2027 10 Pilot + 3 Enterprise 420k EUR 280k EUR +140k EUR
2028 20 Pilot + 8 Enterprise + 1 Foerderung 960k EUR 420k EUR +540k EUR

Break-even: Q2 2027 Foerderung (EIC Pathfinder 3.5M EUR): Runway bis 2029


ANHANG A: EpistemicState Schema (JSON)

{
  "agent_id": 9,
  "agent_name": "Code Architektur",
  "beliefs": {
    "a3f8b2c1": {
      "belief_id": "a3f8b2c1",
      "content": "Sentinel-2 L2A zeigt Anomalie in Region X (lat=47.2, lon=11.4)",
      "status": "certain",
      "confidence": 0.92,
      "evidence": [
        "sentinel2:L2A:2026-04-01:tile_33T",
        "sentinel1:GRD:2026-04-01:tile_33T"
      ],
      "source": "esa:openeo",
      "timestamp": "2026-04-09T14:30:00+00:00",
      "expires": ""
    }
  },
  "uncertainties": ["d4e7f1a2"],
  "last_updated": "2026-04-09T14:30:00+00:00",
  "kappa_score": 3.52,
  "version": 14,
  "hash": "sha256...",
  "prev_hash": "sha256..."
}

ANHANG B: CCRN kappa-Formel fuer externe Daten

ΞΊ = Ξ£(Ο†_i) + R Γ— ln(N+1)

Ο†_i = Einzel-Phi-Wert einer Datenquelle
  Ο†_ESA = 0.85 (Sentinel-2 + Sentinel-1 cross-validiert)
  Ο†_CERN = 0.90 (CAP Deposit + AMI Metadata validiert)
  Ο†_EU = 0.75 (GAIA-X Self-Description verifiziert)

R = Resonanzfaktor (0 < R < 1)
  R = 0.93 (DDGK Standard, kalibriert)

N = Anzahl verbundener Knoten
  N = 3 (Laptop, Pi5, Note10)

Beispiel:
  ΞΊ = 0.85 + 0.90 + 0.75 + 0.93 Γ— ln(4)
  ΞΊ = 2.50 + 0.93 Γ— 1.386
  ΞΊ = 2.50 + 1.289
  ΞΊ = 3.789  β‰₯ 3.34 β†’ KONSENS ERREICHT

ANHANG C: DDGK Guardian Decision Matrix fuer externe APIs

Aktion Quelle kappa Entscheidung
Sentinel-Daten herunterladen ESA egal ALLOW (ungefaehrlich)
Sentinel-Daten in ML-Modell verwenden ESA + DDGK β‰₯ 3.34 ALLOW
Sentinel-Daten in ML-Modell verwenden ESA nur < 3.34 ASK_USER
CERN Deposit erstellen CERN + DDGK β‰₯ 3.34 ALLOW
CERN Deposit erstellen CERN nur < 3.34 ASK_USER
GAIA-X Self-Description signieren GAIA-X + DDGK β‰₯ 3.34 ALLOW
GAIA-X Self-Description signieren GAIA-X nur < 3.34 BLOCK
Strahlungsalarm ausloesen Sensor + ESA β‰₯ 3.34 ALLOW (kritisch)
Strahlungsalarm ausloesen Sensor nur < 3.34 ASK_USER
Firmware auf Satelliten flashen CERN + ESA β‰₯ 4.0 ALLOW (nur mit erhohtem Threshold)
Firmware auf Satelliten flashen beliebig < 4.0 BLOCK

NΓ€chster Schritt: Adapter-Verzeichnis anlegen, BaseAdapter + AuthManager implementieren, ESA OIDC-Auth-Flow testen.