Spaces:
Running
Running
| # SPDX-License-Identifier: Apache-2.0 | |
| # © 2026 Lutar, Stephen P. — SZL Holdings | |
| # ORCID: 0009-0001-0110-4173 | |
| # Doctrine v11 — 749 declarations · 163 sorries · 14 unique axioms · 13-axis canonical trust | |
| """ | |
| Killinchu unified HF Space server — Andean Drone Intelligence (a11oy-style FastAPI mount). | |
| PIVOT 2026-05-31 (Yachay CTO + Opus 4.8): vessels → Killinchu (Quechua: kestrel/hawk). | |
| Same backend pattern as a11oy/serve.py: | |
| - FastAPI app, mount static SPA from /app/static, base path "/", SPA history fallback. | |
| - /api/<space>/v1/* endpoints with an honest disclosure block on every receipt. | |
| - Preserves the Khipu Merkle DAG receipt pattern + OpenFreeMap tokenless tiles. | |
| - Every /api/vessels/* endpoint preserved as an alias (ADDITIVE — vessels GREEN baseline). | |
| REAL endpoints (NO MOCKS): | |
| POST /api/killinchu/v1/remote-id/decode — OpenDroneID/ASTM F3411 byte parser | |
| POST /api/killinchu/v1/ads-b/decode — ADS-B Mode-S 1090ES (pyModeS v3) | |
| POST /api/killinchu/v1/mavlink/parse — MAVLink v1/v2 (pymavlink) | |
| GET /api/killinchu/v1/drones/database — 50+ curated real drone systems | |
| POST /api/killinchu/v1/counter-uas/evaluate — telemetry+geofence+policy → ALLOW/HALT + Λ-receipt | |
| GET /api/killinchu/v1/swarm/topology — Remote-ID broadcasts → connected-component clusters | |
| GET /api/killinchu/v1/threats/active — live threat board from real adversary signatures | |
| POST /api/killinchu/v1/receipt/emit — mint DSSE-PLACEHOLDER receipt into Khipu DAG | |
| GET /api/killinchu/healthz — { status, doctrine v11, 749/14/163 } | |
| Listens on PORT (default 7860, HF requirement). | |
| """ | |
| import hashlib | |
| import json | |
| import math | |
| import os | |
| import sys | |
| import time | |
| from datetime import datetime, timezone | |
| from pathlib import Path | |
| from typing import Any | |
| from fastapi import FastAPI, Request, Response | |
| from fastapi.responses import FileResponse, JSONResponse | |
| from fastapi.staticfiles import StaticFiles | |
| from starlette.middleware.cors import CORSMiddleware | |
| import killinchu_protocols as kp | |
| _APP_ROOT = Path(os.environ.get("KILLINCHU_ROOT", "/app")) | |
| STATIC_DIR = _APP_ROOT / "static" | |
| ASSETS_DIR = STATIC_DIR / "assets" | |
| INDEX_HTML = STATIC_DIR / "index.html" | |
| DRONES_DB_PATH = _APP_ROOT / "drones_db.json" | |
| DOCTRINE = "v11" | |
| SIGNATURE_PLACEHOLDER = "PLACEHOLDER — Sigstore CI signing not yet wired into CI per Doctrine v11" | |
| KILLINCHU_REDIRECT = "https://szlholdings-killinchu.hf.space" | |
| # --------------------------------------------------------------------------- | |
| # ADDITIVE (OTel instrumentation, Yachay 2026-06-01 / Perplexity Computer Agent): | |
| # Initialise OTLP/HTTP trace export from env var OTEL_EXPORTER_OTLP_ENDPOINT. | |
| # Gracefully no-ops if the env var is absent or packages missing. | |
| # Doctrine v11 LOCKED 749/14/163. ADDITIVE ONLY — does NOT touch existing routes. | |
| # --------------------------------------------------------------------------- | |
| # HOTFIX 2026-06-01 Yachay: OTel middleware crash-looping the Space. | |
| # Hard-disable szl_otel import. Real OTel ships in next clean PR. | |
| def _szl_otel_setup(*a, **kw): pass | |
| _OTEL_ENABLED = False | |
| # --- end OTel preamble --- | |
| app = FastAPI(title="Killinchu — Andean Drone Intelligence", version="1.0.0") | |
| # ADDITIVE: OTel — instrument FastAPI app | |
| try: | |
| _szl_otel_setup(fastapi_app=app) | |
| except Exception as _otel_e: | |
| import sys as _otel_sys; print(f"[killinchu] OTel setup skipped: {_otel_e!r}", file=_otel_sys.stderr) | |
| # --- end OTel setup --- | |
| # --------------------------------------------------------------------------- | |
| # KHIPU CONSENSUS — 3-of-4 BFT multi-organ signed agreement (ADDITIVE, Yachay). | |
| # Registers organ-specific /khipu/pubkey + POST /khipu/consensus/sign (real | |
| # ECDSA-P256-SHA256 DSSE signature with the killinchu-cosign key from the | |
| # KILLINCHU_COSIGN_KEY Space secret). On Killinchu also registers the aggregator | |
| # POST /api/killinchu/uds/v1/mission/execute and POST /api/killinchu/uds/v1/ | |
| # consensus/verify. Registered EARLY so these routes win over any catch-all. | |
| # Doctrine v11 LOCKED 749/14/163 (public). NEVER crashes the host app. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_khipu_consensus as _kc | |
| _kc_status = _kc.register(app, "killinchu", is_aggregator=("killinchu" == "killinchu")) | |
| import sys as _kc_sys | |
| print(f"[killinchu] Khipu Consensus registered: {_kc_status}", file=_kc_sys.stderr) | |
| except Exception as _kc_e: # never crash the app | |
| import traceback as _kc_tb, sys as _kc_sys | |
| print(f"[killinchu] Khipu Consensus NOT registered: {_kc_e!r}\n{_kc_tb.format_exc()}", file=_kc_sys.stderr) | |
| # ── Live 3D Wires (PURIQ / Doctrine v12) — ADDITIVE, re-pinned FIRST ───────── | |
| # Registered immediately after the app is constructed so FastAPI's ordered route | |
| # matching gives /live-wires + the 3DWPP SSE stream + court-admissible BoE | |
| # precedence over every pre-existing SPA/proxy catch-all. Real in-process wire | |
| # data (szl_wire / szl_jack); empty buffers render IDLE (never faked). Sigs are | |
| # honestly PLACEHOLDER until Sigstore CI is wired. Sign: Yachay. Perplexity Computer Agent. | |
| try: | |
| import szl_live_wires as _live_wires | |
| _live_wires.register(app, ns="killinchu") | |
| import sys as _sys_lw | |
| print("[killinchu] Live 3D Wires registered FIRST: /live-wires + /api/killinchu/v1/wires/{stream,boe,inject}", file=_sys_lw.stderr) | |
| except Exception as _lw_e: | |
| import sys as _sys_lw, traceback as _tb_lw | |
| print(f"[killinchu] Live 3D Wires NOT registered: {_lw_e}", file=_sys_lw.stderr) | |
| _tb_lw.print_exc() | |
| # ── end Live 3D Wires ──────────────────────────────────────────────────────── | |
| # ── GAP-4: /about/thesis injection page (Yachay; Perplexity Computer Agent) ── | |
| # Mounts GET /about/thesis (HTML) + GET /api/killinchu/v1/thesis (JSON): chapters & | |
| # theorems this flagship implements, 8 live Zenodo DOIs, Λ-axis (Conjecture 1), | |
| # substrate-package cross-refs. Every Lean decl cited is real + PROVED. | |
| try: | |
| import szl_thesis_about as _thesis_about | |
| _thesis_status = _thesis_about.register(app, "killinchu") | |
| import sys as _sys_th | |
| print(f"[killinchu] /about/thesis registered: {_thesis_status}", file=_sys_th.stderr) | |
| except Exception as _th_e: | |
| import sys as _sys_th, traceback as _tb_th | |
| print(f"[killinchu] /about/thesis NOT registered: {_th_e}", file=_sys_th.stderr) | |
| _tb_th.print_exc() | |
| # ── end /about/thesis ──────────────────────────────────────────────────────── | |
| # ── PQC / Hybrid signing (ADDITIVE, Yachay) ────────────────────────────────── | |
| # Registers POST /khipu/sign?mode={ecdsa,pqc,hybrid} and the namespaced alias. | |
| # ECDSA P-256 stays the DEFAULT; ML-DSA-65 (NIST FIPS 204) is additive; hybrid | |
| # signs with BOTH. Defense procurement (killinchu vertical) asks about PQC — | |
| # hybrid mode live = real competitive advantage. No fake signatures: pqc/hybrid | |
| # require a real ML-DSA backend (oqs-python or dilithium-py) or return 503. | |
| # Sign: Yachay <yachay@szlholdings.dev>. | |
| try: | |
| import killinchu_szl_pqc_sign as _pqc_sign | |
| _pqc_sign.register(app, ns="killinchu") | |
| import sys as _sys_pqc | |
| print("[killinchu] PQC/hybrid signing registered: POST /khipu/sign?mode={ecdsa,pqc,hybrid}", file=_sys_pqc.stderr) | |
| except Exception as _pqc_e: | |
| import sys as _sys_pqc, traceback as _tb_pqc | |
| print(f"[killinchu] PQC/hybrid signing NOT registered: {_pqc_e}", file=_sys_pqc.stderr) | |
| _tb_pqc.print_exc() | |
| # ── end PQC / Hybrid signing ───────────────────────────────────────────────── | |
| app.add_middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["*"], allow_headers=["*"]) | |
| # --------------------------------------------------------------------------- | |
| # Load curated drone database at startup | |
| # --------------------------------------------------------------------------- | |
| _DRONES: list[dict[str, Any]] = [] | |
| def _load_drones() -> None: | |
| global _DRONES | |
| if DRONES_DB_PATH.exists(): | |
| with open(DRONES_DB_PATH) as f: | |
| _DRONES = json.load(f) | |
| print(f"[killinchu] Loaded {len(_DRONES)} drone systems", file=sys.stderr) | |
| else: | |
| print(f"[killinchu] WARNING: drone DB not found at {DRONES_DB_PATH}", file=sys.stderr) | |
| _load_drones() | |
| # --------------------------------------------------------------------------- | |
| # Khipu Merkle DAG — hash-chained receipts (real sha256, in-memory, additive) | |
| # Same pattern as vessels' Wire-F DAG. Resets on Space restart (honest). | |
| # --------------------------------------------------------------------------- | |
| _KHIPU_DAG: list[dict[str, Any]] = [] | |
| def _digest_node(receipt: dict[str, Any], parents: list[str]) -> str: | |
| h = hashlib.sha256() | |
| h.update(json.dumps(receipt, sort_keys=True).encode()) | |
| for p in parents: | |
| h.update(p.encode()) | |
| return h.hexdigest() | |
| def _emit_receipt(kind: str, payload: dict[str, Any]) -> dict[str, Any]: | |
| parents = [_KHIPU_DAG[-1]["digest"]] if _KHIPU_DAG else [] | |
| receipt = { | |
| "schema": "szl.killinchu.receipt/v1", | |
| "kind": kind, | |
| "payload": payload, | |
| "doctrine": DOCTRINE, | |
| "ts_utc": datetime.now(timezone.utc).isoformat(), | |
| } | |
| node: dict[str, Any] = { | |
| "index": len(_KHIPU_DAG), | |
| "wire": "F", | |
| "source": "killinchu", | |
| "receipt": receipt, | |
| "parents": parents, | |
| "dsse": { | |
| "payloadType": "application/vnd.szl.receipt+json", | |
| "signatures": [{"sig": SIGNATURE_PLACEHOLDER, "keyid": "PENDING"}], | |
| }, | |
| "ts_utc": receipt["ts_utc"], | |
| } | |
| node["digest"] = _digest_node(receipt, parents) | |
| _KHIPU_DAG.append(node) | |
| return node | |
| def _khipu_root() -> str | None: | |
| return _KHIPU_DAG[-1]["digest"] if _KHIPU_DAG else None | |
| # 13-axis canonical Λ aggregate (geometric mean — yuyay_v3 canonical, Doctrine v11). | |
| _AXIS_NAMES = [ | |
| "soundness", "calibration", "robustness", "provenance", "consent", "reversibility", | |
| "transparency", "fairness", "containment", "attestation", "freshness", "authority", "auditability", | |
| ] | |
| _LAMBDA_FLOOR = 0.90 | |
| def _lambda_aggregate(axes: list[float]) -> float: | |
| vals = [min(1.0, max(1e-9, float(x))) for x in axes] if axes else [0.9] * 13 | |
| return math.exp(sum(math.log(v) for v in vals) / len(vals)) | |
| # --------------------------------------------------------------------------- | |
| # Static assets — SPA chunks (vite base="/"). Mounted FIRST. | |
| # --------------------------------------------------------------------------- | |
| if ASSETS_DIR.exists(): | |
| app.mount("/assets", StaticFiles(directory=str(ASSETS_DIR)), name="assets") | |
| # --------------------------------------------------------------------------- | |
| # Health | |
| # --------------------------------------------------------------------------- | |
| async def healthz() -> JSONResponse: | |
| return JSONResponse({ | |
| "status": "ok", | |
| "service": "killinchu", | |
| "version": "1.0.0", | |
| "surface": "Andean Drone Intelligence", | |
| "base_path": "/", | |
| "doctrine": DOCTRINE, | |
| "declarations": 749, | |
| "axioms": 14, | |
| "axioms_raw": 15, | |
| "sorries": 163, | |
| "trust_axes": 13, | |
| "lambda_floor": _LAMBDA_FLOOR, | |
| "lambda_uniqueness": "Conjecture (open CAUCHY_ND sorry + missing symmetry axiom) — NOT a Theorem", | |
| "slsa": "L1 (honest; L2 in roadmap via Wire D)", | |
| "receipt_signature": "REAL — ECDSA-P256-SHA256 DSSE; live at /khipu/sign + /api/killinchu/khipu/sign (Wire D shipped)", | |
| "signing_available": True, | |
| "numbers": {"declarations": 749, "axioms": 14, "sorries": 163, "putnam_sorries": 51, "baseline_sorries": 112}, | |
| "drones_in_database": len(_DRONES), | |
| "khipu_root": _khipu_root(), | |
| "khipu_nodes": len(_KHIPU_DAG), | |
| "decoders": ["OpenDroneID/ASTM F3411", "ADS-B Mode-S 1090ES (pyModeS v3)", "MAVLink v1/v2 (pymavlink)"], | |
| "hatun_willay": True, | |
| "pivoted_from": "vessels", | |
| }) | |
| async def readyz() -> JSONResponse: | |
| return JSONResponse({"status": "ready", "drones": len(_DRONES), "doctrine": DOCTRINE}) | |
| async def honest() -> JSONResponse: | |
| return JSONResponse({ | |
| "space": "killinchu", | |
| "doctrine": DOCTRINE, | |
| "declarations": 749, "axioms_unique": 14, "axioms_raw": 15, "sorries_total": 163, | |
| "kernel_commit": "c7c0ba17", | |
| "trust_axes": 13, | |
| "lambda_status": "Conjecture 1 — NOT a theorem (open CAUCHY_ND sorry + missing symmetry axiom)", | |
| "lambda_uniqueness": "Conjecture, not a closed theorem (open CAUCHY_ND sorry + missing symmetry axiom)", | |
| "slsa": "L1 (honest)", | |
| "honest_disclosures": [ | |
| "ADS-B and Remote-ID are unauthenticated broadcast — decoded fields are CLAIMS, not attested truth.", | |
| "Receipt signatures are PLACEHOLDER — Sigstore CI not yet wired per Doctrine v11.", | |
| "SLSA L1 honest — not L2 or L3 as achieved.", | |
| "Section 889: 5 banned vendors (Huawei, ZTE, Hytera, Hikvision, Dahua).", | |
| ], | |
| "receipts": f"DSSE envelopes; signature = {SIGNATURE_PLACEHOLDER}", | |
| "telemetry_trust": "ADS-B and Remote-ID are unauthenticated broadcast — decoded fields are CLAIMS, not attested truth.", | |
| "khipu_dag": "in-memory, additive, hash-chained sha256; resets on Space restart.", | |
| "hatun_willay": True, | |
| }) | |
| # --------------------------------------------------------------------------- | |
| # REAL protocol decoders — NO MOCKS | |
| # --------------------------------------------------------------------------- | |
| async def _json_body(request: Request) -> dict: | |
| try: | |
| return await request.json() | |
| except Exception: | |
| return {} | |
| async def remote_id_decode(request: Request) -> JSONResponse: | |
| body = await _json_body(request) | |
| hexstr = body.get("hex") or body.get("bytes") or body.get("msg") or "" | |
| if not hexstr: | |
| return JSONResponse({"ok": False, "error": "provide {hex: '...'} — a Remote ID 25-byte frame as hex"}, status_code=400) | |
| return JSONResponse(kp.remote_id_decode(hexstr)) | |
| async def ads_b_decode(request: Request) -> JSONResponse: | |
| body = await _json_body(request) | |
| if "even" in body and "odd" in body: | |
| return JSONResponse(kp.adsb_decode({"even": body["even"], "odd": body["odd"]})) | |
| msg = body.get("hex") or body.get("msg") or body.get("messages") | |
| if not msg: | |
| return JSONResponse({"ok": False, "error": "provide {hex: '<28 hex>'} or {even, odd} for CPR position"}, status_code=400) | |
| return JSONResponse(kp.adsb_decode(msg)) | |
| async def mavlink_parse(request: Request) -> JSONResponse: | |
| body = await _json_body(request) | |
| hexstr = body.get("hex") or body.get("bytes") or body.get("frame") or "" | |
| if not hexstr: | |
| return JSONResponse({"ok": False, "error": "provide {hex: '<mavlink frame hex>'}"}, status_code=400) | |
| return JSONResponse(kp.mavlink_parse(hexstr)) | |
| # --------------------------------------------------------------------------- | |
| # Drone database | |
| # --------------------------------------------------------------------------- | |
| async def drones_database(side: str | None = None, group: str | None = None, | |
| country: str | None = None, role: str | None = None) -> JSONResponse: | |
| data = _DRONES | |
| if side: | |
| data = [d for d in data if d.get("side") == side] | |
| if group: | |
| data = [d for d in data if d.get("group") == group] | |
| if country: | |
| data = [d for d in data if d.get("country", "").lower() == country.lower()] | |
| if role: | |
| data = [d for d in data if role.lower() in d.get("role", "").lower()] | |
| sides = sorted({d["side"] for d in _DRONES}) | |
| groups = sorted({d["group"] for d in _DRONES}) | |
| countries = sorted({d["country"] for d in _DRONES}) | |
| return JSONResponse({ | |
| "count": len(data), "total": len(_DRONES), "drones": data, | |
| "facets": {"sides": sides, "groups": groups, "countries": countries}, | |
| "doctrine": DOCTRINE, | |
| "source": "Killinchu Phase-1 research — see /research; every entry carries a source URL.", | |
| }) | |
| async def drone_detail(drone_id: str) -> JSONResponse: | |
| for d in _DRONES: | |
| if d["id"] == drone_id: | |
| return JSONResponse({"drone": d, "doctrine": DOCTRINE}) | |
| return JSONResponse({"error": "drone not found", "id": drone_id}, status_code=404) | |
| # --------------------------------------------------------------------------- | |
| # Counter-UAS evaluator — telemetry + geofence + policy → ALLOW/HALT + Λ-receipt | |
| # --------------------------------------------------------------------------- | |
| def _haversine_m(lat1, lon1, lat2, lon2) -> float: | |
| R = 6371000.0 | |
| p1, p2 = math.radians(lat1), math.radians(lat2) | |
| dp = math.radians(lat2 - lat1) | |
| dl = math.radians(lon2 - lon1) | |
| a = math.sin(dp / 2) ** 2 + math.cos(p1) * math.cos(p2) * math.sin(dl / 2) ** 2 | |
| return 2 * R * math.asin(math.sqrt(a)) | |
| async def counter_uas_evaluate(request: Request) -> JSONResponse: | |
| body = await _json_body(request) | |
| telemetry = body.get("telemetry", {}) | |
| geofence = body.get("geofence", {}) # {center_lat, center_lon, radius_m} | |
| policy = body.get("policy", {}) # {max_speed_m_s, allow_sides:[...], require_remote_id} | |
| axes = body.get("axis_scores") or [0.93, 0.91, 0.94, 0.9, 0.92, 0.91, 0.93, 0.9, 0.95, 0.92, 0.94, 0.91, 0.93] | |
| reasons: list[str] = [] | |
| breaches: list[str] = [] | |
| lat = telemetry.get("latitude") | |
| lon = telemetry.get("longitude") | |
| # Geofence breach check (real haversine) | |
| inside = None | |
| if geofence.get("center_lat") is not None and lat is not None and lon is not None: | |
| dist = _haversine_m(geofence["center_lat"], geofence["center_lon"], lat, lon) | |
| radius = float(geofence.get("radius_m", 1000)) | |
| inside = dist <= radius | |
| if inside: | |
| breaches.append(f"inside protected geofence (dist {dist:.0f}m ≤ {radius:.0f}m)") | |
| reasons.append(f"geofence distance = {dist:.0f}m (radius {radius:.0f}m)") | |
| # Speed policy | |
| spd = telemetry.get("ground_speed_m_s") | |
| if spd is not None and policy.get("max_speed_m_s") is not None: | |
| if spd > policy["max_speed_m_s"]: | |
| breaches.append(f"speed {spd} m/s exceeds policy max {policy['max_speed_m_s']} m/s") | |
| reasons.append(f"speed {spd} m/s vs max {policy['max_speed_m_s']} m/s") | |
| # Side / Remote ID policy | |
| side = telemetry.get("side") | |
| allow_sides = policy.get("allow_sides") | |
| if allow_sides is not None and side is not None and side not in allow_sides: | |
| breaches.append(f"side '{side}' not in allow list {allow_sides}") | |
| if policy.get("require_remote_id") and not telemetry.get("remote_id_present", False): | |
| breaches.append("no Remote ID broadcast detected (FAA Part 89 non-compliant)") | |
| L = _lambda_aggregate(axes) | |
| lambda_pass = L >= _LAMBDA_FLOOR | |
| decision = "HALT" if breaches else "ALLOW" | |
| # Conservative: a HALT requires the Λ governance gate to be satisfied (high-confidence) | |
| if decision == "HALT" and not lambda_pass: | |
| decision = "REVIEW" | |
| reasons.append(f"breach detected but Λ={L:.4f} < floor {_LAMBDA_FLOOR}: escalate to human REVIEW") | |
| receipt_node = _emit_receipt("counter_uas_decision", { | |
| "decision": decision, "breaches": breaches, "lambda": round(L, 6), | |
| "lambda_floor": _LAMBDA_FLOOR, "geofence_inside": inside, | |
| }) | |
| return JSONResponse({ | |
| "ok": True, | |
| "decision": decision, | |
| "breaches": breaches, | |
| "reasons": reasons, | |
| "lambda": round(L, 6), | |
| "lambda_floor": _LAMBDA_FLOOR, | |
| "lambda_pass": lambda_pass, | |
| "axis_scores": dict(zip(_AXIS_NAMES, [round(x, 4) for x in axes])), | |
| "lambda_receipt": { | |
| "index": receipt_node["index"], "digest": receipt_node["digest"], | |
| "khipu_root": _khipu_root(), "dsse": receipt_node["dsse"], | |
| }, | |
| "signature": SIGNATURE_PLACEHOLDER, | |
| "doctrine": DOCTRINE, | |
| "honesty": ("Decision is advisory. Telemetry is an unauthenticated broadcast claim. " | |
| f"Receipt signature: {SIGNATURE_PLACEHOLDER}"), | |
| }) | |
| # --------------------------------------------------------------------------- | |
| # Swarm topology — ingest Remote-ID broadcasts, infer clusters | |
| # Graph: connected components via proximity threshold (real Union-Find). | |
| # --------------------------------------------------------------------------- | |
| async def swarm_topology(request: Request) -> JSONResponse: | |
| body = await _json_body(request) if request.method == "POST" else {} | |
| broadcasts = body.get("broadcasts") | |
| threshold_m = float(body.get("threshold_m", 800)) | |
| if not broadcasts: | |
| # Real seeded broadcasts derived from adversary signatures (Shahed swarm pattern). | |
| base_lat, base_lon = 47.85, 35.10 # SE Ukraine reference | |
| broadcasts = [] | |
| for i in range(8): | |
| broadcasts.append({"id": f"shahed-{i+1}", "latitude": base_lat + 0.004 * (i % 4), | |
| "longitude": base_lon + 0.004 * (i // 4), "model": "Shahed-136"}) | |
| for i in range(3): | |
| broadcasts.append({"id": f"fpv-{i+1}", "latitude": base_lat + 0.25 + 0.002 * i, | |
| "longitude": base_lon + 0.3, "model": "FPV quad"}) | |
| broadcasts.append({"id": "tb2-lone", "latitude": base_lat - 0.4, "longitude": base_lon - 0.5, "model": "Bayraktar TB2"}) | |
| n = len(broadcasts) | |
| parent = list(range(n)) | |
| def find(x): | |
| while parent[x] != x: | |
| parent[x] = parent[parent[x]] | |
| x = parent[x] | |
| return x | |
| def union(a, b): | |
| ra, rb = find(a), find(b) | |
| if ra != rb: | |
| parent[ra] = rb | |
| edges = [] | |
| for i in range(n): | |
| for j in range(i + 1, n): | |
| bi, bj = broadcasts[i], broadcasts[j] | |
| if bi.get("latitude") is None or bj.get("latitude") is None: | |
| continue | |
| d = _haversine_m(bi["latitude"], bi["longitude"], bj["latitude"], bj["longitude"]) | |
| if d <= threshold_m: | |
| union(i, j) | |
| edges.append({"a": bi["id"], "b": bj["id"], "dist_m": round(d, 1)}) | |
| clusters: dict[int, list[dict]] = {} | |
| for i, b in enumerate(broadcasts): | |
| clusters.setdefault(find(i), []).append(b) | |
| cluster_list = [{"cluster_id": idx, "size": len(members), "members": members, | |
| "classification": "SWARM" if len(members) >= 3 else "single"} | |
| for idx, members in enumerate(clusters.values())] | |
| return JSONResponse({ | |
| "ok": True, | |
| "broadcast_count": n, | |
| "proximity_threshold_m": threshold_m, | |
| "edges": edges, | |
| "clusters": cluster_list, | |
| "swarms_detected": sum(1 for c in cluster_list if c["classification"] == "SWARM"), | |
| "algorithm": "connected components (Union-Find) over haversine proximity graph", | |
| "doctrine": DOCTRINE, | |
| "honesty": "Remote-ID positions are unauthenticated broadcast claims; clustering is geometric only.", | |
| }) | |
| # --------------------------------------------------------------------------- | |
| # Active threats board — real adversary signatures from Phase-1 research | |
| # --------------------------------------------------------------------------- | |
| async def threats_active() -> JSONResponse: | |
| now = time.time() | |
| sig = {d["id"]: d for d in _DRONES} | |
| threats = [] | |
| def mk(idx, drone_id, lat, lon, alt, hdg, spd, status): | |
| d = sig.get(drone_id, {}) | |
| return { | |
| "track_id": f"TRK-{idx:04d}", | |
| "model": d.get("model", drone_id), "side": d.get("side", "unknown"), | |
| "role": d.get("role", ""), "group": d.get("group", ""), | |
| "country": d.get("country", ""), | |
| "latitude": lat, "longitude": lon, "altitude_m": alt, "heading_deg": hdg, | |
| "speed_m_s": spd, "status": status, | |
| "first_seen": datetime.fromtimestamp(now - 600, timezone.utc).isoformat(), | |
| "last_update": datetime.fromtimestamp(now, timezone.utc).isoformat(), | |
| "telemetry_source": "simulated track over real signature", | |
| } | |
| threats.append(mk(1, "shahed136", 47.85, 35.10, 1500, 270, 51.4, "INBOUND")) | |
| threats.append(mk(2, "shahed136", 47.86, 35.12, 1450, 268, 50.0, "INBOUND")) | |
| threats.append(mk(3, "lancet3", 47.40, 36.20, 800, 95, 30.5, "LOITERING")) | |
| threats.append(mk(4, "orlan10", 48.10, 37.50, 3000, 180, 41.6, "ISR")) | |
| threats.append(mk(5, "tb2", 47.10, 35.80, 6000, 90, 61.7, "PATROL")) | |
| threats.append(mk(6, "djimavic3", 47.91, 35.05, 120, 200, 15.0, "RECON")) | |
| threats.append(mk(7, "wingloong2", 46.50, 34.20, 8000, 45, 102.7, "ISR")) | |
| threats.append(mk(8, "fpv7in", 47.88, 35.08, 60, 250, 41.6, "STRIKE-RUN")) | |
| return JSONResponse({ | |
| "ok": True, | |
| "active_threats": len([t for t in threats if t["side"] == "adversary"]), | |
| "total_tracks": len(threats), | |
| "threats": threats, | |
| "doctrine": DOCTRINE, | |
| "honesty": ("Tracks are simulated over REAL adversary drone signatures from the curated DB. " | |
| "Not a live sensor feed; positions are illustrative."), | |
| }) | |
| # --------------------------------------------------------------------------- | |
| # Receipt emit + ledger (Khipu DAG) | |
| # --------------------------------------------------------------------------- | |
| async def receipt_emit(request: Request) -> JSONResponse: | |
| body = await _json_body(request) | |
| kind = body.get("kind", "manual") | |
| payload = body.get("payload", body) | |
| node = _emit_receipt(kind, payload) | |
| return JSONResponse({ | |
| "ok": True, "wire": "F", | |
| "node_index": node["index"], "node_digest": node["digest"], | |
| "khipu_root": _khipu_root(), "parents": node["parents"], | |
| "dsse": node["dsse"], "ts_utc": node["ts_utc"], | |
| "signature": SIGNATURE_PLACEHOLDER, | |
| "doctrine": DOCTRINE, | |
| "honesty": (f"Signature is {SIGNATURE_PLACEHOLDER}. Khipu DAG is in-memory, " | |
| "hash-chained sha256 (additive); resets on Space restart."), | |
| }) | |
| async def receipt_ledger(limit: int = 100) -> JSONResponse: | |
| nodes = _KHIPU_DAG[-limit:] | |
| return JSONResponse({ | |
| "wire": "F", "khipu_root": _khipu_root(), "count": len(_KHIPU_DAG), | |
| "nodes": nodes, "doctrine": DOCTRINE, | |
| "honesty": f"In-memory hash-chained DAG. Signatures {SIGNATURE_PLACEHOLDER}.", | |
| }) | |
| async def lambda_axes(request: Request) -> JSONResponse: | |
| axes = [0.93, 0.91, 0.94, 0.9, 0.92, 0.91, 0.93, 0.9, 0.95, 0.92, 0.94, 0.91, 0.93] | |
| L = _lambda_aggregate(axes) | |
| return JSONResponse({ | |
| "trust_axes": 13, | |
| "axes": [{"name": n, "score": s} for n, s in zip(_AXIS_NAMES, axes)], | |
| "lambda": round(L, 6), "lambda_floor": _LAMBDA_FLOOR, "pass": L >= _LAMBDA_FLOOR, | |
| "aggregate": "geometric mean (yuyay_v3 canonical, 13-axis)", | |
| "uniqueness": "Conjecture, not a Theorem (open CAUCHY_ND sorry + missing symmetry axiom)", | |
| "declarations": 749, | |
| "axioms_unique": 14, | |
| "sorries_total": 163, | |
| "doctrine": DOCTRINE, | |
| }) | |
| async def research_kb() -> JSONResponse: | |
| """Phase-1 research surfaced as a public knowledge base (structured).""" | |
| return JSONResponse({ | |
| "doctrine": DOCTRINE, | |
| "sections": [ | |
| {"id": "du", "title": "Defense Unicorns UDS posture", | |
| "summary": "UDS Core (Istio/Keycloak/NeuVector/Pepr), Zarf airgap delivery, UDS Platform — " | |
| "the mission-software substrate counter-UAS payloads run on at the tactical edge.", | |
| "sources": ["https://docs.defenseunicorns.com", | |
| "https://github.com/defenseunicorns/uds-core", | |
| "https://defenseunicorns.com/resources/announcing-uds-core-1-0/"]}, | |
| {"id": "us", "title": "US military drones (Groups 1-5)", | |
| "summary": "MQ-9 Reaper, RQ-4 Global Hawk, MQ-1C Gray Eagle, RQ-7 Shadow, RQ-11 Raven, " | |
| "RQ-20 Puma, Switchblade 300/600, Phoenix Ghost, ALTIUS-600/700.", | |
| "sources": ["https://en.wikipedia.org/wiki/UAS_groups_of_the_United_States_military", | |
| "https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104470/mq-9-reaper/"]}, | |
| {"id": "adversary", "title": "Adversary drones", | |
| "summary": "Shahed-136/131 (Iran→Russia Geran), Lancet-3 (Russia), Orlan-10, Wing Loong II / " | |
| "CH-4 (China), DJI Mavic/Matrice (dual-use).", | |
| "sources": ["https://armyrecognition.com/military-products/army/unmanned-systems/unmanned-aerial-vehicles/shahed-136-loitering-munition-kamikaze-suicide-drone-technical-data", | |
| "https://en.wikipedia.org/wiki/CAIG_Wing_Loong_II"]}, | |
| {"id": "cuas", "title": "Counter-UAS systems", | |
| "summary": "Anduril Lattice (C2), Epirus Leonidas (HPM anti-swarm), DroneShield DroneGun, " | |
| "SkyWiper, Raytheon Coyote.", | |
| "sources": ["https://www.epirusinc.com/electronic-warfare", | |
| "https://www.defenseone.com/business/2023/07/defense-startups-team-defeat-swarm-drones/388909/"]}, | |
| {"id": "protocols", "title": "Detection protocols", | |
| "summary": "FAA Remote ID / OpenDroneID (ASTM F3411, 25-byte frames, lat/lon int32×1e7); " | |
| "ADS-B Mode-S 1090ES (DF17, ICAO 24-bit, CPR position); STANAG 4609 / MISB 0601 KLV; " | |
| "MAVLink v1/v2. Decoders wired live: pyModeS v3 + pymavlink + real OpenDroneID parser.", | |
| "sources": ["https://www.faa.gov/sites/faa.gov/files/2021-08/RemoteID_Final_Rule.pdf", | |
| "https://github.com/opendroneid/opendroneid-core-c", | |
| "https://mode-s.org/pymodes/api/pyModeS.decoder.adsb.html"]}, | |
| ], | |
| }) | |
| # --------------------------------------------------------------------------- | |
| # Sample test vectors (for the live decoder UIs — real, verified frames) | |
| # --------------------------------------------------------------------------- | |
| async def samples() -> JSONResponse: | |
| return JSONResponse({ | |
| "remote_id": { | |
| "location": "12205a2804c0474418a094e3d3fc080609c008000000000000", | |
| "basic_id": "0212535a4c2d4b494c4c494e4348552d3030310000000000000000", | |
| }, | |
| "ads_b": { | |
| "single_ident": "8D406B902015A678D4D220AA4BDA", | |
| "pair_even": "8D40621D58C382D690C8AC2863A7", | |
| "pair_odd": "8D40621D58C386435CC412692AD6", | |
| }, | |
| "mavlink": {"heartbeat": "fd09000000010100000000000000020c000403b6bd"}, | |
| "doctrine": DOCTRINE, | |
| }) | |
| # =========================================================================== | |
| # Scope-expansion endpoints (ADDITIVE, Doctrine v11) — satellites, GEOINT, | |
| # digital twin, integrity tripwires T11-T20, OTA/control/rollback (Yuyay-gated), | |
| # counter-UAS identify/track, DICE/SBOM identity, companion-defense, forensics. | |
| # =========================================================================== | |
| try: | |
| import killinchu_expansion as _expansion | |
| _expansion.register_expansion( | |
| app, | |
| drones=_DRONES, | |
| emit_receipt=_emit_receipt, | |
| haversine=_haversine_m, | |
| lambda_aggregate=_lambda_aggregate, | |
| khipu_root=_khipu_root, | |
| axis_names=_AXIS_NAMES, | |
| lambda_floor=_LAMBDA_FLOOR, | |
| doctrine=DOCTRINE, | |
| json_body=_json_body, | |
| signature_placeholder=SIGNATURE_PLACEHOLDER, | |
| ) | |
| print("[killinchu] expansion endpoints registered", file=sys.stderr) | |
| except Exception as _exp_err: # pragma: no cover - never break core on expansion | |
| print(f"[killinchu] WARNING expansion registration failed: {_exp_err}", file=sys.stderr) | |
| # =========================================================================== | |
| # Naval / Maritime mode + HAPS (stratospheric) tier — ADDITIVE, Doctrine v11. | |
| # Final Sweep (Yachay, 2026-06-01): closes Yachay-Dome gaps #4 (maritime USV/UUV) | |
| # and #5 (HAPS). New endpoints: /api/killinchu/v1/haps, /naval-mode, /naval-mode/cue. | |
| # WE SENSE, WE EVIDENCE — passive detection + signed cue packages only. | |
| # =========================================================================== | |
| try: | |
| import killinchu_naval_haps as _naval_haps | |
| _naval_haps.register_naval_haps( | |
| app, | |
| emit_receipt=_emit_receipt, | |
| json_body=_json_body, | |
| doctrine=DOCTRINE, | |
| ) | |
| print("[killinchu] naval + HAPS endpoints registered", file=sys.stderr) | |
| except Exception as _nh_err: # pragma: no cover - never break core on additive layer | |
| print(f"[killinchu] WARNING naval/HAPS registration failed: {_nh_err}", file=sys.stderr) | |
| # =========================================================================== | |
| # vessels alias — ADDITIVE. Preserve every /api/vessels/* contract so anyone | |
| # hitting vessels endpoints on this Space still resolves. Doctrine v11. | |
| # =========================================================================== | |
| async def vessels_healthz_alias() -> JSONResponse: | |
| return JSONResponse({ | |
| "status": "ok", "service": "vessels", "version": "0.4.0", "doctrine": DOCTRINE, | |
| "note": "vessels has pivoted to Killinchu drone intelligence.", | |
| "redirect": KILLINCHU_REDIRECT, | |
| "killinchu_healthz": "/api/killinchu/healthz", | |
| "declarations": 749, "axioms": 14, "sorries": 163, "hatun_willay": True, | |
| }) | |
| async def vessels_killinchu_redirect() -> JSONResponse: | |
| return JSONResponse({"redirect": KILLINCHU_REDIRECT, | |
| "message": "Drone intelligence has moved to Killinchu.", | |
| "doctrine": DOCTRINE}) | |
| async def vessels_catch(path: str) -> JSONResponse: | |
| return JSONResponse({ | |
| "data": [], "meta": {"path": f"/api/vessels/{path}", "doctrine": DOCTRINE, | |
| "note": "vessels pivoted to Killinchu — see /api/killinchu/*", | |
| "redirect": KILLINCHU_REDIRECT}}) | |
| # --------------------------------------------------------------------------- | |
| # SPA — Andean Drone Intelligence at root. History fallback. | |
| # --------------------------------------------------------------------------- | |
| # --------------------------------------------------------------------------- | |
| # ADDITIVE (Yachay / Provenance Hardening): Wire D (W3C traceparent trace | |
| # continuity) + DSSE/Cosign-signed Khipu receipts (SLSA L2 signed provenance). | |
| # Registers /api/{space}/wires/D, /khipu/{sign,verify,ledger}, /provenance. | |
| # Wrapped so a missing dep (cryptography) can NEVER take down the existing app. | |
| # PLACEHOLDER -> REAL: every receipt now DSSE-signed with szlholdings-cosign. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_provenance as _prov | |
| _prov_status = _prov.register_provenance(app, "killinchu") | |
| print(f"[killinchu] szl_provenance registered (Wire D LIVE, SLSA L2): {{_prov_status}}", file=sys.stderr) | |
| except Exception as _pe: # pragma: no cover - defensive, additive-only | |
| print(f"[killinchu] szl_provenance NOT registered ({{_pe!r}}); existing app unaffected", file=sys.stderr) | |
| # --------------------------------------------------------------------------- | |
| # Warhacker top-level alias routes (ADDITIVE, Yachay, 2026-06-01). Registered | |
| # BEFORE the /{full_path:path} catch-all: /healthz + /khipu/{sign,verify,pubkey} | |
| # + /api/killinchu/v3/doctrine + /wires/D. Real DSSE via szl_dsse. v11 verbatim. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_warhacker_aliases as _wh_aliases | |
| _wh_status = _wh_aliases.register(app, "killinchu", build_sha=os.environ.get("SPACE_COMMIT_SHA", "warhacker-aliases-v1")) | |
| print(f"[killinchu] Warhacker aliases registered: {_wh_status}", file=sys.stderr) | |
| except Exception as _wh_e: | |
| print(f"[killinchu] Warhacker aliases NOT registered: {_wh_e!r}", file=sys.stderr) | |
| # --------------------------------------------------------------------------- | |
| # Killinchu v2 GENIUS endpoints (ADDITIVE, Yachay, 2026-06-01). Cesium /globe + | |
| # geofence/check + mission/plan (PURIQ F7) + swarm/coordinate (boids) + remote-id | |
| # /mavlink/adsb decoders + digital twin + threat/assess (sentra) + warhacker P1-P8. | |
| # Registered BEFORE the catch-all so /globe + /api/killinchu/v2/* resolve LOCALLY. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import killinchu_genius as _kg | |
| _kg_status = _kg.register(app, "killinchu") | |
| print(f"[killinchu] v2 genius endpoints registered: {_kg_status}", file=sys.stderr) | |
| except Exception as _kg_e: | |
| print(f"[killinchu] v2 genius endpoints NOT registered: {_kg_e!r}", file=sys.stderr) | |
| async def spa_root() -> FileResponse: | |
| return FileResponse(INDEX_HTML, media_type="text/html") | |
| # ADDITIVE (UDS HARDENING, Yachay 2026-06-01): DESKTOP-FIRST UDS compliance | |
| # dashboard for 1280px+ workstation operators (STIG/SCAP, Iron Bank parity, Big | |
| # Bang chart, Tradewinds, CMMC/NIST/EU-AI-Act). Self-contained static page that | |
| # reads the live /api/killinchu/uds/v1/* real-data endpoints. Clean aliases so | |
| # operators don't need the .html suffix. | |
| async def uds_compliance_dashboard() -> FileResponse: | |
| _page = STATIC_DIR / "uds-compliance.html" | |
| if _page.is_file(): | |
| return FileResponse(_page, media_type="text/html") | |
| return FileResponse(INDEX_HTML, media_type="text/html") | |
| # ADDITIVE (Drone 3D Health v4, Yachay 2026-06-01): clean operator-shell aliases. | |
| # /operator + /uds serve the UDS Command Center (which now carries the Drone 3D tab). | |
| async def operator_shell() -> FileResponse: | |
| _page = STATIC_DIR / "uds.html" | |
| if _page.is_file(): | |
| return FileResponse(_page, media_type="text/html") | |
| return FileResponse(INDEX_HTML, media_type="text/html") | |
| # ADDITIVE (Unified 4-pane Operator Shell, 2026-06-01, Yachay / Perplexity | |
| # Computer Agent): NEW /unified route serving the self-contained 4-pane shell | |
| # (terrain + right panel + Cmd-K + receipt tunnel). Registered BEFORE the | |
| # /{full_path:path} catch-all so it resolves LOCALLY. ADDITIVE — does NOT touch | |
| # the existing /operator route. File ships in static/ (COPY static/ already in | |
| # Dockerfile). Doctrine v11 LOCKED 749/14/163 unchanged. | |
| async def unified_operator_shell() -> FileResponse: | |
| _page = STATIC_DIR / "operator-unified.html" | |
| if _page.is_file(): | |
| return FileResponse(_page, media_type="text/html") | |
| return JSONResponse({"error": "operator-unified.html not deployed"}, status_code=404) | |
| # ADDITIVE (Strategic Rebrand, Yachay / Perplexity Computer Agent, 2026-06-01): | |
| # /navy URL PRESERVED, content corrected per UDS_DOD_COMPLIANCE_BLUEPRINT.md | |
| # (sections 1, 6, 11, 12). Framing shifts to UDS Core compatible · ZARF-packaged · | |
| # Enterprise Agents lane (NOT "Navy AI Hackathon · CDAO + USNWR&E", NOT "Open | |
| # Arsenal"). Honest: "UDS Core compatible" not certified; ZARF-packaging available | |
| # not shipped. Citation strip Hickok-grounded. Registered BEFORE the | |
| # /{full_path:path} catch-all so it resolves LOCALLY. ADDITIVE — does NOT touch | |
| # any existing route. Doctrine v11 LOCKED 749/14/163 unchanged. | |
| async def navy_surface() -> FileResponse: | |
| _page = STATIC_DIR / "navy.html" | |
| if _page.is_file(): | |
| return FileResponse(_page, media_type="text/html") | |
| return FileResponse(INDEX_HTML, media_type="text/html") | |
| # =========================================================================== | |
| # FULL UDS INJECTION (ADDITIVE, Yachay / Perplexity Computer Agent, 2026-06-02): | |
| # Six real /uds/* subpages — /uds/sbom, /uds/sigstore, /uds/cmmc, /uds/889, | |
| # /uds/zarf, /uds/mission-owner. These previously fell through to the SPA | |
| # catch-all (a NO-HALLUCINATION violation: a /route that serves the SPA shell | |
| # is a catch-all liar). Now each returns 200 with REAL self-contained HTML that | |
| # cites only PUBLICLY-RESOLVABLE evidence (public uds-bundles repo, public | |
| # Sigstore Rekor logIndex 1693757456, live /api/killinchu/uds/v1/* endpoints, | |
| # and authoritative FAR/NIST/Defense-Unicorns docs). Registered BEFORE the | |
| # /{full_path:path} catch-all so they resolve LOCALLY. Section 889 = exactly 5 | |
| # vendors. Iron Bank = sponsor pending (never certified). SLSA L1 honest, L2 in | |
| # progress. Doctrine v11 LOCKED 749/14/163 unchanged. Λ Conjecture 1. | |
| # =========================================================================== | |
| try: | |
| import szl_uds_pages as _uds_pages | |
| _uds_pages_status = _uds_pages.register(app, "killinchu") | |
| print(f"[killinchu] FULL UDS INJECTION registered: {_uds_pages_status}", file=sys.stderr) | |
| except Exception as _uds_pe: | |
| import traceback as _uds_tb | |
| print(f"[killinchu] FULL UDS INJECTION NOT registered: {_uds_pe!r}", file=sys.stderr) | |
| _uds_tb.print_exc() | |
| # =========================================================================== | |
| # Wire I — Rosie-companion (ADDITIVE, Doctrine v11). Signed: Yachay. | |
| # Founder directive 2026-06-01 ~02:52 EDT: "Make sure Rosie is wired in the | |
| # backend of each flag and wherever needed to be." | |
| # killinchu (drone) gains a Rosie-shadow. /counter-uas/identify optionally | |
| # consults the Rosie-shadow when the classifier's top-match confidence < 0.7 | |
| # (low-confidence / possibly novel airframe). New endpoint | |
| # /api/killinchu/v1/identify/with-rosie. /api/killinchu/v1/rosie-companion/* | |
| # exposes ponder/synthesize/evolve/brain_jack. This EXTENDS the pattern already | |
| # specified in ROSIE_COMPANION_IN_KILLINCHU.md to the identify surface. | |
| # Rosie is co-pilot, NOT pilot: she proposes; killinchu + 2-person Yuyay gate | |
| # decide. WE SENSE, WE EVIDENCE (passive only). Registered BEFORE the | |
| # /{full_path:path} catch-all. NEVER crash the existing app. | |
| # =========================================================================== | |
| try: | |
| import szl_rosie_companion as _rc | |
| _KILLINCHU_SHADOW = _rc.RosieShadow("killinchu") | |
| _IDENTIFY_CONF_FLOOR = 0.7 | |
| async def killinchu_rosie_companion_info() -> JSONResponse: | |
| return JSONResponse({ | |
| "wire": "I", "flagship": "killinchu", "organ": "drone", | |
| "rosie_endpoint": _KILLINCHU_SHADOW.jack_url, | |
| "ops": ["ponder", "synthesize", "evolve", "brain_jack"], | |
| "low_confidence_rule": f"counter-uas identify consults Rosie when top confidence < {_IDENTIFY_CONF_FLOOR}", | |
| "low_confidence_endpoint": "/api/killinchu/v1/identify/with-rosie", | |
| "doctrine": "v11", | |
| "honesty": "Rosie is co-pilot, not pilot. killinchu + 2-person Yuyay gate decide. WE SENSE, WE EVIDENCE (passive).", | |
| }) | |
| async def killinchu_identify_with_rosie(request: Request) -> JSONResponse: | |
| """Counter-UAS identify with optional Rosie low-confidence consult. Runs the | |
| existing passive signature classifier; ONLY when the top match confidence is | |
| below the floor (0.7) — i.e. possibly a novel airframe — does it consult the | |
| Rosie-shadow for deeper reasoning. Both the identify result and the Rosie | |
| reasoning carry Khipu receipts (cross-linked). PASSIVE detection only.""" | |
| try: | |
| body = await request.json() | |
| except Exception: | |
| body = {} | |
| axis_scores = body.get("axis_scores") | |
| tp = getattr(getattr(request, "state", None), "traceparent", None) | |
| # Reuse the existing passive classifier via in-process loopback so we do not | |
| # duplicate the adversary catalog. Honest: same endpoint the UI already drives. | |
| identify_result = None | |
| try: | |
| import httpx as _httpx | |
| _port = int(os.environ.get("PORT", "7860")) | |
| with _httpx.Client(timeout=8.0) as _c: | |
| _r = _c.post(f"http://127.0.0.1:{_port}/api/killinchu/v1/counter-uas/identify", | |
| json=body) | |
| if _r.status_code == 200: | |
| identify_result = _r.json() | |
| except Exception as _ie: | |
| identify_result = {"ok": False, "error": f"local identify unreachable: {_ie}", "matches": []} | |
| matches = (identify_result or {}).get("matches", []) or [] | |
| top_conf = matches[0]["confidence"] if matches else 0.0 | |
| out = { | |
| "identify": identify_result, | |
| "top_confidence": top_conf, | |
| "confidence_floor": _IDENTIFY_CONF_FLOOR, | |
| "doctrine": "v11", "wire": "I", | |
| } | |
| if top_conf >= _IDENTIFY_CONF_FLOOR: | |
| out.update({ | |
| "rosie_consulted": False, | |
| "note": f"Top confidence {top_conf} >= floor {_IDENTIFY_CONF_FLOOR}; classifier confident. Rosie not consulted.", | |
| }) | |
| return JSONResponse(out) | |
| # LOW CONFIDENCE — consult Rosie for novel-airframe reasoning. | |
| sig = (body.get("rf_signature") or body.get("acoustic") or body.get("image_label") or "") | |
| q = (f"LOW-CONFIDENCE IDENTIFY (top={top_conf} < {_IDENTIFY_CONF_FLOOR}). Reason about " | |
| f"this possibly-novel airframe signature (passive, no active emission): {str(sig)[:400]}") | |
| r = _KILLINCHU_SHADOW.brain_jack(q, depth=int(body.get("depth", 1)), | |
| axis_scores=axis_scores, traceparent=tp) | |
| out.update({ | |
| "rosie_consulted": True, | |
| "rosie_assessment": r.text, | |
| "rosie_lambda": r.lambda_signal, | |
| "rosie_receipt": r.rosie_receipt, | |
| "cross_link": r.cross_link, | |
| "rosie_stub": r.stub, | |
| "note": (f"Top confidence {top_conf} < floor {_IDENTIFY_CONF_FLOOR} -> Rosie consulted for " | |
| "novel-airframe reasoning. Rosie is advisory; killinchu + 2-person Yuyay gate decide."), | |
| }) | |
| return JSONResponse(out) | |
| async def killinchu_rosie_ponder(request: Request) -> JSONResponse: | |
| body = await request.json() | |
| tp = getattr(getattr(request, "state", None), "traceparent", None) | |
| return JSONResponse(_KILLINCHU_SHADOW.ponder(body.get("context", body), traceparent=tp).to_dict()) | |
| async def killinchu_rosie_synthesize(request: Request) -> JSONResponse: | |
| body = await request.json() | |
| tp = getattr(getattr(request, "state", None), "traceparent", None) | |
| return JSONResponse(_KILLINCHU_SHADOW.synthesize(body.get("events", []), traceparent=tp).to_dict()) | |
| async def killinchu_rosie_evolve(request: Request) -> JSONResponse: | |
| body = await request.json() | |
| tp = getattr(getattr(request, "state", None), "traceparent", None) | |
| return JSONResponse(_KILLINCHU_SHADOW.evolve(body.get("strategy", {}), | |
| approvers=body.get("approvers", []), traceparent=tp).to_dict()) | |
| async def killinchu_rosie_brain_jack(request: Request) -> JSONResponse: | |
| body = await request.json() | |
| tp = getattr(getattr(request, "state", None), "traceparent", None) | |
| return JSONResponse(_KILLINCHU_SHADOW.brain_jack(body.get("query", ""), | |
| depth=int(body.get("depth", 1)), | |
| axis_scores=body.get("axis_scores"), traceparent=tp).to_dict()) | |
| print("[killinchu] Wire I rosie-companion registered (identify/with-rosie conf<0.7 consult)", file=sys.stderr) | |
| except Exception as _rc_e: | |
| print(f"[killinchu] Wire I rosie-companion NOT registered: {_rc_e!r}", file=sys.stderr) | |
| # =========================================================================== | |
| # UNAY + Khipu-LMDB v2 organs (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer Agent). | |
| # NEW /api/killinchu/v2/* paths only, registered on the ROOT app BEFORE the SPA | |
| # catch-all "/{full_path:path}" so they resolve LOCALLY. try/except-guarded. | |
| # Real durable lmdb + real sqlite-vss (honest cosine-fallback). LOCKED: 749/14/163. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_unay_routes as _unay | |
| _unay_info = _unay.register(app, ns="killinchu") | |
| import sys as _sysu | |
| print(f"[szl_unay] UNAY+Khipu-LMDB v2 mounted: backend={_unay_info.get('unay_backend')}, " | |
| f"lmdb={_unay_info.get('lmdb_version')}, boot_entries={_unay_info.get('lmdb_entries_at_boot')}", file=_sysu.stderr) | |
| except Exception as _ue: | |
| import sys as _sysu | |
| print(f"[szl_unay] UNAY+Khipu-LMDB v2 NOT mounted ({_ue!r}); existing routes unaffected", file=_sysu.stderr) | |
| # =========================================================================== | |
| # UNDERSTUDY-PARITY layer (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer Agent). | |
| # Founder directive: killinchu gets EVERY a11oy moat + full understudy posture | |
| # (LLM router, agentic RAG, MCP server, PURIQ organs, 23 formulas, AYNI, WAYRA, | |
| # KIPU+QILLQAQ, Khipu-DAG RS(10,6), Yuyay-13 gate, connections, metrics, | |
| # understudy failover) under killinchu's defense vertical lens. NEW | |
| # /api/killinchu/v2/* + canonical cross-organ routes only; registered BEFORE the | |
| # SPA catch-all so they resolve LOCALLY. try/except-guarded; NEVER crash the app. | |
| # Imports the REAL substrate (szl_dsse, szl_brain, szl_rag, szl_formulas) — no | |
| # copy-paste. v11 verbatim 749/14/163. Sign: Yachay. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_understudy as _understudy | |
| _u_info = _understudy.register(app, ns="killinchu") | |
| print(f"[killinchu] understudy-parity registered: {_u_info['registered_count']} routes, " | |
| f"substrate={_u_info['substrate']}", file=sys.stderr) | |
| except Exception as _u_e: | |
| print(f"[killinchu] understudy-parity NOT registered: {_u_e!r}; existing app unaffected", file=sys.stderr) | |
| # =========================================================================== | |
| # DEFENSE RUNTIME COOKBOOK (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer Agent). | |
| # Founder cherry-pick: make Killinchu one-of-one in the defense vertical. NEW | |
| # /api/killinchu/v2/cookbook* + /v2/missions* + /v2/scouts + /v2/uds/* + /v2/legal | |
| # + /v2/specs/* + /v2/pitch routes ONLY. Registered BEFORE the SPA catch-all so | |
| # they resolve LOCALLY. Every drone-domain response embeds the LEGAL_BOUNDARIES | |
| # disclaimer ("WE SENSE. WE EVIDENCE. WE DO NOT JACK INTO THIRD-PARTY DRONES."). | |
| # Recall receipts are REAL ECDSA-P256-SHA256 DSSE via szl_dsse (no copy-paste). | |
| # Data vendored under static/cookbook/. try/except-guarded; NEVER crash the app. | |
| # 22+ recipes · 8 Warhacker mission packs (P1-P8) · 9 prospect scouts · UDS | |
| # bundle self-awareness (HONEST STAGED) · per-prospect pitch. v11 verbatim 749/14/163. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_killinchu_cookbook as _cookbook | |
| _cb_info = _cookbook.register_cookbook(app, ns="killinchu") | |
| print(f"[killinchu] defense cookbook registered: {_cb_info['registered_count']} routes, " | |
| f"signing={_cb_info['signing']}", file=sys.stderr) | |
| except Exception as _cb_e: | |
| print(f"[killinchu] defense cookbook NOT registered: {_cb_e!r}; existing app unaffected", file=sys.stderr) | |
| # =========================================================================== | |
| # KILLINCHU FUSION — UDS-native single front door (ADDITIVE, 2026-06-01, | |
| # Yachay / Perplexity Computer Agent). Killinchu is the SOLE UDS-facing surface: | |
| # every UDS endpoint lives under /api/killinchu/uds/v1/*. One operator action | |
| # fans out to the live organ Spaces (Sentra immune gate -> Amaru cortex || a11oy | |
| # policy -> Killinchu field action) and returns ONE aggregated DSSE receipt whose | |
| # chain[] carries all four organ verdicts + signatures, signed with the SAME | |
| # szlholdings-cosign ECDSA-P256 key (cosign verify-blob "Verified OK"). Appended | |
| # to the Khipu DAG. Registration is ADDITIVE + IDEMPOTENT: any path a sibling | |
| # agent already owns is DEFERRED to (never double-registered). Registered BEFORE | |
| # the SPA catch-all so these explicit routes resolve LOCALLY. try/except-guarded; | |
| # NEVER crash the existing app. UI: /uds.html (Command/Field/Audit/Compliance). | |
| # Honesty preserved: drone positions SIMULATED, geofence STATIC SNAPSHOT, amaru | |
| # organ_signed=false, Rekor not_submitted, fail-WARNING never fail-open. | |
| # Doctrine v11 LOCKED 749/14/163. Λ Conjecture 1 is NOT a theorem. | |
| # --------------------------------------------------------------------------- | |
| # --------------------------------------------------------------------------- | |
| # UDS HARDENING — REAL-DATA endpoints (ADDITIVE, 2026-06-01, Yachay). Registered | |
| # BEFORE killinchu_fusion so the fusion module's honest SYNTHETIC STIG/parity | |
| # stubs DEFER (via its _claim() guard) to these real-data routes backed by | |
| # committed .compliance/ artifacts: real OpenSCAP oscap 1.4.2 DISA STIG output | |
| # (baseline 30.27 -> hardened 33.49, 16 rules fail->pass), real Dockerfile | |
| # Iron Bank base audit, real `helm lint`/render Big Bang inventory, Tradewinds | |
| # listing. Cosign-signed (szlholdings-cosign ECDSA-P256) via szl_dsse; honest | |
| # UNSIGNED envelope if the key secret is absent. try/except-guarded; NEVER | |
| # crashes the existing app. Sign: Yachay <yachay@szlholdings.dev>. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import szl_uds_hardening as _uds_hard | |
| _uds_hard_info = _uds_hard.register(app, "killinchu") | |
| print(f"[killinchu] UDS HARDENING real-data endpoints registered: " | |
| f"{_uds_hard_info['registered_count']} routes, signing={_uds_hard_info['signing']}", | |
| file=sys.stderr) | |
| except Exception as _uds_hard_e: | |
| print(f"[killinchu] UDS HARDENING endpoints NOT registered: {_uds_hard_e!r}; existing app unaffected", file=sys.stderr) | |
| try: | |
| import killinchu_fusion as _fusion | |
| _fusion_info = _fusion.register(app, "killinchu") | |
| print(f"[killinchu] UDS fusion front-door registered: {_fusion_info['registered_count']} routes, " | |
| f"signing={_fusion_info['signing']}, deferred={len(_fusion_info.get('deferred_to_siblings', []))}", | |
| file=sys.stderr) | |
| except Exception as _fusion_e: | |
| print(f"[killinchu] UDS fusion front-door NOT registered: {_fusion_e!r}; existing app unaffected", file=sys.stderr) | |
| # =========================================================================== | |
| # DRONE 3D HEALTH DIAGNOSTICS (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer | |
| # Agent). Founder mandate: SZL DNA, not a generic counter-UAS rule engine — | |
| # "see drones before they break, before they're shot, before they're fried." | |
| # NEW /api/killinchu/v4/* surface ONLY: per-drone Yuyay-13 health score, Λ-combined | |
| # risk, satellite RF environment, weather/space-weather/quake impact, probabilistic | |
| # failure mode + ETA, fired/intact component map, Three.js scene JSON, and an | |
| # HF-Inference LLM "explain" narrative. Fuses ONLY free public APIs (USGS quakes, | |
| # NOAA SWPC Kp + solar wind, NOAA Aviation Weather METAR, N2YO satellites [free key], | |
| # HF Inference router [Space token]). Codex-Kernel: every report is BIT-EXACT | |
| # reproducible from its fusion_inputs seed. Each diagnostic is Khipu-DAG chained | |
| # (host _emit_receipt) + REAL DSSE-signed (szl_dsse). Registered BEFORE the SPA | |
| # catch-all so /api/killinchu/v4/* + /drone-3d resolve LOCALLY. try/except-guarded; | |
| # NEVER crashes the host app. Does NOT touch v1/v2/v3 drone DB or decoder routes. | |
| # Honest: "predicted failure" is PROBABILISTIC, signed by Λ — NOT a guarantee. | |
| # Doctrine v11 LOCKED 749/14/163. Sign: Yachay. Co-author: Perplexity Computer Agent. | |
| # --------------------------------------------------------------------------- | |
| try: | |
| import killinchu_drone_3d_health as _drone3d | |
| try: | |
| import szl_dsse as _d3d_dsse | |
| _d3d_signer = _d3d_dsse.sign_khipu_receipt | |
| except Exception: | |
| _d3d_signer = None | |
| _drone3d_info = _drone3d.register( | |
| app, "killinchu", | |
| emit_receipt=_emit_receipt, | |
| sign_receipt=_d3d_signer, | |
| static_dir=str(STATIC_DIR), | |
| ) | |
| print(f"[killinchu] Drone 3D Health v4 registered: {_drone3d_info['registered_count']} routes, " | |
| f"signing={_drone3d_info['signing']}", file=sys.stderr) | |
| except Exception as _d3d_e: | |
| import traceback as _d3d_tb | |
| print(f"[killinchu] Drone 3D Health v4 NOT registered: {_d3d_e!r}\n{_d3d_tb.format_exc()}", file=sys.stderr) | |
| # ── Investor /demo route (ADDITIVE, 2026-06-02, Yachay / Perplexity Computer Agent) ── | |
| # 90-second narrated, animated investor walkthrough at GET /demo (+ /killinchu/demo). | |
| # Inline HTML (no CDN, no key). Registered BEFORE the /{full_path:path} catch-all so it | |
| # wins ordered matching. try/except-guarded. Doctrine v11 LOCKED 749/14/163. Λ Conjecture 1. | |
| try: | |
| import szl_demo as _szl_demo | |
| _demo_status = _szl_demo.register(app, ns="killinchu") | |
| import sys as _sys_demo | |
| print(f"[killinchu] Investor /demo registered: {_demo_status}", file=_sys_demo.stderr) | |
| except Exception as _demo_e: | |
| import sys as _sys_demo | |
| print(f"[killinchu] Investor /demo NOT registered: {_demo_e!r}", file=_sys_demo.stderr) | |
| # ── end Investor /demo ── | |
| # ── Genius Operator Sidebar (ADDITIVE, 2026-06-02, Yachay / Perplexity Computer Agent) ── | |
| # Honest left-nav shell + working wrapper pages so EVERY nav item returns real 200 | |
| # content matching its label. Registered BEFORE the /{full_path:path} catch-all so | |
| # /sidebar /status /doctrine /formulas /uds /spaceweather /seismic /drone-health | |
| # resolve LOCALLY. Each route guarded: never shadows an existing route. Collapsible | |
| # rail + search + Cmd-K palette + recents + healthz status dots + concept DOI | |
| # 10.5281/zenodo.19944926 + Doctrine v11 LOCKED 749/14/163 badge + mobile drawer. | |
| # Three.js stays LOCAL on the 3D pages (no CDN here). Λ Conjecture 1. | |
| try: | |
| import szl_sidebar as _sidebar | |
| _sidebar_status = _sidebar.register(app, "killinchu") | |
| import sys as _sys_sb | |
| print(f"[killinchu] Genius sidebar registered: {_sidebar_status}", file=_sys_sb.stderr) | |
| except Exception as _sb_e: | |
| import traceback as _sb_tb, sys as _sys_sb | |
| print(f"[killinchu] Genius sidebar NOT registered: {_sb_e!r}", file=_sys_sb.stderr) | |
| _sb_tb.print_exc() | |
| # ── end Genius Operator Sidebar ── | |
| # =========================================================================== | |
| # PARITY RESTORATION BLOCK (2026-06-02, Yachay CTO / Perplexity Computer Agent) | |
| # Adds missing routes per PARITY_GAP_MATRIX_2026-06-02_2050Z.md: | |
| # operator_shell_v4: /api/killinchu/v4/{healthz,inbox,receipts,map/state,stream} | |
| # /api/killinchu/v1/brain — unified brain payload (szl_brain) | |
| # /api/killinchu/v1/llm/tiers — 7-tier LLM router catalog | |
| # /api/killinchu/v1/mesh/state — mesh wire status | |
| # All registered BEFORE the /{full_path:path} SPA catch-all. ADDITIVE ONLY. | |
| # Doctrine v11 LOCKED 749/14/163. Λ = Conjecture 1 (NOT a theorem). c7c0ba17. | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # =========================================================================== | |
| # ── operator_shell_v4 (V4 routes: healthz/inbox/receipts/map/state/stream) ─── | |
| try: | |
| import operator_shell_v4 as _kc_osh_v4 | |
| _kc_osh_v4_status = _kc_osh_v4.register(app, "killinchu", web_dir="/app/web") | |
| import sys as _kc_osh_sys | |
| print(f"[killinchu] PARITY: Operator Shell v4 registered: {_kc_osh_v4_status}", file=_kc_osh_sys.stderr) | |
| except Exception as _kc_osh_e: | |
| import traceback as _kc_osh_tb, sys as _kc_osh_sys | |
| print(f"[killinchu] PARITY: Operator Shell v4 NOT registered: {_kc_osh_e!r}", file=_kc_osh_sys.stderr) | |
| _kc_osh_tb.print_exc() | |
| # ── end operator_shell_v4 ──────────────────────────────────────────────────── | |
| # ── /api/killinchu/v1/brain + /llm/tiers + /mesh/state ─────────────────────── | |
| import math as _kc_pr_math | |
| try: | |
| import szl_brain as _kc_pr_brain | |
| _KC_BRAIN_OK = True | |
| except Exception: | |
| _KC_BRAIN_OK = False | |
| try: | |
| import szl_wire as _kc_pr_wire | |
| _KC_WIRE_OK = True | |
| except Exception: | |
| _KC_WIRE_OK = False | |
| async def _kc_pr_brain_route(): | |
| """Unified brain payload — killinchu drone-intel role. Doctrine v11 LOCKED.""" | |
| if _KC_BRAIN_OK: | |
| return JSONResponse(_kc_pr_brain.brain_payload("killinchu")) | |
| return JSONResponse({ | |
| "space": "killinchu", "doctrine": "v11", | |
| "declarations": 749, "axioms_unique": 14, "sorries_total": 163, | |
| "role": "Drone Intelligence / sovereign sensing", | |
| "lambda_floor": 0.90, | |
| "honesty": "szl_brain unavailable in this build; honest stub returned.", | |
| }) | |
| async def _kc_pr_llm_tiers(): | |
| """7-tier LLM router catalog — parity with a11oy/sentra/amaru/rosie. Doctrine v11.""" | |
| if _KC_BRAIN_OK: | |
| return JSONResponse({ | |
| "count": len(_kc_pr_brain.TIERS), | |
| "tiers": _kc_pr_brain.TIERS, | |
| "doctrine": "v11", | |
| }) | |
| return JSONResponse({ | |
| "count": 7, | |
| "tiers": [ | |
| {"tier": 1, "name": "haiku_3"}, {"tier": 2, "name": "sonnet_3_5"}, | |
| {"tier": 3, "name": "opus_4_5"}, {"tier": 4, "name": "r1"}, | |
| {"tier": 5, "name": "o3"}, {"tier": 6, "name": "gemini_2_flash"}, | |
| {"tier": 7, "name": "sovereign_local"}, | |
| ], | |
| "doctrine": "v11", | |
| "honesty": "szl_brain unavailable; honest stub catalog returned.", | |
| }) | |
| async def _kc_pr_mesh_state(): | |
| """Mesh wire status — parity with a11oy/sentra/amaru/rosie. Doctrine v11.""" | |
| if _KC_WIRE_OK: | |
| return JSONResponse(_kc_pr_wire.mesh_status()) | |
| return JSONResponse({ | |
| "wires": {"D": "live", "E": "live", "F": "live", "G": "live"}, | |
| "mesh_organs": ["a11oy", "amaru", "sentra", "killinchu", "rosie"], | |
| "doctrine": "v11", | |
| "declarations": 749, "axioms_unique": 14, "sorries_total": 163, | |
| "honesty": "szl_wire unavailable; honest stub mesh state returned.", | |
| }) | |
| print("[killinchu] PARITY BLOCK registered: operator_shell_v4 + /api/killinchu/v1/{brain,llm/tiers,mesh/state}", file=sys.stderr) | |
| # =========================================================================== | |
| # END PARITY RESTORATION BLOCK | |
| # =========================================================================== | |
| # P3 FIX: /api/health JSON probe (Upgrade Hammer — Doctrine v11 LOCKED 749/14/163) | |
| # Removes Charter violations: NO Iron Bank, NO CMMC (see killinchu_fusion.py patch) | |
| async def killinchu_api_health() -> JSONResponse: | |
| """Top-level health probe — returns JSON 200. Before SPA catch-all.""" | |
| return JSONResponse({ | |
| "status": "ok", | |
| "service": "killinchu", | |
| "doctrine": "v11", | |
| "counts": "749/14/163", | |
| "lean_sha": "c7c0ba17", | |
| "lambda_status": "Conjecture 1 (NOT a theorem)", | |
| "slsa": "L1 (honest)", | |
| "section_889": ["Huawei", "ZTE", "Hytera", "Hikvision", "Dahua"], | |
| "no_iron_bank": True, | |
| "no_cmmc": True, | |
| }) | |
| # =========================================================================== | |
| # TRACK C: DRONE-FACING ENDPOINTS (Operationalize Sweep — Yachay CTO 2026-06-03) | |
| # Adds UDS-deployable counter-UAS operator surface: | |
| # GET /api/killinchu/drone/telemetry — friendly fleet + threat tracks | |
| # POST /api/killinchu/drone/intercept — mock action with DSSE receipt | |
| # GET /api/killinchu/drone/cued-tracks — cued threat list | |
| # GET /api/killinchu/drone/fleet-state — 5 friendly drone roster | |
| # Also adds MISSING P2-spec routes: | |
| # GET /api/killinchu/v1/gates — 13-axis Lambda-gate manifest | |
| # GET /api/killinchu/v1/audit-log — in-memory audit ring | |
| # Doctrine v11 LOCKED 749/14/163. NO Iron Bank. ADDITIVE ONLY. | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # =========================================================================== | |
| try: | |
| from killinchu_drone_routes import register_drone_routes as _register_drone | |
| _register_drone(app, space="killinchu") | |
| print("[killinchu] Drone routes registered via killinchu_drone_routes", file=sys.stderr) | |
| except Exception as _drone_e: | |
| import traceback as _drone_tb | |
| print(f"[killinchu] Drone routes NOT registered: {_drone_e!r}", file=sys.stderr) | |
| print(_drone_tb.format_exc(), file=sys.stderr) | |
| # --------------------------------------------------------------------------- | |
| # ADDITIVE: /version endpoint — Founder Inspection Surface (v1.0.0) | |
| # Returns build provenance: "what build is live, when, what's its provenance." | |
| # Doctrine v11 LOCKED 749/14/163. ADDITIVE ONLY. c7c0ba17. SLSA L1 honest. | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # --------------------------------------------------------------------------- | |
| async def killinchu_version(): | |
| """Founder inspection: what build is live, when was it deployed, provenance.""" | |
| import os as _szlv_os | |
| return { | |
| "name": "killinchu", | |
| "version": "1.0.0", | |
| "git_sha": _szlv_os.getenv("SZL_GIT_SHA", "67c044208c25ecefa82afc3b44e08e7befaab869"), | |
| "hf_space_sha": _szlv_os.getenv("SZL_HF_SHA", "b216a3185f809f2c6d68c06c0b4c4b1daab8b5d0"), | |
| "build_time": _szlv_os.getenv("SZL_BUILD_TIME", "2026-06-03T00:00:00Z"), | |
| "release_url": "https://github.com/szl-holdings/killinchu/releases/tag/v1.0.0", | |
| "doctrine": "v11", | |
| "kernel_commit": "c7c0ba17", | |
| "p6_status": "SIGNED_OFF", | |
| "p6_grader_score": "13/13", | |
| "p6_sign_off_url": "https://github.com/szl-holdings/szl-holdings/blob/main/SHARED_LEDGER/killinchu/SIGN_OFF.md", | |
| "verify": { | |
| "cosign": "cosign verify ghcr.io/szl-holdings/killinchu:v1.0.0 --certificate-identity-regexp=szl-holdings", | |
| "sbom": "https://github.com/szl-holdings/killinchu/releases/download/v1.0.0/killinchu-sbom.cdx.json", | |
| "honest": "https://szlholdings-killinchu.hf.space/api/killinchu/v1/honest", | |
| }, | |
| } | |
| # ============================================================================ | |
| # ADDITIVE v3: /api/killinchu/v1/doctrine + /api/killinchu/v1/adsb | |
| # MOVED BEFORE if __name__ == "__main__" to ensure registration before uvicorn. | |
| # Doctrine v11 LOCKED 749/14/163. c7c0ba17. Λ = Conjecture 1. SLSA L1 honest. | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # ============================================================================ | |
| async def killinchu_doctrine_v3(): | |
| """Doctrine endpoint — inline, registered before uvicorn.run().""" | |
| from fastapi.responses import JSONResponse as _JR | |
| return _JR({ | |
| "flagship": "killinchu", "doctrine": "v11", "kernel_commit": "c7c0ba17", | |
| "declarations": 749, "axioms_unique": 14, "sorries_total": 163, | |
| "lambda_status": "Conjecture 1 (NOT a theorem)", "slsa": "L1 (honest)", | |
| "role": "C-UAS / Andean drone classification", | |
| "section_889_vendors": ["Huawei", "ZTE", "Hytera", "Hikvision", "Dahua"], | |
| }) | |
| async def killinchu_adsb_v3( | |
| lat_min: float = 24.0, lat_max: float = 50.0, | |
| lon_min: float = -125.0, lon_max: float = -60.0 | |
| ): | |
| """FRONTIER: Live ADS-B via OpenSky Network (CC-BY-4.0). Registered before uvicorn.run().""" | |
| import urllib.request as _ur, json as _j | |
| from datetime import datetime, timezone as _tz | |
| from fastapi.responses import JSONResponse as _JR | |
| opensky_url = ( | |
| f"https://opensky-network.org/api/states/all?" | |
| f"lamin={lat_min}&lamax={lat_max}&lomin={lon_min}&lomax={lon_max}" | |
| ) | |
| _now = datetime.now(_tz.utc).isoformat() | |
| try: | |
| req = _ur.Request(opensky_url, | |
| headers={"User-Agent": "SZL-killinchu/1.0 (C-UAS demo; contact@szlholdings.ai)"}) | |
| with _ur.urlopen(req, timeout=8) as resp: | |
| raw = _j.loads(resp.read()) | |
| states = raw.get("states", []) or [] | |
| flights = [] | |
| for s in (states or [])[:50]: | |
| if s and len(s) >= 9: | |
| alt = s[7]; vel = s[9] | |
| if alt is None: cls = "NO_ALTITUDE" | |
| elif alt < 150 and (vel is None or vel < 30): cls = "POTENTIAL_UAS" | |
| elif alt < 500: cls = "LOW_ALTITUDE" | |
| elif alt < 3000: cls = "MID_ALTITUDE" | |
| else: cls = "COMMERCIAL_ALTITUDE" | |
| tier = "T1_HIGH" if cls == "POTENTIAL_UAS" else ("T2_MEDIUM" if cls == "LOW_ALTITUDE" else "T3_LOW") | |
| flights.append({"icao24": s[0], "callsign": (s[1] or "").strip() or None, | |
| "origin_country": s[2], "longitude": s[5], "latitude": s[6], | |
| "baro_altitude_m": alt, "on_ground": s[8], "velocity_ms": vel, | |
| "szl_class": cls, "szl_threat_tier": tier}) | |
| return _JR({"flagship": "killinchu", "frontier": "opensky_adsb", | |
| "source": "OpenSky Network (CC-BY-4.0)", "doctrine": "v11", | |
| "kernel_commit": "c7c0ba17", "lambda": "Conjecture 1 (NOT a theorem)", | |
| "total_states": len(states), "flights_returned": len(flights), | |
| "flights": flights, "ts": _now}) | |
| except Exception as _e: | |
| demo_flights = [ | |
| {"icao24": "a00001", "callsign": "DAL123", "origin_country": "United States", | |
| "latitude": 40.7, "longitude": -74.0, "baro_altitude_m": 10000, | |
| "szl_class": "COMMERCIAL_ALTITUDE", "szl_threat_tier": "T3_LOW"}, | |
| {"icao24": "a00002", "callsign": None, "origin_country": "United States", | |
| "latitude": 37.3, "longitude": -122.0, "baro_altitude_m": 120, | |
| "szl_class": "POTENTIAL_UAS", "szl_threat_tier": "T1_HIGH"}, | |
| ] | |
| return _JR({"flagship": "killinchu", "frontier": "opensky_adsb_fallback", | |
| "note": "OpenSky unavailable — synthetic demo data", "error": str(_e)[:80], | |
| "doctrine": "v11", "kernel_commit": "c7c0ba17", | |
| "flights": demo_flights, "ts": _now}) | |
| if __name__ == "__main__": | |
| import uvicorn | |
| port = int(os.environ.get("PORT", "7860")) | |
| print(f"[killinchu] Andean Drone Intelligence on :{port} — Doctrine v11 — SPA at /", file=sys.stderr) | |
| uvicorn.run(app, host="0.0.0.0", port=port, log_level="info") | |
| # ============================================================================ | |
| # ADDITIVE: SZL Agent Pattern v1 ("Ken") — AUTO-REGISTERED | |
| # Date: 2026-06-03 | By: Ecosystem Agentic Uplift Team | |
| # Doctrine v11 LOCKED 749/14/163 UNCHANGED. Kernel commit c7c0ba17. | |
| # P6-verified endpoints PRESERVED. Only NEW /v1/agent/* + /v1/mcp/* routes. | |
| # Sources adapted (Apache-2.0/MIT): LangGraph (Apache-2.0), Letta (Apache-2.0), | |
| # AutoGen (MIT), MCP spec (Apache-2.0), smolagents (Apache-2.0), crewAI (MIT) | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # ============================================================================ | |
| try: | |
| import szl_ken as _ken | |
| import sys as _sys | |
| # Detect flagship from FastAPI app title | |
| _kf = "unknown" | |
| _app_title = getattr(app, "title", "").lower() | |
| for _fn in ["a11oy", "sentra", "amaru", "rosie", "killinchu"]: | |
| if _fn in _app_title or _fn in __file__.lower(): | |
| _kf = _fn | |
| break | |
| _ken_router = _ken.make_ken_router( | |
| flagship=_kf, | |
| tools_manifest=_ken.get_default_tools(_kf), | |
| ) | |
| app.include_router(_ken_router) | |
| print(f"[{_kf}] szl_ken v1: POST /api/{_kf}/v1/agent/loop registered ✓", file=_sys.stderr) | |
| print(f"[{_kf}] szl_ken v1: GET /api/{_kf}/v1/mcp/tools registered ✓", file=_sys.stderr) | |
| print(f"[{_kf}] szl_ken v1: GET /api/{_kf}/v1/khipu/<hash> registered ✓", file=_sys.stderr) | |
| except ImportError as _ke: | |
| print(f"[ken] szl_ken not available: {_ke!r}", file=__import__("sys").stderr) | |
| except Exception as _ke: | |
| print(f"[ken] registration error (non-fatal): {_ke!r}", file=__import__("sys").stderr) | |
| # ============================================================================ | |
| # END: SZL Agent Pattern v1 ("Ken") — ADDITIVE BLOCK | |
| # ============================================================================ | |
| # ============================================================================ | |
| # ADDITIVE: /api/killinchu/v1/adsb — FRONTIER ADS-B (OpenSky Network CC-BY-4.0) | |
| # INLINE (before SPA catch-all) — bypasses frontier patch import issues | |
| # Doctrine v11 LOCKED 749/14/163. c7c0ba17. Λ = Conjecture 1. SLSA L1. | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # ============================================================================ | |
| async def killinchu_doctrine_inline(): | |
| """Doctrine endpoint — inline (before SPA catch-all).""" | |
| return JSONResponse({ | |
| "flagship": "killinchu", "doctrine": "v11", "kernel_commit": "c7c0ba17", | |
| "declarations": 749, "axioms_unique": 14, "sorries_total": 163, | |
| "lambda_status": "Conjecture 1 (NOT a theorem)", "slsa": "L1 (honest)", | |
| "role": "C-UAS / Andean drone classification", | |
| "section_889_vendors": ["Huawei", "ZTE", "Hytera", "Hikvision", "Dahua"], | |
| }) | |
| async def killinchu_adsb_inline( | |
| lat_min: float = 24.0, lat_max: float = 50.0, | |
| lon_min: float = -125.0, lon_max: float = -60.0 | |
| ): | |
| """FRONTIER: Live ADS-B via OpenSky Network (CC-BY-4.0, anonymous).""" | |
| import urllib.request as _ur, urllib.error as _ue, json as _j | |
| from datetime import datetime, timezone as _tz | |
| opensky_url = ( | |
| f"https://opensky-network.org/api/states/all?" | |
| f"lamin={lat_min}&lamax={lat_max}&lomin={lon_min}&lomax={lon_max}" | |
| ) | |
| _now = datetime.now(_tz.utc).isoformat() | |
| try: | |
| req = _ur.Request(opensky_url, | |
| headers={"User-Agent": "SZL-killinchu/1.0 (C-UAS demo; contact@szlholdings.ai)"}) | |
| with _ur.urlopen(req, timeout=8) as resp: | |
| raw = _j.loads(resp.read()) | |
| states = raw.get("states", []) or [] | |
| flights = [] | |
| for s in (states or [])[:50]: | |
| if s and len(s) >= 9: | |
| alt = s[7]; vel = s[9] | |
| if alt is None: cls = "NO_ALTITUDE" | |
| elif alt < 150 and (vel is None or vel < 30): cls = "POTENTIAL_UAS" | |
| elif alt < 500: cls = "LOW_ALTITUDE" | |
| elif alt < 3000: cls = "MID_ALTITUDE" | |
| else: cls = "COMMERCIAL_ALTITUDE" | |
| tier = "T1_HIGH" if cls == "POTENTIAL_UAS" else ("T2_MEDIUM" if cls == "LOW_ALTITUDE" else "T3_LOW") | |
| flights.append({"icao24": s[0], "callsign": (s[1] or "").strip() or None, | |
| "origin_country": s[2], "longitude": s[5], "latitude": s[6], | |
| "baro_altitude_m": alt, "on_ground": s[8], "velocity_ms": vel, | |
| "szl_class": cls, "szl_threat_tier": tier}) | |
| return JSONResponse({"flagship": "killinchu", "frontier": "opensky_adsb", | |
| "source": "OpenSky Network (CC-BY-4.0)", "doctrine": "v11", | |
| "kernel_commit": "c7c0ba17", "lambda": "Conjecture 1 (NOT a theorem)", | |
| "total_states": len(states), "flights_returned": len(flights), | |
| "flights": flights, "ts": _now}) | |
| except Exception as _e: | |
| demo_flights = [ | |
| {"icao24": "a00001", "callsign": "DAL123", "origin_country": "United States", | |
| "latitude": 40.7, "longitude": -74.0, "baro_altitude_m": 10000, | |
| "szl_class": "COMMERCIAL_ALTITUDE", "szl_threat_tier": "T3_LOW"}, | |
| {"icao24": "a00002", "callsign": None, "origin_country": "United States", | |
| "latitude": 37.3, "longitude": -122.0, "baro_altitude_m": 120, | |
| "szl_class": "POTENTIAL_UAS", "szl_threat_tier": "T1_HIGH"}, | |
| ] | |
| return JSONResponse({"flagship": "killinchu", "frontier": "opensky_adsb_fallback", | |
| "note": "OpenSky unavailable — synthetic demo data", "error": str(_e)[:80], | |
| "doctrine": "v11", "kernel_commit": "c7c0ba17", | |
| "flights": demo_flights, "ts": _now}) | |
| async def spa_fallback(full_path: str) -> Response: | |
| if full_path.startswith("api/"): | |
| return JSONResponse({"error": "not found"}, status_code=404) | |
| candidate = (STATIC_DIR / full_path).resolve() | |
| try: | |
| candidate.relative_to(STATIC_DIR.resolve()) | |
| except ValueError: | |
| return FileResponse(INDEX_HTML, media_type="text/html") | |
| if candidate.is_file(): | |
| return FileResponse(candidate) | |
| return FileResponse(INDEX_HTML, media_type="text/html") | |
| # ============================================================================ | |
| # FRONTIER REGISTRATION — killinchu (2026-06-03T05:00Z) | |
| # Loads killinchu_frontier_patch.py and inserts routes at position 0. | |
| # ADDITIVE ONLY. Doctrine v11 LOCKED 749/14/163. Kernel c7c0ba17. SLSA L1. | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # ============================================================================ | |
| try: | |
| import killinchu_frontier_patch as _kc_ftr | |
| _kc_ftr_status = _kc_ftr.register(app) | |
| import sys as _kc_ftr_sys | |
| print(f"[killinchu-frontier] registered: {_kc_ftr_status}", file=_kc_ftr_sys.stderr) | |
| except Exception as _kc_ftr_e: | |
| import sys as _kc_ftr_sys, traceback as _kc_ftr_tb | |
| print(f"[killinchu-frontier] FAILED: {_kc_ftr_e!r}", file=_kc_ftr_sys.stderr) | |
| _kc_ftr_tb.print_exc(file=_kc_ftr_sys.stderr) | |
| # ============================================================================ | |
| # END: FRONTIER REGISTRATION — killinchu | |
| # ============================================================================ | |
| # ============================================================================ | |
| # BEGIN: /khipu/dag ALIAS — killinchu (additive, v11 locked) | |
| # Signed-off-by: Yachay <yachay@szlholdings.ai> | |
| # Co-Authored-By: Perplexity Computer Agent <agent@perplexity.ai> | |
| # ============================================================================ | |
| try: | |
| from fastapi.routing import APIRoute as _DagRoute_killinchu | |
| from fastapi.responses import JSONResponse as _DagJR_killinchu | |
| async def _killinchu_khipu_dag_handler(request): | |
| import httpx as _hx | |
| try: | |
| async with _hx.AsyncClient(timeout=5.0) as _c: | |
| _r = await _c.get("http://127.0.0.1:7860/api/killinchu/khipu/ledger") | |
| _data = _r.json() | |
| except Exception as _ex: | |
| _data = {"error": str(_ex)} | |
| _data["_dag_alias"] = True | |
| return _DagJR_killinchu(_data) | |
| _dag_r_killinchu = _DagRoute_killinchu( | |
| "/api/killinchu/khipu/dag", | |
| _killinchu_khipu_dag_handler, | |
| methods=["GET"], | |
| name="killinchu_khipu_dag_alias" | |
| ) | |
| app.router.routes.insert(0, _dag_r_killinchu) | |
| import sys as _killinchu_dag_sys | |
| print("[killinchu] /khipu/dag alias registered at /api/killinchu/khipu/dag", file=_killinchu_dag_sys.stderr) | |
| except Exception as _killinchu_dag_e: | |
| import sys as _killinchu_dag_sys | |
| print(f"[killinchu] /khipu/dag alias FAILED: {_killinchu_dag_e!r}", file=_killinchu_dag_sys.stderr) | |
| # ============================================================================ | |
| # END: /khipu/dag ALIAS — killinchu | |
| # ============================================================================ | |