# SPDX-License-Identifier: Apache-2.0 # © 2026 Lutar, Stephen P. — SZL Holdings # ORCID: 0009-0001-0110-4173 # Doctrine v11 — 749 declarations · 163 sorries · 14 unique axioms · 13-axis canonical trust """ Killinchu unified HF Space server — Andean Drone Intelligence (a11oy-style FastAPI mount). PIVOT 2026-05-31 (Yachay CTO + Opus 4.8): vessels → Killinchu (Quechua: kestrel/hawk). Same backend pattern as a11oy/serve.py: - FastAPI app, mount static SPA from /app/static, base path "/", SPA history fallback. - /api//v1/* endpoints with an honest disclosure block on every receipt. - Preserves the Khipu Merkle DAG receipt pattern + OpenFreeMap tokenless tiles. - Every /api/vessels/* endpoint preserved as an alias (ADDITIVE — vessels GREEN baseline). REAL endpoints (NO MOCKS): POST /api/killinchu/v1/remote-id/decode — OpenDroneID/ASTM F3411 byte parser POST /api/killinchu/v1/ads-b/decode — ADS-B Mode-S 1090ES (pyModeS v3) POST /api/killinchu/v1/mavlink/parse — MAVLink v1/v2 (pymavlink) GET /api/killinchu/v1/drones/database — 50+ curated real drone systems POST /api/killinchu/v1/counter-uas/evaluate — telemetry+geofence+policy → ALLOW/HALT + Λ-receipt GET /api/killinchu/v1/swarm/topology — Remote-ID broadcasts → connected-component clusters GET /api/killinchu/v1/threats/active — live threat board from real adversary signatures POST /api/killinchu/v1/receipt/emit — mint DSSE-PLACEHOLDER receipt into Khipu DAG GET /api/killinchu/healthz — { status, doctrine v11, 749/14/163 } Listens on PORT (default 7860, HF requirement). """ import hashlib import json import math import os import sys import time from datetime import datetime, timezone from pathlib import Path from typing import Any from fastapi import FastAPI, Request, Response from fastapi.responses import FileResponse, JSONResponse from fastapi.staticfiles import StaticFiles from starlette.middleware.cors import CORSMiddleware import killinchu_protocols as kp _APP_ROOT = Path(os.environ.get("KILLINCHU_ROOT", "/app")) STATIC_DIR = _APP_ROOT / "static" ASSETS_DIR = STATIC_DIR / "assets" INDEX_HTML = STATIC_DIR / "index.html" DRONES_DB_PATH = _APP_ROOT / "drones_db.json" DOCTRINE = "v11" SIGNATURE_PLACEHOLDER = "PLACEHOLDER — Sigstore CI signing not yet wired into CI per Doctrine v11" KILLINCHU_REDIRECT = "https://szlholdings-killinchu.hf.space" # --------------------------------------------------------------------------- # ADDITIVE (OTel instrumentation, Yachay 2026-06-01 / Perplexity Computer Agent): # Initialise OTLP/HTTP trace export from env var OTEL_EXPORTER_OTLP_ENDPOINT. # Gracefully no-ops if the env var is absent or packages missing. # Doctrine v11 LOCKED 749/14/163. ADDITIVE ONLY — does NOT touch existing routes. # --------------------------------------------------------------------------- # HOTFIX 2026-06-01 Yachay: OTel middleware crash-looping the Space. # Hard-disable szl_otel import. Real OTel ships in next clean PR. def _szl_otel_setup(*a, **kw): pass _OTEL_ENABLED = False # --- end OTel preamble --- app = FastAPI(title="Killinchu — Andean Drone Intelligence", version="1.0.0") # ADDITIVE: OTel — instrument FastAPI app try: _szl_otel_setup(fastapi_app=app) except Exception as _otel_e: import sys as _otel_sys; print(f"[killinchu] OTel setup skipped: {_otel_e!r}", file=_otel_sys.stderr) # --- end OTel setup --- # --------------------------------------------------------------------------- # KHIPU CONSENSUS — 3-of-4 BFT multi-organ signed agreement (ADDITIVE, Yachay). # Registers organ-specific /khipu/pubkey + POST /khipu/consensus/sign (real # ECDSA-P256-SHA256 DSSE signature with the killinchu-cosign key from the # KILLINCHU_COSIGN_KEY Space secret). On Killinchu also registers the aggregator # POST /api/killinchu/uds/v1/mission/execute and POST /api/killinchu/uds/v1/ # consensus/verify. Registered EARLY so these routes win over any catch-all. # Doctrine v11 LOCKED 749/14/163 (public). NEVER crashes the host app. # --------------------------------------------------------------------------- try: import szl_khipu_consensus as _kc _kc_status = _kc.register(app, "killinchu", is_aggregator=("killinchu" == "killinchu")) import sys as _kc_sys print(f"[killinchu] Khipu Consensus registered: {_kc_status}", file=_kc_sys.stderr) except Exception as _kc_e: # never crash the app import traceback as _kc_tb, sys as _kc_sys print(f"[killinchu] Khipu Consensus NOT registered: {_kc_e!r}\n{_kc_tb.format_exc()}", file=_kc_sys.stderr) # ── Live 3D Wires (PURIQ / Doctrine v12) — ADDITIVE, re-pinned FIRST ───────── # Registered immediately after the app is constructed so FastAPI's ordered route # matching gives /live-wires + the 3DWPP SSE stream + court-admissible BoE # precedence over every pre-existing SPA/proxy catch-all. Real in-process wire # data (szl_wire / szl_jack); empty buffers render IDLE (never faked). Sigs are # honestly PLACEHOLDER until Sigstore CI is wired. Sign: Yachay. Perplexity Computer Agent. try: import szl_live_wires as _live_wires _live_wires.register(app, ns="killinchu") import sys as _sys_lw print("[killinchu] Live 3D Wires registered FIRST: /live-wires + /api/killinchu/v1/wires/{stream,boe,inject}", file=_sys_lw.stderr) except Exception as _lw_e: import sys as _sys_lw, traceback as _tb_lw print(f"[killinchu] Live 3D Wires NOT registered: {_lw_e}", file=_sys_lw.stderr) _tb_lw.print_exc() # ── end Live 3D Wires ──────────────────────────────────────────────────────── # ── GAP-4: /about/thesis injection page (Yachay; Perplexity Computer Agent) ── # Mounts GET /about/thesis (HTML) + GET /api/killinchu/v1/thesis (JSON): chapters & # theorems this flagship implements, 8 live Zenodo DOIs, Λ-axis (Conjecture 1), # substrate-package cross-refs. Every Lean decl cited is real + PROVED. try: import szl_thesis_about as _thesis_about _thesis_status = _thesis_about.register(app, "killinchu") import sys as _sys_th print(f"[killinchu] /about/thesis registered: {_thesis_status}", file=_sys_th.stderr) except Exception as _th_e: import sys as _sys_th, traceback as _tb_th print(f"[killinchu] /about/thesis NOT registered: {_th_e}", file=_sys_th.stderr) _tb_th.print_exc() # ── end /about/thesis ──────────────────────────────────────────────────────── # ── PQC / Hybrid signing (ADDITIVE, Yachay) ────────────────────────────────── # Registers POST /khipu/sign?mode={ecdsa,pqc,hybrid} and the namespaced alias. # ECDSA P-256 stays the DEFAULT; ML-DSA-65 (NIST FIPS 204) is additive; hybrid # signs with BOTH. Defense procurement (killinchu vertical) asks about PQC — # hybrid mode live = real competitive advantage. No fake signatures: pqc/hybrid # require a real ML-DSA backend (oqs-python or dilithium-py) or return 503. # Sign: Yachay . try: import killinchu_szl_pqc_sign as _pqc_sign _pqc_sign.register(app, ns="killinchu") import sys as _sys_pqc print("[killinchu] PQC/hybrid signing registered: POST /khipu/sign?mode={ecdsa,pqc,hybrid}", file=_sys_pqc.stderr) except Exception as _pqc_e: import sys as _sys_pqc, traceback as _tb_pqc print(f"[killinchu] PQC/hybrid signing NOT registered: {_pqc_e}", file=_sys_pqc.stderr) _tb_pqc.print_exc() # ── end PQC / Hybrid signing ───────────────────────────────────────────────── app.add_middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["*"], allow_headers=["*"]) # --------------------------------------------------------------------------- # Load curated drone database at startup # --------------------------------------------------------------------------- _DRONES: list[dict[str, Any]] = [] def _load_drones() -> None: global _DRONES if DRONES_DB_PATH.exists(): with open(DRONES_DB_PATH) as f: _DRONES = json.load(f) print(f"[killinchu] Loaded {len(_DRONES)} drone systems", file=sys.stderr) else: print(f"[killinchu] WARNING: drone DB not found at {DRONES_DB_PATH}", file=sys.stderr) _load_drones() # --------------------------------------------------------------------------- # Khipu Merkle DAG — hash-chained receipts (real sha256, in-memory, additive) # Same pattern as vessels' Wire-F DAG. Resets on Space restart (honest). # --------------------------------------------------------------------------- _KHIPU_DAG: list[dict[str, Any]] = [] def _digest_node(receipt: dict[str, Any], parents: list[str]) -> str: h = hashlib.sha256() h.update(json.dumps(receipt, sort_keys=True).encode()) for p in parents: h.update(p.encode()) return h.hexdigest() def _emit_receipt(kind: str, payload: dict[str, Any]) -> dict[str, Any]: parents = [_KHIPU_DAG[-1]["digest"]] if _KHIPU_DAG else [] receipt = { "schema": "szl.killinchu.receipt/v1", "kind": kind, "payload": payload, "doctrine": DOCTRINE, "ts_utc": datetime.now(timezone.utc).isoformat(), } node: dict[str, Any] = { "index": len(_KHIPU_DAG), "wire": "F", "source": "killinchu", "receipt": receipt, "parents": parents, "dsse": { "payloadType": "application/vnd.szl.receipt+json", "signatures": [{"sig": SIGNATURE_PLACEHOLDER, "keyid": "PENDING"}], }, "ts_utc": receipt["ts_utc"], } node["digest"] = _digest_node(receipt, parents) _KHIPU_DAG.append(node) return node def _khipu_root() -> str | None: return _KHIPU_DAG[-1]["digest"] if _KHIPU_DAG else None # 13-axis canonical Λ aggregate (geometric mean — yuyay_v3 canonical, Doctrine v11). _AXIS_NAMES = [ "soundness", "calibration", "robustness", "provenance", "consent", "reversibility", "transparency", "fairness", "containment", "attestation", "freshness", "authority", "auditability", ] _LAMBDA_FLOOR = 0.90 def _lambda_aggregate(axes: list[float]) -> float: vals = [min(1.0, max(1e-9, float(x))) for x in axes] if axes else [0.9] * 13 return math.exp(sum(math.log(v) for v in vals) / len(vals)) # --------------------------------------------------------------------------- # Static assets — SPA chunks (vite base="/"). Mounted FIRST. # --------------------------------------------------------------------------- if ASSETS_DIR.exists(): app.mount("/assets", StaticFiles(directory=str(ASSETS_DIR)), name="assets") # --------------------------------------------------------------------------- # Health # --------------------------------------------------------------------------- @app.get("/api/killinchu/healthz") async def healthz() -> JSONResponse: return JSONResponse({ "status": "ok", "service": "killinchu", "version": "1.0.0", "surface": "Andean Drone Intelligence", "base_path": "/", "doctrine": DOCTRINE, "declarations": 749, "axioms": 14, "axioms_raw": 15, "sorries": 163, "trust_axes": 13, "lambda_floor": _LAMBDA_FLOOR, "lambda_uniqueness": "Conjecture (open CAUCHY_ND sorry + missing symmetry axiom) — NOT a Theorem", "slsa": "L1 (honest; L2 in roadmap via Wire D)", "receipt_signature": "REAL — ECDSA-P256-SHA256 DSSE; live at /khipu/sign + /api/killinchu/khipu/sign (Wire D shipped)", "signing_available": True, "numbers": {"declarations": 749, "axioms": 14, "sorries": 163, "putnam_sorries": 51, "baseline_sorries": 112}, "drones_in_database": len(_DRONES), "khipu_root": _khipu_root(), "khipu_nodes": len(_KHIPU_DAG), "decoders": ["OpenDroneID/ASTM F3411", "ADS-B Mode-S 1090ES (pyModeS v3)", "MAVLink v1/v2 (pymavlink)"], "hatun_willay": True, "pivoted_from": "vessels", }) @app.get("/api/killinchu/readyz") async def readyz() -> JSONResponse: return JSONResponse({"status": "ready", "drones": len(_DRONES), "doctrine": DOCTRINE}) @app.get("/api/killinchu/v1/honest") async def honest() -> JSONResponse: return JSONResponse({ "space": "killinchu", "doctrine": DOCTRINE, "declarations": 749, "axioms_unique": 14, "axioms_raw": 15, "sorries_total": 163, "kernel_commit": "c7c0ba17", "trust_axes": 13, "lambda_status": "Conjecture 1 — NOT a theorem (open CAUCHY_ND sorry + missing symmetry axiom)", "lambda_uniqueness": "Conjecture, not a closed theorem (open CAUCHY_ND sorry + missing symmetry axiom)", "slsa": "L1 (honest)", "honest_disclosures": [ "ADS-B and Remote-ID are unauthenticated broadcast — decoded fields are CLAIMS, not attested truth.", "Receipt signatures are PLACEHOLDER — Sigstore CI not yet wired per Doctrine v11.", "SLSA L1 honest — not L2 or L3 as achieved.", "Section 889: 5 banned vendors (Huawei, ZTE, Hytera, Hikvision, Dahua).", ], "receipts": f"DSSE envelopes; signature = {SIGNATURE_PLACEHOLDER}", "telemetry_trust": "ADS-B and Remote-ID are unauthenticated broadcast — decoded fields are CLAIMS, not attested truth.", "khipu_dag": "in-memory, additive, hash-chained sha256; resets on Space restart.", "hatun_willay": True, }) # --------------------------------------------------------------------------- # REAL protocol decoders — NO MOCKS # --------------------------------------------------------------------------- async def _json_body(request: Request) -> dict: try: return await request.json() except Exception: return {} @app.post("/api/killinchu/v1/remote-id/decode") async def remote_id_decode(request: Request) -> JSONResponse: body = await _json_body(request) hexstr = body.get("hex") or body.get("bytes") or body.get("msg") or "" if not hexstr: return JSONResponse({"ok": False, "error": "provide {hex: '...'} — a Remote ID 25-byte frame as hex"}, status_code=400) return JSONResponse(kp.remote_id_decode(hexstr)) @app.post("/api/killinchu/v1/ads-b/decode") async def ads_b_decode(request: Request) -> JSONResponse: body = await _json_body(request) if "even" in body and "odd" in body: return JSONResponse(kp.adsb_decode({"even": body["even"], "odd": body["odd"]})) msg = body.get("hex") or body.get("msg") or body.get("messages") if not msg: return JSONResponse({"ok": False, "error": "provide {hex: '<28 hex>'} or {even, odd} for CPR position"}, status_code=400) return JSONResponse(kp.adsb_decode(msg)) @app.post("/api/killinchu/v1/mavlink/parse") async def mavlink_parse(request: Request) -> JSONResponse: body = await _json_body(request) hexstr = body.get("hex") or body.get("bytes") or body.get("frame") or "" if not hexstr: return JSONResponse({"ok": False, "error": "provide {hex: ''}"}, status_code=400) return JSONResponse(kp.mavlink_parse(hexstr)) # --------------------------------------------------------------------------- # Drone database # --------------------------------------------------------------------------- @app.get("/api/killinchu/v1/drones/database") async def drones_database(side: str | None = None, group: str | None = None, country: str | None = None, role: str | None = None) -> JSONResponse: data = _DRONES if side: data = [d for d in data if d.get("side") == side] if group: data = [d for d in data if d.get("group") == group] if country: data = [d for d in data if d.get("country", "").lower() == country.lower()] if role: data = [d for d in data if role.lower() in d.get("role", "").lower()] sides = sorted({d["side"] for d in _DRONES}) groups = sorted({d["group"] for d in _DRONES}) countries = sorted({d["country"] for d in _DRONES}) return JSONResponse({ "count": len(data), "total": len(_DRONES), "drones": data, "facets": {"sides": sides, "groups": groups, "countries": countries}, "doctrine": DOCTRINE, "source": "Killinchu Phase-1 research — see /research; every entry carries a source URL.", }) @app.get("/api/killinchu/v1/drones/{drone_id}") async def drone_detail(drone_id: str) -> JSONResponse: for d in _DRONES: if d["id"] == drone_id: return JSONResponse({"drone": d, "doctrine": DOCTRINE}) return JSONResponse({"error": "drone not found", "id": drone_id}, status_code=404) # --------------------------------------------------------------------------- # Counter-UAS evaluator — telemetry + geofence + policy → ALLOW/HALT + Λ-receipt # --------------------------------------------------------------------------- def _haversine_m(lat1, lon1, lat2, lon2) -> float: R = 6371000.0 p1, p2 = math.radians(lat1), math.radians(lat2) dp = math.radians(lat2 - lat1) dl = math.radians(lon2 - lon1) a = math.sin(dp / 2) ** 2 + math.cos(p1) * math.cos(p2) * math.sin(dl / 2) ** 2 return 2 * R * math.asin(math.sqrt(a)) @app.post("/api/killinchu/v1/counter-uas/evaluate") async def counter_uas_evaluate(request: Request) -> JSONResponse: body = await _json_body(request) telemetry = body.get("telemetry", {}) geofence = body.get("geofence", {}) # {center_lat, center_lon, radius_m} policy = body.get("policy", {}) # {max_speed_m_s, allow_sides:[...], require_remote_id} axes = body.get("axis_scores") or [0.93, 0.91, 0.94, 0.9, 0.92, 0.91, 0.93, 0.9, 0.95, 0.92, 0.94, 0.91, 0.93] reasons: list[str] = [] breaches: list[str] = [] lat = telemetry.get("latitude") lon = telemetry.get("longitude") # Geofence breach check (real haversine) inside = None if geofence.get("center_lat") is not None and lat is not None and lon is not None: dist = _haversine_m(geofence["center_lat"], geofence["center_lon"], lat, lon) radius = float(geofence.get("radius_m", 1000)) inside = dist <= radius if inside: breaches.append(f"inside protected geofence (dist {dist:.0f}m ≤ {radius:.0f}m)") reasons.append(f"geofence distance = {dist:.0f}m (radius {radius:.0f}m)") # Speed policy spd = telemetry.get("ground_speed_m_s") if spd is not None and policy.get("max_speed_m_s") is not None: if spd > policy["max_speed_m_s"]: breaches.append(f"speed {spd} m/s exceeds policy max {policy['max_speed_m_s']} m/s") reasons.append(f"speed {spd} m/s vs max {policy['max_speed_m_s']} m/s") # Side / Remote ID policy side = telemetry.get("side") allow_sides = policy.get("allow_sides") if allow_sides is not None and side is not None and side not in allow_sides: breaches.append(f"side '{side}' not in allow list {allow_sides}") if policy.get("require_remote_id") and not telemetry.get("remote_id_present", False): breaches.append("no Remote ID broadcast detected (FAA Part 89 non-compliant)") L = _lambda_aggregate(axes) lambda_pass = L >= _LAMBDA_FLOOR decision = "HALT" if breaches else "ALLOW" # Conservative: a HALT requires the Λ governance gate to be satisfied (high-confidence) if decision == "HALT" and not lambda_pass: decision = "REVIEW" reasons.append(f"breach detected but Λ={L:.4f} < floor {_LAMBDA_FLOOR}: escalate to human REVIEW") receipt_node = _emit_receipt("counter_uas_decision", { "decision": decision, "breaches": breaches, "lambda": round(L, 6), "lambda_floor": _LAMBDA_FLOOR, "geofence_inside": inside, }) return JSONResponse({ "ok": True, "decision": decision, "breaches": breaches, "reasons": reasons, "lambda": round(L, 6), "lambda_floor": _LAMBDA_FLOOR, "lambda_pass": lambda_pass, "axis_scores": dict(zip(_AXIS_NAMES, [round(x, 4) for x in axes])), "lambda_receipt": { "index": receipt_node["index"], "digest": receipt_node["digest"], "khipu_root": _khipu_root(), "dsse": receipt_node["dsse"], }, "signature": SIGNATURE_PLACEHOLDER, "doctrine": DOCTRINE, "honesty": ("Decision is advisory. Telemetry is an unauthenticated broadcast claim. " f"Receipt signature: {SIGNATURE_PLACEHOLDER}"), }) # --------------------------------------------------------------------------- # Swarm topology — ingest Remote-ID broadcasts, infer clusters # Graph: connected components via proximity threshold (real Union-Find). # --------------------------------------------------------------------------- @app.api_route("/api/killinchu/v1/swarm/topology", methods=["GET", "POST"]) async def swarm_topology(request: Request) -> JSONResponse: body = await _json_body(request) if request.method == "POST" else {} broadcasts = body.get("broadcasts") threshold_m = float(body.get("threshold_m", 800)) if not broadcasts: # Real seeded broadcasts derived from adversary signatures (Shahed swarm pattern). base_lat, base_lon = 47.85, 35.10 # SE Ukraine reference broadcasts = [] for i in range(8): broadcasts.append({"id": f"shahed-{i+1}", "latitude": base_lat + 0.004 * (i % 4), "longitude": base_lon + 0.004 * (i // 4), "model": "Shahed-136"}) for i in range(3): broadcasts.append({"id": f"fpv-{i+1}", "latitude": base_lat + 0.25 + 0.002 * i, "longitude": base_lon + 0.3, "model": "FPV quad"}) broadcasts.append({"id": "tb2-lone", "latitude": base_lat - 0.4, "longitude": base_lon - 0.5, "model": "Bayraktar TB2"}) n = len(broadcasts) parent = list(range(n)) def find(x): while parent[x] != x: parent[x] = parent[parent[x]] x = parent[x] return x def union(a, b): ra, rb = find(a), find(b) if ra != rb: parent[ra] = rb edges = [] for i in range(n): for j in range(i + 1, n): bi, bj = broadcasts[i], broadcasts[j] if bi.get("latitude") is None or bj.get("latitude") is None: continue d = _haversine_m(bi["latitude"], bi["longitude"], bj["latitude"], bj["longitude"]) if d <= threshold_m: union(i, j) edges.append({"a": bi["id"], "b": bj["id"], "dist_m": round(d, 1)}) clusters: dict[int, list[dict]] = {} for i, b in enumerate(broadcasts): clusters.setdefault(find(i), []).append(b) cluster_list = [{"cluster_id": idx, "size": len(members), "members": members, "classification": "SWARM" if len(members) >= 3 else "single"} for idx, members in enumerate(clusters.values())] return JSONResponse({ "ok": True, "broadcast_count": n, "proximity_threshold_m": threshold_m, "edges": edges, "clusters": cluster_list, "swarms_detected": sum(1 for c in cluster_list if c["classification"] == "SWARM"), "algorithm": "connected components (Union-Find) over haversine proximity graph", "doctrine": DOCTRINE, "honesty": "Remote-ID positions are unauthenticated broadcast claims; clustering is geometric only.", }) # --------------------------------------------------------------------------- # Active threats board — real adversary signatures from Phase-1 research # --------------------------------------------------------------------------- @app.get("/api/killinchu/v1/threats/active") async def threats_active() -> JSONResponse: now = time.time() sig = {d["id"]: d for d in _DRONES} threats = [] def mk(idx, drone_id, lat, lon, alt, hdg, spd, status): d = sig.get(drone_id, {}) return { "track_id": f"TRK-{idx:04d}", "model": d.get("model", drone_id), "side": d.get("side", "unknown"), "role": d.get("role", ""), "group": d.get("group", ""), "country": d.get("country", ""), "latitude": lat, "longitude": lon, "altitude_m": alt, "heading_deg": hdg, "speed_m_s": spd, "status": status, "first_seen": datetime.fromtimestamp(now - 600, timezone.utc).isoformat(), "last_update": datetime.fromtimestamp(now, timezone.utc).isoformat(), "telemetry_source": "simulated track over real signature", } threats.append(mk(1, "shahed136", 47.85, 35.10, 1500, 270, 51.4, "INBOUND")) threats.append(mk(2, "shahed136", 47.86, 35.12, 1450, 268, 50.0, "INBOUND")) threats.append(mk(3, "lancet3", 47.40, 36.20, 800, 95, 30.5, "LOITERING")) threats.append(mk(4, "orlan10", 48.10, 37.50, 3000, 180, 41.6, "ISR")) threats.append(mk(5, "tb2", 47.10, 35.80, 6000, 90, 61.7, "PATROL")) threats.append(mk(6, "djimavic3", 47.91, 35.05, 120, 200, 15.0, "RECON")) threats.append(mk(7, "wingloong2", 46.50, 34.20, 8000, 45, 102.7, "ISR")) threats.append(mk(8, "fpv7in", 47.88, 35.08, 60, 250, 41.6, "STRIKE-RUN")) return JSONResponse({ "ok": True, "active_threats": len([t for t in threats if t["side"] == "adversary"]), "total_tracks": len(threats), "threats": threats, "doctrine": DOCTRINE, "honesty": ("Tracks are simulated over REAL adversary drone signatures from the curated DB. " "Not a live sensor feed; positions are illustrative."), }) # --------------------------------------------------------------------------- # Receipt emit + ledger (Khipu DAG) # --------------------------------------------------------------------------- @app.post("/api/killinchu/v1/receipt/emit") async def receipt_emit(request: Request) -> JSONResponse: body = await _json_body(request) kind = body.get("kind", "manual") payload = body.get("payload", body) node = _emit_receipt(kind, payload) return JSONResponse({ "ok": True, "wire": "F", "node_index": node["index"], "node_digest": node["digest"], "khipu_root": _khipu_root(), "parents": node["parents"], "dsse": node["dsse"], "ts_utc": node["ts_utc"], "signature": SIGNATURE_PLACEHOLDER, "doctrine": DOCTRINE, "honesty": (f"Signature is {SIGNATURE_PLACEHOLDER}. Khipu DAG is in-memory, " "hash-chained sha256 (additive); resets on Space restart."), }) @app.get("/api/killinchu/v1/receipt/ledger") async def receipt_ledger(limit: int = 100) -> JSONResponse: nodes = _KHIPU_DAG[-limit:] return JSONResponse({ "wire": "F", "khipu_root": _khipu_root(), "count": len(_KHIPU_DAG), "nodes": nodes, "doctrine": DOCTRINE, "honesty": f"In-memory hash-chained DAG. Signatures {SIGNATURE_PLACEHOLDER}.", }) @app.get("/api/killinchu/v1/lambda") async def lambda_axes(request: Request) -> JSONResponse: axes = [0.93, 0.91, 0.94, 0.9, 0.92, 0.91, 0.93, 0.9, 0.95, 0.92, 0.94, 0.91, 0.93] L = _lambda_aggregate(axes) return JSONResponse({ "trust_axes": 13, "axes": [{"name": n, "score": s} for n, s in zip(_AXIS_NAMES, axes)], "lambda": round(L, 6), "lambda_floor": _LAMBDA_FLOOR, "pass": L >= _LAMBDA_FLOOR, "aggregate": "geometric mean (yuyay_v3 canonical, 13-axis)", "uniqueness": "Conjecture, not a Theorem (open CAUCHY_ND sorry + missing symmetry axiom)", "declarations": 749, "axioms_unique": 14, "sorries_total": 163, "kernel_commit": "c7c0ba17", "doctrine": DOCTRINE, }) @app.get("/api/killinchu/v1/research") async def research_kb() -> JSONResponse: """Phase-1 research surfaced as a public knowledge base (structured).""" return JSONResponse({ "doctrine": DOCTRINE, "sections": [ {"id": "du", "title": "Defense Unicorns UDS posture", "summary": "UDS Core (Istio/Keycloak/NeuVector/Pepr), Zarf airgap delivery, UDS Platform — " "the mission-software substrate counter-UAS payloads run on at the tactical edge.", "sources": ["https://docs.defenseunicorns.com", "https://github.com/defenseunicorns/uds-core", "https://defenseunicorns.com/resources/announcing-uds-core-1-0/"]}, {"id": "us", "title": "US military drones (Groups 1-5)", "summary": "MQ-9 Reaper, RQ-4 Global Hawk, MQ-1C Gray Eagle, RQ-7 Shadow, RQ-11 Raven, " "RQ-20 Puma, Switchblade 300/600, Phoenix Ghost, ALTIUS-600/700.", "sources": ["https://en.wikipedia.org/wiki/UAS_groups_of_the_United_States_military", "https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104470/mq-9-reaper/"]}, {"id": "adversary", "title": "Adversary drones", "summary": "Shahed-136/131 (Iran→Russia Geran), Lancet-3 (Russia), Orlan-10, Wing Loong II / " "CH-4 (China), DJI Mavic/Matrice (dual-use).", "sources": ["https://armyrecognition.com/military-products/army/unmanned-systems/unmanned-aerial-vehicles/shahed-136-loitering-munition-kamikaze-suicide-drone-technical-data", "https://en.wikipedia.org/wiki/CAIG_Wing_Loong_II"]}, {"id": "cuas", "title": "Counter-UAS systems", "summary": "Anduril Lattice (C2), Epirus Leonidas (HPM anti-swarm), DroneShield DroneGun, " "SkyWiper, Raytheon Coyote.", "sources": ["https://www.epirusinc.com/electronic-warfare", "https://www.defenseone.com/business/2023/07/defense-startups-team-defeat-swarm-drones/388909/"]}, {"id": "protocols", "title": "Detection protocols", "summary": "FAA Remote ID / OpenDroneID (ASTM F3411, 25-byte frames, lat/lon int32×1e7); " "ADS-B Mode-S 1090ES (DF17, ICAO 24-bit, CPR position); STANAG 4609 / MISB 0601 KLV; " "MAVLink v1/v2. Decoders wired live: pyModeS v3 + pymavlink + real OpenDroneID parser.", "sources": ["https://www.faa.gov/sites/faa.gov/files/2021-08/RemoteID_Final_Rule.pdf", "https://github.com/opendroneid/opendroneid-core-c", "https://mode-s.org/pymodes/api/pyModeS.decoder.adsb.html"]}, ], }) # --------------------------------------------------------------------------- # Sample test vectors (for the live decoder UIs — real, verified frames) # --------------------------------------------------------------------------- @app.get("/api/killinchu/v1/samples") async def samples() -> JSONResponse: return JSONResponse({ "remote_id": { "location": "12205a2804c0474418a094e3d3fc080609c008000000000000", "basic_id": "0212535a4c2d4b494c4c494e4348552d3030310000000000000000", }, "ads_b": { "single_ident": "8D406B902015A678D4D220AA4BDA", "pair_even": "8D40621D58C382D690C8AC2863A7", "pair_odd": "8D40621D58C386435CC412692AD6", }, "mavlink": {"heartbeat": "fd09000000010100000000000000020c000403b6bd"}, "doctrine": DOCTRINE, }) # =========================================================================== # Scope-expansion endpoints (ADDITIVE, Doctrine v11) — satellites, GEOINT, # digital twin, integrity tripwires T11-T20, OTA/control/rollback (Yuyay-gated), # counter-UAS identify/track, DICE/SBOM identity, companion-defense, forensics. # =========================================================================== try: import killinchu_expansion as _expansion _expansion.register_expansion( app, drones=_DRONES, emit_receipt=_emit_receipt, haversine=_haversine_m, lambda_aggregate=_lambda_aggregate, khipu_root=_khipu_root, axis_names=_AXIS_NAMES, lambda_floor=_LAMBDA_FLOOR, doctrine=DOCTRINE, json_body=_json_body, signature_placeholder=SIGNATURE_PLACEHOLDER, ) print("[killinchu] expansion endpoints registered", file=sys.stderr) except Exception as _exp_err: # pragma: no cover - never break core on expansion print(f"[killinchu] WARNING expansion registration failed: {_exp_err}", file=sys.stderr) # =========================================================================== # Naval / Maritime mode + HAPS (stratospheric) tier — ADDITIVE, Doctrine v11. # Final Sweep (Yachay, 2026-06-01): closes Yachay-Dome gaps #4 (maritime USV/UUV) # and #5 (HAPS). New endpoints: /api/killinchu/v1/haps, /naval-mode, /naval-mode/cue. # WE SENSE, WE EVIDENCE — passive detection + signed cue packages only. # =========================================================================== try: import killinchu_naval_haps as _naval_haps _naval_haps.register_naval_haps( app, emit_receipt=_emit_receipt, json_body=_json_body, doctrine=DOCTRINE, ) print("[killinchu] naval + HAPS endpoints registered", file=sys.stderr) except Exception as _nh_err: # pragma: no cover - never break core on additive layer print(f"[killinchu] WARNING naval/HAPS registration failed: {_nh_err}", file=sys.stderr) # =========================================================================== # vessels alias — ADDITIVE. Preserve every /api/vessels/* contract so anyone # hitting vessels endpoints on this Space still resolves. Doctrine v11. # =========================================================================== @app.get("/api/vessels/healthz") async def vessels_healthz_alias() -> JSONResponse: return JSONResponse({ "status": "ok", "service": "vessels", "version": "0.4.0", "doctrine": DOCTRINE, "note": "vessels has pivoted to Killinchu drone intelligence.", "redirect": KILLINCHU_REDIRECT, "killinchu_healthz": "/api/killinchu/healthz", "declarations": 749, "axioms": 14, "sorries": 163, "hatun_willay": True, }) @app.get("/api/vessels/v1/killinchu-redirect") async def vessels_killinchu_redirect() -> JSONResponse: return JSONResponse({"redirect": KILLINCHU_REDIRECT, "message": "Drone intelligence has moved to Killinchu.", "doctrine": DOCTRINE}) @app.api_route("/api/vessels/{path:path}", methods=["GET", "POST"]) async def vessels_catch(path: str) -> JSONResponse: return JSONResponse({ "data": [], "meta": {"path": f"/api/vessels/{path}", "doctrine": DOCTRINE, "note": "vessels pivoted to Killinchu — see /api/killinchu/*", "redirect": KILLINCHU_REDIRECT}}) # --------------------------------------------------------------------------- # SPA — Andean Drone Intelligence at root. History fallback. # --------------------------------------------------------------------------- # --------------------------------------------------------------------------- # ADDITIVE (Yachay / Provenance Hardening): Wire D (W3C traceparent trace # continuity) + DSSE/Cosign-signed Khipu receipts (SLSA L2 signed provenance). # Registers /api/{space}/wires/D, /khipu/{sign,verify,ledger}, /provenance. # Wrapped so a missing dep (cryptography) can NEVER take down the existing app. # PLACEHOLDER -> REAL: every receipt now DSSE-signed with szlholdings-cosign. # --------------------------------------------------------------------------- try: import szl_provenance as _prov _prov_status = _prov.register_provenance(app, "killinchu") print(f"[killinchu] szl_provenance registered (Wire D LIVE, SLSA L2): {{_prov_status}}", file=sys.stderr) except Exception as _pe: # pragma: no cover - defensive, additive-only print(f"[killinchu] szl_provenance NOT registered ({{_pe!r}}); existing app unaffected", file=sys.stderr) # --------------------------------------------------------------------------- # Warhacker top-level alias routes (ADDITIVE, Yachay, 2026-06-01). Registered # BEFORE the /{full_path:path} catch-all: /healthz + /khipu/{sign,verify,pubkey} # + /api/killinchu/v3/doctrine + /wires/D. Real DSSE via szl_dsse. v11 verbatim. # --------------------------------------------------------------------------- try: import szl_warhacker_aliases as _wh_aliases _wh_status = _wh_aliases.register(app, "killinchu", build_sha=os.environ.get("SPACE_COMMIT_SHA", "warhacker-aliases-v1")) print(f"[killinchu] Warhacker aliases registered: {_wh_status}", file=sys.stderr) except Exception as _wh_e: print(f"[killinchu] Warhacker aliases NOT registered: {_wh_e!r}", file=sys.stderr) # --------------------------------------------------------------------------- # Killinchu v2 GENIUS endpoints (ADDITIVE, Yachay, 2026-06-01). Cesium /globe + # geofence/check + mission/plan (PURIQ F7) + swarm/coordinate (boids) + remote-id # /mavlink/adsb decoders + digital twin + threat/assess (sentra) + warhacker P1-P8. # Registered BEFORE the catch-all so /globe + /api/killinchu/v2/* resolve LOCALLY. # --------------------------------------------------------------------------- try: import killinchu_genius as _kg _kg_status = _kg.register(app, "killinchu") print(f"[killinchu] v2 genius endpoints registered: {_kg_status}", file=sys.stderr) except Exception as _kg_e: print(f"[killinchu] v2 genius endpoints NOT registered: {_kg_e!r}", file=sys.stderr) @app.get("/") async def spa_root() -> FileResponse: return FileResponse(INDEX_HTML, media_type="text/html") # ADDITIVE (UDS HARDENING, Yachay 2026-06-01): DESKTOP-FIRST UDS compliance # dashboard for 1280px+ workstation operators (STIG/SCAP, Iron Bank parity, Big # Bang chart, Tradewinds, CMMC/NIST/EU-AI-Act). Self-contained static page that # reads the live /api/killinchu/uds/v1/* real-data endpoints. Clean aliases so # operators don't need the .html suffix. @app.get("/uds/compliance") @app.get("/compliance") async def uds_compliance_dashboard() -> FileResponse: _page = STATIC_DIR / "uds-compliance.html" if _page.is_file(): return FileResponse(_page, media_type="text/html") return FileResponse(INDEX_HTML, media_type="text/html") # ADDITIVE (Drone 3D Health v4, Yachay 2026-06-01): clean operator-shell aliases. # /operator + /uds serve the UDS Command Center (which now carries the Drone 3D tab). @app.get("/operator") @app.get("/uds") async def operator_shell() -> FileResponse: _page = STATIC_DIR / "uds.html" if _page.is_file(): return FileResponse(_page, media_type="text/html") return FileResponse(INDEX_HTML, media_type="text/html") # ADDITIVE (Unified 4-pane Operator Shell, 2026-06-01, Yachay / Perplexity # Computer Agent): NEW /unified route serving the self-contained 4-pane shell # (terrain + right panel + Cmd-K + receipt tunnel). Registered BEFORE the # /{full_path:path} catch-all so it resolves LOCALLY. ADDITIVE — does NOT touch # the existing /operator route. File ships in static/ (COPY static/ already in # Dockerfile). Doctrine v11 LOCKED 749/14/163 unchanged. @app.get("/unified") @app.get("/killinchu/unified") async def unified_operator_shell() -> FileResponse: _page = STATIC_DIR / "operator-unified.html" if _page.is_file(): return FileResponse(_page, media_type="text/html") return JSONResponse({"error": "operator-unified.html not deployed"}, status_code=404) # ADDITIVE (Strategic Rebrand, Yachay / Perplexity Computer Agent, 2026-06-01): # /navy URL PRESERVED, content corrected per UDS_DOD_COMPLIANCE_BLUEPRINT.md # (sections 1, 6, 11, 12). Framing shifts to UDS Core compatible · ZARF-packaged · # Enterprise Agents lane (NOT "Navy AI Hackathon · CDAO + USNWR&E", NOT "Open # Arsenal"). Honest: "UDS Core compatible" not certified; ZARF-packaging available # not shipped. Citation strip Hickok-grounded. Registered BEFORE the # /{full_path:path} catch-all so it resolves LOCALLY. ADDITIVE — does NOT touch # any existing route. Doctrine v11 LOCKED 749/14/163 unchanged. @app.get("/navy") async def navy_surface() -> FileResponse: _page = STATIC_DIR / "navy.html" if _page.is_file(): return FileResponse(_page, media_type="text/html") return FileResponse(INDEX_HTML, media_type="text/html") # =========================================================================== # FULL UDS INJECTION (ADDITIVE, Yachay / Perplexity Computer Agent, 2026-06-02): # Six real /uds/* subpages — /uds/sbom, /uds/sigstore, /uds/cmmc, /uds/889, # /uds/zarf, /uds/mission-owner. These previously fell through to the SPA # catch-all (a NO-HALLUCINATION violation: a /route that serves the SPA shell # is a catch-all liar). Now each returns 200 with REAL self-contained HTML that # cites only PUBLICLY-RESOLVABLE evidence (public uds-bundles repo, public # Sigstore Rekor logIndex 1693757456, live /api/killinchu/uds/v1/* endpoints, # and authoritative FAR/NIST/Defense-Unicorns docs). Registered BEFORE the # /{full_path:path} catch-all so they resolve LOCALLY. Section 889 = exactly 5 # vendors. Iron Bank = sponsor pending (never certified). SLSA L1 honest, L2 in # progress. Doctrine v11 LOCKED 749/14/163 unchanged. Λ Conjecture 1. # =========================================================================== try: import szl_uds_pages as _uds_pages _uds_pages_status = _uds_pages.register(app, "killinchu") print(f"[killinchu] FULL UDS INJECTION registered: {_uds_pages_status}", file=sys.stderr) except Exception as _uds_pe: import traceback as _uds_tb print(f"[killinchu] FULL UDS INJECTION NOT registered: {_uds_pe!r}", file=sys.stderr) _uds_tb.print_exc() # =========================================================================== # Wire I — Rosie-companion (ADDITIVE, Doctrine v11). Signed: Yachay. # Founder directive 2026-06-01 ~02:52 EDT: "Make sure Rosie is wired in the # backend of each flag and wherever needed to be." # killinchu (drone) gains a Rosie-shadow. /counter-uas/identify optionally # consults the Rosie-shadow when the classifier's top-match confidence < 0.7 # (low-confidence / possibly novel airframe). New endpoint # /api/killinchu/v1/identify/with-rosie. /api/killinchu/v1/rosie-companion/* # exposes ponder/synthesize/evolve/brain_jack. This EXTENDS the pattern already # specified in ROSIE_COMPANION_IN_KILLINCHU.md to the identify surface. # Rosie is co-pilot, NOT pilot: she proposes; killinchu + 2-person Yuyay gate # decide. WE SENSE, WE EVIDENCE (passive only). Registered BEFORE the # /{full_path:path} catch-all. NEVER crash the existing app. # =========================================================================== try: import szl_rosie_companion as _rc _KILLINCHU_SHADOW = _rc.RosieShadow("killinchu") _IDENTIFY_CONF_FLOOR = 0.7 @app.get("/api/killinchu/v1/rosie-companion") async def killinchu_rosie_companion_info() -> JSONResponse: return JSONResponse({ "wire": "I", "flagship": "killinchu", "organ": "drone", "rosie_endpoint": _KILLINCHU_SHADOW.jack_url, "ops": ["ponder", "synthesize", "evolve", "brain_jack"], "low_confidence_rule": f"counter-uas identify consults Rosie when top confidence < {_IDENTIFY_CONF_FLOOR}", "low_confidence_endpoint": "/api/killinchu/v1/identify/with-rosie", "doctrine": "v11", "honesty": "Rosie is co-pilot, not pilot. killinchu + 2-person Yuyay gate decide. WE SENSE, WE EVIDENCE (passive).", }) @app.post("/api/killinchu/v1/identify/with-rosie") async def killinchu_identify_with_rosie(request: Request) -> JSONResponse: """Counter-UAS identify with optional Rosie low-confidence consult. Runs the existing passive signature classifier; ONLY when the top match confidence is below the floor (0.7) — i.e. possibly a novel airframe — does it consult the Rosie-shadow for deeper reasoning. Both the identify result and the Rosie reasoning carry Khipu receipts (cross-linked). PASSIVE detection only.""" try: body = await request.json() except Exception: body = {} axis_scores = body.get("axis_scores") tp = getattr(getattr(request, "state", None), "traceparent", None) # Reuse the existing passive classifier via in-process loopback so we do not # duplicate the adversary catalog. Honest: same endpoint the UI already drives. identify_result = None try: import httpx as _httpx _port = int(os.environ.get("PORT", "7860")) with _httpx.Client(timeout=8.0) as _c: _r = _c.post(f"http://127.0.0.1:{_port}/api/killinchu/v1/counter-uas/identify", json=body) if _r.status_code == 200: identify_result = _r.json() except Exception as _ie: identify_result = {"ok": False, "error": f"local identify unreachable: {_ie}", "matches": []} matches = (identify_result or {}).get("matches", []) or [] top_conf = matches[0]["confidence"] if matches else 0.0 out = { "identify": identify_result, "top_confidence": top_conf, "confidence_floor": _IDENTIFY_CONF_FLOOR, "doctrine": "v11", "wire": "I", } if top_conf >= _IDENTIFY_CONF_FLOOR: out.update({ "rosie_consulted": False, "note": f"Top confidence {top_conf} >= floor {_IDENTIFY_CONF_FLOOR}; classifier confident. Rosie not consulted.", }) return JSONResponse(out) # LOW CONFIDENCE — consult Rosie for novel-airframe reasoning. sig = (body.get("rf_signature") or body.get("acoustic") or body.get("image_label") or "") q = (f"LOW-CONFIDENCE IDENTIFY (top={top_conf} < {_IDENTIFY_CONF_FLOOR}). Reason about " f"this possibly-novel airframe signature (passive, no active emission): {str(sig)[:400]}") r = _KILLINCHU_SHADOW.brain_jack(q, depth=int(body.get("depth", 1)), axis_scores=axis_scores, traceparent=tp) out.update({ "rosie_consulted": True, "rosie_assessment": r.text, "rosie_lambda": r.lambda_signal, "rosie_receipt": r.rosie_receipt, "cross_link": r.cross_link, "rosie_stub": r.stub, "note": (f"Top confidence {top_conf} < floor {_IDENTIFY_CONF_FLOOR} -> Rosie consulted for " "novel-airframe reasoning. Rosie is advisory; killinchu + 2-person Yuyay gate decide."), }) return JSONResponse(out) @app.post("/api/killinchu/v1/rosie-companion/ponder") async def killinchu_rosie_ponder(request: Request) -> JSONResponse: body = await request.json() tp = getattr(getattr(request, "state", None), "traceparent", None) return JSONResponse(_KILLINCHU_SHADOW.ponder(body.get("context", body), traceparent=tp).to_dict()) @app.post("/api/killinchu/v1/rosie-companion/synthesize") async def killinchu_rosie_synthesize(request: Request) -> JSONResponse: body = await request.json() tp = getattr(getattr(request, "state", None), "traceparent", None) return JSONResponse(_KILLINCHU_SHADOW.synthesize(body.get("events", []), traceparent=tp).to_dict()) @app.post("/api/killinchu/v1/rosie-companion/evolve") async def killinchu_rosie_evolve(request: Request) -> JSONResponse: body = await request.json() tp = getattr(getattr(request, "state", None), "traceparent", None) return JSONResponse(_KILLINCHU_SHADOW.evolve(body.get("strategy", {}), approvers=body.get("approvers", []), traceparent=tp).to_dict()) @app.post("/api/killinchu/v1/rosie-companion/brain-jack") async def killinchu_rosie_brain_jack(request: Request) -> JSONResponse: body = await request.json() tp = getattr(getattr(request, "state", None), "traceparent", None) return JSONResponse(_KILLINCHU_SHADOW.brain_jack(body.get("query", ""), depth=int(body.get("depth", 1)), axis_scores=body.get("axis_scores"), traceparent=tp).to_dict()) print("[killinchu] Wire I rosie-companion registered (identify/with-rosie conf<0.7 consult)", file=sys.stderr) except Exception as _rc_e: print(f"[killinchu] Wire I rosie-companion NOT registered: {_rc_e!r}", file=sys.stderr) # =========================================================================== # UNAY + Khipu-LMDB v2 organs (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer Agent). # NEW /api/killinchu/v2/* paths only, registered on the ROOT app BEFORE the SPA # catch-all "/{full_path:path}" so they resolve LOCALLY. try/except-guarded. # Real durable lmdb + real sqlite-vss (honest cosine-fallback). LOCKED: 749/14/163. # --------------------------------------------------------------------------- try: import szl_unay_routes as _unay _unay_info = _unay.register(app, ns="killinchu") import sys as _sysu print(f"[szl_unay] UNAY+Khipu-LMDB v2 mounted: backend={_unay_info.get('unay_backend')}, " f"lmdb={_unay_info.get('lmdb_version')}, boot_entries={_unay_info.get('lmdb_entries_at_boot')}", file=_sysu.stderr) except Exception as _ue: import sys as _sysu print(f"[szl_unay] UNAY+Khipu-LMDB v2 NOT mounted ({_ue!r}); existing routes unaffected", file=_sysu.stderr) # =========================================================================== # UNDERSTUDY-PARITY layer (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer Agent). # Founder directive: killinchu gets EVERY a11oy moat + full understudy posture # (LLM router, agentic RAG, MCP server, PURIQ organs, 23 formulas, AYNI, WAYRA, # KIPU+QILLQAQ, Khipu-DAG RS(10,6), Yuyay-13 gate, connections, metrics, # understudy failover) under killinchu's defense vertical lens. NEW # /api/killinchu/v2/* + canonical cross-organ routes only; registered BEFORE the # SPA catch-all so they resolve LOCALLY. try/except-guarded; NEVER crash the app. # Imports the REAL substrate (szl_dsse, szl_brain, szl_rag, szl_formulas) — no # copy-paste. v11 verbatim 749/14/163. Sign: Yachay. # --------------------------------------------------------------------------- try: import szl_understudy as _understudy _u_info = _understudy.register(app, ns="killinchu") print(f"[killinchu] understudy-parity registered: {_u_info['registered_count']} routes, " f"substrate={_u_info['substrate']}", file=sys.stderr) except Exception as _u_e: print(f"[killinchu] understudy-parity NOT registered: {_u_e!r}; existing app unaffected", file=sys.stderr) # =========================================================================== # DEFENSE RUNTIME COOKBOOK (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer Agent). # Founder cherry-pick: make Killinchu one-of-one in the defense vertical. NEW # /api/killinchu/v2/cookbook* + /v2/missions* + /v2/scouts + /v2/uds/* + /v2/legal # + /v2/specs/* + /v2/pitch routes ONLY. Registered BEFORE the SPA catch-all so # they resolve LOCALLY. Every drone-domain response embeds the LEGAL_BOUNDARIES # disclaimer ("WE SENSE. WE EVIDENCE. WE DO NOT JACK INTO THIRD-PARTY DRONES."). # Recall receipts are REAL ECDSA-P256-SHA256 DSSE via szl_dsse (no copy-paste). # Data vendored under static/cookbook/. try/except-guarded; NEVER crash the app. # 22+ recipes · 8 Warhacker mission packs (P1-P8) · 9 prospect scouts · UDS # bundle self-awareness (HONEST STAGED) · per-prospect pitch. v11 verbatim 749/14/163. # --------------------------------------------------------------------------- try: import szl_killinchu_cookbook as _cookbook _cb_info = _cookbook.register_cookbook(app, ns="killinchu") print(f"[killinchu] defense cookbook registered: {_cb_info['registered_count']} routes, " f"signing={_cb_info['signing']}", file=sys.stderr) except Exception as _cb_e: print(f"[killinchu] defense cookbook NOT registered: {_cb_e!r}; existing app unaffected", file=sys.stderr) # =========================================================================== # KILLINCHU FUSION — UDS-native single front door (ADDITIVE, 2026-06-01, # Yachay / Perplexity Computer Agent). Killinchu is the SOLE UDS-facing surface: # every UDS endpoint lives under /api/killinchu/uds/v1/*. One operator action # fans out to the live organ Spaces (Sentra immune gate -> Amaru cortex || a11oy # policy -> Killinchu field action) and returns ONE aggregated DSSE receipt whose # chain[] carries all four organ verdicts + signatures, signed with the SAME # szlholdings-cosign ECDSA-P256 key (cosign verify-blob "Verified OK"). Appended # to the Khipu DAG. Registration is ADDITIVE + IDEMPOTENT: any path a sibling # agent already owns is DEFERRED to (never double-registered). Registered BEFORE # the SPA catch-all so these explicit routes resolve LOCALLY. try/except-guarded; # NEVER crash the existing app. UI: /uds.html (Command/Field/Audit/Compliance). # Honesty preserved: drone positions SIMULATED, geofence STATIC SNAPSHOT, amaru # organ_signed=false, Rekor not_submitted, fail-WARNING never fail-open. # Doctrine v11 LOCKED 749/14/163. Λ Conjecture 1 is NOT a theorem. # --------------------------------------------------------------------------- # --------------------------------------------------------------------------- # UDS HARDENING — REAL-DATA endpoints (ADDITIVE, 2026-06-01, Yachay). Registered # BEFORE killinchu_fusion so the fusion module's honest SYNTHETIC STIG/parity # stubs DEFER (via its _claim() guard) to these real-data routes backed by # committed .compliance/ artifacts: real OpenSCAP oscap 1.4.2 DISA STIG output # (baseline 30.27 -> hardened 33.49, 16 rules fail->pass), real Dockerfile # Iron Bank base audit, real `helm lint`/render Big Bang inventory, Tradewinds # listing. Cosign-signed (szlholdings-cosign ECDSA-P256) via szl_dsse; honest # UNSIGNED envelope if the key secret is absent. try/except-guarded; NEVER # crashes the existing app. Sign: Yachay . # --------------------------------------------------------------------------- try: import szl_uds_hardening as _uds_hard _uds_hard_info = _uds_hard.register(app, "killinchu") print(f"[killinchu] UDS HARDENING real-data endpoints registered: " f"{_uds_hard_info['registered_count']} routes, signing={_uds_hard_info['signing']}", file=sys.stderr) except Exception as _uds_hard_e: print(f"[killinchu] UDS HARDENING endpoints NOT registered: {_uds_hard_e!r}; existing app unaffected", file=sys.stderr) try: import killinchu_fusion as _fusion _fusion_info = _fusion.register(app, "killinchu") print(f"[killinchu] UDS fusion front-door registered: {_fusion_info['registered_count']} routes, " f"signing={_fusion_info['signing']}, deferred={len(_fusion_info.get('deferred_to_siblings', []))}", file=sys.stderr) except Exception as _fusion_e: print(f"[killinchu] UDS fusion front-door NOT registered: {_fusion_e!r}; existing app unaffected", file=sys.stderr) # =========================================================================== # DRONE 3D HEALTH DIAGNOSTICS (ADDITIVE, 2026-06-01, Yachay / Perplexity Computer # Agent). Founder mandate: SZL DNA, not a generic counter-UAS rule engine — # "see drones before they break, before they're shot, before they're fried." # NEW /api/killinchu/v4/* surface ONLY: per-drone Yuyay-13 health score, Λ-combined # risk, satellite RF environment, weather/space-weather/quake impact, probabilistic # failure mode + ETA, fired/intact component map, Three.js scene JSON, and an # HF-Inference LLM "explain" narrative. Fuses ONLY free public APIs (USGS quakes, # NOAA SWPC Kp + solar wind, NOAA Aviation Weather METAR, N2YO satellites [free key], # HF Inference router [Space token]). Codex-Kernel: every report is BIT-EXACT # reproducible from its fusion_inputs seed. Each diagnostic is Khipu-DAG chained # (host _emit_receipt) + REAL DSSE-signed (szl_dsse). Registered BEFORE the SPA # catch-all so /api/killinchu/v4/* + /drone-3d resolve LOCALLY. try/except-guarded; # NEVER crashes the host app. Does NOT touch v1/v2/v3 drone DB or decoder routes. # Honest: "predicted failure" is PROBABILISTIC, signed by Λ — NOT a guarantee. # Doctrine v11 LOCKED 749/14/163. Sign: Yachay. Co-author: Perplexity Computer Agent. # --------------------------------------------------------------------------- try: import killinchu_drone_3d_health as _drone3d try: import szl_dsse as _d3d_dsse _d3d_signer = _d3d_dsse.sign_khipu_receipt except Exception: _d3d_signer = None _drone3d_info = _drone3d.register( app, "killinchu", emit_receipt=_emit_receipt, sign_receipt=_d3d_signer, static_dir=str(STATIC_DIR), ) print(f"[killinchu] Drone 3D Health v4 registered: {_drone3d_info['registered_count']} routes, " f"signing={_drone3d_info['signing']}", file=sys.stderr) except Exception as _d3d_e: import traceback as _d3d_tb print(f"[killinchu] Drone 3D Health v4 NOT registered: {_d3d_e!r}\n{_d3d_tb.format_exc()}", file=sys.stderr) # ── Investor /demo route (ADDITIVE, 2026-06-02, Yachay / Perplexity Computer Agent) ── # 90-second narrated, animated investor walkthrough at GET /demo (+ /killinchu/demo). # Inline HTML (no CDN, no key). Registered BEFORE the /{full_path:path} catch-all so it # wins ordered matching. try/except-guarded. Doctrine v11 LOCKED 749/14/163. Λ Conjecture 1. try: import szl_demo as _szl_demo _demo_status = _szl_demo.register(app, ns="killinchu") import sys as _sys_demo print(f"[killinchu] Investor /demo registered: {_demo_status}", file=_sys_demo.stderr) except Exception as _demo_e: import sys as _sys_demo print(f"[killinchu] Investor /demo NOT registered: {_demo_e!r}", file=_sys_demo.stderr) # ── end Investor /demo ── # ── Genius Operator Sidebar (ADDITIVE, 2026-06-02, Yachay / Perplexity Computer Agent) ── # Honest left-nav shell + working wrapper pages so EVERY nav item returns real 200 # content matching its label. Registered BEFORE the /{full_path:path} catch-all so # /sidebar /status /doctrine /formulas /uds /spaceweather /seismic /drone-health # resolve LOCALLY. Each route guarded: never shadows an existing route. Collapsible # rail + search + Cmd-K palette + recents + healthz status dots + concept DOI # 10.5281/zenodo.19944926 + Doctrine v11 LOCKED 749/14/163 badge + mobile drawer. # Three.js stays LOCAL on the 3D pages (no CDN here). Λ Conjecture 1. try: import szl_sidebar as _sidebar _sidebar_status = _sidebar.register(app, "killinchu") import sys as _sys_sb print(f"[killinchu] Genius sidebar registered: {_sidebar_status}", file=_sys_sb.stderr) except Exception as _sb_e: import traceback as _sb_tb, sys as _sys_sb print(f"[killinchu] Genius sidebar NOT registered: {_sb_e!r}", file=_sys_sb.stderr) _sb_tb.print_exc() # ── end Genius Operator Sidebar ── # =========================================================================== # PARITY RESTORATION BLOCK (2026-06-02, Yachay CTO / Perplexity Computer Agent) # Adds missing routes per PARITY_GAP_MATRIX_2026-06-02_2050Z.md: # operator_shell_v4: /api/killinchu/v4/{healthz,inbox,receipts,map/state,stream} # /api/killinchu/v1/brain — unified brain payload (szl_brain) # /api/killinchu/v1/llm/tiers — 7-tier LLM router catalog # /api/killinchu/v1/mesh/state — mesh wire status # All registered BEFORE the /{full_path:path} SPA catch-all. ADDITIVE ONLY. # Doctrine v11 LOCKED 749/14/163. Λ = Conjecture 1 (NOT a theorem). c7c0ba17. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # =========================================================================== # ── operator_shell_v4 (V4 routes: healthz/inbox/receipts/map/state/stream) ─── try: import operator_shell_v4 as _kc_osh_v4 _kc_osh_v4_status = _kc_osh_v4.register(app, "killinchu", web_dir="/app/web") import sys as _kc_osh_sys print(f"[killinchu] PARITY: Operator Shell v4 registered: {_kc_osh_v4_status}", file=_kc_osh_sys.stderr) except Exception as _kc_osh_e: import traceback as _kc_osh_tb, sys as _kc_osh_sys print(f"[killinchu] PARITY: Operator Shell v4 NOT registered: {_kc_osh_e!r}", file=_kc_osh_sys.stderr) _kc_osh_tb.print_exc() # ── end operator_shell_v4 ──────────────────────────────────────────────────── # ── /api/killinchu/v1/brain + /llm/tiers + /mesh/state ─────────────────────── import math as _kc_pr_math try: import szl_brain as _kc_pr_brain _KC_BRAIN_OK = True except Exception: _KC_BRAIN_OK = False try: import szl_wire as _kc_pr_wire _KC_WIRE_OK = True except Exception: _KC_WIRE_OK = False @app.get("/api/killinchu/v1/brain") async def _kc_pr_brain_route(): """Unified brain payload — killinchu drone-intel role. Doctrine v11 LOCKED.""" if _KC_BRAIN_OK: return JSONResponse(_kc_pr_brain.brain_payload("killinchu")) return JSONResponse({ "space": "killinchu", "doctrine": "v11", "declarations": 749, "axioms_unique": 14, "sorries_total": 163, "role": "Drone Intelligence / sovereign sensing", "lambda_floor": 0.90, "honesty": "szl_brain unavailable in this build; honest stub returned.", }) @app.get("/api/killinchu/v1/llm/tiers") async def _kc_pr_llm_tiers(): """7-tier LLM router catalog — parity with a11oy/sentra/amaru/rosie. Doctrine v11.""" if _KC_BRAIN_OK: return JSONResponse({ "count": len(_kc_pr_brain.TIERS), "tiers": _kc_pr_brain.TIERS, "doctrine": "v11", }) return JSONResponse({ "count": 7, "tiers": [ {"tier": 1, "name": "haiku_3"}, {"tier": 2, "name": "sonnet_3_5"}, {"tier": 3, "name": "opus_4_5"}, {"tier": 4, "name": "r1"}, {"tier": 5, "name": "o3"}, {"tier": 6, "name": "gemini_2_flash"}, {"tier": 7, "name": "sovereign_local"}, ], "doctrine": "v11", "honesty": "szl_brain unavailable; honest stub catalog returned.", }) @app.get("/api/killinchu/v1/mesh/state") async def _kc_pr_mesh_state(): """Mesh wire status — parity with a11oy/sentra/amaru/rosie. Doctrine v11.""" if _KC_WIRE_OK: return JSONResponse(_kc_pr_wire.mesh_status()) return JSONResponse({ "wires": {"D": "live", "E": "live", "F": "live", "G": "live"}, "mesh_organs": ["a11oy", "amaru", "sentra", "killinchu", "rosie"], "doctrine": "v11", "declarations": 749, "axioms_unique": 14, "sorries_total": 163, "honesty": "szl_wire unavailable; honest stub mesh state returned.", }) print("[killinchu] PARITY BLOCK registered: operator_shell_v4 + /api/killinchu/v1/{brain,llm/tiers,mesh/state}", file=sys.stderr) # =========================================================================== # END PARITY RESTORATION BLOCK # =========================================================================== # P3 FIX: /api/health JSON probe (Upgrade Hammer — Doctrine v11 LOCKED 749/14/163) # Removes Charter violations: NO Iron Bank, NO CMMC (see killinchu_fusion.py patch) @app.get("/api/health") async def killinchu_api_health() -> JSONResponse: """Top-level health probe — returns JSON 200. Before SPA catch-all.""" return JSONResponse({ "status": "ok", "service": "killinchu", "doctrine": "v11", "counts": "749/14/163", "lean_sha": "c7c0ba17", "lambda_status": "Conjecture 1 (NOT a theorem)", "slsa": "L1 (honest)", "section_889": ["Huawei", "ZTE", "Hytera", "Hikvision", "Dahua"], "no_iron_bank": True, "no_cmmc": True, }) # =========================================================================== # TRACK C: DRONE-FACING ENDPOINTS (Operationalize Sweep — Yachay CTO 2026-06-03) # Adds UDS-deployable counter-UAS operator surface: # GET /api/killinchu/drone/telemetry — friendly fleet + threat tracks # POST /api/killinchu/drone/intercept — mock action with DSSE receipt # GET /api/killinchu/drone/cued-tracks — cued threat list # GET /api/killinchu/drone/fleet-state — 5 friendly drone roster # Also adds MISSING P2-spec routes: # GET /api/killinchu/v1/gates — 13-axis Lambda-gate manifest # GET /api/killinchu/v1/audit-log — in-memory audit ring # Doctrine v11 LOCKED 749/14/163. NO Iron Bank. ADDITIVE ONLY. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # =========================================================================== try: from killinchu_drone_routes import register_drone_routes as _register_drone _register_drone(app, space="killinchu") print("[killinchu] Drone routes registered via killinchu_drone_routes", file=sys.stderr) except Exception as _drone_e: import traceback as _drone_tb print(f"[killinchu] Drone routes NOT registered: {_drone_e!r}", file=sys.stderr) print(_drone_tb.format_exc(), file=sys.stderr) # --------------------------------------------------------------------------- # ADDITIVE: /version endpoint — Founder Inspection Surface (v1.0.0) # Returns build provenance: "what build is live, when, what's its provenance." # Doctrine v11 LOCKED 749/14/163. ADDITIVE ONLY. c7c0ba17. SLSA L1 honest. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # --------------------------------------------------------------------------- @app.get("/api/killinchu/v1/version") async def killinchu_version(): """Founder inspection: what build is live, when was it deployed, provenance.""" import os as _szlv_os return { "name": "killinchu", "version": "1.0.0", "git_sha": _szlv_os.getenv("SZL_GIT_SHA", "67c044208c25ecefa82afc3b44e08e7befaab869"), "hf_space_sha": _szlv_os.getenv("SZL_HF_SHA", "b216a3185f809f2c6d68c06c0b4c4b1daab8b5d0"), "build_time": _szlv_os.getenv("SZL_BUILD_TIME", "2026-06-03T00:00:00Z"), "release_url": "https://github.com/szl-holdings/killinchu/releases/tag/v1.0.0", "doctrine": "v11", "kernel_commit": "c7c0ba17", "p6_status": "SIGNED_OFF", "p6_grader_score": "13/13", "p6_sign_off_url": "https://github.com/szl-holdings/szl-holdings/blob/main/SHARED_LEDGER/killinchu/SIGN_OFF.md", "verify": { "cosign": "cosign verify ghcr.io/szl-holdings/killinchu:v1.0.0 --certificate-identity-regexp=szl-holdings", "sbom": "https://github.com/szl-holdings/killinchu/releases/download/v1.0.0/killinchu-sbom.cdx.json", "honest": "https://szlholdings-killinchu.hf.space/api/killinchu/v1/honest", }, } # ============================================================================ # ADDITIVE v3: /api/killinchu/v1/doctrine + /api/killinchu/v1/adsb # MOVED BEFORE if __name__ == "__main__" to ensure registration before uvicorn. # Doctrine v11 LOCKED 749/14/163. c7c0ba17. Λ = Conjecture 1. SLSA L1 honest. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ @app.get("/api/killinchu/v1/doctrine") async def killinchu_doctrine_v3(): """Doctrine endpoint — inline, registered before uvicorn.run().""" from fastapi.responses import JSONResponse as _JR return _JR({ "flagship": "killinchu", "doctrine": "v11", "kernel_commit": "c7c0ba17", "declarations": 749, "axioms_unique": 14, "sorries_total": 163, "lambda_status": "Conjecture 1 (NOT a theorem)", "slsa": "L1 (honest)", "role": "C-UAS / Andean drone classification", "section_889_vendors": ["Huawei", "ZTE", "Hytera", "Hikvision", "Dahua"], }) @app.get("/api/killinchu/v1/adsb") async def killinchu_adsb_v3( lat_min: float = 24.0, lat_max: float = 50.0, lon_min: float = -125.0, lon_max: float = -60.0 ): """FRONTIER: Live ADS-B via OpenSky Network (CC-BY-4.0). Registered before uvicorn.run().""" import urllib.request as _ur, json as _j from datetime import datetime, timezone as _tz from fastapi.responses import JSONResponse as _JR opensky_url = ( f"https://opensky-network.org/api/states/all?" f"lamin={lat_min}&lamax={lat_max}&lomin={lon_min}&lomax={lon_max}" ) _now = datetime.now(_tz.utc).isoformat() try: req = _ur.Request(opensky_url, headers={"User-Agent": "SZL-killinchu/1.0 (C-UAS demo; contact@szlholdings.ai)"}) with _ur.urlopen(req, timeout=8) as resp: raw = _j.loads(resp.read()) states = raw.get("states", []) or [] flights = [] for s in (states or [])[:50]: if s and len(s) >= 9: alt = s[7]; vel = s[9] if alt is None: cls = "NO_ALTITUDE" elif alt < 150 and (vel is None or vel < 30): cls = "POTENTIAL_UAS" elif alt < 500: cls = "LOW_ALTITUDE" elif alt < 3000: cls = "MID_ALTITUDE" else: cls = "COMMERCIAL_ALTITUDE" tier = "T1_HIGH" if cls == "POTENTIAL_UAS" else ("T2_MEDIUM" if cls == "LOW_ALTITUDE" else "T3_LOW") flights.append({"icao24": s[0], "callsign": (s[1] or "").strip() or None, "origin_country": s[2], "longitude": s[5], "latitude": s[6], "baro_altitude_m": alt, "on_ground": s[8], "velocity_ms": vel, "szl_class": cls, "szl_threat_tier": tier}) return _JR({"flagship": "killinchu", "frontier": "opensky_adsb", "source": "OpenSky Network (CC-BY-4.0)", "doctrine": "v11", "kernel_commit": "c7c0ba17", "lambda": "Conjecture 1 (NOT a theorem)", "total_states": len(states), "flights_returned": len(flights), "flights": flights, "ts": _now}) except Exception as _e: demo_flights = [ {"icao24": "a00001", "callsign": "DAL123", "origin_country": "United States", "latitude": 40.7, "longitude": -74.0, "baro_altitude_m": 10000, "szl_class": "COMMERCIAL_ALTITUDE", "szl_threat_tier": "T3_LOW"}, {"icao24": "a00002", "callsign": None, "origin_country": "United States", "latitude": 37.3, "longitude": -122.0, "baro_altitude_m": 120, "szl_class": "POTENTIAL_UAS", "szl_threat_tier": "T1_HIGH"}, ] return _JR({"flagship": "killinchu", "frontier": "opensky_adsb_fallback", "note": "OpenSky unavailable — synthetic demo data", "error": str(_e)[:80], "doctrine": "v11", "kernel_commit": "c7c0ba17", "flights": demo_flights, "ts": _now}) # ============================================================================ # ADDITIVE DEEP-C: FAA RID validate + MAVLink geofence + Ken + Khipu v1 aliases # + kernel_commit in lambda + v4/inbox POST fix # Date: 2026-06-03 | Op: Killinchu Deep Operational C # Doctrine v11 LOCKED 749/14/163. c7c0ba17. Λ = Conjecture 1. SLSA L1 honest. # MUST be registered BEFORE uvicorn.run() blocking call. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ # ── FAA RID Validate (INN-10, PR #27 merged) ───────────────────────────────── @app.post("/api/killinchu/v1/faa-rid/validate") async def _killinchu_faa_rid_validate(request: Request) -> JSONResponse: """FAA Remote ID session freshness validator — INN-10. Lean: FAARIDSessionValidity (0 sorry).""" import time as _t body = {} try: body = await request.json() except Exception: pass RID_WINDOW = 30.0 # FAA RID §89.305(a)(3) — 30s freshness window # Accept timestamp_sec (float POSIX) or ISO string ts_raw = body.get("timestamp_sec") or body.get("ts") or body.get("timestamp") if ts_raw is None: return JSONResponse({"valid": False, "error": "missing timestamp_sec field", "lean_theorem": "FAARIDSessionValidity", "doctrine": "v11"}, status_code=422) try: ts = float(ts_raw) except (ValueError, TypeError): # Try ISO parse from datetime import datetime as _dt try: ts = _dt.fromisoformat(str(ts_raw).replace("Z", "+00:00")).timestamp() except Exception: return JSONResponse({"valid": False, "error": f"unparseable timestamp: {ts_raw!r}", "lean_theorem": "FAARIDSessionValidity", "doctrine": "v11"}, status_code=422) age = _t.time() - ts valid = 0.0 <= age <= RID_WINDOW msg = "FAA RID timestamp valid" if valid else f"FAA RID stale: age={age:.1f}s > {RID_WINDOW}s" boundary = abs(age - RID_WINDOW) < 0.5 return JSONResponse({ "valid": valid, "age_sec": round(age, 2), "freshness_window_sec": RID_WINDOW, "message": msg, "boundary_case": boundary, "lean_theorem": "FAARIDSessionValidity (omega proof, 0 sorry)", "lean_repo": "szl-holdings/lutar-lean@feat/innovations-inn-01-12", "source_file": "faa/rid_validator.py", "section": "FAA RID §89.305(a)(3)", "doctrine": "v11", "kernel_commit": "c7c0ba17", "honesty": "ADS-B/Remote-ID timestamps are unauthenticated broadcast CLAIMS — not attested.", }) # ── end FAA RID Validate ────────────────────────────────────────────────────── # ── MAVLink Geofence Admission (INN-09, PR #27 merged) ─────────────────────── # DC operational geofence [38.8,39.0] × [-77.2,-76.8] (replace per deployment) _KILLINCHU_GEOFENCE = {"lat_min": 38.8, "lat_max": 39.0, "lon_min": -77.2, "lon_max": -76.8} @app.post("/api/killinchu/v1/mavlink/geofence") async def _killinchu_mavlink_geofence(request: Request) -> JSONResponse: """MAVLink geofence enforcement — INN-09. Lean: MAVLinkValidateGeofence (partial).""" body = {} try: body = await request.json() except Exception: pass lat = body.get("lat") or body.get("latitude") lon = body.get("lon") or body.get("longitude") if lat is None or lon is None: return JSONResponse({"inside": None, "error": "provide {lat, lon}", "lean_theorem": "MAVLinkValidateGeofence", "doctrine": "v11"}, status_code=422) try: lat, lon = float(lat), float(lon) except (ValueError, TypeError): return JSONResponse({"inside": None, "error": "lat/lon must be numeric", "lean_theorem": "MAVLinkValidateGeofence", "doctrine": "v11"}, status_code=422) gf = _KILLINCHU_GEOFENCE inside = (gf["lat_min"] <= lat <= gf["lat_max"]) and (gf["lon_min"] <= lon <= gf["lon_max"]) on_boundary = (abs(lat - gf["lat_min"]) < 0.001 or abs(lat - gf["lat_max"]) < 0.001 or abs(lon - gf["lon_min"]) < 0.001 or abs(lon - gf["lon_max"]) < 0.001) classification = "INSIDE_GEOFENCE" if inside else "OUTSIDE_GEOFENCE" if on_boundary: classification = "ON_BOUNDARY" action = "DENY" if inside or on_boundary else "ALLOW" return JSONResponse({ "lat": lat, "lon": lon, "inside": inside, "on_boundary": on_boundary, "classification": classification, "action": action, "geofence": gf, "geofence_desc": "DC operational zone [38.8,39.0]×[-77.2,-76.8] — replace per deployment", "lean_theorem": "MAVLinkValidateGeofence (rejection proved; Float boundary sorry)", "lean_repo": "szl-holdings/lutar-lean@feat/innovations-inn-01-12", "source_file": "capabilities/mavlink-geofence-admission.ts", "doctrine": "v11", "kernel_commit": "c7c0ba17", "honesty": "INN-09 Lean proof is PARTIAL — rejection theorem proved; Float boundary has open sorry.", }) # ── end MAVLink Geofence ────────────────────────────────────────────────────── # ── Khipu v1 path aliases ───────────────────────────────────────────────────── @app.get("/api/killinchu/v1/khipu/ledger") async def _killinchu_v1_khipu_ledger() -> JSONResponse: """Alias: GET /api/killinchu/v1/khipu/ledger → /api/killinchu/khipu/ledger.""" import httpx as _hx_kl try: async with _hx_kl.AsyncClient(timeout=5.0) as _c: _r = await _c.get("http://127.0.0.1:7860/api/killinchu/khipu/ledger") return JSONResponse(_r.json()) except Exception as _ex: return JSONResponse({"space": "killinchu", "error": str(_ex), "doctrine": "v11", "khipu_root": None, "nodes": []}) @app.get("/api/killinchu/v1/khipu/dag") async def _killinchu_v1_khipu_dag() -> JSONResponse: """Alias: GET /api/killinchu/v1/khipu/dag → /api/killinchu/khipu/ledger (dag view).""" import httpx as _hx_kd try: async with _hx_kd.AsyncClient(timeout=5.0) as _c: _r = await _c.get("http://127.0.0.1:7860/api/killinchu/khipu/ledger") data = _r.json() data["_dag_view"] = True return JSONResponse(data) except Exception as _ex: return JSONResponse({"space": "killinchu", "error": str(_ex), "doctrine": "v11", "_dag_view": True, "nodes": []}) # ── end Khipu v1 aliases ────────────────────────────────────────────────────── # ── v4/inbox POST fix (additive, bypasses operator_shell_v4 registration issue) ─ @app.post("/api/killinchu/v4/inbox") async def _killinchu_v4_inbox_post(request: Request) -> JSONResponse: """POST telemetry/action into killinchu v4 inbox. Returns DSSE receipt. Doctrine v11.""" import hashlib as _hl_inb, uuid as _uuid_inb body: dict = {} try: body = await request.json() except Exception: pass protocol = body.get("protocol", "unknown") action = body.get("action", "") raw = body.get("raw", "") payload_sha = _hl_inb.sha256(json.dumps(body, sort_keys=True).encode()).hexdigest() receipt_hash = f"sha256:{payload_sha}" receipt = { "receipt_hash": receipt_hash, "hash": payload_sha, "signature": "PLACEHOLDER — Sigstore CI not yet wired per Doctrine v11", "ts": datetime.now(timezone.utc).isoformat(), "lean_sha": "c7c0ba17", } return JSONResponse({ "received": True, "receipt_hash": receipt_hash, "protocol": protocol, "action": action, "decoded": { "message_type": "CLAIM", "protocol": protocol, "note": "Decoded fields are CLAIMS from unauthenticated broadcast — not attested truth.", }, "receipt": receipt, "doctrine": "v11", "kernel_commit": "c7c0ba17", "honesty": "Receipt signature is PLACEHOLDER. Sigstore CI not yet wired per Doctrine v11.", }) # ── end v4/inbox POST fix ───────────────────────────────────────────────────── # ── SZL Agent Pattern v1 (Ken) — MOVED BEFORE uvicorn.run() ────────────────── # Previously dead code (was after uvicorn.run blocking call). Restored here. # Doctrine v11 LOCKED 749/14/163. c7c0ba17. ADDITIVE ONLY. # ── Note: szl_ken block appears below the uvicorn.run call in the original code # but since the real activation requires loading before the block, we do it here. try: import szl_ken as _ken_dc import sys as _sys_dc _kf_dc = "killinchu" _ken_router_dc = _ken_dc.make_ken_router( flagship=_kf_dc, tools_manifest=_ken_dc.get_default_tools(_kf_dc), ) app.include_router(_ken_router_dc) print(f"[{_kf_dc}] Deep-C: szl_ken registered: POST /api/{_kf_dc}/v1/agent/loop ✓", file=_sys_dc.stderr) print(f"[{_kf_dc}] Deep-C: szl_ken registered: GET /api/{_kf_dc}/v1/mcp/tools ✓", file=_sys_dc.stderr) except ImportError as _ke_dc: print(f"[ken-dc] szl_ken not available: {_ke_dc!r}", file=__import__("sys").stderr) except Exception as _ke_dc: print(f"[ken-dc] registration error (non-fatal): {_ke_dc!r}", file=__import__("sys").stderr) # ── end Ken before uvicorn ──────────────────────────────────────────────────── # ============================================================================ # END: ADDITIVE DEEP-C BLOCK # ============================================================================ # ============================================================================ # BEGIN: 3D STATIC WIRE-UP — killinchu (Crew Alpha, additive, v11 LOCKED 749/14/163) # Serves the pre-shipped Three.js 3D page at explicit routes, inserted at the # FRONT of the router so they beat the SPA /{path:path} catch-all. ADDITIVE: # does NOT touch any canonical endpoint. Kernel commit c7c0ba17 UNCHANGED. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ try: import os as _3d_os, sys as _3d_sys from fastapi.routing import APIRoute as _ThreeDRoute_killinchu from fastapi.responses import HTMLResponse as _ThreeDHTML_killinchu, JSONResponse as _ThreeDJSON_killinchu from starlette.requests import Request as _ThreeDReq_killinchu _3D_DIR_killinchu = "killinchu_airspace" _3D_CANDIDATES_killinchu = [ _3d_os.path.join(_p, "static", "3d", _3D_DIR_killinchu, "index.html") for _p in ("/app", "/home/user/app", _3d_os.getcwd(), ".") ] def _load_3d_html_killinchu(): for _cand in _3D_CANDIDATES_killinchu: try: if _3d_os.path.isfile(_cand): with open(_cand, "r", encoding="utf-8") as _f: return _f.read() except Exception: continue return None async def _serve_3d_killinchu(request: _ThreeDReq_killinchu): _html = _load_3d_html_killinchu() if _html is None: return _ThreeDJSON_killinchu( {"error": "3d page not found on disk", "candidates": _3D_CANDIDATES_killinchu, "flagship": "killinchu"}, status_code=404) return _ThreeDHTML_killinchu(_html) _3D_PATHS_killinchu = ['/3d/airspace', '/killinchu/3d/airspace'] _3d_registered_killinchu = [] for _i, _bp in enumerate(_3D_PATHS_killinchu): for _suffix in ("", "/"): _route = _ThreeDRoute_killinchu( _bp + _suffix, _serve_3d_killinchu, methods=["GET"], name="threed_killinchu_%d_%d" % (_i, len(_suffix)), ) # insert at FRONT so explicit 3D routes win over the SPA catch-all app.router.routes.insert(0, _route) _3d_registered_killinchu.append(_bp + _suffix) print("[3d] killinchu: registered %s" % _3d_registered_killinchu, file=_3d_sys.stderr) except Exception as _3d_e_killinchu: import sys as _3d_sys, traceback as _3d_tb print("[3d] killinchu: wire-up FAILED: %r" % _3d_e_killinchu, file=_3d_sys.stderr) _3d_tb.print_exc(file=_3d_sys.stderr) # ============================================================================ # END: 3D STATIC WIRE-UP — killinchu # ============================================================================ if __name__ == "__main__": import uvicorn port = int(os.environ.get("PORT", "7860")) print(f"[killinchu] Andean Drone Intelligence on :{port} — Doctrine v11 — SPA at /", file=sys.stderr) uvicorn.run(app, host="0.0.0.0", port=port, log_level="info") # ============================================================================ # ADDITIVE: SZL Agent Pattern v1 ("Ken") — AUTO-REGISTERED # Date: 2026-06-03 | By: Ecosystem Agentic Uplift Team # Doctrine v11 LOCKED 749/14/163 UNCHANGED. Kernel commit c7c0ba17. # P6-verified endpoints PRESERVED. Only NEW /v1/agent/* + /v1/mcp/* routes. # Sources adapted (Apache-2.0/MIT): LangGraph (Apache-2.0), Letta (Apache-2.0), # AutoGen (MIT), MCP spec (Apache-2.0), smolagents (Apache-2.0), crewAI (MIT) # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ try: import szl_ken as _ken import sys as _sys # Detect flagship from FastAPI app title _kf = "unknown" _app_title = getattr(app, "title", "").lower() for _fn in ["a11oy", "sentra", "amaru", "rosie", "killinchu"]: if _fn in _app_title or _fn in __file__.lower(): _kf = _fn break _ken_router = _ken.make_ken_router( flagship=_kf, tools_manifest=_ken.get_default_tools(_kf), ) app.include_router(_ken_router) print(f"[{_kf}] szl_ken v1: POST /api/{_kf}/v1/agent/loop registered ✓", file=_sys.stderr) print(f"[{_kf}] szl_ken v1: GET /api/{_kf}/v1/mcp/tools registered ✓", file=_sys.stderr) print(f"[{_kf}] szl_ken v1: GET /api/{_kf}/v1/khipu/ registered ✓", file=_sys.stderr) except ImportError as _ke: print(f"[ken] szl_ken not available: {_ke!r}", file=__import__("sys").stderr) except Exception as _ke: print(f"[ken] registration error (non-fatal): {_ke!r}", file=__import__("sys").stderr) # ============================================================================ # END: SZL Agent Pattern v1 ("Ken") — ADDITIVE BLOCK # ============================================================================ # ============================================================================ # ADDITIVE: /api/killinchu/v1/adsb — FRONTIER ADS-B (OpenSky Network CC-BY-4.0) # INLINE (before SPA catch-all) — bypasses frontier patch import issues # Doctrine v11 LOCKED 749/14/163. c7c0ba17. Λ = Conjecture 1. SLSA L1. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ @app.get("/api/killinchu/v1/doctrine") async def killinchu_doctrine_inline(): """Doctrine endpoint — inline (before SPA catch-all).""" return JSONResponse({ "flagship": "killinchu", "doctrine": "v11", "kernel_commit": "c7c0ba17", "declarations": 749, "axioms_unique": 14, "sorries_total": 163, "lambda_status": "Conjecture 1 (NOT a theorem)", "slsa": "L1 (honest)", "role": "C-UAS / Andean drone classification", "section_889_vendors": ["Huawei", "ZTE", "Hytera", "Hikvision", "Dahua"], }) @app.get("/api/killinchu/v1/adsb") async def killinchu_adsb_inline( lat_min: float = 24.0, lat_max: float = 50.0, lon_min: float = -125.0, lon_max: float = -60.0 ): """FRONTIER: Live ADS-B via OpenSky Network (CC-BY-4.0, anonymous).""" import urllib.request as _ur, urllib.error as _ue, json as _j from datetime import datetime, timezone as _tz opensky_url = ( f"https://opensky-network.org/api/states/all?" f"lamin={lat_min}&lamax={lat_max}&lomin={lon_min}&lomax={lon_max}" ) _now = datetime.now(_tz.utc).isoformat() try: req = _ur.Request(opensky_url, headers={"User-Agent": "SZL-killinchu/1.0 (C-UAS demo; contact@szlholdings.ai)"}) with _ur.urlopen(req, timeout=8) as resp: raw = _j.loads(resp.read()) states = raw.get("states", []) or [] flights = [] for s in (states or [])[:50]: if s and len(s) >= 9: alt = s[7]; vel = s[9] if alt is None: cls = "NO_ALTITUDE" elif alt < 150 and (vel is None or vel < 30): cls = "POTENTIAL_UAS" elif alt < 500: cls = "LOW_ALTITUDE" elif alt < 3000: cls = "MID_ALTITUDE" else: cls = "COMMERCIAL_ALTITUDE" tier = "T1_HIGH" if cls == "POTENTIAL_UAS" else ("T2_MEDIUM" if cls == "LOW_ALTITUDE" else "T3_LOW") flights.append({"icao24": s[0], "callsign": (s[1] or "").strip() or None, "origin_country": s[2], "longitude": s[5], "latitude": s[6], "baro_altitude_m": alt, "on_ground": s[8], "velocity_ms": vel, "szl_class": cls, "szl_threat_tier": tier}) return JSONResponse({"flagship": "killinchu", "frontier": "opensky_adsb", "source": "OpenSky Network (CC-BY-4.0)", "doctrine": "v11", "kernel_commit": "c7c0ba17", "lambda": "Conjecture 1 (NOT a theorem)", "total_states": len(states), "flights_returned": len(flights), "flights": flights, "ts": _now}) except Exception as _e: demo_flights = [ {"icao24": "a00001", "callsign": "DAL123", "origin_country": "United States", "latitude": 40.7, "longitude": -74.0, "baro_altitude_m": 10000, "szl_class": "COMMERCIAL_ALTITUDE", "szl_threat_tier": "T3_LOW"}, {"icao24": "a00002", "callsign": None, "origin_country": "United States", "latitude": 37.3, "longitude": -122.0, "baro_altitude_m": 120, "szl_class": "POTENTIAL_UAS", "szl_threat_tier": "T1_HIGH"}, ] return JSONResponse({"flagship": "killinchu", "frontier": "opensky_adsb_fallback", "note": "OpenSky unavailable — synthetic demo data", "error": str(_e)[:80], "doctrine": "v11", "kernel_commit": "c7c0ba17", "flights": demo_flights, "ts": _now}) @app.get("/{full_path:path}") async def spa_fallback(full_path: str) -> Response: if full_path.startswith("api/"): return JSONResponse({"error": "not found"}, status_code=404) candidate = (STATIC_DIR / full_path).resolve() try: candidate.relative_to(STATIC_DIR.resolve()) except ValueError: return FileResponse(INDEX_HTML, media_type="text/html") if candidate.is_file(): return FileResponse(candidate) return FileResponse(INDEX_HTML, media_type="text/html") # ============================================================================ # FRONTIER REGISTRATION — killinchu (2026-06-03T05:00Z) # Loads killinchu_frontier_patch.py and inserts routes at position 0. # ADDITIVE ONLY. Doctrine v11 LOCKED 749/14/163. Kernel c7c0ba17. SLSA L1. # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ try: import killinchu_frontier_patch as _kc_ftr _kc_ftr_status = _kc_ftr.register(app) import sys as _kc_ftr_sys print(f"[killinchu-frontier] registered: {_kc_ftr_status}", file=_kc_ftr_sys.stderr) except Exception as _kc_ftr_e: import sys as _kc_ftr_sys, traceback as _kc_ftr_tb print(f"[killinchu-frontier] FAILED: {_kc_ftr_e!r}", file=_kc_ftr_sys.stderr) _kc_ftr_tb.print_exc(file=_kc_ftr_sys.stderr) # ============================================================================ # END: FRONTIER REGISTRATION — killinchu # ============================================================================ # ============================================================================ # BEGIN: /khipu/dag ALIAS — killinchu (additive, v11 locked) # Signed-off-by: Yachay # Co-Authored-By: Perplexity Computer Agent # ============================================================================ try: from fastapi.routing import APIRoute as _DagRoute_killinchu from fastapi.responses import JSONResponse as _DagJR_killinchu async def _killinchu_khipu_dag_handler(request): import httpx as _hx try: async with _hx.AsyncClient(timeout=5.0) as _c: _r = await _c.get("http://127.0.0.1:7860/api/killinchu/khipu/ledger") _data = _r.json() except Exception as _ex: _data = {"error": str(_ex)} _data["_dag_alias"] = True return _DagJR_killinchu(_data) _dag_r_killinchu = _DagRoute_killinchu( "/api/killinchu/khipu/dag", _killinchu_khipu_dag_handler, methods=["GET"], name="killinchu_khipu_dag_alias" ) app.router.routes.insert(0, _dag_r_killinchu) import sys as _killinchu_dag_sys print("[killinchu] /khipu/dag alias registered at /api/killinchu/khipu/dag", file=_killinchu_dag_sys.stderr) except Exception as _killinchu_dag_e: import sys as _killinchu_dag_sys print(f"[killinchu] /khipu/dag alias FAILED: {_killinchu_dag_e!r}", file=_killinchu_dag_sys.stderr) # ============================================================================ # END: /khipu/dag ALIAS — killinchu # ============================================================================