From ce01585bd4c14e88493db86bf97a0db3133a8c99 Mon Sep 17 00:00:00 2001 From: Illia Pashkov Date: Thu, 28 May 2026 20:27:18 -0700 Subject: [PATCH] feat(conformance): publish physical ai runtime safety working group pack --- README.md | 3 + docs/.vitepress/config.mts | 1 + ...hysical-ai-runtime-safety-working-group.md | 68 +++++++ docs/index.md | 1 + .../fixtures/physical-ai/README.md | 20 ++ .../runtime-safety-fixture.schema.json | 184 ++++++++++++++++++ packages/conformance-tests/package.json | 1 + ...untime-safety-fixtures-conformance.test.ts | 11 ++ 8 files changed, 289 insertions(+) create mode 100644 docs/community/physical-ai-runtime-safety-working-group.md create mode 100644 packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json diff --git a/README.md b/README.md index b38ac15..d476ca8 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,7 @@ Community/adoption assets: - [`docs/community/external-contributor-onboarding.md`](docs/community/external-contributor-onboarding.md) - [`docs/community/good-first-issues-board.md`](docs/community/good-first-issues-board.md) - [`docs/community/open-source-collaboration-replies.md`](docs/community/open-source-collaboration-replies.md) +- [`docs/community/physical-ai-runtime-safety-working-group.md`](docs/community/physical-ai-runtime-safety-working-group.md) - [`docs/security-bulletins/2026-04.md`](docs/security-bulletins/2026-04.md) ### Run a Single Package @@ -714,6 +715,8 @@ docker-compose up - ROS2 loop benchmark report: [`docs/reports/ros2-control-loop-benchmark.md`](docs/reports/ros2-control-loop-benchmark.md) - Hardware safety controller roadmap: [`docs/roadmaps/hardware-safety-controller-integration.md`](docs/roadmaps/hardware-safety-controller-integration.md) - Hardware safety handshake fixture: [`packages/conformance-tests/fixtures/industrial/hardware-safety-handshake.v1.json`](packages/conformance-tests/fixtures/industrial/hardware-safety-handshake.v1.json) +- Physical AI runtime safety fixtures: [`packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixtures.v0.1.json`](packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixtures.v0.1.json) +- Physical AI runtime safety fixture schema: [`packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json`](packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json) - Certification bundle summary: [`docs/reports/certification-bundle-summary.md`](docs/reports/certification-bundle-summary.md) - NIST submission playbook: [`docs/guides/nist-submission-playbook.md`](docs/guides/nist-submission-playbook.md) - NIST submission bundle report: [`docs/reports/nist-submission-bundle.md`](docs/reports/nist-submission-bundle.md) diff --git a/docs/.vitepress/config.mts b/docs/.vitepress/config.mts index c5cee29..b379554 100644 --- a/docs/.vitepress/config.mts +++ b/docs/.vitepress/config.mts @@ -85,6 +85,7 @@ export default defineConfig({ { text: "Robotics Collaboration Outreach", link: "/community/robotics-collaboration-outreach-schedule" }, { text: "Sunnybotics Collaboration Brief", link: "/community/sunnybotics-collaboration-brief" }, { text: "Sunnybotics Outreach Drafts", link: "/community/sunnybotics-outreach-drafts" }, + { text: "Physical AI Runtime Safety WG", link: "/community/physical-ai-runtime-safety-working-group" }, { text: "Lovable Site Refresh Prompt", link: "/community/lovable-sint-gg-refresh-prompt" }, { text: "Website Sync Checklist", link: "/community/website-sync-checklist" }, { text: "Good First Issues Board", link: "/community/good-first-issues-board" }, diff --git a/docs/community/physical-ai-runtime-safety-working-group.md b/docs/community/physical-ai-runtime-safety-working-group.md new file mode 100644 index 0000000..0244086 --- /dev/null +++ b/docs/community/physical-ai-runtime-safety-working-group.md @@ -0,0 +1,68 @@ +# Physical AI Runtime Safety Working Group + +Status: v0.1 fixture review packet + +## Goal + +Coordinate a small, cross-project fixture set for the safety boundary between AI agents and physical systems. + +This is intentionally narrow. The first milestone is agreement on runnable fixtures, not a new broad standard. + +## What We Are Asking Reviewers To Check + +- Does the fixture describe pre-action authorization before actuation? +- Does the fixture make transport bypass behavior explicit? +- Does e-stop/rollback evidence have the fields a safety reviewer needs? +- Can your project translate the cases without adopting SINT internals? + +## Canonical v0.1 Files + +- Fixture schema: `packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json` +- Fixture cases: `packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixtures.v0.1.json` +- Reference runner: `packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts` +- Fixture README: `packages/conformance-tests/fixtures/physical-ai/README.md` + +## Run The Reference Runner + +```bash +pnpm --filter @pshkv/conformance-tests test:physical-ai-runtime +``` + +## v0.1 Case Set + +- `ros2_cmd_vel_authorized_escalates` +- `ros2_cmd_vel_denied_by_scope` +- `ros2_cmd_vel_escalates_human_present` +- `sros2_bypass_publish_fails` +- `estop_always_rolls_back` +- `receipt_verifies_policy_decision` + +## Suggested GitHub Reply For Review Invitations + +```text +We are starting a small Physical AI Runtime Safety fixture review around the boundary between AI agents and physical systems. + +The goal is not to push SINT adoption. We want a protocol-neutral fixture shape that ROS2/SROS2, robotics simulators, agent runtimes, and safety gateways can all translate. + +The v0.1 pack covers: pre-action authorization, transport non-bypass, e-stop rollback, and evidence receipts. Would you be open to reviewing whether these cases map cleanly to your project? + +Fixture docs: +https://github.com/sint-ai/sint-protocol/tree/main/packages/conformance-tests/fixtures/physical-ai +``` + +## Candidate Reviewers + +- ROS2/SROS2 security maintainers +- Open-RMF and ROS2 navigation/fleet workflow projects +- MCP/agent security gateway maintainers +- Agent identity and delegated authority projects +- Robotics simulation and lab teams validating physical AI actions + +## Success Criterion + +The v0.1 milestone is successful when two independent implementations can agree on: + +- the expected decision (`allow`, `deny`, `escalate`, `rollback`) +- the expected transport outcome +- the evidence fields that prove the boundary was checked +- the claims that cannot be inferred from the evidence alone diff --git a/docs/index.md b/docs/index.md index a65a629..2930a68 100644 --- a/docs/index.md +++ b/docs/index.md @@ -44,6 +44,7 @@ features: - Discord launch kit: [Community/Discord Launch Kit](./community/discord-launch-kit.md) - Good-first-issues board: [Community/Starter Board](./community/good-first-issues-board.md) - Collaboration reply playbook: [Community/Replies](./community/open-source-collaboration-replies.md) +- Physical AI runtime safety working group: [Community/Working Group](./community/physical-ai-runtime-safety-working-group.md) - EU AI Act mapping: [Compliance/EU AI Act](./compliance/eu-ai-act-mapping.md) - ISO 13482 alignment: [Compliance/ISO 13482](./compliance/iso-13482-alignment.md) - Formal threat model: [Security/Formal Threat Model](./security/formal-threat-model.md) diff --git a/packages/conformance-tests/fixtures/physical-ai/README.md b/packages/conformance-tests/fixtures/physical-ai/README.md index 98ad8dc..bdbcdb5 100644 --- a/packages/conformance-tests/fixtures/physical-ai/README.md +++ b/packages/conformance-tests/fixtures/physical-ai/README.md @@ -28,3 +28,23 @@ SINT provides one reference runner, but other implementations can translate the same cases into their own gateway, transport, or simulator. The important interop question is whether independent systems agree on the expected decision, transport outcome, and evidence contract. + +## Files + +- `runtime-safety-fixture.schema.json` defines the v0.1 fixture shape. +- `runtime-safety-fixtures.v0.1.json` is the canonical ROS2/SROS2 starter pack. + +## Run The Reference Checks + +```bash +pnpm --filter @pshkv/conformance-tests test:physical-ai-runtime +``` + +## Review Targets + +The first working-group review should answer four questions: + +1. Can another runtime express the same pre-actuation authorization boundary? +2. Can another transport express the same non-bypass outcome? +3. Can another safety controller express rollback/e-stop evidence? +4. Can another evidence format bind `action_ref` and `delegation_ref` without leaking private authority metadata? diff --git a/packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json b/packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json new file mode 100644 index 0000000..67cfcaf --- /dev/null +++ b/packages/conformance-tests/fixtures/physical-ai/runtime-safety-fixture.schema.json @@ -0,0 +1,184 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.sint.ai/physical-ai/runtime-safety-fixture.v0.1.schema.json", + "title": "Physical AI Runtime Safety Fixture v0.1", + "type": "object", + "required": ["fixtureId", "schemaVersion", "description", "profile", "defaultToken", "cases"], + "additionalProperties": false, + "properties": { + "fixtureId": { "type": "string", "const": "physical-ai-runtime-safety-v0.1" }, + "schemaVersion": { "type": "string", "const": "0.1.0" }, + "description": { "type": "string", "minLength": 1 }, + "profile": { + "type": "object", + "required": ["transport", "actionBoundary", "decisionVocabulary", "transportOutcomes", "evidenceRequirements"], + "additionalProperties": false, + "properties": { + "transport": { "type": "string", "enum": ["ros2/sros2"] }, + "actionBoundary": { "type": "string", "enum": ["pre-actuation"] }, + "decisionVocabulary": { + "type": "array", + "items": { "type": "string", "enum": ["allow", "deny", "escalate", "rollback"] }, + "minItems": 4, + "uniqueItems": true + }, + "transportOutcomes": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "forwarded", + "held_for_review", + "publish_rejected", + "discovery_rejected", + "execution_rolled_back" + ] + }, + "minItems": 5, + "uniqueItems": true + }, + "evidenceRequirements": { + "type": "object", + "required": [ + "decisionRefRequired", + "actionIntentRefRequired", + "hashChainRequired", + "receiptRequiredForNegativeOutcomes", + "authorityPointer", + "actionPointer" + ], + "additionalProperties": false, + "properties": { + "decisionRefRequired": { "type": "boolean", "const": true }, + "actionIntentRefRequired": { "type": "boolean", "const": true }, + "hashChainRequired": { "type": "boolean", "const": true }, + "receiptRequiredForNegativeOutcomes": { "type": "boolean", "const": true }, + "authorityPointer": { + "type": "object", + "required": ["field", "form", "nullable"], + "additionalProperties": false, + "properties": { + "field": { "type": "string", "const": "delegation_ref" }, + "form": { "type": "string", "const": "opaque_content_addressed" }, + "nullable": { "type": "boolean" } + } + }, + "actionPointer": { + "type": "object", + "required": ["field", "form"], + "additionalProperties": false, + "properties": { + "field": { "type": "string", "const": "action_ref" }, + "form": { "type": "string", "const": "deterministic_public_derivation" } + } + } + } + } + } + }, + "defaultToken": { "$ref": "#/$defs/token" }, + "cases": { + "type": "array", + "minItems": 6, + "items": { + "type": "object", + "required": ["id", "name", "description", "expected"], + "additionalProperties": false, + "properties": { + "id": { "type": "string", "minLength": 1 }, + "name": { "type": "string", "minLength": 1 }, + "description": { "type": "string", "minLength": 1 }, + "tokenOverride": { "$ref": "#/$defs/token" }, + "request": { "$ref": "#/$defs/request" }, + "transportCheck": { "$ref": "#/$defs/transportCheck" }, + "expected": { + "type": "object", + "required": ["decisionAction", "transportOutcome"], + "additionalProperties": true, + "properties": { + "decisionAction": { "type": "string", "enum": ["allow", "deny", "escalate", "rollback"] }, + "assignedTier": { "type": "string", "enum": ["T0_observe", "T1_prepare", "T2_act", "T3_commit"] }, + "policyViolated": { "type": "string" }, + "transportOutcome": { + "type": "string", + "enum": [ + "forwarded", + "held_for_review", + "publish_rejected", + "discovery_rejected", + "execution_rolled_back" + ] + }, + "transportDecision": { "type": "string", "enum": ["allow", "deny", "not-covered"] }, + "evidenceEventType": { "type": "string" }, + "evidence": { "type": "object" } + } + } + } + } + } + }, + "$defs": { + "token": { + "type": "object", + "required": ["resource", "actions"], + "additionalProperties": false, + "properties": { + "resource": { "type": "string" }, + "actions": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, + "constraints": { + "type": "object", + "additionalProperties": false, + "properties": { + "maxVelocityMps": { "type": "number", "minimum": 0 }, + "maxForceNewtons": { "type": "number", "minimum": 0 } + } + } + } + }, + "request": { + "type": "object", + "required": ["resource", "action"], + "additionalProperties": true, + "properties": { + "resource": { "type": "string" }, + "action": { "type": "string" }, + "params": { "type": "object" }, + "physicalContext": { "type": "object" }, + "recentActions": { "type": "array", "items": { "type": "string" } }, + "executionContext": { "type": "object" } + } + }, + "transportCheck": { + "type": "object", + "required": ["enclave", "topicName", "operation"], + "additionalProperties": false, + "properties": { + "enclave": { + "type": "object", + "required": [ + "enclavePath", + "domainId", + "allowPublish", + "allowSubscribe", + "denyPublish", + "denySubscribe", + "governanceEnforced" + ], + "additionalProperties": false, + "properties": { + "enclavePath": { "type": "string" }, + "domainId": { "type": "integer" }, + "allowPublish": { "type": "array", "items": { "type": "string" } }, + "allowSubscribe": { "type": "array", "items": { "type": "string" } }, + "denyPublish": { "type": "array", "items": { "type": "string" } }, + "denySubscribe": { "type": "array", "items": { "type": "string" } }, + "governanceEnforced": { "type": "boolean" } + } + }, + "topicName": { "type": "string" }, + "operation": { "type": "string", "enum": ["publish", "subscribe"] } + } + } + } +} diff --git a/packages/conformance-tests/package.json b/packages/conformance-tests/package.json index aba6057..395b302 100644 --- a/packages/conformance-tests/package.json +++ b/packages/conformance-tests/package.json @@ -8,6 +8,7 @@ "test": "vitest run", "test:watch": "vitest watch", "test:fixtures": "vitest run src/canonical-fixtures-conformance.test.ts src/a2a-fixtures-conformance.test.ts src/security-iot-fixtures-conformance.test.ts src/economy-fixtures-conformance.test.ts src/autogen-interop-conformance.test.ts src/agentskill-authz-fixtures-conformance.test.ts src/action-ref-explainability-conformance.test.ts src/payment-governance-fixtures-conformance.test.ts src/physical-ai-runtime-safety-fixtures-conformance.test.ts src/post-quantum-crypto-agility-conformance.test.ts src/humanoid-profile-conformance.test.ts src/humanoid-warehouse-pilot-conformance.test.ts src/eu-ai-act-conformity-pack-conformance.test.ts src/humanoid-multivendor-fleet-conformance.test.ts src/open-rmf-handoff-policy-receipts-conformance.test.ts src/moveit-manipulation-policy-receipts-conformance.test.ts src/nav2-navigation-policy-receipts-conformance.test.ts src/px4-offboard-policy-receipts-conformance.test.ts src/lerobot-policy-actuation-receipts-conformance.test.ts src/solar-field-operations-policy-receipts-conformance.test.ts src/industrial-cell-safety-pack-conformance.test.ts src/factory-action-demo-conformance.test.ts src/sint-industrial-pack-conformance.test.ts src/regulated-consent-extensions-conformance.test.ts src/autonomy-supervisor-conformance.test.ts", + "test:physical-ai-runtime": "vitest run src/physical-ai-runtime-safety-fixtures-conformance.test.ts", "test:factory-action": "vitest run src/factory-action-demo-conformance.test.ts", "test:ros2-loop": "vitest run src/ros2-control-loop-latency.test.ts" }, diff --git a/packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts b/packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts index ba5e57f..550703e 100644 --- a/packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts +++ b/packages/conformance-tests/src/physical-ai-runtime-safety-fixtures-conformance.test.ts @@ -6,6 +6,9 @@ */ import { beforeEach, describe, expect, it } from "vitest"; +import { existsSync } from "node:fs"; +import { dirname, resolve } from "node:path"; +import { fileURLToPath } from "node:url"; import type { SintCapabilityToken, SintCapabilityTokenRequest, @@ -22,6 +25,11 @@ import { PolicyGateway } from "@pshkv/gate-policy-gateway"; import { checkSros2Permission } from "@pshkv/bridge-ros2"; import { loadPhysicalAiRuntimeSafetyFixture } from "./fixture-loader.js"; +const FIXTURE_ROOT = resolve( + dirname(fileURLToPath(import.meta.url)), + "../fixtures/physical-ai", +); + function futureISO(hoursFromNow: number): string { const d = new Date(Date.now() + hoursFromNow * 3_600_000); return d.toISOString().replace(/\.(\d{3})Z$/, ".$1000Z"); @@ -88,6 +96,9 @@ describe("Physical AI runtime safety fixtures v0.1", () => { }); it("declares a stable physical-AI interoperability profile", () => { + expect(existsSync(resolve(FIXTURE_ROOT, "runtime-safety-fixture.schema.json"))).toBe(true); + expect(existsSync(resolve(FIXTURE_ROOT, "runtime-safety-fixtures.v0.1.json"))).toBe(true); + expect(fixture.fixtureId).toBe("physical-ai-runtime-safety-v0.1"); expect(fixture.profile.transport).toBe("ros2/sros2"); expect(fixture.profile.actionBoundary).toBe("pre-actuation");