LyDosLyDos
Install
Security13 engines ยท 76+ PG tables ยท 174/174 tests

Sovereign Security Stack

LYDOS ships 13 sovereign security engines as first-class platform components. They form an interlocking trust chain from hardware root of trust through key sovereignty, quorum consensus, settlement, and global collective intelligence. All 174 sovereign tests are green on every release.

13
Sovereign Engines
115
Sovereign Routes
76+
PG Tables
174/174
Tests Green

Overview

The sovereign stack follows a layered composition model. Each engine extends the engines below it โ€” no parallel re-implementation is permitted. A new engine must integrate with the existing DPI/DEC/AAE/NNE/LSSA/FIN/KSL/LSIA/GCI layers and document its integration matrix before merging.

All engines require a live PostgreSQL connection at LYDOS_PG_DSN (port 5434). Silent SQLite fallback is explicitly prohibited โ€” if the DSN is absent the engine fails hard. This is by design.

Integration Chain

trust-chain.txtTEXT
Hardware Root of Trust (LocalSec + DPI-H)
  |
  +--> Enclave Attestation (CC โ€” SGX/SEV seal)
  |
  +--> Key Hierarchy (DPI-H: root -> intermediate -> node)
  |
  +--> Key Sovereignty (KSL: client-only privkey, device-bound JWT)
  |
  +--> Multi-Node Quorum (DPI: 2/3 BFT consensus)
  |     |
  |     +--> State Consistency (GCE: drift detection + isolation)
  |
  +--> 10-Layer Security (LSSA: HW root to trust graph)
  |
  +--> Financial Ledger (FIN: double-entry + per-tx proof)
  |
  +--> Settlement (DSL: signed + approved + proven = settled)
  |
  +--> Threat Response (ASR: behavioral detection + quarantine)
  |
  +--> Global Intelligence (GCI: privacy-first pattern consensus)
  |
  +--> Immunity Override (LSIA: OPERATIONAL/DEGRADED/SAFE/LOCKDOWN)
       |
       +--> Trusted Deployment (TUP: sig + hash + role quorum)

Engine Reference

Each engine below lists its source file, API route prefix, number of PostgreSQL tables, and its key invariant.

DPIDecentralized Protocol Infrastructure
5 PG tables

Multi-node Byzantine-fault-tolerant quorum consensus. Every critical decision requires 2/3 quorum across registered nodes. All quorum events are hash-chained.

Source: decentralized_protocol.py
Routes: /api/dpi/*
Key invariant: 2/3 quorum on critical decisions
LSSA10-Layer Sovereign Security Architecture
8 PG tables

10-layer security stack from hardware root of trust through the full trust graph. Each layer attests the layer above it. Compromise of one layer triggers isolation of dependent layers.

Source: lssa.py
Routes: /api/lssa/*
Key invariant: Hardware root of trust to application layer
KSLKey Sovereignty Layer
4 PG tables

Private keys never leave the client device. The server only ever sees public keys and signed challenges. Device-bound JWT tokens bind identity to IP+UA hash. Critical operations require KSL device signature.

Source: ksl.py
Routes: /api/ksl/*
Key invariant: Client-only private key โ€” zero server exposure
TUPTrusted Update Protocol
3 PG tables

All production deployments require a TUP manifest: release key signature + role-diverse quorum (security + ops) + binary hash match. Unsigned or hash-mismatched artifacts are rejected at the gate.

Source: tup.py
Routes: /api/tup/*
Key invariant: Signed deployments with role-diverse quorum
GCEGlobal Consistency Engine
4 PG tables

Cross-node state synchronization with automatic drift detection. Nodes that diverge beyond the threshold are marked DEGRADED and excluded from quorum until re-synced.

Source: gce.py
Routes: /api/gce/*
Key invariant: Automatic state drift detection and isolation
ASRAutonomous Security Response
6 PG tables

Behavioral threat detection with autonomous response. Evidence is hash-chained and immutable. Response actions: MONITOR, THROTTLE, QUARANTINE. No offensive counter-attack โ€” white-hat only.

Source: asr.py
Routes: /api/asr/*
Key invariant: Hash-chained evidence, autonomous quarantine
DSLDefault Settlement Layer
5 PG tables

Atomic transaction settlement with the invariant: signed + approved + proven = settled. No alternative paths exist. Failed settlement rolls back atomically โ€” no partial state.

Source: dsl.py
Routes: /api/settlement/*
Key invariant: Atomic settlement: signed + approved + proven
LSIAImmunity Engine
5 PG tables

System-wide veto and sacrifice authority. Four immunity modes: OPERATIONAL, DEGRADED, SAFE_MODE, CRITICAL_LOCKDOWN. In CRITICAL_LOCKDOWN, LSIA vetoes all AAE/DEC/FIN/DSL operations โ€” this override cannot be bypassed.

Source: immunity_engine.py
Routes: /api/immunity/*
Key invariant: System-wide veto in CRITICAL_LOCKDOWN mode
GCIGlobal Collective Intelligence
6 PG tables

Privacy-preserving pattern consensus across nodes. Only hashed patterns, /24 IP prefixes, and amount buckets are shared โ€” never raw email, IP, user_id, or payload. One node's detection becomes every node's defense.

Source: global_brain.py
Routes: /api/gci/*
Key invariant: Privacy-first: hashed patterns only, no raw data
LocalSecOn-Device Security Runtime
4 PG tables

On-device node runtime with device-bound JWT, signed artifact verification, and offline trust anchors. Operates without network access and maintains local trust state independently.

Source: local_security.py
Routes: /api/local-security/*
Key invariant: Offline-capable, device-bound trust
DPI-HDPI Hardening
3 PG tables

Root-to-intermediate-to-node key hierarchy enforcement for DPI nodes. Validates the full certificate chain on every node registration and quorum participation attempt.

Source: dpi_hardening.py
Routes: /api/dpi/hardening/*
Key invariant: Root -> intermediate -> node key hierarchy
CCConfidential Compute
4 PG tables

SGX/SEV enclave attestation and secret sealing. Secrets are sealed to the enclave measurement โ€” they can only be unsealed by code with an identical measurement. Supports remote attestation verification.

Source: confidential_compute.py
Routes: /api/cc/*
Key invariant: Secrets sealed to enclave measurement
FINFinancial Infrastructure
8 PG tables

Double-entry accounting ledger with per-transaction cryptographic proof. Every debit has a matching credit. Ledger entries are immutable โ€” corrections are made via reversal entries with audit trail.

Source: financial_infra.py
Routes: /api/{ledger,finance}/*
Key invariant: Double-entry ledger with per-tx proof
Approval Workflow
2 PG tables

Critical-action approval gate. Four risk tiers (low/medium/high/critical) โ†’ quorum + role-diverse vote ledger. LSIA should_veto runs at request time (KURAL 22). KSL signature mandatory for high/critical. Insert-event hash chain proves order + inputs immutably; status transitions live on the row but never rewrite the chain. Workers must call check_approved_or_raise() before applying side effects.

Source: approval_workflow.py
Routes: /control/governance/approvals/*
Key invariant: Role-diverse quorum + KSL gate + LSIA veto
Region Heartbeat
1 PG tables

Per-region rolling 60s health beacon โ€” p50/p95/p99/error_rate/RPS sampled from every request via outermost middleware. Background task persists every 15s. Drives Q229 multi-region routing decisions and failover chains: a region is unavailable when error_rate โ‰ฅ 5% or p95 โ‰ฅ 1s. Aggregated into the unified /control/infra panel (registry + live + traffic + immunity mode).

Source: region_heartbeat.py
Routes: /control/infra/*
Key invariant: Rolling p95/error window โ†’ failover chain

API Usage Examples

DPI โ€” Quorum status

terminalBASH
# Check quorum node health
curl -s http://localhost:8888/api/dpi/nodes \
  -H "Authorization: Bearer $TOKEN" | python3 -m json.tool

# Submit a decision for quorum vote
curl -s -X POST http://localhost:8888/api/dpi/decisions \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"decision_type": "policy_change", "payload": {...}, "require_quorum": true}' \
  | python3 -m json.tool

KSL โ€” Device-bound authentication

terminalBASH
# Register a device (generates device_id bound to hardware fingerprint)
curl -s -X POST http://localhost:8888/api/ksl/devices/register \
  -H "Content-Type: application/json" \
  -d '{"public_key": "<base64-encoded-pubkey>", "device_fingerprint": "<fp>"}' \
  | python3 -m json.tool

# Sign a critical operation challenge
curl -s -X POST http://localhost:8888/api/ksl/sign \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"operation": "payment_initiate", "challenge": "<server-challenge>", "signature": "<device-sig>"}' \
  | python3 -m json.tool

LSIA โ€” Immunity mode

terminalBASH
# Check current immunity mode
curl -s http://localhost:8888/api/immunity/status \
  -H "Authorization: Bearer $TOKEN" | python3 -m json.tool

# Example response:
# {
#   "mode": "OPERATIONAL",
#   "veto_active": false,
#   "quarantined_nodes": [],
#   "last_mode_change": "2026-04-21T08:00:00Z"
# }

# In CRITICAL_LOCKDOWN all AAE/DEC/FIN/DSL calls return:
# { "error": "lsia:lockdown_veto", "mode": "CRITICAL_LOCKDOWN" }

ASR โ€” Threat detection

terminalBASH
# List active threats
curl -s http://localhost:8888/api/asr/threats \
  -H "Authorization: Bearer $TOKEN" | python3 -m json.tool

# Get hash-chained audit decision log
curl -s http://localhost:8888/api/asr/decisions \
  -H "Authorization: Bearer $TOKEN" | python3 -m json.tool

# Example decision entry:
# {
#   "id": "dec_0042",
#   "action": "QUARANTINE",
#   "target": "node_x7",
#   "evidence_hash": "sha256:9b2c...",
#   "prev_hash": "sha256:3f4a...",
#   "timestamp": "2026-04-21T09:45:00Z"
# }

TUP โ€” Deployment verification

terminalBASH
# Verify a deployment manifest before apply
curl -s -X POST http://localhost:8888/api/tup/verify \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "manifest_url": "https://releases.example.com/v12.3.0/manifest.json",
    "release_signature": "<sig>",
    "binary_hash": "sha256:<hash>"
  }' | python3 -m json.tool

# Response if valid:
# { "verified": true, "quorum_approved": true, "hash_match": true }
# Response if invalid:
# { "verified": false, "reason": "hash_mismatch" }

PostgreSQL Tables Overview

The sovereign stack creates 76+ tables across the federation database. All migrations are version-controlled in scripts/migrations/ and are applied in dependency order.

EngineKey TablesMigration File
DPIdpi_nodes, dpi_decisions, dpi_audit_chain001_decentralized_protocol.sql
LocalSeclocal_security_devices, ls_trust_anchors002_local_security.sql
DPI-Hdpi_key_hierarchy, dpi_certificates003_dpi_hardening.sql
CCcc_enclaves, cc_measurements, cc_sealed_secrets004_confidential_compute.sql
FINfin_ledger, fin_accounts, fin_transactions, fin_proofs005_financial_infra.sql
LSSAlssa_layers, lssa_attestations, lssa_trust_graph006_lssa.sql
ASRasr_threats, asr_decisions, asr_evidence_chain008_asr.sql
DSLdsl_settlements, dsl_settlement_proofs009_dsl.sql
LSIAlsia_mode_log, lsia_quarantine, lsia_veto_log010_lsia.sql
GCIgci_patterns, gci_consensus, gci_node_reports011_gci.sql
Governancegovernance_approvals, governance_approval_votes, region_heartbeats, region_health_latest (view)2026_04_25_global_governance.sql
NOTE
Run all sovereign migrations with: python3 -m pytest tests/test_decentralized_protocol.py tests/test_local_security.py tests/test_dpi_hardening.py tests/test_confidential_compute.py tests/test_financial_infra.py tests/test_lssa.py tests/test_sovereign_v2_asr_dsl.py tests/test_lsia_gci.py -vโ€” 174 tests, ~22s on a live PG connection.

Next steps

Control Plane
Admin dashboard built on top of the sovereign stack
API Reference
Full REST catalog including all 115 sovereign routes
Architecture
System-wide design across all 29 modules
Operator Runbook
Playbooks for sovereign engine incidents