Canon
Deterministic governance synchronization for external policies.
Canon monitors external regulatory frameworks, hashes rulesets, generates diff evidence packages, and enforces human-in-the-loop approvals for synchronized Anchor policy state updates.
Overview
Canon treats policy updates as a supply chain problem. By utilizing deterministic hashing and append-only ledgers, it guarantees that no policy updates skip human review.
Problem
- Regulatory frameworks shift constantly, creating a drift between code and external compliance standards.
- Manual policy updates are slow, prone to oversight, and lack verifiable audit history.
Motivation
I built Canon to solve the provenance problem. Anchor is only as correct as the policies it enforces; Canon ensures those policies are authoritative, current, and verified.
Solution
Crawl framework sources deterministic state hashes, package updates into diff packages, and compile into a tamper-evident, append-only ledger.
Implementation
Written in Python, utilizing SHA-256 for state tracking and HMAC for approval validation. Controlled via CLI.
Engineering Decisions
Treating policy updates as a supply chain with explicit, signed approval milestones.
Making the human approval gate an architectural invariant that cannot be skipped or automated.
Challenges & Lessons
Formatting highly unstructured government pdfs and web releases into unified rulesets.
Handling transient API errors from upstream regulatory sites deterministically.
Canon Pipeline
Flagship system
Monitored Policy Sources ↓ (Crawling / Normalization) Rule Extraction ↓ (SHA-256 State Hashing) Diff & Evidence Generator ↓ (Human-in-the-Loop Approval) Append-Only Ledger (ledger.jsonl) ↓ (Synchronize) Anchor Rulesets
The ledger records every state transition.
Syncing is transactional and auditable.
Components
Functional building blocks
The flagship documentation uses the same component taxonomy across every system.
Source Adapters
Crawls external portals (NIST, OWASP, EU AI Act).
Diff Engine
Identifies added, changed, or deleted rulesets.
Ledger Log
A tamper-evident JSONL file storing hashed state transitions.
Features
Core capabilities
These are product features in the engineering sense, not marketing copy.
Framework crawl adapters
✓Deterministic state hashes
✓Tamper-evident log chain
✓Human review approval gate
✓CLI Sync Sequence
Fetch changes and review the update proposals.
canon fetch canon review canon verify
Example output
A governed action should return enough evidence to review without reconstructing the entire runtime path.
State hash: sha256_b7c1f44... Delta: 3 new, 1 removed Ledger chain verification: VALID
Documentation
- canon fetch
- canon review
- canon verify
- canon status
Papers & Consultation Briefs
Benchmarks
- Diff engine (100 rules): 88µs
- E2E Pipeline (Diff+Hash+Ledger): 490µs
- Ledger chain hashing: 1.3µs
Roadmap
The roadmap separates what is already shipped from the next layer of work so the public record stays explicit.
Shipped
Adapters · Diff generation · Ledger chain
Next
Adapter framework coverage · Automatic policy pull alerts · Sync adapters for Anchor v6
Related Systems
Connected systems
Systems in the ecosystem that depend on or complement this flagship project.