docs: Rename auditor deep-dive to auditor-privacy-preserving-ai-governance.md

More representative of Layer 3 focused content. Updated all cross-references.

Author: ramkri123

README.md

@@ -138,7 +138,7 @@ AegisSovereignAI is designed to be framework-agnostic, serving as a secure execu
 
 *   **[Auditor Guide](./docs/auditor.md)** - High-level overview of the attestation-linked evidence model covering the full AI lifecycle (Ingestion, Training, and Inference), verifiable geofencing (Reg-K), and identity binding. Includes the complete Evidence Bundle structure for regulatory reporting.
 *   **[Infrastructure Sovereignty (Layer 1/2)](./docs/infrastructure-sovereignty.md)** - Technical deep-dive on **Environmental Trust**: Hardware attestation (TEE/TPM), identity binding (SPIFFE/SPIRE + Keylime), privacy-preserving geofencing (Reg-K), and data ingestion provenance.
-*   **[Privacy-Preserving AI Governance (Layer 3)](./docs/auditor-privacy-preserving-deep-dive.md)** - Technical walkthrough of the **Four-Track Layer 3 Governance Lifecycle** (Training, System Prompt, User Prompt, Output), Batch & Purge architecture, and modular Evidence Bundle verification.
+*   **[Privacy-Preserving AI Governance (Layer 3)](./docs/auditor-privacy-preserving-ai-governance.md)** - Technical walkthrough of the **Four-Track Layer 3 Governance Lifecycle** (Training, System Prompt, User Prompt, Output), Batch & Purge architecture, and modular Evidence Bundle verification.
 *   **[Threat Model: Unmanaged Device Security](./hybrid-cloud-poc/THREAT-MODEL-unmanaged-device.md)** - Analysis of **Infrastructure Blind Spots** on **BYOD/Unmanaged Devices**, detailing how AegisSovereignAI prevents location spoofing via hardware-rooted sensor fusion.
 *   **[Unified Identity Deep-Dive](./hybrid-cloud-poc/README-arch-sovereign-unified-identity.md)** - Detailed technical architecture of the SPIRE/Keylime identity fusion model.
 *   **[IETF WIMSE Draft](https://datatracker.ietf.org/doc/draft-lkspa-wimse-verifiable-geo-fence/)** - Our contribution to standardizing verifiable geo-fences in multi-system environments.

…/auditor-privacy-preserving-deep-dive.md …itor-privacy-preserving-ai-governance.mddocs/auditor-privacy-preserving-deep-dive.md renamed to docs/auditor-privacy-preserving-ai-governance.md docs/auditor-privacy-preserving-deep-dive.md renamed to docs/auditor-privacy-preserving-ai-governance.md

@@ -1,6 +1,6 @@
 # Auditor Guide: Verifying the Sovereign Trust Loop
 
-> **For Auditors & Risk Officers:** This is the high-level guide to understanding AegisSovereignAI's attestation-linked evidence model. For a deep technical dive into **privacy-preserving techniques (e.g. ZKP)** circuits and the Five-Track architecture for the full AI lifecycle, see the **[Privacy-Preserving Deep-Dive for Technical Auditors](./auditor-privacy-preserving-deep-dive.md)**.
+> **For Auditors & Risk Officers:** This is the high-level guide to understanding AegisSovereignAI's attestation-linked evidence model. For a deep technical dive into **privacy-preserving techniques (e.g. **Zero-knowledge-proofs aka ZKPs**)** circuits and the Five-Track architecture for the full AI lifecycle, see the **[Privacy-Preserving Deep-Dive for Technical Auditors](./auditor-privacy-preserving-deep-dive.md)**.
 
 AegisSovereignAI provides a cryptographically verifiable solution to the **"Accountability Gap"** in modern AI infrastructure. This guide provides auditors and risk officers with the technical framework required to prove compliance with global standards, including the **EU AI Act**, **NIST AI RMF**, and **Regulation K (Reg-K)**.
 
@@ -10,7 +10,7 @@ Traditional IT security relies on **Infrastructure Blind Spots**—where an admi
 
 Auditors use time-bound, attestation-linked proofs to:
 - **Test Control Effectiveness**: Verify that claimed controls (attestation, residency, model integrity) worked at a concrete instant.
-- **Solve the Residency vs. Privacy Deadlock**: Use **privacy-preserving techniques (e.g. ZKP)** to prove data residency and model compliance without ingesting or storing high-liability **Personally Identifiable Information (PII)**.
+- **Solve the Residency vs. Privacy Deadlock**: Use **privacy-preserving techniques (e.g. **ZKP**)** to prove data residency and model compliance without ingesting or storing high-liability **Personally Identifiable Information (PII)**.
 - **Establish Physical Provenance**: Prove that a specific decision was made on authorized, heterogeneous hardware (Intel TDX, AMD SEV, NVIDIA H100) and not on a spoofed or unauthorized platform.
 - **Ensure Litigation Readiness**: Create an evidentiary chain suitable for regulatory audit, expert review, or courtroom discovery.
 
@@ -40,7 +40,7 @@ When an AI inference request is made, AegisSovereignAI performs a "Pre-Flight Ch
 1.  **Ingestion/Provenance Verification:** Proving the data source is a genuine hardware device in an authorized region (Track A).
 2.  **Training/Redaction Verification:** Proving the model was trained only on policy-compliant, redacted data (Track B).
 3.  **Hardware Verification:** Keylime requests a **TPM Quote** to ensure the silicon is genuine and the OS is untampered.
-4.  **Location Verification:** The node generates a **privacy-preserving proof (e.g. ZKP)** that its current hardware-measured location matches the "Green Zone" policy.
+4.  **Location Verification:** The node generates a **privacy-preserving techniques (e.g. **ZKP**)** proof that its current hardware-measured location matches the "Green Zone" policy.
 5.  **Inference Governance (Batch & Purge):** Generating proofs for system/user prompts and AI outputs while purging raw data (Tracks C/D/E).
 6.  **Identity Fusion:** SPIRE issues a **Unified SVID** that cryptographically binds the verified hardware to the specific User Session.
 

docs/auditor.md

@@ -1,6 +1,6 @@
 # Infrastructure Sovereignty: Layer 1 & Layer 2 Trust Primitives
 
-> **For Technical Auditors & Architects:** This document covers the **Environmental Trust** foundations (Hardware + Identity + Location) that must be established before Layer 3 AI Governance can begin. For the AI-specific governance model (prompts, outputs, compliance proofs), see the **[Privacy-Preserving Deep-Dive](./auditor-privacy-preserving-deep-dive.md)**.
+> **For Technical Auditors & Architects:** This document covers the **Environmental Trust** foundations (Hardware + Identity + Location) that must be established before Layer 3 AI Governance can begin. For the AI-specific governance model (prompts, outputs, compliance proofs), see the **[Privacy-Preserving Deep-Dive](./auditor-privacy-preserving-ai-governance.md)**.
 
 ---
 
@@ -12,11 +12,11 @@ Before auditing **what the AI is saying** (Layer 3), auditors must first verify
 |-------|--------------|----------------------|
 | **Layer 1: Infrastructure** | Hardware Trust | "Is this genuine, untampered silicon?" |
 | **Layer 2: Identity** | Environmental Trust | "Is this workload running in an authorized location on an authorized device?" |
-| **Layer 3: Governance** | Content Trust | "Did this AI follow the governance policy?" (See [Privacy-Preserving Deep-Dive](./auditor-privacy-preserving-deep-dive.md)) |
+| **Layer 3: Governance** | Content Trust | "Did this AI follow the governance policy?" (See [Privacy-Preserving Deep-Dive](./auditor-privacy-preserving-ai-governance.md)) |
 
 **The Modular Evidence Bundle:** When an auditor receives an Evidence Bundle, verification proceeds in stages:
 - **Stage 1 (This Document):** "Is this a valid Aegis Sovereign Node?" → Verified via Layer 1/2 Attestation
-- **Stage 2 ([Deep-Dive](./auditor-privacy-preserving-deep-dive.md)):** "Did this node follow the governance policy?" → Verified via Layer 3 ZKP
+- **Stage 2 ([Deep-Dive](./auditor-privacy-preserving-ai-governance.md)):** "Did this node follow the governance policy?" → Verified via Layer 3 ZKP
 
 ---
 
@@ -138,7 +138,7 @@ When an auditor requests infrastructure attestation, they receive:
 2. **Verify Identity Binding:** Confirm the SVID is bound to the attested hardware.
 3. **Verify Geofence Proof:** Confirm the workload is within the compliant boundary.
 
-Once Stage 1 passes, the auditor proceeds to **Stage 2** ([Layer 3 Governance Verification](./auditor-privacy-preserving-deep-dive.md)).
+Once Stage 1 passes, the auditor proceeds to **Stage 2** ([Layer 3 Governance Verification](./auditor-privacy-preserving-ai-governance.md)).
 
 ---
 
@@ -154,4 +154,4 @@ Once Stage 1 passes, the auditor proceeds to **Stage 2** ([Layer 3 Governance Ve
 
 ---
 
-[Root README](../README.md) | [Auditor Guide](./auditor.md) | [Privacy-Preserving Deep-Dive (Layer 3)](./auditor-privacy-preserving-deep-dive.md)
+[Root README](../README.md) | [Auditor Guide](./auditor.md) | [Privacy-Preserving Deep-Dive (Layer 3)](./auditor-privacy-preserving-ai-governance.md)

docs/infrastructure-sovereignty.md

@@ -46,7 +46,7 @@ Using the **Keylime-to-SPIRE** loop, Aegis acts as a physical kill-switch for th
 | --- | --- | --- |
 | **Ingress (BYOD)** | **Secure Enclave Attestation** | Proves the customer's phone is untampered without needing MDM. |
 | **Orchestration** | **Blended SVID Handshake** | Ensures Agent A can only talk to Agent B if both share a valid User-Session claim. |
-| **Egress (Audit)** | **Privacy-Preserving (e.g. ZKP) Geofencing** | Proves the advisor's final sign-off occurred in a "Green Zone" (US branch). |
+| **Egress (Audit)** | **Privacy-Preserving (e.g. Zero-knowledge-proofs aka ZKPs) Geofencing** | Proves the advisor's final sign-off occurred in a "Green Zone" (US branch). |
 
 ---
 

docs/langgraph-integration.md

@@ -172,7 +172,7 @@ SPIRE AGENT SVID ISSUANCE & WORKLOAD SVID ISSUANCE:
   - Envoy WASM Plugin and Mobile Sensor Microservice (Mock MNO) to be released as standalone, reusable open source projects
 - **Mobile Sensor Microservice (Mock MNO)**:
   - Acts as the "Mock MNO" provider for verifying "Device Location" via CAMARA APIs.
-  - Verifier calls this service (conceptually) or verifies the ZKP receipt derived from it.
+  - Verifier calls this service (conceptually) or verifies the Zero-knowledge-proofs aka ZKPs receipt derived from it.
 - No breaking changes to either upstream project
 - Each component independently mergeable
 
@@ -267,7 +267,7 @@ AegisSovereignAI closes the Perception Gap by moving beyond single-source trust:
 ## Edge Ecosystems (Apple, Android, Windows, Linux)
 
 Aegis provides a unified security strategy for billions of managed and unmanaged endpoints:
-1.  **Apple (iOS & Apple Silicon macOS)**: Uses **App Attest** for app-level hardware binding. Note that on macOS, App Attest requires **Apple Silicon** (M-series chips). For Enterprise-managed hardware (e.g., JPMC-managed), **Managed Device Attestation (MDA)** provides enterprise policy enforcement across both iOS and macOS (Intel & Silicon).
+1.  **Apple (iOS & Apple Silicon macOS)**: Uses **App Attest** for app-level hardware binding. Note that on macOS, App Attest requires **Apple Silicon** (M-series chips). For Enterprise-managed hardware (e.g., at JPMC or Barclays), **Managed Device Attestation (MDA)** provides enterprise policy enforcement across both iOS and macOS (Intel & Silicon).
 2.  **Android (StrongBox/TEE)**: Uses **Android Key Attestation**. The Aegis Verifier validates the hardware-rooted certificate chain (signed by Google's Root CA) to verify Bootloader status and ensure the banking app's keys are stored in a dedicated **StrongBox** or **Trusted Execution Environment (TEE)**.
 
 > [!TIP]

hybrid-cloud-poc/README-arch-sovereign-unified-identity.md

@@ -78,8 +78,8 @@ This PoC provides end-to-end implementation for **Stage 2: Trusted Egress & Data
 - ✅ mTLS with hardware-bound certificates (workload attestation)
 
 **Roadmap (Architecturally Defined):**
-- 🔲 Privacy-preserving Geofencing (Ingress & Egress): ZKP-based Reg-K compliance without storing GPS - See Architecture Documentation section below
-or Mo- 🔲 Privacy-preserving data center audit trail (batch & purge proofs) - See main [README](../README.md#layer-3-ai-governance-verifiable-logic--privacy)
+- 🔲 Privacy-preserving Geofencing (Ingress & Egress): ZKP-based Reg-K compliance without storing GPS or Mobile Network location data - See Architecture Documentation section below
+- 🔲 Privacy-preserving data center audit trail (batch & purge proofs) - See main [README](../README.md#layer-3-ai-governance-verifiable-logic--privacy)
 
 ---
 

hybrid-cloud-poc/README.md

@@ -19,7 +19,7 @@ This roadmap outlines a 90-day execution template to transition the AegisSoverei
 **Goal:** Extend the trust boundary to unmanaged HNW customer devices via Verified Ingress.
 
 *   **Workstream 4 (Mobile SDK):** Integrate the Aegis Ingress SDK (App Attest/Key Attestation) into an authorized mobile application (e.g., JPM Private Banking).
-*   **Workstream 5 (Privacy-Preserving Geofencing):** Implement **privacy-preserving techniques (e.g. ZKP)** for verified geofencing (Reg-K compliance) in high-risk regions.
+*   **Workstream 5 (Privacy-Preserving Geofencing):** Implement **privacy-preserving techniques (e.g. Zero-knowledge-proofs aka ZKPs)** for verified geofencing (Reg-K compliance) in high-risk regions.
 *   **Workstream 6 (Aegis Verifier):** Instantiate the Aegis Verifier as the "Trust Bridge" between OEM Root CAs and the bank's SPIRE server.
 *   **Milestone:** A HNW customer performs a trade verification from a personal iPhone with **Point-in-Time** hardware attestation.