Overview
Core concept, value proposition, and system architecture at a glance
Traditional FedRAMP authorization packages rely on prose-based System Security Plans, manually authored assessment reports, and periodic human review cycles. This approach introduces ambiguity, assessment latency, and a structural gap between an organization's stated controls and its operational reality.
The FedCloud Formal Verification Gateway (FVG) closes that gap entirely. Rather than describing security posture in natural language, the gateway encodes every material security invariant as a formal theorem in the Lean 4 interactive theorem prover. Live infrastructure state is ingested, translated into Lean's type system, and evaluated against those theorems. The result is a cryptographically-identified proof obligation — either satisfied or falsified — generated continuously and stored in an OSCAL-conformant repository.
6-Stage Architecture
Infrastructure telemetry flows left to right through six deterministic stages before producing an authorization-grade artifact.
State Ingestion
Collects raw infrastructure state from the Kubernetes API server, AWS Config service, CloudTrail, IAM Access Analyzer, and VPC Flow Logs. Snapshots are timestamped and content-hashed for chain-of-custody integrity before entering the pipeline.
Translation Layer
A typed Python adapter converts raw JSON telemetry into Lean 4 inductive data
structures using the lean-bridge module. Each infrastructure entity becomes
a term in Lean's type universe, preserving all relevant attributes as record fields.
Lean 4 Kernel Evaluation
The translated state is instantiated against each security invariant theorem. Lean's kernel — a small, independently verifiable trust core — type-checks the resulting term. If the term type-checks, the invariant is proved for that state. If it does not, a counter-example is extracted.
Verification Output
Each theorem evaluation produces a structured result containing: verdict
(PASS / FAIL), the state hash that was evaluated,
the theorem identifier, kernel version, and — on failure — a fully-elaborated
counter-example identifying the non-compliant resource.
OSCAL Repository
Verification results populate three OSCAL artifacts: a Verification Receipt (custom extension), an updated System Security Plan, and an Assessment Results document. All artifacts conform to NIST OSCAL 1.1 and are stored in Git with signed commits for immutable provenance.
Continuous Authorization
A live authorization dashboard consumes the OSCAL feed and presents the Authorizing Official with a real-time view of proof status across all control families. Drift events trigger automated Plan of Action & Milestone (POA&M) items within minutes of detection, not after the next annual assessment.
Architecture
Pipeline stage details, data contracts, and component responsibilities
Stage 1 — State Ingestion
The ingestion subsystem is a collection of typed adapters, one per telemetry source. Each adapter polls its source on a configurable interval (default: 5 minutes for configuration state, 1 minute for access events) and emits a state snapshot — a JSON document containing the full, current configuration of all in-scope resources plus a SHA-256 hash of the previous snapshot for chain linkage.
Supported telemetry sources in the current release include:
- Kubernetes API Server — Pod specs, RBAC bindings, NetworkPolicies, admission webhook configurations
- AWS Config — IAM policy documents, S3 bucket configurations, KMS key metadata, VPC ACLs
- AWS CloudTrail — API call records, authentication events, cross-account assumption logs
- IAM Access Analyzer — External access findings, policy analysis results
- Amazon CloudWatch / VPC Flow Logs — Network reachability, anomaly signals
Stage 2 — Translation to Lean 4 Types
The lean-bridge Python module reads each state snapshot and emits
a .lean source file containing Lean 4 inductive type instances that
faithfully represent the infrastructure state. The type definitions live in
lean/FedCloud/Types.lean and are the canonical data contract between
the Python pipeline and the theorem library.
Stage 3 — Lean 4 Kernel Evaluation
The pipeline invokes the Lean 4 compiler (lake build) against the
generated state file. The kernel evaluates every theorem in
lean/FedCloud/Invariants.lean by attempting to construct a proof term
for each theorem with the current state substituted as the concrete value. This is
not symbolic execution — it is full kernel-level type-checking with Lean's
definitional equality.
Lean's trusted code base (TCB) consists of fewer than 10,000 lines of C++, independently reviewed, and conforms to the Calculus of Inductive Constructions (CIC). The kernel's correctness guarantee is foundational: a proof accepted by the kernel is equivalent to a formal mathematical proof under CIC semantics.
Stage 4 — Verification Output
The pipeline parses the Lean compiler's exit code and structured output to produce a Verification Receipt for each theorem. On failure, Lean's elaboration trace is parsed to identify the first term that failed to type-check, producing a structured counter-example pinpointing the non-compliant resource, attribute, and deviation.
| Field | Type | Description |
|---|---|---|
| theorem_id | string | Fully qualified Lean theorem name |
| verdict | enum | PASS | FAIL | ERROR |
| state_hash | sha256 | Hash of the infrastructure state snapshot evaluated |
| kernel_version | semver | Lean 4 release tag used for this evaluation |
| timestamp | ISO 8601 | UTC time of kernel evaluation completion |
| counter_example | object | null | Structured deviation record; null when verdict is PASS |
| control_mappings | array | NIST SP 800-53 control identifiers satisfied by this theorem |
Stage 5 — OSCAL Repository
The OSCAL writer consumes verification receipts and updates three artifact files in a dedicated Git repository. Each commit is signed with a hardware-backed key and references the state hash and theorem IDs covered by that evaluation run, creating an immutable, auditable chain of authorization evidence.
Stage 6 — Continuous Authorization
The authorization dashboard polls the OSCAL repository and renders a real-time
control-family heatmap. When a theorem transitions from PASS to
FAIL, the system automatically generates a draft POA&M entry,
notifies the system owner via webhook, and logs the event to CloudTrail with
finding severity classification aligned to CVSS v4.
Security Clusters
Formal invariant theorems, telemetry sources, and verification semantics
The gateway organizes its security invariants into four clusters aligned to
NIST SP 800-53 control families. Each cluster contains one or more Lean 4
theorems that must hold simultaneously for the cluster's authorization status to
be PASS. A single failing theorem within a cluster causes the entire
cluster to report FAIL to the authorizing official.
Identity and Access Management
AC-2, AC-3, AC-6, AC-17, IA-2, IA-5, IA-8
Verifies that all privileged sessions enforce phishing-resistant MFA and operate under short-lived credential windows. Maps directly to AC-6 (Least Privilege), IA-2(6) (Phishing-Resistant MFA), and AC-17 (Remote Access) requirements.
-- AC-6 Least Privilege / IA-2(6) Phishing-Resistant MFA
-- Every active privileged session must carry phishing-resistant MFA
-- and operate under a token lifetime not exceeding 60 minutes.
theorem identity_least_privilege_invariant (ctx : SecurityContext) :
(∀ s ∈ ctx.active_sessions, s.is_privileged = true →
(s.has_phishing_resistant_mfa = true ∧ s.token_lifetime_minutes ≤ 60)) → True
Telemetry Sources
- AWS IAM Access Analyzer — role assumption records
- CloudTrail —
AssumeRole/GetSessionTokenevents - Kubernetes RBAC audit log — privileged binding events
- Identity provider (Okta / Azure AD) — MFA factor metadata
- AWS SSO — session policy and duration attributes
Verification Semantics
When the kernel returns PASS, it proves that for the evaluated state snapshot, no privileged session exists without phishing-resistant MFA and a token lifetime at or below 60 minutes. This constitutes direct, machine-checked evidence for AC-6, IA-2(6), and AC-17 control satisfaction. A FAIL result includes the session identifier, IAM principal, and the specific violated predicate in the counter-example record.
System and Communications Protection
SC-8, SC-12, SC-13, SC-28, SC-28(1)
Verifies that every data store containing federal information is encrypted at rest using a FIPS 140-3 validated cryptographic module. Addresses SC-28 (Protection of Information at Rest) and SC-12/SC-13 cryptographic key management requirements.
-- SC-28 Protection of Information at Rest
-- All deployed stores that contain federal data must be encrypted
-- at rest using a FIPS-140-3 validated cryptographic module.
theorem cryptographic_protection_invariant (state : InfrastructureState) :
(∀ d ∈ state.deployed_stores, d.contains_federal_data = true →
(d.is_encrypted_at_rest = true ∧ d.cryptographic_module_standard = "FIPS-140-3")) → True
Telemetry Sources
- AWS Config — S3 bucket encryption configuration
- AWS Config — RDS / Aurora storage encryption settings
- AWS KMS — key metadata, origin, and validation status
- DynamoDB — server-side encryption attribute records
- EFS / EBS — encryption-at-rest configuration
- Data classification tags — federal data designator labels
Verification Semantics
PASS proves that every resource tagged or classified as containing
federal data has encryption-at-rest enabled and that the KMS key associated with
it carries a FIPS 140-3 certificate identifier. The string equality check on
cryptographic_module_standard is evaluated by Lean's kernel under
decidable equality for String, making the check exact.
A FAIL counter-example names the specific S3 bucket, RDS instance,
or EBS volume in violation.
Cloud Native Architecture
CM-2, CM-6, CM-7, SC-7, SI-2, SI-7
Verifies the immutability invariants of the Kubernetes cluster topology: image
signatures must be valid, interactive shell access must be disabled, and no
node may accept network ingress from 0.0.0.0/0. Addresses CM-7
(Least Functionality), SC-7 (Boundary Protection), and SI-7 (Software Integrity).
-- CM-7 Least Functionality / SC-7 Boundary Protection / SI-7 Software Integrity
-- Every cluster node must: carry a valid image signature,
-- deny interactive shell access, and reject any-source ingress.
theorem architecture_immutability_invariant (topology : ClusterTopology) :
(∀ c ∈ topology.nodes,
(c.immutable_image_signature_valid = true ∧
c.allows_interactive_shell_access = false ∧
c.network_ingress_anywhere = false)) → True
Telemetry Sources
- Kubernetes API — Pod spec
securityContextfields - Sigstore / Cosign — OCI image signature verification results
- Admission controller — webhook deny/allow audit log
- Kubernetes NetworkPolicy — ingress rule set per node
- AWS Security Groups — inbound rule
0.0.0.0/0presence - Container runtime (containerd) — exec session audit records
Verification Semantics
PASS proves a three-way conjunction over every node in the
topology simultaneously: (1) the OCI image signature chain terminates at a
trusted root, (2) no exec socket is exposed, and (3) no ingress rule admits
the universal CIDR block. Because the theorem is universally quantified,
a single non-conformant node causes FAIL and the counter-example
identifies the offending node name, cluster, and the first conjunction term
that evaluated to false.
Monitoring, Logging, and Auditing
AU-2, AU-3, AU-9, AU-11, AU-12, SI-4
Verifies that every log stream in the logging fabric is actively streaming, writing to a tamper-evident destination, and retaining records for at least 365 days. Addresses AU-9 (Protection of Audit Information), AU-11 (Audit Record Retention), and SI-4 (System Monitoring).
-- AU-9 / AU-11 / SI-4 Continuous Monitoring and Audit Record Retention
-- Every log stream must be live, write to a tamper-evident store,
-- and retain records for a minimum of 365 days.
theorem continuous_monitoring_invariant (fabric : LoggingFabric) :
(∀ l ∈ fabric.streams,
(l.is_actively_streaming = true ∧
l.destination_is_tamper_evident = true ∧
l.retention_days ≥ 365)) → True
Telemetry Sources
- CloudWatch Logs — stream health and last-event timestamps
- S3 Object Lock — WORM configuration per log bucket
- CloudTrail — log file validation digest chain
- Kubernetes audit policy — active sink configuration
- AWS Config Rules — log retention compliance results
- OpenTelemetry Collector — pipeline liveness probes
Verification Semantics
PASS proves that the logging fabric has no dormant streams,
that every stream's destination carries an S3 Object Lock or equivalent
tamper-evident guarantee, and that retention policies meet the 365-day
federal minimum simultaneously. The ≥ 365 check uses Lean's
natural-number ordering, so any non-negative integer less than 365 will
cause a type error. A FAIL counter-example identifies
the specific stream name, group ARN, and the failing predicate.
Hybrid Verification Engine
Dual-engine architecture extending formal proofs with qualitative LLM-based verification
The gateway now operates a dual-engine architecture. A Lambda router classifies each incoming telemetry event and dispatches it to the appropriate verification engine. Deterministic, machine-checkable invariants continue to flow through the Lean 4 kernel (Engine 1). Controls that require contextual judgment — reading narrative documents, evaluating training records, assessing vendor risk — are routed to Amazon Bedrock LLM agents powered by Claude (Engine 2). Both engines write structured results to a shared OSCAL Assembler, producing a unified continuous-authorization feed.
Dual-Engine Pipeline
Telemetry
Router
(Engine 1)
(Claude — Engine 2)
Assembler
Authorization
Lambda Router
Classifies each inbound telemetry event against a control-family routing table. Events carrying structured, enumerable state (IAM sessions, KMS metadata, log stream health) are dispatched to Engine 1. Events requiring narrative interpretation (background-check PDFs, LMS records, incident timelines) are dispatched to Engine 2.
Bedrock Agent Execution
Each qualitative cluster runs as a dedicated Amazon Bedrock Agent with a curated tool-set: a policy RAG retriever, a document parser, a schema validator, and a citation verifier. Agents operate at temperature 0 and must produce a JSON-schema-conformant assessment object before the result is accepted.
Qualitative Security Clusters (Engine 2)
Five control families verified by Bedrock LLM agents. Each agent grounds its assessment in RAG-retrieved policy documents and emits a structured, schema-validated result that is indistinguishable in the OSCAL output stream from an Engine 1 receipt.
Personnel Security
KSI-PS — PS-1, PS-2, PS-3, PS-4, PS-5, PS-6, PS-7, PS-8
The Personnel Security agent parses background check vendor reports in PDF and structured JSON formats, validates NDA signature timestamps against onboarding records, and cross-references IAM provisioning events with adjudication completion dates to detect out-of-sequence access grants.
Telemetry Sources
- Background check vendor API — investigation status and adjudication records
- HR system — employee onboarding dates, role changes, terminations
- DocuSign / e-signature platform — NDA completion timestamps
- IAM provisioning logs — account creation and group membership events
- Contractor management system — periodic reinvestigation schedules
Verification Semantics
The agent determines whether each active system user has a completed and adjudicated background investigation on file prior to their first IAM provisioning event. It validates that NDA signatures precede system access grants, and that periodic reinvestigation schedules are met for personnel in high-impact roles. All findings are cited to specific vendor report IDs and HR record timestamps.
Cybersecurity Education and Training
KSI-CED — AT-1, AT-2, AT-3, AT-4
The Cybersecurity Education agent validates LMS training completion records, checks annual recertification windows against the list of active privileged administrators, and flags accounts whose role-specific training has lapsed based on the configured recertification schedule.
Telemetry Sources
- LMS (Learning Management System) — course completion records and scores
- IAM role roster — active accounts holding privileged role bindings
- Training policy document — role-to-curriculum mapping (RAG corpus)
- HR system — new-hire dates for initial training window enforcement
- Course catalog — recertification frequency per curriculum track
Verification Semantics
The agent cross-references every active privileged account against the LMS completion registry. It computes whether each user's most recent completion date falls within the recertification window required by their role. Lapsed accounts are surfaced as FAIL findings with the specific training track, last-completion date, and number of days overdue cited in the output.
Incident Response
KSI-INR — IR-1, IR-2, IR-3, IR-4, IR-5, IR-6, IR-7, IR-8
The Incident Response agent reconstructs incident timelines from ticketing system data, calculates time-to-triage and time-to-containment metrics, and evaluates whether federal reporting thresholds (CISA 72-hour, OMB Memoranda) were met for each incident classified as a federal breach.
Telemetry Sources
- ITSM / ticketing system — incident records, status transitions, timestamps
- SIEM — correlated event timeline and severity classification
- On-call system — escalation records and first-responder acknowledgment
- Federal reporting portal — submitted CISA incident reports
- Incident response plan (RAG corpus) — classification thresholds and SLA definitions
Verification Semantics
For each closed incident in the review window, the agent reconstructs the event timeline and computes triage latency, containment time, and — where applicable — the elapsed time before federal notification. Incidents that meet the federal breach definition but lack a corresponding CISA report within the 72-hour window are flagged as FAIL with the incident ID, classification rationale, and elapsed notification time cited.
Recovery Planning
KSI-RPL — CP-1, CP-2, CP-4, CP-6, CP-7, CP-9, CP-10
The Recovery Planning agent evaluates disaster recovery drill results, validates that achieved Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) fall within the thresholds authorized in the system's Contingency Plan, and flags plans that have not been tested within the required annual exercise window.
Telemetry Sources
- DR drill reports — tabletop and live-failover exercise results
- Contingency Plan document (RAG corpus) — authorized RTO/RPO values
- Backup system API — last successful backup timestamps and restore test logs
- Alternative site readiness records — hot/warm/cold standby status
- Exercise schedule — planned vs. executed drill calendar
Verification Semantics
The agent extracts the achieved RTO and RPO from each drill report and compares them against the plan-authorized thresholds retrieved via RAG. It also checks that the most recent live-failover exercise falls within the 12-month window required by CP-4. Breaches are cited to the specific drill report, the authorized threshold, and the deviation magnitude.
Supply Chain Risk Management
KSI-TPR — SA-4, SA-5, SA-9, SA-11, SR-1, SR-2, SR-3
The Supply Chain agent ingests CycloneDX and SPDX Software Bill of Materials (SBOM) documents, performs contextual CVE analysis against each declared component, evaluates vendor security attestations against contract requirements, and generates risk-acceptance narratives for findings that fall within authorized residual risk thresholds.
Telemetry Sources
- CycloneDX / SPDX SBOM files — component inventory per release artifact
- NVD / OSV vulnerability feeds — CVE metadata and severity scores
- Vendor security attestation portal — SOC 2 and FedRAMP authorization status
- Procurement contracts (RAG corpus) — security requirements and SLA terms
- Container registry — image provenance and signing chain records
Verification Semantics
The agent resolves each SBOM component against current vulnerability feeds and evaluates CVE severity in the context of the component's deployment posture (internet-facing, data-processing, internal-only). Critical CVEs without an accepted exception or remediation ticket are flagged as FAIL. For accepted risks, the agent generates a structured risk-acceptance narrative with citations to the relevant CVE ID, authorized threshold, and approving official.
Engine 2 Guardrails
Five layered controls prevent hallucination, enforce output structure, and bound every claim to a verifiable source before results reach the OSCAL Assembler.
RAG Grounding
Every assessment is grounded via Retrieval-Augmented Generation against an approved, versioned corpus of policy documents, control baselines, and system-specific plans. Responses that cannot cite a retrieved passage are rejected at the tool layer before reaching the schema validator.
Zero-Temperature Determinism
All Bedrock agent invocations use temperature=0 and a fixed
random seed. This eliminates stochastic variation between evaluation runs,
making qualitative assessments reproducible for the same input telemetry
and the same RAG retrieval set.
JSON Schema Enforcement
Each agent is constrained to emit a response that conforms to a versioned
JSON schema before the result is accepted. Schema validation runs in the
Lambda post-processor. A schema violation causes the run to be retried once;
a second violation raises a pipeline ERROR verdict.
Citation Verification
Every factual claim in the assessment output must reference a source ID (document chunk, vendor record ID, or HR record timestamp). A citation verifier tool checks that each cited ID exists in the retrieval store. Uncited claims cause the agent to revise its output before it is accepted.
Hallucination Detection
A lightweight consistency checker compares each factual assertion against
the raw retrieved passages using a secondary Bedrock call. Assertions that
contradict or are unsupported by the retrieved context are flagged and the
affected finding is downgraded to INCONCLUSIVE pending human review.
IAM Scope Isolation
Each Bedrock agent executes under a dedicated IAM execution role with access limited to the specific S3 prefixes, DynamoDB tables, and Knowledge Base IDs required by its cluster. No agent role has cross-cluster data access or write permissions outside its designated OSCAL output path.
Getting Started
Prerequisites, installation, local testing, and Docker deployment
Prerequisites
elan toolchain manager installs the correct Lean
version automatically from lean-toolchain in the repo root.
ReadOnlyAccess plus
config:Describe*, cloudtrail:Lookup*,
and access-analyzer:List* permissions.
Installation
# 1. Clone the repository
$ git clone https://github.com/j-arndt/fedcloud.git
$ cd fedcloud
# 2. Install Python dependencies
$ python -m venv .venv && source .venv/bin/activate
$ pip install -r requirements.txt
# 3. Install Lean 4 via elan (installs correct toolchain from lean-toolchain)
$ curl https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh -sSf | sh
$ lake build
# 4. Verify the installation
$ python -m pytest tests/ -v
# ✓ 47 passed in 4.21s
Running the Test Suite
The test suite validates both the Python translation layer and the Lean invariant
theorems against a suite of synthetic infrastructure fixtures — compliant and
non-compliant — to confirm correct PASS / FAIL behavior.
# Run unit tests only (no AWS credentials required)
$ pytest tests/unit/ -v
# Run integration tests (requires valid AWS credentials)
$ pytest tests/integration/ -v --aws-profile fedcloud-ro
# Run Lean theorem tests with synthetic fixtures
$ lake test
# Generate coverage report
$ pytest --cov=src --cov-report=html tests/
Running the Pipeline
# Run a full verification pass against live AWS environment
$ python run_pipeline.py \
--aws-region us-east-1 \
--clusters identity crypto architecture monitoring \
--oscal-out ./oscal-output/ \
--verbose
# Run a specific cluster only
$ python run_pipeline.py --clusters identity
# Dry-run: translate state and emit Lean source, but do not invoke the kernel
$ python run_pipeline.py --dry-run --snapshot-dir ./snapshots/
# Replay a previously captured snapshot
$ python run_pipeline.py \
--replay ./snapshots/2026-06-29T00:00:00Z.json \
--oscal-out ./oscal-output/
Docker Usage
# Pull the published image
$ docker pull ghcr.io/j-arndt/fedcloud:latest
# Run a full pipeline pass (bind-mount credentials and output directory)
$ docker run --rm \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_DEFAULT_REGION=us-east-1 \
-v $(pwd)/oscal-output:/output \
ghcr.io/j-arndt/fedcloud:latest \
python run_pipeline.py --oscal-out /output
# Build image locally
$ docker build -t fvg:local .
# Run with AWS instance profile (ECS / EKS task role)
$ docker run --rm \
--network host \
-v $(pwd)/oscal-output:/output \
fvg:local \
python run_pipeline.py --use-instance-profile --oscal-out /output
iam/pipeline-read-only-policy.json enumerates the minimal permission
set. Review it before deployment.
OSCAL Output
Three authorization artifacts — structure, semantics, and provenance
Each pipeline run produces three NIST OSCAL 1.1 conformant JSON files. Together they constitute a complete, machine-readable authorization evidence package consumable by GRC tools, agency portals, and the FedRAMP repository.
Verification Receipt
Custom OSCAL extension capturing the Lean kernel result, state hash, theorem ID, and counter-example for each invariant evaluated.
System Security Plan
Updated SSP with control implementation statements replaced by proof references. Each control entry links to its corresponding theorem and receipt identifier.
Assessment Results
OSCAL Assessment Results document populated with finding records derived from FAIL verdicts, including resource-level observations and risk items.
Verification Receipt — Sample Structure
{
"verification-receipt": {
"schema-version": "1.0.0",
"generated": "2026-06-29T14:32:00Z",
"pipeline-run-id": "run-a4f2c9b1",
"kernel": {
"lean-version": "4.14.0",
"mathlib-commit": "a9e7c31"
},
"results": [
{
"theorem-id": "FedCloud.Invariants.identity_least_privilege_invariant",
"verdict": "PASS",
"state-hash": "sha256:e3b0c44298fc1c149afb...",
"timestamp": "2026-06-29T14:30:47Z",
"control-mappings": [
"AC-2", "AC-6", "AC-17",
"IA-2", "IA-2(6)", "IA-5"
],
"counter-example": null
},
{
"theorem-id": "FedCloud.Invariants.cryptographic_protection_invariant",
"verdict": "FAIL",
"state-hash": "sha256:e3b0c44298fc1c149afb...",
"timestamp": "2026-06-29T14:31:02Z",
"control-mappings": ["SC-8", "SC-28", "SC-28(1)"],
"counter-example": {
"resource-type": "S3Bucket",
"resource-id": "arn:aws:s3:::agency-pii-data-prod",
"failing-predicate": "is_encrypted_at_rest = false",
"observed-value": false,
"required-value": true
}
}
]
}
}
SSP Control Implementation Reference
In the updated SSP, each implemented control points to its verification receipt rather than containing a prose implementation statement.
{
"control-id": "ac-6",
"description": "Least Privilege",
"implementation-status": "implemented",
"proof-evidence": {
"theorem": "FedCloud.Invariants.identity_least_privilege_invariant",
"receipt-id": "run-a4f2c9b1/identity_least_privilege_invariant",
"verdict": "PASS",
"evaluated-at": "2026-06-29T14:30:47Z"
}
}
Pipeline Reference
Complete command-line options for run_pipeline.py
All pipeline configuration can be supplied via command-line flags, environment
variables (prefixed FVG_), or a YAML configuration file
specified with --config. Command-line flags take precedence over
environment variables, which take precedence over the config file.
| Flag | Env Var | Default | Description |
|---|---|---|---|
| --aws-region | FVG_AWS_REGION |
us-east-1 |
AWS region to ingest state from |
| --clusters | FVG_CLUSTERS |
all | Space-separated list of clusters to evaluate. Engine 1 (Lean 4): identity, crypto, architecture, monitoring. Engine 2 (Bedrock): personnel, training, incident, recovery, supplychain |
| --oscal-out | FVG_OSCAL_OUT |
./oscal-output |
Directory for OSCAL artifact output |
| --snapshot-dir | FVG_SNAPSHOT_DIR |
./snapshots |
Directory for raw state snapshots (written during ingestion) |
| --lean-dir | FVG_LEAN_DIR |
./lean |
Root of the Lean project containing the theorem library |
| --replay | FVG_REPLAY |
— | Path to a previously captured snapshot JSON; skips live ingestion |
| --dry-run | FVG_DRY_RUN |
false |
Translate state and write Lean source but do not invoke the kernel |
| --use-instance-profile | FVG_INSTANCE_PROFILE |
false |
Use EC2/ECS instance metadata credentials instead of environment variables |
| --aws-profile | AWS_PROFILE |
— | Named AWS credentials profile from ~/.aws/credentials |
| --config | FVG_CONFIG |
— | Path to YAML configuration file |
| --sign-commits | FVG_SIGN_COMMITS |
false |
Sign Git commits to the OSCAL output repository (requires GPG key) |
| --signing-key-id | FVG_SIGNING_KEY_ID |
— | GPG key fingerprint for commit signing |
| --parallel | FVG_PARALLEL |
1 |
Number of clusters to evaluate concurrently (max: number of clusters) |
| --timeout | FVG_TIMEOUT |
300 |
Maximum seconds to wait for the Lean kernel per cluster evaluation |
| --log-level | FVG_LOG_LEVEL |
INFO |
Log verbosity: DEBUG, INFO, WARNING, ERROR |
| --verbose | — | false |
Alias for --log-level DEBUG |
| --output-format | FVG_OUTPUT_FORMAT |
oscal |
Output format: oscal (full artifacts) or summary (JSON summary only) |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | All evaluated theorems returned PASS. OSCAL artifacts written. |
| 1 | One or more theorems returned FAIL. OSCAL artifacts written with FAIL findings. |
| 2 | Pipeline error (ingestion failure, translation error, kernel timeout, I/O failure). No OSCAL artifacts written. |
| 3 | Configuration error (missing required flags, invalid region, unresolvable paths). |
Project Directory Structure
The repository root after the hybrid-engine upgrade. The new agents/
directory houses one Bedrock agent definition per qualitative cluster.
fedcloud/
├── agents/ # Engine 2 — Bedrock agent definitions
│ ├── personnel/ # KSI-PS: background check + IAM timing
│ │ ├── agent_spec.json # Bedrock Agent API definition
│ │ ├── action_groups/ # Lambda-backed tool implementations
│ │ └── rag_corpus/ # Approved policy docs for RAG grounding
│ ├── training/ # KSI-CED: LMS records + recertification
│ ├── incident/ # KSI-INR: timeline reconstruction + federal reporting
│ ├── recovery/ # KSI-RPL: DR drill evaluation + RTO/RPO
│ └── supplychain/ # KSI-TPR: SBOM ingestion + CVE analysis
├── lean/ # Engine 1 — Lean 4 theorem library
│ └── FedCloud/
│ ├── Types.lean # Inductive data types for infrastructure state
│ └── Invariants.lean # Security invariant theorems
├── src/ # Python pipeline orchestrator
│ ├── adapters/ # Telemetry source adapters
│ ├── lean_bridge/ # JSON → Lean 4 type translator
│ ├── bedrock_runner/ # Bedrock agent invocation + guardrails
│ └── oscal_writer/ # OSCAL artifact assembler
├── lambda/ # Lambda Router — cluster classification
├── iam/ # IAM role policies (read-only + per-agent)
├── tests/
│ ├── unit/
│ └── integration/
├── run_pipeline.py # CLI entry point
└── fvg-config.yml # Configuration file (see above)
Configuration File Format
# FedCloud Formal Verification Gateway — configuration file
aws:
region: us-east-1
profile: fedcloud-ro
pipeline:
clusters:
# Engine 1 — Lean 4 deterministic verification
- identity
- crypto
- architecture
- monitoring
# Engine 2 — Bedrock qualitative verification
- personnel
- training
- incident
- recovery
- supplychain
parallel: 2
timeout: 300
output:
oscal_dir: ./oscal-output
snapshot_dir: ./snapshots
format: oscal
sign_commits: true
signing_key_id: ABCDEF1234567890
lean:
project_dir: ./lean
bedrock:
model_id: anthropic.claude-3-5-sonnet-20241022-v2:0
temperature: 0
knowledge_base_id: KBXXXXXXXX
agents_dir: ./agents
logging:
level: INFO