Skip to content
OnticBeta

Post-Foundry

SIRE Crosswalk

Subject, Included, Relevant, Excluded — the identity-first retrieval system.

SIRE is deterministic identity metadata embedded in oracle corpus frontmatter. The Crosswalk processes the full oracle library to map coverage, overlaps, conflicts, and routing paths so multi-oracle governance can run deterministically.

Without this

Without a global authority map, multi-oracle retrieval degrades to best-match search. Overlapping sources create contradictions, gaps go undetected, and routing decisions happen by accident instead of by authority.

What the crosswalk reads

The crosswalk consumes the sire block from every active oracle's canonical frontmatter. These four fields are the input to both declared-relationship matching and runtime enforcement.

# ISO/IEC 27001:2022 — oracle frontmatter (live)
oracle_id: iso-27001
sire_subject: iso_27001_information_security
sire_included:
  - iso 27001
  - information security management
  - isms
  - annex a controls
  - statement of applicability
  - risk assessment
  - risk treatment
  - security controls
sire_excluded:
  - iso 42001 only
  - ai management only
  - iso 9001 only
  - quality management only
  - pci dss only
sire_relevant:
  - NIST CSF
  - SOC 2
  - PCI DSS
  - ISO 27002
  - NIST 800-53
subject

Groups oracles by domain. Overlap between subjects triggers conflict detection.

included

Matched against other oracles' excluded lists to build routing edges.

excluded

Matched against other oracles' included lists. The sole enforcement gate at retrieval time.

relevant

Validated for existence — broken references flagged as unresolved crosswalk links.

Position in the platform

SystemLayer
Oracle FoundryFoundation
SIRE CrosswalkPost-Foundry
Prompt CompilerL0
Claim LedgerL1-L4
Forensics LabL5

How SIRE enforces at runtime

Only excluded enforces. Subject, Included, and Relevant inform discovery but never veto. After hybrid retrieval returns candidate chunks, the exclusion gate purges any chunk whose content matches an excluded term.

1Query hits pgvector + tsvector hybrid search, returns candidate chunks ranked by semantic + lexical similarity
2Chunks grouped by sire_subject, subjects ranked by mean relevance score
3For each winning subject, load its sire_excluded array
4Walk candidate pool — disqualify any chunk containing an excluded term (case-insensitive, word-boundary match)
5Only non-excluded chunks passed to LLM synthesis

Crosswalk in action

When a user asks about HIPAA security safeguards, the crosswalk uses SIRE fields to route chunks from the right oracle and purge irrelevant ones.

# How two oracles' SIRE fields interact at retrieval time

# User query: "What are the HIPAA security safeguards?"

# Step 1 — HIPAA oracle matches (sire_included hit)
oracle: hipaa
sire_subject: hipaa_privacy_security
sire_included:                     # ← query matches here
  - hipaa
  - protected health information
  - security rule
  - administrative safeguards
  - technical safeguards

# Step 2 — ISO 27001 chunks purged (sire_excluded hit)
oracle: iso-27001
sire_excluded:                     # ← "hipaa" not listed ...
  - iso 42001 only                 #    but ISO 27001 chunks that
  - ai management only             #    don't mention HIPAA survive
  - pci dss only

# Step 3 — HIPAA excludes ISO-only chunks
oracle: hipaa
sire_excluded:
  - gdpr only                      # ← purges GDPR-only chunks
  - financial data only            # ← purges finance-only chunks
  - ferpa only                     # ← purges FERPA-only chunks

# Result: only HIPAA-relevant chunks reach the LLM

Relationship discovery model

Layer 1 — Declared relationships

Matches Excluded-to-Included concepts across all oracles, validates Relevant references exist, and detects Subject overlap that triggers conflict resolution.

Layer 2 — Discovered relationships

Computes cross-oracle embedding similarity (cosine threshold 0.80) to find semantically overlapping coverage the SIRE tags missed.

Registry merge

Classifies confirmed (tag + embedding), declared-only, discovered-only, and conflict relationships into one unified authority registry with O(1) concept lookup.

Library QA functions

Conflict resolution

Resolves cross-oracle authority collisions using tier precedence and configurable same-tier strategies.

Gap detection

Finds concepts excluded by active oracles but not covered anywhere else in the library.

Staleness and drift

Compares consecutive crosswalk builds to detect relationship drift, new gaps, and unresolved conflicts.

Downstream consumers

ConsumerUsage
Prompt CompilerActivates correct oracles for cross-framework queries or adds explicit abstention when no path exists.
Retrieval systemRanks results by authority-aware relevance, not raw semantic similarity alone.
Claim Ledger gateDistinguishes boundary violation, contradiction risk, and routable multi-oracle scenarios.
Forensics LabClassifies authority-boundary failures as routing defects or corpus coverage gaps.
Process Control SystemMonitors gap count, conflict accumulation, and relationship stability as library-quality signals.

Runtime registry profile

  • YAML-based authority graph with versioned build metadata and oracle-count snapshot
  • Concept-level O(1) lookup for routing and boundary checks during runtime evaluation
  • Delta reports generated on every oracle ingest/refresh/deactivation event

Route by authority, not similarity alone

SIRE Crosswalk is the layer that converts multi-oracle retrieval from best-match search into governed authority routing.

ArchitectureOracle FoundryPrompt CompilerClaim LedgerProcess Control SystemForensics LabCheck Your Risk

Who uses this

Operator

Governance architects

Library administrators who configure oracle boundaries, resolve conflicts, and certify routing paths.

Consumer

Four downstream systems

Prompt Compiler (routing), Claim Ledger (boundary checks), Forensics Lab (gap analysis), and Process Control System (drift monitoring).