feat(TIER13-FULLSTACK-WP-041) v1.0.0 — Full-Stack AI Governance Ontology (Tier 1-3) for G-SIFIs (2026-2030)

[OneFineStarstuff]

WP-041 — Full-Stack AI Governance Ontology (Tier 1-3) for G-SIFIs

docRef: TIER13-FULLSTACK-WP-041 Version: 1.0.0 Horizon: 2026-2030
Classification: CONFIDENTIAL — Board / CRO / CISO / CAIO / Prudential Supervisor / Treaty Authority / AI Safety Institute
Owner: Group CEO + CAIO — co-signed by CRO, CISO, GC, DPO, Head of Internal Audit, Treaty Liaison

Collapses the full-stack AI-governance ontology for G-SIFIs into a tractable Tier 1-3 enterprise blueprint with bidirectional traceability — atomic OPA rules ↔ regime articles ↔ SACIL principles ↔ UGL axioms.

Three-Tier Ontology

• T1 Operational/Engineering — CI/CD policy gates (G0..G4), K8s + Gatekeeper, Kafka WORM topics + ACL, OPA/Rego library, Terraform golden envs.
• T2 Enterprise/Supervisory — Basel-style AI stress tests, AI Governance Control Tower, AI Governance Ledger (AIGL), autonomous supervisory agents (ASA), JSOP negotiation protocol, AI treaty enforcement.
• T3 Civilizational/Meta-Cosmic — SACIL (12 principles), MCIGL (federated intergovernmental ledger), UGL (10 axioms, category-theoretic).

Modules (14)

ID	Title
M1	Full-Stack Ontology Collapse (Tier 1 → Tier 3)
M2	Tier 1 CI/CD Policy Gates (G0..G4)
M3	Tier 1 K8s + Kafka + OPA Runtime Stack
M4	Tier 1 Terraform-Deployed Golden Environments
M5	Tier 1 OPA/Rego Policy Library (48 policies)
M6	Tier 2 Basel-Style AI Stress Tests & Capital Overlay
M7	Tier 2 AI Governance Control Tower
M8	Tier 2/3 Global AI Governance Ledger + ZK Streaming Attestations
M9	Tier 2 Autonomous Supervisory Agents & NP-1 Negotiation Protocol
M10	Tier 2/3 AI Treaty Enforcement & Legal Harmonization
M11	Tier 3 SACIL — Sovereign AI Civilization Layer (12 principles)
M12	Tier 3 MCIGL — Multi-Civilizational Intergovernmental Ledger
M13	Tier 3 UGL — Universal Governance Lattice (10 axioms)
M14	Phased Roadmap, Resource Plan & Maturity Model (M0..M5)

Standards Alignment

EU AI Act 2026 (High-Risk + GPAI Arts 53/55) · NIST AI RMF 1.0 · ISO/IEC 42001/23894/5338 · GDPR Art 22/25/35 · Basel III/IV (BCBS 239) · SR 11-7 · PRA SS1/23 · FCA Consumer Duty · MAS FEAT · HKMA · OECD AI Principles · US EO 14110 + OMB M-24-10 · FCRA/ECOA · GLBA

Counts

• 14 modules, 56 sections
• 12 schemas, 14 code examples, 6 case studies
• 92 API routes (/api/tier13-fullstack/*)
• 380 controls, 22 supervisory KPIs
• 48 OPA policies (12 catalogued sample), 18 treaty clauses (6 sample)

Sample Traceability (Regime → Control → OPA → SACIL → UGL → Treaty)

• EU AI Act Art 14 → CTL-L3-018 → POL-RT-018 → SACIL P2 → UGL A1 → TC-06
• GDPR Art 22 → CTL-L3-011 → POL-RT-011 → SACIL P1 → UGL A1 → TC-06
• FCRA §615(a) → CTL-L3-007 → POL-RT-007 → SACIL P5 → UGL A6
• Basel III BCBS 239 → CTL-L2-009 → POL-IAC-009 → SACIL P11 → UGL A2
• SR 11-7 III.B → CTL-L3-022 → POL-T2-022 → SACIL P10 → UGL A9

Code Examples (14)

OPA require_model_card · OPA fcra_adverse_action · Gatekeeper K8sRequireSidecarGov · Terraform WORM Object Lock · GitHub Actions G3 fairness/stress gate · Hybrid Ed25519+Dilithium3 signer · Kafka WORM topic + ACL · TLA+ human-oversight non-bypass · Lean 4 reversibility ⇒ rollback · ZK-SNARK fairness circuit (gnark) · JSOP message envelope · React KPI gauge · MCIGL Rekor anchor · OPA bundle manifest with SACIL/UGL metadata

Headline KPIs (22)

Decision-traceability ≥99.95% · false-negative ≤0.5% · cross-jurisdiction drift reconciliation ≤24h · interpretability ≥90% · capital-overlay responsiveness ≤5 BD · RAG faithfulness ≥0.92 · blocked-harm ≥99.5% · PII leakage ≤0.01% · AIR ≥0.85 · kill-switch ≤60s · MCIGL attestation p95 ≤2s · UGL conformance ≥0.90 · SACIL coverage ≥95% · quantum-safe coverage 100% by 2030

Deliverables (rag-agentic-dashboard/)

• data/tier13-fullstack.json (52 KB)
• gen-tier13-fullstack.py (JSON generator)
• gen-tier13-fullstack-html.py (HTML renderer)
• public/tier13-fullstack.html (54 KB SPA dashboard)
• server.js: 92 /api/tier13-fullstack/* endpoints

Validation

• node -c server.js: SYNTAX_OK
• PM2 rag-dash online (PID 2034876)
• HTTP 200 on all 14 module roots and 15 sampled endpoints
• 9 negative-path checks return 404
• Lookup tests confirm M1 sections=4, M11-S1 SACIL principles, KPI-20 UGL conformance ≥0.90, T1 OPA policy count = 10
• HTML dashboard HTTP 200, 55,685 bytes

Audience

Group CEO + CAIO (co-signed by CRO, CISO, GC, DPO, Internal Audit, Treaty Liaison), Boards & Audit Committees, prudential supervisors (ECB/Fed/PRA/MAS/HKMA), Treaty Authority, AI Safety Institutes, enterprise architects, AI platform engineers, AI safety researchers.

Synthesis Lineage

WP-035 → WP-036 → WP-037 → WP-038 → WP-039 → WP-040 → WP-041

Summary by Sourcery

Add Tier 1–3 full-stack AI governance ontology content for WP-041 and expose it via new API endpoints and an HTML dashboard within the rag-agentic-dashboard app.

New Features:

• Introduce a generated tier13-fullstack.json data model capturing the full Tier 1–3 AI governance ontology, modules, schemas, KPIs, OPA policies, treaty clauses, traceability mappings, and deployment considerations for WP-041.
• Add a Python generator script to build the tier13-fullstack JSON artifact and another script to render it into a static HTML dashboard for exploration.
• Expose the Tier 1–3 governance ontology through a new /api/tier13-fullstack REST surface, including routes for metadata, modules, sections, tiers, regimes, KPIs, OPA policies, treaty clauses, traceability, schemas, code examples, case studies, and deployment notes.
• Serve a new public/tier13-fullstack.html single-page HTML dashboard visualizing the ontology, KPIs, traceability, and reference artifacts for WP-041.

Enhancements:

• Extend the rag-agentic-dashboard server with a helper for ID lookups and structured JSON responses around Tier 1–3 governance resources.

Summary by CodeRabbit

Release Notes

• New Features
  • Added Full-Stack AI Governance Ontology blueprint with 14 comprehensive modules covering compliance tiers, control frameworks, and enforcement mechanisms.
  • Introduced interactive HTML dashboard presenting governance structures, OPA policies, Kubernetes runtime enforcement, stress tests, ledger attestations, and treaty enforcement layers.
  • Added API endpoints to query governance data, modules, KPIs, schemas, code examples, and case studies.

[code-genius-code-coverage]

The files' contents are under analysis for test generation.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
v0-one-fine-starstuff-github-io	Ready	Preview, Comment, Open in v0	May 5, 2026 11:14am

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
rag-agentic-dashboard/data/tier13-fullstack.json	0% smaller
rag-agentic-dashboard/gen-tier13-fullstack-html.py	0% smaller
rag-agentic-dashboard/gen-tier13-fullstack.py	0% smaller
rag-agentic-dashboard/public/tier13-fullstack.html	0% smaller
rag-agentic-dashboard/server.js	0% smaller

[gitnotebooks]

Review these changes at https://app.gitnotebooks.com/OneFineStarstuff/OneFineStarstuff.github.io/pull/76

[sourcery-ai]

Reviewer's Guide

Adds WP-041 (TIER13-FULLSTACK) support to the rag-agentic-dashboard by introducing a generated JSON knowledge artifact, an HTML dashboard renderer, and a comprehensive set of REST API routes to expose the ontology, plus wiring it into the existing Node server.

Sequence diagram for a client retrieving a Tier13 module via the new API

sequenceDiagram
  actor Client
  participant ExpressApp as Express_app
  participant Tier13Routes as Tier13_fullstack_routes
  participant Tier13Find as tier13Find_helper
  participant Tier13Json as tier13_fullstack_json

  Client->>ExpressApp: HTTP GET /api/tier13-fullstack/modules/M3
  ExpressApp->>Tier13Routes: Route_match
  Tier13Routes->>Tier13Json: Read modules
  Tier13Routes->>Tier13Find: tier13Find(modules, "M3")
  Tier13Find-->>Tier13Routes: Module_M3_object
  Tier13Routes-->>Client: 200 OK JSON(Module_M3)

  Client->>ExpressApp: HTTP GET /api/tier13-fullstack/kpis/KPI-20
  ExpressApp->>Tier13Routes: Route_match
  Tier13Routes->>Tier13Json: Read kpis
  Tier13Routes->>Tier13Find: tier13Find(kpis, "KPI-20")
  Tier13Find-->>Tier13Routes: Kpi_object
  Tier13Routes-->>Client: 200 OK JSON(Kpi_object)

Loading

Class diagram for core TIER13-FULLSTACK ontology structures

classDiagram
  class Tier13Document {
    +string docRef
    +string version
    +string horizon
    +string classification
    +string title
    +string subtitle
    +string owner
    +string apiPrefix
    +string[] buildsOn
    +TierMap tiers
    +string[] regimes
    +Counts counts
    +Module[] modules
    +SchemaDef[] schemas
    +CodeExample[] codeExamples
    +CaseStudy[] caseStudies
    +Kpi[] kpis
    +OpaPolicy[] opaPolicies
    +TreatyClause[] treatyClauses
    +Traceability traceability
    +string[] deploymentConsiderations
    +ExecutiveSummary executiveSummary
  }

  class TierMap {
    +string T1
    +string T2
    +string T3
  }

  class Counts {
    +int tiers
    +int modules
    +int sections
    +int schemas
    +int codeExamples
    +int caseStudies
    +int apiRoutes
    +int controls
    +int kpis
    +int opaPolicies
    +int treatyClauses
  }

  class Module {
    +string id
    +string title
    +string summary
    +Section[] sections
  }

  class Section {
    +string id
    +string title
    +string[] content
    +string[] diagram
    +string[] regime_refs
  }

  class SchemaDef {
    +string id
    +string title
    +string[] fields
  }

  class CodeExample {
    +string id
    +string title
    +string lang
    +string snippet
  }

  class CaseStudy {
    +string id
    +string title
    +string summary
    +string[] outcomes
  }

  class Kpi {
    +string id
    +string name
    +string target
  }

  class OpaPolicy {
    +string id
    +string tier
    +string domain
    +string name
    +string[] regimeRefs
    +string sacil
    +string ugl
  }

  class TreatyClause {
    +string id
    +string name
    +string[] regimes
    +string[] ugl
  }

  class Traceability {
    +TraceabilityExample[] examples
  }

  class TraceabilityExample {
    +string regime
    +string control
    +string opaPolicy
    +string sacil
    +string ugl
    +string treaty
  }

  class ExecutiveSummary {
    +string purpose
    +string approach
    +string deliverables
    +string[] outcomes
  }

  Tier13Document --> TierMap
  Tier13Document --> Counts
  Tier13Document --> Module
  Tier13Document --> SchemaDef
  Tier13Document --> CodeExample
  Tier13Document --> CaseStudy
  Tier13Document --> Kpi
  Tier13Document --> OpaPolicy
  Tier13Document --> TreatyClause
  Tier13Document --> Traceability
  Tier13Document --> ExecutiveSummary

  Module --> Section
  Traceability --> TraceabilityExample

Loading

File-Level Changes

Change	Details	Files
Expose the Tier13 full-stack ontology via new REST endpoints on the Node/Express server backed by a JSON document.	Require the Tier13 JSON document in the server module and add a helper for ID lookups. Add root and metadata endpoints for the Tier13 ontology, including executive summary and summary views. Add collection and detail endpoints for modules, sections, tiers, regimes, KPIs, OPA policies (with filtering), treaty clauses, traceability, schemas, code examples, case studies, and deployment considerations. Implement consistent 404 handling for missing entities across all new endpoints.	rag-agentic-dashboard/server.js
Introduce a Python generator that materializes the Tier13 full-stack ontology into a structured JSON document consumed by the dashboard and APIs.	Define top-level document metadata (docRef, version, horizon, classification, ownership, buildsOn, tiers, regimes, counts, apiPrefix). Construct the 14 Tier13 modules with 56 sections describing tiers, controls, stress tests, agents, treaties, and meta-governance constructs. Populate schemas, KPIs, OPA policies, treaty clauses, traceability samples, deployment considerations, executive summary, code examples, and case studies into a single DOC structure. Write the assembled DOC as tier13-fullstack.json under data/, printing derived counts and size for validation.	rag-agentic-dashboard/gen-tier13-fullstack.py rag-agentic-dashboard/data/tier13-fullstack.json
Render a static HTML single-page dashboard for the Tier13 ontology from the generated JSON, suitable for board/supervisor-facing consumption.	Load the Tier13 JSON, escape content safely, and provide helper renderers for lists, key-value tables, and nested values. Generate structured HTML sections for summary, tiers, modules (with collapsible sections), KPIs, OPA policies, traceability, treaty clauses, schemas, code examples, case studies, and deployment considerations. Apply a dark-themed, responsive CSS layout with sticky navigation and card-style modules for readability. Write the rendered HTML to public/tier13-fullstack.html and report its generated size.	rag-agentic-dashboard/gen-tier13-fullstack-html.py rag-agentic-dashboard/public/tier13-fullstack.html

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[difflens]

View changes in DiffLens

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Introduces a complete Full-Stack AI Governance Ontology system for Tier 1–3 enterprises, comprising a 1,400-line JSON blueprint defining 14 modules, automated Python generators for JSON and HTML outputs, a static HTML dashboard, and Express API routes serving the governance data across multiple endpoints.

Changes

Full-Stack AI Governance Ontology

Layer / File(s)	Summary
Data Blueprint Definition data/tier13-fullstack.json	Defines three-tier governance ontology with 14 modules (M1–M14), schemas, OPA policies, treaty clauses, KPIs, code examples, case studies, traceability mappings, and executive summary for G-SIFI enterprise AI governance.
Data Generation gen-tier13-fullstack.py	Python generator script that programmatically builds the entire JSON document as an in-memory structure, then writes to data/tier13-fullstack.json with summary statistics.
HTML Dashboard Generation gen-tier13-fullstack-html.py	HTML renderer that loads the JSON blueprint, applies HTML escaping and structured formatting helpers, and generates a navigable static HTML dashboard with sections for modules, KPIs, policies, schemas, code examples, case studies, and traceability.
Static HTML Output public/tier13-fullstack.html	Rendered static HTML page with inline CSS, sticky navigation, and embedded governance blueprint content including all modules, tables, code blocks, and deployment guidance.
API Serving Layer server.js	Express routes under /api/tier13-fullstack/* for RESTful access to modules, schemas, OPA policies (with tier/domain filters), KPIs, treaty clauses, traceability examples, code examples, case studies, and deployment considerations; includes helper for case-insensitive ID lookups and consistent 404 error responses.

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly Related PRs

• OneFineStarstuff/OneFineStarstuff.github.io#40: Parallel governance blueprint PR that similarly adds large JSON data, generator scripts, HTML output, and new server.js API endpoints.
• OneFineStarstuff/OneFineStarstuff.github.io#72: Another governance artifact addition with matching JSON data, generator/HTML scripts, and server.js API routes following the same pattern.
• OneFineStarstuff/OneFineStarstuff.github.io#75: Related governance blueprint PR with identical architecture—data JSON, generator scripts (including esc/render_value helpers), HTML output, and server API routes.

Suggested Labels

enhancement, Review effort [1-5]: 4

Suggested Reviewers

• gstraccini

Poem

🐰 A Governance Hop
Fourteen modules hop through the tier-y layers bright,
JSON blueprints dance from day into night,
HTML renders, APIs serve the call,
A rabbit-approved governance for all! 🌐✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically describes the main change: introduction of WP-041 v1.0.0, a comprehensive Full-Stack AI Governance Ontology (Tier 1–3) for G-SIFIs with a 2026–2030 roadmap, which aligns precisely with the changeset that adds the ontology framework, supporting code generators, HTML dashboard, and API routes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch genspark_ai_developer

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.42.1)

rag-agentic-dashboard/server.js

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gstraccini]

This pull request is ready ✅ for merge/squash.

[difflens]

View changes in DiffLens

[difflens]

View changes in DiffLens

[penify-dev]

Failed to generate code suggestions for PR

[sourcery-ai]

Hey - I've left some high level feedback:

• In server.js all /api/tier13-fullstack/* routes are defined with a hardcoded prefix; consider factoring this into a single const base = '/api/tier13-fullstack' (or reading from the JSON apiPrefix) to avoid drift if the base path ever changes.
• The HTML renderer hardcodes some data-specific labels (e.g., Modules (14) and sample ... of 48) instead of deriving them from D['counts'], which risks UI mismatches if the underlying JSON is updated; using the counts metadata throughout would keep the dashboard consistent with the data source.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In server.js all `/api/tier13-fullstack/*` routes are defined with a hardcoded prefix; consider factoring this into a single `const base = '/api/tier13-fullstack'` (or reading from the JSON `apiPrefix`) to avoid drift if the base path ever changes.
- The HTML renderer hardcodes some data-specific labels (e.g., `Modules (14)` and `sample  ... of 48`) instead of deriving them from `D['counts']`, which risks UI mismatches if the underlying JSON is updated; using the `counts` metadata throughout would keep the dashboard consistent with the data source.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7276515f81

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[codacy-production]

Not up to standards ⛔

🔴 Issues 7 medium · 93 minor

Alerts:
⚠ 100 issues (≤ 0 issues of at least minor severity)

Results:
100 new issues

Category	Results
UnusedCode	1 medium
BestPractice	3 minor
Documentation	4 minor
ErrorProne	4 medium
CodeStyle	84 minor
Complexity	1 medium 1 minor
Performance	1 medium
Comprehensibility	1 minor

View in Codacy

🟢 Metrics 14 complexity · 0 duplication

Metric	Results
Complexity	14
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[difflens]

View changes in DiffLens

[netlify]

❌ Deploy Preview for onefinestarstuff failed.

Name	Link
🔨 Latest commit	7276515
🔍 Latest deploy log	https://app.netlify.com/projects/onefinestarstuff/deploys/69f9d0f6b1da110008d8ebac

[secure-code-warrior-for-github]

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "xsS"

Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior

Helpful references

• Prevent Cross-Site Scripting (XSS) in ASP.NET Core - A detailed Microsoft article on how to prevent cross-site scripting in ASP.NET Core.
• OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
• OWASP Cross Site Scripting Prevention Cheat Sheet - This article provides a simple positive model for preventing XSS using output encoding properly.