File size: 7,744 Bytes
1f303e0 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 |
# sovereign_deployment_profile.py
from __future__ import annotations
import json
from datetime import datetime, timezone
from typing import Any, Dict, List, Optional
from sovereign_crypto_seal import SovereignCryptoSeal
def _utc_now() -> str:
return datetime.now(timezone.utc).isoformat()
class SovereignDeploymentProfileBuilder:
"""
Builds a bank-grade deployment profile for Sovereign.
Purpose:
- Define supported deployment postures
- Make runtime entry and packaging posture explicit
- Clarify what 'low-friction deployment' means in technical terms
- Provide a sealed machine-readable deployment artifact
"""
def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
self.sealer = sealer or SovereignCryptoSeal()
def _deployment_modes(self) -> List[Dict[str, Any]]:
return [
{
"mode": "on_prem_controlled_runtime",
"status": "supported_primary",
"description": "Primary target posture for banks and financial institutions. Runtime executes within customer-controlled environment.",
"intended_use": [
"bank internal runtime control",
"regulated AI workflow governance",
"controlled financial execution oversight",
],
},
{
"mode": "evaluation_bundle_runtime",
"status": "supported_secondary",
"description": "Evaluation / pilot posture for controlled technical validation before broader rollout.",
"intended_use": [
"technical pilot",
"benchmark validation",
"artifact verification",
],
},
{
"mode": "single_command_launcher_runtime",
"status": "in_progress",
"description": "Low-friction launch posture using the packaged runtime launcher and config-driven execution path.",
"intended_use": [
"reduced deployment friction",
"controlled packaged execution",
],
},
{
"mode": "containerized_delivery",
"status": "planned_next",
"description": "Future packaging posture for stronger delivery ergonomics and runtime portability.",
"intended_use": [
"container delivery",
"controlled platform portability",
],
},
]
def _environment_requirements(self) -> Dict[str, Any]:
return {
"runtime_requirements": {
"python_runtime_required": True,
"filesystem_write_required": True,
"json_artifact_support_required": True,
"local_execution_supported": True,
},
"network_requirements": {
"internet_required": False,
"cloud_dependency_required": False,
"external_dns_required": False,
"offline_posture_supported": True,
},
"execution_requirements": {
"single_entrypoint_defined": True,
"runtime_entry_module": "sovereign_bank_runtime_entry",
"runtime_entry_function": "run_sovereign_bank_runtime",
"one_command_launcher_module": "sovereign_one_command_launcher",
"config_driven_launch_supported": True,
},
"artifact_requirements": {
"audit_chain_storage_required": True,
"crypto_seal_support_required": True,
"manifest_generation_required": True,
"verifier_compatibility_expected": True,
},
}
def _packaging_posture(self) -> Dict[str, Any]:
return {
"current_packaging_state": "structured_runtime_package_available",
"runtime_package_builder": "sovereign_packager",
"one_command_launcher_available": True,
"packaging_notes": [
"Current packaging posture provides structured runtime delivery with launcher config, manifest, integrity inventory, and documentation.",
"Single-command launch is supported through the one-command launcher and config-based execution path.",
"Packaging ergonomics can be further hardened later with containerization or additional installer tooling.",
],
}
def _frictionless_deployment_claim(self) -> Dict[str, Any]:
return {
"claim_label": "low_friction_controlled_deployment",
"status": "qualified_claim",
"meaning": [
"A single runtime entrypoint is defined.",
"A one-command launcher exists for controlled execution modes.",
"A runtime package structure exists for delivery and review.",
"Deployment does not require external cloud dependency or internet connectivity.",
],
"non_meaning": [
"This does not yet mean a universal zero-touch installer across all bank environments.",
"This does not yet imply environment-agnostic deployment without customer-side runtime prerequisites.",
"This does not replace environment-specific hardening, permissions, or integration review.",
],
}
def _deployment_constraints(self) -> List[str]:
return [
"Current deployment profile is designed for controlled bank-grade runtime environments and technical review flows.",
"Single-command launch is available through launcher/config flow, but universal zero-touch installation is not yet the claimed end state.",
"Environment-specific integration, hardening, permissions, and operational review may still be required in customer deployment.",
"Containerized or installer-style delivery remains a future hardening/ergonomics path rather than the only current deployment mode.",
]
def build(self) -> Dict[str, Any]:
profile = {
"profile_type": "Sovereign Deployment Profile",
"generated_at": _utc_now(),
"domain": "banking_and_financial_institutions",
"deployment_modes": self._deployment_modes(),
"environment_requirements": self._environment_requirements(),
"packaging_posture": self._packaging_posture(),
"frictionless_deployment_claim": self._frictionless_deployment_claim(),
"constraints": self._deployment_constraints(),
"summary": {
"supported_primary_mode": "on_prem_controlled_runtime",
"runtime_entrypoint_defined": True,
"one_command_launcher_present": True,
"internet_dependency_required": False,
"cloud_dependency_required": False,
},
}
sealed = self.sealer.seal_object(
profile,
object_type="deployment_profile",
metadata={
"domain": "banking",
"artifact_class": "deployment_profile",
},
)
return {
"ok": True,
"deployment_profile": profile,
"crypto_seal": sealed["seal"],
"sealed": True,
}
BUILDER = SovereignDeploymentProfileBuilder()
def generate_deployment_profile() -> Dict[str, Any]:
return BUILDER.build()
if __name__ == "__main__":
out = generate_deployment_profile()
print(json.dumps(out, indent=2, ensure_ascii=False))
|