File size: 7,744 Bytes
1f303e0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

# sovereign_deployment_profile.py
from __future__ import annotations

import json
from datetime import datetime, timezone
from typing import Any, Dict, List, Optional

from sovereign_crypto_seal import SovereignCryptoSeal


def _utc_now() -> str:
    return datetime.now(timezone.utc).isoformat()


class SovereignDeploymentProfileBuilder:
    """
    Builds a bank-grade deployment profile for Sovereign.

    Purpose:
    - Define supported deployment postures
    - Make runtime entry and packaging posture explicit
    - Clarify what 'low-friction deployment' means in technical terms
    - Provide a sealed machine-readable deployment artifact
    """

    def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
        self.sealer = sealer or SovereignCryptoSeal()

    def _deployment_modes(self) -> List[Dict[str, Any]]:
        return [
            {
                "mode": "on_prem_controlled_runtime",
                "status": "supported_primary",
                "description": "Primary target posture for banks and financial institutions. Runtime executes within customer-controlled environment.",
                "intended_use": [
                    "bank internal runtime control",
                    "regulated AI workflow governance",
                    "controlled financial execution oversight",
                ],
            },
            {
                "mode": "evaluation_bundle_runtime",
                "status": "supported_secondary",
                "description": "Evaluation / pilot posture for controlled technical validation before broader rollout.",
                "intended_use": [
                    "technical pilot",
                    "benchmark validation",
                    "artifact verification",
                ],
            },
            {
                "mode": "single_command_launcher_runtime",
                "status": "in_progress",
                "description": "Low-friction launch posture using the packaged runtime launcher and config-driven execution path.",
                "intended_use": [
                    "reduced deployment friction",
                    "controlled packaged execution",
                ],
            },
            {
                "mode": "containerized_delivery",
                "status": "planned_next",
                "description": "Future packaging posture for stronger delivery ergonomics and runtime portability.",
                "intended_use": [
                    "container delivery",
                    "controlled platform portability",
                ],
            },
        ]

    def _environment_requirements(self) -> Dict[str, Any]:
        return {
            "runtime_requirements": {
                "python_runtime_required": True,
                "filesystem_write_required": True,
                "json_artifact_support_required": True,
                "local_execution_supported": True,
            },
            "network_requirements": {
                "internet_required": False,
                "cloud_dependency_required": False,
                "external_dns_required": False,
                "offline_posture_supported": True,
            },
            "execution_requirements": {
                "single_entrypoint_defined": True,
                "runtime_entry_module": "sovereign_bank_runtime_entry",
                "runtime_entry_function": "run_sovereign_bank_runtime",
                "one_command_launcher_module": "sovereign_one_command_launcher",
                "config_driven_launch_supported": True,
            },
            "artifact_requirements": {
                "audit_chain_storage_required": True,
                "crypto_seal_support_required": True,
                "manifest_generation_required": True,
                "verifier_compatibility_expected": True,
            },
        }

    def _packaging_posture(self) -> Dict[str, Any]:
        return {
            "current_packaging_state": "structured_runtime_package_available",
            "runtime_package_builder": "sovereign_packager",
            "one_command_launcher_available": True,
            "packaging_notes": [
                "Current packaging posture provides structured runtime delivery with launcher config, manifest, integrity inventory, and documentation.",
                "Single-command launch is supported through the one-command launcher and config-based execution path.",
                "Packaging ergonomics can be further hardened later with containerization or additional installer tooling.",
            ],
        }

    def _frictionless_deployment_claim(self) -> Dict[str, Any]:
        return {
            "claim_label": "low_friction_controlled_deployment",
            "status": "qualified_claim",
            "meaning": [
                "A single runtime entrypoint is defined.",
                "A one-command launcher exists for controlled execution modes.",
                "A runtime package structure exists for delivery and review.",
                "Deployment does not require external cloud dependency or internet connectivity.",
            ],
            "non_meaning": [
                "This does not yet mean a universal zero-touch installer across all bank environments.",
                "This does not yet imply environment-agnostic deployment without customer-side runtime prerequisites.",
                "This does not replace environment-specific hardening, permissions, or integration review.",
            ],
        }

    def _deployment_constraints(self) -> List[str]:
        return [
            "Current deployment profile is designed for controlled bank-grade runtime environments and technical review flows.",
            "Single-command launch is available through launcher/config flow, but universal zero-touch installation is not yet the claimed end state.",
            "Environment-specific integration, hardening, permissions, and operational review may still be required in customer deployment.",
            "Containerized or installer-style delivery remains a future hardening/ergonomics path rather than the only current deployment mode.",
        ]

    def build(self) -> Dict[str, Any]:
        profile = {
            "profile_type": "Sovereign Deployment Profile",
            "generated_at": _utc_now(),
            "domain": "banking_and_financial_institutions",
            "deployment_modes": self._deployment_modes(),
            "environment_requirements": self._environment_requirements(),
            "packaging_posture": self._packaging_posture(),
            "frictionless_deployment_claim": self._frictionless_deployment_claim(),
            "constraints": self._deployment_constraints(),
            "summary": {
                "supported_primary_mode": "on_prem_controlled_runtime",
                "runtime_entrypoint_defined": True,
                "one_command_launcher_present": True,
                "internet_dependency_required": False,
                "cloud_dependency_required": False,
            },
        }

        sealed = self.sealer.seal_object(
            profile,
            object_type="deployment_profile",
            metadata={
                "domain": "banking",
                "artifact_class": "deployment_profile",
            },
        )

        return {
            "ok": True,
            "deployment_profile": profile,
            "crypto_seal": sealed["seal"],
            "sealed": True,
        }


BUILDER = SovereignDeploymentProfileBuilder()


def generate_deployment_profile() -> Dict[str, Any]:
    return BUILDER.build()


if __name__ == "__main__":
    out = generate_deployment_profile()
    print(json.dumps(out, indent=2, ensure_ascii=False))