| |
| from __future__ import annotations |
|
|
| import json |
| from datetime import datetime, timezone |
| from typing import Any, Dict, List, Optional |
|
|
| from sovereign_crypto_seal import SovereignCryptoSeal |
|
|
|
|
| def _utc_now() -> str: |
| return datetime.now(timezone.utc).isoformat() |
|
|
|
|
| class SovereignControlPlaneProfileBuilder: |
| """ |
| Builds a bank-grade control-plane / admin-governance profile. |
| |
| Purpose: |
| - Define which administrative actions exist |
| - Clarify which actions are audited / approval-bound / dual-control-bound |
| - Forbid unsafe administrative classes for autonomous execution |
| - Provide machine-readable control-plane governance artifact |
| """ |
|
|
| def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: |
| self.sealer = sealer or SovereignCryptoSeal() |
|
|
| def _admin_actions(self) -> List[Dict[str, Any]]: |
| return [ |
| { |
| "action": "view_runtime_status", |
| "status": "supported", |
| "sensitivity": "low", |
| "execution_class": "read_only", |
| "human_approval_required": False, |
| "dual_control_required": False, |
| "audit_required": True, |
| "description": "Read-only visibility into runtime state, health, or status outputs.", |
| }, |
| { |
| "action": "view_artifact_inventory", |
| "status": "supported", |
| "sensitivity": "low", |
| "execution_class": "read_only", |
| "human_approval_required": False, |
| "dual_control_required": False, |
| "audit_required": True, |
| "description": "Read-only visibility into manifests, sealed artifacts, and evidence inventory.", |
| }, |
| { |
| "action": "review_freeze_case", |
| "status": "supported", |
| "sensitivity": "medium", |
| "execution_class": "review_action", |
| "human_approval_required": True, |
| "dual_control_required": False, |
| "audit_required": True, |
| "description": "Review an active freeze case and inspect reasoning/evidence.", |
| }, |
| { |
| "action": "release_freeze_case", |
| "status": "supported_with_controls", |
| "sensitivity": "high", |
| "execution_class": "state_mutation", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Release a freeze case and permit resumed execution only through controlled operator decision.", |
| }, |
| { |
| "action": "escalate_freeze_to_block", |
| "status": "supported_with_controls", |
| "sensitivity": "high", |
| "execution_class": "state_mutation", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Escalate a freeze state into a hard block decision under reviewed conditions.", |
| }, |
| { |
| "action": "update_policy_configuration", |
| "status": "supported_with_controls", |
| "sensitivity": "high", |
| "execution_class": "policy_mutation", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Modify bank policy configuration only through controlled and auditable change flow.", |
| }, |
| { |
| "action": "rotate_sealing_material", |
| "status": "supported_with_controls", |
| "sensitivity": "high", |
| "execution_class": "crypto_admin", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Rotate or update cryptographic sealing material under controlled governance.", |
| }, |
| { |
| "action": "rebuild_package_artifacts", |
| "status": "supported", |
| "sensitivity": "medium_high", |
| "execution_class": "artifact_generation", |
| "human_approval_required": True, |
| "dual_control_required": False, |
| "audit_required": True, |
| "description": "Rebuild technical identity, package manifests, or delivery artifacts in a controlled manner.", |
| }, |
| { |
| "action": "disable_audit_path", |
| "status": "forbidden", |
| "sensitivity": "critical", |
| "execution_class": "forbidden_mutation", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Disabling audit continuity is forbidden as a normal administrative operation.", |
| }, |
| { |
| "action": "disable_fail_safe_controls", |
| "status": "forbidden", |
| "sensitivity": "critical", |
| "execution_class": "forbidden_mutation", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Disabling fail-safe posture is forbidden as a normal administrative operation.", |
| }, |
| { |
| "action": "force_unconditional_allow", |
| "status": "forbidden", |
| "sensitivity": "critical", |
| "execution_class": "forbidden_override", |
| "human_approval_required": True, |
| "dual_control_required": True, |
| "audit_required": True, |
| "description": "Forcing unconditional ALLOW across critical execution paths is forbidden.", |
| }, |
| ] |
|
|
| def _governance_principles(self) -> List[Dict[str, Any]]: |
| return [ |
| { |
| "principle": "admin_power_must_be_scoped", |
| "status": "required", |
| "description": "Administrative authority must remain bounded, auditable, and role-constrained.", |
| }, |
| { |
| "principle": "no_silent_control_plane_mutation", |
| "status": "required", |
| "description": "Sensitive control-plane changes must not occur silently or without audit evidence.", |
| }, |
| { |
| "principle": "dual_control_for_high_impact_mutations", |
| "status": "required", |
| "description": "High-impact state, policy, and crypto changes require stronger human governance and dual control.", |
| }, |
| { |
| "principle": "forbidden_admin_classes_must_remain_forbidden", |
| "status": "required", |
| "description": "Actions that collapse audit, fail-safe, or unconditional execution boundaries should remain forbidden in normal operations.", |
| }, |
| { |
| "principle": "read_only_visibility_should_not_mutate_state", |
| "status": "required", |
| "description": "Read-only operational visibility must not mutate runtime, policy, or evidence state.", |
| }, |
| ] |
|
|
| def build(self) -> Dict[str, Any]: |
| actions = self._admin_actions() |
| principles = self._governance_principles() |
|
|
| profile = { |
| "profile_type": "Sovereign Control Plane Profile", |
| "generated_at": _utc_now(), |
| "domain": "banking_and_financial_institutions", |
| "admin_actions": actions, |
| "governance_principles": principles, |
| "summary": { |
| "total_actions": len(actions), |
| "supported_actions": sum(1 for x in actions if str(x.get("status")) in {"supported", "supported_with_controls"}), |
| "forbidden_actions": sum(1 for x in actions if str(x.get("status")) == "forbidden"), |
| "dual_control_actions": sum(1 for x in actions if bool(x.get("dual_control_required"))), |
| "audit_required_actions": sum(1 for x in actions if bool(x.get("audit_required"))), |
| }, |
| "notes": [ |
| "This profile defines the intended bank-grade governance posture for administrative and control-plane actions.", |
| "High-impact control-plane mutations are not treated as casual operator actions; they remain approval-bound and auditable.", |
| "Certain administrative classes remain intentionally forbidden because they would collapse trust, evidence continuity, or fail-safe posture.", |
| ], |
| } |
|
|
| sealed = self.sealer.seal_object( |
| profile, |
| object_type="control_plane_profile", |
| metadata={ |
| "domain": "banking", |
| "artifact_class": "control_plane_profile", |
| }, |
| ) |
|
|
| return { |
| "ok": True, |
| "control_plane_profile": profile, |
| "crypto_seal": sealed["seal"], |
| "sealed": True, |
| } |
|
|
|
|
| BUILDER = SovereignControlPlaneProfileBuilder() |
|
|
|
|
| def generate_control_plane_profile() -> Dict[str, Any]: |
| return BUILDER.build() |
|
|
|
|
| if __name__ == "__main__": |
| out = generate_control_plane_profile() |
| print(json.dumps(out, indent=2, ensure_ascii=False)) |
|
|
|
|
|
|