AI-Sovereign-sentinel / sovereign_deployment_profile_.py
rezabarkhordary's picture
Create sovereign_deployment_profile_.py
1f303e0 verified
Raw
History Blame
7.74 kB
# sovereign_deployment_profile.py
from __future__ import annotations
import json
from datetime import datetime, timezone
from typing import Any, Dict, List, Optional
from sovereign_crypto_seal import SovereignCryptoSeal
def _utc_now() -> str:
return datetime.now(timezone.utc).isoformat()
class SovereignDeploymentProfileBuilder:
"""
Builds a bank-grade deployment profile for Sovereign.
Purpose:
- Define supported deployment postures
- Make runtime entry and packaging posture explicit
- Clarify what 'low-friction deployment' means in technical terms
- Provide a sealed machine-readable deployment artifact
"""
def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
self.sealer = sealer or SovereignCryptoSeal()
def _deployment_modes(self) -> List[Dict[str, Any]]:
return [
{
"mode": "on_prem_controlled_runtime",
"status": "supported_primary",
"description": "Primary target posture for banks and financial institutions. Runtime executes within customer-controlled environment.",
"intended_use": [
"bank internal runtime control",
"regulated AI workflow governance",
"controlled financial execution oversight",
],
},
{
"mode": "evaluation_bundle_runtime",
"status": "supported_secondary",
"description": "Evaluation / pilot posture for controlled technical validation before broader rollout.",
"intended_use": [
"technical pilot",
"benchmark validation",
"artifact verification",
],
},
{
"mode": "single_command_launcher_runtime",
"status": "in_progress",
"description": "Low-friction launch posture using the packaged runtime launcher and config-driven execution path.",
"intended_use": [
"reduced deployment friction",
"controlled packaged execution",
],
},
{
"mode": "containerized_delivery",
"status": "planned_next",
"description": "Future packaging posture for stronger delivery ergonomics and runtime portability.",
"intended_use": [
"container delivery",
"controlled platform portability",
],
},
]
def _environment_requirements(self) -> Dict[str, Any]:
return {
"runtime_requirements": {
"python_runtime_required": True,
"filesystem_write_required": True,
"json_artifact_support_required": True,
"local_execution_supported": True,
},
"network_requirements": {
"internet_required": False,
"cloud_dependency_required": False,
"external_dns_required": False,
"offline_posture_supported": True,
},
"execution_requirements": {
"single_entrypoint_defined": True,
"runtime_entry_module": "sovereign_bank_runtime_entry",
"runtime_entry_function": "run_sovereign_bank_runtime",
"one_command_launcher_module": "sovereign_one_command_launcher",
"config_driven_launch_supported": True,
},
"artifact_requirements": {
"audit_chain_storage_required": True,
"crypto_seal_support_required": True,
"manifest_generation_required": True,
"verifier_compatibility_expected": True,
},
}
def _packaging_posture(self) -> Dict[str, Any]:
return {
"current_packaging_state": "structured_runtime_package_available",
"runtime_package_builder": "sovereign_packager",
"one_command_launcher_available": True,
"packaging_notes": [
"Current packaging posture provides structured runtime delivery with launcher config, manifest, integrity inventory, and documentation.",
"Single-command launch is supported through the one-command launcher and config-based execution path.",
"Packaging ergonomics can be further hardened later with containerization or additional installer tooling.",
],
}
def _frictionless_deployment_claim(self) -> Dict[str, Any]:
return {
"claim_label": "low_friction_controlled_deployment",
"status": "qualified_claim",
"meaning": [
"A single runtime entrypoint is defined.",
"A one-command launcher exists for controlled execution modes.",
"A runtime package structure exists for delivery and review.",
"Deployment does not require external cloud dependency or internet connectivity.",
],
"non_meaning": [
"This does not yet mean a universal zero-touch installer across all bank environments.",
"This does not yet imply environment-agnostic deployment without customer-side runtime prerequisites.",
"This does not replace environment-specific hardening, permissions, or integration review.",
],
}
def _deployment_constraints(self) -> List[str]:
return [
"Current deployment profile is designed for controlled bank-grade runtime environments and technical review flows.",
"Single-command launch is available through launcher/config flow, but universal zero-touch installation is not yet the claimed end state.",
"Environment-specific integration, hardening, permissions, and operational review may still be required in customer deployment.",
"Containerized or installer-style delivery remains a future hardening/ergonomics path rather than the only current deployment mode.",
]
def build(self) -> Dict[str, Any]:
profile = {
"profile_type": "Sovereign Deployment Profile",
"generated_at": _utc_now(),
"domain": "banking_and_financial_institutions",
"deployment_modes": self._deployment_modes(),
"environment_requirements": self._environment_requirements(),
"packaging_posture": self._packaging_posture(),
"frictionless_deployment_claim": self._frictionless_deployment_claim(),
"constraints": self._deployment_constraints(),
"summary": {
"supported_primary_mode": "on_prem_controlled_runtime",
"runtime_entrypoint_defined": True,
"one_command_launcher_present": True,
"internet_dependency_required": False,
"cloud_dependency_required": False,
},
}
sealed = self.sealer.seal_object(
profile,
object_type="deployment_profile",
metadata={
"domain": "banking",
"artifact_class": "deployment_profile",
},
)
return {
"ok": True,
"deployment_profile": profile,
"crypto_seal": sealed["seal"],
"sealed": True,
}
BUILDER = SovereignDeploymentProfileBuilder()
def generate_deployment_profile() -> Dict[str, Any]:
return BUILDER.build()
if __name__ == "__main__":
out = generate_deployment_profile()
print(json.dumps(out, indent=2, ensure_ascii=False))