|
|
| |
| from __future__ import annotations |
|
|
| import json |
| from datetime import datetime, timezone |
| from typing import Any, Dict, List, Optional |
|
|
| from sovereign_crypto_seal import SovereignCryptoSeal |
|
|
|
|
| def _utc_now() -> str: |
| return datetime.now(timezone.utc).isoformat() |
|
|
|
|
| class SovereignDeploymentProfileBuilder: |
| """ |
| Builds a bank-grade deployment profile for Sovereign. |
| |
| Purpose: |
| - Define supported deployment postures |
| - Make runtime entry and packaging posture explicit |
| - Clarify what 'low-friction deployment' means in technical terms |
| - Provide a sealed machine-readable deployment artifact |
| """ |
|
|
| def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: |
| self.sealer = sealer or SovereignCryptoSeal() |
|
|
| def _deployment_modes(self) -> List[Dict[str, Any]]: |
| return [ |
| { |
| "mode": "on_prem_controlled_runtime", |
| "status": "supported_primary", |
| "description": "Primary target posture for banks and financial institutions. Runtime executes within customer-controlled environment.", |
| "intended_use": [ |
| "bank internal runtime control", |
| "regulated AI workflow governance", |
| "controlled financial execution oversight", |
| ], |
| }, |
| { |
| "mode": "evaluation_bundle_runtime", |
| "status": "supported_secondary", |
| "description": "Evaluation / pilot posture for controlled technical validation before broader rollout.", |
| "intended_use": [ |
| "technical pilot", |
| "benchmark validation", |
| "artifact verification", |
| ], |
| }, |
| { |
| "mode": "single_command_launcher_runtime", |
| "status": "in_progress", |
| "description": "Low-friction launch posture using the packaged runtime launcher and config-driven execution path.", |
| "intended_use": [ |
| "reduced deployment friction", |
| "controlled packaged execution", |
| ], |
| }, |
| { |
| "mode": "containerized_delivery", |
| "status": "planned_next", |
| "description": "Future packaging posture for stronger delivery ergonomics and runtime portability.", |
| "intended_use": [ |
| "container delivery", |
| "controlled platform portability", |
| ], |
| }, |
| ] |
|
|
| def _environment_requirements(self) -> Dict[str, Any]: |
| return { |
| "runtime_requirements": { |
| "python_runtime_required": True, |
| "filesystem_write_required": True, |
| "json_artifact_support_required": True, |
| "local_execution_supported": True, |
| }, |
| "network_requirements": { |
| "internet_required": False, |
| "cloud_dependency_required": False, |
| "external_dns_required": False, |
| "offline_posture_supported": True, |
| }, |
| "execution_requirements": { |
| "single_entrypoint_defined": True, |
| "runtime_entry_module": "sovereign_bank_runtime_entry", |
| "runtime_entry_function": "run_sovereign_bank_runtime", |
| "one_command_launcher_module": "sovereign_one_command_launcher", |
| "config_driven_launch_supported": True, |
| }, |
| "artifact_requirements": { |
| "audit_chain_storage_required": True, |
| "crypto_seal_support_required": True, |
| "manifest_generation_required": True, |
| "verifier_compatibility_expected": True, |
| }, |
| } |
|
|
| def _packaging_posture(self) -> Dict[str, Any]: |
| return { |
| "current_packaging_state": "structured_runtime_package_available", |
| "runtime_package_builder": "sovereign_packager", |
| "one_command_launcher_available": True, |
| "packaging_notes": [ |
| "Current packaging posture provides structured runtime delivery with launcher config, manifest, integrity inventory, and documentation.", |
| "Single-command launch is supported through the one-command launcher and config-based execution path.", |
| "Packaging ergonomics can be further hardened later with containerization or additional installer tooling.", |
| ], |
| } |
|
|
| def _frictionless_deployment_claim(self) -> Dict[str, Any]: |
| return { |
| "claim_label": "low_friction_controlled_deployment", |
| "status": "qualified_claim", |
| "meaning": [ |
| "A single runtime entrypoint is defined.", |
| "A one-command launcher exists for controlled execution modes.", |
| "A runtime package structure exists for delivery and review.", |
| "Deployment does not require external cloud dependency or internet connectivity.", |
| ], |
| "non_meaning": [ |
| "This does not yet mean a universal zero-touch installer across all bank environments.", |
| "This does not yet imply environment-agnostic deployment without customer-side runtime prerequisites.", |
| "This does not replace environment-specific hardening, permissions, or integration review.", |
| ], |
| } |
|
|
| def _deployment_constraints(self) -> List[str]: |
| return [ |
| "Current deployment profile is designed for controlled bank-grade runtime environments and technical review flows.", |
| "Single-command launch is available through launcher/config flow, but universal zero-touch installation is not yet the claimed end state.", |
| "Environment-specific integration, hardening, permissions, and operational review may still be required in customer deployment.", |
| "Containerized or installer-style delivery remains a future hardening/ergonomics path rather than the only current deployment mode.", |
| ] |
|
|
| def build(self) -> Dict[str, Any]: |
| profile = { |
| "profile_type": "Sovereign Deployment Profile", |
| "generated_at": _utc_now(), |
| "domain": "banking_and_financial_institutions", |
| "deployment_modes": self._deployment_modes(), |
| "environment_requirements": self._environment_requirements(), |
| "packaging_posture": self._packaging_posture(), |
| "frictionless_deployment_claim": self._frictionless_deployment_claim(), |
| "constraints": self._deployment_constraints(), |
| "summary": { |
| "supported_primary_mode": "on_prem_controlled_runtime", |
| "runtime_entrypoint_defined": True, |
| "one_command_launcher_present": True, |
| "internet_dependency_required": False, |
| "cloud_dependency_required": False, |
| }, |
| } |
|
|
| sealed = self.sealer.seal_object( |
| profile, |
| object_type="deployment_profile", |
| metadata={ |
| "domain": "banking", |
| "artifact_class": "deployment_profile", |
| }, |
| ) |
|
|
| return { |
| "ok": True, |
| "deployment_profile": profile, |
| "crypto_seal": sealed["seal"], |
| "sealed": True, |
| } |
|
|
|
|
| BUILDER = SovereignDeploymentProfileBuilder() |
|
|
|
|
| def generate_deployment_profile() -> Dict[str, Any]: |
| return BUILDER.build() |
|
|
|
|
| if __name__ == "__main__": |
| out = generate_deployment_profile() |
| print(json.dumps(out, indent=2, ensure_ascii=False)) |
|
|
|
|