AI-Sovereign-sentinel / sovereign_external_verifier.py
rezabarkhordary's picture
Create sovereign_external_verifier.py
0b8099f verified
Raw
History Blame
9.52 kB
# sovereign_external_verifier.py
from __future__ import annotations
import argparse
import json
from pathlib import Path
from typing import Any, Dict, List, Optional
from sovereign_crypto_seal import SovereignCryptoSeal
def _load_json(path: str) -> Dict[str, Any]:
p = Path(path)
if not p.exists():
raise FileNotFoundError(f"File not found: {path}")
data = json.loads(p.read_text(encoding="utf-8"))
if not isinstance(data, dict):
raise ValueError(f"JSON root must be an object: {path}")
return data
class SovereignExternalVerifier:
"""
Independent verifier for Sovereign artifacts.
Supports verification of:
- runtime result bundles
- benchmark bundles
- technical identity bundles
- evidence manifest bundles
"""
def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
self.sealer = sealer or SovereignCryptoSeal()
# ------------------------------------------------------------------
# Core verify helpers
# ------------------------------------------------------------------
def verify_runtime_result_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
seal = bundle.get("crypto_seal")
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "runtime_result",
"verified": False,
"error": "missing_runtime_crypto_seal",
}
obj = dict(bundle)
obj.pop("crypto_seal", None)
obj.pop("sealed", None)
verified = self.sealer.verify_object(obj, seal)
return {
"ok": bool(verified.get("ok")),
"artifact_type": "runtime_result",
"verified": bool(verified.get("verified")),
"verification": verified,
}
def verify_benchmark_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
seal = bundle.get("crypto_seal")
report = bundle.get("report")
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "benchmark_bundle",
"verified": False,
"error": "missing_benchmark_crypto_seal",
}
if not isinstance(report, dict):
return {
"ok": False,
"artifact_type": "benchmark_bundle",
"verified": False,
"error": "missing_benchmark_report",
}
verified = self.sealer.verify_object(report, seal)
return {
"ok": bool(verified.get("ok")),
"artifact_type": "benchmark_bundle",
"verified": bool(verified.get("verified")),
"verification": verified,
}
def verify_manifest_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
manifest_bundle = bundle.get("manifest_bundle")
if not isinstance(manifest_bundle, dict):
return {
"ok": False,
"artifact_type": "manifest_bundle",
"verified": False,
"error": "missing_manifest_bundle",
}
manifest = manifest_bundle.get("manifest")
seal = manifest_bundle.get("seal")
if not isinstance(manifest, dict):
return {
"ok": False,
"artifact_type": "manifest_bundle",
"verified": False,
"error": "missing_manifest_object",
}
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "manifest_bundle",
"verified": False,
"error": "missing_manifest_seal",
}
verified = self.sealer.verify_object(manifest, seal)
return {
"ok": bool(verified.get("ok")),
"artifact_type": "manifest_bundle",
"verified": bool(verified.get("verified")),
"verification": verified,
}
def verify_technical_identity_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
identity = bundle.get("technical_identity")
if not isinstance(identity, dict):
return {
"ok": False,
"artifact_type": "technical_identity_bundle",
"verified": False,
"error": "missing_technical_identity",
}
seal = identity.get("crypto_seal")
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "technical_identity_bundle",
"verified": False,
"error": "missing_technical_identity_seal",
}
identity_obj = dict(identity)
identity_obj.pop("crypto_seal", None)
identity_obj.pop("sealed", None)
identity_verification = self.sealer.verify_object(identity_obj, seal)
nested_checks: List[Dict[str, Any]] = []
runtime_result = bundle.get("runtime_result")
if isinstance(runtime_result, dict):
nested_checks.append(self.verify_runtime_result_bundle(runtime_result))
benchmark_bundle = bundle.get("benchmark_bundle")
if isinstance(benchmark_bundle, dict):
nested_checks.append(self.verify_benchmark_bundle(benchmark_bundle))
manifest_bundle = bundle.get("manifest_bundle")
if isinstance(manifest_bundle, dict):
nested_checks.append(self.verify_manifest_bundle({"manifest_bundle": manifest_bundle}))
all_nested_ok = all(bool(x.get("verified")) for x in nested_checks) if nested_checks else True
return {
"ok": bool(identity_verification.get("ok")) and all_nested_ok,
"artifact_type": "technical_identity_bundle",
"verified": bool(identity_verification.get("verified")) and all_nested_ok,
"technical_identity_verification": identity_verification,
"nested_verifications": nested_checks,
}
# ------------------------------------------------------------------
# Auto-detect
# ------------------------------------------------------------------
def verify_auto(self, obj: Dict[str, Any]) -> Dict[str, Any]:
if "technical_identity" in obj:
return self.verify_technical_identity_bundle(obj)
if "report" in obj and "crypto_seal" in obj:
return self.verify_benchmark_bundle(obj)
if "manifest_bundle" in obj:
return self.verify_manifest_bundle(obj)
if "crypto_seal" in obj:
return self.verify_runtime_result_bundle(obj)
return {
"ok": False,
"verified": False,
"artifact_type": "unknown",
"error": "could_not_detect_artifact_type",
}
def verify_file(self, path: str) -> Dict[str, Any]:
obj = _load_json(path)
result = self.verify_auto(obj)
result["source_file"] = path
return result
# ------------------------------------------------------------------
# Human-readable summary
# ------------------------------------------------------------------
def summarize(self, result: Dict[str, Any]) -> Dict[str, Any]:
artifact_type = result.get("artifact_type", "unknown")
verified = bool(result.get("verified", False))
summary = {
"artifact_type": artifact_type,
"verified": verified,
"status": "VALID" if verified else "INVALID",
}
if result.get("source_file"):
summary["source_file"] = result["source_file"]
if artifact_type == "technical_identity_bundle":
tiv = result.get("technical_identity_verification", {}) or {}
nested = result.get("nested_verifications", []) or []
summary["technical_identity_verified"] = bool(tiv.get("verified", False))
summary["nested_verified_count"] = sum(1 for x in nested if x.get("verified"))
summary["nested_total"] = len(nested)
verification = result.get("verification", {}) or {}
if isinstance(verification, dict):
if verification.get("object_digest"):
summary["object_digest"] = verification["object_digest"]
if verification.get("seal_digest"):
summary["seal_digest"] = verification["seal_digest"]
return summary
VERIFIER = SovereignExternalVerifier()
def verify_artifact_file(path: str) -> Dict[str, Any]:
return VERIFIER.verify_file(path)
def summarize_verification(result: Dict[str, Any]) -> Dict[str, Any]:
return VERIFIER.summarize(result)
def _build_arg_parser() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser(
description="Independent verifier for Sovereign bank-grade artifacts."
)
parser.add_argument(
"--file",
required=True,
help="Path to JSON artifact file to verify.",
)
parser.add_argument(
"--summary-only",
action="store_true",
help="Print only compact summary instead of full verification result.",
)
return parser
if __name__ == "__main__":
parser = _build_arg_parser()
args = parser.parse_args()
verification = verify_artifact_file(args.file)
if args.summary_only:
print(json.dumps(summarize_verification(verification), ensure_ascii=False, indent=2))
else:
print(json.dumps(verification, ensure_ascii=False, indent=2))