|
|
| |
| from __future__ import annotations |
|
|
| import json |
| from datetime import datetime, timezone |
| from typing import Any, Dict, List, Optional |
|
|
| from sovereign_crypto_seal import SovereignCryptoSeal |
|
|
|
|
| def _utc_now() -> str: |
| return datetime.now(timezone.utc).isoformat() |
|
|
|
|
| class SovereignFailSafeProfileBuilder: |
| """ |
| Builds a bank-grade fail-safe / fail-closed posture profile. |
| |
| Purpose: |
| - Describe how Sovereign should behave under internal failure or uncertainty |
| - Make failure handling explicit for technical buyers |
| - Distinguish forbidden fail-open paths from permitted controlled degrade paths |
| """ |
|
|
| def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: |
| self.sealer = sealer or SovereignCryptoSeal() |
|
|
| def _failure_modes(self) -> List[Dict[str, Any]]: |
| return [ |
| { |
| "failure_mode": "authority_decision_unavailable", |
| "category": "decision_path", |
| "default_action": "FREEZE", |
| "posture": "fail_closed", |
| "rationale": "If runtime authority cannot produce a trusted decision, execution should not proceed autonomously.", |
| }, |
| { |
| "failure_mode": "audit_chain_write_failure", |
| "category": "evidence_path", |
| "default_action": "FREEZE", |
| "posture": "fail_closed", |
| "rationale": "If evidentiary continuity cannot be preserved, execution should pause rather than proceed without traceability.", |
| }, |
| { |
| "failure_mode": "crypto_seal_failure", |
| "category": "evidence_integrity", |
| "default_action": "FREEZE", |
| "posture": "fail_closed", |
| "rationale": "If cryptographic sealing cannot be produced where required, runtime trust posture should degrade conservatively.", |
| }, |
| { |
| "failure_mode": "freeze_state_lookup_failure", |
| "category": "freeze_lifecycle", |
| "default_action": "FREEZE", |
| "posture": "fail_closed", |
| "rationale": "If freeze state cannot be resolved, ambiguous execution should remain suspended.", |
| }, |
| { |
| "failure_mode": "policy_engine_failure", |
| "category": "policy_path", |
| "default_action": "FREEZE", |
| "posture": "fail_closed", |
| "rationale": "If bank policy evaluation is unavailable, high-risk financial execution should not continue.", |
| }, |
| { |
| "failure_mode": "manifest_verification_failure", |
| "category": "artifact_integrity", |
| "default_action": "BLOCK", |
| "posture": "fail_closed_hard", |
| "rationale": "If artifact integrity is explicitly invalidated, trust should collapse to BLOCK rather than soft suspension.", |
| }, |
| { |
| "failure_mode": "tamper_detected", |
| "category": "integrity", |
| "default_action": "BLOCK", |
| "posture": "fail_closed_hard", |
| "rationale": "Explicit tamper signals should not permit continued autonomous execution.", |
| }, |
| { |
| "failure_mode": "runtime_timeout", |
| "category": "operational", |
| "default_action": "FREEZE", |
| "posture": "timeout_to_freeze", |
| "rationale": "Timeout should degrade to proportional suspension rather than silent allow.", |
| }, |
| { |
| "failure_mode": "configuration_unreadable", |
| "category": "configuration", |
| "default_action": "BLOCK", |
| "posture": "fail_closed_hard", |
| "rationale": "Unreadable or invalid runtime configuration makes authoritative execution unsafe.", |
| }, |
| { |
| "failure_mode": "state_corruption_detected", |
| "category": "state_integrity", |
| "default_action": "BLOCK", |
| "posture": "fail_closed_hard", |
| "rationale": "Corrupted control state invalidates trust assumptions and should terminate autonomous execution permission.", |
| }, |
| ] |
|
|
| def _operational_principles(self) -> List[Dict[str, Any]]: |
| return [ |
| { |
| "principle": "no_silent_fail_open", |
| "status": "required", |
| "description": "No critical authority-path failure should silently downgrade to ALLOW.", |
| }, |
| { |
| "principle": "ambiguity_prefers_freeze", |
| "status": "required", |
| "description": "Where uncertainty exists without explicit tamper proof, ambiguity should default to FREEZE.", |
| }, |
| { |
| "principle": "integrity_break_prefers_block", |
| "status": "required", |
| "description": "Where trust or integrity is explicitly broken, posture should collapse to BLOCK.", |
| }, |
| { |
| "principle": "evidence_continuity_required", |
| "status": "required", |
| "description": "Execution without minimum evidentiary continuity is not considered bank-grade safe.", |
| }, |
| { |
| "principle": "manual_recovery_path_required", |
| "status": "required", |
| "description": "Fail-safe states must remain reviewable and recoverable through controlled human workflow where appropriate.", |
| }, |
| ] |
|
|
| def build(self) -> Dict[str, Any]: |
| failure_modes = self._failure_modes() |
| principles = self._operational_principles() |
|
|
| posture = { |
| "profile_type": "Sovereign Fail-Safe Profile", |
| "generated_at": _utc_now(), |
| "domain": "banking_and_financial_institutions", |
| "default_fail_posture": "fail_closed", |
| "fail_open_policy": "forbidden_for_critical_paths", |
| "ambiguity_policy": "freeze_by_default", |
| "tamper_policy": "block_by_default", |
| "timeout_policy": "freeze_by_default", |
| "manual_override_policy": "controlled_and_audited", |
| "failure_modes": failure_modes, |
| "operational_principles": principles, |
| "summary": { |
| "total_failure_modes": len(failure_modes), |
| "freeze_defaults": sum(1 for x in failure_modes if x["default_action"] == "FREEZE"), |
| "block_defaults": sum(1 for x in failure_modes if x["default_action"] == "BLOCK"), |
| }, |
| "notes": [ |
| "This profile defines intended bank-grade fail-safe posture, not a substitute for environment-specific deployment validation.", |
| "Fail-safe posture should be interpreted together with runtime enforcement, freeze lifecycle, audit-chain continuity, and verifier outputs.", |
| "Critical-path fail-open behavior is treated as unacceptable in this profile.", |
| ], |
| } |
|
|
| sealed = self.sealer.seal_object( |
| posture, |
| object_type="fail_safe_profile", |
| metadata={ |
| "domain": "banking", |
| "artifact_class": "fail_safe_profile", |
| }, |
| ) |
|
|
| return { |
| "ok": True, |
| "fail_safe_profile": posture, |
| "crypto_seal": sealed["seal"], |
| "sealed": True, |
| } |
|
|
|
|
| BUILDER = SovereignFailSafeProfileBuilder() |
|
|
|
|
| def generate_fail_safe_profile() -> Dict[str, Any]: |
| return BUILDER.build() |
|
|
|
|
| if __name__ == "__main__": |
| out = generate_fail_safe_profile() |
| print(json.dumps(out, indent=2, ensure_ascii=False)) |
|
|
|
|