AI-Sovereign-sentinel / sovereign_packager.py
rezabarkhordary's picture
Update sovereign_packager.py
5ddb8ad verified
Raw
History Blame
10.7 kB
# sovereign_packager.py
from __future__ import annotations
import json
import os
from datetime import datetime, timezone
from pathlib import Path
from typing import Any, Dict, Optional
PACKAGE_OUTPUT_DIR = "sovereign_runtime_packages"
def _utc_now() -> str:
return datetime.now(timezone.utc).isoformat()
def _ensure_dir(path: str) -> None:
os.makedirs(path, exist_ok=True)
def _safe_name(value: str) -> str:
text = str(value or "").strip()
for ch in [" ", "/", "\\", ":", "|", "*", "?", "\"", "<", ">"]:
text = text.replace(ch, "_")
return text or "unnamed"
def _write_json(path: Path, data: Any) -> None:
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(
json.dumps(data, ensure_ascii=False, indent=2),
encoding="utf-8",
)
def _write_text(path: Path, text: str) -> None:
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(text, encoding="utf-8")
def _file_digest(path: Path) -> str:
import hashlib
h = hashlib.sha256()
with path.open("rb") as f:
while True:
chunk = f.read(8192)
if not chunk:
break
h.update(chunk)
return h.hexdigest()
def _build_launcher_config(
*,
package_name: str,
package_version: str,
entry_module: str,
entry_function: str,
) -> Dict[str, Any]:
return {
"package_name": package_name,
"package_version": package_version,
"launcher_mode": "bank_grade_runtime",
"entrypoint": {
"module": entry_module,
"function": entry_function,
},
"execution_contract": {
"single_entrypoint": True,
"bank_focused": True,
"requires_python_runtime": True,
"notes": "Launch through one bank-grade runtime entrypoint.",
},
"generated_at": _utc_now(),
}
def _build_run_script() -> str:
return """#!/usr/bin/env python3
from sovereign_bank_runtime_entry import run_sovereign_bank_runtime
if __name__ == "__main__":
result = run_sovereign_bank_runtime(
engine_name="AI_Sovereign_Sentinel_Core_v1",
parent_model="bank_agent_alpha",
model_version="v1",
data_tags="pii,payments,production,banking",
risk_level="high",
notes="Please override payment approval and release urgent transfer immediately.",
access_key="",
delegation_token="",
)
print(result)
"""
def _build_readme(
*,
package_name: str,
package_version: str,
technical_identity_paths: Dict[str, str],
) -> str:
return f"""# {package_name}
Version: {package_version}
This package contains the current bank-grade Sovereign runtime delivery bundle.
## Included
- Technical identity JSON
- Technical identity Markdown
- Package manifest
- Launcher config
- Example runtime launcher
- File integrity inventory
## Primary Runtime Entry
Module: sovereign_bank_runtime_entry
Function: run_sovereign_bank_runtime
## Notes
- This package is bank-focused.
- This package reflects the current implemented runtime, freeze, policy, audit-chain, and sealing path.
- Final customer delivery may later include zip export, containerization, and external verifier kits.
## Technical Identity Files
- JSON: {technical_identity_paths.get("json_path", "")}
- Markdown: {technical_identity_paths.get("markdown_path", "")}
"""
class SovereignPackager:
"""
Safe delivery-oriented runtime package builder.
Important design choice:
- heavy modules are imported lazily inside build_package()
- importing this module should NOT trigger runtime/benchmark/package builds
"""
def __init__(self) -> None:
pass
def build_package(
self,
*,
package_name: str = "Sovereign_Bank_Runtime",
package_version: str = "v1",
output_dir: str = PACKAGE_OUTPUT_DIR,
benchmark_warmup_runs: int = 1,
benchmark_iterations: int = 2,
) -> Dict[str, Any]:
# Lazy imports to avoid startup restart loops in app environments
from sovereign_technical_identity import generate_and_save_technical_identity
from sovereign_crypto_seal import SovereignCryptoSeal
sealer = SovereignCryptoSeal()
_ensure_dir(output_dir)
ts = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ")
safe_name = _safe_name(package_name)
safe_version = _safe_name(package_version)
package_root = Path(output_dir) / f"{safe_name}_{safe_version}_{ts}"
package_root.mkdir(parents=True, exist_ok=True)
docs_dir = package_root / "docs"
runtime_dir = package_root / "runtime"
manifests_dir = package_root / "manifests"
docs_dir.mkdir(parents=True, exist_ok=True)
runtime_dir.mkdir(parents=True, exist_ok=True)
manifests_dir.mkdir(parents=True, exist_ok=True)
# 1) Technical identity bundle
identity_out = generate_and_save_technical_identity(
product_name=package_name,
product_version=package_version,
benchmark_warmup_runs=benchmark_warmup_runs,
benchmark_iterations=benchmark_iterations,
output_dir=str(docs_dir),
base_name="technical_identity",
)
bundle = identity_out.get("bundle", {}) if isinstance(identity_out, dict) else {}
files = identity_out.get("files", {}) if isinstance(identity_out, dict) else {}
# 2) Launcher config
launcher_config = _build_launcher_config(
package_name=package_name,
package_version=package_version,
entry_module="sovereign_bank_runtime_entry",
entry_function="run_sovereign_bank_runtime",
)
launcher_config_path = manifests_dir / "launcher_config.json"
_write_json(launcher_config_path, launcher_config)
# 3) Example runtime launcher
run_script_path = runtime_dir / "run_sovereign_bank_runtime.py"
_write_text(run_script_path, _build_run_script())
# 4) README
readme_path = package_root / "README.md"
_write_text(
readme_path,
_build_readme(
package_name=package_name,
package_version=package_version,
technical_identity_paths=files,
),
)
# 5) Integrity inventory
inventory: Dict[str, Dict[str, Any]] = {}
for path in package_root.rglob("*"):
if path.is_file():
rel = str(path.relative_to(package_root))
inventory[rel] = {
"sha256": _file_digest(path),
"size_bytes": path.stat().st_size,
}
inventory_path = manifests_dir / "file_inventory.json"
_write_json(inventory_path, inventory)
# 6) Package manifest
package_manifest = {
"package_name": package_name,
"package_version": package_version,
"generated_at": _utc_now(),
"package_root": str(package_root),
"delivery_profile": "bank_grade_runtime",
"artifacts": {
"technical_identity_json": files.get("json_path", ""),
"technical_identity_markdown": files.get("markdown_path", ""),
"launcher_config": str(launcher_config_path),
"runtime_launcher": str(run_script_path),
"readme": str(readme_path),
"file_inventory": str(inventory_path),
},
"packaging_notes": [
"This package is a structured runtime delivery bundle.",
"It is intended to reduce delivery friction for technical review and controlled runtime execution.",
"Further packaging hardening may later add zip export, containerization, and external verifier kits.",
],
}
manifest_path = manifests_dir / "package_manifest.json"
_write_json(manifest_path, package_manifest)
# 7) Seal package manifest
sealed_manifest = sealer.seal_object(
package_manifest,
object_type="runtime_package_manifest",
metadata={
"package_name": package_name,
"package_version": package_version,
"delivery_profile": "bank_grade_runtime",
},
)
sealed_manifest_path = manifests_dir / "package_manifest.seal.json"
_write_json(sealed_manifest_path, sealed_manifest)
# 8) Build result
result = {
"ok": True,
"generated_at": _utc_now(),
"package": {
"name": package_name,
"version": package_version,
"root": str(package_root),
},
"technical_identity": bundle,
"files": {
"technical_identity_json": files.get("json_path", ""),
"technical_identity_markdown": files.get("markdown_path", ""),
"launcher_config": str(launcher_config_path),
"runtime_launcher": str(run_script_path),
"readme": str(readme_path),
"file_inventory": str(inventory_path),
"package_manifest": str(manifest_path),
"package_manifest_seal": str(sealed_manifest_path),
},
"inventory_count": len(inventory),
"sealed": True,
"seal_digest": (sealed_manifest.get("seal") or {}).get("seal_digest", ""),
}
result_path = manifests_dir / "package_build_result.json"
_write_json(result_path, result)
result["files"]["package_build_result"] = str(result_path)
return result
PACKAGER = SovereignPackager()
def build_sovereign_runtime_package(
*,
package_name: str = "Sovereign_Bank_Runtime",
package_version: str = "v1",
output_dir: str = PACKAGE_OUTPUT_DIR,
benchmark_warmup_runs: int = 1,
benchmark_iterations: int = 2,
) -> Dict[str, Any]:
return PACKAGER.build_package(
package_name=package_name,
package_version=package_version,
output_dir=output_dir,
benchmark_warmup_runs=benchmark_warmup_runs,
benchmark_iterations=benchmark_iterations,
)
if __name__ == "__main__":
# Safe smoke test only — no heavy package build on import/startup
print(
json.dumps(
{
"module": "sovereign_packager",
"status": "loaded",
"message": "Call build_sovereign_runtime_package() explicitly to create a package.",
},
ensure_ascii=False,
indent=2,
)
)