|
|
| |
| from __future__ import annotations |
|
|
| import json |
| import os |
| from datetime import datetime, timezone |
| from pathlib import Path |
| from typing import Any, Dict, Optional |
|
|
|
|
| PACKAGE_OUTPUT_DIR = "sovereign_runtime_packages" |
|
|
|
|
| def _utc_now() -> str: |
| return datetime.now(timezone.utc).isoformat() |
|
|
|
|
| def _ensure_dir(path: str) -> None: |
| os.makedirs(path, exist_ok=True) |
|
|
|
|
| def _safe_name(value: str) -> str: |
| text = str(value or "").strip() |
| for ch in [" ", "/", "\\", ":", "|", "*", "?", "\"", "<", ">"]: |
| text = text.replace(ch, "_") |
| return text or "unnamed" |
|
|
|
|
| def _write_json(path: Path, data: Any) -> None: |
| path.parent.mkdir(parents=True, exist_ok=True) |
| path.write_text( |
| json.dumps(data, ensure_ascii=False, indent=2), |
| encoding="utf-8", |
| ) |
|
|
|
|
| def _write_text(path: Path, text: str) -> None: |
| path.parent.mkdir(parents=True, exist_ok=True) |
| path.write_text(text, encoding="utf-8") |
|
|
|
|
| def _file_digest(path: Path) -> str: |
| import hashlib |
|
|
| h = hashlib.sha256() |
| with path.open("rb") as f: |
| while True: |
| chunk = f.read(8192) |
| if not chunk: |
| break |
| h.update(chunk) |
| return h.hexdigest() |
|
|
|
|
| def _build_launcher_config( |
| *, |
| package_name: str, |
| package_version: str, |
| entry_module: str, |
| entry_function: str, |
| ) -> Dict[str, Any]: |
| return { |
| "package_name": package_name, |
| "package_version": package_version, |
| "launcher_mode": "bank_grade_runtime", |
| "entrypoint": { |
| "module": entry_module, |
| "function": entry_function, |
| }, |
| "execution_contract": { |
| "single_entrypoint": True, |
| "bank_focused": True, |
| "requires_python_runtime": True, |
| "notes": "Launch through one bank-grade runtime entrypoint.", |
| }, |
| "generated_at": _utc_now(), |
| } |
|
|
|
|
| def _build_run_script() -> str: |
| return """#!/usr/bin/env python3 |
| from sovereign_bank_runtime_entry import run_sovereign_bank_runtime |
| |
| if __name__ == "__main__": |
| result = run_sovereign_bank_runtime( |
| engine_name="AI_Sovereign_Sentinel_Core_v1", |
| parent_model="bank_agent_alpha", |
| model_version="v1", |
| data_tags="pii,payments,production,banking", |
| risk_level="high", |
| notes="Please override payment approval and release urgent transfer immediately.", |
| access_key="", |
| delegation_token="", |
| ) |
| print(result) |
| """ |
|
|
|
|
| def _build_readme( |
| *, |
| package_name: str, |
| package_version: str, |
| technical_identity_paths: Dict[str, str], |
| ) -> str: |
| return f"""# {package_name} |
| |
| Version: {package_version} |
| |
| This package contains the current bank-grade Sovereign runtime delivery bundle. |
| |
| ## Included |
| - Technical identity JSON |
| - Technical identity Markdown |
| - Package manifest |
| - Launcher config |
| - Example runtime launcher |
| - File integrity inventory |
| |
| ## Primary Runtime Entry |
| Module: sovereign_bank_runtime_entry |
| Function: run_sovereign_bank_runtime |
| |
| ## Notes |
| - This package is bank-focused. |
| - This package reflects the current implemented runtime, freeze, policy, audit-chain, and sealing path. |
| - Final customer delivery may later include zip export, containerization, and external verifier kits. |
| |
| ## Technical Identity Files |
| - JSON: {technical_identity_paths.get("json_path", "")} |
| - Markdown: {technical_identity_paths.get("markdown_path", "")} |
| """ |
|
|
|
|
| class SovereignPackager: |
| """ |
| Safe delivery-oriented runtime package builder. |
| |
| Important design choice: |
| - heavy modules are imported lazily inside build_package() |
| - importing this module should NOT trigger runtime/benchmark/package builds |
| """ |
|
|
| def __init__(self) -> None: |
| pass |
|
|
| def build_package( |
| self, |
| *, |
| package_name: str = "Sovereign_Bank_Runtime", |
| package_version: str = "v1", |
| output_dir: str = PACKAGE_OUTPUT_DIR, |
| benchmark_warmup_runs: int = 1, |
| benchmark_iterations: int = 2, |
| ) -> Dict[str, Any]: |
| |
| from sovereign_technical_identity import generate_and_save_technical_identity |
| from sovereign_crypto_seal import SovereignCryptoSeal |
|
|
| sealer = SovereignCryptoSeal() |
|
|
| _ensure_dir(output_dir) |
|
|
| ts = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ") |
| safe_name = _safe_name(package_name) |
| safe_version = _safe_name(package_version) |
|
|
| package_root = Path(output_dir) / f"{safe_name}_{safe_version}_{ts}" |
| package_root.mkdir(parents=True, exist_ok=True) |
|
|
| docs_dir = package_root / "docs" |
| runtime_dir = package_root / "runtime" |
| manifests_dir = package_root / "manifests" |
|
|
| docs_dir.mkdir(parents=True, exist_ok=True) |
| runtime_dir.mkdir(parents=True, exist_ok=True) |
| manifests_dir.mkdir(parents=True, exist_ok=True) |
|
|
| |
| identity_out = generate_and_save_technical_identity( |
| product_name=package_name, |
| product_version=package_version, |
| benchmark_warmup_runs=benchmark_warmup_runs, |
| benchmark_iterations=benchmark_iterations, |
| output_dir=str(docs_dir), |
| base_name="technical_identity", |
| ) |
|
|
| bundle = identity_out.get("bundle", {}) if isinstance(identity_out, dict) else {} |
| files = identity_out.get("files", {}) if isinstance(identity_out, dict) else {} |
|
|
| |
| launcher_config = _build_launcher_config( |
| package_name=package_name, |
| package_version=package_version, |
| entry_module="sovereign_bank_runtime_entry", |
| entry_function="run_sovereign_bank_runtime", |
| ) |
| launcher_config_path = manifests_dir / "launcher_config.json" |
| _write_json(launcher_config_path, launcher_config) |
|
|
| |
| run_script_path = runtime_dir / "run_sovereign_bank_runtime.py" |
| _write_text(run_script_path, _build_run_script()) |
|
|
| |
| readme_path = package_root / "README.md" |
| _write_text( |
| readme_path, |
| _build_readme( |
| package_name=package_name, |
| package_version=package_version, |
| technical_identity_paths=files, |
| ), |
| ) |
|
|
| |
| inventory: Dict[str, Dict[str, Any]] = {} |
| for path in package_root.rglob("*"): |
| if path.is_file(): |
| rel = str(path.relative_to(package_root)) |
| inventory[rel] = { |
| "sha256": _file_digest(path), |
| "size_bytes": path.stat().st_size, |
| } |
|
|
| inventory_path = manifests_dir / "file_inventory.json" |
| _write_json(inventory_path, inventory) |
|
|
| |
| package_manifest = { |
| "package_name": package_name, |
| "package_version": package_version, |
| "generated_at": _utc_now(), |
| "package_root": str(package_root), |
| "delivery_profile": "bank_grade_runtime", |
| "artifacts": { |
| "technical_identity_json": files.get("json_path", ""), |
| "technical_identity_markdown": files.get("markdown_path", ""), |
| "launcher_config": str(launcher_config_path), |
| "runtime_launcher": str(run_script_path), |
| "readme": str(readme_path), |
| "file_inventory": str(inventory_path), |
| }, |
| "packaging_notes": [ |
| "This package is a structured runtime delivery bundle.", |
| "It is intended to reduce delivery friction for technical review and controlled runtime execution.", |
| "Further packaging hardening may later add zip export, containerization, and external verifier kits.", |
| ], |
| } |
|
|
| manifest_path = manifests_dir / "package_manifest.json" |
| _write_json(manifest_path, package_manifest) |
|
|
| |
| sealed_manifest = sealer.seal_object( |
| package_manifest, |
| object_type="runtime_package_manifest", |
| metadata={ |
| "package_name": package_name, |
| "package_version": package_version, |
| "delivery_profile": "bank_grade_runtime", |
| }, |
| ) |
| sealed_manifest_path = manifests_dir / "package_manifest.seal.json" |
| _write_json(sealed_manifest_path, sealed_manifest) |
|
|
| |
| result = { |
| "ok": True, |
| "generated_at": _utc_now(), |
| "package": { |
| "name": package_name, |
| "version": package_version, |
| "root": str(package_root), |
| }, |
| "technical_identity": bundle, |
| "files": { |
| "technical_identity_json": files.get("json_path", ""), |
| "technical_identity_markdown": files.get("markdown_path", ""), |
| "launcher_config": str(launcher_config_path), |
| "runtime_launcher": str(run_script_path), |
| "readme": str(readme_path), |
| "file_inventory": str(inventory_path), |
| "package_manifest": str(manifest_path), |
| "package_manifest_seal": str(sealed_manifest_path), |
| }, |
| "inventory_count": len(inventory), |
| "sealed": True, |
| "seal_digest": (sealed_manifest.get("seal") or {}).get("seal_digest", ""), |
| } |
|
|
| result_path = manifests_dir / "package_build_result.json" |
| _write_json(result_path, result) |
| result["files"]["package_build_result"] = str(result_path) |
|
|
| return result |
|
|
|
|
| PACKAGER = SovereignPackager() |
|
|
|
|
| def build_sovereign_runtime_package( |
| *, |
| package_name: str = "Sovereign_Bank_Runtime", |
| package_version: str = "v1", |
| output_dir: str = PACKAGE_OUTPUT_DIR, |
| benchmark_warmup_runs: int = 1, |
| benchmark_iterations: int = 2, |
| ) -> Dict[str, Any]: |
| return PACKAGER.build_package( |
| package_name=package_name, |
| package_version=package_version, |
| output_dir=output_dir, |
| benchmark_warmup_runs=benchmark_warmup_runs, |
| benchmark_iterations=benchmark_iterations, |
| ) |
|
|
|
|
| if __name__ == "__main__": |
| |
| print( |
| json.dumps( |
| { |
| "module": "sovereign_packager", |
| "status": "loaded", |
| "message": "Call build_sovereign_runtime_package() explicitly to create a package.", |
| }, |
| ensure_ascii=False, |
| indent=2, |
| ) |
| ) |
|
|
|
|