AI-Sovereign-sentinel / sovereign_external_verifier_v11.py
rezabarkhordary's picture
Create sovereign_external_verifier_v11.py
dcc5952 verified
Raw
History Blame
8.03 kB
# sovereign_external_verifier_v11.py
from __future__ import annotations
import argparse
import json
from pathlib import Path
from typing import Any, Dict, List, Optional
from sovereign_crypto_seal import SovereignCryptoSeal
def _load_json(path: str) -> Dict[str, Any]:
p = Path(path)
if not p.exists():
raise FileNotFoundError(f"File not found: {path}")
data = json.loads(p.read_text(encoding="utf-8"))
if not isinstance(data, dict):
raise ValueError(f"JSON root must be an object: {path}")
return data
class SovereignExternalVerifierV11:
"""
Extended independent verifier for Sovereign artifacts (bank-grade).
Added in v11:
- Hardening profile verification
- Hardening report verification
"""
def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
self.sealer = sealer or SovereignCryptoSeal()
# ------------------------------------------------------------------
# Core
# ------------------------------------------------------------------
def _verify_object_with_seal(
self,
*,
artifact_type: str,
obj: Dict[str, Any],
seal: Dict[str, Any],
) -> Dict[str, Any]:
verified = self.sealer.verify_object(obj, seal)
return {
"ok": bool(verified.get("ok")),
"artifact_type": artifact_type,
"verified": bool(verified.get("verified")),
"verification": verified,
}
# ------------------------------------------------------------------
# Hardening
# ------------------------------------------------------------------
def verify_hardening_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
seal = bundle.get("crypto_seal")
profile = bundle.get("hardening_profile")
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "hardening_profile_bundle",
"verified": False,
"error": "missing_hardening_crypto_seal",
}
if not isinstance(profile, dict):
return {
"ok": False,
"artifact_type": "hardening_profile_bundle",
"verified": False,
"error": "missing_hardening_profile",
}
return self._verify_object_with_seal(
artifact_type="hardening_profile_bundle",
obj=profile,
seal=seal,
)
def verify_hardening_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
inner = bundle.get("bundle")
if not isinstance(inner, dict):
return {
"ok": False,
"artifact_type": "hardening_report_bundle",
"verified": False,
"error": "missing_inner_hardening_bundle",
}
verified = self.verify_hardening_profile_bundle(inner)
return {
"ok": bool(verified.get("ok")),
"artifact_type": "hardening_report_bundle",
"verified": bool(verified.get("verified")),
"inner_verification": verified,
}
# ------------------------------------------------------------------
# Runtime (minimal reuse)
# ------------------------------------------------------------------
def verify_runtime_result_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
seal = bundle.get("crypto_seal")
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "runtime_result",
"verified": False,
"error": "missing_runtime_crypto_seal",
}
obj = dict(bundle)
obj.pop("crypto_seal", None)
obj.pop("sealed", None)
return self._verify_object_with_seal(
artifact_type="runtime_result",
obj=obj,
seal=seal,
)
# ------------------------------------------------------------------
# Technical Identity (extended)
# ------------------------------------------------------------------
def verify_technical_identity_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
identity = bundle.get("technical_identity")
if not isinstance(identity, dict):
return {
"ok": False,
"artifact_type": "technical_identity_bundle",
"verified": False,
"error": "missing_technical_identity",
}
seal = identity.get("crypto_seal")
if not isinstance(seal, dict):
return {
"ok": False,
"artifact_type": "technical_identity_bundle",
"verified": False,
"error": "missing_technical_identity_seal",
}
identity_obj = dict(identity)
identity_obj.pop("crypto_seal", None)
identity_obj.pop("sealed", None)
identity_verification = self._verify_object_with_seal(
artifact_type="technical_identity",
obj=identity_obj,
seal=seal,
)
nested_checks: List[Dict[str, Any]] = []
hardening_bundle = bundle.get("hardening_bundle")
if isinstance(hardening_bundle, dict):
if "hardening_profile" in hardening_bundle and "crypto_seal" in hardening_bundle:
nested_checks.append(self.verify_hardening_profile_bundle(hardening_bundle))
elif "bundle" in hardening_bundle:
nested_checks.append(self.verify_hardening_report_bundle(hardening_bundle))
runtime_result = bundle.get("runtime_result")
if isinstance(runtime_result, dict):
nested_checks.append(self.verify_runtime_result_bundle(runtime_result))
all_nested_ok = all(bool(x.get("verified")) for x in nested_checks) if nested_checks else True
return {
"ok": bool(identity_verification.get("ok")) and all_nested_ok,
"artifact_type": "technical_identity_bundle",
"verified": bool(identity_verification.get("verified")) and all_nested_ok,
"technical_identity_verification": identity_verification,
"nested_verifications": nested_checks,
}
# ------------------------------------------------------------------
# Auto detect
# ------------------------------------------------------------------
def verify_auto(self, obj: Dict[str, Any]) -> Dict[str, Any]:
if "technical_identity" in obj:
return self.verify_technical_identity_bundle(obj)
if "bundle" in obj and isinstance(obj.get("bundle"), dict):
inner = obj["bundle"]
if "hardening_profile" in inner and "crypto_seal" in inner:
return self.verify_hardening_report_bundle(obj)
if "hardening_profile" in obj and "crypto_seal" in obj:
return self.verify_hardening_profile_bundle(obj)
if "crypto_seal" in obj:
return self.verify_runtime_result_bundle(obj)
return {
"ok": False,
"verified": False,
"artifact_type": "unknown",
"error": "could_not_detect_artifact_type",
}
def verify_file(self, path: str) -> Dict[str, Any]:
obj = _load_json(path)
result = self.verify_auto(obj)
result["source_file"] = path
return result
VERIFIER = SovereignExternalVerifierV11()
def verify_artifact_file_v11(path: str) -> Dict[str, Any]:
return VERIFIER.verify_file(path)
def _build_arg_parser() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser(
description="Verifier v11 (with hardening support)."
)
parser.add_argument("--file", required=True)
return parser
if __name__ == "__main__":
parser = _build_arg_parser()
args = parser.parse_args()
result = verify_artifact_file_v11(args.file)
print(json.dumps(result, indent=2, ensure_ascii=False))