AI-Sovereign-sentinel / sovereign_control_plane_report.py
rezabarkhordary's picture
Create sovereign_control_plane_report.py
0a7312a verified
Raw
History Blame Contribute Delete
8.53 kB
# sovereign_control_plane_report.py
from __future__ import annotations
import json
import os
from datetime import datetime, timezone
from typing import Any, Dict, List, Optional
from sovereign_control_plane_profile import generate_control_plane_profile
CONTROL_PLANE_OUTPUT_DIR = "sovereign_control_plane_outputs"
def _utc_now() -> str:
return datetime.now(timezone.utc).isoformat()
def _ensure_dir(path: str) -> None:
os.makedirs(path, exist_ok=True)
def _safe(v: Any, default: Any = "") -> Any:
return v if v is not None else default
def _bool_text(v: Any) -> str:
return "True" if bool(v) else "False"
def _render_header(bundle: Dict[str, Any]) -> str:
profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
return f"""# Sovereign Control Plane Report
Generated at: {_safe((profile or {}).get("generated_at"), _utc_now())}
## 1. Profile Identity
- Profile Type: {_safe(profile.get("profile_type"), "Sovereign Control Plane Profile")}
- Domain: {_safe(profile.get("domain"), "banking_and_financial_institutions")}
"""
def _render_summary(bundle: Dict[str, Any]) -> str:
profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
summary = profile.get("summary", {}) if isinstance(profile, dict) else {}
return f"""## 2. Executive Summary
- Total Actions: {_safe(summary.get("total_actions"), 0)}
- Supported Actions: {_safe(summary.get("supported_actions"), 0)}
- Forbidden Actions: {_safe(summary.get("forbidden_actions"), 0)}
- Dual-Control Actions: {_safe(summary.get("dual_control_actions"), 0)}
- Audit-Required Actions: {_safe(summary.get("audit_required_actions"), 0)}
### Practical Interpretation
- Sovereign distinguishes read-only visibility from state-changing administrative actions.
- High-impact actions are not treated as casual operator functions.
- Certain control-plane actions remain intentionally forbidden because they would collapse trust, auditability, or fail-safe posture.
- Dual control is expected for high-impact administrative mutations.
"""
def _render_actions(bundle: Dict[str, Any]) -> str:
profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
actions = profile.get("admin_actions", []) if isinstance(profile, dict) else []
lines: List[str] = ["## 3. Administrative Action Inventory"]
if not actions:
lines.append("- No administrative actions recorded.")
return "\n".join(lines)
for item in actions:
lines.append(f"### {item.get('action', 'unknown_action')}")
lines.append(f"- Status: {_safe(item.get('status'))}")
lines.append(f"- Sensitivity: {_safe(item.get('sensitivity'))}")
lines.append(f"- Execution Class: {_safe(item.get('execution_class'))}")
lines.append(f"- Human Approval Required: {_bool_text(item.get('human_approval_required'))}")
lines.append(f"- Dual Control Required: {_bool_text(item.get('dual_control_required'))}")
lines.append(f"- Audit Required: {_bool_text(item.get('audit_required'))}")
lines.append(f"- Description: {_safe(item.get('description'))}")
lines.append("")
return "\n".join(lines).rstrip() + "\n"
def _render_principles(bundle: Dict[str, Any]) -> str:
profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
principles = profile.get("governance_principles", []) if isinstance(profile, dict) else []
lines: List[str] = ["## 4. Governance Principles"]
if not principles:
lines.append("- No governance principles recorded.")
return "\n".join(lines)
for item in principles:
lines.append(f"### {item.get('principle', 'unknown_principle')}")
lines.append(f"- Status: {_safe(item.get('status'))}")
lines.append(f"- Description: {_safe(item.get('description'))}")
lines.append("")
return "\n".join(lines).rstrip() + "\n"
def _render_governance_interpretation(bundle: Dict[str, Any]) -> str:
profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
actions = profile.get("admin_actions", []) if isinstance(profile, dict) else []
forbidden = [a.get("action") for a in actions if str(a.get("status")) == "forbidden"]
dual = [a.get("action") for a in actions if bool(a.get("dual_control_required"))]
read_only = [a.get("action") for a in actions if str(a.get("execution_class")) == "read_only"]
lines = ["## 5. Governance Interpretation"]
if forbidden:
lines.append("- Forbidden Administrative Classes:")
for action in forbidden:
lines.append(f" - {action}")
else:
lines.append("- No forbidden administrative classes recorded.")
if dual:
lines.append("- Dual-Control Administrative Actions:")
for action in dual:
lines.append(f" - {action}")
else:
lines.append("- No dual-control administrative actions recorded.")
if read_only:
lines.append("- Read-Only Administrative Actions:")
for action in read_only:
lines.append(f" - {action}")
else:
lines.append("- No read-only administrative actions recorded.")
lines.append("- Sensitive control-plane mutations should remain approval-bound and auditable.")
lines.append("- Administrative power is intentionally bounded rather than broad or implicit.")
lines.append("- Disabling audit, fail-safe, or unconditional allow boundaries is intentionally forbidden.")
return "\n".join(lines)
def _render_artifact_status(bundle: Dict[str, Any]) -> str:
seal = bundle.get("crypto_seal", {}) if isinstance(bundle, dict) else {}
return f"""## 6. Artifact Status
- Sealed: {bool(bundle.get("sealed", False))}
- Seal Digest: {_safe(seal.get("seal_digest"), "")}
- Seal Scheme: {_safe(seal.get("scheme"), "")}
- Seal Algorithm: {_safe(seal.get("algorithm"), "")}
- Signer Hint: {_safe(seal.get("signer_hint"), "")}
"""
def _render_verdict(bundle: Dict[str, Any]) -> str:
profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
notes = profile.get("notes", []) if isinstance(profile, dict) else []
verdict = (
"Sovereign currently expresses a bounded bank-grade control-plane posture: "
"administrative actions are classified, sensitive mutations are approval-bound, "
"and trust-collapsing action classes remain intentionally forbidden."
)
lines = [
"## 7. Preliminary Bank-Facing Verdict",
verdict,
"",
"## 8. Notes",
]
if notes:
for item in notes:
lines.append(f"- {item}")
else:
lines.append("- No additional notes provided.")
return "\n".join(lines)
def build_control_plane_markdown(bundle: Dict[str, Any]) -> str:
parts = [
_render_header(bundle),
_render_summary(bundle),
_render_actions(bundle),
_render_principles(bundle),
_render_governance_interpretation(bundle),
_render_artifact_status(bundle),
_render_verdict(bundle),
]
return "\n\n".join(parts).strip() + "\n"
def save_control_plane_report(
bundle: Dict[str, Any],
output_dir: str = CONTROL_PLANE_OUTPUT_DIR,
base_name: Optional[str] = None,
) -> Dict[str, str]:
_ensure_dir(output_dir)
ts = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ")
base = base_name or f"sovereign_control_plane_report_{ts}"
json_path = os.path.join(output_dir, f"{base}.json")
md_path = os.path.join(output_dir, f"{base}.md")
with open(json_path, "w", encoding="utf-8") as f:
json.dump(bundle, f, ensure_ascii=False, indent=2)
markdown = build_control_plane_markdown(bundle)
with open(md_path, "w", encoding="utf-8") as f:
f.write(markdown)
return {
"json_report": json_path,
"markdown_report": md_path,
}
def generate_control_plane_report(
output_dir: str = CONTROL_PLANE_OUTPUT_DIR,
base_name: Optional[str] = None,
) -> Dict[str, Any]:
bundle = generate_control_plane_profile()
files = save_control_plane_report(
bundle=bundle,
output_dir=output_dir,
base_name=base_name,
)
return {
"ok": True,
"generated_at": _utc_now(),
"bundle": bundle,
"files": files,
}
if __name__ == "__main__":
out = generate_control_plane_report()
print(json.dumps(out, indent=2, ensure_ascii=False))