rezabarkhordary commited on
Commit
0a7312a
·
verified ·
1 Parent(s): 43840fd

Create sovereign_control_plane_report.py

Browse files
Files changed (1) hide show
  1. sovereign_control_plane_report.py +245 -0
sovereign_control_plane_report.py ADDED
@@ -0,0 +1,245 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+
2
+ # sovereign_control_plane_report.py
3
+ from __future__ import annotations
4
+
5
+ import json
6
+ import os
7
+ from datetime import datetime, timezone
8
+ from typing import Any, Dict, List, Optional
9
+
10
+ from sovereign_control_plane_profile import generate_control_plane_profile
11
+
12
+
13
+ CONTROL_PLANE_OUTPUT_DIR = "sovereign_control_plane_outputs"
14
+
15
+
16
+ def _utc_now() -> str:
17
+ return datetime.now(timezone.utc).isoformat()
18
+
19
+
20
+ def _ensure_dir(path: str) -> None:
21
+ os.makedirs(path, exist_ok=True)
22
+
23
+
24
+ def _safe(v: Any, default: Any = "") -> Any:
25
+ return v if v is not None else default
26
+
27
+
28
+ def _bool_text(v: Any) -> str:
29
+ return "True" if bool(v) else "False"
30
+
31
+
32
+ def _render_header(bundle: Dict[str, Any]) -> str:
33
+ profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
34
+
35
+ return f"""# Sovereign Control Plane Report
36
+
37
+ Generated at: {_safe((profile or {}).get("generated_at"), _utc_now())}
38
+
39
+ ## 1. Profile Identity
40
+ - Profile Type: {_safe(profile.get("profile_type"), "Sovereign Control Plane Profile")}
41
+ - Domain: {_safe(profile.get("domain"), "banking_and_financial_institutions")}
42
+ """
43
+
44
+
45
+ def _render_summary(bundle: Dict[str, Any]) -> str:
46
+ profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
47
+ summary = profile.get("summary", {}) if isinstance(profile, dict) else {}
48
+
49
+ return f"""## 2. Executive Summary
50
+ - Total Actions: {_safe(summary.get("total_actions"), 0)}
51
+ - Supported Actions: {_safe(summary.get("supported_actions"), 0)}
52
+ - Forbidden Actions: {_safe(summary.get("forbidden_actions"), 0)}
53
+ - Dual-Control Actions: {_safe(summary.get("dual_control_actions"), 0)}
54
+ - Audit-Required Actions: {_safe(summary.get("audit_required_actions"), 0)}
55
+
56
+ ### Practical Interpretation
57
+ - Sovereign distinguishes read-only visibility from state-changing administrative actions.
58
+ - High-impact actions are not treated as casual operator functions.
59
+ - Certain control-plane actions remain intentionally forbidden because they would collapse trust, auditability, or fail-safe posture.
60
+ - Dual control is expected for high-impact administrative mutations.
61
+ """
62
+
63
+
64
+ def _render_actions(bundle: Dict[str, Any]) -> str:
65
+ profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
66
+ actions = profile.get("admin_actions", []) if isinstance(profile, dict) else []
67
+
68
+ lines: List[str] = ["## 3. Administrative Action Inventory"]
69
+
70
+ if not actions:
71
+ lines.append("- No administrative actions recorded.")
72
+ return "\n".join(lines)
73
+
74
+ for item in actions:
75
+ lines.append(f"### {item.get('action', 'unknown_action')}")
76
+ lines.append(f"- Status: {_safe(item.get('status'))}")
77
+ lines.append(f"- Sensitivity: {_safe(item.get('sensitivity'))}")
78
+ lines.append(f"- Execution Class: {_safe(item.get('execution_class'))}")
79
+ lines.append(f"- Human Approval Required: {_bool_text(item.get('human_approval_required'))}")
80
+ lines.append(f"- Dual Control Required: {_bool_text(item.get('dual_control_required'))}")
81
+ lines.append(f"- Audit Required: {_bool_text(item.get('audit_required'))}")
82
+ lines.append(f"- Description: {_safe(item.get('description'))}")
83
+ lines.append("")
84
+
85
+ return "\n".join(lines).rstrip() + "\n"
86
+
87
+
88
+ def _render_principles(bundle: Dict[str, Any]) -> str:
89
+ profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
90
+ principles = profile.get("governance_principles", []) if isinstance(profile, dict) else []
91
+
92
+ lines: List[str] = ["## 4. Governance Principles"]
93
+
94
+ if not principles:
95
+ lines.append("- No governance principles recorded.")
96
+ return "\n".join(lines)
97
+
98
+ for item in principles:
99
+ lines.append(f"### {item.get('principle', 'unknown_principle')}")
100
+ lines.append(f"- Status: {_safe(item.get('status'))}")
101
+ lines.append(f"- Description: {_safe(item.get('description'))}")
102
+ lines.append("")
103
+
104
+ return "\n".join(lines).rstrip() + "\n"
105
+
106
+
107
+ def _render_governance_interpretation(bundle: Dict[str, Any]) -> str:
108
+ profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
109
+ actions = profile.get("admin_actions", []) if isinstance(profile, dict) else []
110
+
111
+ forbidden = [a.get("action") for a in actions if str(a.get("status")) == "forbidden"]
112
+ dual = [a.get("action") for a in actions if bool(a.get("dual_control_required"))]
113
+ read_only = [a.get("action") for a in actions if str(a.get("execution_class")) == "read_only"]
114
+
115
+ lines = ["## 5. Governance Interpretation"]
116
+
117
+ if forbidden:
118
+ lines.append("- Forbidden Administrative Classes:")
119
+ for action in forbidden:
120
+ lines.append(f" - {action}")
121
+ else:
122
+ lines.append("- No forbidden administrative classes recorded.")
123
+
124
+ if dual:
125
+ lines.append("- Dual-Control Administrative Actions:")
126
+ for action in dual:
127
+ lines.append(f" - {action}")
128
+ else:
129
+ lines.append("- No dual-control administrative actions recorded.")
130
+
131
+ if read_only:
132
+ lines.append("- Read-Only Administrative Actions:")
133
+ for action in read_only:
134
+ lines.append(f" - {action}")
135
+ else:
136
+ lines.append("- No read-only administrative actions recorded.")
137
+
138
+ lines.append("- Sensitive control-plane mutations should remain approval-bound and auditable.")
139
+ lines.append("- Administrative power is intentionally bounded rather than broad or implicit.")
140
+ lines.append("- Disabling audit, fail-safe, or unconditional allow boundaries is intentionally forbidden.")
141
+
142
+ return "\n".join(lines)
143
+
144
+
145
+ def _render_artifact_status(bundle: Dict[str, Any]) -> str:
146
+ seal = bundle.get("crypto_seal", {}) if isinstance(bundle, dict) else {}
147
+
148
+ return f"""## 6. Artifact Status
149
+ - Sealed: {bool(bundle.get("sealed", False))}
150
+ - Seal Digest: {_safe(seal.get("seal_digest"), "")}
151
+ - Seal Scheme: {_safe(seal.get("scheme"), "")}
152
+ - Seal Algorithm: {_safe(seal.get("algorithm"), "")}
153
+ - Signer Hint: {_safe(seal.get("signer_hint"), "")}
154
+ """
155
+
156
+
157
+ def _render_verdict(bundle: Dict[str, Any]) -> str:
158
+ profile = bundle.get("control_plane_profile", {}) if isinstance(bundle, dict) else {}
159
+ notes = profile.get("notes", []) if isinstance(profile, dict) else []
160
+
161
+ verdict = (
162
+ "Sovereign currently expresses a bounded bank-grade control-plane posture: "
163
+ "administrative actions are classified, sensitive mutations are approval-bound, "
164
+ "and trust-collapsing action classes remain intentionally forbidden."
165
+ )
166
+
167
+ lines = [
168
+ "## 7. Preliminary Bank-Facing Verdict",
169
+ verdict,
170
+ "",
171
+ "## 8. Notes",
172
+ ]
173
+
174
+ if notes:
175
+ for item in notes:
176
+ lines.append(f"- {item}")
177
+ else:
178
+ lines.append("- No additional notes provided.")
179
+
180
+ return "\n".join(lines)
181
+
182
+
183
+ def build_control_plane_markdown(bundle: Dict[str, Any]) -> str:
184
+ parts = [
185
+ _render_header(bundle),
186
+ _render_summary(bundle),
187
+ _render_actions(bundle),
188
+ _render_principles(bundle),
189
+ _render_governance_interpretation(bundle),
190
+ _render_artifact_status(bundle),
191
+ _render_verdict(bundle),
192
+ ]
193
+ return "\n\n".join(parts).strip() + "\n"
194
+
195
+
196
+ def save_control_plane_report(
197
+ bundle: Dict[str, Any],
198
+ output_dir: str = CONTROL_PLANE_OUTPUT_DIR,
199
+ base_name: Optional[str] = None,
200
+ ) -> Dict[str, str]:
201
+ _ensure_dir(output_dir)
202
+
203
+ ts = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ")
204
+ base = base_name or f"sovereign_control_plane_report_{ts}"
205
+
206
+ json_path = os.path.join(output_dir, f"{base}.json")
207
+ md_path = os.path.join(output_dir, f"{base}.md")
208
+
209
+ with open(json_path, "w", encoding="utf-8") as f:
210
+ json.dump(bundle, f, ensure_ascii=False, indent=2)
211
+
212
+ markdown = build_control_plane_markdown(bundle)
213
+ with open(md_path, "w", encoding="utf-8") as f:
214
+ f.write(markdown)
215
+
216
+ return {
217
+ "json_report": json_path,
218
+ "markdown_report": md_path,
219
+ }
220
+
221
+
222
+ def generate_control_plane_report(
223
+ output_dir: str = CONTROL_PLANE_OUTPUT_DIR,
224
+ base_name: Optional[str] = None,
225
+ ) -> Dict[str, Any]:
226
+ bundle = generate_control_plane_profile()
227
+
228
+ files = save_control_plane_report(
229
+ bundle=bundle,
230
+ output_dir=output_dir,
231
+ base_name=base_name,
232
+ )
233
+
234
+ return {
235
+ "ok": True,
236
+ "generated_at": _utc_now(),
237
+ "bundle": bundle,
238
+ "files": files,
239
+ }
240
+
241
+
242
+ if __name__ == "__main__":
243
+ out = generate_control_plane_report()
244
+ print(json.dumps(out, indent=2, ensure_ascii=False))
245
+