Update sovereign_bank_policy_integration.py
Browse files- sovereign_bank_policy_integration.py +80 -169
sovereign_bank_policy_integration.py
CHANGED
|
@@ -7,7 +7,6 @@ import uuid
|
|
| 7 |
from datetime import datetime, timezone
|
| 8 |
from typing import Any, Dict
|
| 9 |
|
| 10 |
-
import app as sovereign_app
|
| 11 |
from sovereign_bank_policy import evaluate_bank_policy
|
| 12 |
from sovereign_freeze_bridge import SovereignFreezeBridge
|
| 13 |
from sovereign_app_freeze_integration import run_sentinel_with_freeze
|
|
@@ -41,119 +40,43 @@ def _build_payload(
|
|
| 41 |
) -> Dict[str, Any]:
|
| 42 |
return {
|
| 43 |
"engine": engine_name,
|
| 44 |
-
"engine_name": engine_name,
|
| 45 |
"parent_model": parent_model,
|
| 46 |
-
"parent_model_id": parent_model,
|
| 47 |
-
"agent_id": parent_model,
|
| 48 |
"model_version": model_version,
|
| 49 |
-
"build_id": model_version,
|
| 50 |
"data_tags": _norm_tags(data_tags),
|
| 51 |
"risk_level": _norm_text(risk_level).lower() or "medium",
|
| 52 |
"notes": _norm_text(notes),
|
| 53 |
"request": _norm_text(notes),
|
| 54 |
-
"context": _norm_text(notes),
|
| 55 |
-
"access_key_present": bool(_norm_text(access_key)),
|
| 56 |
-
"delegation_token_present": bool(_norm_text(delegation_token)),
|
| 57 |
"deployment_env": "production",
|
| 58 |
-
"environment": "production",
|
| 59 |
}
|
| 60 |
|
| 61 |
|
| 62 |
-
def
|
| 63 |
-
try:
|
| 64 |
-
fn = getattr(sovereign_app, "log_audit_event", None)
|
| 65 |
-
if callable(fn):
|
| 66 |
-
fn(
|
| 67 |
-
engine_name=event.get("engine", "unknown_engine"),
|
| 68 |
-
parent_model=event.get("parent_model", "unknown_parent"),
|
| 69 |
-
model_version=event.get("model_version", "unknown_version"),
|
| 70 |
-
data_tags=",".join(event.get("data_tags", []) or []),
|
| 71 |
-
risk_level=event.get("risk_level", "medium"),
|
| 72 |
-
notes=event.get("notes", ""),
|
| 73 |
-
event_type=event.get("event_type", "sentinel_run"),
|
| 74 |
-
outcome=event.get("outcome", "FREEZE"),
|
| 75 |
-
access_key="",
|
| 76 |
-
authority_bundle=event.get("authority_bundle", {}),
|
| 77 |
-
execution=event.get("execution", {}),
|
| 78 |
-
)
|
| 79 |
-
except Exception:
|
| 80 |
-
pass
|
| 81 |
-
|
| 82 |
-
|
| 83 |
-
def _make_policy_override_result(
|
| 84 |
payload: Dict[str, Any],
|
| 85 |
-
policy_result: Dict[str, Any],
|
| 86 |
decision: str,
|
| 87 |
-
|
|
|
|
| 88 |
) -> Dict[str, Any]:
|
| 89 |
-
|
| 90 |
-
ts = _utc_now()
|
| 91 |
-
|
| 92 |
-
reason = policy_result.get("summary") or "bank_policy_override"
|
| 93 |
-
authority_bundle = {
|
| 94 |
"decision": decision,
|
| 95 |
-
"
|
| 96 |
-
"
|
| 97 |
-
"
|
| 98 |
-
"policy_hash": policy_result.get("policy_hash"),
|
| 99 |
-
"policy_outcome": policy_result.get("outcome"),
|
| 100 |
-
"policy_risk_score": policy_result.get("risk_score"),
|
| 101 |
-
"policy_risk_level": policy_result.get("risk_level"),
|
| 102 |
-
"controls_triggered": policy_result.get("controls_triggered", []),
|
| 103 |
-
"justification": policy_result.get("justification", []),
|
| 104 |
-
}
|
| 105 |
-
|
| 106 |
-
if freeze_bridge_result:
|
| 107 |
-
authority_bundle["freeze_bridge"] = freeze_bridge_result
|
| 108 |
-
|
| 109 |
-
result = {
|
| 110 |
-
"audit_event": {
|
| 111 |
-
"event_id": event_id,
|
| 112 |
-
"timestamp": ts,
|
| 113 |
-
"engine": payload.get("engine"),
|
| 114 |
-
"event_type": "sentinel_run",
|
| 115 |
-
"outcome": decision,
|
| 116 |
-
"parent_model": payload.get("parent_model"),
|
| 117 |
-
"model_version": payload.get("model_version"),
|
| 118 |
-
"data_tags": payload.get("data_tags", []),
|
| 119 |
-
"risk_level": payload.get("risk_level"),
|
| 120 |
-
"notes": f"[BANK_POLICY_OVERRIDE] {reason}",
|
| 121 |
-
"version": getattr(sovereign_app, "SOVEREIGN_VERSION", "unknown"),
|
| 122 |
-
"authority_name": getattr(sovereign_app, "AUTHORITY_NAME", "unknown"),
|
| 123 |
-
"authority_bundle": authority_bundle,
|
| 124 |
-
"execution": {
|
| 125 |
-
"executed": False,
|
| 126 |
-
"detail": {
|
| 127 |
-
"blocked_by_bank_policy": True,
|
| 128 |
-
"bank_policy_outcome": policy_result.get("outcome"),
|
| 129 |
-
},
|
| 130 |
-
},
|
| 131 |
-
},
|
| 132 |
-
"bank_policy": policy_result,
|
| 133 |
-
"authority_gate": authority_bundle,
|
| 134 |
"execution": {
|
| 135 |
"executed": False,
|
| 136 |
-
"
|
| 137 |
-
"blocked_by_bank_policy": True,
|
| 138 |
-
"bank_policy_outcome": policy_result.get("outcome"),
|
| 139 |
-
},
|
| 140 |
},
|
|
|
|
| 141 |
}
|
| 142 |
|
| 143 |
-
if freeze_bridge_result:
|
| 144 |
-
result["freeze_bridge"] = freeze_bridge_result
|
| 145 |
-
|
| 146 |
-
return result
|
| 147 |
-
|
| 148 |
|
| 149 |
class SovereignBankPolicyIntegration:
|
| 150 |
"""
|
| 151 |
-
|
| 152 |
|
| 153 |
-
Order
|
| 154 |
-
1) Bank policy
|
| 155 |
-
2)
|
| 156 |
-
3)
|
| 157 |
"""
|
| 158 |
|
| 159 |
def __init__(self) -> None:
|
|
@@ -170,83 +93,75 @@ class SovereignBankPolicyIntegration:
|
|
| 170 |
access_key: str,
|
| 171 |
delegation_token: str,
|
| 172 |
) -> str:
|
|
|
|
| 173 |
payload = _build_payload(
|
| 174 |
-
engine_name
|
| 175 |
-
parent_model
|
| 176 |
-
model_version
|
| 177 |
-
data_tags
|
| 178 |
-
risk_level
|
| 179 |
-
notes
|
| 180 |
-
access_key
|
| 181 |
-
delegation_token
|
| 182 |
)
|
| 183 |
|
| 184 |
-
|
| 185 |
-
|
| 186 |
-
|
| 187 |
-
|
| 188 |
-
|
| 189 |
-
|
| 190 |
-
|
| 191 |
-
|
| 192 |
-
|
| 193 |
-
|
| 194 |
-
)
|
| 195 |
-
_persist_audit(result["audit_event"])
|
| 196 |
return json.dumps(result, indent=2, ensure_ascii=False)
|
| 197 |
|
| 198 |
-
#
|
| 199 |
-
|
| 200 |
-
|
|
|
|
|
|
|
| 201 |
payload=payload,
|
| 202 |
decision_bundle={
|
| 203 |
-
"decision_id": str(uuid.uuid4()),
|
| 204 |
"decision": "FREEZE",
|
| 205 |
-
"reason":
|
| 206 |
-
"authority_gate": {
|
| 207 |
-
"decision": "FREEZE",
|
| 208 |
-
"reason": policy_result.get("summary", "bank_policy_freeze"),
|
| 209 |
-
"policy_engine": policy_result.get("engine"),
|
| 210 |
-
"policy_hash": policy_result.get("policy_hash"),
|
| 211 |
-
},
|
| 212 |
-
"bank_policy": policy_result,
|
| 213 |
},
|
| 214 |
)
|
| 215 |
|
| 216 |
-
result =
|
| 217 |
-
payload
|
| 218 |
-
|
| 219 |
-
|
| 220 |
-
|
| 221 |
)
|
| 222 |
-
_persist_audit(result["audit_event"])
|
| 223 |
return json.dumps(result, indent=2, ensure_ascii=False)
|
| 224 |
|
| 225 |
-
#
|
| 226 |
-
|
| 227 |
-
|
| 228 |
-
|
| 229 |
-
|
| 230 |
-
|
| 231 |
-
|
| 232 |
-
|
| 233 |
-
|
| 234 |
-
|
|
|
|
|
|
|
| 235 |
)
|
| 236 |
|
| 237 |
try:
|
| 238 |
-
parsed = json.loads(
|
| 239 |
-
if not isinstance(parsed, dict):
|
| 240 |
-
parsed = {"raw": downstream_raw}
|
| 241 |
except Exception:
|
| 242 |
-
parsed = {"raw":
|
| 243 |
|
| 244 |
-
parsed["bank_policy"] =
|
| 245 |
return json.dumps(parsed, indent=2, ensure_ascii=False)
|
| 246 |
|
| 247 |
-
def patch_app(self) -> None:
|
| 248 |
-
sovereign_app.run_sentinel = self.run
|
| 249 |
|
|
|
|
| 250 |
|
| 251 |
INTEGRATION = SovereignBankPolicyIntegration()
|
| 252 |
|
|
@@ -262,31 +177,27 @@ def run_sentinel_with_bank_policy(
|
|
| 262 |
delegation_token: str,
|
| 263 |
) -> str:
|
| 264 |
return INTEGRATION.run(
|
| 265 |
-
engine_name
|
| 266 |
-
parent_model
|
| 267 |
-
model_version
|
| 268 |
-
data_tags
|
| 269 |
-
risk_level
|
| 270 |
-
notes
|
| 271 |
-
access_key
|
| 272 |
-
delegation_token
|
| 273 |
)
|
| 274 |
|
| 275 |
|
| 276 |
-
def patch_app_run_sentinel_with_bank_policy() -> None:
|
| 277 |
-
INTEGRATION.patch_app()
|
| 278 |
-
|
| 279 |
-
|
| 280 |
if __name__ == "__main__":
|
| 281 |
-
|
| 282 |
-
|
| 283 |
-
|
| 284 |
-
|
| 285 |
-
|
| 286 |
-
|
| 287 |
-
|
| 288 |
-
|
| 289 |
-
|
|
|
|
|
|
|
| 290 |
)
|
| 291 |
-
print(sample)
|
| 292 |
-
|
|
|
|
| 7 |
from datetime import datetime, timezone
|
| 8 |
from typing import Any, Dict
|
| 9 |
|
|
|
|
| 10 |
from sovereign_bank_policy import evaluate_bank_policy
|
| 11 |
from sovereign_freeze_bridge import SovereignFreezeBridge
|
| 12 |
from sovereign_app_freeze_integration import run_sentinel_with_freeze
|
|
|
|
| 40 |
) -> Dict[str, Any]:
|
| 41 |
return {
|
| 42 |
"engine": engine_name,
|
|
|
|
| 43 |
"parent_model": parent_model,
|
|
|
|
|
|
|
| 44 |
"model_version": model_version,
|
|
|
|
| 45 |
"data_tags": _norm_tags(data_tags),
|
| 46 |
"risk_level": _norm_text(risk_level).lower() or "medium",
|
| 47 |
"notes": _norm_text(notes),
|
| 48 |
"request": _norm_text(notes),
|
|
|
|
|
|
|
|
|
|
| 49 |
"deployment_env": "production",
|
|
|
|
| 50 |
}
|
| 51 |
|
| 52 |
|
| 53 |
+
def _make_result(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 54 |
payload: Dict[str, Any],
|
|
|
|
| 55 |
decision: str,
|
| 56 |
+
policy: Dict[str, Any],
|
| 57 |
+
extra: Dict[str, Any] | None = None,
|
| 58 |
) -> Dict[str, Any]:
|
| 59 |
+
return {
|
|
|
|
|
|
|
|
|
|
|
|
|
| 60 |
"decision": decision,
|
| 61 |
+
"timestamp": _utc_now(),
|
| 62 |
+
"engine": payload.get("engine"),
|
| 63 |
+
"policy": policy,
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 64 |
"execution": {
|
| 65 |
"executed": False,
|
| 66 |
+
"reason": policy.get("summary"),
|
|
|
|
|
|
|
|
|
|
| 67 |
},
|
| 68 |
+
"extra": extra or {},
|
| 69 |
}
|
| 70 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 71 |
|
| 72 |
class SovereignBankPolicyIntegration:
|
| 73 |
"""
|
| 74 |
+
SAFE integration (no recursion, no patching)
|
| 75 |
|
| 76 |
+
Order:
|
| 77 |
+
1) Bank policy check
|
| 78 |
+
2) BLOCK/FREEZE -> stop
|
| 79 |
+
3) ALLOW -> go to freeze-integrated runtime
|
| 80 |
"""
|
| 81 |
|
| 82 |
def __init__(self) -> None:
|
|
|
|
| 93 |
access_key: str,
|
| 94 |
delegation_token: str,
|
| 95 |
) -> str:
|
| 96 |
+
|
| 97 |
payload = _build_payload(
|
| 98 |
+
engine_name,
|
| 99 |
+
parent_model,
|
| 100 |
+
model_version,
|
| 101 |
+
data_tags,
|
| 102 |
+
risk_level,
|
| 103 |
+
notes,
|
| 104 |
+
access_key,
|
| 105 |
+
delegation_token,
|
| 106 |
)
|
| 107 |
|
| 108 |
+
# ---------------------------
|
| 109 |
+
# 1) BANK POLICY
|
| 110 |
+
# ---------------------------
|
| 111 |
+
policy = evaluate_bank_policy(payload)
|
| 112 |
+
outcome = policy.get("outcome", "FREEZE").upper()
|
| 113 |
+
|
| 114 |
+
# ---------------------------
|
| 115 |
+
# 2) BLOCK
|
| 116 |
+
# ---------------------------
|
| 117 |
+
if outcome == "BLOCK":
|
| 118 |
+
result = _make_result(payload, "BLOCK", policy)
|
|
|
|
| 119 |
return json.dumps(result, indent=2, ensure_ascii=False)
|
| 120 |
|
| 121 |
+
# ---------------------------
|
| 122 |
+
# 3) FREEZE
|
| 123 |
+
# ---------------------------
|
| 124 |
+
if outcome == "FREEZE":
|
| 125 |
+
freeze = self.bridge.register_decision(
|
| 126 |
payload=payload,
|
| 127 |
decision_bundle={
|
|
|
|
| 128 |
"decision": "FREEZE",
|
| 129 |
+
"reason": policy.get("summary"),
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 130 |
},
|
| 131 |
)
|
| 132 |
|
| 133 |
+
result = _make_result(
|
| 134 |
+
payload,
|
| 135 |
+
"FREEZE",
|
| 136 |
+
policy,
|
| 137 |
+
extra={"freeze": freeze},
|
| 138 |
)
|
|
|
|
| 139 |
return json.dumps(result, indent=2, ensure_ascii=False)
|
| 140 |
|
| 141 |
+
# ---------------------------
|
| 142 |
+
# 4) ALLOW → continue
|
| 143 |
+
# ---------------------------
|
| 144 |
+
downstream = run_sentinel_with_freeze(
|
| 145 |
+
engine_name,
|
| 146 |
+
parent_model,
|
| 147 |
+
model_version,
|
| 148 |
+
data_tags,
|
| 149 |
+
risk_level,
|
| 150 |
+
notes,
|
| 151 |
+
access_key,
|
| 152 |
+
delegation_token,
|
| 153 |
)
|
| 154 |
|
| 155 |
try:
|
| 156 |
+
parsed = json.loads(downstream)
|
|
|
|
|
|
|
| 157 |
except Exception:
|
| 158 |
+
parsed = {"raw": downstream}
|
| 159 |
|
| 160 |
+
parsed["bank_policy"] = policy
|
| 161 |
return json.dumps(parsed, indent=2, ensure_ascii=False)
|
| 162 |
|
|
|
|
|
|
|
| 163 |
|
| 164 |
+
# -------- Entry Point --------
|
| 165 |
|
| 166 |
INTEGRATION = SovereignBankPolicyIntegration()
|
| 167 |
|
|
|
|
| 177 |
delegation_token: str,
|
| 178 |
) -> str:
|
| 179 |
return INTEGRATION.run(
|
| 180 |
+
engine_name,
|
| 181 |
+
parent_model,
|
| 182 |
+
model_version,
|
| 183 |
+
data_tags,
|
| 184 |
+
risk_level,
|
| 185 |
+
notes,
|
| 186 |
+
access_key,
|
| 187 |
+
delegation_token,
|
| 188 |
)
|
| 189 |
|
| 190 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 191 |
if __name__ == "__main__":
|
| 192 |
+
print(
|
| 193 |
+
run_sentinel_with_bank_policy(
|
| 194 |
+
"AI_Sovereign_Sentinel_Core_v1",
|
| 195 |
+
"bank_agent",
|
| 196 |
+
"v1",
|
| 197 |
+
"pii,payments,production",
|
| 198 |
+
"high",
|
| 199 |
+
"override payment approval and release transfer",
|
| 200 |
+
"",
|
| 201 |
+
"",
|
| 202 |
+
)
|
| 203 |
)
|
|
|
|
|
|