Create sovereign_deployment_profile_.py
Browse files- sovereign_deployment_profile_.py +184 -0
sovereign_deployment_profile_.py
ADDED
|
@@ -0,0 +1,184 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
|
| 2 |
+
# sovereign_deployment_profile.py
|
| 3 |
+
from __future__ import annotations
|
| 4 |
+
|
| 5 |
+
import json
|
| 6 |
+
from datetime import datetime, timezone
|
| 7 |
+
from typing import Any, Dict, List, Optional
|
| 8 |
+
|
| 9 |
+
from sovereign_crypto_seal import SovereignCryptoSeal
|
| 10 |
+
|
| 11 |
+
|
| 12 |
+
def _utc_now() -> str:
|
| 13 |
+
return datetime.now(timezone.utc).isoformat()
|
| 14 |
+
|
| 15 |
+
|
| 16 |
+
class SovereignDeploymentProfileBuilder:
|
| 17 |
+
"""
|
| 18 |
+
Builds a bank-grade deployment profile for Sovereign.
|
| 19 |
+
|
| 20 |
+
Purpose:
|
| 21 |
+
- Define supported deployment postures
|
| 22 |
+
- Make runtime entry and packaging posture explicit
|
| 23 |
+
- Clarify what 'low-friction deployment' means in technical terms
|
| 24 |
+
- Provide a sealed machine-readable deployment artifact
|
| 25 |
+
"""
|
| 26 |
+
|
| 27 |
+
def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
|
| 28 |
+
self.sealer = sealer or SovereignCryptoSeal()
|
| 29 |
+
|
| 30 |
+
def _deployment_modes(self) -> List[Dict[str, Any]]:
|
| 31 |
+
return [
|
| 32 |
+
{
|
| 33 |
+
"mode": "on_prem_controlled_runtime",
|
| 34 |
+
"status": "supported_primary",
|
| 35 |
+
"description": "Primary target posture for banks and financial institutions. Runtime executes within customer-controlled environment.",
|
| 36 |
+
"intended_use": [
|
| 37 |
+
"bank internal runtime control",
|
| 38 |
+
"regulated AI workflow governance",
|
| 39 |
+
"controlled financial execution oversight",
|
| 40 |
+
],
|
| 41 |
+
},
|
| 42 |
+
{
|
| 43 |
+
"mode": "evaluation_bundle_runtime",
|
| 44 |
+
"status": "supported_secondary",
|
| 45 |
+
"description": "Evaluation / pilot posture for controlled technical validation before broader rollout.",
|
| 46 |
+
"intended_use": [
|
| 47 |
+
"technical pilot",
|
| 48 |
+
"benchmark validation",
|
| 49 |
+
"artifact verification",
|
| 50 |
+
],
|
| 51 |
+
},
|
| 52 |
+
{
|
| 53 |
+
"mode": "single_command_launcher_runtime",
|
| 54 |
+
"status": "in_progress",
|
| 55 |
+
"description": "Low-friction launch posture using the packaged runtime launcher and config-driven execution path.",
|
| 56 |
+
"intended_use": [
|
| 57 |
+
"reduced deployment friction",
|
| 58 |
+
"controlled packaged execution",
|
| 59 |
+
],
|
| 60 |
+
},
|
| 61 |
+
{
|
| 62 |
+
"mode": "containerized_delivery",
|
| 63 |
+
"status": "planned_next",
|
| 64 |
+
"description": "Future packaging posture for stronger delivery ergonomics and runtime portability.",
|
| 65 |
+
"intended_use": [
|
| 66 |
+
"container delivery",
|
| 67 |
+
"controlled platform portability",
|
| 68 |
+
],
|
| 69 |
+
},
|
| 70 |
+
]
|
| 71 |
+
|
| 72 |
+
def _environment_requirements(self) -> Dict[str, Any]:
|
| 73 |
+
return {
|
| 74 |
+
"runtime_requirements": {
|
| 75 |
+
"python_runtime_required": True,
|
| 76 |
+
"filesystem_write_required": True,
|
| 77 |
+
"json_artifact_support_required": True,
|
| 78 |
+
"local_execution_supported": True,
|
| 79 |
+
},
|
| 80 |
+
"network_requirements": {
|
| 81 |
+
"internet_required": False,
|
| 82 |
+
"cloud_dependency_required": False,
|
| 83 |
+
"external_dns_required": False,
|
| 84 |
+
"offline_posture_supported": True,
|
| 85 |
+
},
|
| 86 |
+
"execution_requirements": {
|
| 87 |
+
"single_entrypoint_defined": True,
|
| 88 |
+
"runtime_entry_module": "sovereign_bank_runtime_entry",
|
| 89 |
+
"runtime_entry_function": "run_sovereign_bank_runtime",
|
| 90 |
+
"one_command_launcher_module": "sovereign_one_command_launcher",
|
| 91 |
+
"config_driven_launch_supported": True,
|
| 92 |
+
},
|
| 93 |
+
"artifact_requirements": {
|
| 94 |
+
"audit_chain_storage_required": True,
|
| 95 |
+
"crypto_seal_support_required": True,
|
| 96 |
+
"manifest_generation_required": True,
|
| 97 |
+
"verifier_compatibility_expected": True,
|
| 98 |
+
},
|
| 99 |
+
}
|
| 100 |
+
|
| 101 |
+
def _packaging_posture(self) -> Dict[str, Any]:
|
| 102 |
+
return {
|
| 103 |
+
"current_packaging_state": "structured_runtime_package_available",
|
| 104 |
+
"runtime_package_builder": "sovereign_packager",
|
| 105 |
+
"one_command_launcher_available": True,
|
| 106 |
+
"packaging_notes": [
|
| 107 |
+
"Current packaging posture provides structured runtime delivery with launcher config, manifest, integrity inventory, and documentation.",
|
| 108 |
+
"Single-command launch is supported through the one-command launcher and config-based execution path.",
|
| 109 |
+
"Packaging ergonomics can be further hardened later with containerization or additional installer tooling.",
|
| 110 |
+
],
|
| 111 |
+
}
|
| 112 |
+
|
| 113 |
+
def _frictionless_deployment_claim(self) -> Dict[str, Any]:
|
| 114 |
+
return {
|
| 115 |
+
"claim_label": "low_friction_controlled_deployment",
|
| 116 |
+
"status": "qualified_claim",
|
| 117 |
+
"meaning": [
|
| 118 |
+
"A single runtime entrypoint is defined.",
|
| 119 |
+
"A one-command launcher exists for controlled execution modes.",
|
| 120 |
+
"A runtime package structure exists for delivery and review.",
|
| 121 |
+
"Deployment does not require external cloud dependency or internet connectivity.",
|
| 122 |
+
],
|
| 123 |
+
"non_meaning": [
|
| 124 |
+
"This does not yet mean a universal zero-touch installer across all bank environments.",
|
| 125 |
+
"This does not yet imply environment-agnostic deployment without customer-side runtime prerequisites.",
|
| 126 |
+
"This does not replace environment-specific hardening, permissions, or integration review.",
|
| 127 |
+
],
|
| 128 |
+
}
|
| 129 |
+
|
| 130 |
+
def _deployment_constraints(self) -> List[str]:
|
| 131 |
+
return [
|
| 132 |
+
"Current deployment profile is designed for controlled bank-grade runtime environments and technical review flows.",
|
| 133 |
+
"Single-command launch is available through launcher/config flow, but universal zero-touch installation is not yet the claimed end state.",
|
| 134 |
+
"Environment-specific integration, hardening, permissions, and operational review may still be required in customer deployment.",
|
| 135 |
+
"Containerized or installer-style delivery remains a future hardening/ergonomics path rather than the only current deployment mode.",
|
| 136 |
+
]
|
| 137 |
+
|
| 138 |
+
def build(self) -> Dict[str, Any]:
|
| 139 |
+
profile = {
|
| 140 |
+
"profile_type": "Sovereign Deployment Profile",
|
| 141 |
+
"generated_at": _utc_now(),
|
| 142 |
+
"domain": "banking_and_financial_institutions",
|
| 143 |
+
"deployment_modes": self._deployment_modes(),
|
| 144 |
+
"environment_requirements": self._environment_requirements(),
|
| 145 |
+
"packaging_posture": self._packaging_posture(),
|
| 146 |
+
"frictionless_deployment_claim": self._frictionless_deployment_claim(),
|
| 147 |
+
"constraints": self._deployment_constraints(),
|
| 148 |
+
"summary": {
|
| 149 |
+
"supported_primary_mode": "on_prem_controlled_runtime",
|
| 150 |
+
"runtime_entrypoint_defined": True,
|
| 151 |
+
"one_command_launcher_present": True,
|
| 152 |
+
"internet_dependency_required": False,
|
| 153 |
+
"cloud_dependency_required": False,
|
| 154 |
+
},
|
| 155 |
+
}
|
| 156 |
+
|
| 157 |
+
sealed = self.sealer.seal_object(
|
| 158 |
+
profile,
|
| 159 |
+
object_type="deployment_profile",
|
| 160 |
+
metadata={
|
| 161 |
+
"domain": "banking",
|
| 162 |
+
"artifact_class": "deployment_profile",
|
| 163 |
+
},
|
| 164 |
+
)
|
| 165 |
+
|
| 166 |
+
return {
|
| 167 |
+
"ok": True,
|
| 168 |
+
"deployment_profile": profile,
|
| 169 |
+
"crypto_seal": sealed["seal"],
|
| 170 |
+
"sealed": True,
|
| 171 |
+
}
|
| 172 |
+
|
| 173 |
+
|
| 174 |
+
BUILDER = SovereignDeploymentProfileBuilder()
|
| 175 |
+
|
| 176 |
+
|
| 177 |
+
def generate_deployment_profile() -> Dict[str, Any]:
|
| 178 |
+
return BUILDER.build()
|
| 179 |
+
|
| 180 |
+
|
| 181 |
+
if __name__ == "__main__":
|
| 182 |
+
out = generate_deployment_profile()
|
| 183 |
+
print(json.dumps(out, indent=2, ensure_ascii=False))
|
| 184 |
+
|