rezabarkhordary commited on
Commit
89bb803
·
verified ·
1 Parent(s): 720b97a

Create sovereign_external_verifier_v12.py

Browse files
Files changed (1) hide show
  1. sovereign_external_verifier_v12.py +959 -0
sovereign_external_verifier_v12.py ADDED
@@ -0,0 +1,959 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+
2
+ # sovereign_external_verifier_v12.py
3
+ from __future__ import annotations
4
+
5
+ import argparse
6
+ import json
7
+ from pathlib import Path
8
+ from typing import Any, Dict, List, Optional
9
+
10
+ from sovereign_crypto_seal import SovereignCryptoSeal
11
+
12
+
13
+ def _load_json(path: str) -> Dict[str, Any]:
14
+ p = Path(path)
15
+ if not p.exists():
16
+ raise FileNotFoundError(f"File not found: {path}")
17
+ data = json.loads(p.read_text(encoding="utf-8"))
18
+ if not isinstance(data, dict):
19
+ raise ValueError(f"JSON root must be an object: {path}")
20
+ return data
21
+
22
+
23
+ class SovereignExternalVerifierV12:
24
+ """
25
+ Extended independent verifier for Sovereign artifacts.
26
+
27
+ Supported artifact families:
28
+ - runtime result bundles
29
+ - benchmark bundles
30
+ - validation report bundles
31
+ - validation manifest bundles
32
+ - capacity report bundles
33
+ - capacity manifest bundles
34
+ - SLA/profile bundles
35
+ - fail-safe profile/report bundles
36
+ - deployment profile/report bundles
37
+ - role/scope profile/report bundles
38
+ - control-plane profile/report bundles
39
+ - policy-change profile/report bundles
40
+ - incident-response profile/report bundles
41
+ - hardening profile/report bundles
42
+ - operational-resilience profile/report bundles
43
+ - generic manifest bundles
44
+ - technical identity bundles with nested verification
45
+ """
46
+
47
+ def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None:
48
+ self.sealer = sealer or SovereignCryptoSeal()
49
+
50
+ # ------------------------------------------------------------------
51
+ # Core helper
52
+ # ------------------------------------------------------------------
53
+ def _verify_object_with_seal(
54
+ self,
55
+ *,
56
+ artifact_type: str,
57
+ obj: Dict[str, Any],
58
+ seal: Dict[str, Any],
59
+ ) -> Dict[str, Any]:
60
+ verified = self.sealer.verify_object(obj, seal)
61
+ return {
62
+ "ok": bool(verified.get("ok")),
63
+ "artifact_type": artifact_type,
64
+ "verified": bool(verified.get("verified")),
65
+ "verification": verified,
66
+ }
67
+
68
+ # ------------------------------------------------------------------
69
+ # Runtime
70
+ # ------------------------------------------------------------------
71
+ def verify_runtime_result_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
72
+ seal = bundle.get("crypto_seal")
73
+ if not isinstance(seal, dict):
74
+ return {
75
+ "ok": False,
76
+ "artifact_type": "runtime_result",
77
+ "verified": False,
78
+ "error": "missing_runtime_crypto_seal",
79
+ }
80
+
81
+ obj = dict(bundle)
82
+ obj.pop("crypto_seal", None)
83
+ obj.pop("sealed", None)
84
+
85
+ return self._verify_object_with_seal(
86
+ artifact_type="runtime_result",
87
+ obj=obj,
88
+ seal=seal,
89
+ )
90
+
91
+ # ------------------------------------------------------------------
92
+ # Benchmark
93
+ # ------------------------------------------------------------------
94
+ def verify_benchmark_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
95
+ seal = bundle.get("crypto_seal")
96
+ report = bundle.get("report")
97
+
98
+ if not isinstance(seal, dict):
99
+ return {
100
+ "ok": False,
101
+ "artifact_type": "benchmark_bundle",
102
+ "verified": False,
103
+ "error": "missing_benchmark_crypto_seal",
104
+ }
105
+
106
+ if not isinstance(report, dict):
107
+ return {
108
+ "ok": False,
109
+ "artifact_type": "benchmark_bundle",
110
+ "verified": False,
111
+ "error": "missing_benchmark_report",
112
+ }
113
+
114
+ return self._verify_object_with_seal(
115
+ artifact_type="benchmark_bundle",
116
+ obj=report,
117
+ seal=seal,
118
+ )
119
+
120
+ # ------------------------------------------------------------------
121
+ # Validation
122
+ # ------------------------------------------------------------------
123
+ def verify_validation_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
124
+ seal = bundle.get("crypto_seal")
125
+ report = bundle.get("report")
126
+
127
+ if not isinstance(seal, dict):
128
+ return {
129
+ "ok": False,
130
+ "artifact_type": "validation_report_bundle",
131
+ "verified": False,
132
+ "error": "missing_validation_crypto_seal",
133
+ }
134
+
135
+ if not isinstance(report, dict):
136
+ return {
137
+ "ok": False,
138
+ "artifact_type": "validation_report_bundle",
139
+ "verified": False,
140
+ "error": "missing_validation_report",
141
+ }
142
+
143
+ return self._verify_object_with_seal(
144
+ artifact_type="validation_report_bundle",
145
+ obj=report,
146
+ seal=seal,
147
+ )
148
+
149
+ # ------------------------------------------------------------------
150
+ # Capacity
151
+ # ------------------------------------------------------------------
152
+ def verify_capacity_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
153
+ seal = bundle.get("crypto_seal")
154
+ report = bundle.get("report")
155
+
156
+ if not isinstance(seal, dict):
157
+ return {
158
+ "ok": False,
159
+ "artifact_type": "capacity_report_bundle",
160
+ "verified": False,
161
+ "error": "missing_capacity_crypto_seal",
162
+ }
163
+
164
+ if not isinstance(report, dict):
165
+ return {
166
+ "ok": False,
167
+ "artifact_type": "capacity_report_bundle",
168
+ "verified": False,
169
+ "error": "missing_capacity_report",
170
+ }
171
+
172
+ return self._verify_object_with_seal(
173
+ artifact_type="capacity_report_bundle",
174
+ obj=report,
175
+ seal=seal,
176
+ )
177
+
178
+ # ------------------------------------------------------------------
179
+ # SLA
180
+ # ------------------------------------------------------------------
181
+ def verify_sla_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
182
+ seal = bundle.get("crypto_seal")
183
+ profile = bundle.get("sla_profile")
184
+
185
+ if not isinstance(seal, dict):
186
+ return {
187
+ "ok": False,
188
+ "artifact_type": "sla_profile_bundle",
189
+ "verified": False,
190
+ "error": "missing_sla_crypto_seal",
191
+ }
192
+
193
+ if not isinstance(profile, dict):
194
+ return {
195
+ "ok": False,
196
+ "artifact_type": "sla_profile_bundle",
197
+ "verified": False,
198
+ "error": "missing_sla_profile",
199
+ }
200
+
201
+ return self._verify_object_with_seal(
202
+ artifact_type="sla_profile_bundle",
203
+ obj=profile,
204
+ seal=seal,
205
+ )
206
+
207
+ def verify_sla_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
208
+ inner = bundle.get("bundle")
209
+ if not isinstance(inner, dict):
210
+ return {
211
+ "ok": False,
212
+ "artifact_type": "sla_report_bundle",
213
+ "verified": False,
214
+ "error": "missing_inner_sla_bundle",
215
+ }
216
+
217
+ verified = self.verify_sla_profile_bundle(inner)
218
+ return {
219
+ "ok": bool(verified.get("ok")),
220
+ "artifact_type": "sla_report_bundle",
221
+ "verified": bool(verified.get("verified")),
222
+ "inner_verification": verified,
223
+ }
224
+
225
+ # ------------------------------------------------------------------
226
+ # Fail-safe
227
+ # ------------------------------------------------------------------
228
+ def verify_fail_safe_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
229
+ seal = bundle.get("crypto_seal")
230
+ profile = bundle.get("fail_safe_profile")
231
+
232
+ if not isinstance(seal, dict):
233
+ return {
234
+ "ok": False,
235
+ "artifact_type": "fail_safe_profile_bundle",
236
+ "verified": False,
237
+ "error": "missing_fail_safe_crypto_seal",
238
+ }
239
+
240
+ if not isinstance(profile, dict):
241
+ return {
242
+ "ok": False,
243
+ "artifact_type": "fail_safe_profile_bundle",
244
+ "verified": False,
245
+ "error": "missing_fail_safe_profile",
246
+ }
247
+
248
+ return self._verify_object_with_seal(
249
+ artifact_type="fail_safe_profile_bundle",
250
+ obj=profile,
251
+ seal=seal,
252
+ )
253
+
254
+ def verify_fail_safe_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
255
+ inner = bundle.get("bundle")
256
+ if not isinstance(inner, dict):
257
+ return {
258
+ "ok": False,
259
+ "artifact_type": "fail_safe_report_bundle",
260
+ "verified": False,
261
+ "error": "missing_inner_fail_safe_bundle",
262
+ }
263
+
264
+ verified = self.verify_fail_safe_profile_bundle(inner)
265
+ return {
266
+ "ok": bool(verified.get("ok")),
267
+ "artifact_type": "fail_safe_report_bundle",
268
+ "verified": bool(verified.get("verified")),
269
+ "inner_verification": verified,
270
+ }
271
+
272
+ # ------------------------------------------------------------------
273
+ # Deployment
274
+ # ------------------------------------------------------------------
275
+ def verify_deployment_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
276
+ seal = bundle.get("crypto_seal")
277
+ profile = bundle.get("deployment_profile")
278
+
279
+ if not isinstance(seal, dict):
280
+ return {
281
+ "ok": False,
282
+ "artifact_type": "deployment_profile_bundle",
283
+ "verified": False,
284
+ "error": "missing_deployment_crypto_seal",
285
+ }
286
+
287
+ if not isinstance(profile, dict):
288
+ return {
289
+ "ok": False,
290
+ "artifact_type": "deployment_profile_bundle",
291
+ "verified": False,
292
+ "error": "missing_deployment_profile",
293
+ }
294
+
295
+ return self._verify_object_with_seal(
296
+ artifact_type="deployment_profile_bundle",
297
+ obj=profile,
298
+ seal=seal,
299
+ )
300
+
301
+ def verify_deployment_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
302
+ inner = bundle.get("bundle")
303
+ if not isinstance(inner, dict):
304
+ return {
305
+ "ok": False,
306
+ "artifact_type": "deployment_report_bundle",
307
+ "verified": False,
308
+ "error": "missing_inner_deployment_bundle",
309
+ }
310
+
311
+ verified = self.verify_deployment_profile_bundle(inner)
312
+ return {
313
+ "ok": bool(verified.get("ok")),
314
+ "artifact_type": "deployment_report_bundle",
315
+ "verified": bool(verified.get("verified")),
316
+ "inner_verification": verified,
317
+ }
318
+
319
+ # ------------------------------------------------------------------
320
+ # Role / Scope
321
+ # ------------------------------------------------------------------
322
+ def verify_role_scope_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
323
+ seal = bundle.get("crypto_seal")
324
+ profile = bundle.get("role_scope_profile")
325
+
326
+ if not isinstance(seal, dict):
327
+ return {
328
+ "ok": False,
329
+ "artifact_type": "role_scope_profile_bundle",
330
+ "verified": False,
331
+ "error": "missing_role_scope_crypto_seal",
332
+ }
333
+
334
+ if not isinstance(profile, dict):
335
+ return {
336
+ "ok": False,
337
+ "artifact_type": "role_scope_profile_bundle",
338
+ "verified": False,
339
+ "error": "missing_role_scope_profile",
340
+ }
341
+
342
+ return self._verify_object_with_seal(
343
+ artifact_type="role_scope_profile_bundle",
344
+ obj=profile,
345
+ seal=seal,
346
+ )
347
+
348
+ def verify_role_scope_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
349
+ inner = bundle.get("bundle")
350
+ if not isinstance(inner, dict):
351
+ return {
352
+ "ok": False,
353
+ "artifact_type": "role_scope_report_bundle",
354
+ "verified": False,
355
+ "error": "missing_inner_role_scope_bundle",
356
+ }
357
+
358
+ verified = self.verify_role_scope_profile_bundle(inner)
359
+ return {
360
+ "ok": bool(verified.get("ok")),
361
+ "artifact_type": "role_scope_report_bundle",
362
+ "verified": bool(verified.get("verified")),
363
+ "inner_verification": verified,
364
+ }
365
+
366
+ # ------------------------------------------------------------------
367
+ # Control Plane
368
+ # ------------------------------------------------------------------
369
+ def verify_control_plane_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
370
+ seal = bundle.get("crypto_seal")
371
+ profile = bundle.get("control_plane_profile")
372
+
373
+ if not isinstance(seal, dict):
374
+ return {
375
+ "ok": False,
376
+ "artifact_type": "control_plane_profile_bundle",
377
+ "verified": False,
378
+ "error": "missing_control_plane_crypto_seal",
379
+ }
380
+
381
+ if not isinstance(profile, dict):
382
+ return {
383
+ "ok": False,
384
+ "artifact_type": "control_plane_profile_bundle",
385
+ "verified": False,
386
+ "error": "missing_control_plane_profile",
387
+ }
388
+
389
+ return self._verify_object_with_seal(
390
+ artifact_type="control_plane_profile_bundle",
391
+ obj=profile,
392
+ seal=seal,
393
+ )
394
+
395
+ def verify_control_plane_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
396
+ inner = bundle.get("bundle")
397
+ if not isinstance(inner, dict):
398
+ return {
399
+ "ok": False,
400
+ "artifact_type": "control_plane_report_bundle",
401
+ "verified": False,
402
+ "error": "missing_inner_control_plane_bundle",
403
+ }
404
+
405
+ verified = self.verify_control_plane_profile_bundle(inner)
406
+ return {
407
+ "ok": bool(verified.get("ok")),
408
+ "artifact_type": "control_plane_report_bundle",
409
+ "verified": bool(verified.get("verified")),
410
+ "inner_verification": verified,
411
+ }
412
+
413
+ # ------------------------------------------------------------------
414
+ # Policy Change
415
+ # ------------------------------------------------------------------
416
+ def verify_policy_change_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
417
+ seal = bundle.get("crypto_seal")
418
+ profile = bundle.get("policy_change_profile")
419
+
420
+ if not isinstance(seal, dict):
421
+ return {
422
+ "ok": False,
423
+ "artifact_type": "policy_change_profile_bundle",
424
+ "verified": False,
425
+ "error": "missing_policy_change_crypto_seal",
426
+ }
427
+
428
+ if not isinstance(profile, dict):
429
+ return {
430
+ "ok": False,
431
+ "artifact_type": "policy_change_profile_bundle",
432
+ "verified": False,
433
+ "error": "missing_policy_change_profile",
434
+ }
435
+
436
+ return self._verify_object_with_seal(
437
+ artifact_type="policy_change_profile_bundle",
438
+ obj=profile,
439
+ seal=seal,
440
+ )
441
+
442
+ def verify_policy_change_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
443
+ inner = bundle.get("bundle")
444
+ if not isinstance(inner, dict):
445
+ return {
446
+ "ok": False,
447
+ "artifact_type": "policy_change_report_bundle",
448
+ "verified": False,
449
+ "error": "missing_inner_policy_change_bundle",
450
+ }
451
+
452
+ verified = self.verify_policy_change_profile_bundle(inner)
453
+ return {
454
+ "ok": bool(verified.get("ok")),
455
+ "artifact_type": "policy_change_report_bundle",
456
+ "verified": bool(verified.get("verified")),
457
+ "inner_verification": verified,
458
+ }
459
+
460
+ # ------------------------------------------------------------------
461
+ # Incident Response
462
+ # ------------------------------------------------------------------
463
+ def verify_incident_response_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
464
+ seal = bundle.get("crypto_seal")
465
+ profile = bundle.get("incident_response_profile")
466
+
467
+ if not isinstance(seal, dict):
468
+ return {
469
+ "ok": False,
470
+ "artifact_type": "incident_response_profile_bundle",
471
+ "verified": False,
472
+ "error": "missing_incident_response_crypto_seal",
473
+ }
474
+
475
+ if not isinstance(profile, dict):
476
+ return {
477
+ "ok": False,
478
+ "artifact_type": "incident_response_profile_bundle",
479
+ "verified": False,
480
+ "error": "missing_incident_response_profile",
481
+ }
482
+
483
+ return self._verify_object_with_seal(
484
+ artifact_type="incident_response_profile_bundle",
485
+ obj=profile,
486
+ seal=seal,
487
+ )
488
+
489
+ def verify_incident_response_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
490
+ inner = bundle.get("bundle")
491
+ if not isinstance(inner, dict):
492
+ return {
493
+ "ok": False,
494
+ "artifact_type": "incident_response_report_bundle",
495
+ "verified": False,
496
+ "error": "missing_inner_incident_response_bundle",
497
+ }
498
+
499
+ verified = self.verify_incident_response_profile_bundle(inner)
500
+ return {
501
+ "ok": bool(verified.get("ok")),
502
+ "artifact_type": "incident_response_report_bundle",
503
+ "verified": bool(verified.get("verified")),
504
+ "inner_verification": verified,
505
+ }
506
+
507
+ # ------------------------------------------------------------------
508
+ # Hardening
509
+ # ------------------------------------------------------------------
510
+ def verify_hardening_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
511
+ seal = bundle.get("crypto_seal")
512
+ profile = bundle.get("hardening_profile")
513
+
514
+ if not isinstance(seal, dict):
515
+ return {
516
+ "ok": False,
517
+ "artifact_type": "hardening_profile_bundle",
518
+ "verified": False,
519
+ "error": "missing_hardening_crypto_seal",
520
+ }
521
+
522
+ if not isinstance(profile, dict):
523
+ return {
524
+ "ok": False,
525
+ "artifact_type": "hardening_profile_bundle",
526
+ "verified": False,
527
+ "error": "missing_hardening_profile",
528
+ }
529
+
530
+ return self._verify_object_with_seal(
531
+ artifact_type="hardening_profile_bundle",
532
+ obj=profile,
533
+ seal=seal,
534
+ )
535
+
536
+ def verify_hardening_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
537
+ inner = bundle.get("bundle")
538
+ if not isinstance(inner, dict):
539
+ return {
540
+ "ok": False,
541
+ "artifact_type": "hardening_report_bundle",
542
+ "verified": False,
543
+ "error": "missing_inner_hardening_bundle",
544
+ }
545
+
546
+ verified = self.verify_hardening_profile_bundle(inner)
547
+ return {
548
+ "ok": bool(verified.get("ok")),
549
+ "artifact_type": "hardening_report_bundle",
550
+ "verified": bool(verified.get("verified")),
551
+ "inner_verification": verified,
552
+ }
553
+
554
+ # ------------------------------------------------------------------
555
+ # Operational Resilience
556
+ # ------------------------------------------------------------------
557
+ def verify_operational_resilience_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
558
+ seal = bundle.get("crypto_seal")
559
+ profile = bundle.get("operational_resilience_profile")
560
+
561
+ if not isinstance(seal, dict):
562
+ return {
563
+ "ok": False,
564
+ "artifact_type": "operational_resilience_profile_bundle",
565
+ "verified": False,
566
+ "error": "missing_operational_resilience_crypto_seal",
567
+ }
568
+
569
+ if not isinstance(profile, dict):
570
+ return {
571
+ "ok": False,
572
+ "artifact_type": "operational_resilience_profile_bundle",
573
+ "verified": False,
574
+ "error": "missing_operational_resilience_profile",
575
+ }
576
+
577
+ return self._verify_object_with_seal(
578
+ artifact_type="operational_resilience_profile_bundle",
579
+ obj=profile,
580
+ seal=seal,
581
+ )
582
+
583
+ def verify_operational_resilience_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
584
+ inner = bundle.get("bundle")
585
+ if not isinstance(inner, dict):
586
+ return {
587
+ "ok": False,
588
+ "artifact_type": "operational_resilience_report_bundle",
589
+ "verified": False,
590
+ "error": "missing_inner_operational_resilience_bundle",
591
+ }
592
+
593
+ verified = self.verify_operational_resilience_profile_bundle(inner)
594
+ return {
595
+ "ok": bool(verified.get("ok")),
596
+ "artifact_type": "operational_resilience_report_bundle",
597
+ "verified": bool(verified.get("verified")),
598
+ "inner_verification": verified,
599
+ }
600
+
601
+ # ------------------------------------------------------------------
602
+ # Generic manifest
603
+ # ------------------------------------------------------------------
604
+ def verify_manifest_bundle(
605
+ self,
606
+ bundle: Dict[str, Any],
607
+ artifact_type: str = "manifest_bundle",
608
+ ) -> Dict[str, Any]:
609
+ manifest_bundle = bundle.get("manifest_bundle")
610
+ if not isinstance(manifest_bundle, dict):
611
+ return {
612
+ "ok": False,
613
+ "artifact_type": artifact_type,
614
+ "verified": False,
615
+ "error": "missing_manifest_bundle",
616
+ }
617
+
618
+ manifest = manifest_bundle.get("manifest")
619
+ seal = manifest_bundle.get("seal")
620
+
621
+ if not isinstance(manifest, dict):
622
+ return {
623
+ "ok": False,
624
+ "artifact_type": artifact_type,
625
+ "verified": False,
626
+ "error": "missing_manifest_object",
627
+ }
628
+
629
+ if not isinstance(seal, dict):
630
+ return {
631
+ "ok": False,
632
+ "artifact_type": artifact_type,
633
+ "verified": False,
634
+ "error": "missing_manifest_seal",
635
+ }
636
+
637
+ return self._verify_object_with_seal(
638
+ artifact_type=artifact_type,
639
+ obj=manifest,
640
+ seal=seal,
641
+ )
642
+
643
+ def verify_validation_manifest_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
644
+ return self.verify_manifest_bundle(bundle=bundle, artifact_type="validation_manifest_bundle")
645
+
646
+ def verify_capacity_manifest_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
647
+ return self.verify_manifest_bundle(bundle=bundle, artifact_type="capacity_manifest_bundle")
648
+
649
+ # ------------------------------------------------------------------
650
+ # Technical identity
651
+ # ------------------------------------------------------------------
652
+ def verify_technical_identity_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]:
653
+ identity = bundle.get("technical_identity")
654
+ if not isinstance(identity, dict):
655
+ return {
656
+ "ok": False,
657
+ "artifact_type": "technical_identity_bundle",
658
+ "verified": False,
659
+ "error": "missing_technical_identity",
660
+ }
661
+
662
+ seal = identity.get("crypto_seal")
663
+ if not isinstance(seal, dict):
664
+ return {
665
+ "ok": False,
666
+ "artifact_type": "technical_identity_bundle",
667
+ "verified": False,
668
+ "error": "missing_technical_identity_seal",
669
+ }
670
+
671
+ identity_obj = dict(identity)
672
+ identity_obj.pop("crypto_seal", None)
673
+ identity_obj.pop("sealed", None)
674
+
675
+ identity_verification = self._verify_object_with_seal(
676
+ artifact_type="technical_identity",
677
+ obj=identity_obj,
678
+ seal=seal,
679
+ )
680
+
681
+ nested_checks: List[Dict[str, Any]] = []
682
+
683
+ runtime_result = bundle.get("runtime_result")
684
+ if isinstance(runtime_result, dict):
685
+ nested_checks.append(self.verify_runtime_result_bundle(runtime_result))
686
+
687
+ benchmark_bundle = bundle.get("benchmark_bundle")
688
+ if isinstance(benchmark_bundle, dict):
689
+ nested_checks.append(self.verify_benchmark_bundle(benchmark_bundle))
690
+
691
+ manifest_bundle = bundle.get("manifest_bundle")
692
+ if isinstance(manifest_bundle, dict):
693
+ nested_checks.append(self.verify_manifest_bundle({"manifest_bundle": manifest_bundle}))
694
+
695
+ validation_bundle = bundle.get("validation_bundle")
696
+ if isinstance(validation_bundle, dict):
697
+ if "report" in validation_bundle and "crypto_seal" in validation_bundle:
698
+ nested_checks.append(self.verify_validation_report_bundle(validation_bundle))
699
+ elif "manifest_bundle" in validation_bundle:
700
+ nested_checks.append(self.verify_validation_manifest_bundle(validation_bundle))
701
+
702
+ capacity_bundle = bundle.get("capacity_bundle")
703
+ if isinstance(capacity_bundle, dict):
704
+ if "report" in capacity_bundle and "crypto_seal" in capacity_bundle:
705
+ nested_checks.append(self.verify_capacity_report_bundle(capacity_bundle))
706
+ elif "manifest_bundle" in capacity_bundle:
707
+ nested_checks.append(self.verify_capacity_manifest_bundle(capacity_bundle))
708
+
709
+ sla_bundle = bundle.get("sla_bundle")
710
+ if isinstance(sla_bundle, dict):
711
+ if "sla_profile" in sla_bundle and "crypto_seal" in sla_bundle:
712
+ nested_checks.append(self.verify_sla_profile_bundle(sla_bundle))
713
+ elif "bundle" in sla_bundle:
714
+ nested_checks.append(self.verify_sla_report_bundle(sla_bundle))
715
+
716
+ fail_safe_bundle = bundle.get("fail_safe_bundle")
717
+ if isinstance(fail_safe_bundle, dict):
718
+ if "fail_safe_profile" in fail_safe_bundle and "crypto_seal" in fail_safe_bundle:
719
+ nested_checks.append(self.verify_fail_safe_profile_bundle(fail_safe_bundle))
720
+ elif "bundle" in fail_safe_bundle:
721
+ nested_checks.append(self.verify_fail_safe_report_bundle(fail_safe_bundle))
722
+
723
+ deployment_bundle = bundle.get("deployment_bundle")
724
+ if isinstance(deployment_bundle, dict):
725
+ if "deployment_profile" in deployment_bundle and "crypto_seal" in deployment_bundle:
726
+ nested_checks.append(self.verify_deployment_profile_bundle(deployment_bundle))
727
+ elif "bundle" in deployment_bundle:
728
+ nested_checks.append(self.verify_deployment_report_bundle(deployment_bundle))
729
+
730
+ role_scope_bundle = bundle.get("role_scope_bundle")
731
+ if isinstance(role_scope_bundle, dict):
732
+ if "role_scope_profile" in role_scope_bundle and "crypto_seal" in role_scope_bundle:
733
+ nested_checks.append(self.verify_role_scope_profile_bundle(role_scope_bundle))
734
+ elif "bundle" in role_scope_bundle:
735
+ nested_checks.append(self.verify_role_scope_report_bundle(role_scope_bundle))
736
+
737
+ control_plane_bundle = bundle.get("control_plane_bundle")
738
+ if isinstance(control_plane_bundle, dict):
739
+ if "control_plane_profile" in control_plane_bundle and "crypto_seal" in control_plane_bundle:
740
+ nested_checks.append(self.verify_control_plane_profile_bundle(control_plane_bundle))
741
+ elif "bundle" in control_plane_bundle:
742
+ nested_checks.append(self.verify_control_plane_report_bundle(control_plane_bundle))
743
+
744
+ policy_change_bundle = bundle.get("policy_change_bundle")
745
+ if isinstance(policy_change_bundle, dict):
746
+ if "policy_change_profile" in policy_change_bundle and "crypto_seal" in policy_change_bundle:
747
+ nested_checks.append(self.verify_policy_change_profile_bundle(policy_change_bundle))
748
+ elif "bundle" in policy_change_bundle:
749
+ nested_checks.append(self.verify_policy_change_report_bundle(policy_change_bundle))
750
+
751
+ incident_response_bundle = bundle.get("incident_response_bundle")
752
+ if isinstance(incident_response_bundle, dict):
753
+ if "incident_response_profile" in incident_response_bundle and "crypto_seal" in incident_response_bundle:
754
+ nested_checks.append(self.verify_incident_response_profile_bundle(incident_response_bundle))
755
+ elif "bundle" in incident_response_bundle:
756
+ nested_checks.append(self.verify_incident_response_report_bundle(incident_response_bundle))
757
+
758
+ hardening_bundle = bundle.get("hardening_bundle")
759
+ if isinstance(hardening_bundle, dict):
760
+ if "hardening_profile" in hardening_bundle and "crypto_seal" in hardening_bundle:
761
+ nested_checks.append(self.verify_hardening_profile_bundle(hardening_bundle))
762
+ elif "bundle" in hardening_bundle:
763
+ nested_checks.append(self.verify_hardening_report_bundle(hardening_bundle))
764
+
765
+ operational_resilience_bundle = bundle.get("operational_resilience_bundle")
766
+ if isinstance(operational_resilience_bundle, dict):
767
+ if "operational_resilience_profile" in operational_resilience_bundle and "crypto_seal" in operational_resilience_bundle:
768
+ nested_checks.append(self.verify_operational_resilience_profile_bundle(operational_resilience_bundle))
769
+ elif "bundle" in operational_resilience_bundle:
770
+ nested_checks.append(self.verify_operational_resilience_report_bundle(operational_resilience_bundle))
771
+
772
+ all_nested_ok = all(bool(x.get("verified")) for x in nested_checks) if nested_checks else True
773
+
774
+ return {
775
+ "ok": bool(identity_verification.get("ok")) and all_nested_ok,
776
+ "artifact_type": "technical_identity_bundle",
777
+ "verified": bool(identity_verification.get("verified")) and all_nested_ok,
778
+ "technical_identity_verification": identity_verification,
779
+ "nested_verifications": nested_checks,
780
+ }
781
+
782
+ # ------------------------------------------------------------------
783
+ # Auto-detect
784
+ # ------------------------------------------------------------------
785
+ def verify_auto(self, obj: Dict[str, Any]) -> Dict[str, Any]:
786
+ if "technical_identity" in obj:
787
+ return self.verify_technical_identity_bundle(obj)
788
+
789
+ if "bundle" in obj and isinstance(obj.get("bundle"), dict):
790
+ inner = obj["bundle"]
791
+ if "sla_profile" in inner and "crypto_seal" in inner:
792
+ return self.verify_sla_report_bundle(obj)
793
+ if "fail_safe_profile" in inner and "crypto_seal" in inner:
794
+ return self.verify_fail_safe_report_bundle(obj)
795
+ if "deployment_profile" in inner and "crypto_seal" in inner:
796
+ return self.verify_deployment_report_bundle(obj)
797
+ if "role_scope_profile" in inner and "crypto_seal" in inner:
798
+ return self.verify_role_scope_report_bundle(obj)
799
+ if "control_plane_profile" in inner and "crypto_seal" in inner:
800
+ return self.verify_control_plane_report_bundle(obj)
801
+ if "policy_change_profile" in inner and "crypto_seal" in inner:
802
+ return self.verify_policy_change_report_bundle(obj)
803
+ if "incident_response_profile" in inner and "crypto_seal" in inner:
804
+ return self.verify_incident_response_report_bundle(obj)
805
+ if "hardening_profile" in inner and "crypto_seal" in inner:
806
+ return self.verify_hardening_report_bundle(obj)
807
+ if "operational_resilience_profile" in inner and "crypto_seal" in inner:
808
+ return self.verify_operational_resilience_report_bundle(obj)
809
+
810
+ if "report" in obj and "crypto_seal" in obj:
811
+ report = obj.get("report")
812
+ if isinstance(report, dict):
813
+ suite_name = str(report.get("suite_name", "")).lower()
814
+ benchmark_name = str(report.get("benchmark_name", "")).lower()
815
+ probe_name = str(report.get("probe_name", "")).lower()
816
+
817
+ if "false positive" in suite_name or "validation" in suite_name:
818
+ return self.verify_validation_report_bundle(obj)
819
+ if "benchmark" in benchmark_name:
820
+ return self.verify_benchmark_bundle(obj)
821
+ if "capacity" in probe_name:
822
+ return self.verify_capacity_report_bundle(obj)
823
+
824
+ if "sla_profile" in obj and "crypto_seal" in obj:
825
+ return self.verify_sla_profile_bundle(obj)
826
+ if "fail_safe_profile" in obj and "crypto_seal" in obj:
827
+ return self.verify_fail_safe_profile_bundle(obj)
828
+ if "deployment_profile" in obj and "crypto_seal" in obj:
829
+ return self.verify_deployment_profile_bundle(obj)
830
+ if "role_scope_profile" in obj and "crypto_seal" in obj:
831
+ return self.verify_role_scope_profile_bundle(obj)
832
+ if "control_plane_profile" in obj and "crypto_seal" in obj:
833
+ return self.verify_control_plane_profile_bundle(obj)
834
+ if "policy_change_profile" in obj and "crypto_seal" in obj:
835
+ return self.verify_policy_change_profile_bundle(obj)
836
+ if "incident_response_profile" in obj and "crypto_seal" in obj:
837
+ return self.verify_incident_response_profile_bundle(obj)
838
+ if "hardening_profile" in obj and "crypto_seal" in obj:
839
+ return self.verify_hardening_profile_bundle(obj)
840
+ if "operational_resilience_profile" in obj and "crypto_seal" in obj:
841
+ return self.verify_operational_resilience_profile_bundle(obj)
842
+
843
+ if "manifest_bundle" in obj:
844
+ manifest_bundle = obj.get("manifest_bundle") or {}
845
+ manifest = manifest_bundle.get("manifest") if isinstance(manifest_bundle, dict) else {}
846
+ manifest_type = ""
847
+ if isinstance(manifest, dict):
848
+ manifest_type = str(manifest.get("manifest_type", "")).lower()
849
+
850
+ if "validation" in manifest_type:
851
+ return self.verify_validation_manifest_bundle(obj)
852
+ if "capacity" in manifest_type:
853
+ return self.verify_capacity_manifest_bundle(obj)
854
+ return self.verify_manifest_bundle(obj)
855
+
856
+ if "crypto_seal" in obj:
857
+ return self.verify_runtime_result_bundle(obj)
858
+
859
+ return {
860
+ "ok": False,
861
+ "verified": False,
862
+ "artifact_type": "unknown",
863
+ "error": "could_not_detect_artifact_type",
864
+ }
865
+
866
+ def verify_file(self, path: str) -> Dict[str, Any]:
867
+ obj = _load_json(path)
868
+ result = self.verify_auto(obj)
869
+ result["source_file"] = path
870
+ return result
871
+
872
+ # ------------------------------------------------------------------
873
+ # Summary
874
+ # ------------------------------------------------------------------
875
+ def summarize(self, result: Dict[str, Any]) -> Dict[str, Any]:
876
+ artifact_type = result.get("artifact_type", "unknown")
877
+ verified = bool(result.get("verified", False))
878
+
879
+ summary = {
880
+ "artifact_type": artifact_type,
881
+ "verified": verified,
882
+ "status": "VALID" if verified else "INVALID",
883
+ }
884
+
885
+ if result.get("source_file"):
886
+ summary["source_file"] = result["source_file"]
887
+
888
+ verification = result.get("verification", {}) or {}
889
+ if isinstance(verification, dict):
890
+ if verification.get("object_digest"):
891
+ summary["object_digest"] = verification["object_digest"]
892
+ if verification.get("seal_digest"):
893
+ summary["seal_digest"] = verification["seal_digest"]
894
+
895
+ if artifact_type in {
896
+ "sla_report_bundle",
897
+ "fail_safe_report_bundle",
898
+ "deployment_report_bundle",
899
+ "role_scope_report_bundle",
900
+ "control_plane_report_bundle",
901
+ "policy_change_report_bundle",
902
+ "incident_response_report_bundle",
903
+ "hardening_report_bundle",
904
+ "operational_resilience_report_bundle",
905
+ }:
906
+ inner = result.get("inner_verification", {}) or {}
907
+ summary["inner_verified"] = bool(inner.get("verified", False))
908
+
909
+ if artifact_type == "technical_identity_bundle":
910
+ tiv = result.get("technical_identity_verification", {}) or {}
911
+ nested = result.get("nested_verifications", []) or []
912
+ summary["technical_identity_verified"] = bool(
913
+ (tiv.get("verification") or {}).get("verified", tiv.get("verified", False))
914
+ )
915
+ summary["nested_verified_count"] = sum(1 for x in nested if x.get("verified"))
916
+ summary["nested_total"] = len(nested)
917
+
918
+ return summary
919
+
920
+
921
+ VERIFIER = SovereignExternalVerifierV12()
922
+
923
+
924
+ def verify_artifact_file_v12(path: str) -> Dict[str, Any]:
925
+ return VERIFIER.verify_file(path)
926
+
927
+
928
+ def summarize_verification_v12(result: Dict[str, Any]) -> Dict[str, Any]:
929
+ return VERIFIER.summarize(result)
930
+
931
+
932
+ def _build_arg_parser() -> argparse.ArgumentParser:
933
+ parser = argparse.ArgumentParser(
934
+ description="Extended independent verifier v12 for Sovereign bank-grade artifacts."
935
+ )
936
+ parser.add_argument(
937
+ "--file",
938
+ required=True,
939
+ help="Path to JSON artifact file to verify.",
940
+ )
941
+ parser.add_argument(
942
+ "--summary-only",
943
+ action="store_true",
944
+ help="Print only compact summary instead of full verification result.",
945
+ )
946
+ return parser
947
+
948
+
949
+ if __name__ == "__main__":
950
+ parser = _build_arg_parser()
951
+ args = parser.parse_args()
952
+
953
+ verification = verify_artifact_file_v12(args.file)
954
+
955
+ if args.summary_only:
956
+ print(json.dumps(summarize_verification_v12(verification), ensure_ascii=False, indent=2))
957
+ else:
958
+ print(json.dumps(verification, ensure_ascii=False, indent=2))
959
+