Upload 3 files
Browse files- app.py +47 -0
- requirements.txt +1 -0
- sovereign_core.py +140 -0
app.py
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import json
|
| 2 |
+
import gradio as gr
|
| 3 |
+
|
| 4 |
+
from sovereign_core import (
|
| 5 |
+
ENGINE_NAME,
|
| 6 |
+
SovereignFingerprint,
|
| 7 |
+
generate_attestation,
|
| 8 |
+
generate_integrity_certificate,
|
| 9 |
+
verify_attestation,
|
| 10 |
+
verify_certificate,
|
| 11 |
+
)
|
| 12 |
+
|
| 13 |
+
|
| 14 |
+
def run_sentinel(engine_name: str):
|
| 15 |
+
engine = engine_name.strip() or ENGINE_NAME
|
| 16 |
+
|
| 17 |
+
fpgen = SovereignFingerprint(engine)
|
| 18 |
+
_, fp_value = fpgen.export()
|
| 19 |
+
|
| 20 |
+
att = generate_attestation(fp_value)
|
| 21 |
+
cert = generate_integrity_certificate(fp_value, att)
|
| 22 |
+
|
| 23 |
+
att_ok = verify_attestation(att)
|
| 24 |
+
cert_ok = verify_certificate(cert)
|
| 25 |
+
|
| 26 |
+
result = {
|
| 27 |
+
"engine": engine,
|
| 28 |
+
"fingerprint": fp_value,
|
| 29 |
+
"attestation": att,
|
| 30 |
+
"certificate": cert,
|
| 31 |
+
"verify_attestation": att_ok,
|
| 32 |
+
"verify_certificate": cert_ok,
|
| 33 |
+
}
|
| 34 |
+
|
| 35 |
+
return json.dumps(result, indent=4)
|
| 36 |
+
|
| 37 |
+
|
| 38 |
+
demo = gr.Interface(
|
| 39 |
+
fn=run_sentinel,
|
| 40 |
+
inputs=gr.Textbox(label="Engine name", value=ENGINE_NAME),
|
| 41 |
+
outputs=gr.Code(label="Sovereign Security Snapshot (JSON)", language="json"),
|
| 42 |
+
title="AI Sovereign Sentinel – Integrity Engine",
|
| 43 |
+
description="Generates a sovereign fingerprint, attestation, and integrity certificate, then verifies the full chain."
|
| 44 |
+
)
|
| 45 |
+
|
| 46 |
+
if __name__ == "__main__":
|
| 47 |
+
demo.launch(share=True)
|
requirements.txt
ADDED
|
@@ -0,0 +1 @@
|
|
|
|
|
|
|
| 1 |
+
gradio>=4.0.0
|
sovereign_core.py
ADDED
|
@@ -0,0 +1,140 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os
|
| 2 |
+
import json
|
| 3 |
+
import time
|
| 4 |
+
import uuid
|
| 5 |
+
import hashlib
|
| 6 |
+
|
| 7 |
+
|
| 8 |
+
ENGINE_NAME = "AI_Sovereign_Sentinel_Core_v1"
|
| 9 |
+
AUTHORITY_NAME = "DataClear Sovereign Authority"
|
| 10 |
+
|
| 11 |
+
|
| 12 |
+
class SovereignFingerprint:
|
| 13 |
+
"""
|
| 14 |
+
Minimal fingerprint generator for AI Sovereign Sentinel.
|
| 15 |
+
Creates a JSON file with engine, fingerprint and issued_at.
|
| 16 |
+
"""
|
| 17 |
+
def __init__(self, engine: str, output: str = "sovereign_fingerprint.json"):
|
| 18 |
+
self.engine = engine
|
| 19 |
+
self.output = output
|
| 20 |
+
|
| 21 |
+
def _build(self):
|
| 22 |
+
issued_at = int(time.time())
|
| 23 |
+
base = f"{self.engine}|{issued_at}"
|
| 24 |
+
fp_hash = hashlib.sha256(base.encode()).hexdigest()
|
| 25 |
+
return {
|
| 26 |
+
"engine": self.engine,
|
| 27 |
+
"fingerprint": fp_hash,
|
| 28 |
+
"issued_at": issued_at,
|
| 29 |
+
"version": "1.0",
|
| 30 |
+
}
|
| 31 |
+
|
| 32 |
+
def export(self):
|
| 33 |
+
fp = self._build()
|
| 34 |
+
with open(self.output, "w") as f:
|
| 35 |
+
json.dump(fp, f, indent=4)
|
| 36 |
+
return self.output, fp["fingerprint"]
|
| 37 |
+
|
| 38 |
+
|
| 39 |
+
class SovereignValidator:
|
| 40 |
+
"""
|
| 41 |
+
Simple registry to bind engine name → fingerprint string.
|
| 42 |
+
Stored in sovereign_registry.json
|
| 43 |
+
"""
|
| 44 |
+
def __init__(self, path: str = "sovereign_registry.json"):
|
| 45 |
+
self.path = path
|
| 46 |
+
if os.path.exists(self.path):
|
| 47 |
+
with open(self.path, "r") as f:
|
| 48 |
+
self.registry = json.load(f)
|
| 49 |
+
else:
|
| 50 |
+
self.registry = {}
|
| 51 |
+
|
| 52 |
+
def register(self, engine: str, fingerprint: str) -> bool:
|
| 53 |
+
self.registry[engine] = {
|
| 54 |
+
"fingerprint": fingerprint,
|
| 55 |
+
"registered_at": int(time.time()),
|
| 56 |
+
}
|
| 57 |
+
with open(self.path, "w") as f:
|
| 58 |
+
json.dump(self.registry, f, indent=4)
|
| 59 |
+
return True
|
| 60 |
+
|
| 61 |
+
def validate(self, engine: str, fingerprint: str) -> bool:
|
| 62 |
+
entry = self.registry.get(engine)
|
| 63 |
+
if not entry:
|
| 64 |
+
return False
|
| 65 |
+
return entry.get("fingerprint") == fingerprint
|
| 66 |
+
|
| 67 |
+
|
| 68 |
+
def attestation_signature(att: dict) -> str:
|
| 69 |
+
"""
|
| 70 |
+
Unified, stable signature generation for attestation objects.
|
| 71 |
+
"""
|
| 72 |
+
base = f"{att['attestation_id']}|{att['issued_at']}|{att['fingerprint']}|{att['issuer']}|{att['version']}"
|
| 73 |
+
return hashlib.sha256(base.encode()).hexdigest()
|
| 74 |
+
|
| 75 |
+
|
| 76 |
+
def generate_attestation(fp):
|
| 77 |
+
"""
|
| 78 |
+
Create a signed attestation for a given fingerprint (dict or string).
|
| 79 |
+
"""
|
| 80 |
+
if isinstance(fp, dict):
|
| 81 |
+
fp_value = fp.get("fingerprint", "")
|
| 82 |
+
else:
|
| 83 |
+
fp_value = fp
|
| 84 |
+
|
| 85 |
+
att = {
|
| 86 |
+
"attestation_id": str(uuid.uuid4()),
|
| 87 |
+
"issued_at": int(time.time()),
|
| 88 |
+
"fingerprint": fp_value,
|
| 89 |
+
"issuer": AUTHORITY_NAME,
|
| 90 |
+
"version": "1.0",
|
| 91 |
+
}
|
| 92 |
+
|
| 93 |
+
att["signature"] = attestation_signature(att)
|
| 94 |
+
return att
|
| 95 |
+
|
| 96 |
+
|
| 97 |
+
def verify_attestation(att: dict) -> bool:
|
| 98 |
+
expected = attestation_signature(att)
|
| 99 |
+
return expected == att.get("signature")
|
| 100 |
+
|
| 101 |
+
|
| 102 |
+
def generate_integrity_certificate(fp, att, output: str = "sovereign_certificate.json"):
|
| 103 |
+
"""
|
| 104 |
+
Bundle fingerprint + attestation into a single integrity certificate file.
|
| 105 |
+
"""
|
| 106 |
+
if isinstance(fp, dict):
|
| 107 |
+
fp_value = fp.get("fingerprint", "")
|
| 108 |
+
else:
|
| 109 |
+
fp_value = fp
|
| 110 |
+
|
| 111 |
+
cert = {
|
| 112 |
+
"engine": ENGINE_NAME,
|
| 113 |
+
"fingerprint": fp_value,
|
| 114 |
+
"issued_at": att["issued_at"],
|
| 115 |
+
"attestation": att,
|
| 116 |
+
"certificate_version": "1.0",
|
| 117 |
+
"authority": AUTHORITY_NAME,
|
| 118 |
+
}
|
| 119 |
+
|
| 120 |
+
with open(output, "w") as f:
|
| 121 |
+
json.dump(cert, f, indent=4)
|
| 122 |
+
|
| 123 |
+
return cert
|
| 124 |
+
|
| 125 |
+
|
| 126 |
+
def verify_certificate(cert: dict) -> bool:
|
| 127 |
+
"""
|
| 128 |
+
High-level check over the full certificate.
|
| 129 |
+
"""
|
| 130 |
+
if cert.get("engine") != ENGINE_NAME:
|
| 131 |
+
return False
|
| 132 |
+
|
| 133 |
+
if cert.get("authority") != AUTHORITY_NAME:
|
| 134 |
+
return False
|
| 135 |
+
|
| 136 |
+
att = cert.get("attestation", {})
|
| 137 |
+
if not verify_attestation(att):
|
| 138 |
+
return False
|
| 139 |
+
|
| 140 |
+
return True
|