# sovereign_deployment_profile.py from __future__ import annotations import json from datetime import datetime, timezone from typing import Any, Dict, List, Optional from sovereign_crypto_seal import SovereignCryptoSeal def _utc_now() -> str: return datetime.now(timezone.utc).isoformat() class SovereignDeploymentProfileBuilder: """ Builds a bank-grade deployment profile for Sovereign. Purpose: - Define supported deployment postures - Make runtime entry and packaging posture explicit - Clarify what 'low-friction deployment' means in technical terms - Provide a sealed machine-readable deployment artifact """ def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: self.sealer = sealer or SovereignCryptoSeal() def _deployment_modes(self) -> List[Dict[str, Any]]: return [ { "mode": "on_prem_controlled_runtime", "status": "supported_primary", "description": "Primary target posture for banks and financial institutions. Runtime executes within customer-controlled environment.", "intended_use": [ "bank internal runtime control", "regulated AI workflow governance", "controlled financial execution oversight", ], }, { "mode": "evaluation_bundle_runtime", "status": "supported_secondary", "description": "Evaluation / pilot posture for controlled technical validation before broader rollout.", "intended_use": [ "technical pilot", "benchmark validation", "artifact verification", ], }, { "mode": "single_command_launcher_runtime", "status": "in_progress", "description": "Low-friction launch posture using the packaged runtime launcher and config-driven execution path.", "intended_use": [ "reduced deployment friction", "controlled packaged execution", ], }, { "mode": "containerized_delivery", "status": "planned_next", "description": "Future packaging posture for stronger delivery ergonomics and runtime portability.", "intended_use": [ "container delivery", "controlled platform portability", ], }, ] def _environment_requirements(self) -> Dict[str, Any]: return { "runtime_requirements": { "python_runtime_required": True, "filesystem_write_required": True, "json_artifact_support_required": True, "local_execution_supported": True, }, "network_requirements": { "internet_required": False, "cloud_dependency_required": False, "external_dns_required": False, "offline_posture_supported": True, }, "execution_requirements": { "single_entrypoint_defined": True, "runtime_entry_module": "sovereign_bank_runtime_entry", "runtime_entry_function": "run_sovereign_bank_runtime", "one_command_launcher_module": "sovereign_one_command_launcher", "config_driven_launch_supported": True, }, "artifact_requirements": { "audit_chain_storage_required": True, "crypto_seal_support_required": True, "manifest_generation_required": True, "verifier_compatibility_expected": True, }, } def _packaging_posture(self) -> Dict[str, Any]: return { "current_packaging_state": "structured_runtime_package_available", "runtime_package_builder": "sovereign_packager", "one_command_launcher_available": True, "packaging_notes": [ "Current packaging posture provides structured runtime delivery with launcher config, manifest, integrity inventory, and documentation.", "Single-command launch is supported through the one-command launcher and config-based execution path.", "Packaging ergonomics can be further hardened later with containerization or additional installer tooling.", ], } def _frictionless_deployment_claim(self) -> Dict[str, Any]: return { "claim_label": "low_friction_controlled_deployment", "status": "qualified_claim", "meaning": [ "A single runtime entrypoint is defined.", "A one-command launcher exists for controlled execution modes.", "A runtime package structure exists for delivery and review.", "Deployment does not require external cloud dependency or internet connectivity.", ], "non_meaning": [ "This does not yet mean a universal zero-touch installer across all bank environments.", "This does not yet imply environment-agnostic deployment without customer-side runtime prerequisites.", "This does not replace environment-specific hardening, permissions, or integration review.", ], } def _deployment_constraints(self) -> List[str]: return [ "Current deployment profile is designed for controlled bank-grade runtime environments and technical review flows.", "Single-command launch is available through launcher/config flow, but universal zero-touch installation is not yet the claimed end state.", "Environment-specific integration, hardening, permissions, and operational review may still be required in customer deployment.", "Containerized or installer-style delivery remains a future hardening/ergonomics path rather than the only current deployment mode.", ] def build(self) -> Dict[str, Any]: profile = { "profile_type": "Sovereign Deployment Profile", "generated_at": _utc_now(), "domain": "banking_and_financial_institutions", "deployment_modes": self._deployment_modes(), "environment_requirements": self._environment_requirements(), "packaging_posture": self._packaging_posture(), "frictionless_deployment_claim": self._frictionless_deployment_claim(), "constraints": self._deployment_constraints(), "summary": { "supported_primary_mode": "on_prem_controlled_runtime", "runtime_entrypoint_defined": True, "one_command_launcher_present": True, "internet_dependency_required": False, "cloud_dependency_required": False, }, } sealed = self.sealer.seal_object( profile, object_type="deployment_profile", metadata={ "domain": "banking", "artifact_class": "deployment_profile", }, ) return { "ok": True, "deployment_profile": profile, "crypto_seal": sealed["seal"], "sealed": True, } BUILDER = SovereignDeploymentProfileBuilder() def generate_deployment_profile() -> Dict[str, Any]: return BUILDER.build() if __name__ == "__main__": out = generate_deployment_profile() print(json.dumps(out, indent=2, ensure_ascii=False))