# sovereign_external_verifier_v11.py from __future__ import annotations import argparse import json from pathlib import Path from typing import Any, Dict, List, Optional from sovereign_crypto_seal import SovereignCryptoSeal def _load_json(path: str) -> Dict[str, Any]: p = Path(path) if not p.exists(): raise FileNotFoundError(f"File not found: {path}") data = json.loads(p.read_text(encoding="utf-8")) if not isinstance(data, dict): raise ValueError(f"JSON root must be an object: {path}") return data class SovereignExternalVerifierV11: """ Extended independent verifier for Sovereign artifacts (bank-grade). Added in v11: - Hardening profile verification - Hardening report verification """ def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: self.sealer = sealer or SovereignCryptoSeal() # ------------------------------------------------------------------ # Core # ------------------------------------------------------------------ def _verify_object_with_seal( self, *, artifact_type: str, obj: Dict[str, Any], seal: Dict[str, Any], ) -> Dict[str, Any]: verified = self.sealer.verify_object(obj, seal) return { "ok": bool(verified.get("ok")), "artifact_type": artifact_type, "verified": bool(verified.get("verified")), "verification": verified, } # ------------------------------------------------------------------ # Hardening # ------------------------------------------------------------------ def verify_hardening_profile_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: seal = bundle.get("crypto_seal") profile = bundle.get("hardening_profile") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "hardening_profile_bundle", "verified": False, "error": "missing_hardening_crypto_seal", } if not isinstance(profile, dict): return { "ok": False, "artifact_type": "hardening_profile_bundle", "verified": False, "error": "missing_hardening_profile", } return self._verify_object_with_seal( artifact_type="hardening_profile_bundle", obj=profile, seal=seal, ) def verify_hardening_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: inner = bundle.get("bundle") if not isinstance(inner, dict): return { "ok": False, "artifact_type": "hardening_report_bundle", "verified": False, "error": "missing_inner_hardening_bundle", } verified = self.verify_hardening_profile_bundle(inner) return { "ok": bool(verified.get("ok")), "artifact_type": "hardening_report_bundle", "verified": bool(verified.get("verified")), "inner_verification": verified, } # ------------------------------------------------------------------ # Runtime (minimal reuse) # ------------------------------------------------------------------ def verify_runtime_result_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: seal = bundle.get("crypto_seal") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "runtime_result", "verified": False, "error": "missing_runtime_crypto_seal", } obj = dict(bundle) obj.pop("crypto_seal", None) obj.pop("sealed", None) return self._verify_object_with_seal( artifact_type="runtime_result", obj=obj, seal=seal, ) # ------------------------------------------------------------------ # Technical Identity (extended) # ------------------------------------------------------------------ def verify_technical_identity_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: identity = bundle.get("technical_identity") if not isinstance(identity, dict): return { "ok": False, "artifact_type": "technical_identity_bundle", "verified": False, "error": "missing_technical_identity", } seal = identity.get("crypto_seal") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "technical_identity_bundle", "verified": False, "error": "missing_technical_identity_seal", } identity_obj = dict(identity) identity_obj.pop("crypto_seal", None) identity_obj.pop("sealed", None) identity_verification = self._verify_object_with_seal( artifact_type="technical_identity", obj=identity_obj, seal=seal, ) nested_checks: List[Dict[str, Any]] = [] hardening_bundle = bundle.get("hardening_bundle") if isinstance(hardening_bundle, dict): if "hardening_profile" in hardening_bundle and "crypto_seal" in hardening_bundle: nested_checks.append(self.verify_hardening_profile_bundle(hardening_bundle)) elif "bundle" in hardening_bundle: nested_checks.append(self.verify_hardening_report_bundle(hardening_bundle)) runtime_result = bundle.get("runtime_result") if isinstance(runtime_result, dict): nested_checks.append(self.verify_runtime_result_bundle(runtime_result)) all_nested_ok = all(bool(x.get("verified")) for x in nested_checks) if nested_checks else True return { "ok": bool(identity_verification.get("ok")) and all_nested_ok, "artifact_type": "technical_identity_bundle", "verified": bool(identity_verification.get("verified")) and all_nested_ok, "technical_identity_verification": identity_verification, "nested_verifications": nested_checks, } # ------------------------------------------------------------------ # Auto detect # ------------------------------------------------------------------ def verify_auto(self, obj: Dict[str, Any]) -> Dict[str, Any]: if "technical_identity" in obj: return self.verify_technical_identity_bundle(obj) if "bundle" in obj and isinstance(obj.get("bundle"), dict): inner = obj["bundle"] if "hardening_profile" in inner and "crypto_seal" in inner: return self.verify_hardening_report_bundle(obj) if "hardening_profile" in obj and "crypto_seal" in obj: return self.verify_hardening_profile_bundle(obj) if "crypto_seal" in obj: return self.verify_runtime_result_bundle(obj) return { "ok": False, "verified": False, "artifact_type": "unknown", "error": "could_not_detect_artifact_type", } def verify_file(self, path: str) -> Dict[str, Any]: obj = _load_json(path) result = self.verify_auto(obj) result["source_file"] = path return result VERIFIER = SovereignExternalVerifierV11() def verify_artifact_file_v11(path: str) -> Dict[str, Any]: return VERIFIER.verify_file(path) def _build_arg_parser() -> argparse.ArgumentParser: parser = argparse.ArgumentParser( description="Verifier v11 (with hardening support)." ) parser.add_argument("--file", required=True) return parser if __name__ == "__main__": parser = _build_arg_parser() args = parser.parse_args() result = verify_artifact_file_v11(args.file) print(json.dumps(result, indent=2, ensure_ascii=False))