# sovereign_external_verifier_v3.py from __future__ import annotations import argparse import json from pathlib import Path from typing import Any, Dict, List, Optional from sovereign_crypto_seal import SovereignCryptoSeal def _load_json(path: str) -> Dict[str, Any]: p = Path(path) if not p.exists(): raise FileNotFoundError(f"File not found: {path}") data = json.loads(p.read_text(encoding="utf-8")) if not isinstance(data, dict): raise ValueError(f"JSON root must be an object: {path}") return data class SovereignExternalVerifierV3: """ Extended independent verifier for Sovereign artifacts. Supported artifact families: - runtime result bundles - benchmark bundles - validation report bundles - validation manifest bundles - capacity report bundles - capacity manifest bundles - generic manifest bundles - technical identity bundles with nested verification """ def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: self.sealer = sealer or SovereignCryptoSeal() # ------------------------------------------------------------------ # Core verification helper # ------------------------------------------------------------------ def _verify_object_with_seal( self, *, artifact_type: str, obj: Dict[str, Any], seal: Dict[str, Any], ) -> Dict[str, Any]: verified = self.sealer.verify_object(obj, seal) return { "ok": bool(verified.get("ok")), "artifact_type": artifact_type, "verified": bool(verified.get("verified")), "verification": verified, } # ------------------------------------------------------------------ # Runtime result # ------------------------------------------------------------------ def verify_runtime_result_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: seal = bundle.get("crypto_seal") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "runtime_result", "verified": False, "error": "missing_runtime_crypto_seal", } obj = dict(bundle) obj.pop("crypto_seal", None) obj.pop("sealed", None) return self._verify_object_with_seal( artifact_type="runtime_result", obj=obj, seal=seal, ) # ------------------------------------------------------------------ # Benchmark # ------------------------------------------------------------------ def verify_benchmark_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: seal = bundle.get("crypto_seal") report = bundle.get("report") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "benchmark_bundle", "verified": False, "error": "missing_benchmark_crypto_seal", } if not isinstance(report, dict): return { "ok": False, "artifact_type": "benchmark_bundle", "verified": False, "error": "missing_benchmark_report", } return self._verify_object_with_seal( artifact_type="benchmark_bundle", obj=report, seal=seal, ) # ------------------------------------------------------------------ # Validation report # ------------------------------------------------------------------ def verify_validation_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: seal = bundle.get("crypto_seal") report = bundle.get("report") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "validation_report_bundle", "verified": False, "error": "missing_validation_crypto_seal", } if not isinstance(report, dict): return { "ok": False, "artifact_type": "validation_report_bundle", "verified": False, "error": "missing_validation_report", } return self._verify_object_with_seal( artifact_type="validation_report_bundle", obj=report, seal=seal, ) # ------------------------------------------------------------------ # Capacity report # ------------------------------------------------------------------ def verify_capacity_report_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: seal = bundle.get("crypto_seal") report = bundle.get("report") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "capacity_report_bundle", "verified": False, "error": "missing_capacity_crypto_seal", } if not isinstance(report, dict): return { "ok": False, "artifact_type": "capacity_report_bundle", "verified": False, "error": "missing_capacity_report", } return self._verify_object_with_seal( artifact_type="capacity_report_bundle", obj=report, seal=seal, ) # ------------------------------------------------------------------ # Generic manifest bundle # ------------------------------------------------------------------ def verify_manifest_bundle( self, bundle: Dict[str, Any], artifact_type: str = "manifest_bundle", ) -> Dict[str, Any]: manifest_bundle = bundle.get("manifest_bundle") if not isinstance(manifest_bundle, dict): return { "ok": False, "artifact_type": artifact_type, "verified": False, "error": "missing_manifest_bundle", } manifest = manifest_bundle.get("manifest") seal = manifest_bundle.get("seal") if not isinstance(manifest, dict): return { "ok": False, "artifact_type": artifact_type, "verified": False, "error": "missing_manifest_object", } if not isinstance(seal, dict): return { "ok": False, "artifact_type": artifact_type, "verified": False, "error": "missing_manifest_seal", } return self._verify_object_with_seal( artifact_type=artifact_type, obj=manifest, seal=seal, ) def verify_validation_manifest_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: return self.verify_manifest_bundle( bundle=bundle, artifact_type="validation_manifest_bundle", ) def verify_capacity_manifest_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: return self.verify_manifest_bundle( bundle=bundle, artifact_type="capacity_manifest_bundle", ) # ------------------------------------------------------------------ # Technical identity bundle with nested checks # ------------------------------------------------------------------ def verify_technical_identity_bundle(self, bundle: Dict[str, Any]) -> Dict[str, Any]: identity = bundle.get("technical_identity") if not isinstance(identity, dict): return { "ok": False, "artifact_type": "technical_identity_bundle", "verified": False, "error": "missing_technical_identity", } seal = identity.get("crypto_seal") if not isinstance(seal, dict): return { "ok": False, "artifact_type": "technical_identity_bundle", "verified": False, "error": "missing_technical_identity_seal", } identity_obj = dict(identity) identity_obj.pop("crypto_seal", None) identity_obj.pop("sealed", None) identity_verification = self._verify_object_with_seal( artifact_type="technical_identity", obj=identity_obj, seal=seal, ) nested_checks: List[Dict[str, Any]] = [] runtime_result = bundle.get("runtime_result") if isinstance(runtime_result, dict): nested_checks.append(self.verify_runtime_result_bundle(runtime_result)) benchmark_bundle = bundle.get("benchmark_bundle") if isinstance(benchmark_bundle, dict): nested_checks.append(self.verify_benchmark_bundle(benchmark_bundle)) manifest_bundle = bundle.get("manifest_bundle") if isinstance(manifest_bundle, dict): nested_checks.append(self.verify_manifest_bundle({"manifest_bundle": manifest_bundle})) validation_bundle = bundle.get("validation_bundle") if isinstance(validation_bundle, dict): if "report" in validation_bundle and "crypto_seal" in validation_bundle: nested_checks.append(self.verify_validation_report_bundle(validation_bundle)) elif "manifest_bundle" in validation_bundle: nested_checks.append(self.verify_validation_manifest_bundle(validation_bundle)) capacity_bundle = bundle.get("capacity_bundle") if isinstance(capacity_bundle, dict): if "report" in capacity_bundle and "crypto_seal" in capacity_bundle: nested_checks.append(self.verify_capacity_report_bundle(capacity_bundle)) elif "manifest_bundle" in capacity_bundle: nested_checks.append(self.verify_capacity_manifest_bundle(capacity_bundle)) all_nested_ok = all(bool(x.get("verified")) for x in nested_checks) if nested_checks else True return { "ok": bool(identity_verification.get("ok")) and all_nested_ok, "artifact_type": "technical_identity_bundle", "verified": bool(identity_verification.get("verified")) and all_nested_ok, "technical_identity_verification": identity_verification, "nested_verifications": nested_checks, } # ------------------------------------------------------------------ # Auto-detect # ------------------------------------------------------------------ def verify_auto(self, obj: Dict[str, Any]) -> Dict[str, Any]: # technical identity bundle if "technical_identity" in obj: return self.verify_technical_identity_bundle(obj) # report bundles with seal if "report" in obj and "crypto_seal" in obj: report = obj.get("report") if isinstance(report, dict): suite_name = str(report.get("suite_name", "")).lower() benchmark_name = str(report.get("benchmark_name", "")).lower() probe_name = str(report.get("probe_name", "")).lower() if "false positive" in suite_name or "validation" in suite_name: return self.verify_validation_report_bundle(obj) if "benchmark" in benchmark_name: return self.verify_benchmark_bundle(obj) if "capacity" in probe_name: return self.verify_capacity_report_bundle(obj) # manifest bundles if "manifest_bundle" in obj: manifest_bundle = obj.get("manifest_bundle") or {} manifest = manifest_bundle.get("manifest") if isinstance(manifest_bundle, dict) else {} manifest_type = "" if isinstance(manifest, dict): manifest_type = str(manifest.get("manifest_type", "")).lower() if "validation" in manifest_type: return self.verify_validation_manifest_bundle(obj) if "capacity" in manifest_type: return self.verify_capacity_manifest_bundle(obj) return self.verify_manifest_bundle(obj) # runtime result bundle fallback if "crypto_seal" in obj: return self.verify_runtime_result_bundle(obj) return { "ok": False, "verified": False, "artifact_type": "unknown", "error": "could_not_detect_artifact_type", } def verify_file(self, path: str) -> Dict[str, Any]: obj = _load_json(path) result = self.verify_auto(obj) result["source_file"] = path return result # ------------------------------------------------------------------ # Human-readable summary # ------------------------------------------------------------------ def summarize(self, result: Dict[str, Any]) -> Dict[str, Any]: artifact_type = result.get("artifact_type", "unknown") verified = bool(result.get("verified", False)) summary = { "artifact_type": artifact_type, "verified": verified, "status": "VALID" if verified else "INVALID", } if result.get("source_file"): summary["source_file"] = result["source_file"] verification = result.get("verification", {}) or {} if isinstance(verification, dict): if verification.get("object_digest"): summary["object_digest"] = verification["object_digest"] if verification.get("seal_digest"): summary["seal_digest"] = verification["seal_digest"] if artifact_type == "technical_identity_bundle": tiv = result.get("technical_identity_verification", {}) or {} nested = result.get("nested_verifications", []) or [] summary["technical_identity_verified"] = bool( (tiv.get("verification") or {}).get("verified", tiv.get("verified", False)) ) summary["nested_verified_count"] = sum(1 for x in nested if x.get("verified")) summary["nested_total"] = len(nested) return summary VERIFIER = SovereignExternalVerifierV3() def verify_artifact_file_v3(path: str) -> Dict[str, Any]: return VERIFIER.verify_file(path) def summarize_verification_v3(result: Dict[str, Any]) -> Dict[str, Any]: return VERIFIER.summarize(result) def _build_arg_parser() -> argparse.ArgumentParser: parser = argparse.ArgumentParser( description="Extended independent verifier v3 for Sovereign bank-grade artifacts." ) parser.add_argument( "--file", required=True, help="Path to JSON artifact file to verify.", ) parser.add_argument( "--summary-only", action="store_true", help="Print only compact summary instead of full verification result.", ) return parser if __name__ == "__main__": parser = _build_arg_parser() args = parser.parse_args() verification = verify_artifact_file_v3(args.file) if args.summary_only: print(json.dumps(summarize_verification_v3(verification), ensure_ascii=False, indent=2)) else: print(json.dumps(verification, ensure_ascii=False, indent=2))