# sovereign_data_boundary_profile.py from __future__ import annotations import json from datetime import datetime, timezone from typing import Any, Dict, List, Optional from sovereign_crypto_seal import SovereignCryptoSeal def _utc_now() -> str: return datetime.now(timezone.utc).isoformat() class SovereignDataBoundaryProfileBuilder: """ Builds a bank-grade data boundary / data class governance profile. Purpose: - Define data classes relevant to bank-grade AI governance - Clarify allowed, restricted, and forbidden handling patterns - Clarify boundary crossing posture - Make data-boundary governance machine-readable and sealable """ def __init__(self, sealer: Optional[SovereignCryptoSeal] = None) -> None: self.sealer = sealer or SovereignCryptoSeal() def _data_classes(self) -> List[Dict[str, Any]]: return [ { "data_class": "public_operational_information", "sensitivity": "low", "handling_posture": "allowed", "description": "Public-facing or low-sensitivity service information such as branch hours, general product information, and service guidance.", "allowed_usage": [ "customer_information_response", "branch_and_service_guidance", "low_sensitivity_summary_generation", ], "forbidden_usage": [ "misrepresentation_as_verified_customer_specific_fact", ], }, { "data_class": "customer_session_bound_data", "sensitivity": "medium", "handling_posture": "restricted", "description": "Customer-specific context available only within a legitimate session-bound support or service workflow.", "allowed_usage": [ "session_bound_balance_summary", "case_context_support", "customer_specific_service_assistance", ], "forbidden_usage": [ "mass_export", "cross_customer_merging", "unsanctioned_reuse_outside_session_scope", ], }, { "data_class": "customer_pii", "sensitivity": "high", "handling_posture": "restricted_strict", "description": "Personally identifiable customer data requiring tighter access, role, and usage bounds.", "allowed_usage": [ "minimal_necessary_support_context", "approved_case_resolution_context", ], "forbidden_usage": [ "bulk_export", "unbounded_model_context_expansion", "nonessential_logging", "cross_role_disclosure", ], }, { "data_class": "payment_instruction_data", "sensitivity": "high", "handling_posture": "restricted_strict", "description": "Payment instruction details, beneficiary data, payment metadata, and transfer-related sensitive runtime context.", "allowed_usage": [ "payment_review_context", "payment_exception_analysis", "payment_status_assistance", ], "forbidden_usage": [ "autonomous_release_without_authority", "beneficiary_modification_without_control", "cross_context_leakage", ], }, { "data_class": "treasury_sensitive_data", "sensitivity": "high", "handling_posture": "restricted_strict", "description": "Treasury, liquidity, settlement, or high-value operational financial context requiring strong scoping and review.", "allowed_usage": [ "treasury_summary_context", "review_bound_treasury_assistance", ], "forbidden_usage": [ "unreviewed_execution", "scope_expansion_to_lower_trust_roles", "nonessential_distribution", ], }, { "data_class": "credential_or_secret_material", "sensitivity": "critical", "handling_posture": "forbidden_for_normal_runtime", "description": "Passwords, tokens, keys, sealing material, or any sensitive credential or secret-bearing content.", "allowed_usage": [ "controlled_secret_management_only", ], "forbidden_usage": [ "model_disclosure", "logging", "artifact_embedding", "operator_exposure_without_explicit_security_workflow", ], }, { "data_class": "audit_and_evidence_artifacts", "sensitivity": "medium_high", "handling_posture": "restricted_reviewable", "description": "Sealed artifacts, manifests, audit-chain references, and evidence packages requiring integrity-aware handling.", "allowed_usage": [ "auditor_readonly_review", "compliance_preparation", "technical_traceability_review", ], "forbidden_usage": [ "artifact_mutation", "silent_rewriting", "integrity_breaking_transformations", ], }, { "data_class": "policy_and_control_configuration", "sensitivity": "high", "handling_posture": "restricted_controlled", "description": "Policy rules, control definitions, thresholds, and governance configuration.", "allowed_usage": [ "controlled_policy_review", "approved_change_workflow", ], "forbidden_usage": [ "silent_mutation", "cross_role_unbounded_access", "unversioned_distribution", ], }, ] def _boundary_crossing_rules(self) -> List[Dict[str, Any]]: return [ { "rule": "no_untracked_cross_boundary_transfer", "status": "required", "description": "Movement of data across declared boundary classes should not occur silently or without traceability.", }, { "rule": "minimum_necessary_data_exposure", "status": "required", "description": "Only the minimum necessary data should be exposed for a declared role and workflow.", }, { "rule": "critical_secret_boundary_must_remain_closed", "status": "required", "description": "Credential or secret material should not cross into normal runtime reasoning or output paths.", }, { "rule": "high_sensitivity_boundary_requires_stronger_governance", "status": "required", "description": "PII, payment, treasury, and policy-control data require stronger review, role, and evidence posture.", }, { "rule": "audit_artifact_boundary_must_preserve_integrity", "status": "required", "description": "Audit and evidence artifacts may be reviewed, but their integrity boundaries must remain intact.", }, ] def _role_alignment_expectations(self) -> List[Dict[str, Any]]: return [ { "expectation": "read_only_roles_should_not_receive_mutating_data_scope", "status": "required", "description": "Audit or read-only roles should not receive data scope implying mutation or release authority.", }, { "expectation": "support_roles_should_not_expand_into_treasury_or_secret_scope", "status": "required", "description": "Support-oriented roles should not inherit treasury, payment-release, or secret-bearing data scope.", }, { "expectation": "high_risk_data_should_align_with_high_control_roles", "status": "required", "description": "High-sensitivity data classes should only align to roles and paths with proportionate governance control.", }, ] def _evidence_expectations(self) -> Dict[str, Any]: return { "required_artifacts": [ "data_classification_record", "boundary_decision_record", "role_scope_alignment_record", "freeze_or_block_record_if_triggered", "traceable_reasoning_reference", ], "expectations": [ "Boundary decisions should be explainable.", "Restricted-data handling should remain auditable.", "Critical boundary rejection should preserve enough context for review.", ], } def build(self) -> Dict[str, Any]: data_classes = self._data_classes() boundary_rules = self._boundary_crossing_rules() role_alignment = self._role_alignment_expectations() evidence_expectations = self._evidence_expectations() profile = { "profile_type": "Sovereign Data Boundary Profile", "generated_at": _utc_now(), "domain": "banking_and_financial_institutions", "data_classes": data_classes, "boundary_crossing_rules": boundary_rules, "role_alignment_expectations": role_alignment, "evidence_expectations": evidence_expectations, "summary": { "total_data_classes": len(data_classes), "high_or_critical_classes": sum( 1 for x in data_classes if str(x.get("sensitivity", "")).lower() in {"high", "critical", "medium_high"} ), "forbidden_or_strict_classes": sum( 1 for x in data_classes if str(x.get("handling_posture", "")).lower() in { "forbidden_for_normal_runtime", "restricted_strict", "restricted_controlled", } ), "boundary_rule_count": len(boundary_rules), }, "notes": [ "This profile defines intended bank-grade data-boundary governance posture for Sovereign.", "Data boundary is treated as an enforceable governance surface, not merely a documentation label.", "High-sensitivity and secret-bearing classes require stronger boundary controls and should not silently cross into lower-trust paths.", ], } sealed = self.sealer.seal_object( profile, object_type="data_boundary_profile", metadata={ "domain": "banking", "artifact_class": "data_boundary_profile", }, ) return { "ok": True, "data_boundary_profile": profile, "crypto_seal": sealed["seal"], "sealed": True, } BUILDER = SovereignDataBoundaryProfileBuilder() def generate_data_boundary_profile() -> Dict[str, Any]: return BUILDER.build() if __name__ == "__main__": out = generate_data_boundary_profile() print(json.dumps(out, indent=2, ensure_ascii=False))