# sovereign_data_boundary_report.py from __future__ import annotations import json import os from datetime import datetime, timezone from typing import Any, Dict, List, Optional from sovereign_data_boundary_profile import generate_data_boundary_profile DATA_BOUNDARY_OUTPUT_DIR = "sovereign_data_boundary_outputs" def _utc_now() -> str: return datetime.now(timezone.utc).isoformat() def _ensure_dir(path: str) -> None: os.makedirs(path, exist_ok=True) def _safe(v: Any, default: Any = "") -> Any: return v if v is not None else default def _render_header(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} return f"""# Sovereign Data Boundary Report Generated at: {_safe((profile or {}).get("generated_at"), _utc_now())} ## 1. Profile Identity - Profile Type: {_safe(profile.get("profile_type"), "Sovereign Data Boundary Profile")} - Domain: {_safe(profile.get("domain"), "banking_and_financial_institutions")} """ def _render_summary(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} summary = profile.get("summary", {}) if isinstance(profile, dict) else {} return f"""## 2. Executive Summary - Total Data Classes: {_safe(summary.get("total_data_classes"), 0)} - High or Critical Classes: {_safe(summary.get("high_or_critical_classes"), 0)} - Forbidden or Strict Classes: {_safe(summary.get("forbidden_or_strict_classes"), 0)} - Boundary Rule Count: {_safe(summary.get("boundary_rule_count"), 0)} ### Practical Interpretation - Sovereign treats data boundary as an enforceable governance surface rather than a descriptive label. - Data classes are explicitly differentiated by sensitivity and handling posture. - High-sensitivity and secret-bearing classes are expected to remain under stronger boundary controls. - Boundary crossing is expected to remain traceable, role-aligned, and auditable. """ def _render_data_classes(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} classes = profile.get("data_classes", []) if isinstance(profile, dict) else [] lines: List[str] = ["## 3. Data Class Inventory"] if not classes: lines.append("- No data classes recorded.") return "\n".join(lines) for item in classes: allowed = item.get("allowed_usage", []) if isinstance(item, dict) else [] forbidden = item.get("forbidden_usage", []) if isinstance(item, dict) else [] lines.append(f"### {item.get('data_class', 'unknown_data_class')}") lines.append(f"- Sensitivity: {_safe(item.get('sensitivity'))}") lines.append(f"- Handling Posture: {_safe(item.get('handling_posture'))}") lines.append(f"- Description: {_safe(item.get('description'))}") if allowed: lines.append("- Allowed Usage:") for x in allowed: lines.append(f" - {x}") if forbidden: lines.append("- Forbidden Usage:") for x in forbidden: lines.append(f" - {x}") lines.append("") return "\n".join(lines).rstrip() + "\n" def _render_boundary_rules(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} rules = profile.get("boundary_crossing_rules", []) if isinstance(profile, dict) else [] lines: List[str] = ["## 4. Boundary Crossing Rules"] if not rules: lines.append("- No boundary crossing rules recorded.") return "\n".join(lines) for item in rules: lines.append(f"### {item.get('rule', 'unknown_rule')}") lines.append(f"- Status: {_safe(item.get('status'))}") lines.append(f"- Description: {_safe(item.get('description'))}") lines.append("") return "\n".join(lines).rstrip() + "\n" def _render_role_alignment(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} expectations = profile.get("role_alignment_expectations", []) if isinstance(profile, dict) else [] lines: List[str] = ["## 5. Role Alignment Expectations"] if not expectations: lines.append("- No role alignment expectations recorded.") return "\n".join(lines) for item in expectations: lines.append(f"### {item.get('expectation', 'unknown_expectation')}") lines.append(f"- Status: {_safe(item.get('status'))}") lines.append(f"- Description: {_safe(item.get('description'))}") lines.append("") return "\n".join(lines).rstrip() + "\n" def _render_evidence_expectations(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} evidence = profile.get("evidence_expectations", {}) if isinstance(profile, dict) else {} required_artifacts = evidence.get("required_artifacts", []) if isinstance(evidence, dict) else [] expectations = evidence.get("expectations", []) if isinstance(evidence, dict) else [] lines = ["## 6. Evidence Expectations"] if required_artifacts: lines.append("- Required Artifacts:") for item in required_artifacts: lines.append(f" - {item}") if expectations: lines.append("- Expectations:") for item in expectations: lines.append(f" - {item}") return "\n".join(lines) def _render_governance_interpretation(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} classes = profile.get("data_classes", []) if isinstance(profile, dict) else [] strict_or_forbidden = [ x.get("data_class") for x in classes if str(x.get("handling_posture", "")).lower() in { "forbidden_for_normal_runtime", "restricted_strict", "restricted_controlled", } ] lines = ["## 7. Governance Interpretation"] if strict_or_forbidden: lines.append("- Strict or Forbidden Data Classes:") for item in strict_or_forbidden: lines.append(f" - {item}") lines.append("- Secret-bearing material should not cross into normal reasoning or output paths.") lines.append("- High-sensitivity banking data should remain aligned to stronger-control roles and workflows.") lines.append("- Data-boundary decisions should remain explainable, reviewable, and evidence-backed.") return "\n".join(lines) def _render_artifact_status(bundle: Dict[str, Any]) -> str: seal = bundle.get("crypto_seal", {}) if isinstance(bundle, dict) else {} return f"""## 8. Artifact Status - Sealed: {bool(bundle.get("sealed", False))} - Seal Digest: {_safe(seal.get("seal_digest"), "")} - Seal Scheme: {_safe(seal.get("scheme"), "")} - Seal Algorithm: {_safe(seal.get("algorithm"), "")} - Signer Hint: {_safe(seal.get("signer_hint"), "")} """ def _render_verdict(bundle: Dict[str, Any]) -> str: profile = bundle.get("data_boundary_profile", {}) if isinstance(bundle, dict) else {} notes = profile.get("notes", []) if isinstance(profile, dict) else [] verdict = ( "Sovereign currently expresses a bank-grade data-boundary posture: " "data classes are explicitly defined, boundary-crossing expectations are governed, " "and high-sensitivity or secret-bearing classes are treated as stronger-control surfaces rather than general-purpose runtime context." ) lines = [ "## 9. Preliminary Bank-Facing Verdict", verdict, "", "## 10. Notes", ] if notes: for item in notes: lines.append(f"- {item}") else: lines.append("- No additional notes provided.") return "\n".join(lines) def build_data_boundary_markdown(bundle: Dict[str, Any]) -> str: parts = [ _render_header(bundle), _render_summary(bundle), _render_data_classes(bundle), _render_boundary_rules(bundle), _render_role_alignment(bundle), _render_evidence_expectations(bundle), _render_governance_interpretation(bundle), _render_artifact_status(bundle), _render_verdict(bundle), ] return "\n\n".join(parts).strip() + "\n" def save_data_boundary_report( bundle: Dict[str, Any], output_dir: str = DATA_BOUNDARY_OUTPUT_DIR, base_name: Optional[str] = None, ) -> Dict[str, str]: _ensure_dir(output_dir) ts = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ") base = base_name or f"sovereign_data_boundary_report_{ts}" json_path = os.path.join(output_dir, f"{base}.json") md_path = os.path.join(output_dir, f"{base}.md") with open(json_path, "w", encoding="utf-8") as f: json.dump(bundle, f, ensure_ascii=False, indent=2) markdown = build_data_boundary_markdown(bundle) with open(md_path, "w", encoding="utf-8") as f: f.write(markdown) return { "json_report": json_path, "markdown_report": md_path, } def generate_data_boundary_report( output_dir: str = DATA_BOUNDARY_OUTPUT_DIR, base_name: Optional[str] = None, ) -> Dict[str, Any]: bundle = generate_data_boundary_profile() files = save_data_boundary_report( bundle=bundle, output_dir=output_dir, base_name=base_name, ) return { "ok": True, "generated_at": _utc_now(), "bundle": bundle, "files": files, } if __name__ == "__main__": out = generate_data_boundary_report() print(json.dumps(out, indent=2, ensure_ascii=False))