use batuta::serve::{BackendSelector, LatencyTier, PrivacyTier, ServingBackend};
fn main() -> anyhow::Result<()> {
println!("═══════════════════════════════════════════════════════════════");
println!(" 🛡️ Sovereign AI Stack - End-to-End Demo");
println!("═══════════════════════════════════════════════════════════════\n");
println!("┌─────────────────────────────────────────────────────────────┐");
println!("│ Phase 1: Model Security (Pacha) │");
println!("└─────────────────────────────────────────────────────────────┘\n");
demo_model_security()?;
println!("\n┌─────────────────────────────────────────────────────────────┐");
println!("│ Phase 2: Privacy Tier Enforcement (Batuta) │");
println!("└─────────────────────────────────────────────────────────────┘\n");
demo_privacy_tiers()?;
println!("\n┌─────────────────────────────────────────────────────────────┐");
println!("│ Phase 3: Backend Selection (Batuta Serve) │");
println!("└─────────────────────────────────────────────────────────────┘\n");
demo_backend_selection()?;
println!("\n┌─────────────────────────────────────────────────────────────┐");
println!("│ Phase 4: Full Sovereign Stack Workflow │");
println!("└─────────────────────────────────────────────────────────────┘\n");
demo_full_workflow()?;
println!("\n═══════════════════════════════════════════════════════════════");
println!(" ✅ All Sovereign Stack phases completed successfully!");
println!("═══════════════════════════════════════════════════════════════\n");
Ok(())
}
fn blake3_hash(data: &[u8]) -> String {
let hash = blake3::hash(data);
hash.to_hex().to_string()
}
fn demo_model_security() -> anyhow::Result<()> {
use pacha::crypto::{decrypt_model, encrypt_model, is_encrypted};
use pacha::signing::{sign_model, verify_model, SigningKey};
let model_data = b"[SIMULATED MODEL WEIGHTS - Llama 3 8B Q4_K_M]".repeat(100);
println!(" 📦 Model size: {} bytes", model_data.len());
println!("\n 1️⃣ Content Addressing (BLAKE3)");
let content_hash = blake3_hash(&model_data);
println!(" Content Hash: {}...", &content_hash[..32]);
println!(" ✓ Unique identifier for deduplication and integrity");
println!("\n 2️⃣ Digital Signatures (Ed25519)");
let signing_key = SigningKey::generate();
let verifying_key = signing_key.verifying_key();
println!(" Public Key: {}...", &verifying_key.to_hex()[..32]);
let signature = sign_model(&model_data, &signing_key)?;
println!(" Signature: {}...", &signature.signature[..32]);
verify_model(&model_data, &signature)?;
println!(" ✓ Signature VERIFIED - Model integrity confirmed");
println!("\n 3️⃣ Encryption at Rest (ChaCha20-Poly1305)");
let password = "sovereign-secret-key-2025";
let encrypted = encrypt_model(&model_data, password)?;
println!(" Encrypted size: {} bytes", encrypted.len());
println!(" Is encrypted: {}", is_encrypted(&encrypted));
let decrypted = decrypt_model(&encrypted, password)?;
assert_eq!(decrypted, model_data);
println!(" ✓ Decryption successful - Data matches original");
println!("\n 4️⃣ Tamper Detection");
let mut tampered = encrypted.clone();
if tampered.len() > 100 {
tampered[100] ^= 0xFF; }
let tamper_result = decrypt_model(&tampered, password);
match tamper_result {
Err(_) => println!(" ✓ Tampered data REJECTED - AEAD authentication failed"),
Ok(_) => println!(" ⚠ WARNING: Tampered data was not detected"),
}
Ok(())
}
fn demo_privacy_tiers() -> anyhow::Result<()> {
println!(" Privacy tiers control which backends can be used:\n");
println!(" 🔒 SOVEREIGN Tier (Healthcare, Government):");
println!(" - Blocks ALL external API calls");
println!(" - Only local inference allowed");
let local_backends = [
ServingBackend::Realizar,
ServingBackend::Ollama,
ServingBackend::LlamaCpp,
ServingBackend::Llamafile,
];
let sovereign_allowed: Vec<_> =
local_backends.iter().filter(|b| PrivacyTier::Sovereign.allows(**b)).collect();
println!(" Allowed backends: {:?}", sovereign_allowed);
let blocked_by_sovereign = PrivacyTier::Sovereign.blocked_hosts();
println!(" Blocked hosts: {} external APIs", blocked_by_sovereign.len());
println!("\n 🔐 PRIVATE Tier (Financial Services):");
println!(" - VPC/dedicated endpoints only");
println!(" - No public cloud APIs");
let private_allows_azure = PrivacyTier::Private.allows(ServingBackend::AzureOpenAI);
let private_allows_openai = PrivacyTier::Private.allows(ServingBackend::OpenAI);
println!(" Allows Azure OpenAI: {}", private_allows_azure);
println!(" Allows Public OpenAI: {}", private_allows_openai);
println!("\n 🌐 STANDARD Tier (General Use):");
println!(" - All backends available");
println!(" - Public APIs allowed");
let standard_blocked = PrivacyTier::Standard.blocked_hosts();
println!(" Blocked hosts: {} (none)", standard_blocked.len());
Ok(())
}
fn demo_backend_selection() -> anyhow::Result<()> {
println!(" Backend selection based on requirements:\n");
println!(" 📍 Scenario 1: Local-only (Sovereign)");
let selector = BackendSelector::new()
.with_privacy(PrivacyTier::Sovereign)
.with_latency(LatencyTier::Interactive);
let recommendations = selector.recommend();
println!(" Recommended backends: {:?}", recommendations);
println!(" ✓ External APIs blocked");
println!("\n ⚡ Scenario 2: Real-time latency");
let selector = BackendSelector::new()
.with_privacy(PrivacyTier::Standard)
.with_latency(LatencyTier::RealTime);
let recommendations = selector.recommend();
println!(" Recommended backends: {:?}", recommendations);
println!(" ✓ Prioritizing low-latency backends");
println!("\n 💰 Scenario 3: Preferred local backend");
let selector = BackendSelector::new()
.with_privacy(PrivacyTier::Standard)
.prefer(ServingBackend::Realizar)
.prefer(ServingBackend::Ollama);
let recommendations = selector.recommend();
println!(" Recommended backends: {:?}", recommendations);
println!(" ✓ Local backends prioritized");
println!("\n 🛡️ Scenario 4: Backend validation (Poka-Yoke)");
let sovereign_selector = BackendSelector::new().with_privacy(PrivacyTier::Sovereign);
let local_valid = sovereign_selector.validate(ServingBackend::Realizar);
let cloud_valid = sovereign_selector.validate(ServingBackend::OpenAI);
println!(" Realizar valid: {:?}", local_valid.is_ok());
println!(" OpenAI valid: {:?}", cloud_valid.is_ok());
if let Err(e) = cloud_valid {
println!(" Violation: {:?}", e);
}
Ok(())
}
fn demo_full_workflow() -> anyhow::Result<()> {
use pacha::crypto::{decrypt_model, encrypt_model};
use pacha::signing::{sign_model, verify_model, SigningKey};
println!(" Full workflow: Register → Sign → Encrypt → Distribute → Verify → Serve\n");
println!(" Step 1: Model Registration");
let model_data = b"[Sovereign Model Data]".repeat(50);
let content_hash = blake3_hash(&model_data);
println!(" ✓ Registered with hash: {}...", &content_hash[..16]);
println!("\n Step 2: Sign for Distribution");
let signing_key = SigningKey::generate();
let signature = sign_model(&model_data, &signing_key)?;
println!(" ✓ Signed by: {}...", &signature.signer_key[..16]);
println!("\n Step 3: Encrypt for Distribution");
let encrypted = encrypt_model(&model_data, "distribution-key")?;
println!(" ✓ Encrypted: {} bytes", encrypted.len());
println!("\n Step 4: Distribute to Air-Gapped Environment");
println!(" ✓ Model bundle transferred offline");
println!("\n Step 5: Verify at Load Time");
let decrypted = decrypt_model(&encrypted, "distribution-key")?;
verify_model(&decrypted, &signature)?;
println!(" ✓ Signature verified - Safe to load");
println!("\n Step 6: Serve with Sovereign Privacy");
let selector = BackendSelector::new()
.with_privacy(PrivacyTier::Sovereign)
.with_latency(LatencyTier::Interactive);
let recommendations = selector.recommend();
println!(" ✓ Serving via: {:?}", recommendations.first());
println!(" ✓ External APIs BLOCKED - Data sovereignty maintained");
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_blake3_hash_deterministic() {
let data = b"test model data";
let hash1 = blake3_hash(data);
let hash2 = blake3_hash(data);
assert_eq!(hash1, hash2);
}
#[test]
fn test_blake3_hash_different_for_different_data() {
let data1 = b"model version 1";
let data2 = b"model version 2";
let hash1 = blake3_hash(data1);
let hash2 = blake3_hash(data2);
assert_ne!(hash1, hash2);
}
#[test]
fn test_blake3_hash_length() {
let data = b"test";
let hash = blake3_hash(data);
assert_eq!(hash.len(), 64);
}
#[test]
fn test_ed25519_sign_verify_roundtrip() {
use pacha::signing::{sign_model, verify_model, SigningKey};
let model_data = b"test model for signing";
let signing_key = SigningKey::generate();
let signature = sign_model(model_data, &signing_key).expect("signing should succeed");
let result = verify_model(model_data, &signature);
assert!(result.is_ok());
}
#[test]
fn test_ed25519_rejects_tampered_data() {
use pacha::signing::{sign_model, verify_model, SigningKey};
let model_data = b"original model data";
let signing_key = SigningKey::generate();
let signature = sign_model(model_data, &signing_key).expect("signing should succeed");
let tampered_data = b"tampered model data";
let result = verify_model(tampered_data, &signature);
assert!(result.is_err());
}
#[test]
fn test_ed25519_signature_deterministic() {
use pacha::signing::{sign_model, SigningKey};
let model_data = b"deterministic test";
let signing_key = SigningKey::generate();
let sig1 = sign_model(model_data, &signing_key).expect("signing should succeed");
let sig2 = sign_model(model_data, &signing_key).expect("signing should succeed");
assert_eq!(sig1.signature, sig2.signature);
}
#[test]
fn test_chacha20_encrypt_decrypt_roundtrip() {
use pacha::crypto::{decrypt_model, encrypt_model};
let model_data = b"test model for encryption".repeat(10);
let password = "test-password-123";
let encrypted = encrypt_model(&model_data, password).expect("encryption should succeed");
let decrypted = decrypt_model(&encrypted, password).expect("decryption should succeed");
assert_eq!(decrypted, model_data);
}
#[test]
fn test_chacha20_rejects_wrong_password() {
use pacha::crypto::{decrypt_model, encrypt_model};
let model_data = b"secret model data";
let encrypted =
encrypt_model(model_data, "correct-password").expect("encryption should succeed");
let result = decrypt_model(&encrypted, "wrong-password");
assert!(result.is_err());
}
#[test]
fn test_chacha20_detects_tampering() {
use pacha::crypto::{decrypt_model, encrypt_model};
let model_data = b"model to be tampered";
let encrypted = encrypt_model(model_data, "password").expect("encryption should succeed");
let mut tampered = encrypted.clone();
if tampered.len() > 50 {
tampered[50] ^= 0xFF;
}
let result = decrypt_model(&tampered, "password");
assert!(result.is_err());
}
#[test]
fn test_encryption_detection() {
use pacha::crypto::{encrypt_model, is_encrypted};
let plain_data = b"not encrypted";
let encrypted =
encrypt_model(b"encrypted data", "pass").expect("encryption should succeed");
assert!(!is_encrypted(plain_data));
assert!(is_encrypted(&encrypted));
}
#[test]
fn test_encryption_adds_overhead() {
use pacha::crypto::encrypt_model;
let small_data = b"small";
let large_data = b"large".repeat(1000);
let small_encrypted = encrypt_model(small_data, "p").expect("encryption should succeed");
let large_encrypted = encrypt_model(&large_data, "p").expect("encryption should succeed");
assert!(small_encrypted.len() > small_data.len());
assert!(large_encrypted.len() > large_data.len());
}
#[test]
fn test_sovereign_tier_blocks_external() {
let selector = BackendSelector::new().with_privacy(PrivacyTier::Sovereign);
assert!(!selector.is_valid(ServingBackend::OpenAI));
assert!(!selector.is_valid(ServingBackend::Anthropic));
assert!(!selector.is_valid(ServingBackend::HuggingFace));
}
#[test]
fn test_sovereign_tier_allows_local() {
let selector = BackendSelector::new().with_privacy(PrivacyTier::Sovereign);
assert!(selector.is_valid(ServingBackend::Realizar));
assert!(selector.is_valid(ServingBackend::Ollama));
assert!(selector.is_valid(ServingBackend::LlamaCpp));
}
#[test]
fn test_private_tier_allows_vpc() {
assert!(PrivacyTier::Private.allows(ServingBackend::AzureOpenAI));
assert!(PrivacyTier::Private.allows(ServingBackend::AwsBedrock));
assert!(!PrivacyTier::Private.allows(ServingBackend::OpenAI));
}
#[test]
fn test_standard_tier_allows_all() {
assert!(PrivacyTier::Standard.allows(ServingBackend::OpenAI));
assert!(PrivacyTier::Standard.allows(ServingBackend::Realizar));
assert!(PrivacyTier::Standard.allows(ServingBackend::AzureOpenAI));
}
#[test]
fn test_privacy_tier_blocked_hosts() {
let sovereign_blocked = PrivacyTier::Sovereign.blocked_hosts();
let standard_blocked = PrivacyTier::Standard.blocked_hosts();
assert!(sovereign_blocked.len() > 5);
assert!(sovereign_blocked.contains(&"api.openai.com"));
assert!(standard_blocked.is_empty());
}
#[test]
fn test_backend_selector_recommend_non_empty() {
let selector = BackendSelector::new().with_privacy(PrivacyTier::Standard);
let recommendations = selector.recommend();
assert!(!recommendations.is_empty());
}
#[test]
fn test_backend_selector_prefer_works() {
let selector = BackendSelector::new()
.with_privacy(PrivacyTier::Standard)
.prefer(ServingBackend::Realizar);
let recommendations = selector.recommend();
assert_eq!(recommendations.first(), Some(&ServingBackend::Realizar));
}
#[test]
fn test_backend_selector_disable_works() {
let selector = BackendSelector::new()
.with_privacy(PrivacyTier::Standard)
.disable(ServingBackend::OpenAI);
assert!(!selector.is_valid(ServingBackend::OpenAI));
}
#[test]
fn test_backend_selector_validate_returns_error_for_violation() {
let selector = BackendSelector::new().with_privacy(PrivacyTier::Sovereign);
let result = selector.validate(ServingBackend::OpenAI);
assert!(result.is_err());
}
#[test]
fn test_backend_selector_validate_ok_for_valid() {
let selector = BackendSelector::new().with_privacy(PrivacyTier::Sovereign);
let result = selector.validate(ServingBackend::Realizar);
assert!(result.is_ok());
}
#[test]
fn test_full_workflow_sign_encrypt_verify() {
use pacha::crypto::{decrypt_model, encrypt_model};
use pacha::signing::{sign_model, verify_model, SigningKey};
let model_data = b"integration test model";
let signing_key = SigningKey::generate();
let signature = sign_model(model_data, &signing_key).expect("signing should succeed");
let encrypted =
encrypt_model(model_data, "integration-key").expect("encryption should succeed");
let decrypted =
decrypt_model(&encrypted, "integration-key").expect("decryption should succeed");
let result = verify_model(&decrypted, &signature);
assert!(result.is_ok());
assert_eq!(decrypted, model_data);
}
#[test]
fn test_full_workflow_sovereign_deployment() {
use pacha::crypto::{decrypt_model, encrypt_model};
use pacha::signing::{sign_model, verify_model, SigningKey};
let model_data = b"sovereign deployment model";
let signing_key = SigningKey::generate();
let verifying_key = signing_key.verifying_key();
let signature = sign_model(model_data, &signing_key).expect("signing should succeed");
let encrypted =
encrypt_model(model_data, "air-gap-key").expect("encryption should succeed");
let decrypted =
decrypt_model(&encrypted, "air-gap-key").expect("decryption should succeed");
verify_model(&decrypted, &signature).expect("verification should succeed");
let selector = BackendSelector::new().with_privacy(PrivacyTier::Sovereign);
assert!(!selector.is_valid(ServingBackend::OpenAI));
assert_eq!(signature.signer_key, verifying_key.to_hex());
}
#[test]
fn test_workflow_hash_then_sign() {
use pacha::signing::{sign_model, verify_model, SigningKey};
let model_data = b"model to hash and sign";
let hash = blake3_hash(model_data);
assert_eq!(hash.len(), 64);
let signing_key = SigningKey::generate();
let signature = sign_model(model_data, &signing_key).expect("signing should succeed");
verify_model(model_data, &signature).expect("verification should succeed");
assert_eq!(signature.content_hash, hash);
}
}