| """ |
| Demo Scenarios for ARF 3.3.9 OSS vs Enterprise |
| Pre-built scenarios showing the difference between advisory and mechanical enforcement |
| """ |
|
|
| DEMO_SCENARIOS = { |
| "database_drop": { |
| "name": "High-Risk Database Operation", |
| "action": "DROP DATABASE production CASCADE", |
| "description": "Irreversible deletion of production database", |
| "context": { |
| "environment": "production", |
| "criticality": "critical", |
| "data_loss": "irreversible", |
| "affected_users": 10000 |
| }, |
| "oss_result": { |
| "risk_level": "High", |
| "confidence": 0.95, |
| "recommendation": "❌ DO NOT EXECUTE - High risk of irreversible data loss", |
| "policy_violations": 2, |
| "can_execute": False, |
| "execution_status": "BLOCKED (Advisory)", |
| "reason": "Violates high-risk database policy and irreversible action policy" |
| }, |
| "enterprise_result": { |
| "license_tier": "professional", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Professional license valid"}, |
| {"name": "risk_assessment", "required": True, "passed": False, "message": "Risk score 0.95 > 0.80 threshold"}, |
| {"name": "irreversible_action", "required": True, "passed": False, "message": "DROP DATABASE is irreversible"}, |
| {"name": "admin_override", "required": False, "passed": False, "message": "No admin override provided"} |
| ], |
| "gates_passed": 1, |
| "total_gates": 4, |
| "execution_authority": "DENIED", |
| "enforcement_type": "Mechanical Block", |
| "audit_trail": True, |
| "auto_remediation": "Queued for security review", |
| "value_prop": "Prevents catastrophic error with mechanical enforcement" |
| }, |
| "visualization": { |
| "risk_score": 0.95, |
| "confidence": 0.95, |
| "severity": "critical" |
| } |
| }, |
| |
| "service_deployment": { |
| "name": "Safe Service Deployment", |
| "action": "deploy_service v1.2.3 to staging with 25% canary", |
| "description": "Standard deployment with canary testing", |
| "context": { |
| "environment": "staging", |
| "service": "api-gateway", |
| "version": "v1.2.3", |
| "canary_percentage": 25, |
| "rollback_feasible": True, |
| "rollback_time": "2 minutes" |
| }, |
| "oss_result": { |
| "risk_level": "Low", |
| "confidence": 0.88, |
| "recommendation": "✅ Looks safe - Can execute with monitoring", |
| "policy_violations": 0, |
| "can_execute": True, |
| "execution_status": "APPROVED (Advisory)", |
| "reason": "Meets all safety criteria and has rollback plan" |
| }, |
| "enterprise_result": { |
| "license_tier": "professional", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Professional license valid"}, |
| {"name": "confidence_threshold", "required": True, "passed": True, "message": "Confidence 0.88 ≥ 0.70"}, |
| {"name": "rollback_feasibility", "required": True, "passed": True, "message": "Rollback in 2 minutes"}, |
| {"name": "canary_safe", "required": True, "passed": True, "message": "25% canary within limits"}, |
| {"name": "environment_match", "required": True, "passed": True, "message": "Staging environment"} |
| ], |
| "gates_passed": 5, |
| "total_gates": 5, |
| "execution_authority": "GRANTED", |
| "enforcement_type": "Autonomous Execution", |
| "audit_trail": True, |
| "auto_remediation": "Auto-deploy with monitoring", |
| "value_prop": "Fully autonomous execution saves 15 minutes per deployment" |
| }, |
| "visualization": { |
| "risk_score": 0.12, |
| "confidence": 0.88, |
| "severity": "low" |
| } |
| }, |
| |
| "config_change": { |
| "name": "Configuration Change", |
| "action": "UPDATE config SET timeout=30 WHERE service='payment'", |
| "description": "Update payment service timeout configuration", |
| "context": { |
| "environment": "production", |
| "service": "payment", |
| "change_type": "configuration", |
| "affected_services": ["payment", "checkout"], |
| "validation_required": True |
| }, |
| "oss_result": { |
| "risk_level": "Medium", |
| "confidence": 0.75, |
| "recommendation": "⚠️ Review recommended - Medium risk to payment services", |
| "policy_violations": 1, |
| "can_execute": False, |
| "execution_status": "REVIEW REQUIRED", |
| "reason": "Production payment service changes require additional review" |
| }, |
| "enterprise_result": { |
| "license_tier": "starter", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Starter license valid"}, |
| {"name": "risk_assessment", "required": True, "passed": True, "message": "Risk score 0.25 ≤ 0.80"}, |
| {"name": "payment_service", "required": True, "passed": False, "message": "Payment service requires admin approval"}, |
| {"name": "admin_approval", "required": True, "passed": True, "message": "Admin approval received"}, |
| {"name": "change_window", "required": True, "passed": True, "message": "Within maintenance window"} |
| ], |
| "gates_passed": 4, |
| "total_gates": 5, |
| "execution_authority": "GRANTED", |
| "enforcement_type": "Human-in-the-Loop Approval", |
| "audit_trail": True, |
| "auto_remediation": "Queued for execution after approval", |
| "value_prop": "Human oversight with mechanical validation ensures safety" |
| }, |
| "visualization": { |
| "risk_score": 0.25, |
| "confidence": 0.75, |
| "severity": "medium" |
| } |
| }, |
| |
| "user_permission_grant": { |
| "name": "User Permission Grant", |
| "action": "GRANT admin_role TO user@company.com", |
| "description": "Grant administrative privileges to user", |
| "context": { |
| "environment": "production", |
| "role": "admin_role", |
| "user": "user@company.com", |
| "justification": "New team member", |
| "approver": "cto@company.com" |
| }, |
| "oss_result": { |
| "risk_level": "High", |
| "confidence": 0.82, |
| "recommendation": "❌ High risk - Administrative grants require multi-factor approval", |
| "policy_violations": 2, |
| "can_execute": False, |
| "execution_status": "BLOCKED (Advisory)", |
| "reason": "Admin role grants require additional security review" |
| }, |
| "enterprise_result": { |
| "license_tier": "enterprise", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Enterprise license valid"}, |
| {"name": "security_review", "required": True, "passed": True, "message": "Security team review completed"}, |
| {"name": "multi_factor_auth", "required": True, "passed": True, "message": "MFA verification passed"}, |
| {"name": "compliance_check", "required": True, "passed": True, "message": "SOX compliance validated"}, |
| {"name": "approval_chain", "required": True, "passed": True, "message": "CTO and Security Lead approved"} |
| ], |
| "gates_passed": 5, |
| "total_gates": 5, |
| "execution_authority": "GRANTED", |
| "enforcement_type": "Compliance-Enforced Execution", |
| "audit_trail": True, |
| "auto_remediation": "Auto-provision with compliance logging", |
| "value_prop": "Automates complex compliance requirements with full audit trail" |
| }, |
| "visualization": { |
| "risk_score": 0.68, |
| "confidence": 0.82, |
| "severity": "high" |
| } |
| }, |
| |
| "sensitive_data_access": { |
| "name": "Sensitive Data Access", |
| "action": "SELECT * FROM pci_data WHERE card_number LIKE '4111%'", |
| "description": "Access to PCI-sensitive payment card data", |
| "context": { |
| "environment": "production", |
| "data_classification": "pci", |
| "user_role": "analyst", |
| "purpose": "fraud investigation", |
| "masking_required": True |
| }, |
| "oss_result": { |
| "risk_level": "Critical", |
| "confidence": 0.99, |
| "recommendation": "🚨 CRITICAL RISK - PCI data access requires special authorization", |
| "policy_violations": 3, |
| "can_execute": False, |
| "execution_status": "BLOCKED (Advisory)", |
| "reason": "PCI data access requires Data Protection Officer approval" |
| }, |
| "enterprise_result": { |
| "license_tier": "enterprise", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Enterprise license valid"}, |
| {"name": "pci_compliance", "required": True, "passed": True, "message": "PCI DSS 4.0 compliant"}, |
| {"name": "data_masking", "required": True, "passed": True, "message": "Auto-masking enabled"}, |
| {"name": "dpo_approval", "required": True, "passed": True, "message": "Data Protection Officer approved"}, |
| {"name": "audit_logging", "required": True, "passed": True, "message": "Full query logging enabled"}, |
| {"name": "access_time_limit", "required": True, "passed": True, "message": "4-hour access window"} |
| ], |
| "gates_passed": 6, |
| "total_gates": 6, |
| "execution_authority": "GRANTED (WITH SAFEGUARDS)", |
| "enforcement_type": "Compliance-Enforced with Safeguards", |
| "audit_trail": True, |
| "auto_remediation": "Auto-masking + time-limited access", |
| "value_prop": "Enables necessary work while automatically enforcing compliance" |
| }, |
| "visualization": { |
| "risk_score": 0.99, |
| "confidence": 0.99, |
| "severity": "critical" |
| } |
| }, |
| |
| "auto_scaling_adjustment": { |
| "name": "Auto-Scaling Adjustment", |
| "action": "scale deployment frontend from 10 to 50 pods", |
| "description": "Increase frontend service capacity", |
| "context": { |
| "environment": "production", |
| "service": "frontend", |
| "current_pods": 10, |
| "target_pods": 50, |
| "reason": "Black Friday traffic spike", |
| "budget_impact": "$1200/day" |
| }, |
| "oss_result": { |
| "risk_level": "Low", |
| "confidence": 0.92, |
| "recommendation": "✅ Safe - Standard scaling operation", |
| "policy_violations": 0, |
| "can_execute": True, |
| "execution_status": "APPROVED (Advisory)", |
| "reason": "Within normal operational parameters" |
| }, |
| "enterprise_result": { |
| "license_tier": "professional", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Professional license valid"}, |
| {"name": "budget_check", "required": True, "passed": True, "message": "Within monthly budget"}, |
| {"name": "capacity_planning", "required": True, "passed": True, "message": "Matches capacity plan"}, |
| {"name": "auto_scale", "required": True, "passed": True, "message": "Auto-scaling group configured"}, |
| {"name": "monitoring", "required": True, "passed": True, "message": "CloudWatch alarms active"} |
| ], |
| "gates_passed": 5, |
| "total_gates": 5, |
| "execution_authority": "GRANTED", |
| "enforcement_type": "Autonomous Execution", |
| "audit_trail": True, |
| "auto_remediation": "Auto-scale with cost optimization", |
| "value_prop": "Fully autonomous scaling with cost controls" |
| }, |
| "visualization": { |
| "risk_score": 0.08, |
| "confidence": 0.92, |
| "severity": "low" |
| } |
| }, |
| |
| "emergency_rollback": { |
| "name": "Emergency Rollback", |
| "action": "rollback_service payment to v1.1.0 immediately", |
| "description": "Emergency rollback due to critical bug", |
| "context": { |
| "environment": "production", |
| "service": "payment", |
| "from_version": "v1.2.0", |
| "to_version": "v1.1.0", |
| "severity": "critical", |
| "incident_id": "INC-2024-789", |
| "approved_by": "oncall_engineer" |
| }, |
| "oss_result": { |
| "risk_level": "Medium", |
| "confidence": 0.78, |
| "recommendation": "⚠️ Proceed with caution - Rollback may affect transactions", |
| "policy_violations": 0, |
| "can_execute": True, |
| "execution_status": "APPROVED (Advisory)", |
| "reason": "Emergency override for critical incident" |
| }, |
| "enterprise_result": { |
| "license_tier": "enterprise", |
| "gates": [ |
| {"name": "license_validation", "required": True, "passed": True, "message": "Enterprise license valid"}, |
| {"name": "emergency_override", "required": True, "passed": True, "message": "Emergency mode activated"}, |
| {"name": "incident_linked", "required": True, "passed": True, "message": "Linked to INC-2024-789"}, |
| {"name": "rollback_safe", "required": True, "passed": True, "message": "Rollback path verified"}, |
| {"name": "communication_sent", "required": True, "passed": True, "message": "Stakeholders notified"}, |
| {"name": "post_mortem_required", "required": True, "passed": True, "message": "Post-mortem queued"} |
| ], |
| "gates_passed": 6, |
| "total_gates": 6, |
| "execution_authority": "GRANTED", |
| "enforcement_type": "Emergency Protocol Execution", |
| "audit_trail": True, |
| "auto_remediation": "Auto-rollback with incident linking", |
| "value_prop": "Structured emergency response with full audit and post-mortem automation" |
| }, |
| "visualization": { |
| "risk_score": 0.22, |
| "confidence": 0.78, |
| "severity": "medium" |
| } |
| } |
| } |
|
|
| |
| GATE_DEFINITIONS = { |
| "license_validation": { |
| "description": "Validate enterprise license is active and appropriate tier", |
| "weight": 0.3, |
| "required": True, |
| "enterprise_only": True |
| }, |
| "confidence_threshold": { |
| "description": "Confidence score must meet minimum threshold", |
| "weight": 0.25, |
| "required": True, |
| "threshold": 0.7 |
| }, |
| "risk_assessment": { |
| "description": "Risk score must be below maximum threshold", |
| "weight": 0.25, |
| "required": True, |
| "threshold": 0.8 |
| }, |
| "rollback_feasibility": { |
| "description": "Rollback plan must exist and be feasible", |
| "weight": 0.1, |
| "required": False, |
| "enterprise_only": False |
| }, |
| "admin_approval": { |
| "description": "Human approval required for certain actions", |
| "weight": 0.1, |
| "required": False, |
| "enterprise_only": True, |
| "tiers": ["starter"] |
| }, |
| "compliance_check": { |
| "description": "Compliance with regulations (GDPR, PCI, SOX, etc.)", |
| "weight": 0.1, |
| "required": False, |
| "enterprise_only": True, |
| "tiers": ["enterprise"] |
| }, |
| "budget_check": { |
| "description": "Check against budget limits and forecasts", |
| "weight": 0.05, |
| "required": False, |
| "enterprise_only": True |
| } |
| } |
|
|
| |
| LICENSE_TIERS = { |
| "trial": { |
| "name": "Trial", |
| "price": 0, |
| "enforcement": "advisory", |
| "max_agents": 3, |
| "gates_available": ["confidence_threshold", "risk_assessment"], |
| "limitations": ["No mechanical enforcement", "14-day limit", "Community support"], |
| "best_for": "Evaluation and testing" |
| }, |
| "starter": { |
| "name": "Starter", |
| "price": 2000, |
| "enforcement": "human_approval", |
| "max_agents": 10, |
| "gates_available": ["license_validation", "confidence_threshold", "risk_assessment", "admin_approval"], |
| "features": ["Human-in-the-loop gates", "Basic audit trail", "Email support"], |
| "best_for": "Small teams with human oversight" |
| }, |
| "professional": { |
| "name": "Professional", |
| "price": 5000, |
| "enforcement": "autonomous", |
| "max_agents": 50, |
| "gates_available": ["license_validation", "confidence_threshold", "risk_assessment", "rollback_feasibility", "budget_check"], |
| "features": ["Autonomous execution", "Advanced audit", "Priority support", "SLA 99.5%"], |
| "best_for": "Mid-size companies wanting automation" |
| }, |
| "enterprise": { |
| "name": "Enterprise", |
| "price": 15000, |
| "enforcement": "full_mechanical", |
| "max_agents": 1000, |
| "gates_available": ["license_validation", "confidence_threshold", "risk_assessment", "rollback_feasibility", "compliance_check", "budget_check", "custom_gates"], |
| "features": ["Full mechanical enforcement", "Compliance automation", "Custom gates", "24/7 support", "SLA 99.9%", "Differential privacy audit"], |
| "best_for": "Large enterprises with compliance needs" |
| } |
| } |
|
|
| |
| VALUE_PROPOSITIONS = { |
| "risk_reduction": { |
| "oss": "Manual risk assessment", |
| "starter": "Human-validated decisions", |
| "professional": "Automated risk gates", |
| "enterprise": "Mechanical enforcement", |
| "improvement": "92% reduction in operational risk" |
| }, |
| "decision_speed": { |
| "oss": "Minutes to hours", |
| "starter": "Minutes with human", |
| "professional": "Seconds (autonomous)", |
| "enterprise": "Milliseconds (mechanical)", |
| "improvement": "100x faster decisions" |
| }, |
| "false_positives": { |
| "oss": "High (conservative)", |
| "starter": "Medium (human calibrated)", |
| "professional": "Low (ML-optimized)", |
| "enterprise": "Minimal (continuously tuned)", |
| "improvement": "85% reduction in false positives" |
| }, |
| "operational_cost": { |
| "oss": "High (manual review)", |
| "starter": "Medium (partial automation)", |
| "professional": "Low (mostly automated)", |
| "enterprise": "Minimal (fully automated)", |
| "improvement": "75% reduction in OpEx" |
| } |
| } |
|
|
| def get_scenario_by_name(name: str) -> Dict: |
| """Get scenario by name""" |
| return DEMO_SCENARIOS.get(name, {}) |
|
|
| def get_all_scenario_names() -> List[str]: |
| """Get all scenario names""" |
| return list(DEMO_SCENARIOS.keys()) |
|
|
| def get_scenario_summary() -> List[Dict]: |
| """Get summary of all scenarios""" |
| summary = [] |
| for key, scenario in DEMO_SCENARIOS.items(): |
| summary.append({ |
| "id": key, |
| "name": scenario["name"], |
| "action": scenario["action"], |
| "risk_level": scenario["oss_result"]["risk_level"], |
| "oss_can_execute": scenario["oss_result"]["can_execute"], |
| "enterprise_gates_passed": scenario["enterprise_result"]["gates_passed"], |
| "enterprise_total_gates": scenario["enterprise_result"]["total_gates"] |
| }) |
| return summary |
|
|
| def generate_upgrade_path(current_tier: str, target_tier: str) -> Dict: |
| """Generate upgrade path between tiers""" |
| current = LICENSE_TIERS.get(current_tier, LICENSE_TIERS["trial"]) |
| target = LICENSE_TIERS.get(target_tier, LICENSE_TIERS["enterprise"]) |
| |
| new_gates = [gate for gate in target["gates_available"] if gate not in current["gates_available"]] |
| new_features = [feat for feat in target.get("features", []) if feat not in current.get("features", [])] |
| |
| return { |
| "from": current["name"], |
| "to": target["name"], |
| "price_increase": target["price"] - current["price"], |
| "new_gates": new_gates, |
| "new_features": new_features, |
| "enforcement_improvement": f"{current['enforcement']} → {target['enforcement']}", |
| "agent_limit_increase": target["max_agents"] - current["max_agents"], |
| "roi_calculation": _calculate_roi(current["price"], target["price"]) |
| } |
|
|
| def _calculate_roi(current_price: int, target_price: int) -> Dict: |
| """Calculate ROI for upgrade""" |
| price_diff = target_price - current_price |
| |
| |
| time_savings = 15 * 20 * 12 |
| risk_reduction = 0.92 * 100000 |
| false_positive_savings = 0.85 * 50 * 200 |
| |
| total_savings = time_savings + risk_reduction + false_positive_savings |
| roi_months = (price_diff * 12) / total_savings if total_savings > 0 else 0 |
| |
| return { |
| "annual_price_difference": price_diff * 12, |
| "estimated_annual_savings": total_savings, |
| "roi_months": max(1, roi_months), |
| "breakeven": roi_months <= 12 |
| } |
