""" Demo Scenarios for ARF 3.3.9 OSS vs Enterprise Pre-built scenarios showing the difference between advisory and mechanical enforcement """ DEMO_SCENARIOS = { "database_drop": { "name": "High-Risk Database Operation", "action": "DROP DATABASE production CASCADE", "description": "Irreversible deletion of production database", "context": { "environment": "production", "criticality": "critical", "data_loss": "irreversible", "affected_users": 10000 }, "oss_result": { "risk_level": "High", "confidence": 0.95, "recommendation": "❌ DO NOT EXECUTE - High risk of irreversible data loss", "policy_violations": 2, "can_execute": False, "execution_status": "BLOCKED (Advisory)", "reason": "Violates high-risk database policy and irreversible action policy" }, "enterprise_result": { "license_tier": "professional", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Professional license valid"}, {"name": "risk_assessment", "required": True, "passed": False, "message": "Risk score 0.95 > 0.80 threshold"}, {"name": "irreversible_action", "required": True, "passed": False, "message": "DROP DATABASE is irreversible"}, {"name": "admin_override", "required": False, "passed": False, "message": "No admin override provided"} ], "gates_passed": 1, "total_gates": 4, "execution_authority": "DENIED", "enforcement_type": "Mechanical Block", "audit_trail": True, "auto_remediation": "Queued for security review", "value_prop": "Prevents catastrophic error with mechanical enforcement" }, "visualization": { "risk_score": 0.95, "confidence": 0.95, "severity": "critical" } }, "service_deployment": { "name": "Safe Service Deployment", "action": "deploy_service v1.2.3 to staging with 25% canary", "description": "Standard deployment with canary testing", "context": { "environment": "staging", "service": "api-gateway", "version": "v1.2.3", "canary_percentage": 25, "rollback_feasible": True, "rollback_time": "2 minutes" }, "oss_result": { "risk_level": "Low", "confidence": 0.88, "recommendation": "✅ Looks safe - Can execute with monitoring", "policy_violations": 0, "can_execute": True, "execution_status": "APPROVED (Advisory)", "reason": "Meets all safety criteria and has rollback plan" }, "enterprise_result": { "license_tier": "professional", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Professional license valid"}, {"name": "confidence_threshold", "required": True, "passed": True, "message": "Confidence 0.88 ≥ 0.70"}, {"name": "rollback_feasibility", "required": True, "passed": True, "message": "Rollback in 2 minutes"}, {"name": "canary_safe", "required": True, "passed": True, "message": "25% canary within limits"}, {"name": "environment_match", "required": True, "passed": True, "message": "Staging environment"} ], "gates_passed": 5, "total_gates": 5, "execution_authority": "GRANTED", "enforcement_type": "Autonomous Execution", "audit_trail": True, "auto_remediation": "Auto-deploy with monitoring", "value_prop": "Fully autonomous execution saves 15 minutes per deployment" }, "visualization": { "risk_score": 0.12, "confidence": 0.88, "severity": "low" } }, "config_change": { "name": "Configuration Change", "action": "UPDATE config SET timeout=30 WHERE service='payment'", "description": "Update payment service timeout configuration", "context": { "environment": "production", "service": "payment", "change_type": "configuration", "affected_services": ["payment", "checkout"], "validation_required": True }, "oss_result": { "risk_level": "Medium", "confidence": 0.75, "recommendation": "⚠️ Review recommended - Medium risk to payment services", "policy_violations": 1, "can_execute": False, "execution_status": "REVIEW REQUIRED", "reason": "Production payment service changes require additional review" }, "enterprise_result": { "license_tier": "starter", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Starter license valid"}, {"name": "risk_assessment", "required": True, "passed": True, "message": "Risk score 0.25 ≤ 0.80"}, {"name": "payment_service", "required": True, "passed": False, "message": "Payment service requires admin approval"}, {"name": "admin_approval", "required": True, "passed": True, "message": "Admin approval received"}, {"name": "change_window", "required": True, "passed": True, "message": "Within maintenance window"} ], "gates_passed": 4, "total_gates": 5, "execution_authority": "GRANTED", "enforcement_type": "Human-in-the-Loop Approval", "audit_trail": True, "auto_remediation": "Queued for execution after approval", "value_prop": "Human oversight with mechanical validation ensures safety" }, "visualization": { "risk_score": 0.25, "confidence": 0.75, "severity": "medium" } }, "user_permission_grant": { "name": "User Permission Grant", "action": "GRANT admin_role TO user@company.com", "description": "Grant administrative privileges to user", "context": { "environment": "production", "role": "admin_role", "user": "user@company.com", "justification": "New team member", "approver": "cto@company.com" }, "oss_result": { "risk_level": "High", "confidence": 0.82, "recommendation": "❌ High risk - Administrative grants require multi-factor approval", "policy_violations": 2, "can_execute": False, "execution_status": "BLOCKED (Advisory)", "reason": "Admin role grants require additional security review" }, "enterprise_result": { "license_tier": "enterprise", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Enterprise license valid"}, {"name": "security_review", "required": True, "passed": True, "message": "Security team review completed"}, {"name": "multi_factor_auth", "required": True, "passed": True, "message": "MFA verification passed"}, {"name": "compliance_check", "required": True, "passed": True, "message": "SOX compliance validated"}, {"name": "approval_chain", "required": True, "passed": True, "message": "CTO and Security Lead approved"} ], "gates_passed": 5, "total_gates": 5, "execution_authority": "GRANTED", "enforcement_type": "Compliance-Enforced Execution", "audit_trail": True, "auto_remediation": "Auto-provision with compliance logging", "value_prop": "Automates complex compliance requirements with full audit trail" }, "visualization": { "risk_score": 0.68, "confidence": 0.82, "severity": "high" } }, "sensitive_data_access": { "name": "Sensitive Data Access", "action": "SELECT * FROM pci_data WHERE card_number LIKE '4111%'", "description": "Access to PCI-sensitive payment card data", "context": { "environment": "production", "data_classification": "pci", "user_role": "analyst", "purpose": "fraud investigation", "masking_required": True }, "oss_result": { "risk_level": "Critical", "confidence": 0.99, "recommendation": "🚨 CRITICAL RISK - PCI data access requires special authorization", "policy_violations": 3, "can_execute": False, "execution_status": "BLOCKED (Advisory)", "reason": "PCI data access requires Data Protection Officer approval" }, "enterprise_result": { "license_tier": "enterprise", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Enterprise license valid"}, {"name": "pci_compliance", "required": True, "passed": True, "message": "PCI DSS 4.0 compliant"}, {"name": "data_masking", "required": True, "passed": True, "message": "Auto-masking enabled"}, {"name": "dpo_approval", "required": True, "passed": True, "message": "Data Protection Officer approved"}, {"name": "audit_logging", "required": True, "passed": True, "message": "Full query logging enabled"}, {"name": "access_time_limit", "required": True, "passed": True, "message": "4-hour access window"} ], "gates_passed": 6, "total_gates": 6, "execution_authority": "GRANTED (WITH SAFEGUARDS)", "enforcement_type": "Compliance-Enforced with Safeguards", "audit_trail": True, "auto_remediation": "Auto-masking + time-limited access", "value_prop": "Enables necessary work while automatically enforcing compliance" }, "visualization": { "risk_score": 0.99, "confidence": 0.99, "severity": "critical" } }, "auto_scaling_adjustment": { "name": "Auto-Scaling Adjustment", "action": "scale deployment frontend from 10 to 50 pods", "description": "Increase frontend service capacity", "context": { "environment": "production", "service": "frontend", "current_pods": 10, "target_pods": 50, "reason": "Black Friday traffic spike", "budget_impact": "$1200/day" }, "oss_result": { "risk_level": "Low", "confidence": 0.92, "recommendation": "✅ Safe - Standard scaling operation", "policy_violations": 0, "can_execute": True, "execution_status": "APPROVED (Advisory)", "reason": "Within normal operational parameters" }, "enterprise_result": { "license_tier": "professional", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Professional license valid"}, {"name": "budget_check", "required": True, "passed": True, "message": "Within monthly budget"}, {"name": "capacity_planning", "required": True, "passed": True, "message": "Matches capacity plan"}, {"name": "auto_scale", "required": True, "passed": True, "message": "Auto-scaling group configured"}, {"name": "monitoring", "required": True, "passed": True, "message": "CloudWatch alarms active"} ], "gates_passed": 5, "total_gates": 5, "execution_authority": "GRANTED", "enforcement_type": "Autonomous Execution", "audit_trail": True, "auto_remediation": "Auto-scale with cost optimization", "value_prop": "Fully autonomous scaling with cost controls" }, "visualization": { "risk_score": 0.08, "confidence": 0.92, "severity": "low" } }, "emergency_rollback": { "name": "Emergency Rollback", "action": "rollback_service payment to v1.1.0 immediately", "description": "Emergency rollback due to critical bug", "context": { "environment": "production", "service": "payment", "from_version": "v1.2.0", "to_version": "v1.1.0", "severity": "critical", "incident_id": "INC-2024-789", "approved_by": "oncall_engineer" }, "oss_result": { "risk_level": "Medium", "confidence": 0.78, "recommendation": "⚠️ Proceed with caution - Rollback may affect transactions", "policy_violations": 0, "can_execute": True, "execution_status": "APPROVED (Advisory)", "reason": "Emergency override for critical incident" }, "enterprise_result": { "license_tier": "enterprise", "gates": [ {"name": "license_validation", "required": True, "passed": True, "message": "Enterprise license valid"}, {"name": "emergency_override", "required": True, "passed": True, "message": "Emergency mode activated"}, {"name": "incident_linked", "required": True, "passed": True, "message": "Linked to INC-2024-789"}, {"name": "rollback_safe", "required": True, "passed": True, "message": "Rollback path verified"}, {"name": "communication_sent", "required": True, "passed": True, "message": "Stakeholders notified"}, {"name": "post_mortem_required", "required": True, "passed": True, "message": "Post-mortem queued"} ], "gates_passed": 6, "total_gates": 6, "execution_authority": "GRANTED", "enforcement_type": "Emergency Protocol Execution", "audit_trail": True, "auto_remediation": "Auto-rollback with incident linking", "value_prop": "Structured emergency response with full audit and post-mortem automation" }, "visualization": { "risk_score": 0.22, "confidence": 0.78, "severity": "medium" } } } # Gate definitions for visualization GATE_DEFINITIONS = { "license_validation": { "description": "Validate enterprise license is active and appropriate tier", "weight": 0.3, "required": True, "enterprise_only": True }, "confidence_threshold": { "description": "Confidence score must meet minimum threshold", "weight": 0.25, "required": True, "threshold": 0.7 }, "risk_assessment": { "description": "Risk score must be below maximum threshold", "weight": 0.25, "required": True, "threshold": 0.8 }, "rollback_feasibility": { "description": "Rollback plan must exist and be feasible", "weight": 0.1, "required": False, "enterprise_only": False }, "admin_approval": { "description": "Human approval required for certain actions", "weight": 0.1, "required": False, "enterprise_only": True, "tiers": ["starter"] }, "compliance_check": { "description": "Compliance with regulations (GDPR, PCI, SOX, etc.)", "weight": 0.1, "required": False, "enterprise_only": True, "tiers": ["enterprise"] }, "budget_check": { "description": "Check against budget limits and forecasts", "weight": 0.05, "required": False, "enterprise_only": True } } # License tier comparisons LICENSE_TIERS = { "trial": { "name": "Trial", "price": 0, "enforcement": "advisory", "max_agents": 3, "gates_available": ["confidence_threshold", "risk_assessment"], "limitations": ["No mechanical enforcement", "14-day limit", "Community support"], "best_for": "Evaluation and testing" }, "starter": { "name": "Starter", "price": 2000, "enforcement": "human_approval", "max_agents": 10, "gates_available": ["license_validation", "confidence_threshold", "risk_assessment", "admin_approval"], "features": ["Human-in-the-loop gates", "Basic audit trail", "Email support"], "best_for": "Small teams with human oversight" }, "professional": { "name": "Professional", "price": 5000, "enforcement": "autonomous", "max_agents": 50, "gates_available": ["license_validation", "confidence_threshold", "risk_assessment", "rollback_feasibility", "budget_check"], "features": ["Autonomous execution", "Advanced audit", "Priority support", "SLA 99.5%"], "best_for": "Mid-size companies wanting automation" }, "enterprise": { "name": "Enterprise", "price": 15000, "enforcement": "full_mechanical", "max_agents": 1000, "gates_available": ["license_validation", "confidence_threshold", "risk_assessment", "rollback_feasibility", "compliance_check", "budget_check", "custom_gates"], "features": ["Full mechanical enforcement", "Compliance automation", "Custom gates", "24/7 support", "SLA 99.9%", "Differential privacy audit"], "best_for": "Large enterprises with compliance needs" } } # Value proposition data VALUE_PROPOSITIONS = { "risk_reduction": { "oss": "Manual risk assessment", "starter": "Human-validated decisions", "professional": "Automated risk gates", "enterprise": "Mechanical enforcement", "improvement": "92% reduction in operational risk" }, "decision_speed": { "oss": "Minutes to hours", "starter": "Minutes with human", "professional": "Seconds (autonomous)", "enterprise": "Milliseconds (mechanical)", "improvement": "100x faster decisions" }, "false_positives": { "oss": "High (conservative)", "starter": "Medium (human calibrated)", "professional": "Low (ML-optimized)", "enterprise": "Minimal (continuously tuned)", "improvement": "85% reduction in false positives" }, "operational_cost": { "oss": "High (manual review)", "starter": "Medium (partial automation)", "professional": "Low (mostly automated)", "enterprise": "Minimal (fully automated)", "improvement": "75% reduction in OpEx" } } def get_scenario_by_name(name: str) -> Dict: """Get scenario by name""" return DEMO_SCENARIOS.get(name, {}) def get_all_scenario_names() -> List[str]: """Get all scenario names""" return list(DEMO_SCENARIOS.keys()) def get_scenario_summary() -> List[Dict]: """Get summary of all scenarios""" summary = [] for key, scenario in DEMO_SCENARIOS.items(): summary.append({ "id": key, "name": scenario["name"], "action": scenario["action"], "risk_level": scenario["oss_result"]["risk_level"], "oss_can_execute": scenario["oss_result"]["can_execute"], "enterprise_gates_passed": scenario["enterprise_result"]["gates_passed"], "enterprise_total_gates": scenario["enterprise_result"]["total_gates"] }) return summary def generate_upgrade_path(current_tier: str, target_tier: str) -> Dict: """Generate upgrade path between tiers""" current = LICENSE_TIERS.get(current_tier, LICENSE_TIERS["trial"]) target = LICENSE_TIERS.get(target_tier, LICENSE_TIERS["enterprise"]) new_gates = [gate for gate in target["gates_available"] if gate not in current["gates_available"]] new_features = [feat for feat in target.get("features", []) if feat not in current.get("features", [])] return { "from": current["name"], "to": target["name"], "price_increase": target["price"] - current["price"], "new_gates": new_gates, "new_features": new_features, "enforcement_improvement": f"{current['enforcement']} → {target['enforcement']}", "agent_limit_increase": target["max_agents"] - current["max_agents"], "roi_calculation": _calculate_roi(current["price"], target["price"]) } def _calculate_roi(current_price: int, target_price: int) -> Dict: """Calculate ROI for upgrade""" price_diff = target_price - current_price # Simplified ROI calculation time_savings = 15 * 20 * 12 # 15 min saved per decision, 20 decisions/day, 12 months risk_reduction = 0.92 * 100000 # 92% reduction in $100k average incident cost false_positive_savings = 0.85 * 50 * 200 # 85% reduction in 50 false positives/month at $200 each total_savings = time_savings + risk_reduction + false_positive_savings roi_months = (price_diff * 12) / total_savings if total_savings > 0 else 0 return { "annual_price_difference": price_diff * 12, "estimated_annual_savings": total_savings, "roi_months": max(1, roi_months), "breakeven": roi_months <= 12 }