Metadata-Version: 2.4
Name: ski-model-deploy
Version: 3.0.3
Summary: Deploy and verify signed Knowledge Graphs against a SKI Model runtime.
Author-email: KpiFinity <hello@kpifinity.com>
License-Expression: Apache-2.0
Project-URL: Homepage, https://github.com/kpifinity/ski-framework
Project-URL: Documentation, https://kpifinity.github.io/ski-framework/
Project-URL: Issues, https://github.com/kpifinity/ski-framework/issues
Keywords: ski-framework,compliance,knowledge-graph,deployment
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: click<9,>=8.1.7
Requires-Dist: pydantic<3,>=2.13.4
Requires-Dist: python-dotenv<2,>=1.2.2
Requires-Dist: pyyaml<7,>=6.0.1
Requires-Dist: jinja2<4,>=3.1.6
Requires-Dist: httpx<0.29,>=0.27
Requires-Dist: cryptography<48,>=46
Requires-Dist: docker<8,>=7
Requires-Dist: psycopg[binary]<4,>=3.1.18

# ski-model-deploy

> Install from PyPI: `pip install ski-model-deploy` (publishing starts with the first release after June 2026).

> **⚠ STATUS: EARLY ALPHA (v0.1.0a0).** Alpha-quality tooling. See the
> repo root `README.md` for the project-wide status.

Deploy and configure the SKI Model inference engine on-premise.

`ski-model-deploy` is the deployment toolkit for the SKI Framework v2.1
runtime. (In pre-v2.1 docs this tool was called `milm-deploy`.)

## What it does

1. Generate a deployment configuration for a sector deployment.
2. **Verify the Ed25519 signature of a Knowledge Graph and register it
   with the deployment.** Signature verification is mandatory — there is
   no `--no-verify` escape hatch.
3. Stand up the SKI Model stack via Docker (Kubernetes manifests planned
   for v0.2).
4. Surface deployment status and a basic health view.

## Installation

```bash
pip install -e tools/ski-model-deploy
```

## Quick start

```bash
# 1. Initialise a deployment config (writes deployment-config.yaml).
ski-model-deploy init --name energy-prod --sector energy

# 2. Load a SIGNED Knowledge Graph (this will refuse to load an unsigned KG).
ski-model-deploy load-kg \
  --config deployment-config.yaml \
  --kg /path/to/signed-kg.json

# 3. Start the stack.
ski-model-deploy start --config deployment-config.yaml

# 4. Status.
ski-model-deploy status --config deployment-config.yaml
```

## Commands

| Command | Purpose |
|---|---|
| `init`      | Create a new deployment configuration. |
| `load-kg`   | Verify a signed KG and register it. Signature verification is mandatory. |
| `start`     | Bring up the stack (docker compose for the alpha; k8s planned). |
| `stop`      | Tear down the stack. |
| `status`    | Report deployment status as JSON. |

`--help` is supported on every command.

## Environment variables

The runtime (the SKI Model service itself) reads its own environment
variables documented in
`reference-implementation/.env.example`. The deployer cares about a
small subset relevant to its own operation:

| Variable | Default | Notes |
|---|---|---|
| `SKI_API_KEY` | required | Used for `--api-key` on `status` health probes. |
| `LEDGER_DSN` | required | Audit ledger DSN. |
| `OLLAMA_BASE_URL` | `http://ollama:11434` | Default inference backend URL. |
| `SKI_MODEL_NAME` | `qwen2.5:7b-instruct` | Model the runtime should use. |
| `SKI_MODEL_FILE_SHA256` | optional | If set, the runtime refuses to start unless the pulled model artefact matches. |

A non-conformant `anthropic` demo backend exists in the runtime. The
deployer does not encourage or wire it in. It is intentionally
inconvenient to enable.

## Signature verification — mandatory

This tool will REFUSE to load a Knowledge Graph that:

- has no `signature` block, or
- has `algorithm: "DEMO_UNSIGNED"`, or
- has a signature that does not verify under the embedded public key.

There is no `--no-verify`, no `verify_signature=False`, no override flag.
If you absolutely need to load an unsigned KG (for local prototyping
only), you must set `KG_REQUIRE_SIGNATURE=false` on the runtime, which
makes the deployment non-conformant and is reported as such by the
conformance test suite.

## Licensing

Apache 2.0. See [`../../LICENSE`](../../LICENSE).
