Ultra-low-latency dashboards • Secure communications • FinTech & trade rails • On-prem hybrid AI
Use ← → or Space • F fullscreen • S speaker notes
FinTech GPT, Trade GPT and Consular GPT are staged; access-controlled endpoints are visible but not exercised.
Public TLS-terminated health endpoints:
for svc in president billing securecomm fintechgpt tradegpt consulargpt; do
url="https://$svc.marketintelligenceai.com/health"
echo "== $url =="
body="$(curl -sS "$url" || true)"
code="$(curl -sS -o /dev/null -w '%{http_code}' "$url" || true)"
echo "$body"
echo "HTTP $code"
echo
doneExpected: 200 for President, Billing, SecureComm, FinTech GPT; 401 for Trade/Consular (access-controlled).
Each subdomain presents the correct certificate CN:
for svc in president billing securecomm fintechgpt tradegpt consulargpt; do
host="$svc.marketintelligenceai.com"
printf "%-28s " "$host:"
openssl s_client -connect "$host:443" -servername "$host" </dev/null 2>/dev/null \
| openssl x509 -noout -subject
doneCN matches each subdomain (e.g., subject=CN = president.marketintelligenceai.com).
Upgrade to WS and receive the hello frame:
printf 'GET /ws HTTP/1.1\r\nHost: president.marketintelligenceai.com\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n' \
| openssl s_client -connect president.marketintelligenceai.com:443 \
-servername president.marketintelligenceai.com -quiet | sed -n '1,25p'Expected: HTTP/1.1 101 Switching Protocols then a JSON hello frame.
Post updates and time the WS broadcast received by the client (IDs correlated by text):
HOST=president.marketintelligenceai.com N=20 INTERVAL=0.25 MINISTRY=health \
docker run --rm \
-e HOST -e N -e INTERVAL -e MINISTRY -e PIP_DISABLE_PIP_VERSION_CHECK=1 \
python:3.11 bash -lc '
set -e
pip -q install "websockets>=12,<14" httpx certifi >/dev/null
python -u - << "PY"
import os, asyncio, ssl, json, time, random, string, statistics
import httpx, websockets, certifi
HOST=os.environ["HOST"]; N=int(os.environ.get("N","20")); INTERVAL=float(os.environ.get("INTERVAL","0.25"))
WS=f"wss://{HOST}/ws"; POST=f"https://{HOST}/v1/updates"
sslctx=ssl.create_default_context(cafile=certifi.where())
rand="".join(random.choices(string.ascii_lowercase+string.digits,k=6))
pref=f"bench-{int(time.time())}-{rand}-"
send_ts, lats = {}, []
def pct(xs,p):
if not xs: return float("nan")
xs=sorted(xs); pos=(len(xs)-1)*(p/100.0)
i=max(0, min(len(xs)-1, int(round(pos))))
return xs[i]
async def listener():
async with websockets.connect(WS, ssl=sslctx) as ws:
try: await ws.recv() # hello
except: pass
while len(lats) < N:
d=json.loads(await ws.recv())
if d.get("type")!="update": continue
t=d["payload"].get("text","")
t0=send_ts.pop(t, None)
if t0 is None: continue
dt=(time.perf_counter()-t0)*1000
lats.append(dt); print(f"got {len(lats)}/{N}: {dt:.1f} ms", flush=True)
async def sender():
async with httpx.AsyncClient(verify=certifi.where(), timeout=10) as c:
for i in range(N):
t=f"{pref}{i}"; send_ts[t]=time.perf_counter()
await c.post(POST, json={"ministry_id":"health","text":t,"severity":"info"})
await asyncio.sleep(INTERVAL)
async def main():
await asyncio.gather(listener(), sender())
asyncio.run(main())
print("---- latency (ms) ----")
print(f"n={len(lats)} min={min(lats):.1f} p50={pct(lats,50):.1f} p95={pct(lats,95):.1f} p99={pct(lats,99):.1f} max={max(lats):.1f} mean={statistics.mean(lats):.1f}")
PY'Typical: p50 ~4–7 ms; p95 <~12 ms (HTTPS POST → WS fan-out → client).
Verify WS and broadcast to a thread:
# WS hello
printf 'GET /ws HTTP/1.1\r\nHost: securecomm.marketintelligenceai.com\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n' \
| openssl s_client -connect securecomm.marketintelligenceai.com:443 \
-servername securecomm.marketintelligenceai.com -quiet | sed -n '1,20p'
# One-shot WS+POST demo
docker run --rm --network host -e PIP_DISABLE_PIP_VERSION_CHECK=1 \
python:3.11 bash -lc 'pip -q install websockets httpx certifi >/dev/null; python -u - << "PY"
import asyncio, ssl, certifi, websockets, httpx, json
HOST="securecomm.marketintelligenceai.com"
sslctx=ssl.create_default_context(cafile=certifi.where())
async def main():
async with websockets.connect(f"wss://{HOST}/ws", ssl=sslctx) as ws:
print("WS hello:", await ws.recv(), flush=True)
async with httpx.AsyncClient(verify=certifi.where()) as c:
r=await c.post(f"https://{HOST}/v1/messages", json={"thread_id":"t-demo","sender":"panel","text":"Panel demo message"})
print("POST status:", r.status_code, r.text, flush=True)
print("WS event:", await ws.recv(), flush=True)
asyncio.run(main())
PY'Standard health endpoint:
curl -sS https://billing.marketintelligenceai.com/health | jq .Core plane keeps working with Internet egress blocked (TLS, routing, WS fan-out all local):
#!/usr/bin/env bash
set -euo pipefail
SERVICES=(president billing securecomm fintechgpt tradegpt consulargpt)
command -v iptables >/dev/null || { echo "Need iptables"; exit 1; }
command -v docker >/dev/null || { echo "Need docker"; exit 1; }
command -v curl >/dev/null || { echo "Need curl"; exit 1; }
MYIP=$(hostname -I | awk '{print $1}')
echo "Server IP: $MYIP"
HOSTS_BK=/etc/hosts.bak.sovdemo
LINE_START="# --- SOVDEMO HOSTS START ---"
LINE_END="# --- SOVDEMO HOSTS END ---"
if [ ! -f "$HOSTS_BK" ]; then sudo cp /etc/hosts "$HOSTS_BK"; fi
sudo sed -i "/$LINE_START/,/$LINE_END/d" /etc/hosts
{
echo "$LINE_START"
for s in "${SERVICES[@]}"; do echo "127.0.0.1 $s.marketintelligenceai.com"; done
echo "$LINE_END"
} | sudo tee -a /etc/hosts >/dev/null
sudo iptables -N DEMO_EGRESS_BLOCK 2>/dev/null || true
sudo iptables -F DEMO_EGRESS_BLOCK
sudo iptables -A DEMO_EGRESS_BLOCK -o lo -j RETURN
sudo iptables -A DEMO_EGRESS_BLOCK -d 127.0.0.1/32 -j RETURN
sudo iptables -A DEMO_EGRESS_BLOCK -d "$MYIP"/32 -j RETURN
sudo iptables -A DEMO_EGRESS_BLOCK -m state --state ESTABLISHED,RELATED -j RETURN
sudo iptables -A DEMO_EGRESS_BLOCK -p tcp --dport 443 -j REJECT
sudo iptables -A DEMO_EGRESS_BLOCK -p tcp --dport 80 -j REJECT
sudo iptables -C OUTPUT -j DEMO_EGRESS_BLOCK 2>/dev/null || sudo iptables -I OUTPUT 1 -j DEMO_EGRESS_BLOCK
echo; echo "== Live HTTPS /health =="
for svc in president billing securecomm fintechgpt; do
url="https://$svc.marketintelligenceai.com/health"
printf "-- %-45s " "$url"
body="$(curl -sS "$url" || true)"
code="$(curl -sS -o /dev/null -w '%{http_code}' "$url" || true)"
echo "HTTP $code | $body"
done
echo; echo "== President WS fan-out latency (N=20 @ 4Hz) =="
HOST=president.marketintelligenceai.com N=20 INTERVAL=0.25 MINISTRY=health \
docker run --rm \
-e HOST -e N -e INTERVAL -e MINISTRY -e PIP_DISABLE_PIP_VERSION_CHECK=1 \
python:3.11 bash -lc 'set -e; pip -q install "websockets>=12,<14" httpx certifi >/dev/null; python -u - << "PY"
import os, asyncio, ssl, json, time, random, string, statistics
import httpx, websockets, certifi
HOST=os.environ["HOST"]; N=int(os.environ.get("N","20")); INTERVAL=float(os.environ.get("INTERVAL","0.25"))
WS=f"wss://{HOST}/ws"; POST=f"https://{HOST}/v1/updates"
sslctx=ssl.create_default_context(cafile=certifi.where())
rand="".join(random.choices(string.ascii_lowercase+string.digits,k=6))
pref=f"bench-{int(time.time())}-{rand}-"
send_ts, lats = {}, []
def pct(xs,p):
if not xs: return float("nan")
xs=sorted(xs); pos=(len(xs)-1)*(p/100.0)
i=max(0, min(len(xs)-1, int(round(pos))))
return xs[i]
async def listener():
async with websockets.connect(WS, ssl=sslctx) as ws:
try: await ws.recv()
except: pass
while len(lats) < N:
d=json.loads(await ws.recv())
if d.get("type")!="update": continue
t=d["payload"].get("text",""); t0=send_ts.pop(t, None)
if t0 is None: continue
dt=(time.perf_counter()-t0)*1000
lats.append(dt); print(f"got {len(lats)}/{N}: {dt:.1f} ms", flush=True)
async def sender():
async with httpx.AsyncClient(verify=certifi.where(), timeout=10) as c:
for i in range(N):
t=f"{pref}{i}"; send_ts[t]=time.perf_counter()
await c.post(POST, json={"ministry_id":"health","text":t,"severity":"info"})
await asyncio.sleep(INTERVAL)
async def main(): await asyncio.gather(listener(), sender())
asyncio.run(main())
print("---- latency (ms) ----")
print(f"n={len(lats)} min={min(lats):.1f} p50={pct(lats,50):.1f} p95={pct(lats,95):.1f} p99={pct(lats,99):.1f} max={max(lats):.1f} mean={statistics.mean(lats):.1f}")
PY'
echo; echo "=== CLEANUP ==="
echo "sudo iptables -D OUTPUT -j DEMO_EGRESS_BLOCK 2>/dev/null || true"
echo "sudo iptables -F DEMO_EGRESS_BLOCK 2>/dev/null || true"
echo "sudo iptables -X DEMO_EGRESS_BLOCK 2>/dev/null || true"
echo 'if [ -f /etc/hosts.bak.sovdemo ]; then sudo cp /etc/hosts.bak.sovdemo /etc/hosts; fi'
Talk track: “Internet egress is blocked; yet you still see live health, WS fan-out, and sub-10 ms delivery — because everything runs locally.”
Supporting documents are available for review:
Place the PDF at /var/www/deck/patent_filing.pdf before the session.
This platform demonstrates sovereign control, low latency at national scale, and operational readiness.