Metadata-Version: 2.4
Name: tibet
Version: 2.1.7
Summary: TIBET - Humotica trust-system installer: identity, provenance, continuity, evidence, agents, network, conformance, and pre-grant orchestration (T-1 Genesis). pip install tibet[full]
Project-URL: Homepage, https://humotica.com
Project-URL: Documentation, https://humotica.com/docs/tibet
Project-URL: Repository, https://github.com/humotica/tibet
Author-email: Jasper van de Meent <jasper@humotica.com>, Root AI <root_idd@humotica.nl>
License: MIT
Keywords: ai-act,ai-governance,ainternet,audit,cli,compliance,firewall,gdpr,isolation,microvm,mux,nis2,provenance,security,snaft,tibet,trust
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.10
Requires-Dist: click>=8.0.0
Requires-Dist: jis-core>=0.4.0
Requires-Dist: rich>=13.0.0
Requires-Dist: tibet-core>=0.5.0
Provides-Extra: agentic
Requires-Dist: ainternet>=0.9.2; extra == 'agentic'
Requires-Dist: ipoll>=0.2.6; extra == 'agentic'
Requires-Dist: tibet-ainternet-mcp>=0.5.7; extra == 'agentic'
Requires-Dist: tibet-cobol>=0.1.1; extra == 'agentic'
Requires-Dist: tibet-context>=0.2.2; extra == 'agentic'
Requires-Dist: tibet-cortex>=0.2.1; extra == 'agentic'
Requires-Dist: tibet-ipoll-mcp>=0.1.0; extra == 'agentic'
Requires-Dist: tibet-phantom-mcp>=0.1.1; extra == 'agentic'
Requires-Dist: tibet-phantom>=0.2.2; extra == 'agentic'
Requires-Dist: tibet-router>=0.1.2; extra == 'agentic'
Provides-Extra: audit
Requires-Dist: tibet-audit>=0.27.1; extra == 'audit'
Provides-Extra: cmail
Requires-Dist: tibet-cmail>=0.3.0; extra == 'cmail'
Provides-Extra: conformance
Requires-Dist: tibet-conformance-vectors>=0.2.2; extra == 'conformance'
Requires-Dist: tibet-pol-mcp>=0.1.0; extra == 'conformance'
Requires-Dist: tibet-triage-mcp>=0.1.0; extra == 'conformance'
Provides-Extra: core
Requires-Dist: jis-core>=0.4.0; extra == 'core'
Requires-Dist: tibet-core>=0.5.0; extra == 'core'
Provides-Extra: daemon
Requires-Dist: tibet-cap-bus>=0.1.4; extra == 'daemon'
Requires-Dist: tibet-continuityd>=0.6.17; extra == 'daemon'
Requires-Dist: tibet-gateway>=0.4.0; extra == 'daemon'
Requires-Dist: tibet-home-agent>=0.5.3; extra == 'daemon'
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Provides-Extra: evidence
Requires-Dist: ai-sbom>=0.2.3; extra == 'evidence'
Requires-Dist: tibet-ai-sbom>=0.2.3; extra == 'evidence'
Requires-Dist: tibet-audit>=0.27.1; extra == 'evidence'
Requires-Dist: tibet-cbom>=0.2.2; extra == 'evidence'
Requires-Dist: tibet-ci>=0.2.1; extra == 'evidence'
Requires-Dist: tibet-cmail>=0.3.0; extra == 'evidence'
Requires-Dist: tibet-nis2>=0.1.1; extra == 'evidence'
Requires-Dist: tibet-report>=0.1.2; extra == 'evidence'
Requires-Dist: tibet-sbom>=0.2.1; extra == 'evidence'
Requires-Dist: tibet-trail>=0.1.1; extra == 'evidence'
Requires-Dist: tibet-wayback>=0.2.1; extra == 'evidence'
Provides-Extra: forge
Requires-Dist: tibet-forge>=0.7.1; extra == 'forge'
Provides-Extra: full
Requires-Dist: ai-sbom>=0.2.3; extra == 'full'
Requires-Dist: ainternet>=0.9.2; extra == 'full'
Requires-Dist: ipoll>=0.2.6; extra == 'full'
Requires-Dist: jis-core>=0.4.0; extra == 'full'
Requires-Dist: snaft>=1.4.1; extra == 'full'
Requires-Dist: tibet-ai-sbom>=0.2.3; extra == 'full'
Requires-Dist: tibet-ainternet-mcp>=0.5.7; extra == 'full'
Requires-Dist: tibet-airlock>=0.3.1; extra == 'full'
Requires-Dist: tibet-anticheat>=0.1.2; extra == 'full'
Requires-Dist: tibet-audit>=0.27.1; extra == 'full'
Requires-Dist: tibet-cap-bus>=0.1.4; extra == 'full'
Requires-Dist: tibet-cbom>=0.2.2; extra == 'full'
Requires-Dist: tibet-chip>=1.0.1; extra == 'full'
Requires-Dist: tibet-ci>=0.2.1; extra == 'full'
Requires-Dist: tibet-claw>=0.3.2; extra == 'full'
Requires-Dist: tibet-cmail>=0.3.0; extra == 'full'
Requires-Dist: tibet-cobol>=0.1.1; extra == 'full'
Requires-Dist: tibet-conformance-vectors>=0.2.2; extra == 'full'
Requires-Dist: tibet-context>=0.2.2; extra == 'full'
Requires-Dist: tibet-continuityd>=0.6.17; extra == 'full'
Requires-Dist: tibet-core>=0.5.0; extra == 'full'
Requires-Dist: tibet-cortex>=0.2.1; extra == 'full'
Requires-Dist: tibet-edge>=0.1.1; extra == 'full'
Requires-Dist: tibet-gateway>=0.4.0; extra == 'full'
Requires-Dist: tibet-genesis>=0.1.4; extra == 'full'
Requires-Dist: tibet-home-agent>=0.5.3; extra == 'full'
Requires-Dist: tibet-iot>=0.1.1; extra == 'full'
Requires-Dist: tibet-ipoll-mcp>=0.1.0; extra == 'full'
Requires-Dist: tibet-keychain>=0.1.2; extra == 'full'
Requires-Dist: tibet-marketplace>=0.1.1; extra == 'full'
Requires-Dist: tibet-mesh>=0.1.0; extra == 'full'
Requires-Dist: tibet-mux>=1.0.2; extra == 'full'
Requires-Dist: tibet-nc>=0.1.2; extra == 'full'
Requires-Dist: tibet-nis2>=0.1.1; extra == 'full'
Requires-Dist: tibet-overlay>=0.1.2; extra == 'full'
Requires-Dist: tibet-phantom-mcp>=0.1.1; extra == 'full'
Requires-Dist: tibet-phantom>=0.2.2; extra == 'full'
Requires-Dist: tibet-ping>=0.3.4; extra == 'full'
Requires-Dist: tibet-pol-mcp>=0.1.0; extra == 'full'
Requires-Dist: tibet-pol>=0.3.4; extra == 'full'
Requires-Dist: tibet-pqc>=0.1.1; extra == 'full'
Requires-Dist: tibet-report>=0.1.2; extra == 'full'
Requires-Dist: tibet-router>=0.1.2; extra == 'full'
Requires-Dist: tibet-sbom>=0.2.1; extra == 'full'
Requires-Dist: tibet-soc>=0.1.1; extra == 'full'
Requires-Dist: tibet-spiffe>=0.1.1; extra == 'full'
Requires-Dist: tibet-tail>=0.2.1; extra == 'full'
Requires-Dist: tibet-tools>=0.1.1; extra == 'full'
Requires-Dist: tibet-trail>=0.1.1; extra == 'full'
Requires-Dist: tibet-triage-mcp>=0.1.0; extra == 'full'
Requires-Dist: tibet-triage>=0.5.2; extra == 'full'
Requires-Dist: tibet-wayback>=0.2.1; extra == 'full'
Requires-Dist: tibet-y2k38>=0.1.2; extra == 'full'
Requires-Dist: tibet-zip>=1.1.1; extra == 'full'
Provides-Extra: genesis
Requires-Dist: tibet-genesis>=0.1.4; extra == 'genesis'
Provides-Extra: legacy
Requires-Dist: tibet-snap>=0.1.3; extra == 'legacy'
Provides-Extra: network
Requires-Dist: tibet-edge>=0.1.1; extra == 'network'
Requires-Dist: tibet-iot>=0.1.1; extra == 'network'
Requires-Dist: tibet-mesh>=0.1.0; extra == 'network'
Requires-Dist: tibet-mux>=1.0.2; extra == 'network'
Requires-Dist: tibet-overlay>=0.1.2; extra == 'network'
Requires-Dist: tibet-spiffe>=0.1.1; extra == 'network'
Requires-Dist: tibet-zip>=1.1.1; extra == 'network'
Provides-Extra: operator
Requires-Dist: tibet-keychain>=0.1.2; extra == 'operator'
Requires-Dist: tibet-marketplace>=0.1.1; extra == 'operator'
Requires-Dist: tibet-nc>=0.1.2; extra == 'operator'
Requires-Dist: tibet-ping>=0.3.4; extra == 'operator'
Requires-Dist: tibet-pol>=0.3.4; extra == 'operator'
Requires-Dist: tibet-soc>=0.1.1; extra == 'operator'
Requires-Dist: tibet-tail>=0.2.1; extra == 'operator'
Requires-Dist: tibet-tools>=0.1.1; extra == 'operator'
Provides-Extra: safety
Requires-Dist: snaft>=1.4.1; extra == 'safety'
Requires-Dist: tibet-airlock>=0.3.1; extra == 'safety'
Requires-Dist: tibet-anticheat>=0.1.2; extra == 'safety'
Requires-Dist: tibet-chip>=1.0.1; extra == 'safety'
Requires-Dist: tibet-claw>=0.3.2; extra == 'safety'
Requires-Dist: tibet-genesis>=0.1.4; extra == 'safety'
Requires-Dist: tibet-pqc>=0.1.1; extra == 'safety'
Requires-Dist: tibet-triage>=0.5.2; extra == 'safety'
Requires-Dist: tibet-y2k38>=0.1.2; extra == 'safety'
Provides-Extra: vault
Requires-Dist: tibet-vault>=0.1.0; extra == 'vault'
Description-Content-Type: text/markdown

# tibet

The Humotica trust-system installer. One command installs the local substrate for
identity, provenance, continuity, evidence, agents, operator approval, network
checks, and conformance.

[![PyPI](https://img.shields.io/pypi/v/tibet)](https://pypi.org/project/tibet/)
[![IETF Draft](https://img.shields.io/badge/IETF-draft--vandemeent--tibet--provenance-blue)](https://datatracker.ietf.org/doc/draft-vandemeent-tibet-provenance/)
[![Whitepaper](https://img.shields.io/badge/Zenodo-DOI:10.5281/zenodo.18712238-green)](https://doi.org/10.5281/zenodo.18712238)

Unified CLI for [tibet-core](https://pypi.org/project/tibet-core/) provenance,
[jis-core](https://pypi.org/project/jis-core/) identity, evidence generation,
agent communication, and first-run system setup.

## Install

```bash
pip install tibet                 # CLI + tibet-core + jis-core
pip install "tibet[core]"         # + TIBET/JIS handshake substrate
pip install "tibet[evidence]"     # + audit, SBOM, CBOM, NIS2, reports
pip install "tibet[agentic]"      # + AInternet, I-Poll, Phantom, Cortex, router
pip install "tibet[full]"         # canonical local trust system
```

## After Install

```bash
tibet system doctor
tibet system init
tibet system walkthrough
```

`tibet[full]` is not just a dependency pile. It is the local system profile:

- `core`: TIBET/JIS identity + provenance handshake
- `daemon`: continuity, gateway events, capability bus, home-agent
- `evidence`: audit, SBOM, CBOM, AI-SBOM, NIS2, reports, Cmail, CI
- `agentic`: AInternet, I-Poll, Phantom resume, Cortex, router, MCP surfaces
- `safety`: SNAFT, triage, airlock, genesis, PQC, active immune-system controls
- `operator`: policy, ping, tools, marketplace, nc, keychain, tail, SOC
- `network`: mux, overlay, IoT, edge, mesh, tibet-zip, SPIFFE
- `conformance`: public contract vectors and MCP checks

## Quick Start

```bash
# Initialize TIBET in your project.
tibet init

# Create a provenance token. Document before you act.
tibet create deploy --why "Release v1.0.0" --refs ticket-123

# Verify token integrity.
tibet verify <token-id>

# Export audit trail.
tibet export --format json

# Run compliance scan.
tibet audit

# Check trust score.
tibet forge

# Show installed components.
tibet status
```

## Commands

| Command | Description |
|---------|-------------|
| `tibet init` | Initialize `.tibet/` directory for local token storage |
| `tibet create <action>` | Create provenance token with intent (`--why`), content (`--what`), and references (`--refs`) |
| `tibet verify <id>` | Verify a token's cryptographic integrity |
| `tibet export` | Export audit trail (JSON, markdown, or summary) |
| `tibet audit` | Run compliance health scan — AI Act, NIS2, GDPR (requires `tibet[audit]`) |
| `tibet forge` | Run trust score analysis — code quality, security, provenance readiness (requires `tibet[forge]`) |
| `tibet status` | Show ecosystem status and installed component versions |
| `tibet system doctor` | Validate the local full-system install |
| `tibet system init` | Create `~/.tibet/` config, inbox, outbox, audit, reports, and state dirs |
| `tibet system walkthrough` | Show the guided first-run path after `tibet[full]` |
| `tibet system update` | Show or execute the explicit full-system update command |
| `tibet version` | Show versions of all TIBET components |

### Creating Tokens

Every token captures four provenance dimensions:

```bash
tibet create file_write \
  --why "Fix login bug"          \  # ERACHTER — intent
  --what '{"file":"auth.py"}'    \  # ERIN — content
  --refs issue-123               \  # ERAAN — references
  --actor "jis:dev:alice"           # Who
```

The token is created BEFORE the action happens. This is structural — provenance that's recorded after the fact is just logging.

## TIBET Provenance

Every token records four dimensions:

| Dimension | Dutch | Meaning |
|-----------|-------|---------|
| **ERIN** | "Er in" | What's IN the action (content, data) |
| **ERAAN** | "Er aan" | What's attached (dependencies, references) |
| **EROMHEEN** | "Er omheen" | Context around it (environment, state) |
| **ERACHTER** | "Er achter" | Intent behind it (why this action) |

## Ecosystem

`tibet` is the CLI. The kernel is [tibet-core](https://pypi.org/project/tibet-core/). Together with the rest of the stack:

| Layer | Package | What it does |
|-------|---------|--------------|
| **Identity** | [jis-core](https://pypi.org/project/jis-core/) | Claims and identity binding |
| **Provenance** | [tibet-core](https://pypi.org/project/tibet-core/) | TIBET tokens — ERIN/ERAAN/EROMHEEN/ERACHTER |
| **CLI** | **tibet** | `tibet system`, `tibet create`, `tibet verify`, `tibet audit`, `tibet forge` |
| **Firewall** | [snaft](https://pypi.org/project/snaft/) | 22 immutable rules, OWASP 20/20, FIR/A trust |
| **Network** | [ainternet](https://pypi.org/project/ainternet/) | .aint domains, I-Poll messaging, agent discovery |
| **Home Agent** | [tibet-home-agent](https://pypi.org/project/tibet-home-agent/) | Headless agent relay with HITL approval path |
| **Cmail** | [tibet-cmail](https://pypi.org/project/tibet-cmail/) | Capsules, acknowledgements, and signed approval mail |
| **Compliance** | [tibet-audit](https://pypi.org/project/tibet-audit/) | AI Act, NIS2, GDPR, CRA — 112+ checks |
| **Trust** | [tibet-forge](https://pypi.org/project/tibet-forge/) | Trust scoring and certification |
| **SBOM** | [tibet-sbom](https://pypi.org/project/tibet-sbom/) | Supply chain verification with provenance |
| **CBOM** | [tibet-cbom](https://pypi.org/project/tibet-cbom/) | Capability bill of materials |
| **Continuity** | [tibet-continuityd](https://pypi.org/project/tibet-continuityd/) | Background continuity guardian |
| **Capability Bus** | [tibet-cap-bus](https://pypi.org/project/tibet-cap-bus/) | Gateway event contract and command bus |
| **Triage** | [tibet-triage](https://pypi.org/project/tibet-triage/) | Airlock sandbox, UPIP reproducibility, flare rescue |
| **Transfer** | [tibet-zip](https://pypi.org/project/tibet-zip/) | Identity-aware signed transfer container |
| **Netcat** | [tibet-nc](https://pypi.org/project/tibet-nc/) | Operator-friendly network command tooling |
| **Secrets** | [tibet-vault](https://pypi.org/project/tibet-vault/) | Time-locked secrets with dead man's switch |
| **Discovery** | [tibet-ping](https://pypi.org/project/tibet-ping/) | LAN discovery, heartbeat, mesh relay |

## Standards

### IETF Standardization

- [draft-vandemeent-tibet-provenance](https://datatracker.ietf.org/doc/draft-vandemeent-tibet-provenance/) — Traceable Intent-Based Event Tokens
- [draft-vandemeent-jis-identity](https://datatracker.ietf.org/doc/draft-vandemeent-jis-identity/) — JTel Identity Standard
- [draft-vandemeent-upip-process-integrity](https://datatracker.ietf.org/doc/draft-vandemeent-upip-process-integrity/) — Universal Process Integrity Protocol
- [draft-vandemeent-rvp-continuous-verification](https://datatracker.ietf.org/doc/draft-vandemeent-rvp-continuous-verification/) — Real-time Verification Protocol
- [draft-vandemeent-ains-discovery](https://datatracker.ietf.org/doc/draft-vandemeent-ains-discovery/) — AInternet Name Service

### Regulatory

| Regulation | TIBET provides |
|------------|---------------|
| **EU AI Act** | Automated decision traceability, transparency |
| **EU CRA** | Build provenance, SBOM accountability |
| **GDPR Art. 22** | Consent proof, decision audit trail |
| **NIS2** | Continuous logging, incident snapshots |

CRA enforcement starts **September 2026**. TIBET makes compliance architectural, not bolted-on.

## License

MIT

## Credits

Designed by [Jasper van de Meent](https://github.com/jaspertvdm). Built by Jasper and [Root AI](https://humotica.com) as part of [HumoticaOS](https://humotica.com).

One love, one fAmIly.


---

**Stack-positie:** Groep `substrate` · Bootstrap = OSAPI-handshake naar [`tibet`](https://pypi.org/project/tibet-core/) + [`jis`](https://pypi.org/project/jis-core/) (fail → snaft-rule + tibet-pol-rapport) · ← [`tibet-core`](https://pypi.org/project/tibet-core/) · See `STACK.md` · See `demo/golden-path/` for the spine end-to-end.
---

## Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

| | |
|---|---|
| **Enterprise** | enterprise@humotica.com |
| **Support** | support@humotica.com |
| **Security** | security@humotica.com |

See [ENTERPRISE.md](ENTERPRISE.md) for details.
