Metadata-Version: 2.4
Name: tibet-nc
Version: 0.1.0a2
Summary: [DEPRECATED] Secure remote shell via Matrix E2EE — no ports, no TCP surface, TIBET L4 Airlock verification.
Project-URL: Homepage, https://github.com/humotica/tibet-nc
Project-URL: Repository, https://github.com/humotica/tibet-nc
Project-URL: Documentation, https://humotica.com/docs/tibet-nc
Author-email: "J. van de Meent" <jasper@humotica.com>, "R. AI" <root_idd@humotica.nl>
Maintainer-email: Humotica AI Lab <ai@humotica.nl>
License: MIT
Keywords: airlock,e2ee,matrix,no-port,provenance,remote-shell,ssh-alternative,tibet,zero-trust
Classifier: Development Status :: 7 - Inactive
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Communications :: Chat
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Requires-Python: >=3.10
Requires-Dist: matrix-nio>=0.21
Requires-Dist: python-dotenv>=1.0
Requires-Dist: requests>=2.28
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Provides-Extra: e2ee
Requires-Dist: matrix-nio[e2e]>=0.21; extra == 'e2ee'
Description-Content-Type: text/markdown

# tibet-nc

> **PRE-ALPHA (v0.1.0a1) — NOT PRODUCTION READY**
>
> API, protocol, and security model are subject to change.
> Do not deploy in production environments.

Secure remote shell via Matrix E2EE — SSH without the attack surface.

## What is tibet-nc?

tibet-nc replaces SSH/telnet with a remote shell that has **no open ports, no TCP listener, and no discoverable attack surface**. Commands are sent via Matrix (end-to-end encrypted) and every execution is a verified TIBET token.

Think of it as a speakeasy: there's no visible door. You need to know the Matrix room and have a verified TIBET identity to get in.

## How it works

```
[Matrix Client] → E2EE message → [Matrix Server] → [tibet-nc daemon]
                                                        ↓
                                                   L4 Airlock
                                                   ├── Identity check
                                                   ├── Timebox check
                                                   ├── Command safety
                                                   └── Hash chain
                                                        ↓
                                                   Restricted PTY
                                                        ↓
                                                   Output + TIBET token
                                                        ↓
                                              [Matrix Client] ← E2EE
```

### L4 Airlock Verification

Every command passes 4 layers before execution:

1. **Identity** — Matrix user must be in the allowed list
2. **Timebox** — Command must arrive within latency window for its DID type
3. **Command safety** — Blocked patterns (`rm -rf /`, `dd if=`, etc.) are rejected
4. **Hash chain** — SHA256 chain links every command to the previous one

### What makes it different from SSH?

| | SSH | tibet-nc |
|---|---|---|
| Open port | 22 (scannable) | None |
| Protocol | TCP | Matrix E2EE |
| Auth | Keys/password | TIBET identity |
| Audit trail | auth.log | Full TIBET provenance per command |
| Command safety | None | L4 Airlock (blocked patterns) |
| Hash chain | None | SHA256 per session |

## Current status

- [x] Matrix E2EE transport
- [x] L4 Airlock verification
- [x] Restricted PTY execution
- [x] TIBET token per command
- [x] Hash chain integrity
- [x] Blocked dangerous commands
- [x] Systemd service (DL360)
- [ ] Multi-device session management
- [ ] File transfer via Matrix
- [ ] Interactive mode (vim, top)
- [ ] PyPI release

## Running (development)

The daemon currently runs from `/srv/jtel-stack/tibet-nc/` as a systemd service.
See the deployed instance for reference — package structure is being formalized.

## License

MIT — Humotica AI Lab


---

## Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

| | |
|---|---|
| **Enterprise** | enterprise@humotica.com |
| **Support** | support@humotica.com |
| **Security** | security@humotica.com |

See [ENTERPRISE.md](ENTERPRISE.md) for details.
