Metadata-Version: 2.4
Name: tibet-report
Version: 0.1.0
Summary: Audit dossier assembler — verifiable remediation reports from TIBET provenance chains
Project-URL: Homepage, https://ainternet.org
Project-URL: Repository, https://github.com/Humotica/tibet-report
Project-URL: TIBET Ecosystem, https://pypi.org/project/tibet/
Author-email: Jasper van de Meent <jasper@humotica.com>, Root AI <root_idd@humotica.nl>
License-Expression: MIT
Keywords: audit,dossier,provenance,remediation,report,security,tibet
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Requires-Python: >=3.10
Requires-Dist: tibet-core>=0.3.0
Provides-Extra: full
Requires-Dist: tibet-pol>=0.1.0; extra == 'full'
Requires-Dist: tibet-wayback>=0.1.0; extra == 'full'
Provides-Extra: pol
Requires-Dist: tibet-pol>=0.1.0; extra == 'pol'
Provides-Extra: wayback
Requires-Dist: tibet-wayback>=0.1.0; extra == 'wayback'
Description-Content-Type: text/markdown

# tibet-report

Audit dossier assembler with TIBET provenance — verifiable remediation reports.

Part of the [TIBET ecosystem](https://pypi.org/project/tibet/) by [Humotica](https://humotica.com).

## What it does

`tibet-report` assembles evidence from TIBET token chains, wayback seals, pol health checks, and Phantom sessions into a single verifiable audit dossier.

The report is not the proof — the chain of tokens, seals, and manifests is. `tibet-report` makes that chain readable for humans and verifiable for auditors.

## Install

```bash
pip install tibet-report
```

## Quick start

```python
from tibet_report import ReportSession, build_dossier

session = ReportSession(
    report_id="RPT-001",
    title="Security Remediation — Example Corp",
    customer="Example Corp",
    created_by="Jasper van de Meent — Humotica",
)

session.add_finding("SSL chain broken", "Intermediate cert missing")
session.add_action("Added intermediate cert to nginx", status="fixed")
session.add_verification("SSL verified with openssl", status="verified")

report_path, manifest = build_dossier(session, output_dir="./reports")
```

## CLI

```bash
# Build a dossier
tibet-report build \
  --customer "Example Corp" \
  --assessor "Jasper van de Meent" \
  --tokens remediation_chain.json \
  --pre-seal pre_fix.json \
  --post-seal post_fix.json \
  --out ./reports

# Verify dossier integrity
tibet-report verify reports/RPT-001.md --manifest reports/RPT-001.manifest.json
```

## Chain of custody

Every dossier includes a manifest that binds the report to its source evidence:

- SHA256 hashes of all input artifacts (tokens, seals, pol runs)
- SHA256 hash of the generated report
- Chain-of-custody hash combining all above
- Optional TIBET dossier token for provenance

Tampering with the report after generation is detectable via `tibet-report verify`.

## Input sources

| Source | Package | What it provides |
|--------|---------|-----------------|
| TIBET tokens | `tibet-core` | Step-by-step provenance chain |
| Wayback seals | `tibet-wayback` | Pre/post system state snapshots |
| Wayback diffs | `tibet-wayback` | What changed between states |
| Pol runs | `tibet-pol` | Health check results |
| Phantom sessions | `phantom` | Session context (who/when/where) |

## Output

- **Markdown** — readable, diffable, git-friendly
- **HTML** — formatted for clients and auditors
- **JSON manifest** — machine-readable chain-of-custody
