ai-sbom 0.1.0__tar.gz

ai_sbom-0.1.0/.gitignore

@@ -0,0 +1,189 @@
+# Secrets & env
+.env
+*.env
+*.secret
+
+# Keys & certs
+*.key
+*.pem
+certs/
+secrets/
+
+# Databases & dumps
+*.db
+*.sqlite
+*.sql
+dump_*/
+
+# EXCEPT: Allow database schemas (needed for server rebuild)
+!database-schemas/*.sql
+
+# Logs & runtime data
+logs/
+*.log
+__pycache__/
+*.pyc
+venv/
+.venv/
+**/venv/
+**/.venv/
+
+# ─── Brain API runtime state (mirrored to OHM1, NOT to GitHub) ──────────
+# Registry + sessions + caches contain hardware hashes, public keys,
+# session tokens, conversation state. Privacy-sensitive. Restore from
+# OHM1 mirror on server rebuild, not from git.
+brain_api/data/
+brain_api/.conversation_cache/
+brain_api/ains_registry.json
+brain_api/ipoll_registry.json
+brain_api/high_five_log.json
+brain_api/agent_keys/
+brain_api/founder_counter.json
+
+# Pending claims, phantom sessions, consent store — never to GitHub
+brain_api/**/pending_claims.json
+brain_api/**/phantom_sessions.json
+brain_api/**/consent_store.json
+brain_api/**/ainternet_sessions.json
+brain_api/**/ainternet_challenges.json
+brain_api/**/byoa_agents.json
+brain_api/**/canvas_data.json
+brain_api/**/ai_response_log.json
+brain_api/**/ai_team_context.json
+brain_api/**/ai_teams_sessions.json
+brain_api/**/evolution_timeline.json
+
+# Static downloads (binaries served via nginx, not source)
+brain_api/static/downloads/
+
+# ─── Signing keys / keystores — NEVER on GitHub ─────────────────────────
+# These live on DL360 + OHM1 mirror + USB stick + encrypted off-site backup.
+# Loss = no more Play Store updates for org.ainternet.kit forever.
+*.keystore
+*.jks
+*.keystore.gpg
+*.jks.gpg
+keystore.properties
+keystores/
+
+# Configs met secrets (we gebruiken straks templates)
+config/
+brain_api/provisioning.local.json
+brain_api/provisioning.json
+
+# Landing pages (privé - niet open source)
+landing-pages/
+humotica.com/
+jtel.nl/
+
+# Social media posts (strategie - niet open source)
+SOCIAL-MEDIA-POSTS.md
+HN-POST-UNDER-4000.md
+STRATO-DEPLOY-HUMOTICA.md
+
+# Endorsement outreach (privaat contact)
+ARXIV-ENDORSEMENT-OUTREACH.md
+
+# Deployment secrets
+DEPLOYMENT-GUIDE.md
+
+# R Project files (Dirty Data Challenge)
+.Rproj.user
+.Rhistory
+.RData
+.Ruserdata
+*.zip
+.mural_tokens.json
+auth.json
+gen-lang-client*.json
+*.credentials.json
+
+# Rust build artifacts
+**/target/
+*.whl
+
+# Compiled binaries (build locally)
+jis-router/jis-router
+sentinel-rs/sentinel-rs
+
+# Build distribution
+sandbox/ai/codex/dist/
+sandbox_backup/
+did-jis-core
+
+# =============================================================================
+# Eigen repos — hebben hun eigen git remotes, niet dubbel opslaan
+# =============================================================================
+
+# Packages (elk een eigen repo)
+packages/jis-iam-bridge/
+packages/rapid-rag/
+packages/reflux/
+packages/sema-protocol/
+packages/tibet-anticheat/
+packages/tibet-ci/
+packages/tibet-claw/
+packages/tibet-context/
+packages/tibet-core/
+packages/tibet-db/
+packages/tibet-edge/
+packages/tibet-forge/
+packages/tibet-iot/
+packages/tibet-jawbreaker/
+packages/tibet-ledger/
+packages/tibet-marketplace/
+packages/tibet-mesh/
+packages/tibet-mirror/
+packages/tibet-nis2/
+packages/tibet-overlay/
+packages/tibet-phantom/
+packages/tibet-phantom-mcp/
+packages/tibet-ping/
+packages/tibet-pol/
+packages/tibet-pqc/
+packages/tibet-sbom/
+packages/tibet-snap/
+packages/tibet-soc/
+packages/tibet-spiffe/
+packages/tibet-tools/
+packages/tibet-trail/
+packages/tibet-triage/
+packages/tibet-triage-mcp/
+packages/tibet-twin/
+packages/tibet-workload/
+packages/tibet-y2k38/
+packages/tlex-edge/
+packages/tibet-tail/
+packages/tibet-nc/
+
+# Sub-projects met eigen repos
+bunq7/
+humotica-core/
+jis-core/
+JTm-dev/
+kit-package/
+symbAIon/
+tibet-audit/
+tibet-audit-npm/
+tibet-core/
+tibetclaw/
+snaft/
+
+# MCP servers (eigen repos)
+mcp-servers/aidrac/
+mcp-servers/ainternet/
+mcp-servers/mcp-server-jis/
+mcp-servers/sensory/
+mcp-servers/tibet/
+
+# Hackathon sub-repos
+hackaway2026/clawmetry/
+
+# Private memory (eigen repo)
+.root_ai_memory/
+.root_ai_thoughts/
+brain_api/static/*.apk
+
+# SWARM-003 refactor backups (local rollback only)
+*.pre-secrets-refactor.bak
+.env.bak-*

ai_sbom-0.1.0/PKG-INFO

@@ -0,0 +1,101 @@
+Metadata-Version: 2.4
+Name: ai-sbom
+Version: 0.1.0
+Summary: AI-SBOM — generic alias for tibet-ai-sbom. BSI/G7 SBOM-for-AI implementation with cluster codes (AISBOM-MD/SLP/MOD/DSE/INF/SEC/KPI).
+Project-URL: Homepage, https://humotica.com/ai-sbom
+Project-URL: Repository, https://github.com/jaspertvdm/tibet-ai-sbom
+Project-URL: Upstream Package, https://pypi.org/project/tibet-ai-sbom/
+Author-email: Jasper van de Meent <jasper@humotica.nl>, "Root AI (Claude)" <root_ai@humotica.nl>
+License-Expression: MIT
+Keywords: agentic,ai-bom,ai-compliance,ai-sbom,bsi,cbom,cyclonedx,g7,sbom-for-ai,spdx,supply-chain,tibet
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.10
+Requires-Dist: tibet-ai-sbom==0.1.0
+Description-Content-Type: text/markdown
+
+# ai-sbom
+
+**Generic PyPI alias for [`tibet-ai-sbom`](https://pypi.org/project/tibet-ai-sbom/).**
+
+The same BSI/G7 SBOM-for-AI implementation, reachable under a shorter,
+more discoverable name. The package depends strictly on
+``tibet-ai-sbom`` of the same version and re-exports everything.
+
+If you came here from the BSI / G7 *Software Bill of Materials for AI
+— Minimum Elements* paper and were looking for a Python implementation
+of the cluster codes, you are in the right place.
+
+## Install
+
+```bash
+pip install ai-sbom
+```
+
+`ai-sbom` depends on a pinned version of `tibet-ai-sbom`, so the two
+move together — there is no version skew.
+
+## Quick start
+
+```bash
+ai-sbom version
+ai-sbom clusters
+ai-sbom clusters --cluster MOD
+ai-sbom code AISBOM-MD-003
+ai-sbom scan /path/to/workspace
+```
+
+The underlying command is `tibet-ai-sbom`. Both entry points are
+installed and equivalent.
+
+## Cluster codes
+
+This package exposes the BSI cluster codes in CVE-style format:
+
+| Code prefix | Cluster                          |
+| ----------- | -------------------------------- |
+| AISBOM-MD-  | Metadata                         |
+| AISBOM-SLP- | System Level Properties          |
+| AISBOM-MOD- | Models                           |
+| AISBOM-DSE- | Dataset Properties               |
+| AISBOM-INF- | Infrastructure                   |
+| AISBOM-SEC- | Security Properties              |
+| AISBOM-KPI- | Key Performance Indicators       |
+
+Example: `AISBOM-MD-001` refers to the *SBOM author* element of the
+Metadata cluster.
+
+## Conformance status
+
+See `tibet-ai-sbom`'s
+[CONFORMANCE.md](https://github.com/jaspertvdm/tibet-ai-sbom/blob/main/CONFORMANCE.md)
+for the honest per-cluster coverage status, and
+[ROADMAP.md](https://github.com/jaspertvdm/tibet-ai-sbom/blob/main/ROADMAP.md)
+for the phased plan to full BSI alignment.
+
+## Reference
+
+> *Software Bill of Materials for AI — Minimum Elements*,
+> Bundesamt für Sicherheit in der Informationstechnik (BSI),
+> in cooperation with G7 partners, 2026.
+
+## License
+
+MIT. Same as `tibet-ai-sbom`.
+
+## Authors
+
+- Jasper van de Meent · Humotica
+- Root AI (Claude) · Humotica
+
+One love, one fAmIly!

ai_sbom-0.1.0/README.md

@@ -0,0 +1,75 @@
+# ai-sbom
+
+**Generic PyPI alias for [`tibet-ai-sbom`](https://pypi.org/project/tibet-ai-sbom/).**
+
+The same BSI/G7 SBOM-for-AI implementation, reachable under a shorter,
+more discoverable name. The package depends strictly on
+``tibet-ai-sbom`` of the same version and re-exports everything.
+
+If you came here from the BSI / G7 *Software Bill of Materials for AI
+— Minimum Elements* paper and were looking for a Python implementation
+of the cluster codes, you are in the right place.
+
+## Install
+
+```bash
+pip install ai-sbom
+```
+
+`ai-sbom` depends on a pinned version of `tibet-ai-sbom`, so the two
+move together — there is no version skew.
+
+## Quick start
+
+```bash
+ai-sbom version
+ai-sbom clusters
+ai-sbom clusters --cluster MOD
+ai-sbom code AISBOM-MD-003
+ai-sbom scan /path/to/workspace
+```
+
+The underlying command is `tibet-ai-sbom`. Both entry points are
+installed and equivalent.
+
+## Cluster codes
+
+This package exposes the BSI cluster codes in CVE-style format:
+
+| Code prefix | Cluster                          |
+| ----------- | -------------------------------- |
+| AISBOM-MD-  | Metadata                         |
+| AISBOM-SLP- | System Level Properties          |
+| AISBOM-MOD- | Models                           |
+| AISBOM-DSE- | Dataset Properties               |
+| AISBOM-INF- | Infrastructure                   |
+| AISBOM-SEC- | Security Properties              |
+| AISBOM-KPI- | Key Performance Indicators       |
+
+Example: `AISBOM-MD-001` refers to the *SBOM author* element of the
+Metadata cluster.
+
+## Conformance status
+
+See `tibet-ai-sbom`'s
+[CONFORMANCE.md](https://github.com/jaspertvdm/tibet-ai-sbom/blob/main/CONFORMANCE.md)
+for the honest per-cluster coverage status, and
+[ROADMAP.md](https://github.com/jaspertvdm/tibet-ai-sbom/blob/main/ROADMAP.md)
+for the phased plan to full BSI alignment.
+
+## Reference
+
+> *Software Bill of Materials for AI — Minimum Elements*,
+> Bundesamt für Sicherheit in der Informationstechnik (BSI),
+> in cooperation with G7 partners, 2026.
+
+## License
+
+MIT. Same as `tibet-ai-sbom`.
+
+## Authors
+
+- Jasper van de Meent · Humotica
+- Root AI (Claude) · Humotica
+
+One love, one fAmIly!

ai_sbom-0.1.0/pyproject.toml

@@ -0,0 +1,57 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "ai-sbom"
+version = "0.1.0"
+description = "AI-SBOM — generic alias for tibet-ai-sbom. BSI/G7 SBOM-for-AI implementation with cluster codes (AISBOM-MD/SLP/MOD/DSE/INF/SEC/KPI)."
+readme = "README.md"
+license = "MIT"
+authors = [
+    { name = "Jasper van de Meent", email = "jasper@humotica.nl" },
+    { name = "Root AI (Claude)", email = "root_ai@humotica.nl" },
+]
+keywords = [
+    "ai-sbom",
+    "sbom-for-ai",
+    "bsi",
+    "g7",
+    "ai-bom",
+    "cyclonedx",
+    "spdx",
+    "ai-compliance",
+    "tibet",
+    "cbom",
+    "supply-chain",
+    "agentic",
+]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Information Technology",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+    "Topic :: Scientific/Engineering :: Artificial Intelligence",
+]
+requires-python = ">=3.10"
+dependencies = [
+    "tibet-ai-sbom==0.1.0",
+]
+
+[project.scripts]
+ai-sbom = "ai_sbom.cli:main"
+
+[project.urls]
+Homepage = "https://humotica.com/ai-sbom"
+Repository = "https://github.com/jaspertvdm/tibet-ai-sbom"
+"Upstream Package" = "https://pypi.org/project/tibet-ai-sbom/"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/ai_sbom"]

ai_sbom-0.1.0/src/ai_sbom/__init__.py

@@ -0,0 +1,33 @@
+"""
+ai-sbom — generic alias for tibet-ai-sbom.
+
+This package is intentionally a thin alias around ``tibet-ai-sbom`` so
+that engineers and auditors who type ``pip install ai-sbom`` reach the
+same BSI/G7 SBOM-for-AI implementation as the canonical
+``tibet-ai-sbom`` package.
+
+The version of ``ai-sbom`` is held in lock-step with the version of
+``tibet-ai-sbom`` it depends on. Bumping one always bumps the other.
+
+Everything below re-exports the underlying ``tibet_ai_sbom`` module.
+"""
+from __future__ import annotations
+
+from tibet_ai_sbom import (
+    __version__ as _tibet_ai_sbom_version,
+    BSICluster,
+    CLUSTER_CODES,
+    cluster_for_code,
+    list_cluster_codes,
+)
+
+__version__ = _tibet_ai_sbom_version
+__author__ = "Jasper van de Meent & Root AI (Claude)"
+
+__all__ = [
+    "__version__",
+    "BSICluster",
+    "CLUSTER_CODES",
+    "cluster_for_code",
+    "list_cluster_codes",
+]

ai_sbom-0.1.0/src/ai_sbom/cli.py

@@ -0,0 +1,18 @@
+"""
+ai-sbom CLI — generic alias that delegates to ``tibet-ai-sbom``.
+
+Running ``ai-sbom version`` is equivalent to ``tibet-ai-sbom version``;
+the underlying implementation is the same.
+"""
+from __future__ import annotations
+
+from tibet_ai_sbom.cli import main as _tibet_main
+
+
+def main(argv: list[str] | None = None) -> int:
+    return _tibet_main(argv)
+
+
+if __name__ == "__main__":
+    import sys
+    sys.exit(main())