tbz 0.1.0__tar.gz

tbz-0.1.0/PKG-INFO

@@ -0,0 +1,117 @@
+Metadata-Version: 2.4
+Name: tbz
+Version: 0.1.0
+Summary: TBZ (TIBET-zip) — Block-level authenticated compression for the Zero-Trust era
+Author-email: Jasper van de Meent <jasper@humotica.nl>
+License: MIT OR Apache-2.0
+Project-URL: Homepage, https://github.com/jaspertvdm/tbz
+Project-URL: Repository, https://github.com/jaspertvdm/tbz
+Project-URL: Issues, https://github.com/jaspertvdm/tbz/issues
+Project-URL: Documentation, https://github.com/jaspertvdm/tbz/blob/main/ARCHITECTURE.md
+Keywords: compression,security,provenance,supply-chain,zero-trust,ed25519
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Rust
+Classifier: Topic :: Security
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: System :: Archiving :: Compression
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.28.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+
+# tbz — TIBET-zip for Python
+
+**Block-level authenticated compression for the Zero-Trust era.**
+
+Python client for TBZ archives and the Transparency Mirror network. Every block carries its own TIBET provenance envelope and Ed25519 signature. Tampered blocks are rejected before decompression touches memory.
+
+## Install
+
+```bash
+pip install tbz
+```
+
+## Quick Start
+
+```python
+from tbz import TBZArchive, Mirror
+
+# Read and inspect a TBZ archive (pure Python, no binary needed)
+archive = TBZArchive("release.tbz")
+info = archive.inspect()
+print(f"Blocks: {info['block_count']}, Hash: {info['content_hash']}")
+
+# Verify integrity (uses Rust CLI if available, falls back to Python)
+result = archive.verify()
+print(result)  # TBZ VERIFIED: 3 blocks (hash + Ed25519), 0 errors
+
+# Look up in the Transparency Mirror (public, no auth needed)
+mirror = Mirror()
+entry = mirror.lookup("sha256:abc123...")
+if entry:
+    print(f"Source: {entry['source_repo']}, Attestations: {len(entry['attestations'])}")
+
+# Search by publisher
+results = mirror.search(jis_id="jis:ed25519:77214ce9c262843e")
+
+# Mirror stats
+stats = mirror.stats()
+print(f"Mirror node: {stats['node']}, entries: {stats['total_entries']}")
+```
+
+## With Rust CLI (full features)
+
+For full Ed25519 signature verification and pack/unpack support, install the Rust binary:
+
+```bash
+# From source
+git clone https://github.com/jaspertvdm/tbz
+cd tbz && cargo build --release
+export PATH=$PATH:$(pwd)/target/release
+
+# Then in Python
+archive = TBZArchive("release.tbz")
+result = archive.verify()  # Full Ed25519 + SHA-256 verification
+archive.unpack("./extracted")  # Extract through TIBET Airlock
+```
+
+## Transparency Mirror
+
+The Mirror is a distributed trust database for verifying TBZ package provenance. The bootstrap node runs at `brein.jaspervandemeent.nl`.
+
+```python
+from tbz import Mirror
+
+# Default: connects to bootstrap node
+mirror = Mirror()
+
+# Custom node
+mirror = Mirror(node_url="https://your-mirror.example.com")
+
+# Public endpoints (no auth)
+mirror.lookup("sha256:...")   # Look up by hash
+mirror.search(verdict="safe") # Search attestations
+mirror.stats()                # Node statistics
+```
+
+## Links
+
+- [GitHub](https://github.com/jaspertvdm/tbz)
+- [Architecture](https://github.com/jaspertvdm/tbz/blob/main/ARCHITECTURE.md)
+- [Mirror API](https://brein.jaspervandemeent.nl/api/tbz-mirror/stats)
+
+## License
+
+MIT / Apache-2.0

tbz-0.1.0/README.md

@@ -0,0 +1,84 @@
+# tbz — TIBET-zip for Python
+
+**Block-level authenticated compression for the Zero-Trust era.**
+
+Python client for TBZ archives and the Transparency Mirror network. Every block carries its own TIBET provenance envelope and Ed25519 signature. Tampered blocks are rejected before decompression touches memory.
+
+## Install
+
+```bash
+pip install tbz
+```
+
+## Quick Start
+
+```python
+from tbz import TBZArchive, Mirror
+
+# Read and inspect a TBZ archive (pure Python, no binary needed)
+archive = TBZArchive("release.tbz")
+info = archive.inspect()
+print(f"Blocks: {info['block_count']}, Hash: {info['content_hash']}")
+
+# Verify integrity (uses Rust CLI if available, falls back to Python)
+result = archive.verify()
+print(result)  # TBZ VERIFIED: 3 blocks (hash + Ed25519), 0 errors
+
+# Look up in the Transparency Mirror (public, no auth needed)
+mirror = Mirror()
+entry = mirror.lookup("sha256:abc123...")
+if entry:
+    print(f"Source: {entry['source_repo']}, Attestations: {len(entry['attestations'])}")
+
+# Search by publisher
+results = mirror.search(jis_id="jis:ed25519:77214ce9c262843e")
+
+# Mirror stats
+stats = mirror.stats()
+print(f"Mirror node: {stats['node']}, entries: {stats['total_entries']}")
+```
+
+## With Rust CLI (full features)
+
+For full Ed25519 signature verification and pack/unpack support, install the Rust binary:
+
+```bash
+# From source
+git clone https://github.com/jaspertvdm/tbz
+cd tbz && cargo build --release
+export PATH=$PATH:$(pwd)/target/release
+
+# Then in Python
+archive = TBZArchive("release.tbz")
+result = archive.verify()  # Full Ed25519 + SHA-256 verification
+archive.unpack("./extracted")  # Extract through TIBET Airlock
+```
+
+## Transparency Mirror
+
+The Mirror is a distributed trust database for verifying TBZ package provenance. The bootstrap node runs at `brein.jaspervandemeent.nl`.
+
+```python
+from tbz import Mirror
+
+# Default: connects to bootstrap node
+mirror = Mirror()
+
+# Custom node
+mirror = Mirror(node_url="https://your-mirror.example.com")
+
+# Public endpoints (no auth)
+mirror.lookup("sha256:...")   # Look up by hash
+mirror.search(verdict="safe") # Search attestations
+mirror.stats()                # Node statistics
+```
+
+## Links
+
+- [GitHub](https://github.com/jaspertvdm/tbz)
+- [Architecture](https://github.com/jaspertvdm/tbz/blob/main/ARCHITECTURE.md)
+- [Mirror API](https://brein.jaspervandemeent.nl/api/tbz-mirror/stats)
+
+## License
+
+MIT / Apache-2.0

tbz-0.1.0/pyproject.toml

@@ -0,0 +1,48 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "tbz"
+version = "0.1.0"
+description = "TBZ (TIBET-zip) — Block-level authenticated compression for the Zero-Trust era"
+readme = "README.md"
+license = {text = "MIT OR Apache-2.0"}
+requires-python = ">=3.9"
+authors = [
+    {name = "Jasper van de Meent", email = "jasper@humotica.nl"},
+]
+keywords = ["compression", "security", "provenance", "supply-chain", "zero-trust", "ed25519"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "License :: OSI Approved :: Apache Software License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Rust",
+    "Topic :: Security",
+    "Topic :: Security :: Cryptography",
+    "Topic :: System :: Archiving :: Compression",
+]
+dependencies = [
+    "requests>=2.28.0",
+]
+
+[project.optional-dependencies]
+dev = ["pytest>=7.0", "pytest-cov"]
+
+[project.urls]
+Homepage = "https://github.com/jaspertvdm/tbz"
+Repository = "https://github.com/jaspertvdm/tbz"
+Issues = "https://github.com/jaspertvdm/tbz/issues"
+Documentation = "https://github.com/jaspertvdm/tbz/blob/main/ARCHITECTURE.md"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["tbz*"]

tbz-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

tbz-0.1.0/tbz/__init__.py

@@ -0,0 +1,26 @@
+"""
+TBZ (TIBET-zip) — Block-level authenticated compression for the Zero-Trust era.
+
+Every block carries its own TIBET provenance envelope and Ed25519 signature.
+Invalid blocks are rejected before decompression touches memory.
+
+Usage:
+    from tbz import TBZArchive, Mirror
+
+    # Verify an archive
+    archive = TBZArchive("release.tbz")
+    result = archive.verify()
+    print(result)
+
+    # Look up in Transparency Mirror
+    mirror = Mirror()
+    entry = mirror.lookup("sha256:abc123...")
+"""
+
+__version__ = "0.1.0"
+__author__ = "Jasper van de Meent"
+
+from tbz.archive import TBZArchive
+from tbz.mirror import Mirror
+
+__all__ = ["TBZArchive", "Mirror", "__version__"]

tbz-0.1.0/tbz/archive.py

@@ -0,0 +1,248 @@
+"""
+TBZ Archive — Python interface for TBZ archives.
+
+Wraps the Rust `tbz` CLI for pack/unpack/verify/inspect operations.
+For native speed, install the Rust toolchain and build with `cargo build --release`.
+"""
+
+import hashlib
+import json
+import os
+import shutil
+import struct
+import subprocess
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import List, Optional, Dict, Any
+
+
+# TBZ magic bytes
+MAGIC = bytes([0x54, 0x42, 0x5A])
+
+
+@dataclass
+class BlockInfo:
+    """Information about a single block in a TBZ archive."""
+    index: int
+    block_type: str  # "Manifest", "Data", "Nested"
+    jis_level: int
+    compressed_size: int
+    uncompressed_size: int
+    content_hash: str
+    erachter: str  # intent
+    signature_present: bool
+    path: Optional[str] = None
+
+
+@dataclass
+class VerifyResult:
+    """Result of verifying a TBZ archive."""
+    ok: bool
+    blocks_checked: int
+    errors: int
+    signing_key: Optional[str] = None
+    block_results: List[Dict[str, Any]] = field(default_factory=list)
+
+    def __str__(self):
+        status = "VERIFIED" if self.ok else "FAILED"
+        sig = f" (hash + Ed25519)" if self.signing_key else " (hash only)"
+        return f"TBZ {status}: {self.blocks_checked} blocks{sig}, {self.errors} errors"
+
+
+class TBZArchive:
+    """Interface for TBZ archives.
+
+    Can operate in two modes:
+    1. CLI mode: delegates to the Rust `tbz` binary (fast, full features)
+    2. Pure Python mode: reads block headers directly (no external binary needed)
+
+    Args:
+        path: Path to the .tbz archive file
+        tbz_binary: Path to the tbz CLI binary (auto-detected if not specified)
+    """
+
+    def __init__(self, path: str, tbz_binary: str = None):
+        self.path = Path(path)
+        self._tbz_bin = tbz_binary or self._find_binary()
+
+    def _find_binary(self) -> Optional[str]:
+        """Try to find the tbz binary."""
+        # Check common locations
+        candidates = [
+            shutil.which("tbz"),
+            os.path.expanduser("~/.cargo/bin/tbz"),
+            str(Path(__file__).parent.parent.parent / "target" / "release" / "tbz"),
+            str(Path(__file__).parent.parent.parent / "target" / "debug" / "tbz"),
+        ]
+        for c in candidates:
+            if c and os.path.isfile(c) and os.access(c, os.X_OK):
+                return c
+        return None
+
+    @property
+    def exists(self) -> bool:
+        return self.path.exists()
+
+    def content_hash(self) -> str:
+        """Compute SHA-256 hash of the entire archive file."""
+        h = hashlib.sha256()
+        with open(self.path, "rb") as f:
+            for chunk in iter(lambda: f.read(8192), b""):
+                h.update(chunk)
+        return f"sha256:{h.hexdigest()}"
+
+    def read_blocks(self) -> List[BlockInfo]:
+        """Read block headers from the archive (pure Python, no CLI needed)."""
+        blocks = []
+        with open(self.path, "rb") as f:
+            while True:
+                magic = f.read(3)
+                if len(magic) < 3:
+                    break
+                if magic != MAGIC:
+                    break
+
+                # Read header
+                header_len = struct.unpack("<I", f.read(4))[0]
+                header_json = f.read(header_len)
+                header = json.loads(header_json)
+
+                # Read envelope
+                envelope_len = struct.unpack("<I", f.read(4))[0]
+                envelope_json = f.read(envelope_len)
+                envelope = json.loads(envelope_json)
+
+                # Read payload
+                payload_len = struct.unpack("<Q", f.read(8))[0]
+                f.seek(payload_len, 1)  # skip payload
+
+                # Read signature (64 bytes)
+                sig = f.read(64)
+                sig_present = any(b != 0 for b in sig)
+
+                blocks.append(BlockInfo(
+                    index=header.get("block_index", 0),
+                    block_type=header.get("block_type", "Unknown"),
+                    jis_level=header.get("jis_level", 0),
+                    compressed_size=header.get("compressed_size", 0),
+                    uncompressed_size=header.get("uncompressed_size", 0),
+                    content_hash=envelope.get("erin", {}).get("content_hash", ""),
+                    erachter=envelope.get("erachter", ""),
+                    signature_present=sig_present,
+                    path=None,
+                ))
+
+        return blocks
+
+    def verify(self) -> VerifyResult:
+        """Verify the archive integrity.
+
+        Uses the Rust CLI if available (fast, full Ed25519 verification).
+        Falls back to pure Python header reading if CLI not found.
+        """
+        if self._tbz_bin:
+            return self._verify_cli()
+        return self._verify_python()
+
+    def _verify_cli(self) -> VerifyResult:
+        """Verify using the Rust CLI binary."""
+        result = subprocess.run(
+            [self._tbz_bin, "verify", str(self.path)],
+            capture_output=True, text=True, timeout=60,
+        )
+
+        output = result.stdout + result.stderr
+        errors = output.count("FAIL")
+        blocks = output.count("] OK") + errors
+        signing_key = None
+
+        for line in output.splitlines():
+            if "Signing key:" in line:
+                signing_key = line.split("Ed25519")[-1].strip()
+
+        return VerifyResult(
+            ok=(errors == 0 and result.returncode == 0),
+            blocks_checked=blocks,
+            errors=errors,
+            signing_key=signing_key,
+            block_results=[{"raw_output": output}],
+        )
+
+    def _verify_python(self) -> VerifyResult:
+        """Basic verification using pure Python (header checks only)."""
+        blocks = self.read_blocks()
+        return VerifyResult(
+            ok=len(blocks) > 0,
+            blocks_checked=len(blocks),
+            errors=0,
+            signing_key=None,
+            block_results=[{"index": b.index, "type": b.block_type, "hash": b.content_hash} for b in blocks],
+        )
+
+    def inspect(self) -> Dict[str, Any]:
+        """Get detailed information about the archive."""
+        blocks = self.read_blocks()
+        return {
+            "path": str(self.path),
+            "size": self.path.stat().st_size,
+            "content_hash": self.content_hash(),
+            "block_count": len(blocks),
+            "blocks": [
+                {
+                    "index": b.index,
+                    "type": b.block_type,
+                    "jis_level": b.jis_level,
+                    "compressed_size": b.compressed_size,
+                    "uncompressed_size": b.uncompressed_size,
+                    "content_hash": b.content_hash,
+                    "intent": b.erachter,
+                    "signed": b.signature_present,
+                }
+                for b in blocks
+            ],
+        }
+
+    def unpack(self, output_dir: str = ".") -> bool:
+        """Extract the archive through the TIBET Airlock.
+
+        Requires the Rust CLI binary.
+        """
+        if not self._tbz_bin:
+            raise RuntimeError("tbz binary not found — install with: cargo install --path crates/tbz-cli")
+
+        result = subprocess.run(
+            [self._tbz_bin, "unpack", str(self.path), "-o", output_dir],
+            capture_output=True, text=True, timeout=120,
+        )
+        return result.returncode == 0
+
+    @staticmethod
+    def pack(source: str, output: str = "output.tbz", tbz_binary: str = None) -> "TBZArchive":
+        """Pack files into a TBZ archive.
+
+        Requires the Rust CLI binary.
+
+        Args:
+            source: Path to file or directory to archive
+            output: Output .tbz file path
+            tbz_binary: Path to tbz CLI binary
+
+        Returns:
+            TBZArchive instance for the created archive.
+        """
+        binary = tbz_binary or shutil.which("tbz")
+        if not binary:
+            raise RuntimeError("tbz binary not found — install with: cargo install --path crates/tbz-cli")
+
+        result = subprocess.run(
+            [binary, "pack", source, "-o", output],
+            capture_output=True, text=True, timeout=120,
+        )
+        if result.returncode != 0:
+            raise RuntimeError(f"Pack failed: {result.stderr}")
+
+        return TBZArchive(output, tbz_binary=binary)
+
+    def __repr__(self):
+        blocks = len(self.read_blocks()) if self.exists else 0
+        return f"TBZArchive({self.path!r}, blocks={blocks})"

tbz-0.1.0/tbz/mirror.py

@@ -0,0 +1,184 @@
+"""
+TBZ Transparency Mirror client.
+
+Query the distributed trust database for package provenance verification.
+"""
+
+from typing import Optional, Dict, Any, List
+import requests
+
+
+DEFAULT_MIRROR = "https://brein.jaspervandemeent.nl"
+
+
+class MirrorError(Exception):
+    """Error communicating with a Transparency Mirror node."""
+    pass
+
+
+class Mirror:
+    """Client for the TBZ Transparency Mirror network.
+
+    The Mirror is a distributed trust database that stores content hashes,
+    Ed25519 signing keys, and attestations for TBZ archives.
+
+    Args:
+        node_url: Base URL of the mirror node (default: bootstrap node)
+        timeout: Request timeout in seconds
+    """
+
+    def __init__(self, node_url: str = DEFAULT_MIRROR, timeout: float = 10.0):
+        self.node_url = node_url.rstrip("/")
+        self.timeout = timeout
+        self._base = f"{self.node_url}/api/tbz-mirror"
+
+    def lookup(self, content_hash: str) -> Optional[Dict[str, Any]]:
+        """Look up a TBZ archive by its content hash.
+
+        Args:
+            content_hash: SHA-256 hash (format: "sha256:<hex>")
+
+        Returns:
+            Trust entry dict if found, None if not found.
+
+        Raises:
+            MirrorError: On network or server errors.
+        """
+        try:
+            resp = requests.get(
+                f"{self._base}/lookup/{content_hash}",
+                timeout=self.timeout,
+            )
+            if resp.status_code == 404:
+                return None
+            resp.raise_for_status()
+            return resp.json().get("entry")
+        except requests.ConnectionError as e:
+            raise MirrorError(f"Cannot reach mirror node {self.node_url}: {e}")
+        except requests.HTTPError as e:
+            raise MirrorError(f"Mirror error: {e}")
+
+    def register(self, content_hash: str, signing_key: str = None,
+                 jis_id: str = None, source_repo: str = None,
+                 block_count: int = 0, total_size: int = 0,
+                 auth_token: str = None) -> Dict[str, Any]:
+        """Register a TBZ archive in the Transparency Mirror.
+
+        Requires authentication on the mirror node.
+
+        Args:
+            content_hash: SHA-256 hash of the archive
+            signing_key: Ed25519 public key (hex)
+            jis_id: JIS identity string
+            source_repo: Repository identifier
+            block_count: Number of blocks in the archive
+            total_size: Total uncompressed size in bytes
+            auth_token: JWT bearer token for authentication
+
+        Returns:
+            Registration result from the mirror.
+        """
+        headers = {"Content-Type": "application/json"}
+        if auth_token:
+            headers["Authorization"] = f"Bearer {auth_token}"
+
+        payload = {"content_hash": content_hash}
+        if signing_key:
+            payload["signing_key"] = signing_key
+        if jis_id:
+            payload["jis_id"] = jis_id
+        if source_repo:
+            payload["source_repo"] = source_repo
+        if block_count:
+            payload["block_count"] = block_count
+        if total_size:
+            payload["total_size"] = total_size
+
+        try:
+            resp = requests.post(
+                f"{self._base}/register",
+                json=payload,
+                headers=headers,
+                timeout=self.timeout,
+            )
+            resp.raise_for_status()
+            return resp.json()
+        except requests.HTTPError as e:
+            raise MirrorError(f"Registration failed: {e}")
+
+    def attest(self, content_hash: str, attester: str,
+               verdict: str = "safe", notes: str = None,
+               auth_token: str = None) -> Dict[str, Any]:
+        """Add an attestation to an existing entry.
+
+        Args:
+            content_hash: SHA-256 hash of the archive
+            attester: JIS ID or name of the attester
+            verdict: "safe", "suspicious", "malicious", or "unknown"
+            notes: Optional evidence/notes
+            auth_token: JWT bearer token for authentication
+
+        Returns:
+            Attestation result from the mirror.
+        """
+        headers = {"Content-Type": "application/json"}
+        if auth_token:
+            headers["Authorization"] = f"Bearer {auth_token}"
+
+        payload = {"attester": attester, "verdict": verdict}
+        if notes:
+            payload["notes"] = notes
+
+        try:
+            resp = requests.post(
+                f"{self._base}/attest/{content_hash}",
+                json=payload,
+                headers=headers,
+                timeout=self.timeout,
+            )
+            resp.raise_for_status()
+            return resp.json()
+        except requests.HTTPError as e:
+            raise MirrorError(f"Attestation failed: {e}")
+
+    def search(self, jis_id: str = None, verdict: str = None,
+               signing_key: str = None, limit: int = 50) -> List[Dict[str, Any]]:
+        """Search the Transparency Mirror.
+
+        All parameters are optional filters.
+
+        Returns:
+            List of matching trust entries.
+        """
+        params = {}
+        if jis_id:
+            params["jis_id"] = jis_id
+        if verdict:
+            params["verdict"] = verdict
+        if signing_key:
+            params["signing_key"] = signing_key
+        params["limit"] = limit
+
+        try:
+            resp = requests.get(
+                f"{self._base}/search",
+                params=params,
+                timeout=self.timeout,
+            )
+            resp.raise_for_status()
+            return resp.json().get("results", [])
+        except requests.HTTPError as e:
+            raise MirrorError(f"Search failed: {e}")
+
+    def stats(self) -> Dict[str, Any]:
+        """Get mirror node statistics.
+
+        Returns:
+            Dict with node info, entry counts, attestation counts.
+        """
+        resp = requests.get(f"{self._base}/stats", timeout=self.timeout)
+        resp.raise_for_status()
+        return resp.json()
+
+    def __repr__(self):
+        return f"Mirror(node={self.node_url!r})"

tbz-0.1.0/tbz.egg-info/PKG-INFO

@@ -0,0 +1,117 @@
+Metadata-Version: 2.4
+Name: tbz
+Version: 0.1.0
+Summary: TBZ (TIBET-zip) — Block-level authenticated compression for the Zero-Trust era
+Author-email: Jasper van de Meent <jasper@humotica.nl>
+License: MIT OR Apache-2.0
+Project-URL: Homepage, https://github.com/jaspertvdm/tbz
+Project-URL: Repository, https://github.com/jaspertvdm/tbz
+Project-URL: Issues, https://github.com/jaspertvdm/tbz/issues
+Project-URL: Documentation, https://github.com/jaspertvdm/tbz/blob/main/ARCHITECTURE.md
+Keywords: compression,security,provenance,supply-chain,zero-trust,ed25519
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Rust
+Classifier: Topic :: Security
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: System :: Archiving :: Compression
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: requests>=2.28.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+
+# tbz — TIBET-zip for Python
+
+**Block-level authenticated compression for the Zero-Trust era.**
+
+Python client for TBZ archives and the Transparency Mirror network. Every block carries its own TIBET provenance envelope and Ed25519 signature. Tampered blocks are rejected before decompression touches memory.
+
+## Install
+
+```bash
+pip install tbz
+```
+
+## Quick Start
+
+```python
+from tbz import TBZArchive, Mirror
+
+# Read and inspect a TBZ archive (pure Python, no binary needed)
+archive = TBZArchive("release.tbz")
+info = archive.inspect()
+print(f"Blocks: {info['block_count']}, Hash: {info['content_hash']}")
+
+# Verify integrity (uses Rust CLI if available, falls back to Python)
+result = archive.verify()
+print(result)  # TBZ VERIFIED: 3 blocks (hash + Ed25519), 0 errors
+
+# Look up in the Transparency Mirror (public, no auth needed)
+mirror = Mirror()
+entry = mirror.lookup("sha256:abc123...")
+if entry:
+    print(f"Source: {entry['source_repo']}, Attestations: {len(entry['attestations'])}")
+
+# Search by publisher
+results = mirror.search(jis_id="jis:ed25519:77214ce9c262843e")
+
+# Mirror stats
+stats = mirror.stats()
+print(f"Mirror node: {stats['node']}, entries: {stats['total_entries']}")
+```
+
+## With Rust CLI (full features)
+
+For full Ed25519 signature verification and pack/unpack support, install the Rust binary:
+
+```bash
+# From source
+git clone https://github.com/jaspertvdm/tbz
+cd tbz && cargo build --release
+export PATH=$PATH:$(pwd)/target/release
+
+# Then in Python
+archive = TBZArchive("release.tbz")
+result = archive.verify()  # Full Ed25519 + SHA-256 verification
+archive.unpack("./extracted")  # Extract through TIBET Airlock
+```
+
+## Transparency Mirror
+
+The Mirror is a distributed trust database for verifying TBZ package provenance. The bootstrap node runs at `brein.jaspervandemeent.nl`.
+
+```python
+from tbz import Mirror
+
+# Default: connects to bootstrap node
+mirror = Mirror()
+
+# Custom node
+mirror = Mirror(node_url="https://your-mirror.example.com")
+
+# Public endpoints (no auth)
+mirror.lookup("sha256:...")   # Look up by hash
+mirror.search(verdict="safe") # Search attestations
+mirror.stats()                # Node statistics
+```
+
+## Links
+
+- [GitHub](https://github.com/jaspertvdm/tbz)
+- [Architecture](https://github.com/jaspertvdm/tbz/blob/main/ARCHITECTURE.md)
+- [Mirror API](https://brein.jaspervandemeent.nl/api/tbz-mirror/stats)
+
+## License
+
+MIT / Apache-2.0

tbz-0.1.0/tbz.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+README.md
+pyproject.toml
+tbz/__init__.py
+tbz/archive.py
+tbz/mirror.py
+tbz.egg-info/PKG-INFO
+tbz.egg-info/SOURCES.txt
+tbz.egg-info/dependency_links.txt
+tbz.egg-info/requires.txt
+tbz.egg-info/top_level.txt

tbz-0.1.0/tbz.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

tbz-0.1.0/tbz.egg-info/requires.txt

@@ -0,0 +1,5 @@
+requests>=2.28.0
+
+[dev]
+pytest>=7.0
+pytest-cov

tbz-0.1.0/tbz.egg-info/top_level.txt

@@ -0,0 +1 @@
+tbz