tibet-keychain 0.1.0__tar.gz

tibet_keychain-0.1.0/LICENSE

@@ -0,0 +1 @@
+MIT License — Copyright (c) 2026 Humotica, Jasper van de Meent, Root AI, Codex

tibet_keychain-0.1.0/PKG-INFO

@@ -0,0 +1,196 @@
+Metadata-Version: 2.4
+Name: tibet-keychain
+Version: 0.1.0
+Summary: Causal-aware secret custody — where secrets live, how they moved, who touched them. Part of the TIBET vault family (tibet-vault = WHEN, tibet-keychain = WHERE/HOW, tibet-sam = WHY, tibet-gateway = where ACT is performed).
+Author-email: Jasper van de Meent <info@humotica.com>, Root AI <root_idd@humotica.nl>, Codex <codex@humotica.nl>
+License: MIT
+Project-URL: Homepage, https://humotica.com
+Project-URL: Repository, https://github.com/jaspertvdm/tibet-keychain
+Keywords: tibet,keychain,secret-custody,vault,credential,causal,audit,rotation,exposure,cbom
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=42.0
+Provides-Extra: sealed
+Requires-Dist: tibet-drop>=0.3.0; extra == "sealed"
+Provides-Extra: cbom
+Requires-Dist: tibet-cbom>=0.1.1; extra == "cbom"
+Provides-Extra: full
+Requires-Dist: tibet-drop>=0.3.0; extra == "full"
+Requires-Dist: tibet-cbom>=0.1.1; extra == "full"
+Dynamic: license-file
+
+# tibet-keychain
+
+> **Causal-aware secret custody — where secrets live, how they moved, who touched them.**
+
+`tibet-keychain` is part of the **TIBET vault family** — four primitives
+that answer four different questions about secrets, keys, tokens, and
+credentials:
+
+```
+═══════════════════════════════════════════════════════════════
+  THE VAULT FAMILY
+═══════════════════════════════════════════════════════════════
+
+  tibet-vault       WHEN        temporal trigger
+                                "release on date / dead-man-switch"
+
+  tibet-keychain    WHERE/HOW   custody + timeline       ← this package
+                                "where this secret lives, how it moved"
+
+  tibet-sam         WHY         intent + scope authorization
+                                "why this one specific act is allowed"
+
+  tibet-gateway     WHERE-EXEC  execution boundary
+                                "where the act is safely performed"
+═══════════════════════════════════════════════════════════════
+```
+
+## Why a separate keychain primitive?
+
+Traditional secret stores answer:
+
+- where is the key
+- can this caller read it
+
+`tibet-keychain` answers:
+
+- where is the key (still)
+- **how did it get here** (= causal history)
+- **who touched it** (= custody timeline)
+- **was it exposed** (= rotation triggers)
+- **how does the chain walk back** (= CBOM-compatible)
+
+That makes `tibet-keychain` the natural foundation for any system
+that has to prove not only "I have the key" but "I know exactly
+how this key entered my custody, who touched it on the way, and
+under which authority each transition happened".
+
+## Core idea
+
+Each secret is stored as a sealed `.tza` continuity object with:
+
+- encrypted secret payload (= the actual material)
+- vault-metadata (issuer / scope / created_at / expires_at)
+- custody-transition (owner ↔ custodian ↔ active-operator)
+- exposure_state + rotation_required flag
+- timeline of all `secret-*` events
+
+The secret material itself is encrypted and tightly scoped. The
+surrounding continuity metadata remains auditable.
+
+## Secret types
+
+```
+api_key                 oauth_token             signing_key
+service_account_cred    pypi_token              crates_token
+github_pat              ssh_key                 root_password
+smart_contract_signer   tls_cert                webhook_signer
+```
+
+## Timeline events
+
+```
+secret-created          secret-imported         secret-sealed
+secret-unsealed         secret-proxied          secret-delegated
+secret-exposed          secret-rotated          secret-revoked
+secret-archived
+```
+
+Each event carries:
+
+- actor identity (= who)
+- action_id + parent_action_id (= chain link)
+- timestamp
+- actor class (= human / machine / external / mcp-server / gateway / system)
+- relevant policy decisions (= scope / authority-shift)
+
+## Coupling with the rest of the family
+
+```
+                                tibet-keychain
+                                  (custody, timeline)
+                                      │
+                                      ↓ secret-proxied event
+                                      │
+              ┌───────────────────────┴───────────────────────┐
+              ▼                                                ▼
+        tibet-sam                                       tibet-gateway
+        (why this act is OK)                            (where it happens)
+              ↓                                                ↑
+         intent + scope                                    break-seal,
+         constraint sealed                                 execute,
+         in one-shot .tza                                  destroy-session
+              ↓                                                ↑
+              └─────────── handed to ──────────────────────────┘
+                                      ↓
+                                tibet-continuityd
+                                audit JSONL
+                                      ↓
+                                tibet-cbom
+                                timeline walk
+```
+
+## Why this beats traditional secret stores
+
+| Property                       | HashiCorp Vault | tibet-keychain |
+|--------------------------------|-----------------|----------------|
+| Encrypted at rest              | ✓               | ✓              |
+| ACL / policy controlled        | ✓               | ✓              |
+| Causal history of secret       | ✗               | ✓              |
+| Custody-transition chain       | ✗               | ✓              |
+| Exposure events recorded       | partial         | ✓              |
+| Audit walkable cross-bundle    | ✗               | ✓              |
+| Identity-bound rotation chain  | ✗               | ✓              |
+| Regulator-auditable timeline   | partial         | ✓              |
+
+## Use cases
+
+**Infrastructure**: SSH keys, database credentials, root access —
+all stored with custody chain, rotated through signed transitions.
+
+**Agent workflows**: PyPI tokens, crates.io tokens, GitHub PATs —
+agents never see them; they request a SAM capsule that the gateway
+executes against, the keychain logs the request.
+
+**Smart contracts**: signing keys with explicit "who can request a
+signing capsule for which contract address" policy, every signing
+event in the timeline.
+
+**Compliance evidence**: regulator asks "who could have signed this?
+who actually did?" — the keychain timeline answers both.
+
+## Install
+
+```bash
+pip install tibet-keychain[full]
+```
+
+This pulls `tibet-drop` (= sealed envelope substrate) and `tibet-cbom`
+(= timeline renderer) as soft dependencies.
+
+## Status
+
+**v0.1.0** — package skeleton + spec. Implementation track for full
+secret storage + sealed-bundle integration follows; designed to land
+in time for IETF spec referencing and Marco van Hurne / W3C demos.
+
+Spec source: `/srv/jtel-stack/hersenspinsels/tibet-vault-key-custody-and-sealed-secret-timeline-2026-05-12.md`
+
+## License
+
+MIT — Humotica + Root AI + Codex (2026)

tibet_keychain-0.1.0/README.md

@@ -0,0 +1,161 @@
+# tibet-keychain
+
+> **Causal-aware secret custody — where secrets live, how they moved, who touched them.**
+
+`tibet-keychain` is part of the **TIBET vault family** — four primitives
+that answer four different questions about secrets, keys, tokens, and
+credentials:
+
+```
+═══════════════════════════════════════════════════════════════
+  THE VAULT FAMILY
+═══════════════════════════════════════════════════════════════
+
+  tibet-vault       WHEN        temporal trigger
+                                "release on date / dead-man-switch"
+
+  tibet-keychain    WHERE/HOW   custody + timeline       ← this package
+                                "where this secret lives, how it moved"
+
+  tibet-sam         WHY         intent + scope authorization
+                                "why this one specific act is allowed"
+
+  tibet-gateway     WHERE-EXEC  execution boundary
+                                "where the act is safely performed"
+═══════════════════════════════════════════════════════════════
+```
+
+## Why a separate keychain primitive?
+
+Traditional secret stores answer:
+
+- where is the key
+- can this caller read it
+
+`tibet-keychain` answers:
+
+- where is the key (still)
+- **how did it get here** (= causal history)
+- **who touched it** (= custody timeline)
+- **was it exposed** (= rotation triggers)
+- **how does the chain walk back** (= CBOM-compatible)
+
+That makes `tibet-keychain` the natural foundation for any system
+that has to prove not only "I have the key" but "I know exactly
+how this key entered my custody, who touched it on the way, and
+under which authority each transition happened".
+
+## Core idea
+
+Each secret is stored as a sealed `.tza` continuity object with:
+
+- encrypted secret payload (= the actual material)
+- vault-metadata (issuer / scope / created_at / expires_at)
+- custody-transition (owner ↔ custodian ↔ active-operator)
+- exposure_state + rotation_required flag
+- timeline of all `secret-*` events
+
+The secret material itself is encrypted and tightly scoped. The
+surrounding continuity metadata remains auditable.
+
+## Secret types
+
+```
+api_key                 oauth_token             signing_key
+service_account_cred    pypi_token              crates_token
+github_pat              ssh_key                 root_password
+smart_contract_signer   tls_cert                webhook_signer
+```
+
+## Timeline events
+
+```
+secret-created          secret-imported         secret-sealed
+secret-unsealed         secret-proxied          secret-delegated
+secret-exposed          secret-rotated          secret-revoked
+secret-archived
+```
+
+Each event carries:
+
+- actor identity (= who)
+- action_id + parent_action_id (= chain link)
+- timestamp
+- actor class (= human / machine / external / mcp-server / gateway / system)
+- relevant policy decisions (= scope / authority-shift)
+
+## Coupling with the rest of the family
+
+```
+                                tibet-keychain
+                                  (custody, timeline)
+                                      │
+                                      ↓ secret-proxied event
+                                      │
+              ┌───────────────────────┴───────────────────────┐
+              ▼                                                ▼
+        tibet-sam                                       tibet-gateway
+        (why this act is OK)                            (where it happens)
+              ↓                                                ↑
+         intent + scope                                    break-seal,
+         constraint sealed                                 execute,
+         in one-shot .tza                                  destroy-session
+              ↓                                                ↑
+              └─────────── handed to ──────────────────────────┘
+                                      ↓
+                                tibet-continuityd
+                                audit JSONL
+                                      ↓
+                                tibet-cbom
+                                timeline walk
+```
+
+## Why this beats traditional secret stores
+
+| Property                       | HashiCorp Vault | tibet-keychain |
+|--------------------------------|-----------------|----------------|
+| Encrypted at rest              | ✓               | ✓              |
+| ACL / policy controlled        | ✓               | ✓              |
+| Causal history of secret       | ✗               | ✓              |
+| Custody-transition chain       | ✗               | ✓              |
+| Exposure events recorded       | partial         | ✓              |
+| Audit walkable cross-bundle    | ✗               | ✓              |
+| Identity-bound rotation chain  | ✗               | ✓              |
+| Regulator-auditable timeline   | partial         | ✓              |
+
+## Use cases
+
+**Infrastructure**: SSH keys, database credentials, root access —
+all stored with custody chain, rotated through signed transitions.
+
+**Agent workflows**: PyPI tokens, crates.io tokens, GitHub PATs —
+agents never see them; they request a SAM capsule that the gateway
+executes against, the keychain logs the request.
+
+**Smart contracts**: signing keys with explicit "who can request a
+signing capsule for which contract address" policy, every signing
+event in the timeline.
+
+**Compliance evidence**: regulator asks "who could have signed this?
+who actually did?" — the keychain timeline answers both.
+
+## Install
+
+```bash
+pip install tibet-keychain[full]
+```
+
+This pulls `tibet-drop` (= sealed envelope substrate) and `tibet-cbom`
+(= timeline renderer) as soft dependencies.
+
+## Status
+
+**v0.1.0** — package skeleton + spec. Implementation track for full
+secret storage + sealed-bundle integration follows; designed to land
+in time for IETF spec referencing and Marco van Hurne / W3C demos.
+
+Spec source: `/srv/jtel-stack/hersenspinsels/tibet-vault-key-custody-and-sealed-secret-timeline-2026-05-12.md`
+
+## License
+
+MIT — Humotica + Root AI + Codex (2026)

tibet_keychain-0.1.0/pyproject.toml

@@ -0,0 +1,61 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "tibet-keychain"
+version = "0.1.0"
+description = "Causal-aware secret custody — where secrets live, how they moved, who touched them. Part of the TIBET vault family (tibet-vault = WHEN, tibet-keychain = WHERE/HOW, tibet-sam = WHY, tibet-gateway = where ACT is performed)."
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.10"
+authors = [
+    {name = "Jasper van de Meent", email = "info@humotica.com"},
+    {name = "Root AI", email = "root_idd@humotica.nl"},
+    {name = "Codex", email = "codex@humotica.nl"},
+]
+keywords = [
+    "tibet", "keychain", "secret-custody", "vault", "credential",
+    "causal", "audit", "rotation", "exposure", "cbom",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Information Technology",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security :: Cryptography",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+]
+dependencies = [
+    "cryptography>=42.0",
+]
+
+[project.optional-dependencies]
+# Bridge to tibet-drop for sealed envelope storage
+sealed = [
+    "tibet-drop>=0.3.0",
+]
+# Bridge to tibet-cbom for timeline rendering
+cbom = [
+    "tibet-cbom>=0.1.1",
+]
+# Full stack
+full = [
+    "tibet-drop>=0.3.0",
+    "tibet-cbom>=0.1.1",
+]
+
+[project.scripts]
+tibet-keychain = "tibet_keychain.cli:main"
+tkc = "tibet_keychain.cli:main"
+
+[project.urls]
+Homepage = "https://humotica.com"
+Repository = "https://github.com/jaspertvdm/tibet-keychain"

tibet_keychain-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

tibet_keychain-0.1.0/src/tibet_keychain/__init__.py

@@ -0,0 +1,43 @@
+"""
+tibet-keychain — Causal-aware secret custody.
+
+Part of the TIBET vault family:
+  tibet-vault     WHEN       temporal trigger
+  tibet-keychain  WHERE/HOW  custody + timeline    ← this package
+  tibet-sam       WHY        intent + scope
+  tibet-gateway   WHERE-EXEC execution boundary
+
+Naming decision Jasper van de Meent 12 May 2026:
+    "tibet-vault = when
+     tibet-keychain = where/how secret lives
+     tibet-sam = why this one act is allowed
+     tibet-gateway = where the act is performed safely"
+
+Spec source:
+    /srv/jtel-stack/hersenspinsels/tibet-vault-key-custody-and-sealed-secret-timeline-2026-05-12.md
+"""
+from __future__ import annotations
+
+from .types import (
+    SecretType,
+    SecretTimelineEvent,
+    ActorClass,
+    ExposureState,
+    SecretRecord,
+    CustodyTransition,
+)
+
+
+__version__ = "0.1.0"
+__author__ = "Jasper van de Meent, Root AI, Codex"
+
+
+__all__ = [
+    "__version__",
+    "SecretType",
+    "SecretTimelineEvent",
+    "ActorClass",
+    "ExposureState",
+    "SecretRecord",
+    "CustodyTransition",
+]

tibet_keychain-0.1.0/src/tibet_keychain/cli.py

@@ -0,0 +1,88 @@
+"""
+tibet-keychain CLI — list / show / events / explain.
+
+This v0.1.0 CLI is type-only: it inspects records and prints
+human-readable views. Storage backend, sealed-bundle integration,
+and rotation flow follow in v0.2+ once design lands with tibet-sam
+and tibet-gateway.
+"""
+from __future__ import annotations
+
+import argparse
+import json
+import sys
+
+from . import __version__, SecretType, SecretTimelineEvent, ActorClass
+
+
+def _cmd_types(args):
+    """List the vocabulary."""
+    print(f"tibet-keychain {__version__}")
+    print()
+    print(f"Secret types ({len(list(SecretType))}):")
+    for t in SecretType:
+        print(f"  {t.value}")
+    print()
+    print(f"Timeline events ({len(list(SecretTimelineEvent))}):")
+    for e in SecretTimelineEvent:
+        print(f"  {e.value}")
+    print()
+    print(f"Actor classes ({len(list(ActorClass))}):")
+    for a in ActorClass:
+        print(f"  {a.value}")
+    return 0
+
+
+def _cmd_family(args):
+    """Print the vault family overview."""
+    print("""
+══════════════════════════════════════════════════════════════════
+  THE TIBET VAULT FAMILY
+══════════════════════════════════════════════════════════════════
+
+  tibet-vault       WHEN         temporal trigger
+                                 "release on date / dead-man-switch"
+
+  tibet-keychain    WHERE/HOW    custody + timeline       ← you are here
+                                 "where this secret lives, how it moved"
+
+  tibet-sam         WHY          intent + scope authorization
+                                 "why this one specific act is allowed"
+
+  tibet-gateway     WHERE-EXEC   execution boundary
+                                 "where the act is safely performed"
+
+══════════════════════════════════════════════════════════════════
+""")
+    return 0
+
+
+def main(argv=None):
+    parser = argparse.ArgumentParser(
+        prog="tibet-keychain",
+        description=(
+            "Causal-aware secret custody. Part of the TIBET vault "
+            "family (vault / keychain / sam / gateway)."
+        ),
+    )
+    parser.add_argument(
+        "-V", "--version", action="version",
+        version=f"tibet-keychain {__version__}",
+    )
+    sub = parser.add_subparsers(dest="cmd")
+
+    p_types = sub.add_parser("types", help="List vocabulary (secret types, events, actor classes)")
+    p_types.set_defaults(func=_cmd_types)
+
+    p_family = sub.add_parser("family", help="Show the TIBET vault family overview")
+    p_family.set_defaults(func=_cmd_family)
+
+    args = parser.parse_args(argv)
+    if not args.cmd:
+        parser.print_help()
+        return 0
+    return args.func(args)
+
+
+if __name__ == "__main__":
+    sys.exit(main())

tibet_keychain-0.1.0/src/tibet_keychain/types.py

@@ -0,0 +1,120 @@
+"""
+Core types for tibet-keychain.
+
+Defines the vocabulary used across the package: secret types, timeline
+event types, actor classes, exposure states, and the two main records
+(SecretRecord and CustodyTransition).
+"""
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Optional
+
+
+class SecretType(str, Enum):
+    """Recognised secret-material classes.
+
+    The TIBET vault family does not invent new credential formats —
+    it provides a custody substrate around existing ones.
+    """
+    API_KEY = "api_key"
+    OAUTH_TOKEN = "oauth_token"
+    SIGNING_KEY = "signing_key"
+    SERVICE_ACCOUNT_CREDENTIAL = "service_account_credential"
+    PYPI_TOKEN = "pypi_token"
+    CRATES_TOKEN = "crates_token"
+    GITHUB_PAT = "github_pat"
+    SSH_KEY = "ssh_key"
+    ROOT_PASSWORD = "root_password"
+    SMART_CONTRACT_SIGNER = "smart_contract_signer"
+    TLS_CERT = "tls_cert"
+    WEBHOOK_SIGNER = "webhook_signer"
+
+
+class SecretTimelineEvent(str, Enum):
+    """Every meaningful state change a secret can go through.
+
+    The keychain's value is precisely that every one of these events
+    is recorded with actor / authority / parent_action_id, making the
+    custody chain walkable from any point in time.
+    """
+    CREATED = "secret-created"
+    IMPORTED = "secret-imported"
+    SEALED = "secret-sealed"
+    UNSEALED = "secret-unsealed"
+    PROXIED = "secret-proxied"
+    DELEGATED = "secret-delegated"
+    EXPOSED = "secret-exposed"
+    ROTATED = "secret-rotated"
+    REVOKED = "secret-revoked"
+    ARCHIVED = "secret-archived"
+
+
+class ActorClass(str, Enum):
+    """Who touched the secret. Not every actor is equal.
+
+    A timeline that records HUMAN unsealing has different policy
+    implications than one that records GATEWAY proxying.
+    """
+    HUMAN = "human"
+    MACHINE = "machine"
+    EXTERNAL = "external"
+    MCP_SERVER = "mcp-server"
+    GATEWAY = "gateway"
+    SYSTEM = "system"
+
+
+class ExposureState(str, Enum):
+    """Current exposure assessment of the secret material."""
+    SEALED = "sealed"
+    IN_USE = "in-use"
+    CHAT_DISCLOSED = "chat-disclosed"
+    GIT_LEAKED = "git-leaked"
+    LOG_LEAKED = "log-leaked"
+    SUSPECTED = "suspected"
+    ROTATED = "rotated"
+
+
+@dataclass
+class SecretRecord:
+    """The metadata view of a secret in the keychain.
+
+    The actual secret material lives inside a sealed `.tza` payload
+    block; this record is the auditable metadata projection.
+    """
+    secret_id: str
+    secret_type: SecretType
+    issuer: str                 # who minted the underlying credential
+    scope: str                  # what it is allowed to authorise
+    created_at: str             # RFC3339
+    expires_at: Optional[str] = None
+    owner_id: Optional[str] = None         # JIS-DID of nominal owner
+    custodian_id: Optional[str] = None     # who currently holds it
+    active_operator_id: Optional[str] = None  # who is allowed to use it
+    last_access_action_id: Optional[str] = None
+    last_rotation_action_id: Optional[str] = None
+    exposure_state: ExposureState = ExposureState.SEALED
+    rotation_required: bool = False
+    notes: list[str] = field(default_factory=list)
+
+
+@dataclass
+class CustodyTransition:
+    """A single transition in a secret's custody timeline.
+
+    Mirrors the shape of tibet-cbom ownership-transition events so
+    that keychain transitions can be walked by `tcbom timeline`
+    when an audit-file is supplied.
+    """
+    action_id: str
+    parent_action_id: Optional[str]
+    secret_id: str
+    event: SecretTimelineEvent
+    actor_id: str
+    actor_class: ActorClass
+    timestamp: str              # RFC3339
+    reason: str = ""
+    authority_mode: str = "system"  # agent / admin / triage / shared / system
+    target_assignee: Optional[str] = None
+    policy_lane: Optional[str] = None

tibet_keychain-0.1.0/src/tibet_keychain.egg-info/PKG-INFO

@@ -0,0 +1,196 @@
+Metadata-Version: 2.4
+Name: tibet-keychain
+Version: 0.1.0
+Summary: Causal-aware secret custody — where secrets live, how they moved, who touched them. Part of the TIBET vault family (tibet-vault = WHEN, tibet-keychain = WHERE/HOW, tibet-sam = WHY, tibet-gateway = where ACT is performed).
+Author-email: Jasper van de Meent <info@humotica.com>, Root AI <root_idd@humotica.nl>, Codex <codex@humotica.nl>
+License: MIT
+Project-URL: Homepage, https://humotica.com
+Project-URL: Repository, https://github.com/jaspertvdm/tibet-keychain
+Keywords: tibet,keychain,secret-custody,vault,credential,causal,audit,rotation,exposure,cbom
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=42.0
+Provides-Extra: sealed
+Requires-Dist: tibet-drop>=0.3.0; extra == "sealed"
+Provides-Extra: cbom
+Requires-Dist: tibet-cbom>=0.1.1; extra == "cbom"
+Provides-Extra: full
+Requires-Dist: tibet-drop>=0.3.0; extra == "full"
+Requires-Dist: tibet-cbom>=0.1.1; extra == "full"
+Dynamic: license-file
+
+# tibet-keychain
+
+> **Causal-aware secret custody — where secrets live, how they moved, who touched them.**
+
+`tibet-keychain` is part of the **TIBET vault family** — four primitives
+that answer four different questions about secrets, keys, tokens, and
+credentials:
+
+```
+═══════════════════════════════════════════════════════════════
+  THE VAULT FAMILY
+═══════════════════════════════════════════════════════════════
+
+  tibet-vault       WHEN        temporal trigger
+                                "release on date / dead-man-switch"
+
+  tibet-keychain    WHERE/HOW   custody + timeline       ← this package
+                                "where this secret lives, how it moved"
+
+  tibet-sam         WHY         intent + scope authorization
+                                "why this one specific act is allowed"
+
+  tibet-gateway     WHERE-EXEC  execution boundary
+                                "where the act is safely performed"
+═══════════════════════════════════════════════════════════════
+```
+
+## Why a separate keychain primitive?
+
+Traditional secret stores answer:
+
+- where is the key
+- can this caller read it
+
+`tibet-keychain` answers:
+
+- where is the key (still)
+- **how did it get here** (= causal history)
+- **who touched it** (= custody timeline)
+- **was it exposed** (= rotation triggers)
+- **how does the chain walk back** (= CBOM-compatible)
+
+That makes `tibet-keychain` the natural foundation for any system
+that has to prove not only "I have the key" but "I know exactly
+how this key entered my custody, who touched it on the way, and
+under which authority each transition happened".
+
+## Core idea
+
+Each secret is stored as a sealed `.tza` continuity object with:
+
+- encrypted secret payload (= the actual material)
+- vault-metadata (issuer / scope / created_at / expires_at)
+- custody-transition (owner ↔ custodian ↔ active-operator)
+- exposure_state + rotation_required flag
+- timeline of all `secret-*` events
+
+The secret material itself is encrypted and tightly scoped. The
+surrounding continuity metadata remains auditable.
+
+## Secret types
+
+```
+api_key                 oauth_token             signing_key
+service_account_cred    pypi_token              crates_token
+github_pat              ssh_key                 root_password
+smart_contract_signer   tls_cert                webhook_signer
+```
+
+## Timeline events
+
+```
+secret-created          secret-imported         secret-sealed
+secret-unsealed         secret-proxied          secret-delegated
+secret-exposed          secret-rotated          secret-revoked
+secret-archived
+```
+
+Each event carries:
+
+- actor identity (= who)
+- action_id + parent_action_id (= chain link)
+- timestamp
+- actor class (= human / machine / external / mcp-server / gateway / system)
+- relevant policy decisions (= scope / authority-shift)
+
+## Coupling with the rest of the family
+
+```
+                                tibet-keychain
+                                  (custody, timeline)
+                                      │
+                                      ↓ secret-proxied event
+                                      │
+              ┌───────────────────────┴───────────────────────┐
+              ▼                                                ▼
+        tibet-sam                                       tibet-gateway
+        (why this act is OK)                            (where it happens)
+              ↓                                                ↑
+         intent + scope                                    break-seal,
+         constraint sealed                                 execute,
+         in one-shot .tza                                  destroy-session
+              ↓                                                ↑
+              └─────────── handed to ──────────────────────────┘
+                                      ↓
+                                tibet-continuityd
+                                audit JSONL
+                                      ↓
+                                tibet-cbom
+                                timeline walk
+```
+
+## Why this beats traditional secret stores
+
+| Property                       | HashiCorp Vault | tibet-keychain |
+|--------------------------------|-----------------|----------------|
+| Encrypted at rest              | ✓               | ✓              |
+| ACL / policy controlled        | ✓               | ✓              |
+| Causal history of secret       | ✗               | ✓              |
+| Custody-transition chain       | ✗               | ✓              |
+| Exposure events recorded       | partial         | ✓              |
+| Audit walkable cross-bundle    | ✗               | ✓              |
+| Identity-bound rotation chain  | ✗               | ✓              |
+| Regulator-auditable timeline   | partial         | ✓              |
+
+## Use cases
+
+**Infrastructure**: SSH keys, database credentials, root access —
+all stored with custody chain, rotated through signed transitions.
+
+**Agent workflows**: PyPI tokens, crates.io tokens, GitHub PATs —
+agents never see them; they request a SAM capsule that the gateway
+executes against, the keychain logs the request.
+
+**Smart contracts**: signing keys with explicit "who can request a
+signing capsule for which contract address" policy, every signing
+event in the timeline.
+
+**Compliance evidence**: regulator asks "who could have signed this?
+who actually did?" — the keychain timeline answers both.
+
+## Install
+
+```bash
+pip install tibet-keychain[full]
+```
+
+This pulls `tibet-drop` (= sealed envelope substrate) and `tibet-cbom`
+(= timeline renderer) as soft dependencies.
+
+## Status
+
+**v0.1.0** — package skeleton + spec. Implementation track for full
+secret storage + sealed-bundle integration follows; designed to land
+in time for IETF spec referencing and Marco van Hurne / W3C demos.
+
+Spec source: `/srv/jtel-stack/hersenspinsels/tibet-vault-key-custody-and-sealed-secret-timeline-2026-05-12.md`
+
+## License
+
+MIT — Humotica + Root AI + Codex (2026)

tibet_keychain-0.1.0/src/tibet_keychain.egg-info/SOURCES.txt

@@ -0,0 +1,12 @@
+LICENSE
+README.md
+pyproject.toml
+src/tibet_keychain/__init__.py
+src/tibet_keychain/cli.py
+src/tibet_keychain/types.py
+src/tibet_keychain.egg-info/PKG-INFO
+src/tibet_keychain.egg-info/SOURCES.txt
+src/tibet_keychain.egg-info/dependency_links.txt
+src/tibet_keychain.egg-info/entry_points.txt
+src/tibet_keychain.egg-info/requires.txt
+src/tibet_keychain.egg-info/top_level.txt

tibet_keychain-0.1.0/src/tibet_keychain.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

tibet_keychain-0.1.0/src/tibet_keychain.egg-info/entry_points.txt

@@ -0,0 +1,3 @@
+[console_scripts]
+tibet-keychain = tibet_keychain.cli:main
+tkc = tibet_keychain.cli:main

tibet_keychain-0.1.0/src/tibet_keychain.egg-info/requires.txt

@@ -0,0 +1,11 @@
+cryptography>=42.0
+
+[cbom]
+tibet-cbom>=0.1.1
+
+[full]
+tibet-drop>=0.3.0
+tibet-cbom>=0.1.1
+
+[sealed]
+tibet-drop>=0.3.0

tibet_keychain-0.1.0/src/tibet_keychain.egg-info/top_level.txt

@@ -0,0 +1 @@
+tibet_keychain