tibet-report 0.1.0__tar.gz

tibet_report-0.1.0/.gitignore

@@ -0,0 +1,147 @@
+# Secrets & env
+.env
+*.env
+*.secret
+
+# Keys & certs
+*.key
+*.pem
+certs/
+secrets/
+
+# Databases & dumps
+*.db
+*.sqlite
+*.sql
+dump_*/
+
+# EXCEPT: Allow database schemas (needed for server rebuild)
+!database-schemas/*.sql
+
+# Logs & runtime data
+logs/
+*.log
+__pycache__/
+*.pyc
+venv/
+.venv/
+**/venv/
+**/.venv/
+
+# Configs met secrets (we gebruiken straks templates)
+config/
+brain_api/provisioning.local.json
+brain_api/provisioning.json
+
+# Landing pages (privé - niet open source)
+landing-pages/
+humotica.com/
+jtel.nl/
+
+# Social media posts (strategie - niet open source)
+SOCIAL-MEDIA-POSTS.md
+HN-POST-UNDER-4000.md
+STRATO-DEPLOY-HUMOTICA.md
+
+# Endorsement outreach (privaat contact)
+ARXIV-ENDORSEMENT-OUTREACH.md
+
+# Deployment secrets
+DEPLOYMENT-GUIDE.md
+
+# R Project files (Dirty Data Challenge)
+.Rproj.user
+.Rhistory
+.RData
+.Ruserdata
+*.zip
+.mural_tokens.json
+auth.json
+gen-lang-client*.json
+*.credentials.json
+
+# Rust build artifacts
+**/target/
+*.whl
+
+# Compiled binaries (build locally)
+jis-router/jis-router
+sentinel-rs/sentinel-rs
+
+# Build distribution
+sandbox/ai/codex/dist/
+sandbox_backup/
+did-jis-core
+
+# =============================================================================
+# Eigen repos — hebben hun eigen git remotes, niet dubbel opslaan
+# =============================================================================
+
+# Packages (elk een eigen repo)
+packages/jis-iam-bridge/
+packages/rapid-rag/
+packages/reflux/
+packages/sema-protocol/
+packages/tibet-anticheat/
+packages/tibet-ci/
+packages/tibet-claw/
+packages/tibet-context/
+packages/tibet-core/
+packages/tibet-db/
+packages/tibet-edge/
+packages/tibet-forge/
+packages/tibet-iot/
+packages/tibet-jawbreaker/
+packages/tibet-ledger/
+packages/tibet-marketplace/
+packages/tibet-mesh/
+packages/tibet-mirror/
+packages/tibet-nis2/
+packages/tibet-overlay/
+packages/tibet-phantom/
+packages/tibet-phantom-mcp/
+packages/tibet-ping/
+packages/tibet-pol/
+packages/tibet-pqc/
+packages/tibet-sbom/
+packages/tibet-snap/
+packages/tibet-soc/
+packages/tibet-spiffe/
+packages/tibet-tools/
+packages/tibet-trail/
+packages/tibet-triage/
+packages/tibet-triage-mcp/
+packages/tibet-twin/
+packages/tibet-workload/
+packages/tibet-y2k38/
+packages/tlex-edge/
+packages/tibet-tail/
+packages/tibet-nc/
+
+# Sub-projects met eigen repos
+bunq7/
+humotica-core/
+jis-core/
+JTm-dev/
+kit-package/
+symbAIon/
+tibet-audit/
+tibet-audit-npm/
+tibet-core/
+tibetclaw/
+snaft/
+
+# MCP servers (eigen repos)
+mcp-servers/aidrac/
+mcp-servers/ainternet/
+mcp-servers/mcp-server-jis/
+mcp-servers/sensory/
+mcp-servers/tibet/
+
+# Hackathon sub-repos
+hackaway2026/clawmetry/
+
+# Private memory (eigen repo)
+.root_ai_memory/
+.root_ai_thoughts/
+brain_api/static/*.apk

tibet_report-0.1.0/ENTERPRISE.md

@@ -0,0 +1,41 @@
+# Enterprise Support
+
+This package is part of the [TIBET ecosystem](https://pypi.org/project/tibet/) by [Humotica](https://humotica.com) — provenance, identity, and trust infrastructure for AI systems.
+
+## Contact
+
+| Channel | Address | Use case |
+|---------|---------|----------|
+| **Enterprise** | enterprise@humotica.com | Private hub, SLA, dedicated support, integration partnerships |
+| **Support** | support@humotica.com | Technical support, bug reports, feature requests |
+| **Security** | security@humotica.com | Vulnerability disclosure (coordinated disclosure preferred) |
+
+## What we offer
+
+- **Private Hub** — self-hosted .aint domain registry and I-Poll messaging for your organization
+- **Dedicated Support** — direct engineering support with SLA
+- **Custom Integration** — help integrating TIBET provenance into your existing CI/CD, compliance, or audit workflows
+- **Compliance Mapping** — guidance on EU AI Act, NIS2, and DORA alignment using TIBET tokens
+
+## Compliance
+
+The TIBET ecosystem provides building blocks for compliance with:
+
+- **EU AI Act** (Art. 12) — logging and traceability via TIBET tokens
+- **NIS2** (Art. 21) — supply chain security via cryptographic provenance
+- **DORA** — ICT risk management via audit trails and sealed snapshots
+
+> TIBET is compliance-enabling, not compliance-certifying. It provides the technical controls; your legal team maps them to your obligations.
+
+## Stats
+
+- 105,000+ PyPI downloads across 112 countries
+- 90+ packages in the ecosystem
+- Used in enterprise mirrors, CI/CD pipelines, and production workflows
+
+## Links
+
+- [AInternet](https://ainternet.org) — the AI network
+- [Documentation](https://ainternet.org/docs/)
+- [PyPI ecosystem](https://pypi.org/project/tibet/)
+- [GitHub](https://github.com/Humotica)

tibet_report-0.1.0/PKG-INFO

@@ -0,0 +1,105 @@
+Metadata-Version: 2.4
+Name: tibet-report
+Version: 0.1.0
+Summary: Audit dossier assembler — verifiable remediation reports from TIBET provenance chains
+Project-URL: Homepage, https://ainternet.org
+Project-URL: Repository, https://github.com/Humotica/tibet-report
+Project-URL: TIBET Ecosystem, https://pypi.org/project/tibet/
+Author-email: Jasper van de Meent <jasper@humotica.com>, Root AI <root_idd@humotica.nl>
+License-Expression: MIT
+Keywords: audit,dossier,provenance,remediation,report,security,tibet
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Requires-Dist: tibet-core>=0.3.0
+Provides-Extra: full
+Requires-Dist: tibet-pol>=0.1.0; extra == 'full'
+Requires-Dist: tibet-wayback>=0.1.0; extra == 'full'
+Provides-Extra: pol
+Requires-Dist: tibet-pol>=0.1.0; extra == 'pol'
+Provides-Extra: wayback
+Requires-Dist: tibet-wayback>=0.1.0; extra == 'wayback'
+Description-Content-Type: text/markdown
+
+# tibet-report
+
+Audit dossier assembler with TIBET provenance — verifiable remediation reports.
+
+Part of the [TIBET ecosystem](https://pypi.org/project/tibet/) by [Humotica](https://humotica.com).
+
+## What it does
+
+`tibet-report` assembles evidence from TIBET token chains, wayback seals, pol health checks, and Phantom sessions into a single verifiable audit dossier.
+
+The report is not the proof — the chain of tokens, seals, and manifests is. `tibet-report` makes that chain readable for humans and verifiable for auditors.
+
+## Install
+
+```bash
+pip install tibet-report
+```
+
+## Quick start
+
+```python
+from tibet_report import ReportSession, build_dossier
+
+session = ReportSession(
+    report_id="RPT-001",
+    title="Security Remediation — Example Corp",
+    customer="Example Corp",
+    created_by="Jasper van de Meent — Humotica",
+)
+
+session.add_finding("SSL chain broken", "Intermediate cert missing")
+session.add_action("Added intermediate cert to nginx", status="fixed")
+session.add_verification("SSL verified with openssl", status="verified")
+
+report_path, manifest = build_dossier(session, output_dir="./reports")
+```
+
+## CLI
+
+```bash
+# Build a dossier
+tibet-report build \
+  --customer "Example Corp" \
+  --assessor "Jasper van de Meent" \
+  --tokens remediation_chain.json \
+  --pre-seal pre_fix.json \
+  --post-seal post_fix.json \
+  --out ./reports
+
+# Verify dossier integrity
+tibet-report verify reports/RPT-001.md --manifest reports/RPT-001.manifest.json
+```
+
+## Chain of custody
+
+Every dossier includes a manifest that binds the report to its source evidence:
+
+- SHA256 hashes of all input artifacts (tokens, seals, pol runs)
+- SHA256 hash of the generated report
+- Chain-of-custody hash combining all above
+- Optional TIBET dossier token for provenance
+
+Tampering with the report after generation is detectable via `tibet-report verify`.
+
+## Input sources
+
+| Source | Package | What it provides |
+|--------|---------|-----------------|
+| TIBET tokens | `tibet-core` | Step-by-step provenance chain |
+| Wayback seals | `tibet-wayback` | Pre/post system state snapshots |
+| Wayback diffs | `tibet-wayback` | What changed between states |
+| Pol runs | `tibet-pol` | Health check results |
+| Phantom sessions | `phantom` | Session context (who/when/where) |
+
+## Output
+
+- **Markdown** — readable, diffable, git-friendly
+- **HTML** — formatted for clients and auditors
+- **JSON manifest** — machine-readable chain-of-custody

tibet_report-0.1.0/README.md

@@ -0,0 +1,79 @@
+# tibet-report
+
+Audit dossier assembler with TIBET provenance — verifiable remediation reports.
+
+Part of the [TIBET ecosystem](https://pypi.org/project/tibet/) by [Humotica](https://humotica.com).
+
+## What it does
+
+`tibet-report` assembles evidence from TIBET token chains, wayback seals, pol health checks, and Phantom sessions into a single verifiable audit dossier.
+
+The report is not the proof — the chain of tokens, seals, and manifests is. `tibet-report` makes that chain readable for humans and verifiable for auditors.
+
+## Install
+
+```bash
+pip install tibet-report
+```
+
+## Quick start
+
+```python
+from tibet_report import ReportSession, build_dossier
+
+session = ReportSession(
+    report_id="RPT-001",
+    title="Security Remediation — Example Corp",
+    customer="Example Corp",
+    created_by="Jasper van de Meent — Humotica",
+)
+
+session.add_finding("SSL chain broken", "Intermediate cert missing")
+session.add_action("Added intermediate cert to nginx", status="fixed")
+session.add_verification("SSL verified with openssl", status="verified")
+
+report_path, manifest = build_dossier(session, output_dir="./reports")
+```
+
+## CLI
+
+```bash
+# Build a dossier
+tibet-report build \
+  --customer "Example Corp" \
+  --assessor "Jasper van de Meent" \
+  --tokens remediation_chain.json \
+  --pre-seal pre_fix.json \
+  --post-seal post_fix.json \
+  --out ./reports
+
+# Verify dossier integrity
+tibet-report verify reports/RPT-001.md --manifest reports/RPT-001.manifest.json
+```
+
+## Chain of custody
+
+Every dossier includes a manifest that binds the report to its source evidence:
+
+- SHA256 hashes of all input artifacts (tokens, seals, pol runs)
+- SHA256 hash of the generated report
+- Chain-of-custody hash combining all above
+- Optional TIBET dossier token for provenance
+
+Tampering with the report after generation is detectable via `tibet-report verify`.
+
+## Input sources
+
+| Source | Package | What it provides |
+|--------|---------|-----------------|
+| TIBET tokens | `tibet-core` | Step-by-step provenance chain |
+| Wayback seals | `tibet-wayback` | Pre/post system state snapshots |
+| Wayback diffs | `tibet-wayback` | What changed between states |
+| Pol runs | `tibet-pol` | Health check results |
+| Phantom sessions | `phantom` | Session context (who/when/where) |
+
+## Output
+
+- **Markdown** — readable, diffable, git-friendly
+- **HTML** — formatted for clients and auditors
+- **JSON manifest** — machine-readable chain-of-custody

tibet_report-0.1.0/pyproject.toml

@@ -0,0 +1,45 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "tibet-report"
+version = "0.1.0"
+description = "Audit dossier assembler — verifiable remediation reports from TIBET provenance chains"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.10"
+authors = [
+    {name = "Jasper van de Meent", email = "jasper@humotica.com"},
+    {name = "Root AI", email = "root_idd@humotica.nl"},
+]
+keywords = ["tibet", "audit", "report", "dossier", "provenance", "security", "remediation"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Topic :: Security",
+]
+dependencies = [
+    "tibet-core>=0.3.0",
+]
+
+[project.optional-dependencies]
+wayback = ["tibet-wayback>=0.1.0"]
+pol = ["tibet-pol>=0.1.0"]
+full = ["tibet-wayback>=0.1.0", "tibet-pol>=0.1.0"]
+
+[project.scripts]
+tibet-report = "tibet_report.cli:main"
+
+[project.urls]
+Homepage = "https://ainternet.org"
+Repository = "https://github.com/Humotica/tibet-report"
+"TIBET Ecosystem" = "https://pypi.org/project/tibet/"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/tibet_report"]
+
+[tool.pytest.ini_options]
+asyncio_mode = "auto"

tibet_report-0.1.0/src/tibet_report/__init__.py

@@ -0,0 +1,41 @@
+"""tibet-report: Audit dossier assembler with TIBET provenance.
+
+Build verifiable remediation reports from TIBET token chains,
+wayback seals, pol health checks, and Phantom session context.
+
+Usage:
+    from tibet_report import ReportSession, build_dossier
+
+    session = ReportSession(
+        report_id="RPT-001",
+        title="Security Remediation — Emigreen.eu",
+        customer="Emigreen",
+        created_by="Jasper van de Meent — Humotica",
+    )
+    session.add_finding("SSL chain broken", "Intermediate cert missing")
+    session.add_action("Added intermediate cert to nginx", status="fixed")
+    session.add_verification("SSL chain verified with openssl", status="verified")
+
+    report_path, manifest = build_dossier(session, output_dir="./reports")
+
+CLI:
+    tibet-report build --customer "Emigreen" --assessor "Jasper" --out ./reports
+    tibet-report verify report.md --manifest report.manifest.json
+"""
+
+__version__ = "0.1.0"
+
+from .model import ReportSession, ReportStep, EvidenceRef, ReportManifest
+from .dossier import build_dossier, verify_dossier
+from .render import render_markdown, render_html
+
+__all__ = [
+    "ReportSession",
+    "ReportStep",
+    "EvidenceRef",
+    "ReportManifest",
+    "build_dossier",
+    "verify_dossier",
+    "render_markdown",
+    "render_html",
+]

tibet_report-0.1.0/src/tibet_report/__main__.py

@@ -0,0 +1,3 @@
+"""Allow running as python -m tibet_report."""
+from .cli import main
+main()

tibet_report-0.1.0/src/tibet_report/cli.py

@@ -0,0 +1,174 @@
+"""CLI for tibet-report — build and verify audit dossiers."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import sys
+
+from .model import ReportSession
+from .dossier import build_dossier, verify_dossier
+from .loader import (
+    load_token_chain,
+    tokens_to_steps,
+    load_wayback_seal,
+    load_wayback_diff,
+    wayback_seal_to_evidence,
+    wayback_diff_to_evidence,
+    load_pol_run,
+    pol_to_summary,
+    pol_run_to_evidence,
+)
+
+
+def cmd_build(args):
+    """Build a dossier from CLI arguments and optional input files."""
+    # Start session
+    session = ReportSession(
+        report_id=args.report_id or f"RPT-{args.customer.replace(' ', '_')[:20]}",
+        title=args.title or f"Security Remediation — {args.customer}",
+        customer=args.customer,
+        created_by=args.assessor,
+        scope=args.scope or "",
+        environment=args.environment or "",
+        phantom_session_id=args.session or "",
+    )
+
+    # Load wayback seals
+    if args.pre_seal:
+        seal_data = load_wayback_seal(args.pre_seal)
+        if seal_data:
+            session.pre_seal_id = seal_data.get("seal_id", seal_data.get("id", args.pre_seal))
+        else:
+            session.pre_seal_id = args.pre_seal  # Use as raw ID
+
+    if args.post_seal:
+        seal_data = load_wayback_seal(args.post_seal)
+        if seal_data:
+            session.post_seal_id = seal_data.get("seal_id", seal_data.get("id", args.post_seal))
+        else:
+            session.post_seal_id = args.post_seal
+
+    # Load wayback diff
+    if args.diff:
+        diff_data = load_wayback_diff(args.diff)
+        if diff_data:
+            session.wayback_diff = diff_data
+
+    # Load pol runs
+    if args.pre_pol:
+        pol_data = load_pol_run(args.pre_pol)
+        if pol_data:
+            session.pre_pol_summary = pol_to_summary(pol_data)
+
+    if args.post_pol:
+        pol_data = load_pol_run(args.post_pol)
+        if pol_data:
+            session.post_pol_summary = pol_to_summary(pol_data)
+
+    # Load tokens and convert to steps
+    if args.tokens:
+        tokens = load_token_chain(args.tokens)
+        if tokens:
+            steps = tokens_to_steps(tokens)
+            session.steps.extend(steps)
+
+    # Load session from JSON (overrides/supplements above)
+    if args.input:
+        with open(args.input) as f:
+            data = json.load(f)
+        loaded = ReportSession.from_dict(data)
+        # Merge steps
+        session.steps.extend(loaded.steps)
+        # Use loaded fields if not set via CLI
+        if not session.scope and loaded.scope:
+            session.scope = loaded.scope
+        if not session.residual_risks and loaded.residual_risks:
+            session.residual_risks = loaded.residual_risks
+        if not session.recommendations and loaded.recommendations:
+            session.recommendations = loaded.recommendations
+
+    # Build
+    fmt = "html" if args.html else "markdown"
+    report_path, manifest = build_dossier(
+        session,
+        output_dir=args.out,
+        format=fmt,
+        mint_token=not args.no_token,
+    )
+
+    print(f"Dossier generated: {report_path}")
+    print(f"Manifest: {report_path.rsplit('.', 1)[0]}.manifest.json")
+    print(f"Chain-of-custody hash: {manifest.chain_of_custody_hash[:16]}...")
+    if manifest.dossier_token_id:
+        print(f"TIBET dossier token: {manifest.dossier_token_id}")
+
+
+def cmd_verify(args):
+    """Verify a dossier against its manifest."""
+    result = verify_dossier(args.report, args.manifest)
+
+    if result["valid"]:
+        print("VALID — dossier integrity confirmed")
+    else:
+        print("INVALID — dossier integrity check failed")
+
+    for check in result["checks"]:
+        status = check["status"]
+        icon = "ok" if status == "ok" else "FAIL"
+        print(f"  [{icon}] {check['check']}")
+
+    for error in result["errors"]:
+        print(f"  ERROR: {error}")
+
+    if args.json:
+        print(json.dumps(result, indent=2))
+
+    sys.exit(0 if result["valid"] else 1)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="tibet-report",
+        description="TIBET audit dossier assembler — verifiable remediation reports",
+    )
+    sub = parser.add_subparsers(dest="command")
+
+    # ── build ─────────────────────────────────────────────────────
+    build = sub.add_parser("build", help="Build an audit dossier")
+    build.add_argument("--customer", required=True, help="Customer name")
+    build.add_argument("--assessor", default="", help="Assessor name")
+    build.add_argument("--title", default="", help="Report title")
+    build.add_argument("--report-id", default="", help="Report ID")
+    build.add_argument("--scope", default="", help="Engagement scope description")
+    build.add_argument("--environment", default="", help="Target environment")
+    build.add_argument("--session", default="", help="Phantom session ID")
+    build.add_argument("--pre-seal", default="", help="Pre-fix wayback seal (JSON file or ID)")
+    build.add_argument("--post-seal", default="", help="Post-fix wayback seal (JSON file or ID)")
+    build.add_argument("--diff", default="", help="Wayback diff JSON file")
+    build.add_argument("--pre-pol", default="", help="Pre-fix pol run JSON file")
+    build.add_argument("--post-pol", default="", help="Post-fix pol run JSON file")
+    build.add_argument("--tokens", default="", help="TIBET token chain JSON file")
+    build.add_argument("--input", default="", help="Session JSON file (full or partial)")
+    build.add_argument("--out", default=".", help="Output directory")
+    build.add_argument("--html", action="store_true", help="Generate HTML instead of Markdown")
+    build.add_argument("--no-token", action="store_true", help="Skip TIBET dossier token")
+    build.set_defaults(func=cmd_build)
+
+    # ── verify ────────────────────────────────────────────────────
+    verify = sub.add_parser("verify", help="Verify dossier integrity")
+    verify.add_argument("report", help="Path to the report file")
+    verify.add_argument("--manifest", required=True, help="Path to the manifest JSON")
+    verify.add_argument("--json", action="store_true", help="Output result as JSON")
+    verify.set_defaults(func=cmd_verify)
+
+    args = parser.parse_args()
+    if not args.command:
+        parser.print_help()
+        sys.exit(1)
+
+    args.func(args)
+
+
+if __name__ == "__main__":
+    main()