Inspects operational-resilience evidence posture. Explains and routes only; never a compliance verdict.
Project description
ECZ-ID DORA Readiness Inspection
You have a DORA operational-resilience register and you need to see, at a
glance, what evidence you have actually declared — and which referenced
files are really on disk — before anyone relies on it. ecz-id-dora
reads your resilience-evidence descriptor and shows exactly what is
declared, present or absent, locally, offline, in one command.
It inspects, explains and routes only. It never issues or activates an ECZ-ID, never determines BOUND, never prices or carts, never executes discovered project, agent, MCP or robot code. It is not a DORA compliance verdict, regulatory approval, audit outcome or statement of legal sufficiency. A missing item is a neutral observation, not a judgement. Missing public proof is neutral. Local policy decides. Re-check before reliance.
Machine Interface · Manifest · Resolve · Operator Setup · Developer Guidance
One-command free trial
$ uvx ecz-id-dora inspect ./my-resilience-register
# or: pipx run ecz-id-dora inspect ./my-resilience-register
No account, no network and no config required. The public Resolver check is
strictly opt-in (--check-public).
Example result
ECZ-ID inspection: ./my-resilience-register [ecz-id-dora]
A. configuration posture : PRESENT
B. public proof posture : NOT_CHECKED (neutral)
means : Local ECZ-ID configuration was found for this subject. | Public Resolver proof was not checked.
does not mean: This is not a DORA compliance verdict, regulatory approval, audit outcome or statement of legal sufficiency. | ...
reason codes : ECZ-1000, ECZ-2002
Export the evidence-readiness table for a register:
$ ecz-id-dora export-csv ./my-resilience-register
evidence_item,declared,file_referenced,file_present
ICT provider identity,true,provider-attestation.txt,true
service inventory,true,,
contract references,true,,
continuity/recovery references,true,recovery-plan.md,true
exit-plan evidence,true,exit-plan.md,true
discontinuation-impact references,true,impact-analysis.md,false
API/package/cloud/SBOM relationships,true,sbom.json,true
Supported inputs
- A directory or descriptor file. Recognised names:
resilience_evidence.json,dora_evidence.json,dora_register.json. - Declared sections observed as neutral findings: ICT vendor / provider identity; service inventory and customer/service relationships; contract references; provider/subcontractor mapping; operational locations; important-function references; substitutability declarations and alternatives; continuity / recovery references; incident contacts; exit-plan evidence; discontinuation-impact references; and API / package / cloud / SBOM relationships.
- Where a section names an evidence file, that file's presence under the inspected root is reported (present / absent). Files are matched by basename inside the root only; the root is never escaped and symlinks are refused.
Free capabilities
- Two-sided posture: local configuration evidence vs public Resolver evidence.
export-csv— a deterministic evidence-readiness table ofevidence_item, declared, file_referenced, file_present.comparefor drift; JSON / Markdown / text / SARIF / CSV output; secret redaction on every export.
Unsupported inputs
- Not a resilience scanner, uptime monitor, penetration tester or crawler.
- Does not open, validate or attest the content of any referenced evidence file — only whether it is present.
- Does not fetch or execute your project, and never follows arbitrary redirects to internal hosts.
What the result means
PRESENT / PARTIAL / ABSENT / INVALID describes your local
resilience-evidence register: whether a register was found, how much of the
expected evidence it declares, and whether it parses. PROOF_FOUND or a
neutral posture describes public Resolver evidence.
What it does not mean
Not a safety, approval, insurance or premium decision. Not a DORA compliance verdict, regulatory approval, audit outcome or statement of legal sufficiency. "Declared" and "present" describe what the descriptor records and what is on disk — nothing about adequacy or correctness. Missing public proof is neutral — it does not mean unsafe.
Compare / drift
$ ecz-id-dora compare ./last-review ./current --json
Shows posture changes and reason-code / finding additions and removals — useful in review and on a schedule.
CI use
$ ecz-id-dora inspect . --sarif > dora.sarif # upload to code scanning
$ ecz-id-dora inspect . --json > dora.json # exit 0 for any completed inspection
$ ecz-id-dora export-csv . > dora-evidence.csv # evidence-readiness table
Exit code is 0 for every completed inspection regardless of posture
(the neutrality rule); non-zero only for genuine input / tool errors.
Machine-readable integration
Machine Interface · Manifest · Resolver · Operator setup · Developer guidance
Each installation includes structured machine-readable metadata for automation,
CI and supported integrations. Every JSON report embeds a compact
machine_interface object with the canonical roots and safe, read-only actions.
The package runs locally to inspect, explain and route. It does not issue an ECZ-ID, write canonical truth, create public proof, price a cart, or replace Resolver proof.
- Machine Interface: https://machine.ecocitizenz.org/.well-known/ecz-machine.json
- Manifest:
ecz-id-dora manifest --json - Resolver (read-only public proof): https://resolver.ecocitizenz.org
- Operator setup (TrustOps): https://trustops.ecocitizenz.com/start
- Developer Gateway: https://developers.ecocitizenz.com
If you operate the target and choose to begin, TrustOps handles operator setup, acquisition, lifecycle and repair. This package only routes you there; it never prices, carts or sells.
Privacy and no telemetry
Bounded, read-only, symlink-refusing inspection. No telemetry, no source
upload. The optional public check sends only minimal safe context (source,
package, version, typed intent) to validated public hosts over HTTPS.
Secrets are redacted on every export. Offline mode
(--offline / ECZ_ID_OFFLINE=1) skips all network.
Continue with ECZ-ID
- Operator setup: https://trustops.ecocitizenz.com/start
- Developer guidance: https://developers.ecocitizenz.com
- Public Resolver proof: https://resolver.ecocitizenz.org
- Central Machine Interface: https://machine.ecocitizenz.org/.well-known/ecz-machine.json
- EcoCitizenz: https://www.ecocitizenz.com
- Specifications and governance: https://www.ecocitizenz.org
- ECZ-ID on Visual Studio Marketplace: https://marketplace.visualstudio.com/publishers/ecocitizenz
- ECZ-ID on Open VSX: https://open-vsx.org/namespace/ecocitizenz
- Explore the ECZ-ID Python tool family: https://pypi.org/search/?q=ecz-id
Licence and trademarks
Apache-2.0. See LICENSE and NOTICE.
The Apache-2.0 code licence grants no trademark rights. "ECZ-ID",
"EcoCitizenz" and related names and logos are trademarks of their owner(s).
See TRADEMARKS.md. See CHANGELOG.md and SECURITY.md at the repository
root.
CLI: ecz-id-dora | Import: ecz_id_dora | Plugin group: ecz_id.plugins
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ecz_id_dora-0.1.1.tar.gz.
File metadata
- Download URL: ecz_id_dora-0.1.1.tar.gz
- Upload date:
- Size: 17.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4a01790bf7f5f7f683a8d1c0bda679dfce755977cecae3aa5d59d239dbdc8cd1
|
|
| MD5 |
ba310d31a1c6531f1cfe949d35cb02b6
|
|
| BLAKE2b-256 |
263423408c5b28984808b80fe6e90746518860093a5595cf9e78f4cbd765b36d
|
Provenance
The following attestation bundles were made for ecz_id_dora-0.1.1.tar.gz:
Publisher:
publish-ecz-id-dora.yml on Ecocitizenz/ecz-id-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ecz_id_dora-0.1.1.tar.gz -
Subject digest:
4a01790bf7f5f7f683a8d1c0bda679dfce755977cecae3aa5d59d239dbdc8cd1 - Sigstore transparency entry: 2085182663
- Sigstore integration time:
-
Permalink:
Ecocitizenz/ecz-id-python@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/Ecocitizenz
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-ecz-id-dora.yml@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file ecz_id_dora-0.1.1-py3-none-any.whl.
File metadata
- Download URL: ecz_id_dora-0.1.1-py3-none-any.whl
- Upload date:
- Size: 16.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8d920ce27e5657c785543d36b09696e0dd586121c131205fc64c4716f4580b60
|
|
| MD5 |
f089641983c8f1de4da4b175d9e6fcff
|
|
| BLAKE2b-256 |
be6d6495749795663ea1e75f8a4f09586a5ba240f955b5c4ed6ca0195a0be30c
|
Provenance
The following attestation bundles were made for ecz_id_dora-0.1.1-py3-none-any.whl:
Publisher:
publish-ecz-id-dora.yml on Ecocitizenz/ecz-id-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ecz_id_dora-0.1.1-py3-none-any.whl -
Subject digest:
8d920ce27e5657c785543d36b09696e0dd586121c131205fc64c4716f4580b60 - Sigstore transparency entry: 2085182773
- Sigstore integration time:
-
Permalink:
Ecocitizenz/ecz-id-python@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/Ecocitizenz
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-ecz-id-dora.yml@6f3dee174371df77e454bc7321b263cc5c04c0a6 -
Trigger Event:
workflow_dispatch
-
Statement type: