Turnkey CI verification for Mipiti threat model assertions

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for avri from gravatar.com avri

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: LicenseRef-Proprietary
    SPDX License Expression
  • Author: Mipiti
  • Tags ci , mipiti , security , threat-modeling , verification
  • Requires: Python >=3.10
  • Provides-Extra: all , anthropic , dev , openai
Classifiers
Report project as malware

Project description

mipiti-verify

Turnkey CI verification for Mipiti threat model assertions. Security controls that never drift.

Install

pip install mipiti-verify[all]

Usage

# Verify all models in the workspace (recommended)
mipiti-verify run --all \
  --api-key $MIPITI_API_KEY \
  --tier2-provider openai \
  --tier2-model gpt-4o-mini \
  --project-root .

# Verify a single model
mipiti-verify run <model_id> \
  --api-key $MIPITI_API_KEY \
  --tier2-provider openai \
  --project-root .

# List pending assertions
mipiti-verify list <model_id>

# Show verification report
mipiti-verify report <model_id>

API keys are workspace-scoped — --all verifies every model accessible by the key.

Key flags

Flag Default Description
--reverify / --no-reverify --reverify Re-verify all assertions, not just pending. Catches regressions.
--changed-files FILE none Only verify assertions referencing files listed in FILE. Use git diff --name-only HEAD~1 > changed.txt.
--concurrency N 1 Max concurrent Tier 2 LLM calls. Tune based on API rate limits.
--dry-run off Run verifiers but don't submit results.
--output github text Emit GitHub Actions annotations (errors, warnings, notices).
--tier2-provider none AI provider: openai, anthropic, or ollama. Omit for Tier 1 only.
--tier2-model gpt-4o Model name (e.g., gpt-4o-mini, claude-sonnet-4-5-20250514).

GitHub Action

- uses: Mipiti/mipiti-verify@v0.10.0
  with:
    api-key: ${{ secrets.MIPITI_API_KEY }}
    all: true
    tier2-provider: openai
    tier2-model: gpt-4o-mini
    tier2-api-key: ${{ secrets.OPENAI_API_KEY }}

All assertions are re-verified by default. Use reverify: false to only check new assertions (e.g., to reduce Tier 2 API costs on PRs). Omitting tier2-provider runs Tier 1 only — controls won't reach "verified" status without Tier 2.

Development

git clone https://github.com/Mipiti/mipiti-verify.git
cd mipiti-verify
pip install -e ".[dev]"
python -m pytest -v

License

Proprietary. Copyright (c) 2026 Mipiti, LLC. All rights reserved. See LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for avri from gravatar.com avri

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: LicenseRef-Proprietary
    SPDX License Expression
  • Author: Mipiti
  • Tags ci , mipiti , security , threat-modeling , verification
  • Requires: Python >=3.10
  • Provides-Extra: all , anthropic , dev , openai
Classifiers

Release history Release notifications | RSS feed

0.40.0

0.39.0

0.38.0

0.37.3

0.37.1

0.37.0

0.35.1

0.35.0

0.34.0

0.33.0

0.32.0

0.31.0

0.30.8

0.30.7

0.30.6

0.30.5

0.30.4

0.30.3

0.30.2

0.30.1

0.30.0

0.29.0

0.26.10

0.26.9

0.26.8

0.26.7

0.26.6

0.26.5

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.0

0.24.0

0.23.3

0.23.2

0.22.0

0.21.0

0.20.1

0.19.0

0.18.0

0.17.1

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.0

0.11.0

This version

0.10.1

0.10.0

0.9.1

0.9.0

0.8.2

0.8.1

0.8.0

0.7.1

0.7.0

0.6.0

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.0

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.2.1

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mipiti_verify-0.10.1.tar.gz (35.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mipiti_verify-0.10.1-py3-none-any.whl (31.9 kB view details)

Uploaded Python 3

File details

Details for the file mipiti_verify-0.10.1.tar.gz.

File metadata

  • Download URL: mipiti_verify-0.10.1.tar.gz
  • Upload date:
  • Size: 35.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mipiti_verify-0.10.1.tar.gz
Algorithm Hash digest
SHA256 1bc7497daff12bf35304c1440277a26fd7b5ca8fe9165fcfb098bb5b140e7f68
MD5 cca248dbfaceb891458f3fc84aafa8d3
BLAKE2b-256 3e5666d0889342995df2ad14d0fe9955d2940b8f53669548d372b6b4adfbee7f

See more details on using hashes here.

Provenance

The following attestation bundles were made for mipiti_verify-0.10.1.tar.gz:

Publisher: publish.yml on Mipiti/mipiti-verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mipiti_verify-0.10.1-py3-none-any.whl.

File metadata

  • Download URL: mipiti_verify-0.10.1-py3-none-any.whl
  • Upload date:
  • Size: 31.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mipiti_verify-0.10.1-py3-none-any.whl
Algorithm Hash digest
SHA256 195974fc29ed154f4482e970d3003addaab217baa5b8a749a13c621d27ca5249
MD5 76f18b47ec6cd714d3cf86e56f15ca8e
BLAKE2b-256 cef072a9f56a7e2e5e6e795abb1c4146c3201c93892ae23b0d296f1f2c2dfafd

See more details on using hashes here.

Provenance

The following attestation bundles were made for mipiti_verify-0.10.1-py3-none-any.whl:

Publisher: publish.yml on Mipiti/mipiti-verify

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page