Zero-trust sandbox with TIBET provenance — kernel isolation in <1ms, cryptographic proof of every execution
Project description
tibet-airlock
Zero-trust sandbox with TIBET provenance. Kernel isolation in <1ms, cryptographic proof of every execution.
Python client + SNAFT bindings for the tibet-airlock Rust binary.
Install
pip install tibet-airlock
Or as part of the TIBET security bundle:
pip install tibet[security]
Use with Airlock binary (full isolation)
# Terminal 1: start the airlock
cargo install tibet-airlock
tibet-airlock
# Terminal 2: Python
from tibet_airlock import Airlock
result = Airlock.run("code:execute", "print('hello world')")
print(result.status) # 200
print(result.safe) # True
print(result.roundtrip_ms) # 0.6
print(result.token) # TIBET provenance token
Use SNAFT directly (no binary needed)
from tibet_airlock import SnaftMonitor
# Monitor syscalls for an intent
monitor = SnaftMonitor("code:execute")
monitor.log_syscall("sys_write") # OK
monitor.log_syscall("sys_socket") # VIOLATION - network access!
decision = monitor.triage()
print(decision.is_safe) # False
print(decision.violations) # ['sys_socket (blocked: dangerous syscall for any intent)']
# Or scan a payload string
monitor = SnaftMonitor("code:execute")
detected = monitor.scan_payload("import os; os.system('curl evil.com')")
decision = monitor.triage()
print(decision.is_kill) # True
How it works
Intent -> Snapshot Wake (<0.01ms) -> SNAFT Monitor -> Triage -> TIBET Token
- Intent routing — each intent maps to a pre-warmed microVM snapshot
- SNAFT monitoring — every syscall checked against intent-specific allowlist
- Triage — violations = instant kill, clean = graceful shutdown
- TIBET token — cryptographic proof of what happened (the 4 dimensions: erin, eraan, eromheen, erachter)
Blocked syscalls (always dangerous)
sys_ptrace, sys_socket, sys_connect, sys_dlopen, sys_fork, sys_clone, sys_mount, sys_reboot, sys_kexec_load
Part of TIBET
- Rust binary: crates.io/crates/tibet-airlock
- Full ecosystem:
pip install tibet[full](28 packages) - Website: ainternet.org
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_airlock-0.1.0.tar.gz.
File metadata
- Download URL: tibet_airlock-0.1.0.tar.gz
- Upload date:
- Size: 6.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
28d1e219848e2763e758f3694a5a23eae6a683ba54444183efda6459e4b5e065
|
|
| MD5 |
ee6d54941c06a79626a28838c4ed2d42
|
|
| BLAKE2b-256 |
fce4c08aca94cf3ec15b61810904abc36f9bf33d1dcadd55cd6409cd4428aaf3
|
File details
Details for the file tibet_airlock-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tibet_airlock-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
290932cdf817083b87d23cd839de067e5b9fcb4a1efc2791b04e11b054ebfd2a
|
|
| MD5 |
572914e1304571fc34bb9e239e519a29
|
|
| BLAKE2b-256 |
0b28d2974120526102d9aeb990dcbf5d5ae091b1ef5590156a817608163b2dae
|
