Skip to main content

Continuity bill of materials and State of Manifest inspector for sealed TIBET envelopes.

Project description

tibet-cbom

Continuity Bill of Materials and State of Manifest inspector for sealed TIBET envelopes.

This sandbox package sketches a tool family around two closely related ideas:

  • CBOM
    • continuity-aware bill of materials
    • what is in the object, plus how that object sits in a continuity chain
  • SoM
    • State of Manifest
    • who asserted what, when, and how the manifest/surface relationship evolved over time

The first operator surface is intentionally simple:

tibet-cbom inspect file.tza
tibet-cbom inspect file.tza --json

And the more human/forensic framing remains available through the alias:

tibet-som inspect file.tza

Why this exists

Normal file inspection answers:

  • what is this file called
  • how large is it
  • what extension does it have

CBOM / SoM should answer richer questions:

  • what class of sealed object is this
  • what does its canonical surface appear to be
  • what continuity identifiers are attached
  • what events happened to it over time
  • when was it renamed
  • when was it verified
  • when was a surface mismatch marked as partial or suspicious

That makes tibet-cbom feel less like file(1) and more like:

  • git log
  • for continuity-bearing envelopes

Current sandbox scope

This skeleton does not claim full TBZ parsing yet.

It provides:

  • package layout
  • datamodel sketch
  • CLI shape
  • human and JSON rendering
  • a first local file inspector that can grow into real manifest/event extraction later
  • optional continuityd audit JSONL merge for early SoM timelines

Commands

inspect

Compact human summary or JSON object.

tibet-cbom inspect 2026-05-12.peer-eval.claude.urgent.tza
tibet-cbom inspect vergadering-dinsdag.pdf
tibet-cbom inspect file.tza --json
tibet-cbom inspect file.tza --audit-file expected-audit-example.jsonl

timeline

Reserved for a later event-only view.

tibet-cbom timeline file.tza
tibet-cbom timeline file.tza --audit-file expected-audit-example.jsonl --json

authority

Compact current authority state.

tibet-cbom authority file.tza
tibet-cbom authority file.tza --json

verify

Explicit manifest and authority-step consistency check.

tibet-cbom verify file.tza
tibet-cbom verify file.tza --json
tibet-cbom verify file.tza --audit-file expected-audit-example.jsonl

rewrap

Sandbox ownership-transition event sketch.

tibet-cbom rewrap task.tza \
  --audit-file audit.jsonl \
  --actor jis:humotica:jasper.admin \
  --authority-mode admin \
  --transition-type freeze \
  --status frozen \
  --effective-assignee jis:humotica:agent.ai \
  --reason "manual triage hold" \
  --freeze-reason-code human-review

If you also want a sandbox sealed bundle:

tibet-cbom rewrap task.tza \
  --audit-file audit.jsonl \
  --actor jis:humotica:jasper.admin \
  --authority-mode admin \
  --transition-type freeze \
  --status frozen \
  --effective-assignee jis:humotica:agent.ai \
  --reason "manual triage hold" \
  --freeze-reason-code human-review \
  --identity-dir ./admin-identity \
  --emit-bundle /tmp/admin-freeze.tza

Basic policy guards now apply:

  • handoff requires --handoff-target
  • freeze requires --freeze-reason-code
  • authority-mode=admin expects an admin actor id
  • emitted bundle signing identity must match transition actor

Data model direction

The package uses two main record types:

  • CBOMDocument
    • file path
    • human name
    • canonical name hint
    • continuity identifiers
    • surface status
    • material facts
    • event timeline
  • SoMEvent
    • timestamp
    • action
    • actor
    • action id
    • notes / fields

This keeps the distinction clear:

  • CBOM is the object summary
  • SoM is the walkable event chain inside or around that object

Current known sealed payloads include:

  • ownership transitions
  • SAM gateway receipts

So a sealed sam_gateway_receipt is no longer treated as an opaque payload; it lands as a first-class sam-executed event in the local SoM timeline.

Likely next steps

  • extract canonical surface from real manifests
  • map continuity IDs from real payloads/manifests
  • render surface status transitions:
    • MATCH
    • PARTIAL
    • DISGUISED
    • RENAMED
  • deepen verify into fuller chain integrity / succession validation

Short framing

VCs answer:

  • who are you

SoM answers:

  • what did you manifest and when

CBOM then becomes the readable continuity-aware object view that ties those together.

Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

Enterprise enterprise@humotica.com
Support support@humotica.com
Security security@humotica.com

License

MIT

Credits

Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.


Stack-positie: Groep evidence · Bootstrap = OSAPI-handshake naar tibet + jis (fail → snaft-rule + tibet-pol-rapport) · ← tibet-continuityd · tibet-sbom → · See STACK.md · See demo/golden-path/ for the spine end-to-end.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tibet_cbom-0.2.2.tar.gz (19.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tibet_cbom-0.2.2-py3-none-any.whl (22.5 kB view details)

Uploaded Python 3

File details

Details for the file tibet_cbom-0.2.2.tar.gz.

File metadata

  • Download URL: tibet_cbom-0.2.2.tar.gz
  • Upload date:
  • Size: 19.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for tibet_cbom-0.2.2.tar.gz
Algorithm Hash digest
SHA256 cd577d2cbeff9fdad69f1fd346614d4da1446ed368f540ff5394daaa6eb6544e
MD5 c5360e01d0abad721a52c3df5184fc75
BLAKE2b-256 eca466ead1e9bec5fbc459d35fbad7a7933fbfc52bf6eb7d940f803b23ce5b6d

See more details on using hashes here.

File details

Details for the file tibet_cbom-0.2.2-py3-none-any.whl.

File metadata

  • Download URL: tibet_cbom-0.2.2-py3-none-any.whl
  • Upload date:
  • Size: 22.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for tibet_cbom-0.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 2ad6019e70789b7eb3a4f936cbc6f5e210489bbe99ea4faeea8d7b89fafa5e8b
MD5 c1202b87b8e638856659af7ec0b02813
BLAKE2b-256 6fa3c6fde377c0c99b77239449948058fea429274d6c6ddf0018aa2f48bff54a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page