tibet-core 0.5.0b1

Token-based Intent, Behavior, Evidence & Trust - Cryptographic provenance for trustworthy systems. ERIN/ERAAN/EROMHEEN/ERACHTER semantics.

tibet-core

The Linux of AI Provenance

Cryptographic provenance for trustworthy systems. Zero dependencies. Audit-ready.

From microcontrollers to cloud servers — every action gets an immutable, verifiable token.

What is TIBET?

Token-based Intent, Behavior, Evidence & Trust

TIBET captures the four dimensions of every action:

Dimension	Dutch	Meaning
ERIN	"Er in"	What's IN the action (content, data)
ERAAN	"Er aan"	What's attached (dependencies, references)
EROMHEEN	"Er omheen"	Context around it (environment, state)
ERACHTER	"Er achter"	Intent behind it (why this action)

Installation

Python (PyPI)

pip install tibet-core

JavaScript/Node.js (npm) — Rust/WASM kernel

npm install tibet-core

Rust

[dependencies]
tibet-core = "0.1"

Quick Start

from tibet_core import Provider, FileStore

# Create provider with persistent storage
tibet = Provider(
    actor="jis:humotica:my_app",
    store=FileStore("./audit.jsonl")
)

# Record any action with full provenance
token = tibet.create(
    action="user_login",
    erin={"user_id": "alice", "method": "oauth"},
    eraan=["jis:humotica:auth_service"],
    eromheen={"ip": "192.168.1.1", "user_agent": "Mozilla/5.0"},
    erachter="User authentication for dashboard access"
)

# Token is immutable (frozen dataclass)
assert token.verify()
print(token.content_hash)  # SHA-256

# Export audit trail
audit = tibet.export(format="jsonl")

OSAPI Bootstrap (v1.0, new in 0.5.0b1)

The bootstrap() API binds your package to a central tibet-OSAPI service — the v1.0-canonical way to ensure all emits land in one shared chain instead of 100+ independent Provider instances. This is the fork → main move: identity-bound, fail-closed, audit-by-construction.

from tibet_core import bootstrap

# Bind to the central tibet-OSAPI (with a JIS-signed actor-claim)
sess = bootstrap(
    actor="my-package",
    actor_claim=b"<JIS-signed Ed25519 claim>",
)

# emit / query / fork — all flow through the shared chain
result = sess.emit(action="user_login", erin={"user": "alice"})
tokens = sess.query(action="user_login")
fork   = sess.fork(parent_token=result["token_id"], actor_to="worker_b")

No-fail-open discipline

If the OSAPI is unreachable: bootstrap() raises BootstrapError by default. The waakhond mag niet sterven — see the spec for the soft-stop protocol. For dev/test only, set TIBET_SOFT_BOOTSTRAP=1 to degrade to a local ephemeral provider with a loud warning.

Discovery (in order)

1. explicit url= argument
2. env-var TIBET_OSAPI_URL
3. well-known UDS: /var/run/tibet/osapi.sock
4. TCP fallback: 127.0.0.1:18443

Spec

Full wire-protocol: docs/specs/osapi-protocol-v1.md. Pair-companion: jis-core on port 18444 (claim/bind/fira). A non-kernel package binds to both at init — one shared identity-store, one shared chain.

Context Manager (legacy direct-Provider usage)

with Provider(actor="jis:my_app") as tibet:
    tibet.create("init", erachter="Application startup")
    tibet.create("config_load", erin={"env": "production"})
# __exit__ verifies all token integrity automatically

HMAC-SHA256 (Tamper-Evident)

tibet = Provider(actor="jis:my_app", hmac_key=b"your_secret_key")

token = tibet.create("sensitive_action", erin={"data": "classified"})
assert token.verify(b"your_secret_key")   # True
assert token.verify(b"wrong_key")          # False
assert token.verify()                      # False (key required)

Network Bridge

Connect network events to provenance. Every ping, heartbeat, and discovery becomes a Token.

from tibet_core import Provider, NetworkBridge

tibet = Provider(actor="jis:my_hub")
bridge = NetworkBridge(tibet)

# Record network events (works with tibet-ping PingPackets or plain dicts)
bridge.record_ping({"source_did": "jis:sensor:temp1", "target_did": "jis:hub", "ping_type": "heartbeat"})
bridge.record_discovery("jis:new_device", ("192.168.1.50", 7150), "accepted")
bridge.record_trust_change("jis:sensor:temp1", old_trust=0.5, new_trust=0.9, reason="Vouched by admin")
bridge.record_heartbeat("jis:sensor:temp1", addr=("192.168.1.50", 7150), status="healthy")

# All events are auto-chained into a provenance trail

Three-Zone Trust Model

Zone	Score	Behavior
GROEN	>= 0.7	Auto-accept
GEEL	0.3 - 0.7	Pending review
ROOD	< 0.3	Silent drop

Chain Tracing

Follow provenance chains to reconstruct full audit trails:

from tibet_core import Chain

chain = Chain(tibet.store)

# Trace backwards from any token
history = chain.trace(token.token_id)
for t in history:
    print(f"{t.action}: {t.erachter}")

# Verify entire chain integrity
if chain.verify(token.token_id):
    print("Audit trail intact")

# Get chain summary
summary = chain.summary(token.token_id)
print(f"Chain length: {summary['length']}")
print(f"Actors involved: {summary['actors']}")

Storage Backends

MemoryStore (default)

Fast, ephemeral. Good for testing and short sessions.

FileStore

Append-only JSONL. Thread-safe (fcntl locking). Audit-friendly.

from tibet_core import FileStore

store = FileStore("./audit.jsonl")

# Verify file integrity
result = store.verify_file()
if not result["integrity"]:
    print(f"Corrupted tokens: {result['corrupted_ids']}")

# Rotate old tokens to archive
rotated = store.rotate(max_age_days=30)
print(f"Archived {rotated} tokens")

Regulatory Compliance

TIBET provides the audit foundation for:

Standard	TIBET Support
EU CRA	Build provenance, SBOM accountability, audit chains
EU AI Act	Transparency, automated decision traceability
GDPR Art. 22	Automated decision-making audit trails
NIS2	Continuous logging, incident snapshots
ISO 5338	AI lifecycle traceability
ISO 27001	Information security audit trails
SOC 2	Trust service criteria evidence
BIO2	Government security baseline
OWASP	Security event provenance

CRA enforcement starts September 2026. TIBET makes compliance architectural, not bolted-on.

Standards Alignment

IETF Standardization

TIBET and its companion protocols are being standardized at the IETF:

• draft-vandemeent-tibet-provenance — Traceable Intent-Based Event Tokens
• draft-vandemeent-jis-identity — JTel Identity Standard
• draft-vandemeent-upip-process-integrity — Universal Process Integrity Protocol
• draft-vandemeent-rvp-continuous-verification — Real-time Verification Protocol
• draft-vandemeent-ains-discovery — AInternet Name Service

W3C Alignment

• Verifiable Credentials 2.0 — Token structure compatible
• Decentralized Identifiers (DIDs) — Actor identification (jis: format)
• JSON-LD — Semantic context in EROMHEEN

6G Ready

• Designed for AI-native networks (ITU IMT-2030)
• Referenced in IETF 6G AI agent drafts
• Minimal footprint for edge devices

Ecosystem

tibet-core is the provenance kernel. It doesn't try to do everything — it does provenance and delegates the rest.

Layer	Package	What it does
Identity	jis-core	Ed25519 keys, DID documents, bilateral consent
Provenance	tibet-core	TIBET tokens — ERIN/ERAAN/EROMHEEN/ERACHTER
Firewall	snaft	22 immutable rules, OWASP 20/20, FIR/A trust
Network	ainternet	.aint domains, I-Poll messaging, agent discovery
CLI	tibet	tibet create, tibet verify, tibet chain
Compliance	tibet-audit	AI Act, NIS2, GDPR, CRA — 112+ checks
SBOM	tibet-sbom	Supply chain verification with provenance
Triage	tibet-triage	Airlock sandbox, UPIP reproducibility, flare rescue
Discovery	tibet-ping	LAN discovery, heartbeat, mesh relay, IoT transport
Overlay	tibet-overlay	Encrypted mesh, WireGuard+noise, tunnel routing
Timestamps	tibet-y2k38	Y2K38-safe epoch handling

┌───────────────────────────────────────────────────────────────┐
│                      TIBET ECOSYSTEM                          │
├───────────────────────────────────────────────────────────────┤
│                                                               │
│   ┌──────────────┐    ┌──────────────┐   ┌──────────────┐   │
│   │   jis-core    │    │    snaft      │   │  ainternet   │   │
│   │  (identity)   │    │  (firewall)   │   │  (network)   │   │
│   └──────┬───────┘    └──────┬───────┘   └──────┬───────┘   │
│          │                   │                   │            │
│          └───────────┬───────┴───────────┬───────┘            │
│                      ▼                   │                    │
│              ┌──────────────┐            │                    │
│              │  tibet-core   │◄───────────┘                    │
│              │  (the kernel) │                                 │
│              │  Zero deps    │                                 │
│              └──────┬───────┘                                  │
│                     │                                          │
│   ┌─────────┬───────┼───────┬──────────┬──────────┐          │
│   ▼         ▼       ▼       ▼          ▼          ▼          │
│ tibet    tibet-    tibet-  tibet-    tibet-     tibet-          │
│ (CLI)    audit     sbom   triage    ping      overlay         │
│                                   (+ IoT)                     │
│                                                               │
│   Runtimes:  Python (PyPI) · Rust/WASM (npm) · C (embedded)  │
└───────────────────────────────────────────────────────────────┘

Performance

TIBET adds minimal overhead:

Operation	Time
Token creation	~0.1ms
SHA-256 hash	~0.05ms
HMAC-SHA256	~0.06ms
FileStore append (locked)	~0.2ms
Chain trace (100 tokens)	~1ms

Philosophy

"Audit de basis voor elke actie, niet voor communicatie verkeer"

"Audit as foundation for every action, not just traffic"

TIBET doesn't watch the wire. It lives inside the action.

Traditional security monitors traffic. TIBET audits intent.

Whitepaper

DOI: 10.5281/zenodo.18712238 — Full specification of Traceable Intent-Based Event Tokens.

License

MIT OR Apache-2.0

Credits

Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.

TIBET was born from a simple observation: existing audit systems record WHAT happened, but never WHY.

---

Stack-positie: Groep substrate · tibet-OSAPI provider (kernel — exposes the OSAPI other packages bind to) · → jis-core (parallel substraat) · → alle hogere lagen via OSAPI-handshake · See STACK.md · See demo/golden-path/ for the spine end-to-end.

---

Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

Enterprise	enterprise@humotica.com
Support	support@humotica.com
Security	security@humotica.com

See ENTERPRISE.md for details.