Immutable Database Proxy — turns any database into a cryptographically verifiable ledger with TIBET provenance
Project description
tibet-db — Immutable Database Proxy
Every query gets a TIBET token. No exceptions.
No blockchain nonsense, just crypto + provenance.
tibet-db is a proxy that sits between your application and your database. Every SQL/NoSQL query is intercepted and receives a cryptographically verifiable TIBET provenance token. This turns any legacy database into an immutable, auditable ledger — without changing a single line of application code.
Architecture
[App] --SQL--> [tibet-db proxy] --SQL--> [PostgreSQL/MongoDB]
|
TIBET token
├── ERIN: the query itself, query type, affected tables
├── ERAAN: caller JIS identity, connection info
├── EROMHEEN: timestamp, proxy node, database target
└── ERACHTER: intent/context provided by caller
Every query — SELECT, INSERT, UPDATE, DELETE, DDL — gets a token. Dangerous queries (DROP TABLE, DELETE without WHERE) are blocked or flagged by policy.
Use Cases
- Forensics after a hack — "Show me every query from this IP in the last 72 hours"
- Compliance audit — Prove who changed what, when, and why
- Mutation tracking — Full history of every write operation with provenance
- Policy enforcement — Block DROP TABLE in production, alert on DELETE without WHERE
Install
pip install tibet-db
Quick Start
from tibet_db import QueryProxy, QueryPolicy
proxy = QueryProxy(database_target="postgresql://localhost/mydb")
# Intercept a query
record = proxy.intercept(
query="SELECT * FROM users WHERE id = 42",
caller_id="jis:backend-api:v2.1",
context={"endpoint": "/api/users/42", "method": "GET"},
)
print(record.allowed) # True
print(record.query_type) # "SELECT"
print(record.tibet_token_id) # "a3f8c1e2..."
# Block dangerous queries by default
record = proxy.intercept(
query="DROP TABLE users",
caller_id="jis:dev-intern:session-7",
)
print(record.allowed) # False — blocked by default policy
# Search query history
records = proxy.query_log(caller_id="jis:dev-intern:session-7")
# Forensics mode
suspicious = proxy.forensics(query_pattern="DROP|TRUNCATE|DELETE.*users")
Default Policies
tibet-db ships with three default policies:
| Policy | Targets | Action | Description |
|---|---|---|---|
block-drop-table |
DDL | BLOCK | Blocks DROP TABLE / DROP DATABASE |
alert-delete-no-where |
DELETE | ALERT | Flags DELETE without WHERE clause |
alert-privilege-change |
DDL | ALERT | Flags GRANT / REVOKE statements |
Add custom policies:
from tibet_db import QueryPolicy
proxy.add_policy(QueryPolicy(
name="block-production-truncate",
query_types=["DDL"],
pattern=r"TRUNCATE\s+",
action="BLOCK",
description="No truncation in production",
))
CLI
tibet-db info # Concept overview and architecture
tibet-db demo # Interactive demo: queries, tokens, blocked DROP TABLE
tibet-db policies # Show default security policies
tibet-db forensics # Demo forensics mode (simulate post-hack investigation)
Why Not Just Database Logs?
Database logs tell you what happened. tibet-db tells you:
- Who — JIS-verified caller identity, not just a connection string
- What — The exact query, classified by type, with affected tables
- When — Cryptographically timestamped, not filesystem time
- Why — Application context: which endpoint, which user action, which intent
All four, chained together in a tamper-evident TIBET token.
License
MIT — Humotica AI Lab 2025-2026
Credits
Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.
Stack-positie: Groep evidence · Bootstrap = OSAPI-handshake naar tibet + jis (fail → snaft-rule + tibet-pol-rapport) · ← tibet-core · tibet-cbom → · See STACK.md · See demo/golden-path/ for the spine end-to-end.
Enterprise
For private hub hosting, SLA support, custom integrations, or compliance guidance:
| Enterprise | enterprise@humotica.com |
| Support | support@humotica.com |
| Security | security@humotica.com |
See ENTERPRISE.md for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_db-0.1.1.tar.gz.
File metadata
- Download URL: tibet_db-0.1.1.tar.gz
- Upload date:
- Size: 12.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
66806584de95110b948353e989c0164d564274ac5f525a49b1e8d1116d887d49
|
|
| MD5 |
b3f8933c22abf4324b9d17dbee89093a
|
|
| BLAKE2b-256 |
1413d37f808cff8b58e7ee8ba0dfd212324f4c15fc66989a210b5f5e17293fa0
|
File details
Details for the file tibet_db-0.1.1-py3-none-any.whl.
File metadata
- Download URL: tibet_db-0.1.1-py3-none-any.whl
- Upload date:
- Size: 14.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
042b47ffeb14c877cfce7c053129314f22710d19f38dbfe91b61627a1a26e1ee
|
|
| MD5 |
d0e77d4e506d40361ac68da57ee295ef
|
|
| BLAKE2b-256 |
f18e65bf7ac2eea607a9532ba62fcda627bbf7acb95c976df81c7070ebc030b9
|
