Sovereign external API proxy with TIBET provenance — egress control, intent verification, host allowlist
Project description
tibet-gateway
Alpha -- API may change between versions.
Sovereign external API proxy with TIBET provenance. Routes all AI agent egress traffic through a single gateway with host allowlist, intent verification (SNAFT), and provenance sealing.
Install
pip install tibet-gateway
Quick start
1. Configure allowed hosts (safe default: block all)
export TIBET_GATEWAY_ALLOWED_HOSTS=api.openai.com,api.anthropic.com
2. Start the gateway
tibet-gateway serve --port 8080
3. Proxy a call
curl -X POST http://localhost:8080/proxy \
-H "Content-Type: application/json" \
-d '{
"agent_id": "my-bot.aint",
"intent": "summarize_text",
"target_url": "https://api.openai.com/v1/chat/completions",
"method": "POST",
"payload": {"model": "gpt-4", "messages": [{"role": "user", "content": "Hello"}]}
}'
The response includes the original API response plus a TIBET seal with full provenance.
4. Check stats
tibet-gateway stats
What happens on each call
- Host check -- target domain must be in
TIBET_GATEWAY_ALLOWED_HOSTS - TIBET envelope -- mint provenance token (actor, intent, timestamp)
- SNAFT check -- verify payload matches declared intent
- Identity headers -- attach AINS identity and TBZ signature
- Proxy -- forward to external API
- Seal -- wrap response with TIBET seal and log stats
Configuration
| Environment variable | Description | Default |
|---|---|---|
TIBET_GATEWAY_ALLOWED_HOSTS |
Comma-separated list of allowed domains | empty (block all) |
Part of the TIBET ecosystem
- tibet -- core provenance tokens
- tibet-airlock -- sandbox execution
- tibet-mux -- channel multiplexing
Authors: Jasper van de Meent, Gemini & Root AI (Humotica AI fAmIly) License: MIT
Enterprise
For private hub hosting, SLA support, custom integrations, or compliance guidance:
| Enterprise | enterprise@humotica.com |
| Support | support@humotica.com |
| Security | security@humotica.com |
See ENTERPRISE.md for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_gateway-0.3.0.tar.gz.
File metadata
- Download URL: tibet_gateway-0.3.0.tar.gz
- Upload date:
- Size: 14.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
82631dd59a208f289c824ce07f4d02860046eb5f6cbf5f9f117b745bf02f42b5
|
|
| MD5 |
620111cbb6c9ba07d1b9869733c383a2
|
|
| BLAKE2b-256 |
83045dda30c829260785c1be5a915b01700ae7dd75245710eb8806d93bd69cb8
|
File details
Details for the file tibet_gateway-0.3.0-py3-none-any.whl.
File metadata
- Download URL: tibet_gateway-0.3.0-py3-none-any.whl
- Upload date:
- Size: 9.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
69e85b1ce83f6ac978842254d40e936a5d831750f04675791e8fc1caf14f1723
|
|
| MD5 |
f3d6fac19d3e59deb88d2d1570f60c34
|
|
| BLAKE2b-256 |
e881cdb209b1abf9e0660c727997749d62f1bfb46b362034459c0c9b4450c8ed
|
