Verified Package Mirror — TIBET provenance for package mirrors, supply chain attack detection
Project description
tibet-mirror — Verified Package Mirror with TIBET Provenance
Every mirrored package gets a TIBET token proving: when it was mirrored, from where, and its hash at mirror time.
If upstream changes (supply chain attack), the TIBET chain breaks. The mirror refuses the package.
tibet-mirror is an enterprise-grade package mirror (PyPI, npm) with supply chain attack detection. Every package that enters your mirror is stamped with a TIBET provenance token. If the upstream registry silently replaces a package, the hash mismatch breaks the TIBET chain and your mirror rejects it.
The Supply Chain Attack Problem
Package registries like PyPI and npm are high-value targets. An attacker who compromises an upstream package can inject malicious code into thousands of downstream systems.
[Upstream PyPI] [Your Mirror]
requests==2.31.0 requests==2.31.0
sha256: abc123... mirror_hash: abc123...
| tibet_token: jis:mirror:...
v |
ATTACKER replaces package! tibet-mirror compares:
sha256: def456... (malicious) source_hash != mirror_hash
| TIBET chain BROKEN
v |
Mirror pulls update... --> QUARANTINE. Alert.
Install
pip install tibet-mirror
With Bandersnatch integration:
pip install tibet-mirror[bandersnatch]
Quick Start
from tibet_mirror import MirrorEngine, MirrorPolicy
engine = MirrorEngine(mirror_node="mirror-eu-01")
# Mirror a package — creates TIBET provenance token
record = engine.mirror_package(
name="requests",
version="2.31.0",
source_url="https://pypi.org/simple/requests/",
package_hash="abc123def456...",
)
print(record.verified) # True
print(record.tibet_token_id) # "jis:mirror:a1b2c3d4..."
# Later: verify the package still matches upstream
result = engine.verify_package("requests", "2.31.0")
print(result) # True — hashes still match
# Full integrity check across all mirrored versions
integrity = engine.check_integrity("requests")
print(integrity.drift_detected) # False — no supply chain drift
# Add a policy: block packages with known CVEs
engine.add_policy(MirrorPolicy(
name="block-known-cves",
action="BLOCK",
conditions={"has_cve": True, "severity": "critical"},
description="Block packages with critical CVEs",
))
CLI
tibet-mirror info # Concept overview and supply chain attack scenario
tibet-mirror demo # Demo: mirror packages, detect simulated attack
tibet-mirror policies # Show default mirror policies
tibet-mirror status # Mirror statistics
How It Works
- Mirror — Package is downloaded from upstream (PyPI/npm)
- Hash — SHA-256 of the package at mirror time
- TIBET Token — Provenance token records: who mirrored, when, from where, hash
- Verify — On every sync, compare upstream hash with mirror hash
- Detect — If hashes diverge, the TIBET chain breaks. Package is quarantined.
TIBET Provenance Layers
Every mirrored package creates a TIBET token:
| Layer | Content |
|---|---|
| ERIN | Package name, version, source + mirror hashes |
| ERAAN | Source registry URL, upstream hash at mirror time |
| EROMHEEN | Mirror node, timestamp, operator |
| ERACHTER | Mirror reason (scheduled sync, manual, policy override) |
The token chain proves exactly which packages were mirrored when, and whether they have been tampered with since.
Mirror Policies
| Policy | Action | Description |
|---|---|---|
verify-on-sync |
MIRROR | Always verify hash before accepting upstream update |
block-known-cves |
BLOCK | Refuse packages with known critical CVEs |
quarantine-new |
QUARANTINE | Hold first-time packages for manual review |
block-typosquat |
BLOCK | Refuse packages with names similar to popular packages |
Bandersnatch Integration
tibet-mirror integrates with Bandersnatch, the official PyPI mirror tool:
from tibet_mirror import MirrorEngine
engine = MirrorEngine(mirror_node="bandersnatch-eu-01")
# After Bandersnatch syncs a package, create provenance
record = engine.mirror_package(
name="django",
version="5.0.1",
source_url="https://pypi.org/simple/django/",
package_hash="...",
)
# Scan for upstream drift
drift = engine.scan_upstream("django")
print(drift) # PackageIntegrity showing any version mismatches
Part of the TIBET ecosystem
| Package | Purpose |
|---|---|
tibet-core |
Protocol core |
tibet-y2k38 |
Y2K38 Time Bridge |
tibet-pol |
Process Integrity Checker |
tibet-pqc |
Post-Quantum Crypto Router |
tibet-overlay |
Identity Overlay |
tibet-twin |
Digital Twin Guard |
| tibet-mirror | Verified Package Mirror |
License
MIT — Humotica AI Lab 2025-2026
Authors
- J. van de Meent — jasper@humotica.com
- R. AI (Root AI) — root_idd@humotica.nl
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_mirror-0.1.0.tar.gz.
File metadata
- Download URL: tibet_mirror-0.1.0.tar.gz
- Upload date:
- Size: 12.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
68f9e30dfbbc2062f255e6cd2a02aaee3f7bca1a0f38fc36c222da939d57d50b
|
|
| MD5 |
58a1d5414240f27146f55f9c6c882523
|
|
| BLAKE2b-256 |
d6462680f3633412df194d642e970deeb2517aaa9a1fafc4c29d9fd678833a7b
|
File details
Details for the file tibet_mirror-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tibet_mirror-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b376a78b90743b216db94dd710084bb732d9f937d83156d5299e0a4c5500e72b
|
|
| MD5 |
fd0d64a7b6529bd81d7f51b12818c253
|
|
| BLAKE2b-256 |
aaada444975e321131cad6abb3bb3381ffe2bd0bac0a812937831e5b972b3559
|
