Zero-footprint AI materialization. Compute once on GPU, verify everywhere, materialize only with proof.
Project description
tibet-phantom
Zero-Footprint AI Materialization
Compute once on GPU. Verify everywhere. Materialize only with proof.
Data doesn't travel. It materializes.
tibet-phantom orchestrates the full pipeline from GPU inference output to context-bound materialization on edge devices — with zero plaintext in transit, zero plaintext on disk, and a complete TIBET provenance trail.
The Problem
Running 32-layer LLM inference on every edge device is wasteful and often impossible. But sending plaintext results over the network is a security and privacy disaster. What if the output only exists in the hands of the right person — literally?
The Solution
GPU Server Edge Device
─────────── ────────────
LLM inference (once) No re-inference needed
│ │
▼ ▼
tibet-edge: seal output ────────► tibet-mesh: receive
│ │
▼ ▼
tibet-overlay: resolve ◄─────── tibet-overlay: identity
│ identity (CGNAT-proof) │
▼ ▼
provenance chain materialize: context check
│ (heartbeat + gyro + cadence)
▼ │
TIBET audit receipt ┌──────┴──────┐
│ │
MATCH MISMATCH
text appears noise only
in RAM data self-destructs
Five Modules
| Module | Role | Protocol |
|---|---|---|
phantom.seal |
Seal inference output with provenance chain | UPIP |
phantom.resolve |
Resolve device identity (CGNAT-proof) | JIS |
phantom.transport |
Store-and-forward delivery | tibet-mesh |
phantom.materialize |
Context-bound decryption | RVP |
phantom.decode |
Token-to-text on CPU | T-LEX |
Install
pip install tibet-phantom
With all transport + edge dependencies:
pip install tibet-phantom[full]
Quick Start
from phantom import PhantomFlow
# Full local demo
flow = PhantomFlow(model="qwen2.5:32b")
result = flow.demo(
plaintext=b"AI output that should only exist for the right person",
target_identity="jis:my-device",
heartbeat="72bpm_steady",
)
print(result.text) # Only if context matches
print(result.materialized) # True/False
print(result.to_tibet_token()) # Full provenance
Server-side (seal + send)
from phantom import PhantomFlow, PhantomMaterializer
flow = PhantomFlow(model="qwen2.5:32b")
context_key = PhantomMaterializer.build_context_key(
node="target-device", user="jasper",
heartbeat="72bpm", gyro="hand_held", cadence="natural",
)
result = flow.send(plaintext, "jis:pixel-jasper", context_key)
Client-side (materialize + decode)
flow = PhantomFlow()
flow.materializer.set_rvp_signals(
heartbeat="72bpm", gyro="hand_held", cadence="natural",
)
result = flow.receive(envelope_json)
print(result.text) # Text, or empty if context mismatch
Demo
phantom demo
Runs the full 6-step Hackaway demo:
- Seal — GPU inference output sealed with UPIP provenance chain
- Resolve — JIS identity resolution (CGNAT-proof, not IP-based)
- Airplane Mode — Device goes offline, payload queues in mesh, device reconnects with new IP
- Materialize — Right person holds device → L4 hash match → text appears
- Wrong Hands — Someone else holds device → noise → data self-destructs
- TIBET Receipt — Full audit token with provenance chain
Architecture
tibet-phantom builds on four IETF Internet-Drafts:
| Protocol | Draft | Function |
|---|---|---|
| TIBET | draft-vandemeent-tibet-provenance | Provenance chain |
| JIS | draft-vandemeent-jis-identity | Identity binding |
| UPIP | draft-vandemeent-upip-process-integrity | Process integrity + L4 hash |
| RVP | draft-vandemeent-rvp-continuous-verification | Continuous biometric verification |
And three companion packages:
| Package | PyPI | Role |
|---|---|---|
| tibet-edge | tibet-edge | Firmware + inference sealing |
| tibet-mesh | tibet-mesh | P2P store-and-forward transport |
| tibet-overlay | tibet-overlay | CGNAT-proof identity overlay |
Key Properties
- Zero plaintext in transit — Output is encrypted with context-derived key before leaving GPU
- Zero plaintext on disk — Ciphertext only; plaintext exists only in RAM during materialization
- Context-bound — Decryption key derived from hardware + identity + biometric signals (RVP)
- Self-destructing — Wrong context = cryptographic noise, not decryption error
- CGNAT-proof — Identity is cryptographic (JIS), not topological (IP address)
- Airplane-mode resilient — Store-and-forward mesh delivers when device reconnects
- Auditable — Every step creates a TIBET provenance record
License
MIT — Humotica AI Lab
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_phantom-0.1.0.tar.gz.
File metadata
- Download URL: tibet_phantom-0.1.0.tar.gz
- Upload date:
- Size: 17.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c278393633a349f8c420dc2be7bdbaf4cd2b707ef11ae1a8f0cb40e0487153f
|
|
| MD5 |
832b3f5b43f2c06a0d2c15dc6f6da71e
|
|
| BLAKE2b-256 |
0749e9737f3d906f6fb8400ac85ea12a48adaecd489b099c4752e2d96333c125
|
File details
Details for the file tibet_phantom-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tibet_phantom-0.1.0-py3-none-any.whl
- Upload date:
- Size: 18.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
926b9f8ef4319cbb32d554a65c9ea54b776f3ca1dcdc6e2ebf0f0dd58165fefb
|
|
| MD5 |
642805f0791a60eb7c3295b8515e22f3
|
|
| BLAKE2b-256 |
d49ed18ce105c9a7ede1ad0408e3251e09ca50fef22b73139e46030fcf2ef101
|
