Audit dossier assembler — verifiable remediation reports from TIBET provenance chains
Project description
tibet-report
Audit dossier assembler with TIBET provenance — verifiable remediation reports.
Part of the TIBET ecosystem by Humotica.
What it does
tibet-report assembles evidence from TIBET token chains, wayback seals, pol health checks, and Phantom sessions into a single verifiable audit dossier.
The report is not the proof — the chain of tokens, seals, and manifests is. tibet-report makes that chain readable for humans and verifiable for auditors.
Install
pip install tibet-report
Quick start
from tibet_report import ReportSession, build_dossier
session = ReportSession(
report_id="RPT-001",
title="Security Remediation — Example Corp",
customer="Example Corp",
created_by="Jasper van de Meent — Humotica",
)
session.add_finding("SSL chain broken", "Intermediate cert missing")
session.add_action("Added intermediate cert to nginx", status="fixed")
session.add_verification("SSL verified with openssl", status="verified")
report_path, manifest = build_dossier(session, output_dir="./reports")
CLI
# Build a dossier
tibet-report build \
--customer "Example Corp" \
--assessor "Jasper van de Meent" \
--tokens remediation_chain.json \
--pre-seal pre_fix.json \
--post-seal post_fix.json \
--out ./reports
# Verify dossier integrity
tibet-report verify reports/RPT-001.md --manifest reports/RPT-001.manifest.json
Chain of custody
Every dossier includes a manifest that binds the report to its source evidence:
- SHA256 hashes of all input artifacts (tokens, seals, pol runs)
- SHA256 hash of the generated report
- Chain-of-custody hash combining all above
- Optional TIBET dossier token for provenance
Tampering with the report after generation is detectable via tibet-report verify.
Input sources
| Source | Package | What it provides |
|---|---|---|
| TIBET tokens | tibet-core |
Step-by-step provenance chain |
| Wayback seals | tibet-wayback |
Pre/post system state snapshots |
| Wayback diffs | tibet-wayback |
What changed between states |
| Pol runs | tibet-pol |
Health check results |
| Phantom sessions | phantom |
Session context (who/when/where) |
Output
- Markdown — readable, diffable, git-friendly
- HTML — formatted for clients and auditors
- JSON manifest — machine-readable chain-of-custody
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_report-0.1.0.tar.gz.
File metadata
- Download URL: tibet_report-0.1.0.tar.gz
- Upload date:
- Size: 17.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81f35925ed15bef50a850c899d147c22e8e2a6e29f620c592e84d508475538a8
|
|
| MD5 |
e9410ff5f0eff0f9a45269f5c29d5fa5
|
|
| BLAKE2b-256 |
ed6fe881d34af3b34dbeb212e1359fbdf1c5980f0f9ad3bba10bff47f533e330
|
File details
Details for the file tibet_report-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tibet_report-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9b619f9e127979b0b7cebd32b27bf78f63370dedaef80aff6959f81122c6025c
|
|
| MD5 |
9ccf7a5a045c1e66339bbfbe3ef1e0e7
|
|
| BLAKE2b-256 |
4b142b47ea57ee4d088e11c1cc44d2c0a17ee5e0d48812b78dba9eaf17f81c2e
|
