tibet-report 0.1.2

Audit dossier assembler — verifiable remediation reports from TIBET provenance chains

tibet-report

Audit dossier assembler with TIBET provenance — verifiable remediation reports.

Part of the TIBET ecosystem by Humotica.

What it does

tibet-report assembles evidence from TIBET token chains, wayback seals, pol health checks, and Phantom sessions into a single verifiable audit dossier.

The report is not the proof — the chain of tokens, seals, and manifests is. tibet-report makes that chain readable for humans and verifiable for auditors.

Install

pip install tibet-report

Quick start

from tibet_report import ReportSession, build_dossier

session = ReportSession(
    report_id="RPT-001",
    title="Security Remediation — Example Corp",
    customer="Example Corp",
    created_by="Jasper van de Meent — Humotica",
)

session.add_finding("SSL chain broken", "Intermediate cert missing")
session.add_action("Added intermediate cert to nginx", status="fixed")
session.add_verification("SSL verified with openssl", status="verified")

report_path, manifest = build_dossier(session, output_dir="./reports")

CLI

# Build a dossier
tibet-report build \
  --customer "Example Corp" \
  --assessor "Jasper van de Meent" \
  --tokens remediation_chain.json \
  --pre-seal pre_fix.json \
  --post-seal post_fix.json \
  --out ./reports

# Verify dossier integrity
tibet-report verify reports/RPT-001.md --manifest reports/RPT-001.manifest.json

Chain of custody

Every dossier includes a manifest that binds the report to its source evidence:

• SHA256 hashes of all input artifacts (tokens, seals, pol runs)
• SHA256 hash of the generated report
• Chain-of-custody hash combining all above
• Optional TIBET dossier token for provenance

Tampering with the report after generation is detectable via tibet-report verify.

Input sources

Source	Package	What it provides
TIBET tokens	tibet-core	Step-by-step provenance chain
Wayback seals	tibet-wayback	Pre/post system state snapshots
Wayback diffs	tibet-wayback	What changed between states
Pol runs	tibet-pol	Health check results
Phantom sessions	phantom	Session context (who/when/where)

Output

• Markdown — readable, diffable, git-friendly
• HTML — formatted for clients and auditors
• JSON manifest — machine-readable chain-of-custody

Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

Enterprise	enterprise@humotica.com
Support	support@humotica.com
Security	security@humotica.com

License

MIT

Credits

Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.

---

Stack-positie: Groep evidence · Bootstrap = OSAPI-handshake naar tibet + jis (fail → snaft-rule + tibet-pol-rapport) · ← tibet-nis2 · See STACK.md · See demo/golden-path/ for the spine end-to-end.