Sealed Authority Module — intent-bound scoped authority capsules for bounded gateway execution
Project description
tibet-sam
Sealed Authority Module.
tibet-sam is the bounded-authority primitive in the TIBET four-W
family:
tibet-vault= WHENtibet-keychain= WHERE/HOWtibet-sam= WHYtibet-gateway= WHERE-EXEC
The point of SAM is simple:
- authorize one bounded act
- without releasing the underlying secret to the caller
Core shape
An agent does not receive a raw API key.
Instead it asks for a sealed authority module that says:
- which intent is allowed
- against which target action
- with which scope constraints
- until when
- under which ephemeral session id
The gateway then:
- breaks seal inside the boundary
- validates manifest constraints
- executes the allowed upstream action
- destroys the ephemeral session
- emits a provenance-sealed response
Sandbox scope
This sketch now emits a real sealed .tza capsule, lets a local
gateway runtime read that capsule directly, and emits a sealed gateway
receipt back out.
It provides:
- package shape
- SAM types
- inspect and verify surfaces
- materialization payload shape
- sealed
.tzamaterialization - local gateway runtime for break-seal, validate, execute, destroy
- sealed gateway receipt shape
- human and JSON rendering
- a small CLI to inspect the model
Commands
tibet-sam info
tibet-sam types
tibet-sam runtime
tibet-sam inspect /tmp/upload-pypi-v4.sam.tza
tibet-sam verify /tmp/upload-pypi-v4.sam.tza
tibet-sam materialize \
--intent upload_package \
--secret-id sec_pypi_001 \
--target-action /upload/pypi \
--actor-id jis:humotica:agent.ai \
--constraint package=tibet-zip \
--constraint registry=pypi \
--valid-for-seconds 300 \
--json
tibet-sam materialize \
--intent upload_package \
--secret-id sec_pypi_001 \
--target-action /upload/pypi \
--actor-id jis:humotica:agent.ai \
--constraint package=tibet-zip \
--constraint registry=pypi \
--identity-dir /tmp/sam-identity \
--emit-bundle /tmp/upload-pypi.sam.tza \
--json
tibet-sam execute \
--sam-file /tmp/upload-pypi.sam.tza \
--requested-action /upload/pypi \
--request-actor jis:humotica:agent.ai \
--gateway-actor jis:humotica:tibet-gateway \
--gateway-identity-dir /tmp/gateway-identity \
--response-bundle /tmp/upload-pypi.sam-receipt.tza \
--constraint package=tibet-zip \
--constraint registry=pypi \
--json
Example SAM payload:
Denied Paths
The package should be able to show why a capsule is denied, not only why a capsule is accepted.
Typical denied cases:
- actor mismatch
- expired SAM
- constraint mismatch
Example:
tibet-sam execute \
--sam-file /tmp/upload-pypi-v4.sam.tza \
--requested-action /upload/pypi \
--request-actor jis:humotica:wrong.actor \
--gateway-actor webshop.admin \
--constraint package=tibet-zip \
--constraint registry=pypi \
--json
And for a structural check:
tibet-sam verify /tmp/upload-pypi-v4.sam.tza --json
Current Runtime Boundary
The current sandbox runtime already performs the bounded flow:
- break seal inside the gateway boundary
- validate actor, target action, and constraints
- open an ephemeral gateway session
- proxy secret use through a local runtime adapter
- destroy the session
- emit a sealed receipt
Current local adapters:
upload_packageto/upload/pypi- a generic bounded fallback executor for other intents
This is enough to prove the runtime shape end-to-end.
What still remains for production is not the authority flow itself, but
real upstream adapters inside the actual tibet-gateway package.
Release Notes For Package Lift
This sandbox is now mature enough for a lift into /packages/tibet-sam
because it already proves:
- sealed authority materialization
- direct
.tzaexecution path - explicit session lifecycle
- sealed receipt emission
- inspect and verify operator surfaces
What is still production-later:
- real upstream adapters inside
tibet-gateway - real external secret backends behind
tibet-keychain - richer policy lanes and revocation handling
Intended next steps
- move the sandbox runtime shape into real
tibet-gatewayboundary hooks - deepen destroy-session semantics around real external adapters
- link to
tibet-keychaincustody records
Short formulation
SAM authorizes the right to perform one bounded act, without releasing the underlying secret.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_sam-0.1.0.tar.gz.
File metadata
- Download URL: tibet_sam-0.1.0.tar.gz
- Upload date:
- Size: 10.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a46ce7d20e42b354714b49d1aaebcce2af7ac2540f74e9ea2611e13548a6b1bb
|
|
| MD5 |
23ec51e83a279ec5cc48c7536951022a
|
|
| BLAKE2b-256 |
d772fca28a135ecc52b14a949f34db4e0c535489fd3863650aa55757934bab43
|
File details
Details for the file tibet_sam-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tibet_sam-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b21403dc8f11f22f1f2aa62181f3e436ee67231aa6ba5a7551d3f854f80d87a5
|
|
| MD5 |
e9a6d3ce5f182c69345978ef400f231e
|
|
| BLAKE2b-256 |
cf76843027e6f79729886ddb9fdcc66b9355c0c05b132c3e447d5ccacb3e8710
|
