Skip to main content

Sealed Authority Module — intent-bound scoped authority capsules for bounded gateway execution

Project description

tibet-sam

Sealed Authority Module.

tibet-sam is the bounded-authority primitive in the TIBET four-W family:

  • tibet-vault = WHEN
  • tibet-keychain = WHERE/HOW
  • tibet-sam = WHY
  • tibet-gateway = WHERE-EXEC

The point of SAM is simple:

  • authorize one bounded act
  • without releasing the underlying secret to the caller

Core shape

An agent does not receive a raw API key.

Instead it asks for a sealed authority module that says:

  • which intent is allowed
  • against which target action
  • with which scope constraints
  • until when
  • under which ephemeral session id

The gateway then:

  1. breaks seal inside the boundary
  2. validates manifest constraints
  3. executes the allowed upstream action
  4. destroys the ephemeral session
  5. emits a provenance-sealed response

Current Package Scope

This package now emits a real sealed .tza capsule, lets a local gateway runtime read that capsule directly, and emits a sealed gateway receipt back out.

It provides:

  • package shape
  • SAM types
  • inspect and verify surfaces
  • keychain-aware validation bridge
  • materialization payload shape
  • sealed .tza materialization
  • local gateway runtime for break-seal, validate, execute, destroy
  • one real tibet-gateway HTTP proxy adapter
  • sealed gateway receipt shape
  • human and JSON rendering
  • a small CLI to inspect the model

Commands

tibet-sam info
tibet-sam types
tibet-sam runtime
tibet-sam inspect /tmp/upload-pypi-v4.sam.tza
tibet-sam verify /tmp/upload-pypi-v4.sam.tza
tibet-sam verify /tmp/proxy-http.sam.tza --keychain-record /tmp/keychain-ok.json
tibet-sam materialize \
  --intent upload_package \
  --secret-id sec_pypi_001 \
  --target-action /upload/pypi \
  --actor-id jis:humotica:agent.ai \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --valid-for-seconds 300 \
  --json

tibet-sam materialize \
  --intent upload_package \
  --secret-id sec_pypi_001 \
  --target-action /upload/pypi \
  --actor-id jis:humotica:agent.ai \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --identity-dir /tmp/sam-identity \
  --emit-bundle /tmp/upload-pypi.sam.tza \
  --json

tibet-sam execute \
  --sam-file /tmp/upload-pypi.sam.tza \
  --requested-action /upload/pypi \
  --request-actor jis:humotica:agent.ai \
  --gateway-actor jis:humotica:tibet-gateway \
  --gateway-identity-dir /tmp/gateway-identity \
  --response-bundle /tmp/upload-pypi.sam-receipt.tza \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --json

tibet-sam materialize \
  --intent proxy_external_call \
  --secret-id sec_pypi_001 \
  --target-action /proxy/http \
  --actor-id jis:humotica:jasper.admin \
  --policy-lane proxy-egress \
  --upstream-url https://example.com/api \
  --upstream-method POST \
  --payload-json /tmp/gateway-payload.json \
  --keychain-record /tmp/keychain-ok.json \
  --constraint host=example.com \
  --identity-dir /tmp/tcbom-admin-id \
  --emit-bundle /tmp/proxy-http.sam.tza \
  --json

Examples:

Denied Paths

The package should be able to show why a capsule is denied, not only why a capsule is accepted.

Typical denied cases:

  • actor mismatch
  • expired SAM
  • constraint mismatch
  • keychain record says exposed or rotation required
  • receipt required but no response bundle supplied
  • proxy adapter requested without a tibet-gateway base URL

Example:

tibet-sam execute \
  --sam-file /tmp/upload-pypi-v4.sam.tza \
  --requested-action /upload/pypi \
  --request-actor jis:humotica:wrong.actor \
  --gateway-actor webshop.admin \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --json

And for a structural check:

tibet-sam verify /tmp/upload-pypi-v4.sam.tza --json

Current Runtime Boundary

The current sandbox runtime already performs the bounded flow:

  1. break seal inside the gateway boundary
  2. validate actor, target action, and constraints
  3. open an ephemeral gateway session
  4. proxy secret use through a local runtime adapter
  5. destroy the session
  6. emit a sealed receipt

Current local adapters:

  • upload_package to /upload/pypi
  • proxy_external_call to /proxy/http via a real tibet-gateway endpoint
  • a generic bounded fallback executor for other intents

This is enough to prove the runtime shape end-to-end. What still remains for production is not the authority flow itself, but real upstream adapters inside the actual tibet-gateway package.

keychain Coupling

tibet-sam can already validate against a keychain metadata record.

Current checks:

  • secret_id must match
  • leaked exposure states are denied
  • rotation_required=true is denied
  • active_operator_id, when present, must match the SAM actor

This gives SAM a first real bridge into custody state rather than treating secret_id as an ungoverned string.

Release Notes For Package Lift

This package is intentionally small, but already proves:

  • sealed authority materialization
  • direct .tza execution path
  • explicit session lifecycle
  • sealed receipt emission
  • inspect and verify operator surfaces
  • keychain-aware validation
  • policy-lane and receipt semantics
  • one real tibet-gateway proxy adapter path

What is still production-later:

  • real upstream adapters inside tibet-gateway
  • richer keychain storage and rotation backends
  • deeper policy lanes and revocation handling

Intended next steps

  • move the sandbox runtime shape into real tibet-gateway boundary hooks
  • deepen destroy-session semantics around real external adapters
  • add receipt correlation and policy-lane explain views

Short formulation

SAM authorizes the right to perform one bounded act, without releasing the underlying secret.

Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

Enterprise enterprise@humotica.com
Support support@humotica.com
Security security@humotica.com

License

MIT

Credits

Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.


Stack-positie: Groep safety · Bootstrap = OSAPI-handshake naar tibet + jis (fail → snaft-rule + tibet-pol-rapport) · ← tibet-keychain · tibet-gateway → · See STACK.md · See demo/golden-path/ for the spine end-to-end.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tibet_sam-0.1.2.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tibet_sam-0.1.2-py3-none-any.whl (16.6 kB view details)

Uploaded Python 3

File details

Details for the file tibet_sam-0.1.2.tar.gz.

File metadata

  • Download URL: tibet_sam-0.1.2.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for tibet_sam-0.1.2.tar.gz
Algorithm Hash digest
SHA256 a395e4f818a10da4c5f9e14db2012d308e5c0b777f3f5fe26cea9564c7a66dc7
MD5 b56f2eedea13ee137842c6f858c93b98
BLAKE2b-256 b760fadd85dfa2bbb8ec94cc97584c25a3f7c2c93cb87eccd1586df9d299d9ae

See more details on using hashes here.

File details

Details for the file tibet_sam-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: tibet_sam-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 16.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for tibet_sam-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0f70a27a42616894dadf2deeff9831c026c4ab7be52e26053009052ff0d2227d
MD5 a4e613cba42581c114ea5a2530775213
BLAKE2b-256 9735765b6391b93517b0b6cb0966cfd7dd33900328b6f39b98f0e637a57b876e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page