Skip to main content

Sealed Authority Module — intent-bound scoped authority capsules for bounded gateway execution

Project description

tibet-sam

Sealed Authority Module.

tibet-sam is the bounded-authority primitive in the TIBET four-W family:

  • tibet-vault = WHEN
  • tibet-keychain = WHERE/HOW
  • tibet-sam = WHY
  • tibet-gateway = WHERE-EXEC

The point of SAM is simple:

  • authorize one bounded act
  • without releasing the underlying secret to the caller

Core shape

An agent does not receive a raw API key.

Instead it asks for a sealed authority module that says:

  • which intent is allowed
  • against which target action
  • with which scope constraints
  • until when
  • under which ephemeral session id

The gateway then:

  1. breaks seal inside the boundary
  2. validates manifest constraints
  3. executes the allowed upstream action
  4. destroys the ephemeral session
  5. emits a provenance-sealed response

Current Package Scope

This package now emits a real sealed .tza capsule, lets a local gateway runtime read that capsule directly, and emits a sealed gateway receipt back out.

It provides:

  • package shape
  • SAM types
  • inspect and verify surfaces
  • keychain-aware validation bridge
  • materialization payload shape
  • sealed .tza materialization
  • local gateway runtime for break-seal, validate, execute, destroy
  • one real tibet-gateway HTTP proxy adapter
  • sealed gateway receipt shape
  • human and JSON rendering
  • a small CLI to inspect the model

Commands

tibet-sam info
tibet-sam types
tibet-sam runtime
tibet-sam inspect /tmp/upload-pypi-v4.sam.tza
tibet-sam verify /tmp/upload-pypi-v4.sam.tza
tibet-sam verify /tmp/proxy-http.sam.tza --keychain-record /tmp/keychain-ok.json
tibet-sam materialize \
  --intent upload_package \
  --secret-id sec_pypi_001 \
  --target-action /upload/pypi \
  --actor-id jis:humotica:agent.ai \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --valid-for-seconds 300 \
  --json

tibet-sam materialize \
  --intent upload_package \
  --secret-id sec_pypi_001 \
  --target-action /upload/pypi \
  --actor-id jis:humotica:agent.ai \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --identity-dir /tmp/sam-identity \
  --emit-bundle /tmp/upload-pypi.sam.tza \
  --json

tibet-sam execute \
  --sam-file /tmp/upload-pypi.sam.tza \
  --requested-action /upload/pypi \
  --request-actor jis:humotica:agent.ai \
  --gateway-actor jis:humotica:tibet-gateway \
  --gateway-identity-dir /tmp/gateway-identity \
  --response-bundle /tmp/upload-pypi.sam-receipt.tza \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --json

tibet-sam materialize \
  --intent proxy_external_call \
  --secret-id sec_pypi_001 \
  --target-action /proxy/http \
  --actor-id jis:humotica:jasper.admin \
  --policy-lane proxy-egress \
  --upstream-url https://example.com/api \
  --upstream-method POST \
  --payload-json /tmp/gateway-payload.json \
  --keychain-record /tmp/keychain-ok.json \
  --constraint host=example.com \
  --identity-dir /tmp/tcbom-admin-id \
  --emit-bundle /tmp/proxy-http.sam.tza \
  --json

Examples:

Denied Paths

The package should be able to show why a capsule is denied, not only why a capsule is accepted.

Typical denied cases:

  • actor mismatch
  • expired SAM
  • constraint mismatch
  • keychain record says exposed or rotation required
  • receipt required but no response bundle supplied
  • proxy adapter requested without a tibet-gateway base URL

Example:

tibet-sam execute \
  --sam-file /tmp/upload-pypi-v4.sam.tza \
  --requested-action /upload/pypi \
  --request-actor jis:humotica:wrong.actor \
  --gateway-actor webshop.admin \
  --constraint package=tibet-zip \
  --constraint registry=pypi \
  --json

And for a structural check:

tibet-sam verify /tmp/upload-pypi-v4.sam.tza --json

Current Runtime Boundary

The current sandbox runtime already performs the bounded flow:

  1. break seal inside the gateway boundary
  2. validate actor, target action, and constraints
  3. open an ephemeral gateway session
  4. proxy secret use through a local runtime adapter
  5. destroy the session
  6. emit a sealed receipt

Current local adapters:

  • upload_package to /upload/pypi
  • proxy_external_call to /proxy/http via a real tibet-gateway endpoint
  • a generic bounded fallback executor for other intents

This is enough to prove the runtime shape end-to-end. What still remains for production is not the authority flow itself, but real upstream adapters inside the actual tibet-gateway package.

keychain Coupling

tibet-sam can already validate against a keychain metadata record.

Current checks:

  • secret_id must match
  • leaked exposure states are denied
  • rotation_required=true is denied
  • active_operator_id, when present, must match the SAM actor

This gives SAM a first real bridge into custody state rather than treating secret_id as an ungoverned string.

Release Notes For Package Lift

This package is intentionally small, but already proves:

  • sealed authority materialization
  • direct .tza execution path
  • explicit session lifecycle
  • sealed receipt emission
  • inspect and verify operator surfaces
  • keychain-aware validation
  • policy-lane and receipt semantics
  • one real tibet-gateway proxy adapter path

What is still production-later:

  • real upstream adapters inside tibet-gateway
  • richer keychain storage and rotation backends
  • deeper policy lanes and revocation handling

Intended next steps

  • move the sandbox runtime shape into real tibet-gateway boundary hooks
  • deepen destroy-session semantics around real external adapters
  • add receipt correlation and policy-lane explain views

Short formulation

SAM authorizes the right to perform one bounded act, without releasing the underlying secret.

Enterprise

For private hub hosting, SLA support, custom integrations, or compliance guidance:

Enterprise enterprise@humotica.com
Support support@humotica.com
Security security@humotica.com

License

MIT

Credits

Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.


Stack-positie: Groep safety · Bootstrap = OSAPI-handshake naar tibet + jis (fail → snaft-rule + tibet-pol-rapport) · ← tibet-keychain · tibet-gateway → · See STACK.md · See demo/golden-path/ for the spine end-to-end.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tibet_sam-0.1.3.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tibet_sam-0.1.3-py3-none-any.whl (16.6 kB view details)

Uploaded Python 3

File details

Details for the file tibet_sam-0.1.3.tar.gz.

File metadata

  • Download URL: tibet_sam-0.1.3.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for tibet_sam-0.1.3.tar.gz
Algorithm Hash digest
SHA256 9da520a164ea0c6405290f1deb3238978c0f4dbce092549bb1b5fa41a82babd3
MD5 5054f700a1db670fb634b5c6bfa3f3a9
BLAKE2b-256 4282973fd47c8c663614af5f6f971b407b52b03b95bef492d7a99902e3b8195b

See more details on using hashes here.

File details

Details for the file tibet_sam-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: tibet_sam-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 16.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for tibet_sam-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 e2d9366fb8a4adb31a472f5889509d15ef5be924e234a47f09ee28a62ebf82c0
MD5 1e076b5ce2537e14d91f891877202351
BLAKE2b-256 414d92d5991efa78b3bc1f61989f4862986074ecdbc2a564d5d8177cc1293ef0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page