Cryptographic State Snapshots & Rollback — TIBET-sealed system state with verifiable rollback after incidents
Project description
tibet-snap — Cryptographic State Snapshots & Rollback
After a breach (Odido leak, Politie cookies hack, ransomware), the first question is: what changed, and how do we get back to a trustworthy state?
tibet-snap creates cryptographically sealed snapshots of system state using TIBET provenance tokens. Each snapshot captures file paths, SHA-256 hashes, timestamps, sizes and permissions — forming an immutable chain of system states.
What it does
- Snapshot — Capture the current state of files and directories as a TIBET-sealed record
- Compare — Diff two snapshots to see exactly what was added, removed, or modified
- Verify — Re-hash every file and confirm the snapshot is still intact
- Rollback plan — Auto-generate a rollback plan with restore/remove/revert actions
- Provenance — Every operation (create, verify, compare, rollback) is a linked TIBET token
Install
pip install tibet-snap
Usage
from tibet_snap import SnapEngine, Snapshot, SnapshotDiff
engine = SnapEngine(store_dir=".tibet-snap")
# Create a snapshot of /etc/nginx
snap = engine.create_snapshot("pre-deploy", paths=["/etc/nginx"])
# Later: create another snapshot
snap2 = engine.create_snapshot("post-deploy", paths=["/etc/nginx"])
# Compare
diff = engine.compare(snap.id, snap2.id)
print(f"Modified: {len(diff.modified)}, Added: {len(diff.added)}, Removed: {len(diff.removed)}")
print(f"Drift score: {diff.drift_score}")
# Verify integrity
ok = engine.verify(snap.id)
# Generate rollback plan
plan = engine.rollback_plan(snap.id)
for action in plan:
print(f" {action['action']}: {action['path']}")
CLI
# Concept overview
tibet-snap info
# Create a snapshot
tibet-snap create pre-deploy /etc/nginx /etc/ssl
# List all snapshots
tibet-snap list
# Compare two snapshots
tibet-snap compare <id_a> <id_b>
# Verify snapshot integrity
tibet-snap verify <id>
# Interactive demo: create → hack → compare → rollback
tibet-snap demo
TIBET Provenance
Every operation creates a linked SnapToken:
| Layer | Content |
|---|---|
| ERIN | Snapshot content (paths, hashes) |
| ERAAN | Parent snapshot, dependencies |
| EROMHEEN | Hostname, timestamp, actor |
| ERACHTER | Intent (create/verify/compare/rollback) |
Tokens are chained: each new token references its parent, forming a tamper-evident audit trail of all snapshot operations.
License
MIT — Humotica / J. van de Meent
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tibet_snap-0.1.0.tar.gz.
File metadata
- Download URL: tibet_snap-0.1.0.tar.gz
- Upload date:
- Size: 12.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6d02d946743e1c476c5a16697313d2043178cc7dbfb1c4c083ef45d8fb33e529
|
|
| MD5 |
da7b34e1637ae2fb6c1b97a01bb52faf
|
|
| BLAKE2b-256 |
4e116c975f0ec2b343dd069fc9e5d4704b05ba2eae6c8fc1bb9fa7b87ced5000
|
File details
Details for the file tibet_snap-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tibet_snap-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7bd79f52c9a4913c81786e95a212dd934256279782ef732c9af1b1906c50eb3a
|
|
| MD5 |
c2a019323bcbb0cfd2f018ef74b79cf5
|
|
| BLAKE2b-256 |
0a40f31e0a103ed028e9be6709170f0e18b352ed0f82551a8385607c0c55ee54
|
