tibet-workload 0.1.0

Workload Attestation & Step Tracking — prove what ran, where, why, and catch compromised nodes

tibet-workload

Workload Attestation & Step Tracking — prove what ran, where, why, and catch compromised nodes.

Part of the TIBET protocol suite by Humotica AI Lab.

The Problem

Relay station 3 is hacked. A delivery drone changes course. An AI pipeline ingests poisoned data. How do you know what happened?

Current solutions tell you who had access. They can't tell you what each step actually did — with cryptographic proof.

The Solution

tibet-workload tracks every step of every pipeline as a TIBET token:

[dispatch] → [relay] → [drone] → [deliver] → [confirm]
   ↓            ↓          ↓          ↓           ↓
  TIBET       TIBET      TIBET      TIBET       TIBET
  token       token      token      token       token

If any step is compromised, the chain breaks. You see exactly:

• WHAT happened (input/output hashes)
• WHO executed it (JIS DID / SPIFFE ID)
• WHERE it ran (node attestation)
• WHY it ran (intent tracking)

Install

pip install tibet-workload

# With SPIFFE integration:
pip install tibet-workload[spiffe]

Quick Start

from tibet_workload import WorkloadEngine

engine = WorkloadEngine(actor="jis:relay-3")

# Create a workload pipeline
wl = engine.create("drone-delivery-42", owner="jis:dispatch")

# Define steps
engine.add_step(wl.workload_id, "receive_order", intent="Accept delivery order")
engine.add_step(wl.workload_id, "navigate", intent="Navigate to destination")
engine.add_step(wl.workload_id, "deliver", intent="Execute delivery")

# Execute with provenance
engine.start_step(wl.workload_id, "receive_order",
                  input_data={"order": "PKG-42", "dest": "Amsterdam"})
engine.complete_step(wl.workload_id, "receive_order",
                     output_data={"accepted": True})

# Verify chain integrity
chain = engine.verify_chain(wl.workload_id)
print(chain["valid"])  # True (or False if compromised)

Compromise Detection

# If a step's input was tampered with:
engine.complete_step(wl.workload_id, "relay_command",
                     output_data={"forwarded": True},
                     verify_input=tampered_data)
# → Step marked COMPROMISED
# → Workload marked COMPROMISED
# → TIBET token records exactly what happened

CLI

# Full demo (drone + AI + SPIFFE scenarios)
tibet-workload demo

# Specific scenario
tibet-workload demo --scenario drone    # Compromised relay station
tibet-workload demo --scenario ai       # AI pipeline provenance
tibet-workload demo --scenario spiffe   # SPIFFE integration

Use Cases

Military/Defense — Drone Swarm

command → relay-1 → relay-2 → relay-3(HACKED) → drone-swarm
                                  ↑
                            Chain breaks here.
                            Exact tampered data recorded.

AI Pipeline — Data Provenance

data source → preprocessing → model → fact-check → output
     ↓              ↓           ↓         ↓          ↓
  "Where did     "What was    "Which    "Against   "Who
   this data      cleaned?"   model?"   what?"     reviewed?"
   come from?"

Delivery/Logistics — Chain of Custody

warehouse → sort → load → transit → deliver → confirm

Financial — Payment Pipeline

validate → authorize → process → settle → audit

SPIFFE Integration

from tibet_spiffe import AttestationEngine
from tibet_workload import WorkloadEngine

# Connect SPIFFE for workload identity
spiffe = AttestationEngine(trust_domain="humotica.com")
engine = WorkloadEngine()
engine.connect_spiffe(spiffe)

# Now each step gets SPIFFE-attested identity + TIBET provenance

IETF Drafts

• TIBET Provenance
• JIS Identity

License

MIT — Humotica AI Lab 2025-2026