tibet 2.0.1

TIBET - The Trust Kernel for AI. One install, complete security: provenance, isolation, monitoring, compliance. pip install tibet[full]

tibet

The Trust Kernel for AI. Audit as a precondition, not an afterthought.

Unified CLI for tibet-core provenance, compliance scanning, and trust scoring. One command to document, verify, and audit every AI action.

Install

pip install tibet                # CLI + tibet-core
pip install tibet[audit]         # + compliance scanning (AI Act, NIS2, GDPR)
pip install tibet[forge]         # + trust scoring
pip install tibet[full]          # everything

Quick Start

# Initialize TIBET in your project
tibet init

# Create a provenance token (document BEFORE you act)
tibet create deploy --why "Release v1.0.0" --refs ticket-123

# Verify token integrity
tibet verify <token-id>

# Export audit trail
tibet export --format json

# Run compliance scan
tibet audit

# Check trust score
tibet forge

# Show installed components
tibet status

Commands

Command	Description
tibet init	Initialize .tibet/ directory for local token storage
tibet create <action>	Create provenance token with intent (--why), content (--what), and references (--refs)
tibet verify <id>	Verify a token's cryptographic integrity
tibet export	Export audit trail (JSON, markdown, or summary)
tibet audit	Run compliance health scan — AI Act, NIS2, GDPR (requires tibet[audit])
tibet forge	Run trust score analysis — code quality, security, provenance readiness (requires tibet[forge])
tibet status	Show ecosystem status and installed component versions
tibet version	Show versions of all TIBET components

Creating Tokens

Every token captures four provenance dimensions:

tibet create file_write \
  --why "Fix login bug"          \  # ERACHTER — intent
  --what '{"file":"auth.py"}'    \  # ERIN — content
  --refs issue-123               \  # ERAAN — references
  --actor "jis:dev:alice"           # Who

The token is created BEFORE the action happens. This is structural — provenance that's recorded after the fact is just logging.

TIBET Provenance

Every token records four dimensions:

Dimension	Dutch	Meaning
ERIN	"Er in"	What's IN the action (content, data)
ERAAN	"Er aan"	What's attached (dependencies, references)
EROMHEEN	"Er omheen"	Context around it (environment, state)
ERACHTER	"Er achter"	Intent behind it (why this action)

Ecosystem

tibet is the CLI. The kernel is tibet-core. Together with the rest of the stack:

Layer	Package	What it does
Identity	jis-core	Ed25519 keys, DID documents, bilateral consent
Provenance	tibet-core	TIBET tokens — ERIN/ERAAN/EROMHEEN/ERACHTER
CLI	tibet	tibet create, tibet verify, tibet audit, tibet forge
Firewall	snaft	22 immutable rules, OWASP 20/20, FIR/A trust
Network	ainternet	.aint domains, I-Poll messaging, agent discovery
Compliance	tibet-audit	AI Act, NIS2, GDPR, CRA — 112+ checks
Trust	tibet-forge	Trust scoring and certification
SBOM	tibet-sbom	Supply chain verification with provenance
Triage	tibet-triage	Airlock sandbox, UPIP reproducibility, flare rescue
Secrets	tibet-vault	Time-locked secrets with dead man's switch
Discovery	tibet-ping	LAN discovery, heartbeat, mesh relay

Standards

IETF Standardization

• draft-vandemeent-tibet-provenance — Traceable Intent-Based Event Tokens
• draft-vandemeent-jis-identity — JTel Identity Standard
• draft-vandemeent-upip-process-integrity — Universal Process Integrity Protocol
• draft-vandemeent-rvp-continuous-verification — Real-time Verification Protocol
• draft-vandemeent-ains-discovery — AInternet Name Service

Regulatory

Regulation	TIBET provides
EU AI Act	Automated decision traceability, transparency
EU CRA	Build provenance, SBOM accountability
GDPR Art. 22	Consent proof, decision audit trail
NIS2	Continuous logging, incident snapshots

CRA enforcement starts September 2026. TIBET makes compliance architectural, not bolted-on.

License

MIT

Credits

Designed by Jasper van de Meent. Built by Jasper and Root AI as part of HumoticaOS.

One love, one fAmIly.