@gitgov/core 1.4.0 → 1.5.1

package/dist/src/index.d.ts

@@ -2585,10 +2585,6 @@ declare class ProjectAdapter implements IProjectAdapter {
      * [EARS-3] Processes blueprint template JSON with schema validation creating cycles and tasks
      */
     processBlueprintTemplate(templatePath: string, projectContext: ProjectContext): Promise<TemplateProcessingResult>;
-    /**
-     * Sets up Kiro IDE integration by always copying GitGovernance hooks
-     */
-    private setupKiroIntegration;
     /**
      * [EARS-4] Cleans up partial setup artifacts if initialization fails
      */
@@ -2606,6 +2602,7 @@ declare class ProjectAdapter implements IProjectAdapter {
      */
     generateProjectReport(): Promise<ProjectReport>;
     private createDirectoryStructure;
+    private copyAgentPrompt;
     private generateProjectId;
     private persistConfiguration;
     private initializeSession;
@@ -2697,6 +2694,13 @@ declare function calculatePayloadChecksum(payload: GitGovRecordPayload): string;
 /**
  * Generates a new Ed25519 key pair.
  * @returns A promise that resolves to an object with publicKey and privateKey in base64 format.
+ *
+ * The publicKey is the raw Ed25519 key (32 bytes -> 44 chars in base64).
+ * The privateKey is stored in PKCS8 PEM format for compatibility.
+ *
+ * Note: Node.js crypto does not support 'raw' format directly for Ed25519,
+ * so we extract the raw 32-byte key from the SPKI DER encoding (RFC 8410).
+ * SPKI DER structure: [algorithm identifier (12 bytes)] + [raw public key (32 bytes)]
  */
 declare function generateKeys(): Promise<{
     publicKey: string;
@@ -2708,6 +2712,8 @@ declare function generateKeys(): Promise<{
 declare function signPayload(payload: GitGovRecordPayload, privateKey: string, keyId: string, role: string, notes: string): Signature;
 /**
  * Verifies all signatures on a record.
+ *
+ * Reconstructs SPKI DER format from raw Ed25519 key for verification.
  */
 declare function verifySignatures(record: {
     header: {

package/dist/src/index.js

@@ -5,7 +5,7 @@ import { promises, existsSync, constants } from 'fs';
 import * as yaml from 'js-yaml';
 import { generateKeyPair, createHash, sign, verify } from 'crypto';
 import { promisify } from 'util';
-import * as pathUtils from 'path';
+import * as path from 'path';
 import { EventEmitter } from 'events';
 
 var __defProp = Object.defineProperty;
@@ -2672,11 +2672,13 @@ var logger2 = createLogger("[CryptoModule] ");
 var generateKeyPairAsync = promisify(generateKeyPair);
 async function generateKeys() {
   const { publicKey, privateKey } = await generateKeyPairAsync("ed25519", {
-    publicKeyEncoding: { type: "spki", format: "pem" },
+    publicKeyEncoding: { type: "spki", format: "der" },
     privateKeyEncoding: { type: "pkcs8", format: "pem" }
   });
+  const rawPublicKey = publicKey.subarray(-32);
   return {
-    publicKey: Buffer.from(publicKey).toString("base64"),
+    publicKey: rawPublicKey.toString("base64"),
+    // 32 bytes -> 44 chars
     privateKey: Buffer.from(privateKey).toString("base64")
   };
 }
@@ -2700,20 +2702,36 @@ function signPayload(payload, privateKey, keyId, role, notes) {
 }
 async function verifySignatures(record, getActorPublicKey) {
   for (const signature of record.header.signatures) {
-    const publicKey = await getActorPublicKey(signature.keyId);
-    if (!publicKey) {
+    const publicKeyBase64 = await getActorPublicKey(signature.keyId);
+    if (!publicKeyBase64) {
       logger2.warn(`Public key not found for actor: ${signature.keyId}`);
       return false;
     }
     const digest = `${record.header.payloadChecksum}:${signature.keyId}:${signature.role}:${signature.notes}:${signature.timestamp}`;
     const digestHash = createHash("sha256").update(digest).digest();
+    const algorithmIdentifier = Buffer.from([
+      48,
+      42,
+      48,
+      5,
+      6,
+      3,
+      43,
+      101,
+      112,
+      3,
+      33,
+      0
+    ]);
+    const rawPublicKey = Buffer.from(publicKeyBase64, "base64");
+    const spkiPublicKey = Buffer.concat([algorithmIdentifier, rawPublicKey]);
     const isValid = verify(
       null,
       digestHash,
       {
-        key: Buffer.from(publicKey, "base64"),
+        key: spkiPublicKey,
         type: "spki",
-        format: "pem"
+        format: "der"
       },
       Buffer.from(signature.signature, "base64")
     );
@@ -2975,8 +2993,8 @@ var ConfigManager = class _ConfigManager {
   configPath;
   sessionPath;
   constructor(projectRootPath = _ConfigManager.findProjectRoot() || process.cwd()) {
-    this.configPath = pathUtils.join(projectRootPath, ".gitgov", "config.json");
-    this.sessionPath = pathUtils.join(projectRootPath, ".gitgov", ".session.json");
+    this.configPath = path.join(projectRootPath, ".gitgov", "config.json");
+    this.sessionPath = path.join(projectRootPath, ".gitgov", ".session.json");
   }
   /**
    * Load GitGovernance configuration
@@ -3066,14 +3084,14 @@ var ConfigManager = class _ConfigManager {
     }
     lastSearchPath = startPath;
     let currentPath = startPath;
-    while (currentPath !== pathUtils.parse(currentPath).root) {
-      if (existsSync(pathUtils.join(currentPath, ".git"))) {
+    while (currentPath !== path.parse(currentPath).root) {
+      if (existsSync(path.join(currentPath, ".git"))) {
         projectRoot = currentPath;
         return projectRoot;
       }
-      currentPath = pathUtils.dirname(currentPath);
+      currentPath = path.dirname(currentPath);
     }
-    if (existsSync(pathUtils.join(currentPath, ".git"))) {
+    if (existsSync(path.join(currentPath, ".git"))) {
       projectRoot = currentPath;
       return projectRoot;
     }
@@ -3087,23 +3105,23 @@ var ConfigManager = class _ConfigManager {
    */
   static findGitgovRoot(startPath = process.cwd()) {
     let currentPath = startPath;
-    while (currentPath !== pathUtils.parse(currentPath).root) {
-      if (existsSync(pathUtils.join(currentPath, ".gitgov"))) {
+    while (currentPath !== path.parse(currentPath).root) {
+      if (existsSync(path.join(currentPath, ".gitgov"))) {
         return currentPath;
       }
-      currentPath = pathUtils.dirname(currentPath);
+      currentPath = path.dirname(currentPath);
     }
-    if (existsSync(pathUtils.join(currentPath, ".gitgov"))) {
+    if (existsSync(path.join(currentPath, ".gitgov"))) {
       return currentPath;
     }
     currentPath = startPath;
-    while (currentPath !== pathUtils.parse(currentPath).root) {
-      if (existsSync(pathUtils.join(currentPath, ".git"))) {
+    while (currentPath !== path.parse(currentPath).root) {
+      if (existsSync(path.join(currentPath, ".git"))) {
         return currentPath;
       }
-      currentPath = pathUtils.dirname(currentPath);
+      currentPath = path.dirname(currentPath);
     }
-    if (existsSync(pathUtils.join(currentPath, ".git"))) {
+    if (existsSync(path.join(currentPath, ".git"))) {
       return currentPath;
     }
     return null;
@@ -3116,7 +3134,7 @@ var ConfigManager = class _ConfigManager {
     if (!root) {
       throw new Error("Could not find project root. Make sure you are inside a GitGovernance repository.");
     }
-    return pathUtils.join(root, ".gitgov");
+    return path.join(root, ".gitgov");
   }
   /**
    * Checks if current directory is a GitGovernance project
@@ -3145,12 +3163,12 @@ var RecordStore = class {
       throw new Error("Could not find project root. RecordStore requires a valid project root.");
     }
     this.recordType = recordType;
-    this.recordsDir = pathUtils.join(foundRoot, ".gitgov", this.recordType);
+    this.recordsDir = path.join(foundRoot, ".gitgov", this.recordType);
     this.fs = fsDeps;
   }
   getRecordPath(recordId) {
     const safeId = recordId.replace(/:/g, "_");
-    return pathUtils.join(this.recordsDir, `${safeId}.json`);
+    return path.join(this.recordsDir, `${safeId}.json`);
   }
   async ensureDirExists() {
     await this.fs.mkdir(this.recordsDir, { recursive: true });
@@ -6251,7 +6269,7 @@ var FileIndexerAdapter = class {
    * Writes cache data to file (Phase 1: JSON)
    */
   async writeCacheFile(indexData) {
-    const cacheDir = pathUtils.dirname(this.cachePath);
+    const cacheDir = path.dirname(this.cachePath);
     await promises.mkdir(cacheDir, { recursive: true });
     const jsonContent = JSON.stringify(indexData, null, 2);
     await promises.writeFile(this.cachePath, jsonContent, "utf-8");
@@ -6405,10 +6423,10 @@ var FileIndexerAdapter = class {
       let recentActivity = "Task created";
       try {
         let projectRoot2 = process.cwd();
-        while (!fs.existsSync(pathUtils.join(projectRoot2, ".gitgov")) && projectRoot2 !== "/") {
-          projectRoot2 = pathUtils.dirname(projectRoot2);
+        while (!fs.existsSync(path.join(projectRoot2, ".gitgov")) && projectRoot2 !== "/") {
+          projectRoot2 = path.dirname(projectRoot2);
         }
-        const taskFilePath = pathUtils.join(projectRoot2, ".gitgov", "tasks", `${task.id}.json`);
+        const taskFilePath = path.join(projectRoot2, ".gitgov", "tasks", `${task.id}.json`);
         const stats = await promises.stat(taskFilePath);
         const fileModTime = stats.mtime.getTime();
         const creationTime = this.getTimestampFromId(task.id) * 1e3;
@@ -6532,8 +6550,9 @@ var ProjectAdapter = class {
         throw new Error(`Environment validation failed: ${envValidation.warnings.join(", ")}`);
       }
       const projectRoot2 = process.env["GITGOV_ORIGINAL_DIR"] || process.cwd();
-      const gitgovPath = pathUtils.join(projectRoot2, ".gitgov");
+      const gitgovPath = path.join(projectRoot2, ".gitgov");
       await this.createDirectoryStructure(gitgovPath);
+      await this.copyAgentPrompt(gitgovPath);
       const actor = await this.identityAdapter.createActor(
         {
           type: "human",
@@ -6586,7 +6605,6 @@ var ProjectAdapter = class {
       await this.persistConfiguration(config, gitgovPath);
       await this.initializeSession(actor.id, gitgovPath);
       await this.setupGitIntegration(projectRoot2);
-      await this.setupKiroIntegration(projectRoot2);
       const initializationTime = Date.now() - startTime;
       return {
         success: true,
@@ -6596,7 +6614,7 @@ var ProjectAdapter = class {
         actor: {
           id: actor.id,
           displayName: actor.displayName,
-          publicKeyPath: pathUtils.join(gitgovPath, "actors", `${actor.id}.json`)
+          publicKeyPath: path.join(gitgovPath, "actors", `${actor.id}.json`)
         },
         template: templateResult ? {
           processed: true,
@@ -6623,7 +6641,7 @@ var ProjectAdapter = class {
     const warnings = [];
     const suggestions = [];
     try {
-      const gitPath = pathUtils.join(targetPath, ".git");
+      const gitPath = path.join(targetPath, ".git");
       const isGitRepo = existsSync(gitPath);
       if (!isGitRepo) {
         warnings.push(`Not a Git repository in directory: ${targetPath}`);
@@ -6631,7 +6649,7 @@ var ProjectAdapter = class {
       }
       let hasWritePermissions = false;
       try {
-        const testFile = pathUtils.join(targetPath, ".gitgov-test");
+        const testFile = path.join(targetPath, ".gitgov-test");
         await promises.writeFile(testFile, "test");
         await promises.unlink(testFile);
         hasWritePermissions = true;
@@ -6639,7 +6657,7 @@ var ProjectAdapter = class {
         warnings.push("No write permissions in target directory");
         suggestions.push("Ensure you have write permissions in the target directory");
       }
-      const gitgovPath = pathUtils.join(targetPath, ".gitgov");
+      const gitgovPath = path.join(targetPath, ".gitgov");
       let isAlreadyInitialized = false;
       try {
         await promises.access(gitgovPath);
@@ -6728,59 +6746,13 @@ var ProjectAdapter = class {
       ]);
     }
   }
-  /**
-   * Sets up Kiro IDE integration by always copying GitGovernance hooks
-   */
-  async setupKiroIntegration(projectRoot2) {
-    const kiroDir = pathUtils.join(projectRoot2, ".kiro");
-    const kiroHooksDir = pathUtils.join(kiroDir, "hooks");
-    try {
-      await promises.mkdir(kiroHooksDir, { recursive: true });
-    } catch {
-    }
-    const sourceHooksDir = pathUtils.join(ConfigManager.findProjectRoot() || process.cwd(), ".kiro/hooks");
-    try {
-      await promises.access(sourceHooksDir);
-      const essentialHooks = [
-        "gitgov-auto-indexer.kiro.hook",
-        "git-diagnostics-commit.kiro.hook",
-        "gitgov-file-analyzer.kiro.hook",
-        "code-quality-analyzer.kiro.hook",
-        "gitgov-quick-status.kiro.hook",
-        "gitgov-task-creator.kiro.hook",
-        "gitgov-work-session.kiro.hook"
-      ];
-      let copiedHooks = 0;
-      for (const hookFile of essentialHooks) {
-        try {
-          const sourcePath = pathUtils.join(sourceHooksDir, hookFile);
-          const targetPath = pathUtils.join(kiroHooksDir, hookFile);
-          await promises.copyFile(sourcePath, targetPath);
-          copiedHooks++;
-        } catch {
-        }
-      }
-      try {
-        const sourceGitgovPath = pathUtils.join(ConfigManager.findProjectRoot() || process.cwd(), ".gitgov/gitgov");
-        const targetGitgovPath = pathUtils.join(projectRoot2, ".gitgov/gitgov");
-        await promises.copyFile(sourceGitgovPath, targetGitgovPath);
-        await promises.chmod(targetGitgovPath, 493);
-        console.log(`\u{1F4CB} GitGovernance executable copied to .gitgov/gitgov`);
-      } catch {
-      }
-      if (copiedHooks > 0) {
-        console.log(`\u{1F527} Kiro IDE Integration: ${copiedHooks} GitGovernance hooks installed`);
-      }
-    } catch {
-    }
-  }
   /**
    * [EARS-4] Cleans up partial setup artifacts if initialization fails
    */
   async rollbackPartialSetup(setupId) {
     try {
       const projectRoot2 = process.env["GITGOV_ORIGINAL_DIR"] || process.cwd();
-      const gitgovPath = pathUtils.join(projectRoot2, ".gitgov");
+      const gitgovPath = path.join(projectRoot2, ".gitgov");
       try {
         await promises.access(gitgovPath);
         await promises.rm(gitgovPath, { recursive: true, force: true });
@@ -6844,18 +6816,28 @@ var ProjectAdapter = class {
     ];
     await promises.mkdir(gitgovPath, { recursive: true });
     for (const dir of directories) {
-      await promises.mkdir(pathUtils.join(gitgovPath, dir), { recursive: true });
+      await promises.mkdir(path.join(gitgovPath, dir), { recursive: true });
+    }
+  }
+  async copyAgentPrompt(gitgovPath) {
+    try {
+      const sourcePrompt = path.join(ConfigManager.findProjectRoot() || process.cwd(), "docs/gitgov_agent_prompt.md");
+      const targetPrompt = path.join(gitgovPath, "gitgov");
+      await promises.copyFile(sourcePrompt, targetPrompt);
+      console.log(`\u{1F4CB} @gitgov agent prompt copied to .gitgov/gitgov`);
+    } catch {
+      console.warn("Warning: Could not copy @gitgov agent prompt. Project will work but AI assistant may not have local instructions.");
     }
   }
   generateProjectId(name) {
     return name.toLowerCase().replace(/[^a-z0-9]/g, "-").replace(/-+/g, "-");
   }
   async persistConfiguration(config, gitgovPath) {
-    const configPath = pathUtils.join(gitgovPath, "config.json");
+    const configPath = path.join(gitgovPath, "config.json");
     await promises.writeFile(configPath, JSON.stringify(config, null, 2), "utf-8");
   }
   async initializeSession(actorId, gitgovPath) {
-    const sessionPath = pathUtils.join(gitgovPath, ".session.json");
+    const sessionPath = path.join(gitgovPath, ".session.json");
     const session = {
       lastSession: {
         actorId,
@@ -6870,7 +6852,7 @@ var ProjectAdapter = class {
     await promises.writeFile(sessionPath, JSON.stringify(session, null, 2), "utf-8");
   }
   async setupGitIntegration(projectRoot2) {
-    const gitignorePath = pathUtils.join(projectRoot2, ".gitignore");
+    const gitignorePath = path.join(projectRoot2, ".gitignore");
     const gitignoreContent = `
 # GitGovernance
 .gitgov/.session.json
@@ -8983,14 +8965,14 @@ var DiagramGenerator = class {
    * Loads all cycle records from the filesystem
    */
   async loadCycleRecords(gitgovPath) {
-    const cyclesDir = pathUtils.join(gitgovPath, "cycles");
+    const cyclesDir = path.join(gitgovPath, "cycles");
     try {
       const files = await promises.readdir(cyclesDir);
       const jsonFiles = files.filter((file) => file.endsWith(".json"));
       const cycles = [];
       for (const file of jsonFiles) {
         try {
-          const filePath = pathUtils.join(cyclesDir, file);
+          const filePath = path.join(cyclesDir, file);
           const content = await promises.readFile(filePath, "utf-8");
           const record = JSON.parse(content);
           if (record.payload && record.payload.id) {
@@ -9019,14 +9001,14 @@ var DiagramGenerator = class {
    * Loads all task records from the filesystem
    */
   async loadTaskRecords(gitgovPath) {
-    const tasksDir = pathUtils.join(gitgovPath, "tasks");
+    const tasksDir = path.join(gitgovPath, "tasks");
     try {
       const files = await promises.readdir(tasksDir);
       const jsonFiles = files.filter((file) => file.endsWith(".json"));
       const tasks = [];
       for (const file of jsonFiles) {
         try {
-          const filePath = pathUtils.join(tasksDir, file);
+          const filePath = path.join(tasksDir, file);
           const content = await promises.readFile(filePath, "utf-8");
           const record = JSON.parse(content);
           if (record.payload && record.payload.id) {