@modelstatus/cli 0.1.0

package/src/index.js

@@ -0,0 +1,337 @@
+#!/usr/bin/env node
+import path from "node:path";
+import { resolveAuth, loadConfig, saveConfig, clearAuth, configFilePath } from "./config.js";
+import { createClient } from "./api.js";
+import { collectFrom, availability, ALL_SOURCE_IDS } from "./sources/index.js";
+import { loginViaBrowser } from "./auth.js";
+
+function parseArgs(argv) {
+  const flags = {};
+  const positional = [];
+  const valueFlags = new Set([
+    "api", "key", "project", "dir",
+    "sources", "region", "namespace", "kube-context", "db", "sql-table", "env",
+  ]);
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a.startsWith("--")) {
+      const name = a.slice(2);
+      if (valueFlags.has(name)) flags[name] = argv[++i];
+      else flags[name] = true;
+    } else positional.push(a);
+  }
+  if (flags.ci) {
+    flags.yes = true;
+    flags.json = true;
+  }
+  return { positional, flags };
+}
+
+const uuidish = (s) => /^[0-9a-f]{8}-[0-9a-f]{4}-/i.test(s || "");
+
+/** Resolve the requested sources: default filesystem, "all", or a comma list. */
+function parseSources(flags) {
+  const raw = (flags.sources || "").trim();
+  if (!raw) return ["filesystem"];
+  if (raw === "all") return ALL_SOURCE_IDS;
+  return raw.split(",").map((s) => s.trim()).filter(Boolean);
+}
+
+/** Per-source options gathered from flags (region/namespace/db/…). */
+function scanOpts(flags, dir) {
+  return {
+    root: dir,
+    region: flags.region,
+    namespace: flags.namespace,
+    kubeContext: flags["kube-context"],
+    db: flags.db,
+    sqlTable: flags["sql-table"],
+    env: flags.env,
+  };
+}
+
+async function cmdLogin(positional, flags) {
+  const key = positional[1] || flags.key;
+  const { apiBase } = resolveAuth(flags);
+  if (key) {
+    // Paste path: validate + save.
+    const client = createClient({ apiBase, apiKey: key });
+    const me = await client.me();
+    const cfg = loadConfig();
+    cfg.apiKey = key;
+    cfg.apiBase = apiBase;
+    saveConfig(cfg);
+    console.log(`✓ Logged in to "${me.account.name}" (${apiBase}).`);
+    console.log(`  Saved to ${configFilePath}`);
+    return;
+  }
+  // Browser path: open + poll.
+  await loginViaBrowser({ apiBase });
+}
+
+async function cmdSignup(_positional, flags) {
+  const { apiBase } = resolveAuth(flags);
+  await loginViaBrowser({ apiBase, signup: true });
+}
+
+function cmdLogout() {
+  clearAuth();
+  console.log("✓ Signed out (API key removed). Run `mm login` to sign back in.");
+}
+
+async function cmdUpgrade(_positional, flags) {
+  const { apiBase, apiKey } = resolveAuth(flags);
+  if (!apiKey) {
+    console.error("No API key. Run `mm login` first.");
+    process.exit(1);
+  }
+  const client = createClient({ apiBase, apiKey });
+  const { upgradeViaBrowser } = await import("./upgrade.js");
+  const plan = await upgradeViaBrowser({ client });
+  if (!plan) {
+    console.error("Upgrade not detected (timed out). Run `mm upgrade` again if you completed checkout.");
+    process.exit(1);
+  }
+}
+
+async function launchTui(initialView, flags) {
+  let { apiBase, apiKey } = resolveAuth(flags);
+  if (!apiKey) {
+    console.error("Not signed in — starting browser login…");
+    ({ apiKey } = await loginViaBrowser({ apiBase }));
+  }
+  const dir = path.resolve(flags.dir || ".");
+  const { runApp } = await import("./tui/app.js");
+  await runApp({ apiBase, apiKey, dir, initialView });
+}
+
+async function cmdScan(positional, flags) {
+  const dir = path.resolve(positional[1] || ".");
+  const { apiBase, apiKey } = resolveAuth(flags);
+  if (!apiKey) {
+    console.error("No API key. Run `mm login` or pass --key.");
+    process.exit(1);
+  }
+  const interactive = !flags.yes && !flags.json && process.stdout.isTTY;
+  if (interactive) {
+    const { runApp } = await import("./tui/app.js");
+    await runApp({ apiBase, apiKey, dir, initialView: "scan" });
+    return;
+  }
+
+  // Non-interactive (CI / --json / --yes): scan + bulk upload, no TUI.
+  const client = createClient({ apiBase, apiKey });
+  const sources = parseSources(flags);
+  const opts = scanOpts(flags, dir);
+
+  // Report which sources will actually run (tool/creds/flags present).
+  const avail = await availability(sources, opts);
+  for (const a of avail) {
+    if (!a.known) process.stderr.write(`! unknown source "${a.id}" — skipped\n`);
+    else if (!a.available) process.stderr.write(`! ${a.id} unavailable (tool, creds, or flags missing) — skipped\n`);
+  }
+  const active = avail.filter((a) => a.available).map((a) => a.id);
+  process.stderr.write(`Scanning [${active.join(", ") || "none"}] …\n`);
+
+  const patterns = await client.detectionPatterns();
+  const candidates = await collectFrom(sources, opts, patterns);
+  if (candidates.length === 0) {
+    console.log("No model usage found.");
+    return;
+  }
+
+  const uniq = [...new Set(candidates.map((c) => c.model_string))];
+  const resolved = uniq.length ? (await client.resolve(uniq)).data : [];
+  const byStr = new Map(resolved.map((r) => [r.input.toLowerCase(), r]));
+  const seenRows = new Set();
+  const rows = candidates
+    .map((c) => {
+      const r = byStr.get(c.model_string.toLowerCase());
+      return { ...c, model_id: r?.model_id ?? null, display: r?.model_id ? r.display : c.model_string };
+    })
+    .filter((r) => {
+      const k = `${r.model_id ?? "custom:" + r.model_string}|${r.location_label}`;
+      if (seenRows.has(k)) return false;
+      seenRows.add(k);
+      return true;
+    });
+
+  const usages = rows.map((r) => ({
+    model_id: r.model_id ?? undefined,
+    custom_model_name: r.model_id ? undefined : r.model_string,
+    environment: r.environment,
+    location_label: r.location_label,
+    source_path: r.source_path,
+    source_line: r.source_line ?? undefined,
+  }));
+
+  // --dry-run: show exactly what WOULD upload (secret-source safety check).
+  if (flags["dry-run"]) {
+    if (flags.json) {
+      console.log(JSON.stringify({ scanned: rows.length, would_upload: usages, sources: avail }, null, 2));
+    } else {
+      const types = [...new Set(rows.map((r) => r.source_type))].join(", ");
+      console.log(`Dry run — ${rows.length} usage(s) found across [${types}]. Nothing uploaded:`);
+      for (const r of rows.slice(0, 60)) console.log(`  ${(r.display || r.model_string).padEnd(28)} ${r.location_label}  (${r.environment})`);
+      if (rows.length > 60) console.log(`  …and ${rows.length - 60} more`);
+    }
+    return;
+  }
+
+  let projectId = null;
+  const projects = (await client.listProjects()).data;
+  if (flags.project) {
+    projectId = uuidish(flags.project)
+      ? flags.project
+      : projects.find((p) => p.name === flags.project || p.slug === flags.project)?.id;
+    if (!projectId) projectId = (await client.createProject(flags.project)).id;
+  } else {
+    projectId = projects[0]?.id ?? (await client.createProject(path.basename(dir))).id;
+  }
+
+  const res = await client.bulkUpload(projectId, usages);
+  if (flags.json) {
+    console.log(
+      JSON.stringify(
+        { scanned: rows.length, uploaded: usages.length, sources: avail.map((a) => ({ id: a.id, available: a.available })), ...res },
+        null,
+        2,
+      ),
+    );
+  } else {
+    console.log(
+      `✓ ${rows.length} usage(s) found · uploaded ${usages.length} → ${res.created} created, ${res.updated} updated, ${res.failed} failed.`,
+    );
+  }
+}
+
+/** List detection sources and whether each can run right now. */
+async function cmdSources(_positional, flags) {
+  const dir = path.resolve(flags.dir || ".");
+  const report = await availability(ALL_SOURCE_IDS, scanOpts(flags, dir));
+  console.log("Detection sources:");
+  for (const a of report) {
+    console.log(`  ${a.available ? "✓" : "·"} ${a.id.padEnd(13)} ${a.label}${a.available ? "" : "  (unavailable)"}`);
+  }
+  console.log("\nScan with: mm scan --sources env,aws-secrets,k8s,helm,sql   (or --sources all)");
+  console.log("Options:   --region <r> · --namespace <ns> · --kube-context <c> · --db <pg-dsn> --sql-table <t>");
+  console.log("Safety:    secret VALUES never leave your machine — only model ids upload. Use --dry-run to preview.");
+}
+
+/** Offline, account-less health check: pull the signed registry snapshot, scan
+ * here, resolve + score health entirely on-device. The free tier's core value. */
+async function cmdStatus(positional, flags) {
+  const dir = path.resolve(positional[1] || flags.dir || ".");
+  const { getRegistry } = await import("./registry/fetch.js");
+  const { resolveLocal, computeHealth } = await import("./registry/local.js");
+  const snapshot = await getRegistry({ offline: !!flags.offline, log: (m) => process.stderr.write(`! ${m}\n`) });
+
+  const candidates = await collectFrom(parseSources(flags), scanOpts(flags, dir), snapshot.detection);
+  const resolved = resolveLocal(snapshot, [...new Set(candidates.map((c) => c.model_string))]);
+  const byStr = new Map(resolved.map((r) => [r.input.toLowerCase(), r]));
+
+  // Aggregate locations per known model / per custom string.
+  const known = new Map(); // slug -> { model, count }
+  const custom = new Map(); // string -> count
+  for (const c of candidates) {
+    const r = byStr.get(c.model_string.toLowerCase());
+    if (r?.model_slug && r.model) {
+      const e = known.get(r.model_slug) || { model: r.model, count: 0 };
+      e.count++;
+      known.set(r.model_slug, e);
+    } else custom.set(c.model_string, (custom.get(c.model_string) || 0) + 1);
+  }
+
+  const today = new Date();
+  const ICON = { ok: "🟢", deprecating: "🟡", retiring: "🟠", retired: "🔴", custom: "⚪" };
+  const rank = { retired: 0, retiring: 1, deprecating: 2, ok: 3 };
+  const rows = [...known.values()]
+    .map(({ model, count }) => ({ model, count, health: computeHealth(model, 90, today) }))
+    .sort((a, b) => rank[a.health] - rank[b.health] || String(a.model.retires_date || "9999").localeCompare(String(b.model.retires_date || "9999")));
+  const attention = rows.filter((r) => r.health !== "ok");
+
+  if (flags.json) {
+    console.log(JSON.stringify({
+      registry: { version: snapshot.version, generated_at: snapshot.generated_at, models: snapshot.models.length },
+      scanned: dir,
+      references: candidates.length,
+      models: rows.map((r) => ({ slug: r.model.slug, display: r.model.display, health: r.health, retires_date: r.model.retires_date, replacement_slug: r.model.replacement_slug, places: r.count })),
+      custom: [...custom.entries()].map(([name, places]) => ({ name, places })),
+      needs_attention: attention.length,
+    }, null, 2));
+    return;
+  }
+
+  const ageDays = Math.round((today - new Date(snapshot.generated_at)) / 86_400_000);
+  console.log(`LLM Status — registry ${snapshot.version} (${ageDays <= 0 ? "today" : ageDays + "d old"}), ${snapshot.models.length} models`);
+  console.log(`Scanned ${dir}: ${candidates.length} reference(s) → ${known.size} model(s), ${custom.size} custom\n`);
+  if (!rows.length && !custom.size) {
+    console.log("No model usage found here. Try `mm status <dir>`, or `mm scan` to map a whole project.");
+    return;
+  }
+  if (rows.length) {
+    console.log("Models in use:");
+    for (const r of rows) {
+      const tail = r.model.retires_date ? `retires ${r.model.retires_date}` : "";
+      const repl = r.health !== "ok" && r.model.replacement_slug ? ` → ${r.model.replacement_slug}` : "";
+      console.log(`  ${ICON[r.health]} ${r.health.padEnd(11)} ${r.model.slug.padEnd(32)} ${tail.padEnd(20)}${repl}  (${r.count})`);
+    }
+  }
+  if (custom.size) {
+    console.log("\nCustom / unrecognized:");
+    for (const [name, places] of custom) console.log(`  ⚪ ${name}  (${places})`);
+  }
+  if (attention.length) {
+    console.log(`\n⚠ ${attention.length} model(s) need attention before they retire.`);
+    console.log("  Get alerted automatically (email/Slack/SMS): `mm login` then `mm upgrade` — scanning is free, alerting is the paid feature.");
+  } else if (rows.length) {
+    console.log("\n✓ Everything you use is current.");
+  }
+}
+
+const HELP = `LLM Status CLI
+
+Usage:
+  mm                       Launch the TUI (inventory, scan, what's-new, alerts, account)
+  mm status [dir]          Offline model-health check for a dir — no account needed
+  mm login [api_key]       Browser sign-in with polling (or paste a key)
+  mm signup                Create an account in the browser, then poll
+  mm logout                Forget the saved API key
+  mm scan [dir]            Scan for model usage; interactive TUI, or --ci/--json for pipelines
+  mm sources               List detection sources and whether each can run here
+  mm upgrade               Open Stripe checkout and poll until Pro is active
+  mm tui                   Same as bare \`mm\`
+
+Scan sources (--sources, default filesystem; "all" for everything):
+  filesystem  repo files          aws-secrets  AWS Secrets Manager + SSM
+  env         live process env    k8s          kubectl secrets + configmaps
+  sql         psql --db <dsn>     helm         helm release values
+  Secret sources shell out to your already-authenticated CLIs, run read-only,
+  and only ever upload model ids — secret VALUES never leave your machine.
+
+Flags: --api <url> · --key <key> · --project <id|name> · --yes · --json · --ci · --dry-run
+       --sources <list> · --region <r> · --namespace <ns> · --kube-context <c> · --db <dsn> · --sql-table <t>
+
+Get started: \`mm login\` (opens your browser).`;
+
+async function main() {
+  const { positional, flags } = parseArgs(process.argv.slice(2));
+  const cmd = positional[0];
+  try {
+    if (cmd === "login") await cmdLogin(positional, flags);
+    else if (cmd === "signup") await cmdSignup(positional, flags);
+    else if (cmd === "logout") cmdLogout();
+    else if (cmd === "scan") await cmdScan(positional, flags);
+    else if (cmd === "status") await cmdStatus(positional, flags);
+    else if (cmd === "sources") await cmdSources(positional, flags);
+    else if (cmd === "upgrade") await cmdUpgrade(positional, flags);
+    else if (cmd === "tui" || !cmd) await launchTui(positional[1] || "inventory", flags);
+    else if (cmd === "help" || flags.help) console.log(HELP);
+    else console.log(HELP);
+  } catch (e) {
+    console.error(`Error: ${e?.message ?? e}`);
+    process.exit(1);
+  }
+}
+
+main();

package/src/openUrl.js

@@ -0,0 +1,29 @@
+import { spawn } from "node:child_process";
+
+/** Open a URL in the user's default browser, cross-platform. Best-effort: if it
+ * fails we still printed the URL, so the user can open it manually. */
+export function openUrl(url) {
+  // Skip actually launching a browser in tests / headless / CI / SSH sessions —
+  // the URL is always printed, so the user can open it manually.
+  if (process.env.LLMSTATUS_NO_OPEN) return false;
+  const platform = process.platform;
+  let cmd, args;
+  if (platform === "darwin") {
+    cmd = "open";
+    args = [url];
+  } else if (platform === "win32") {
+    cmd = "cmd";
+    args = ["/c", "start", "", url];
+  } else {
+    cmd = "xdg-open";
+    args = [url];
+  }
+  try {
+    const child = spawn(cmd, args, { stdio: "ignore", detached: true });
+    child.on("error", () => {});
+    child.unref();
+    return true;
+  } catch {
+    return false;
+  }
+}

package/src/redact.js

@@ -0,0 +1,28 @@
+/** Mask anything that looks like a secret value before it can be displayed or
+ * uploaded. The product only needs the model id / provider-key NAME / location —
+ * never the secret value. Used by every Candidate emitter; essential for the
+ * secrets/config sources added in PR2. */
+const SECRETY = [
+  /\bsk-[A-Za-z0-9_\-]{12,}/g, // OpenAI-style keys
+  /\b(mm|sk|pk|rk|key|tok|ghp|gho|xox[baprs])[-_][A-Za-z0-9_\-]{12,}/gi,
+  /\bAKIA[0-9A-Z]{16}\b/g, // AWS access key id
+  /\b[A-Za-z0-9+/]{40,}={0,2}\b/g, // long base64-ish blobs
+  /\b[0-9a-f]{32,}\b/gi, // long hex blobs
+];
+
+/** Redact secret-looking substrings, keeping the line readable for context. */
+export function redactValue(s) {
+  if (!s) return s;
+  let out = s;
+  for (const re of SECRETY) out = out.replace(re, "«redacted»");
+  return out;
+}
+
+/** Redact the value half of `KEY=value` / `KEY: value` config lines while
+ * keeping the key (which is what we actually detect on). */
+export function redactConfigLine(line) {
+  return redactValue(line).replace(
+    /(["']?[A-Za-z0-9_.\-]+["']?\s*[:=]\s*)("?)([^"'\s#]{8,})\2/g,
+    (m, k) => `${k}«redacted»`,
+  );
+}

package/src/registry/fetch.js

@@ -0,0 +1,93 @@
+/* Fetch + verify the registry snapshot, with cache + offline fallback + anti-
+ * rollback. Trust chain: pinned root -> keys.json manifest -> latest.json pointer
+ * -> snapshot blob (sha256). Never moves to an older version than we've trusted. */
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { ROOT_PUBLIC_KEYS } from "./root-keys.js";
+import { verifyManifest, verifyPointer, verifyBlob, isNewer } from "./verify.js";
+
+const DEFAULT_BASE = process.env.LLMSTATUS_REGISTRY_URL || "https://cdn.llmstatus.ai";
+const DEFAULT_CACHE = path.join(os.homedir(), ".config", "llmstatus", "registry-cache.json");
+const STALE_DAYS = 30;
+
+async function readUrl(u) {
+  if (u.startsWith("file://")) return fs.readFileSync(fileURLToPath(u));
+  const res = await fetch(u, { redirect: "follow" });
+  if (!res.ok) throw new Error(`GET ${u} -> ${res.status}`);
+  return Buffer.from(await res.arrayBuffer());
+}
+
+function readCache(file) {
+  try {
+    return JSON.parse(fs.readFileSync(file, "utf8"));
+  } catch {
+    return null;
+  }
+}
+
+function writeCache(file, obj) {
+  try {
+    fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+    const tmp = `${file}.${process.pid}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(obj));
+    fs.renameSync(tmp, file); // atomic vs concurrent runs
+  } catch {
+    /* cache is best-effort */
+  }
+}
+
+function warnIfStale(cache, now, log) {
+  const gen = cache?.snapshot?.generated_at;
+  if (!gen) return;
+  const days = (now.getTime() - new Date(gen).getTime()) / 86_400_000;
+  if (days > STALE_DAYS) log(`registry is ${Math.round(days)} days old — run online to refresh.`);
+}
+
+/** Returns a verified snapshot object. Order: try network (verify + cache),
+ * else fall back to the cached snapshot; only ever moves forward in version. */
+export async function getRegistry(opts = {}) {
+  const base = (opts.base || DEFAULT_BASE).replace(/\/$/, "");
+  const cacheFile = opts.cacheFile || DEFAULT_CACHE;
+  const roots = opts.roots || ROOT_PUBLIC_KEYS;
+  const now = opts.now || new Date();
+  const log = opts.log || (() => {});
+  const cache = readCache(cacheFile);
+
+  if (opts.offline) {
+    if (!cache?.snapshot) throw new Error("offline and no cached registry — run once online first.");
+    warnIfStale(cache, now, log);
+    return cache.snapshot;
+  }
+
+  try {
+    const manifest = JSON.parse((await readUrl(`${base}/registry/keys.json`)).toString());
+    const m = verifyManifest(manifest, roots, now);
+    // Anti-rollback: never accept an older manifest than the one we last trusted.
+    if (cache?.manifestVersion && isNewer(cache.manifestVersion, m.version)) throw new Error("manifest rollback");
+
+    const pointer = JSON.parse((await readUrl(`${base}/registry/latest.json`)).toString());
+    const signed = verifyPointer(pointer, m.keys);
+    if (cache?.pointerVersion && isNewer(cache.pointerVersion, signed.version)) throw new Error("pointer rollback");
+
+    // No change since cache → reuse the cached blob, skip re-download.
+    if (cache?.snapshot && !isNewer(signed.version, cache.pointerVersion)) {
+      writeCache(cacheFile, { ...cache, manifestVersion: m.version, fetched_at: now.toISOString() });
+      return cache.snapshot;
+    }
+
+    const blob = await readUrl(signed.url);
+    verifyBlob(blob, signed.sha256);
+    const snapshot = JSON.parse(blob.toString());
+    writeCache(cacheFile, { manifestVersion: m.version, pointerVersion: signed.version, fetched_at: now.toISOString(), snapshot });
+    return snapshot;
+  } catch (e) {
+    if (cache?.snapshot) {
+      log(`registry refresh failed (${e.message}); using cached copy.`);
+      warnIfStale(cache, now, log);
+      return cache.snapshot;
+    }
+    throw new Error(`couldn't fetch the model registry and no cached copy is available: ${e.message}`);
+  }
+}

package/src/registry/local.js

@@ -0,0 +1,34 @@
+/* Offline resolution + health from a verified snapshot — mirrors the server's
+ * computeHealth (apps/web/lib/serialize.ts) so an offline run matches online. */
+
+/** Resolve model strings against the snapshot's detection table (exact match). */
+export function resolveLocal(snapshot, strings) {
+  const exact = new Map((snapshot.detection?.model_strings || []).map((s) => [s.match.toLowerCase(), s.model_slug]));
+  const bySlug = new Map((snapshot.models || []).map((m) => [m.slug, m]));
+  return strings.map((s) => {
+    const slug = exact.get(String(s).toLowerCase()) || null;
+    const model = slug ? bySlug.get(slug) || null : null;
+    return { input: s, model_slug: slug, display: model?.display ?? s, model };
+  });
+}
+
+/** Mirror of the server's computeHealth for a snapshot (slug-space) model. */
+export function computeHealth(model, retiringWindowDays = 90, today = new Date()) {
+  if (!model) return "custom";
+  const ret = model.retires_date ? new Date(model.retires_date) : null;
+  if (model.status === "retired" || (ret && ret <= today)) return "retired";
+  if (ret) {
+    const days = Math.round((ret.getTime() - today.getTime()) / 86_400_000);
+    if (days <= retiringWindowDays) return "retiring";
+  }
+  if (model.status === "deprecating" || model.deprecation_date) return "deprecating";
+  return "ok";
+}
+
+/** Models needing attention (deprecating/retiring/retired), soonest retirement first. */
+export function needsAttention(snapshot, retiringWindowDays = 90, today = new Date()) {
+  return (snapshot.models || [])
+    .map((m) => ({ ...m, health: computeHealth(m, retiringWindowDays, today) }))
+    .filter((m) => m.health !== "ok")
+    .sort((a, b) => String(a.retires_date || "9999-99-99").localeCompare(String(b.retires_date || "9999-99-99")));
+}

package/src/registry/root-keys.js

@@ -0,0 +1,12 @@
+// Pinned registry ROOT public key (mini-TUF trust anchor). The CLI trusts ONLY
+// this to verify the root-signed keys.json manifest, which names the current
+// snapshot SIGNING key — so the signing key rotates with NO CLI update. Replacing
+// the ROOT key is the rare case that needs a CLI release. Private root key is COLD
+// in 1Password (LLMStore: "Registry Signing Keys"); never deployed. Generated 2026-05-28.
+export const ROOT_KEY_ID = "root-2026-05-28";
+export const ROOT_PUBLIC_KEYS = {
+  [ROOT_KEY_ID]: `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAwkgXnIdHzIcuf4F/E/aP5exSaV0Q+nn05dVOHK79i7I=
+-----END PUBLIC KEY-----
+`,
+};

package/src/registry/sign.js

@@ -0,0 +1,17 @@
+/* Ed25519 signing over the canonical encoding (mirror of verify.js). Used by the
+ * offline rotate-signing-key script and tests. The PRODUCTION snapshot signer
+ * lives server-side (apps/web) with the signing key from Vercel env; this stays
+ * dependency-free so the cold-root rotation script can run anywhere. */
+import crypto from "node:crypto";
+import { canonicalize } from "./verify.js";
+
+/** Sign `signed` with an Ed25519 PEM private key; returns base64. */
+export function signEd25519(signed, privateKeyPem) {
+  const key = crypto.createPrivateKey(privateKeyPem);
+  return crypto.sign(null, Buffer.from(canonicalize(signed)), key).toString("base64");
+}
+
+/** Wrap a payload as a signed envelope: { signed, signature, alg }. */
+export function makeSigned(signed, privateKeyPem) {
+  return { signed, signature: signEd25519(signed, privateKeyPem), alg: "ed25519" };
+}

package/src/registry/verify.js

@@ -0,0 +1,67 @@
+/* Registry trust chain (mini-TUF). The CLI trusts a pinned ROOT public key only.
+ * Root signs a keys.json manifest -> manifest names the current SIGNING key(s) ->
+ * signing key signs latest.json (the snapshot pointer) -> pointer pins the blob's
+ * sha256. So the signing key rotates with no CLI update; only a root change needs
+ * a release. All signatures are Ed25519 over a canonical JSON encoding. */
+import crypto from "node:crypto";
+
+/** Deterministic JSON: recursively sorted keys, no insignificant whitespace.
+ * Signer and verifier MUST encode the same object the same way, so we never
+ * sign/verify raw bytes that could differ by key order or spacing. */
+export function canonicalize(value) {
+  if (value === null || typeof value !== "object") return JSON.stringify(value);
+  if (Array.isArray(value)) return "[" + value.map(canonicalize).join(",") + "]";
+  return "{" + Object.keys(value).sort().map((k) => JSON.stringify(k) + ":" + canonicalize(value[k])).join(",") + "}";
+}
+
+/** Verify an Ed25519 signature (base64) over canonicalize(signed) with a PEM key. */
+export function verifyEd25519(signed, signatureB64, publicKeyPem) {
+  try {
+    const key = crypto.createPublicKey(publicKeyPem);
+    return crypto.verify(null, Buffer.from(canonicalize(signed)), key, Buffer.from(signatureB64, "base64"));
+  } catch {
+    return false;
+  }
+}
+
+/** Verify keys.json with a pinned root key map; return { version, keys } where
+ * keys maps trusted signing key_id -> PEM (expired ones dropped). Throws on any
+ * failure so callers can fall back to a cached, previously-trusted manifest. */
+export function verifyManifest(manifest, rootPublicKeys, now = new Date()) {
+  const signed = manifest?.signed;
+  if (!signed || !Array.isArray(signed.keys)) throw new Error("malformed manifest");
+  const rootPem = rootPublicKeys[signed.root_key_id];
+  if (!rootPem) throw new Error(`manifest signed by untrusted root '${signed.root_key_id}'`);
+  if (!verifyEd25519(signed, manifest.signature, rootPem)) throw new Error("manifest signature invalid");
+  const keys = {};
+  for (const k of signed.keys) {
+    if (k.not_after && new Date(k.not_after) < now) continue; // expired signing key
+    if (k.alg && k.alg !== "ed25519") continue;
+    keys[k.key_id] = k.public_key;
+  }
+  return { version: signed.version, keys };
+}
+
+/** Verify latest.json (the snapshot pointer) against the manifest's trusted keys.
+ * Returns the verified `signed` payload ({ version, url, sha256, key_id, … }). */
+export function verifyPointer(pointer, trustedKeys) {
+  const signed = pointer?.signed;
+  if (!signed) throw new Error("malformed pointer");
+  const pem = trustedKeys[signed.key_id];
+  if (!pem) throw new Error(`pointer signed by unknown/expired key '${signed.key_id}'`);
+  if (!verifyEd25519(signed, pointer.signature, pem)) throw new Error("pointer signature invalid");
+  return signed;
+}
+
+/** The signed pointer pins the blob's sha256; confirm the download matches. */
+export function verifyBlob(bytes, sha256Hex) {
+  const got = crypto.createHash("sha256").update(bytes).digest("hex");
+  if (got !== sha256Hex) throw new Error("snapshot sha256 mismatch");
+  return true;
+}
+
+/** Anti-rollback: only accept a version strictly newer than what we've trusted
+ * before. Versions are sortable strings (UTC stamps / monotonic ids). */
+export function isNewer(candidate, trusted) {
+  return !trusted || String(candidate) > String(trusted);
+}

package/src/scan.js

@@ -0,0 +1,15 @@
+/** Backwards-compatible scan facade. The real work now lives in detect/core.js
+ * and sources/*; this keeps the `scan()` / `guessEnv()` shape the CLI used. */
+import { compilePatterns } from "./detect/core.js";
+import { filesystemSource, guessEnv } from "./sources/filesystem.js";
+
+/** Scan a directory for model strings. Returns rows shaped like the old API:
+ *  { model_string, file, line, snippet }. Callers that want the richer Candidate
+ *  shape (location_label/environment/source_path) should use sources/index.js. */
+export async function scan(root, patterns) {
+  const compiled = compilePatterns(patterns);
+  const cands = await filesystemSource.collect({ root }, compiled);
+  return cands.map((c) => ({ model_string: c.model_string, file: c.file, line: c.line, snippet: c.snippet }));
+}
+
+export { guessEnv };