@openthink/stamp 2.0.0 → 2.0.1

package/dist/index.js

@@ -1567,11 +1567,31 @@ function parseResponseJson(raw) {
       `review_server response: top-level verdict (${verdict}) and approval.verdict (${a.verdict}) disagree`
     );
   }
+  let prAttestationV3 = null;
+  const payloadB64 = obj["pr_attestation_v3_payload_b64"];
+  const sigB64 = obj["pr_attestation_v3_signature_b64"];
+  if (payloadB64 !== void 0 || sigB64 !== void 0) {
+    if (typeof payloadB64 !== "string" || !payloadB64) {
+      throw new Error(
+        `review_server response.pr_attestation_v3_payload_b64 must be a non-empty string when present`
+      );
+    }
+    if (typeof sigB64 !== "string" || !sigB64) {
+      throw new Error(
+        `review_server response.pr_attestation_v3_signature_b64 must be a non-empty string when present`
+      );
+    }
+    prAttestationV3 = {
+      payloadBytes: Buffer.from(payloadB64, "base64"),
+      signatureB64: sigB64
+    };
+  }
   return {
     verdict,
     prose: obj.prose,
     approval,
-    signature: obj.signature
+    signature: obj.signature,
+    prAttestationV3
   };
 }
 function verifyServerSignature(opts) {
@@ -1709,12 +1729,26 @@ async function requestServerReview(input) {
       `review_server returned a signed approval for diff_sha256 ${parsed.approval.diff_sha256} but we sent diff_sha256 ${diffSha256} \u2014 refusing.`
     );
   }
+  if (parsed.prAttestationV3) {
+    const localCanonical = canonicalSerializeApproval(parsed.approval);
+    if (!parsed.prAttestationV3.payloadBytes.equals(localCanonical)) {
+      throw new Error(
+        `review_server returned pr_attestation_v3_payload_b64 bytes that do not match canonicalSerializeApproval(approval) recomputed locally \u2014 refusing. This indicates a server/client canonicalizer drift (server stamp version mismatch?). Server bytes (first 80): ${JSON.stringify(parsed.prAttestationV3.payloadBytes.toString("utf8").slice(0, 80))}; client bytes (first 80): ${JSON.stringify(localCanonical.toString("utf8").slice(0, 80))}.`
+      );
+    }
+    if (parsed.prAttestationV3.signatureB64 !== parsed.signature) {
+      throw new Error(
+        `review_server returned pr_attestation_v3_signature_b64 that disagrees with the top-level signature \u2014 refusing.`
+      );
+    }
+  }
   return {
     verdict: parsed.verdict,
     prose: parsed.prose,
     approval: parsed.approval,
     signature: parsed.signature,
-    approvalJson: JSON.stringify(parsed.approval)
+    approvalJson: JSON.stringify(parsed.approval),
+    prAttestationV3: parsed.prAttestationV3
   };
 }
 function exitCodeHint(exitCode) {
@@ -10123,6 +10157,7 @@ function patchIdForSpan(base_sha, head_sha, repoRoot) {
 
 // src/lib/prAttestation.ts
 import { spawnSync as spawnSync13 } from "child_process";
+var PR_ATTESTATION_SCHEMA_VERSION = 3;
 var LEGACY_CLIENT_PR_ATTESTATION_SCHEMA_VERSION = 2;
 var MIN_ACCEPTED_PR_ATTESTATION_VERSION = 3;
 var MAX_PR_ATTESTATION_BYTES = 64 * 1024;
@@ -10236,22 +10271,256 @@ function runAttest(opts) {
   const branchRef = opts.branch ?? "HEAD";
   const revspec = `${opts.into}..${branchRef}`;
   const resolved = resolveDiff(revspec, repoRoot);
-  const db = openDb(stampStateDbPath(repoRoot));
+  const patch_id = patchIdForSpan(resolved.base_sha, resolved.head_sha, repoRoot);
+  const target_branch_tip_sha = runGit(
+    ["rev-parse", `${opts.into}^{commit}`],
+    repoRoot
+  ).trim();
+  const { keypair } = ensureUserKeypair();
+  const result = rule.review_server ? buildV3Envelope({
+    repoRoot,
+    revspec,
+    baseSha: resolved.base_sha,
+    headSha: resolved.head_sha,
+    diff: resolved.diff,
+    targetBranch: opts.into,
+    targetBranchTipSha: target_branch_tip_sha,
+    patchId: patch_id,
+    requiredReviewers: rule.required,
+    operatorPrivateKeyPem: keypair.privateKeyPem,
+    operatorFingerprint: keypair.fingerprint
+  }) : buildV2Envelope({
+    repoRoot,
+    revspec,
+    baseSha: resolved.base_sha,
+    headSha: resolved.head_sha,
+    targetBranch: opts.into,
+    targetBranchTipSha: target_branch_tip_sha,
+    patchId: patch_id,
+    requiredReviewers: rule.required,
+    operatorPrivateKeyPem: keypair.privateKeyPem,
+    operatorFingerprint: keypair.fingerprint
+  });
+  const { ref, blob_sha } = writeAttestationRef(
+    { payload: result.payload, signature: result.signature },
+    repoRoot
+  );
+  const bar = "\u2500".repeat(72);
+  console.log(bar);
+  console.log(`attested ${branchRef} for merge into '${opts.into}'`);
+  console.log(bar);
+  console.log(`  patch-id:   ${patch_id}`);
+  console.log(
+    `  base\u2192head:  ${resolved.base_sha.slice(0, 8)} \u2192 ${resolved.head_sha.slice(0, 8)}`
+  );
+  console.log(`  signed by:  ${keypair.fingerprint}`);
+  console.log(`  approvals:  ${result.reviewerNames.join(", ")}`);
+  console.log(
+    `  schema:     v${result.payload.schema_version}${result.payload.schema_version === PR_ATTESTATION_SCHEMA_VERSION ? " (server-attested)" : " (legacy)"}`
+  );
+  console.log(`  ref:        ${ref}`);
+  console.log(`  blob:       ${blob_sha.slice(0, 12)}`);
+  console.log(bar);
+  if (opts.pushTo) {
+    pushBranchAndAttestation(opts.pushTo, ref, repoRoot);
+    console.log(
+      `
+\u2713 pushed branch + attestation ref to ${opts.pushTo}. Open the PR; stamp/verify-attestation@v1 will look up refs/stamp/attestations/<patch-id> from your head SHA's diff against the base.`
+    );
+  } else {
+    console.log(
+      `
+Next: push the branch + attestation ref to your remote, open a PR, and let stamp/verify-attestation@v1 (the GH Action) confirm it. To do both pushes in one shot:
+
+    git push <remote> HEAD ${ref}
+
+Or re-run with --push <remote> next time.`
+    );
+  }
+}
+function buildV3Envelope(input) {
+  const diffBytes = Buffer.from(input.diff, "utf8");
+  const diffSha256 = createHash12("sha256").update(diffBytes).digest("hex");
+  let manifestYaml;
+  try {
+    manifestYaml = showAtRef(
+      input.baseSha,
+      ".stamp/trusted-keys/manifest.yml",
+      input.repoRoot
+    );
+  } catch (err) {
+    throw new Error(
+      `review_server is configured but .stamp/trusted-keys/manifest.yml is missing at base ${input.baseSha.slice(0, 8)}: ${err instanceof Error ? err.message : String(err)}. Server-attested PR mode requires the manifest in the merge-base tree so each approval's server signature can be checked against the keys the repo trusted at attestation time. Commit a manifest with capabilities: [server] entries for the review server before attesting.`
+    );
+  }
+  const manifest = parseManifest(manifestYaml);
+  if (!manifest) {
+    throw new Error(
+      `.stamp/trusted-keys/manifest.yml at base ${input.baseSha.slice(0, 8)} failed to parse as a valid trusted-keys manifest. Fix the YAML (syntax error, duplicate fingerprint, unknown capability, etc.) and re-run \`stamp attest\`.`
+    );
+  }
+  const pubFilenames = listFilesAtRef(
+    input.baseSha,
+    ".stamp/trusted-keys",
+    input.repoRoot
+  );
+  const pubkeyByFingerprint = buildPubkeyMap(
+    pubFilenames,
+    (relPath) => showAtRef(input.baseSha, relPath, input.repoRoot)
+  );
+  const db = openDb(stampStateDbPath(input.repoRoot));
+  let entries;
+  try {
+    const rows = serverApprovalsFor(db, input.baseSha, input.headSha);
+    const byReviewer = new Map(rows.map((r) => [r.reviewer, r]));
+    entries = input.requiredReviewers.map((reviewerName) => {
+      const row = byReviewer.get(reviewerName);
+      if (!row) {
+        throw new Error(
+          `missing server signature for reviewer "${reviewerName}" at base\u2192head ${input.baseSha.slice(0, 8)}\u2192${input.headSha.slice(0, 8)}. Server-attested PR mode requires every required reviewer to have a stamp-server-signed approval in the local DB. Possible causes:
+  \u2022 the stamp-server is older than 2.0.1 and doesn't produce PR-attestation v3 payloads (upgrade the server)
+  \u2022 \`stamp review --diff ${input.revspec}\` hasn't been run against this exact (base, head) pair yet
+  \u2022 the review was run in local-mode (no \`review_server\` configured at review time)
+Run \`stamp review --diff ${input.revspec}\` to populate the signed row, then re-run \`stamp attest\`.`
+        );
+      }
+      let parsedJson;
+      try {
+        parsedJson = JSON.parse(row.approval_json);
+      } catch (err) {
+        throw new Error(
+          `server approval row for reviewer "${reviewerName}" has malformed JSON in server_approval_json \u2014 DB corruption or a writer-side bug. Re-run \`stamp review --diff ${input.revspec}\` to write a fresh row. (parse error: ${err instanceof Error ? err.message : String(err)})`
+        );
+      }
+      if (!parsedJson || typeof parsedJson !== "object" || Array.isArray(parsedJson)) {
+        throw new Error(
+          `server approval row for reviewer "${reviewerName}" parsed to a non-object value \u2014 DB corruption or a writer-side bug. Re-run \`stamp review --diff ${input.revspec}\` to write a fresh row.`
+        );
+      }
+      const obj = parsedJson;
+      for (const field of [
+        "reviewer",
+        "verdict",
+        "prompt_sha256",
+        "diff_sha256",
+        "base_sha",
+        "head_sha",
+        "trusted_keys_snapshot_sha256",
+        "issued_at",
+        "server_key_id"
+      ]) {
+        if (typeof obj[field] !== "string") {
+          throw new Error(
+            `server approval row for reviewer "${reviewerName}" is missing required field "${field}" (or it isn't a string) \u2014 DB corruption or a writer-side bug. Re-run \`stamp review --diff ${input.revspec}\` to write a fresh row.`
+          );
+        }
+      }
+      const approval = parsedJson;
+      if (approval.reviewer !== reviewerName) {
+        throw new Error(
+          `server approval row for reviewer "${reviewerName}" carries approval.reviewer="${approval.reviewer}" \u2014 DB row drifted. Re-run \`stamp review --diff ${input.revspec}\`.`
+        );
+      }
+      if (approval.base_sha !== input.baseSha) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed against base_sha ${approval.base_sha.slice(0, 8)} but we're attesting from ${input.baseSha.slice(0, 8)} \u2014 stale signature. Re-run \`stamp review --diff ${input.revspec}\` to refresh.`
+        );
+      }
+      if (approval.head_sha !== input.headSha) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed against head_sha ${approval.head_sha.slice(0, 8)} but we're attesting head ${input.headSha.slice(0, 8)} \u2014 stale signature. Re-run \`stamp review --diff ${input.revspec}\` to refresh.`
+        );
+      }
+      if (approval.diff_sha256 !== diffSha256) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed against diff_sha256 ${approval.diff_sha256.slice(0, 12)}\u2026 but the current diff hashes to ${diffSha256.slice(0, 12)}\u2026 \u2014 stale signature. The diff content drifted between review and attest (rebased base, modified head). Re-run \`stamp review --diff ${input.revspec}\`.`
+        );
+      }
+      if (approval.verdict !== "approved") {
+        throw new Error(
+          `server approval for "${reviewerName}" carries verdict "${approval.verdict}", not "approved". Re-run \`stamp review --diff ${input.revspec}\` so the server signs the current approved verdict.`
+        );
+      }
+      const caps = resolveCapability(manifest, approval.server_key_id);
+      if (caps === null) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed by ${approval.server_key_id}, but that key isn't listed in .stamp/trusted-keys/manifest.yml at base ${input.baseSha.slice(0, 8)}. Either the server's signing key changed (commit the new fingerprint to the manifest with capabilities: [server]) or this row was written by a server the repo no longer trusts. Re-run \`stamp review --diff ${input.revspec}\` after fixing the manifest.`
+        );
+      }
+      if (!caps.includes("server")) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed by ${approval.server_key_id}, but that key's capabilities in .stamp/trusted-keys/manifest.yml at base ${input.baseSha.slice(0, 8)} are [${caps.join(", ")}] \u2014 missing the required 'server' capability. Update the manifest entry and re-attest.`
+        );
+      }
+      const serverPubPem = pubkeyByFingerprint.get(approval.server_key_id);
+      if (!serverPubPem) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed by ${approval.server_key_id}, but no .pub file in .stamp/trusted-keys/ at base ${input.baseSha.slice(0, 8)} matches that fingerprint. Commit the server's public key alongside its manifest entry and re-attest.`
+        );
+      }
+      const sigOk = verifyBytes(
+        serverPubPem,
+        canonicalSerializeApproval(approval),
+        row.signature_b64
+      );
+      if (!sigOk) {
+        throw new Error(
+          `server signature for "${reviewerName}" failed Ed25519 verification against key ${approval.server_key_id}. The DB row's signature does not match the canonical bytes of its approval body \u2014 either the row was tampered with or the writer was buggy. Re-run \`stamp review --diff ${input.revspec}\` to refresh the signed row.`
+        );
+      }
+      return {
+        approval,
+        server_attestation: {
+          server_key_id: approval.server_key_id,
+          signature: row.signature_b64
+        }
+      };
+    });
+  } finally {
+    db.close();
+  }
+  const trustAnchorSignatures = [];
+  const payload = {
+    schema_version: PR_ATTESTATION_SCHEMA_VERSION,
+    patch_id: input.patchId,
+    base_sha: input.baseSha,
+    head_sha: input.headSha,
+    target_branch: input.targetBranch,
+    target_branch_tip_sha: input.targetBranchTipSha,
+    diff_sha256: diffSha256,
+    approvals: entries,
+    checks: [],
+    // Phase-1 deliberate omission — see file-level comment.
+    trust_anchor_signatures: trustAnchorSignatures,
+    signer_key_id: input.operatorFingerprint
+  };
+  const signature = signBytes(
+    input.operatorPrivateKeyPem,
+    serializePayload2(payload)
+  );
+  return {
+    payload,
+    signature,
+    reviewerNames: input.requiredReviewers
+  };
+}
+function buildV2Envelope(input) {
+  const db = openDb(stampStateDbPath(input.repoRoot));
   let approvals;
   try {
-    const reviews = latestReviews(db, resolved.base_sha, resolved.head_sha);
+    const reviews = latestReviews(db, input.baseSha, input.headSha);
     const byReviewer = new Map(reviews.map((r) => [r.reviewer, r]));
     const missing = [];
-    for (const r of rule.required) {
+    for (const r of input.requiredReviewers) {
       const rev = byReviewer.get(r);
       if (!rev || rev.verdict !== "approved") missing.push(r);
     }
     if (missing.length > 0) {
       throw new Error(
-        `gate CLOSED: missing approved verdicts for: ${missing.join(", ")}. Run \`stamp status --diff ${revspec}\` to inspect, then \`stamp review --diff ${revspec}\` to review.`
+        `gate CLOSED: missing approved verdicts for: ${missing.join(", ")}. Run \`stamp status --diff ${input.revspec}\` to inspect, then \`stamp review --diff ${input.revspec}\` to review.`
       );
     }
-    approvals = rule.required.map((name) => {
+    approvals = input.requiredReviewers.map((name) => {
       const rev = byReviewer.get(name);
       const toolCalls = redactToolCallsForAttestation(
         parseToolCalls(rev.tool_calls)
@@ -10267,20 +10536,20 @@ function runAttest(opts) {
     db.close();
   }
   const baseConfigYaml = showAtRef(
-    resolved.base_sha,
+    input.baseSha,
     ".stamp/config.yml",
-    repoRoot
+    input.repoRoot
   );
   const baseReviewers = readReviewersFromYaml(baseConfigYaml);
   approvals = approvals.map((a) => {
     const def = baseReviewers[a.reviewer];
     if (!def) {
       throw new Error(
-        `reviewer "${a.reviewer}" approved the diff but is not defined in .stamp/config.yml at base ${resolved.base_sha.slice(0, 8)}. This shouldn't happen \u2014 runReview reads from the same base. File a bug at https://github.com/OpenThinkAi/stamp-cli/issues.`
+        `reviewer "${a.reviewer}" approved the diff but is not defined in .stamp/config.yml at base ${input.baseSha.slice(0, 8)}. This shouldn't happen \u2014 runReview reads from the same base. File a bug at https://github.com/OpenThinkAi/stamp-cli/issues.`
       );
     }
-    const promptText = showAtRef(resolved.base_sha, def.prompt, repoRoot);
-    const source = readReviewerSource2(a.reviewer, repoRoot);
+    const promptText = showAtRef(input.baseSha, def.prompt, input.repoRoot);
+    const source = readReviewerSource2(a.reviewer, input.repoRoot);
     return {
       ...a,
       prompt_sha256: hashPromptBytes(Buffer.from(promptText, "utf8")),
@@ -10289,58 +10558,27 @@ function runAttest(opts) {
       ...source ? { reviewer_source: source } : {}
     };
   });
-  const patch_id = patchIdForSpan(resolved.base_sha, resolved.head_sha, repoRoot);
-  const target_branch_tip_sha = runGit(
-    ["rev-parse", `${opts.into}^{commit}`],
-    repoRoot
-  ).trim();
-  const { keypair } = ensureUserKeypair();
   const payload = {
     schema_version: LEGACY_CLIENT_PR_ATTESTATION_SCHEMA_VERSION,
-    patch_id,
-    base_sha: resolved.base_sha,
-    head_sha: resolved.head_sha,
-    target_branch: opts.into,
-    target_branch_tip_sha,
+    patch_id: input.patchId,
+    base_sha: input.baseSha,
+    head_sha: input.headSha,
+    target_branch: input.targetBranch,
+    target_branch_tip_sha: input.targetBranchTipSha,
     approvals,
     checks: [],
     // Phase-1 deliberate omission — see file-level comment.
-    signer_key_id: keypair.fingerprint
+    signer_key_id: input.operatorFingerprint
   };
-  const signature = signBytes(keypair.privateKeyPem, serializePayload2(payload));
-  const { ref, blob_sha } = writeAttestationRef(
-    { payload, signature },
-    repoRoot
+  const signature = signBytes(
+    input.operatorPrivateKeyPem,
+    serializePayload2(payload)
   );
-  const bar = "\u2500".repeat(72);
-  console.log(bar);
-  console.log(`attested ${branchRef} for merge into '${opts.into}'`);
-  console.log(bar);
-  console.log(`  patch-id:   ${patch_id}`);
-  console.log(
-    `  base\u2192head:  ${resolved.base_sha.slice(0, 8)} \u2192 ${resolved.head_sha.slice(0, 8)}`
-  );
-  console.log(`  signed by:  ${keypair.fingerprint}`);
-  console.log(`  approvals:  ${approvals.map((a) => a.reviewer).join(", ")}`);
-  console.log(`  ref:        ${ref}`);
-  console.log(`  blob:       ${blob_sha.slice(0, 12)}`);
-  console.log(bar);
-  if (opts.pushTo) {
-    pushBranchAndAttestation(opts.pushTo, ref, repoRoot);
-    console.log(
-      `
-\u2713 pushed branch + attestation ref to ${opts.pushTo}. Open the PR; stamp/verify-attestation@v1 will look up refs/stamp/attestations/<patch-id> from your head SHA's diff against the base.`
-    );
-  } else {
-    console.log(
-      `
-Next: push the branch + attestation ref to your remote, open a PR, and let stamp/verify-attestation@v1 (the GH Action) confirm it. To do both pushes in one shot:
-
-    git push <remote> HEAD ${ref}
-
-Or re-run with --push <remote> next time.`
-    );
-  }
+  return {
+    payload,
+    signature,
+    reviewerNames: approvals.map((a) => a.reviewer)
+  };
 }
 function pushBranchAndAttestation(remote, attestationRef, repoRoot) {
   const result = spawnSync14(