@openthink/stamp 2.0.0 → 2.0.2

package/dist/index.js

@@ -59,8 +59,8 @@ import { Command } from "commander";
 
 // src/commands/bootstrap.ts
 import { execFileSync as execFileSync4 } from "child_process";
-import { existsSync as existsSync7, readFileSync as readFileSync6, readdirSync, statSync, writeFileSync as writeFileSync5 } from "fs";
-import { dirname as dirname3, join as join3 } from "path";
+import { existsSync as existsSync7, readFileSync as readFileSync7, readdirSync, statSync, writeFileSync as writeFileSync5 } from "fs";
+import { dirname as dirname4, join as join4 } from "path";
 
 // src/lib/agentsMd.ts
 import { existsSync, readFileSync, writeFileSync } from "fs";
@@ -1567,11 +1567,31 @@ function parseResponseJson(raw) {
       `review_server response: top-level verdict (${verdict}) and approval.verdict (${a.verdict}) disagree`
     );
   }
+  let prAttestationV3 = null;
+  const payloadB64 = obj["pr_attestation_v3_payload_b64"];
+  const sigB64 = obj["pr_attestation_v3_signature_b64"];
+  if (payloadB64 !== void 0 || sigB64 !== void 0) {
+    if (typeof payloadB64 !== "string" || !payloadB64) {
+      throw new Error(
+        `review_server response.pr_attestation_v3_payload_b64 must be a non-empty string when present`
+      );
+    }
+    if (typeof sigB64 !== "string" || !sigB64) {
+      throw new Error(
+        `review_server response.pr_attestation_v3_signature_b64 must be a non-empty string when present`
+      );
+    }
+    prAttestationV3 = {
+      payloadBytes: Buffer.from(payloadB64, "base64"),
+      signatureB64: sigB64
+    };
+  }
   return {
     verdict,
     prose: obj.prose,
     approval,
-    signature: obj.signature
+    signature: obj.signature,
+    prAttestationV3
   };
 }
 function verifyServerSignature(opts) {
@@ -1709,12 +1729,26 @@ async function requestServerReview(input) {
       `review_server returned a signed approval for diff_sha256 ${parsed.approval.diff_sha256} but we sent diff_sha256 ${diffSha256} \u2014 refusing.`
     );
   }
+  if (parsed.prAttestationV3) {
+    const localCanonical = canonicalSerializeApproval(parsed.approval);
+    if (!parsed.prAttestationV3.payloadBytes.equals(localCanonical)) {
+      throw new Error(
+        `review_server returned pr_attestation_v3_payload_b64 bytes that do not match canonicalSerializeApproval(approval) recomputed locally \u2014 refusing. This indicates a server/client canonicalizer drift (server stamp version mismatch?). Server bytes (first 80): ${JSON.stringify(parsed.prAttestationV3.payloadBytes.toString("utf8").slice(0, 80))}; client bytes (first 80): ${JSON.stringify(localCanonical.toString("utf8").slice(0, 80))}.`
+      );
+    }
+    if (parsed.prAttestationV3.signatureB64 !== parsed.signature) {
+      throw new Error(
+        `review_server returned pr_attestation_v3_signature_b64 that disagrees with the top-level signature \u2014 refusing.`
+      );
+    }
+  }
   return {
     verdict: parsed.verdict,
     prose: parsed.prose,
     approval: parsed.approval,
     signature: parsed.signature,
-    approvalJson: JSON.stringify(parsed.approval)
+    approvalJson: JSON.stringify(parsed.approval),
+    prAttestationV3: parsed.prAttestationV3
   };
 }
 function exitCodeHint(exitCode) {
@@ -3132,9 +3166,38 @@ function readLineSync() {
   return out;
 }
 
+// src/lib/version.ts
+import { readFileSync as readFileSync4 } from "fs";
+import { dirname, join as join3 } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+function readPackageVersion() {
+  const here = dirname(fileURLToPath2(import.meta.url));
+  for (let dir = here, i = 0; i < 6; i++) {
+    try {
+      const raw = readFileSync4(join3(dir, "package.json"), "utf8");
+      const pkg = JSON.parse(raw);
+      if (pkg.name === "@openthink/stamp" && pkg.version) return pkg.version;
+    } catch {
+    }
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  throw new Error("could not locate @openthink/stamp package.json to read version");
+}
+
 // src/lib/deprecationNotice.ts
-function maybePrintDeprecationNotice() {
+function maybePrintDeprecationNotice(versionOverride) {
   if (process.env.STAMP_SUPPRESS_DEPRECATION === "1") return;
+  let major = null;
+  try {
+    const version = versionOverride ?? readPackageVersion();
+    const m = /^(\d+)\./.exec(version);
+    if (m) major = Number.parseInt(m[1], 10);
+  } catch {
+    return;
+  }
+  if (major === null || major >= 2) return;
   process.stderr.write(
     "warning: stamp 1.x is in maintenance \u2014 the server-attested 2.x line is active. See docs/migration-1.x-to-2.x.md. Suppress: STAMP_SUPPRESS_DEPRECATION=1.\n"
   );
@@ -3729,12 +3792,12 @@ ${close}`;
 import {
   existsSync as existsSync3,
   mkdirSync,
-  readFileSync as readFileSync4,
+  readFileSync as readFileSync5,
   renameSync,
   unlinkSync,
   writeFileSync as writeFileSync2
 } from "fs";
-import { dirname } from "path";
+import { dirname as dirname2 } from "path";
 import { parse as parseYaml6, stringify as stringifyYaml } from "yaml";
 var DEFAULT_REVIEWER_MODELS = {
   security: "claude-sonnet-4-6",
@@ -3754,7 +3817,7 @@ function loadUserConfig() {
   if (!existsSync3(path2)) return null;
   let raw;
   try {
-    raw = readFileSync4(path2, "utf8");
+    raw = readFileSync5(path2, "utf8");
   } catch (err) {
     throw new Error(
       `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
@@ -3814,7 +3877,7 @@ function stringifyUserConfig(cfg) {
 }
 function writeUserConfig(cfg) {
   const path2 = userConfigPath();
-  const dir = dirname(path2);
+  const dir = dirname2(path2);
   if (!existsSync3(dir)) mkdirSync(dir, { recursive: true, mode: 448 });
   const tmp = `${path2}.tmp.${process.pid}`;
   writeFileSync2(tmp, stringifyUserConfig(cfg), { mode: 384 });
@@ -4625,7 +4688,7 @@ function stripLastLineVerdict(text) {
 
 // src/lib/llmNotice.ts
 import { existsSync as existsSync4, mkdirSync as mkdirSync3, writeFileSync as writeFileSync4 } from "fs";
-import { dirname as dirname2 } from "path";
+import { dirname as dirname3 } from "path";
 function maybePrintLlmNotice(repoRoot) {
   if (process.env.STAMP_SUPPRESS_LLM_NOTICE === "1") return;
   const marker = stampLlmNoticeMarkerPath(repoRoot);
@@ -4638,7 +4701,7 @@ function maybePrintLlmNotice(repoRoot) {
 `
   );
   try {
-    mkdirSync3(dirname2(marker), { recursive: true });
+    mkdirSync3(dirname3(marker), { recursive: true });
     writeFileSync4(marker, `${(/* @__PURE__ */ new Date()).toISOString()}
 `);
   } catch {
@@ -4878,7 +4941,7 @@ import { spawnSync as spawnSync4 } from "child_process";
 import { createInterface } from "readline";
 
 // src/lib/serverConfig.ts
-import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
+import { existsSync as existsSync5, readFileSync as readFileSync6 } from "fs";
 import { parse as parseYaml7 } from "yaml";
 var DEFAULT_USER = "git";
 var DEFAULT_REPO_ROOT = "/srv/git";
@@ -4908,7 +4971,7 @@ function loadServerConfig() {
   if (!existsSync5(path2)) return null;
   let raw;
   try {
-    raw = readFileSync5(path2, "utf8");
+    raw = readFileSync6(path2, "utf8");
   } catch (err) {
     throw new Error(
       `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
@@ -5887,27 +5950,27 @@ function readSeedDir(seedDir) {
   if (!existsSync7(seedDir) || !statSync(seedDir).isDirectory()) {
     throw new Error(`--from path is not a directory: ${seedDir}`);
   }
-  const configPath = join3(seedDir, "config.yml");
+  const configPath = join4(seedDir, "config.yml");
   if (!existsSync7(configPath)) {
     throw new Error(`--from dir missing config.yml: ${configPath}`);
   }
-  const reviewersDir = join3(seedDir, "reviewers");
+  const reviewersDir = join4(seedDir, "reviewers");
   if (!existsSync7(reviewersDir) || !statSync(reviewersDir).isDirectory()) {
     throw new Error(`--from dir missing reviewers/ subdirectory: ${reviewersDir}`);
   }
-  const yaml = readFileSync6(configPath, "utf8");
+  const yaml = readFileSync7(configPath, "utf8");
   const config2 = parseConfigFromYaml(yaml);
   const reviewerFiles = /* @__PURE__ */ new Map();
   for (const entry of readdirSync(reviewersDir)) {
-    const full = join3(reviewersDir, entry);
+    const full = join4(reviewersDir, entry);
     if (statSync(full).isFile()) {
-      reviewerFiles.set(`.stamp/reviewers/${entry}`, readFileSync6(full, "utf8"));
+      reviewerFiles.set(`.stamp/reviewers/${entry}`, readFileSync7(full, "utf8"));
     }
   }
   let mirrorYml;
-  const mirrorPath = join3(seedDir, "mirror.yml");
+  const mirrorPath = join4(seedDir, "mirror.yml");
   if (existsSync7(mirrorPath)) {
-    mirrorYml = readFileSync6(mirrorPath, "utf8");
+    mirrorYml = readFileSync7(mirrorPath, "utf8");
   }
   return { config: config2, reviewerFiles, mirrorYml };
 }
@@ -5915,12 +5978,12 @@ function writeBootstrapFiles(repoRoot, plan) {
   ensureDir(stampConfigDir(repoRoot));
   ensureDir(stampReviewersDir(repoRoot));
   for (const { path: path2, content } of plan.reviewerFiles.values()) {
-    const full = join3(repoRoot, path2);
-    ensureDir(dirname3(full));
+    const full = join4(repoRoot, path2);
+    ensureDir(dirname4(full));
     writeFileSync5(full, content);
   }
   if (plan.mirrorYml !== void 0) {
-    writeFileSync5(join3(repoRoot, ".stamp/mirror.yml"), plan.mirrorYml);
+    writeFileSync5(join4(repoRoot, ".stamp/mirror.yml"), plan.mirrorYml);
   }
   writeFileSync5(stampConfigFile(repoRoot), stringifyConfig(plan.newConfig));
 }
@@ -5963,8 +6026,8 @@ function branchExists(name, cwd) {
 }
 
 // src/commands/init.ts
-import { existsSync as existsSync9, readFileSync as readFileSync8, writeFileSync as writeFileSync7 } from "fs";
-import { dirname as dirname4, join as join5 } from "path";
+import { existsSync as existsSync9, readFileSync as readFileSync9, writeFileSync as writeFileSync7 } from "fs";
+import { dirname as dirname5, join as join6 } from "path";
 
 // src/lib/ghRuleset.ts
 import { spawnSync as spawnSync5 } from "child_process";
@@ -6300,14 +6363,14 @@ function computeDesiredBypassActors(current, deployKeyId, flags) {
 }
 
 // src/lib/oteamConfig.ts
-import { existsSync as existsSync8, readFileSync as readFileSync7, renameSync as renameSync2, writeFileSync as writeFileSync6 } from "fs";
+import { existsSync as existsSync8, readFileSync as readFileSync8, renameSync as renameSync2, writeFileSync as writeFileSync6 } from "fs";
 import { homedir } from "os";
-import { join as join4 } from "path";
-var OTEAM_CONFIG_PATH = join4(homedir(), ".open-team", "config.json");
+import { join as join5 } from "path";
+var OTEAM_CONFIG_PATH = join5(homedir(), ".open-team", "config.json");
 function readOteamConfig(configPath = OTEAM_CONFIG_PATH) {
   if (!existsSync8(configPath)) return null;
   try {
-    const parsed = JSON.parse(readFileSync7(configPath, "utf8"));
+    const parsed = JSON.parse(readFileSync8(configPath, "utf8"));
     if (Array.isArray(parsed)) {
       throw new Error("config must be a JSON object, not an array");
     }
@@ -6322,7 +6385,7 @@ function patchStampHost(host, configPath = OTEAM_CONFIG_PATH) {
   let config2 = {};
   if (existsSync8(configPath)) {
     try {
-      const parsed = JSON.parse(readFileSync7(configPath, "utf8"));
+      const parsed = JSON.parse(readFileSync8(configPath, "utf8"));
       if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed)) {
         config2 = parsed;
       }
@@ -6348,6 +6411,7 @@ function patchStampHost(host, configPath = OTEAM_CONFIG_PATH) {
 }
 
 // src/commands/init.ts
+var DEFAULT_ACTION_SOURCE = "OpenThinkAi/stamp-cli";
 function runInit(opts = {}) {
   maybePrintDeprecationNotice();
   const repoRoot = findRepoRoot();
@@ -6378,26 +6442,26 @@ For local-only / advisory use against this GitHub repo: re-run with \`stamp init
   if (!alreadyHasConfig) {
     if (opts.minimal) {
       writeFileSync7(configFile, stringifyConfig(MINIMAL_CONFIG));
-      writeFileSync7(join5(reviewersDir, "example.md"), EXAMPLE_REVIEWER_PROMPT);
+      writeFileSync7(join6(reviewersDir, "example.md"), EXAMPLE_REVIEWER_PROMPT);
     } else {
       writeFileSync7(configFile, stringifyConfig(DEFAULT_CONFIG));
       writeFileSync7(
-        join5(reviewersDir, "security.md"),
+        join6(reviewersDir, "security.md"),
         DEFAULT_SECURITY_PROMPT
       );
       writeFileSync7(
-        join5(reviewersDir, "standards.md"),
+        join6(reviewersDir, "standards.md"),
         DEFAULT_STANDARDS_PROMPT
       );
       writeFileSync7(
-        join5(reviewersDir, "product.md"),
+        join6(reviewersDir, "product.md"),
         DEFAULT_PRODUCT_PROMPT
       );
     }
   }
   const { keypair, created: keyCreated } = ensureUserKeypair();
   const userCfg = loadOrCreateUserConfig();
-  const pubKeyPath = join5(
+  const pubKeyPath = join6(
     trustedKeysDir,
     publicKeyFingerprintFilename(keypair.fingerprint)
   );
@@ -6411,7 +6475,8 @@ For local-only / advisory use against this GitHub repo: re-run with \`stamp init
   const prCheckResult = maybeWriteVerifyWorkflow(
     repoRoot,
     opts.prCheck,
-    effectiveMode
+    effectiveMode,
+    opts.actionSource ?? DEFAULT_ACTION_SOURCE
   );
   const prModeResult = opts.prMode ? maybeWritePrModeMirrorWorkflow(repoRoot, { force: opts.prModeForce }) : { action: "skipped", path: PR_MODE_WORKFLOW_PATH, substitution: null };
   const agentsMdAction = opts.agentsMd === false ? "skipped" : ensureAgentsMd(repoRoot, effectiveMode);
@@ -6563,8 +6628,8 @@ function runBootstrapCommit(repoRoot, scaffoldOrSync) {
     return { kind: "skipped-already-tracked" };
   }
   const toAdd = [".stamp"];
-  if (existsSync9(join5(repoRoot, "AGENTS.md"))) toAdd.push("AGENTS.md");
-  if (existsSync9(join5(repoRoot, "CLAUDE.md"))) toAdd.push("CLAUDE.md");
+  if (existsSync9(join6(repoRoot, "AGENTS.md"))) toAdd.push("AGENTS.md");
+  if (existsSync9(join6(repoRoot, "CLAUDE.md"))) toAdd.push("CLAUDE.md");
   runGit(["add", ...toAdd], repoRoot);
   let hasStagedChanges = false;
   try {
@@ -6769,27 +6834,27 @@ function resolveMode(userMode, remoteClass) {
   }
 }
 var VERIFY_ACTION_REF = "v1.6.1";
-function maybeWriteVerifyWorkflow(repoRoot, prCheckOpt, effectiveMode) {
+function maybeWriteVerifyWorkflow(repoRoot, prCheckOpt, effectiveMode, actionSource = DEFAULT_ACTION_SOURCE) {
   const path2 = ".github/workflows/stamp-verify.yml";
-  const fullPath = join5(repoRoot, path2);
+  const fullPath = join6(repoRoot, path2);
   const defaultForMode = effectiveMode !== "server-gated";
   const shouldWrite = prCheckOpt ?? defaultForMode;
   if (!shouldWrite) return { action: "skipped", path: path2 };
   if (existsSync9(fullPath)) {
     return { action: "exists", path: path2 };
   }
-  ensureDir(dirname4(fullPath));
-  writeFileSync7(fullPath, renderVerifyWorkflow());
+  ensureDir(dirname5(fullPath));
+  writeFileSync7(fullPath, renderVerifyWorkflow(actionSource));
   return { action: "wrote", path: path2 };
 }
 var PR_MODE_WORKFLOW_PATH = ".github/workflows/stamp-mirror.yml";
 function maybeWritePrModeMirrorWorkflow(repoRoot, opts = {}) {
-  const fullPath = join5(repoRoot, PR_MODE_WORKFLOW_PATH);
+  const fullPath = join6(repoRoot, PR_MODE_WORKFLOW_PATH);
   const substitution = derivePrModeSubstitution(repoRoot);
   if (existsSync9(fullPath) && !opts.force) {
     return { action: "exists", path: PR_MODE_WORKFLOW_PATH, substitution };
   }
-  ensureDir(dirname4(fullPath));
+  ensureDir(dirname5(fullPath));
   writeFileSync7(fullPath, renderMirrorWorkflow(substitution));
   return { action: "wrote", path: PR_MODE_WORKFLOW_PATH, substitution };
 }
@@ -6797,9 +6862,9 @@ function derivePrModeSubstitution(repoRoot) {
   let host = null;
   let port = null;
   try {
-    const configFile = join5(repoRoot, ".stamp", "config.yml");
+    const configFile = join6(repoRoot, ".stamp", "config.yml");
     if (existsSync9(configFile)) {
-      const cfg = parseConfigFromYaml(readFileSync8(configFile, "utf8"));
+      const cfg = parseConfigFromYaml(readFileSync9(configFile, "utf8"));
       for (const rule of Object.values(cfg.branches)) {
         if (rule.review_server) {
           try {
@@ -7039,7 +7104,7 @@ function printPrModeWalkthrough(result) {
   );
   console.log();
 }
-function renderVerifyWorkflow() {
+function renderVerifyWorkflow(actionSource = DEFAULT_ACTION_SOURCE) {
   return [
     "name: stamp verify",
     "",
@@ -7072,18 +7137,18 @@ function renderVerifyWorkflow() {
     "          # would force per-step refetches.",
     "          fetch-depth: 0",
     "      - name: stamp/verify-attestation",
-    `        uses: OpenThinkAi/stamp-cli/.github/actions/verify-attestation@${VERIFY_ACTION_REF}`,
+    `        uses: ${actionSource}/.github/actions/verify-attestation@${VERIFY_ACTION_REF}`,
     ""
   ].join("\n");
 }
 
 // src/commands/migrateServerAttested.ts
-import { existsSync as existsSync10, readFileSync as readFileSync10, writeFileSync as writeFileSync8 } from "fs";
-import { dirname as dirname5, join as join7, relative } from "path";
+import { existsSync as existsSync10, readFileSync as readFileSync11, writeFileSync as writeFileSync8 } from "fs";
+import { dirname as dirname6, join as join8, relative } from "path";
 
 // src/lib/migrateServerAttested.ts
-import { readdirSync as readdirSync2, readFileSync as readFileSync9, statSync as statSync2 } from "fs";
-import { join as join6 } from "path";
+import { readdirSync as readdirSync2, readFileSync as readFileSync10, statSync as statSync2 } from "fs";
+import { join as join7 } from "path";
 function detectExistingKeys(repoRoot, onSkip) {
   const dir = stampTrustedKeysDir(repoRoot);
   let entries;
@@ -7097,7 +7162,7 @@ function detectExistingKeys(repoRoot, onSkip) {
   const out = [];
   for (const filename of entries.sort()) {
     if (!filename.endsWith(".pub")) continue;
-    const full = join6(dir, filename);
+    const full = join7(dir, filename);
     try {
       const st = statSync2(full);
       if (!st.isFile()) continue;
@@ -7106,7 +7171,7 @@ function detectExistingKeys(repoRoot, onSkip) {
     }
     let pem;
     try {
-      pem = readFileSync9(full, "utf8");
+      pem = readFileSync10(full, "utf8");
     } catch (err) {
       onSkip?.(filename, err instanceof Error ? err.message : String(err));
       continue;
@@ -7294,7 +7359,7 @@ function runMigrateToServerAttested(opts = {}) {
       console.error(`note: skipping .stamp/trusted-keys/${filename} \u2014 ${reason}`);
     })
   );
-  const manifestPath = join7(repoRoot, MANIFEST_RELATIVE_PATH);
+  const manifestPath = join8(repoRoot, MANIFEST_RELATIVE_PATH);
   const manifestExists = existsSync10(manifestPath);
   let adminFingerprints;
   if (manifestExists) {
@@ -7327,7 +7392,7 @@ function runMigrateToServerAttested(opts = {}) {
       `expected .stamp/config.yml at ${cfgPath} but found none. Run \`stamp init\` first.`
     );
   }
-  const cfgInput = readFileSync10(cfgPath, "utf8");
+  const cfgInput = readFileSync11(cfgPath, "utf8");
   const rewrite = rewriteConfigForMigration(cfgInput);
   if (dryRun) {
     printDryRun({
@@ -7351,10 +7416,10 @@ function runMigrateToServerAttested(opts = {}) {
     console.error(`warning: ${w}`);
   }
   let manifestAction;
-  if (manifestExists && readFileSync10(manifestPath, "utf8") === manifestText) {
+  if (manifestExists && readFileSync11(manifestPath, "utf8") === manifestText) {
     manifestAction = "unchanged";
   } else {
-    ensureDir(dirname5(manifestPath));
+    ensureDir(dirname6(manifestPath));
     writeFileSync8(manifestPath, manifestText);
     manifestAction = "wrote";
   }
@@ -7420,7 +7485,7 @@ function readExistingAdminFingerprints(manifestPath) {
   const out = /* @__PURE__ */ new Set();
   let text;
   try {
-    text = readFileSync10(manifestPath, "utf8");
+    text = readFileSync11(manifestPath, "utf8");
   } catch {
     return out;
   }
@@ -7495,9 +7560,9 @@ function indent(text, prefix) {
 import { spawnSync as spawnSync6 } from "child_process";
 import { request as httpRequest } from "http";
 import { request as httpsRequest } from "https";
-import { existsSync as existsSync11, readFileSync as readFileSync11 } from "fs";
+import { existsSync as existsSync11, readFileSync as readFileSync12 } from "fs";
 import { homedir as homedir2, hostname, userInfo } from "os";
-import { join as join8 } from "path";
+import { join as join9 } from "path";
 import { createInterface as createInterface2 } from "readline/promises";
 
 // src/lib/inviteUrl.ts
@@ -7664,10 +7729,10 @@ function runInvitesMint(opts) {
   }
 }
 function defaultSshPubkeyPath() {
-  return join8(homedir2(), ".ssh", "id_ed25519.pub");
+  return join9(homedir2(), ".ssh", "id_ed25519.pub");
 }
 function defaultStampPubkeyPath() {
-  return join8(homedir2(), ".stamp", "keys", "ed25519.pub");
+  return join9(homedir2(), ".stamp", "keys", "ed25519.pub");
 }
 function defaultShortName() {
   const u = userInfo().username || "user";
@@ -7680,13 +7745,13 @@ function loadSshPubkey(path2) {
       `SSH pubkey not found at ${path2}. Generate one with \`ssh-keygen -t ed25519\` or pass --ssh-pubkey <path>.`
     );
   }
-  const raw = readFileSync11(path2, "utf8");
+  const raw = readFileSync12(path2, "utf8");
   const parsed = parseSshPubkey(raw);
   return { path: path2, full: parsed.full, fingerprint: parsed.fingerprint };
 }
 function loadStampPubkey(path2) {
   if (!existsSync11(path2)) return null;
-  const pem = readFileSync11(path2, "utf8");
+  const pem = readFileSync12(path2, "utf8");
   try {
     const fp = fingerprintFromPem(pem);
     return { path: path2, pem, fingerprint: fp };
@@ -7831,15 +7896,15 @@ async function runInvitesAccept(opts) {
 
 // src/commands/provision.ts
 import { spawnSync as spawnSync8 } from "child_process";
-import { existsSync as existsSync13, mkdtempSync, readFileSync as readFileSync12, rmSync, writeFileSync as writeFileSync10 } from "fs";
+import { existsSync as existsSync13, mkdtempSync, readFileSync as readFileSync13, rmSync, writeFileSync as writeFileSync10 } from "fs";
 import { tmpdir } from "os";
-import { join as join9, resolve as resolvePath } from "path";
+import { join as join10, resolve as resolvePath } from "path";
 import { parse as parseYaml8 } from "yaml";
 
 // src/commands/server.ts
 import { spawnSync as spawnSync7 } from "child_process";
 import { existsSync as existsSync12, mkdirSync as mkdirSync4, renameSync as renameSync3, unlinkSync as unlinkSync2, writeFileSync as writeFileSync9 } from "fs";
-import { dirname as dirname6 } from "path";
+import { dirname as dirname7 } from "path";
 import { stringify as stringifyYaml2 } from "yaml";
 
 // src/lib/perRepoKey.ts
@@ -7998,7 +8063,7 @@ function writeConfig(opts) {
     repoRootPrefix: opts.repoRootPrefix
   });
   const path2 = userServerConfigPath();
-  const dir = dirname6(path2);
+  const dir = dirname7(path2);
   if (!existsSync12(dir)) mkdirSync4(dir, { recursive: true, mode: 448 });
   const tmp = `${path2}.tmp.${process.pid}`;
   writeFileSync9(tmp, yaml, { mode: 384 });
@@ -8311,9 +8376,9 @@ async function runMigrateExisting(opts, server2) {
     console.log("\n(dry run \u2014 no changes made)");
     return;
   }
-  const stagingDir = mkdtempSync(join9(tmpdir(), "stamp-migrate-"));
-  const bareCloneDir = join9(stagingDir, `${opts.name}.git`);
-  const tarballPath = join9(stagingDir, `${opts.name}.tar.gz`);
+  const stagingDir = mkdtempSync(join10(tmpdir(), "stamp-migrate-"));
+  const bareCloneDir = join10(stagingDir, `${opts.name}.git`);
+  const tarballPath = join10(stagingDir, `${opts.name}.tar.gz`);
   try {
     console.log(`
 Building bare-clone tarball of existing repo`);
@@ -8349,9 +8414,9 @@ function ensureCwdIsGitRepo(cwd) {
   }
 }
 function ensureStampInitDone(cwd) {
-  if (!existsSync13(join9(cwd, ".stamp", "config.yml"))) {
+  if (!existsSync13(join10(cwd, ".stamp", "config.yml"))) {
     throw new Error(
-      `--migrate-existing expects this repo to already be stamp-init'd (${join9(cwd, ".stamp/config.yml")} not found). Run \`stamp init --mode local-only\` first, calibrate your reviewers, then re-run with --migrate-existing.`
+      `--migrate-existing expects this repo to already be stamp-init'd (${join10(cwd, ".stamp/config.yml")} not found). Run \`stamp init --mode local-only\` first, calibrate your reviewers, then re-run with --migrate-existing.`
     );
   }
 }
@@ -8476,7 +8541,7 @@ mirror.yml was added to .stamp/. Commit it through the normal stamp flow:`);
   }
 }
 function readMirrorYmlGithubRepo(repoRoot) {
-  const path2 = join9(repoRoot, ".stamp", "mirror.yml");
+  const path2 = join10(repoRoot, ".stamp", "mirror.yml");
   if (!existsSync13(path2)) {
     throw new Error(
       `${path2} not found \u2014 --migrate-bypass operates on an already-server-gated repo, but this cwd has no .stamp/mirror.yml. If the repo is not yet server-gated, provision it first with \`stamp provision --migrate-existing\`.`
@@ -8484,7 +8549,7 @@ function readMirrorYmlGithubRepo(repoRoot) {
   }
   let raw;
   try {
-    raw = readFileSync12(path2, "utf8");
+    raw = readFileSync13(path2, "utf8");
   } catch (err) {
     throw new Error(
       `could not read ${path2}: ${err instanceof Error ? err.message : String(err)}`
@@ -8724,10 +8789,10 @@ import {
 import {
   existsSync as existsSync14,
   readdirSync as readdirSync3,
-  readFileSync as readFileSync13,
+  readFileSync as readFileSync14,
   writeFileSync as writeFileSync11
 } from "fs";
-import { join as join10, resolve } from "path";
+import { join as join11, resolve } from "path";
 var USERS_EXIT = {
   OK: 0,
   CONFIG: 1,
@@ -8786,10 +8851,10 @@ function findExistingTrustedKey(repoRoot, fingerprint) {
   if (!existsSync14(dir)) return null;
   for (const f of readdirSync3(dir)) {
     if (!f.endsWith(".pub")) continue;
-    const fullPath = join10(dir, f);
+    const fullPath = join11(dir, f);
     let pem;
     try {
-      pem = readFileSync13(fullPath, "utf8");
+      pem = readFileSync14(fullPath, "utf8");
     } catch {
       continue;
     }
@@ -8841,7 +8906,7 @@ function runTrustGrant(opts) {
     );
   }
   const repoRoot = resolve(opts.repoPath ?? process.cwd());
-  if (!existsSync14(join10(repoRoot, ".git"))) {
+  if (!existsSync14(join11(repoRoot, ".git"))) {
     throw new UsageError(`${repoRoot} is not a git repository`);
   }
   if (!existsSync14(stampConfigDir(repoRoot))) {
@@ -8883,7 +8948,7 @@ function runTrustGrant(opts) {
   runGit2(["checkout", "-b", branch], repoRoot);
   const keysDir = stampTrustedKeysDir(repoRoot);
   ensureDir(keysDir, 493);
-  const keyFile = join10(keysDir, `${opts.shortName}.pub`);
+  const keyFile = join11(keysDir, `${opts.shortName}.pub`);
   writeFileSync11(keyFile, pem, { mode: 420 });
   runGit2(["add", keyFile], repoRoot);
   runGit2(
@@ -9081,8 +9146,8 @@ function runUsersRemove(opts) {
 }
 
 // src/commands/keys.ts
-import { existsSync as existsSync15, readdirSync as readdirSync4, readFileSync as readFileSync14, writeFileSync as writeFileSync12 } from "fs";
-import { basename, join as join11 } from "path";
+import { existsSync as existsSync15, readdirSync as readdirSync4, readFileSync as readFileSync15, writeFileSync as writeFileSync12 } from "fs";
+import { basename, join as join12 } from "path";
 function keysGenerate() {
   const existing = loadUserKeypair();
   if (existing) {
@@ -9126,7 +9191,7 @@ function keysList() {
     }
     for (const file of pubFiles.sort()) {
       try {
-        const pem = readFileSync14(join11(trustedDir, file), "utf8");
+        const pem = readFileSync15(join12(trustedDir, file), "utf8");
         const fp = fingerprintFromPem(pem);
         const marker = local && fp === local.fingerprint ? " (you)" : "";
         console.log(`  ${fp}${marker}  [${file}]`);
@@ -9153,7 +9218,7 @@ function keysTrust(pubFile) {
   if (!existsSync15(pubFile)) {
     throw new Error(`public key file not found: ${pubFile}`);
   }
-  const pem = readFileSync14(pubFile, "utf8");
+  const pem = readFileSync15(pubFile, "utf8");
   let fingerprint;
   try {
     fingerprint = fingerprintFromPem(pem);
@@ -9163,7 +9228,7 @@ function keysTrust(pubFile) {
     );
   }
   const filename = publicKeyFingerprintFilename(fingerprint);
-  const dest = join11(trustedDir, filename);
+  const dest = join12(trustedDir, filename);
   if (existsSync15(dest)) {
     console.log(`${fingerprint} is already trusted (${basename(dest)})`);
     return;
@@ -9623,14 +9688,14 @@ function gitDiffBetween(repoRoot, base, head) {
 
 // src/commands/adminRotate.ts
 import { execFileSync as execFileSync6 } from "child_process";
-import { copyFileSync, existsSync as existsSync16, readFileSync as readFileSync15, writeFileSync as writeFileSync13 } from "fs";
-import { join as join12, relative as relative2 } from "path";
+import { copyFileSync, existsSync as existsSync16, readFileSync as readFileSync16, writeFileSync as writeFileSync13 } from "fs";
+import { join as join13, relative as relative2 } from "path";
 var NAME_PATTERN2 = /^[A-Za-z0-9_.-]+$/;
 var FINGERPRINT_PATTERN2 = /^sha256:[0-9a-f]{64}$/;
 var KNOWN_CAPABILITIES2 = ["admin", "operator", "server"];
 function runAdminAddKey(opts) {
   const repoRoot = findRepoRoot();
-  const manifestPath = join12(repoRoot, MANIFEST_RELATIVE_PATH);
+  const manifestPath = join13(repoRoot, MANIFEST_RELATIVE_PATH);
   const trustedDir = stampTrustedKeysDir(repoRoot);
   if (!NAME_PATTERN2.test(opts.name)) {
     throw new Error(
@@ -9641,7 +9706,7 @@ function runAdminAddKey(opts) {
   if (!existsSync16(opts.pubkeyPath)) {
     throw new Error(`pubkey file not found: ${opts.pubkeyPath}`);
   }
-  const pem = readFileSync15(opts.pubkeyPath, "utf8");
+  const pem = readFileSync16(opts.pubkeyPath, "utf8");
   if (!pem.includes("-----BEGIN PUBLIC KEY-----")) {
     throw new Error(
       `${opts.pubkeyPath} does not look like a public key PEM (no "-----BEGIN PUBLIC KEY-----" header). Refusing to import \u2014 did you accidentally pass the private key path? Public keys live at ~/.stamp/keys/ed25519.pub (note the .pub suffix).`
@@ -9660,7 +9725,7 @@ function runAdminAddKey(opts) {
       `no manifest at ${MANIFEST_RELATIVE_PATH}. Run \`stamp init --migrate-to-server-attested\` to bootstrap one, then re-run \`stamp admin add-key\`.`
     );
   }
-  const existing = parseManifest(readFileSync15(manifestPath, "utf8"));
+  const existing = parseManifest(readFileSync16(manifestPath, "utf8"));
   if (!existing) {
     throw new Error(
       `${MANIFEST_RELATIVE_PATH} failed to parse. Fix the file (see \`stamp admin list-keys\` for the current state) before adding a new key.`
@@ -9695,7 +9760,7 @@ function runAdminAddKey(opts) {
   }
   writeFileSync13(manifestPath, yamlText);
   const pubDestFilename = publicKeyFingerprintFilename(fingerprint);
-  const pubDestPath = join12(trustedDir, pubDestFilename);
+  const pubDestPath = join13(trustedDir, pubDestFilename);
   if (!existsSync16(pubDestPath)) {
     copyFileSync(opts.pubkeyPath, pubDestPath);
   }
@@ -9720,7 +9785,7 @@ function runAdminAddKey(opts) {
 }
 function runAdminRevoke(opts) {
   const repoRoot = findRepoRoot();
-  const manifestPath = join12(repoRoot, MANIFEST_RELATIVE_PATH);
+  const manifestPath = join13(repoRoot, MANIFEST_RELATIVE_PATH);
   if (!FINGERPRINT_PATTERN2.test(opts.fingerprint)) {
     throw new Error(
       `fingerprint ${JSON.stringify(opts.fingerprint)} is not in the expected sha256:<64-hex> form. Run \`stamp admin list-keys\` to copy a fingerprint exactly.`
@@ -9731,7 +9796,7 @@ function runAdminRevoke(opts) {
       `no manifest at ${MANIFEST_RELATIVE_PATH} \u2014 nothing to revoke.`
     );
   }
-  const existing = parseManifest(readFileSync15(manifestPath, "utf8"));
+  const existing = parseManifest(readFileSync16(manifestPath, "utf8"));
   if (!existing) {
     throw new Error(
       `${MANIFEST_RELATIVE_PATH} failed to parse. Fix the file before revoking.`
@@ -9792,7 +9857,7 @@ function runAdminRevoke(opts) {
 }
 function runAdminListKeys(opts = {}) {
   const repoRoot = findRepoRoot();
-  const manifestPath = join12(repoRoot, MANIFEST_RELATIVE_PATH);
+  const manifestPath = join13(repoRoot, MANIFEST_RELATIVE_PATH);
   if (!existsSync16(manifestPath)) {
     if (opts.json) {
       process.stdout.write(JSON.stringify({ entries: [] }, null, 2) + "\n");
@@ -9804,7 +9869,7 @@ function runAdminListKeys(opts = {}) {
     );
     return;
   }
-  const manifest = parseManifest(readFileSync15(manifestPath, "utf8"));
+  const manifest = parseManifest(readFileSync16(manifestPath, "utf8"));
   if (!manifest) {
     throw new Error(
       `${MANIFEST_RELATIVE_PATH} failed to parse. Fix the file by hand (see \`git show HEAD:${MANIFEST_RELATIVE_PATH}\` for the last good version) before continuing.`
@@ -10123,6 +10188,7 @@ function patchIdForSpan(base_sha, head_sha, repoRoot) {
 
 // src/lib/prAttestation.ts
 import { spawnSync as spawnSync13 } from "child_process";
+var PR_ATTESTATION_SCHEMA_VERSION = 3;
 var LEGACY_CLIENT_PR_ATTESTATION_SCHEMA_VERSION = 2;
 var MIN_ACCEPTED_PR_ATTESTATION_VERSION = 3;
 var MAX_PR_ATTESTATION_BYTES = 64 * 1024;
@@ -10236,22 +10302,256 @@ function runAttest(opts) {
   const branchRef = opts.branch ?? "HEAD";
   const revspec = `${opts.into}..${branchRef}`;
   const resolved = resolveDiff(revspec, repoRoot);
-  const db = openDb(stampStateDbPath(repoRoot));
+  const patch_id = patchIdForSpan(resolved.base_sha, resolved.head_sha, repoRoot);
+  const target_branch_tip_sha = runGit(
+    ["rev-parse", `${opts.into}^{commit}`],
+    repoRoot
+  ).trim();
+  const { keypair } = ensureUserKeypair();
+  const result = rule.review_server ? buildV3Envelope({
+    repoRoot,
+    revspec,
+    baseSha: resolved.base_sha,
+    headSha: resolved.head_sha,
+    diff: resolved.diff,
+    targetBranch: opts.into,
+    targetBranchTipSha: target_branch_tip_sha,
+    patchId: patch_id,
+    requiredReviewers: rule.required,
+    operatorPrivateKeyPem: keypair.privateKeyPem,
+    operatorFingerprint: keypair.fingerprint
+  }) : buildV2Envelope({
+    repoRoot,
+    revspec,
+    baseSha: resolved.base_sha,
+    headSha: resolved.head_sha,
+    targetBranch: opts.into,
+    targetBranchTipSha: target_branch_tip_sha,
+    patchId: patch_id,
+    requiredReviewers: rule.required,
+    operatorPrivateKeyPem: keypair.privateKeyPem,
+    operatorFingerprint: keypair.fingerprint
+  });
+  const { ref, blob_sha } = writeAttestationRef(
+    { payload: result.payload, signature: result.signature },
+    repoRoot
+  );
+  const bar = "\u2500".repeat(72);
+  console.log(bar);
+  console.log(`attested ${branchRef} for merge into '${opts.into}'`);
+  console.log(bar);
+  console.log(`  patch-id:   ${patch_id}`);
+  console.log(
+    `  base\u2192head:  ${resolved.base_sha.slice(0, 8)} \u2192 ${resolved.head_sha.slice(0, 8)}`
+  );
+  console.log(`  signed by:  ${keypair.fingerprint}`);
+  console.log(`  approvals:  ${result.reviewerNames.join(", ")}`);
+  console.log(
+    `  schema:     v${result.payload.schema_version}${result.payload.schema_version === PR_ATTESTATION_SCHEMA_VERSION ? " (server-attested)" : " (legacy)"}`
+  );
+  console.log(`  ref:        ${ref}`);
+  console.log(`  blob:       ${blob_sha.slice(0, 12)}`);
+  console.log(bar);
+  if (opts.pushTo) {
+    pushBranchAndAttestation(opts.pushTo, ref, repoRoot);
+    console.log(
+      `
+\u2713 pushed branch + attestation ref to ${opts.pushTo}. Open the PR; stamp/verify-attestation@v1 will look up refs/stamp/attestations/<patch-id> from your head SHA's diff against the base.`
+    );
+  } else {
+    console.log(
+      `
+Next: push the branch + attestation ref to your remote, open a PR, and let stamp/verify-attestation@v1 (the GH Action) confirm it. To do both pushes in one shot:
+
+    git push <remote> HEAD ${ref}
+
+Or re-run with --push <remote> next time.`
+    );
+  }
+}
+function buildV3Envelope(input) {
+  const diffBytes = Buffer.from(input.diff, "utf8");
+  const diffSha256 = createHash12("sha256").update(diffBytes).digest("hex");
+  let manifestYaml;
+  try {
+    manifestYaml = showAtRef(
+      input.baseSha,
+      ".stamp/trusted-keys/manifest.yml",
+      input.repoRoot
+    );
+  } catch (err) {
+    throw new Error(
+      `review_server is configured but .stamp/trusted-keys/manifest.yml is missing at base ${input.baseSha.slice(0, 8)}: ${err instanceof Error ? err.message : String(err)}. Server-attested PR mode requires the manifest in the merge-base tree so each approval's server signature can be checked against the keys the repo trusted at attestation time. Commit a manifest with capabilities: [server] entries for the review server before attesting.`
+    );
+  }
+  const manifest = parseManifest(manifestYaml);
+  if (!manifest) {
+    throw new Error(
+      `.stamp/trusted-keys/manifest.yml at base ${input.baseSha.slice(0, 8)} failed to parse as a valid trusted-keys manifest. Fix the YAML (syntax error, duplicate fingerprint, unknown capability, etc.) and re-run \`stamp attest\`.`
+    );
+  }
+  const pubFilenames = listFilesAtRef(
+    input.baseSha,
+    ".stamp/trusted-keys",
+    input.repoRoot
+  );
+  const pubkeyByFingerprint = buildPubkeyMap(
+    pubFilenames,
+    (relPath) => showAtRef(input.baseSha, relPath, input.repoRoot)
+  );
+  const db = openDb(stampStateDbPath(input.repoRoot));
+  let entries;
+  try {
+    const rows = serverApprovalsFor(db, input.baseSha, input.headSha);
+    const byReviewer = new Map(rows.map((r) => [r.reviewer, r]));
+    entries = input.requiredReviewers.map((reviewerName) => {
+      const row = byReviewer.get(reviewerName);
+      if (!row) {
+        throw new Error(
+          `missing server signature for reviewer "${reviewerName}" at base\u2192head ${input.baseSha.slice(0, 8)}\u2192${input.headSha.slice(0, 8)}. Server-attested PR mode requires every required reviewer to have a stamp-server-signed approval in the local DB. Possible causes:
+  \u2022 the stamp-server is older than 2.0.1 and doesn't produce PR-attestation v3 payloads (upgrade the server)
+  \u2022 \`stamp review --diff ${input.revspec}\` hasn't been run against this exact (base, head) pair yet
+  \u2022 the review was run in local-mode (no \`review_server\` configured at review time)
+Run \`stamp review --diff ${input.revspec}\` to populate the signed row, then re-run \`stamp attest\`.`
+        );
+      }
+      let parsedJson;
+      try {
+        parsedJson = JSON.parse(row.approval_json);
+      } catch (err) {
+        throw new Error(
+          `server approval row for reviewer "${reviewerName}" has malformed JSON in server_approval_json \u2014 DB corruption or a writer-side bug. Re-run \`stamp review --diff ${input.revspec}\` to write a fresh row. (parse error: ${err instanceof Error ? err.message : String(err)})`
+        );
+      }
+      if (!parsedJson || typeof parsedJson !== "object" || Array.isArray(parsedJson)) {
+        throw new Error(
+          `server approval row for reviewer "${reviewerName}" parsed to a non-object value \u2014 DB corruption or a writer-side bug. Re-run \`stamp review --diff ${input.revspec}\` to write a fresh row.`
+        );
+      }
+      const obj = parsedJson;
+      for (const field of [
+        "reviewer",
+        "verdict",
+        "prompt_sha256",
+        "diff_sha256",
+        "base_sha",
+        "head_sha",
+        "trusted_keys_snapshot_sha256",
+        "issued_at",
+        "server_key_id"
+      ]) {
+        if (typeof obj[field] !== "string") {
+          throw new Error(
+            `server approval row for reviewer "${reviewerName}" is missing required field "${field}" (or it isn't a string) \u2014 DB corruption or a writer-side bug. Re-run \`stamp review --diff ${input.revspec}\` to write a fresh row.`
+          );
+        }
+      }
+      const approval = parsedJson;
+      if (approval.reviewer !== reviewerName) {
+        throw new Error(
+          `server approval row for reviewer "${reviewerName}" carries approval.reviewer="${approval.reviewer}" \u2014 DB row drifted. Re-run \`stamp review --diff ${input.revspec}\`.`
+        );
+      }
+      if (approval.base_sha !== input.baseSha) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed against base_sha ${approval.base_sha.slice(0, 8)} but we're attesting from ${input.baseSha.slice(0, 8)} \u2014 stale signature. Re-run \`stamp review --diff ${input.revspec}\` to refresh.`
+        );
+      }
+      if (approval.head_sha !== input.headSha) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed against head_sha ${approval.head_sha.slice(0, 8)} but we're attesting head ${input.headSha.slice(0, 8)} \u2014 stale signature. Re-run \`stamp review --diff ${input.revspec}\` to refresh.`
+        );
+      }
+      if (approval.diff_sha256 !== diffSha256) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed against diff_sha256 ${approval.diff_sha256.slice(0, 12)}\u2026 but the current diff hashes to ${diffSha256.slice(0, 12)}\u2026 \u2014 stale signature. The diff content drifted between review and attest (rebased base, modified head). Re-run \`stamp review --diff ${input.revspec}\`.`
+        );
+      }
+      if (approval.verdict !== "approved") {
+        throw new Error(
+          `server approval for "${reviewerName}" carries verdict "${approval.verdict}", not "approved". Re-run \`stamp review --diff ${input.revspec}\` so the server signs the current approved verdict.`
+        );
+      }
+      const caps = resolveCapability(manifest, approval.server_key_id);
+      if (caps === null) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed by ${approval.server_key_id}, but that key isn't listed in .stamp/trusted-keys/manifest.yml at base ${input.baseSha.slice(0, 8)}. Either the server's signing key changed (commit the new fingerprint to the manifest with capabilities: [server]) or this row was written by a server the repo no longer trusts. Re-run \`stamp review --diff ${input.revspec}\` after fixing the manifest.`
+        );
+      }
+      if (!caps.includes("server")) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed by ${approval.server_key_id}, but that key's capabilities in .stamp/trusted-keys/manifest.yml at base ${input.baseSha.slice(0, 8)} are [${caps.join(", ")}] \u2014 missing the required 'server' capability. Update the manifest entry and re-attest.`
+        );
+      }
+      const serverPubPem = pubkeyByFingerprint.get(approval.server_key_id);
+      if (!serverPubPem) {
+        throw new Error(
+          `server approval for "${reviewerName}" was signed by ${approval.server_key_id}, but no .pub file in .stamp/trusted-keys/ at base ${input.baseSha.slice(0, 8)} matches that fingerprint. Commit the server's public key alongside its manifest entry and re-attest.`
+        );
+      }
+      const sigOk = verifyBytes(
+        serverPubPem,
+        canonicalSerializeApproval(approval),
+        row.signature_b64
+      );
+      if (!sigOk) {
+        throw new Error(
+          `server signature for "${reviewerName}" failed Ed25519 verification against key ${approval.server_key_id}. The DB row's signature does not match the canonical bytes of its approval body \u2014 either the row was tampered with or the writer was buggy. Re-run \`stamp review --diff ${input.revspec}\` to refresh the signed row.`
+        );
+      }
+      return {
+        approval,
+        server_attestation: {
+          server_key_id: approval.server_key_id,
+          signature: row.signature_b64
+        }
+      };
+    });
+  } finally {
+    db.close();
+  }
+  const trustAnchorSignatures = [];
+  const payload = {
+    schema_version: PR_ATTESTATION_SCHEMA_VERSION,
+    patch_id: input.patchId,
+    base_sha: input.baseSha,
+    head_sha: input.headSha,
+    target_branch: input.targetBranch,
+    target_branch_tip_sha: input.targetBranchTipSha,
+    diff_sha256: diffSha256,
+    approvals: entries,
+    checks: [],
+    // Phase-1 deliberate omission — see file-level comment.
+    trust_anchor_signatures: trustAnchorSignatures,
+    signer_key_id: input.operatorFingerprint
+  };
+  const signature = signBytes(
+    input.operatorPrivateKeyPem,
+    serializePayload2(payload)
+  );
+  return {
+    payload,
+    signature,
+    reviewerNames: input.requiredReviewers
+  };
+}
+function buildV2Envelope(input) {
+  const db = openDb(stampStateDbPath(input.repoRoot));
   let approvals;
   try {
-    const reviews = latestReviews(db, resolved.base_sha, resolved.head_sha);
+    const reviews = latestReviews(db, input.baseSha, input.headSha);
     const byReviewer = new Map(reviews.map((r) => [r.reviewer, r]));
     const missing = [];
-    for (const r of rule.required) {
+    for (const r of input.requiredReviewers) {
       const rev = byReviewer.get(r);
       if (!rev || rev.verdict !== "approved") missing.push(r);
     }
     if (missing.length > 0) {
       throw new Error(
-        `gate CLOSED: missing approved verdicts for: ${missing.join(", ")}. Run \`stamp status --diff ${revspec}\` to inspect, then \`stamp review --diff ${revspec}\` to review.`
+        `gate CLOSED: missing approved verdicts for: ${missing.join(", ")}. Run \`stamp status --diff ${input.revspec}\` to inspect, then \`stamp review --diff ${input.revspec}\` to review.`
       );
     }
-    approvals = rule.required.map((name) => {
+    approvals = input.requiredReviewers.map((name) => {
       const rev = byReviewer.get(name);
       const toolCalls = redactToolCallsForAttestation(
         parseToolCalls(rev.tool_calls)
@@ -10267,20 +10567,20 @@ function runAttest(opts) {
     db.close();
   }
   const baseConfigYaml = showAtRef(
-    resolved.base_sha,
+    input.baseSha,
     ".stamp/config.yml",
-    repoRoot
+    input.repoRoot
   );
   const baseReviewers = readReviewersFromYaml(baseConfigYaml);
   approvals = approvals.map((a) => {
     const def = baseReviewers[a.reviewer];
     if (!def) {
       throw new Error(
-        `reviewer "${a.reviewer}" approved the diff but is not defined in .stamp/config.yml at base ${resolved.base_sha.slice(0, 8)}. This shouldn't happen \u2014 runReview reads from the same base. File a bug at https://github.com/OpenThinkAi/stamp-cli/issues.`
+        `reviewer "${a.reviewer}" approved the diff but is not defined in .stamp/config.yml at base ${input.baseSha.slice(0, 8)}. This shouldn't happen \u2014 runReview reads from the same base. File a bug at https://github.com/OpenThinkAi/stamp-cli/issues.`
       );
     }
-    const promptText = showAtRef(resolved.base_sha, def.prompt, repoRoot);
-    const source = readReviewerSource2(a.reviewer, repoRoot);
+    const promptText = showAtRef(input.baseSha, def.prompt, input.repoRoot);
+    const source = readReviewerSource2(a.reviewer, input.repoRoot);
     return {
       ...a,
       prompt_sha256: hashPromptBytes(Buffer.from(promptText, "utf8")),
@@ -10289,58 +10589,27 @@ function runAttest(opts) {
       ...source ? { reviewer_source: source } : {}
     };
   });
-  const patch_id = patchIdForSpan(resolved.base_sha, resolved.head_sha, repoRoot);
-  const target_branch_tip_sha = runGit(
-    ["rev-parse", `${opts.into}^{commit}`],
-    repoRoot
-  ).trim();
-  const { keypair } = ensureUserKeypair();
   const payload = {
     schema_version: LEGACY_CLIENT_PR_ATTESTATION_SCHEMA_VERSION,
-    patch_id,
-    base_sha: resolved.base_sha,
-    head_sha: resolved.head_sha,
-    target_branch: opts.into,
-    target_branch_tip_sha,
+    patch_id: input.patchId,
+    base_sha: input.baseSha,
+    head_sha: input.headSha,
+    target_branch: input.targetBranch,
+    target_branch_tip_sha: input.targetBranchTipSha,
     approvals,
     checks: [],
     // Phase-1 deliberate omission — see file-level comment.
-    signer_key_id: keypair.fingerprint
+    signer_key_id: input.operatorFingerprint
   };
-  const signature = signBytes(keypair.privateKeyPem, serializePayload2(payload));
-  const { ref, blob_sha } = writeAttestationRef(
-    { payload, signature },
-    repoRoot
+  const signature = signBytes(
+    input.operatorPrivateKeyPem,
+    serializePayload2(payload)
   );
-  const bar = "\u2500".repeat(72);
-  console.log(bar);
-  console.log(`attested ${branchRef} for merge into '${opts.into}'`);
-  console.log(bar);
-  console.log(`  patch-id:   ${patch_id}`);
-  console.log(
-    `  base\u2192head:  ${resolved.base_sha.slice(0, 8)} \u2192 ${resolved.head_sha.slice(0, 8)}`
-  );
-  console.log(`  signed by:  ${keypair.fingerprint}`);
-  console.log(`  approvals:  ${approvals.map((a) => a.reviewer).join(", ")}`);
-  console.log(`  ref:        ${ref}`);
-  console.log(`  blob:       ${blob_sha.slice(0, 12)}`);
-  console.log(bar);
-  if (opts.pushTo) {
-    pushBranchAndAttestation(opts.pushTo, ref, repoRoot);
-    console.log(
-      `
-\u2713 pushed branch + attestation ref to ${opts.pushTo}. Open the PR; stamp/verify-attestation@v1 will look up refs/stamp/attestations/<patch-id> from your head SHA's diff against the base.`
-    );
-  } else {
-    console.log(
-      `
-Next: push the branch + attestation ref to your remote, open a PR, and let stamp/verify-attestation@v1 (the GH Action) confirm it. To do both pushes in one shot:
-
-    git push <remote> HEAD ${ref}
-
-Or re-run with --push <remote> next time.`
-    );
-  }
+  return {
+    payload,
+    signature,
+    reviewerNames: approvals.map((a) => a.reviewer)
+  };
 }
 function pushBranchAndAttestation(remote, attestationRef, repoRoot) {
   const result = spawnSync14(
@@ -10375,7 +10644,7 @@ function readReviewerSource2(reviewerName, repoRoot) {
 
 // src/commands/prune.ts
 import { existsSync as existsSync18, readdirSync as readdirSync5, statSync as statSync3, unlinkSync as unlinkSync3 } from "fs";
-import { join as join13 } from "path";
+import { join as join14 } from "path";
 
 // src/lib/duration.ts
 function parseRetentionDuration(input) {
@@ -10404,8 +10673,8 @@ function runPrune(opts) {
   );
   const repoRoot = findRepoRoot();
   const dbPath = stampStateDbPath(repoRoot);
-  const parsesDir = join13(gitCommonDir(repoRoot), "stamp", "failed-parses");
-  const runsDir = join13(gitCommonDir(repoRoot), "stamp", "failed-runs");
+  const parsesDir = join14(gitCommonDir(repoRoot), "stamp", "failed-parses");
+  const runsDir = join14(gitCommonDir(repoRoot), "stamp", "failed-runs");
   const spoolCutoffMs = Date.now() - durationMs;
   if (!existsSync18(dbPath) && !existsSync18(parsesDir) && !existsSync18(runsDir)) {
     console.log(
@@ -10486,7 +10755,7 @@ function peekSpools(spoolDir, cutoffMs) {
   if (!existsSync18(spoolDir)) return [];
   const out = [];
   for (const entry of readdirSync5(spoolDir)) {
-    const filepath = join13(spoolDir, entry);
+    const filepath = join14(spoolDir, entry);
     let stat;
     try {
       stat = statSync3(filepath);
@@ -10641,27 +10910,27 @@ function loadOrEmpty() {
 import { spawnSync as spawnSync15 } from "child_process";
 import {
   existsSync as existsSync21,
-  readFileSync as readFileSync17,
+  readFileSync as readFileSync18,
   statSync as statSync4,
   unlinkSync as unlinkSync4,
   writeFileSync as writeFileSync15
 } from "fs";
-import { join as join15, relative as relative3, resolve as resolve2 } from "path";
+import { join as join16, relative as relative3, resolve as resolve2 } from "path";
 import { parse as parseYaml10, stringify as stringifyYaml3 } from "yaml";
 
 // src/lib/reviewerLock.ts
-import { existsSync as existsSync20, readFileSync as readFileSync16, writeFileSync as writeFileSync14 } from "fs";
-import { join as join14 } from "path";
+import { existsSync as existsSync20, readFileSync as readFileSync17, writeFileSync as writeFileSync14 } from "fs";
+import { join as join15 } from "path";
 var LOCK_FILE_VERSION = 1;
 var LOCK_DRIFT_EXIT = 3;
 function lockFilePath(repoRoot, reviewerName) {
-  return join14(repoRoot, ".stamp", "reviewers", `${reviewerName}.lock.json`);
+  return join15(repoRoot, ".stamp", "reviewers", `${reviewerName}.lock.json`);
 }
 function readLockFile(repoRoot, reviewerName) {
   const path2 = lockFilePath(repoRoot, reviewerName);
   if (!existsSync20(path2)) return null;
   try {
-    const raw = readFileSync16(path2, "utf8");
+    const raw = readFileSync17(path2, "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed.version !== "number" || typeof parsed.source !== "string" || typeof parsed.ref !== "string" || typeof parsed.reviewer !== "string" || typeof parsed.prompt_sha256 !== "string" || typeof parsed.tools_sha256 !== "string" || typeof parsed.mcp_sha256 !== "string") {
       throw new Error(`malformed lock file at ${path2}`);
@@ -10682,13 +10951,13 @@ function checkReviewerDrift(repoRoot, reviewerName, def) {
   if (!lock) {
     return unpinnedResult();
   }
-  const promptPath = join14(repoRoot, def.prompt);
+  const promptPath = join15(repoRoot, def.prompt);
   if (!existsSync20(promptPath)) {
     throw new Error(
       `reviewer "${reviewerName}" has a lock file but its prompt "${def.prompt}" does not exist on disk. Re-run 'stamp reviewers fetch ${reviewerName} --from ${lock.source}@${lock.ref}' to restore it, or delete the lock file to un-pin the reviewer.`
     );
   }
-  const promptBytes = readFileSync16(promptPath);
+  const promptBytes = readFileSync17(promptPath);
   const observedPrompt = hashPromptBytes(promptBytes);
   const observedTools = hashTools(def.tools);
   const observedMcp = hashMcpServers(def.mcp_servers);
@@ -10890,8 +11159,8 @@ async function reviewersTest(name, diff) {
   console.log(`  prompt sourced from working tree (test/iteration use case)`);
   console.log();
   const def = config2.reviewers[name];
-  const promptPath = join15(repoRoot, def.prompt);
-  const systemPrompt = readFileSync17(promptPath, "utf8");
+  const promptPath = join16(repoRoot, def.prompt);
+  const systemPrompt = readFileSync18(promptPath, "utf8");
   const result = await invokeReviewer({
     reviewer: name,
     config: config2,
@@ -11029,7 +11298,7 @@ async function reviewersFetch(reviewerName, opts) {
       mcpServers = validateMcpServersFromSource(parsed.mcp_servers, source, ref);
     }
   }
-  const promptPath = join15(reviewersDir, `${reviewerName}.md`);
+  const promptPath = join16(reviewersDir, `${reviewerName}.md`);
   const promptBytes = Buffer.from(promptText, "utf8");
   const promptSha = hashPromptBytes(promptBytes);
   const toolsSha = hashTools(tools);
@@ -11367,28 +11636,6 @@ function printGate(result, base_sha, head_sha) {
 
 // src/commands/update.ts
 import { spawnSync as spawnSync16 } from "child_process";
-
-// src/lib/version.ts
-import { readFileSync as readFileSync18 } from "fs";
-import { dirname as dirname7, join as join16 } from "path";
-import { fileURLToPath as fileURLToPath2 } from "url";
-function readPackageVersion() {
-  const here = dirname7(fileURLToPath2(import.meta.url));
-  for (let dir = here, i = 0; i < 6; i++) {
-    try {
-      const raw = readFileSync18(join16(dir, "package.json"), "utf8");
-      const pkg = JSON.parse(raw);
-      if (pkg.name === "@openthink/stamp" && pkg.version) return pkg.version;
-    } catch {
-    }
-    const parent = dirname7(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  throw new Error("could not locate @openthink/stamp package.json to read version");
-}
-
-// src/commands/update.ts
 var PKG_NAME = "@openthink/stamp";
 function compareSemver(a, b) {
   const parse2 = (v) => (v.split("-")[0] ?? "0.0.0").split(".").map((n) => parseInt(n, 10) || 0);
@@ -11990,6 +12237,9 @@ program.command("init").description(
 ).option(
   "--pr-mode-force",
   "with --pr-mode, overwrite an existing .github/workflows/stamp-mirror.yml (useful when re-running after configuring review_server so the host/port placeholders fill in)"
+).option(
+  "--action-source <org/repo>",
+  "GitHub repo that hosts the stamp/verify-attestation action used by .github/workflows/stamp-verify.yml. Default 'OpenThinkAi/stamp-cli'. Override when consuming a fork (e.g. 'Anglepoint-Inc/anglepoint-stamp-server') so the workflow tracks your fork's updates instead of the upstream."
 ).action(
   (opts) => {
     try {
@@ -11997,6 +12247,11 @@ program.command("init").description(
         runMigrateToServerAttested({ dryRun: opts.dryRun === true });
         return;
       }
+      if (opts.dryRun === true) {
+        throw new Error(
+          "--dry-run is supported only with --migrate-to-server-attested. Re-run with --migrate-to-server-attested to preview the migration scaffold, or drop --dry-run to run the requested init operation."
+        );
+      }
       let mode;
       if (opts.mode === void 0) {
         mode = void 0;
@@ -12007,6 +12262,13 @@ program.command("init").description(
           `--mode must be 'server-gated' or 'local-only' (got "${opts.mode}")`
         );
       }
+      if (opts.actionSource !== void 0) {
+        if (!/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/.test(opts.actionSource)) {
+          throw new Error(
+            `--action-source must be of the form 'org/repo' (got "${opts.actionSource}")`
+          );
+        }
+      }
       runInit({
         minimal: opts.minimal,
         agentsMd: opts.agentsMd,
@@ -12022,7 +12284,8 @@ program.command("init").description(
         // default fires when the operator hasn't opted out.
         prCheck: opts.prCheck === false ? false : void 0,
         prMode: opts.prMode === true,
-        prModeForce: opts.prModeForce === true
+        prModeForce: opts.prModeForce === true,
+        actionSource: opts.actionSource
       });
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);