@openthink/stamp 2.0.2 → 2.1.0

package/dist/{chunk-4PFD2DSY.js → chunk-MJULVH4B.js}

@@ -227,7 +227,7 @@ function isFile(path) {
 import { chmodSync, existsSync as existsSync2 } from "fs";
 import { DatabaseSync } from "node:sqlite";
 import { dirname as dirname2 } from "path";
-var REVIEW_ROW_SCHEMA_V4 = 4;
+var REVIEW_ROW_SCHEMA_V4 = 5;
 function openDb(path) {
   const dir = dirname2(path);
   ensureDir(dir, 448);
@@ -665,4 +665,4 @@ export {
   signBytes,
   verifyBytes
 };
-//# sourceMappingURL=chunk-4PFD2DSY.js.map
+//# sourceMappingURL=chunk-MJULVH4B.js.map

package/dist/{chunk-4PFD2DSY.js.map → chunk-MJULVH4B.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../src/lib/git.ts","../src/lib/paths.ts","../src/lib/db.ts","../src/lib/keys.ts","../src/lib/attestation.ts","../src/lib/signing.ts"],"sourcesContent":["import { execFileSync, spawnSync } from \"node:child_process\";\n\nexport interface ResolvedDiff {\n  /** Original revspec as passed by the user, e.g. \"main..HEAD\" */\n  revspec: string;\n  /** Commit SHA of the merge base (the \"base\" of the diff) */\n  base_sha: string;\n  /** Commit SHA of the head being reviewed */\n  head_sha: string;\n  /** Unified diff text covering the change from base to head */\n  diff: string;\n}\n\nexport interface CommitSummary {\n  sha: string;\n  title: string;\n  author: string;\n  date: string;\n  /** Full commit message body */\n  body: string;\n  /** Parent SHAs (typically 1 for normal commits, 2 for merges) */\n  parents: string[];\n}\n\nexport function currentBranch(cwd: string): string {\n  return git([\"rev-parse\", \"--abbrev-ref\", \"HEAD\"], cwd).trim();\n}\n\n/**\n * First-parent commit history on a branch — follows only the branch's linear\n * history, skipping commits that came in via merged feature branches. This\n * matches what the pre-receive hook verifies on push.\n */\nexport function firstParentCommits(\n  branch: string,\n  limit: number,\n  cwd: string,\n): CommitSummary[] {\n  const sep = \"----stamp-record-end----\";\n  const fmt = `%H%n%P%n%an <%ae>%n%ai%n%s%n%n%b${sep}`;\n  const out = git(\n    [\"log\", \"--first-parent\", `-${limit}`, `--format=${fmt}`, branch],\n    cwd,\n  );\n  const records = out.split(sep).map((r) => r.trim()).filter(Boolean);\n  const commits: CommitSummary[] = [];\n  for (const rec of records) {\n    const lines = rec.split(\"\\n\");\n    if (lines.length < 5) continue;\n    const [sha, parents, author, date, title, ...rest] = lines as [\n      string,\n      string,\n      string,\n      string,\n      string,\n      ...string[],\n    ];\n    const body = rest.join(\"\\n\").replace(/^\\n+/, \"\").trimEnd();\n    commits.push({\n      sha,\n      parents: parents.split(/\\s+/).filter(Boolean),\n      author,\n      date,\n      title,\n      body,\n    });\n  }\n  return commits;\n}\n\nexport function commitMessage(sha: string, cwd: string): string {\n  return git([\"show\", \"-s\", \"--format=%B\", sha], cwd);\n}\n\n/**\n * Read a file's contents from a specific git tree (commit / tag / branch /\n * tree-ish). Wraps `git show <ref>:<path>`. Throws via runGit's stderr-\n * capturing path if the file doesn't exist at that ref.\n *\n * Used by `stamp review` and `stamp merge` to source reviewer config +\n * prompts from the merge-base tree (rather than the working tree), which is\n * the security boundary that prevents a feature branch from reviewing\n * itself with a reviewer prompt it just modified.\n */\nexport function showAtRef(ref: string, path: string, cwd: string): string {\n  return runGit([\"show\", `${ref}:${path}`], cwd);\n}\n\n/**\n * List basenames directly under `<ref>:<dirPath>` (non-recursive). Empty\n * array if the directory doesn't exist at `<ref>` — distinguished from\n * \"git error\" by branching on git ls-tree's exit code the same way\n * `pathExistsAtRef` does. Used by `stamp review` (AGT-332) to enumerate\n * `.stamp/trusted-keys/*.pub` at base_sha so each pubkey can be loaded\n * from the merge-base tree (NOT the working tree — same security\n * boundary as reviewer prompts).\n */\nexport function listFilesAtRef(\n  ref: string,\n  dirPath: string,\n  cwd: string,\n): string[] {\n  // `--name-only` keeps the output a clean list of relative paths; we\n  // strip the directory prefix here so callers get bare filenames. The\n  // trailing `/` on the path argument tells ls-tree to enter the tree\n  // rather than echo the entry for the directory itself.\n  const result = spawnSync(\n    \"git\",\n    [\"ls-tree\", \"--name-only\", `${ref}`, `${dirPath}/`],\n    { cwd, stdio: [\"ignore\", \"pipe\", \"pipe\"] },\n  );\n  if (result.status === 128) return []; // directory absent at ref\n  if (result.status !== 0) {\n    const stderr = result.stderr?.toString(\"utf8\").trim() ?? \"\";\n    throw new Error(\n      `git ls-tree ${ref}:${dirPath} failed (status ${result.status}): ${stderr || \"(no stderr)\"}`,\n    );\n  }\n  const text = result.stdout?.toString(\"utf8\") ?? \"\";\n  return text\n    .split(\"\\n\")\n    .filter((line) => line.length > 0)\n    .map((line) => {\n      const prefix = `${dirPath}/`;\n      return line.startsWith(prefix) ? line.slice(prefix.length) : line;\n    });\n}\n\n/**\n * True when `<path>` exists in the tree at `<ref>`. Use this when \"missing\"\n * is a legitimate state to branch on rather than an error to recover from —\n * e.g. probing for an optional file like a reviewer lock that may or may\n * not be pinned.\n *\n * Branches on `git cat-file -e`'s exit code: 0 = present, 128 = absent\n * (git's catch-all for \"path or ref didn't resolve\"), anything else =\n * unexpected failure (rethrown). Matches the status-128 = \"legitimate\n * bootstrap state\" convention loadConfigAtSha already uses in verify.ts.\n *\n * Use this instead of try/catch around `git show` when absence is expected,\n * so genuine non-128 failures aren't silently swallowed as \"absent.\"\n */\nexport function pathExistsAtRef(\n  ref: string,\n  path: string,\n  cwd: string,\n): boolean {\n  const result = spawnSync(\"git\", [\"cat-file\", \"-e\", `${ref}:${path}`], {\n    cwd,\n    stdio: [\"ignore\", \"ignore\", \"pipe\"],\n  });\n  if (result.status === 0) return true;\n  if (result.status === 128) return false;\n  const stderr = result.stderr?.toString(\"utf8\").trim() ?? \"\";\n  throw new Error(\n    `git cat-file -e ${ref}:${path} failed (status ${result.status}): ${stderr || \"(no stderr)\"}`,\n  );\n}\n\n/**\n * True when `<path>` is already tracked by git on the current branch. Used\n * by `stamp init` to detect \"is this the first time we're adding stamp\n * config\" — the bootstrap moment where the scaffolding files can be\n * committed directly to main.\n *\n * `--error-unmatch` exits non-zero if the path isn't tracked, so we just\n * branch on whether the call throws.\n */\nexport function isPathTracked(path: string, cwd: string): boolean {\n  try {\n    runGit([\"ls-files\", \"--error-unmatch\", path], cwd);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * True when the repository has at least one commit on HEAD. False on a\n * freshly `git init`'d repo where no commits have been made yet.\n */\nexport function repoHasAnyCommit(cwd: string): boolean {\n  try {\n    runGit([\"rev-parse\", \"--verify\", \"HEAD\"], cwd);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * True when `maybeAncestor` is an ancestor of (or equal to) `descendant`.\n * Wraps `git merge-base --is-ancestor`: exit 0 = ancestor, 1 = not, anything\n * else = git error (rethrown).\n *\n * Used by `stamp review` to decide whether a previously-recorded verdict\n * applies to the current branch: a prior head_sha is \"on this branch\" iff\n * it's an ancestor of the current head, which rules out sibling branches\n * that happen to share a base_sha (parallel feature branches off main).\n */\nexport function isAncestor(\n  maybeAncestor: string,\n  descendant: string,\n  cwd: string,\n): boolean {\n  const result = spawnSync(\n    \"git\",\n    [\"merge-base\", \"--is-ancestor\", maybeAncestor, descendant],\n    { cwd, stdio: [\"ignore\", \"ignore\", \"pipe\"] },\n  );\n  if (result.status === 0) return true;\n  if (result.status === 1) return false;\n  const stderr = result.stderr?.toString(\"utf8\").trim() ?? \"\";\n  throw new Error(\n    `git merge-base --is-ancestor ${maybeAncestor} ${descendant} failed (status ${result.status}): ${stderr || \"(no stderr)\"}`,\n  );\n}\n\nexport function commitSummary(sha: string, cwd: string): CommitSummary {\n  const commits = firstParentCommits(sha, 1, cwd);\n  if (commits.length === 0) {\n    throw new Error(`commit ${sha} not found`);\n  }\n  return commits[0]!;\n}\n\n/**\n * Returns the SHA of the first parent of `sha`, or null if the commit has\n * no parent (root commit) or the lookup otherwise fails. Used by review's\n * carry-forward gate to detect amend/squash iteration — two commits with\n * the same first-parent are siblings produced by `git commit --amend` (or\n * `git reset --soft HEAD~ && git commit`), the dominant agent workflow\n * for single-commit feature branches.\n */\nexport function parentSha(sha: string, cwd: string): string | null {\n  try {\n    return git([\"rev-parse\", `${sha}^`], cwd).trim();\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Diff between two commits (`<priorHead>..<currentHead>`) with enlarged\n * unified-context lines. Used by `stamp review` to feed the LLM ONLY the\n * code that has changed since a prior approved/rejected review on the same\n * branch — the structural fix for \"reviewer flips verdict on unchanged\n * lines across rounds.\" The 20-line default context is wider than git's\n * default 3 so the reviewer has enough surrounding code to judge the\n * delta, but still narrow enough that the model cannot see (and therefore\n * cannot re-flag) code far from the changed hunks. Throws if either ref\n * doesn't resolve.\n */\nexport function deltaDiff(\n  priorHead: string,\n  currentHead: string,\n  cwd: string,\n  contextLines = 20,\n): string {\n  return git(\n    [\"diff\", `-U${contextLines}`, `${priorHead}..${currentHead}`],\n    cwd,\n  );\n}\n\n/**\n * Parse and resolve a git revspec of the form \"<base>..<head>\".\n * - base_sha is merge-base(<base>, <head>), the point at which <head> diverged\n * - head_sha is the commit SHA that <head> currently points to\n * - diff is `git diff <base>...<head>` — changes introduced by <head>\n *   relative to <base>, ignoring any changes that <base> has since made\n *\n * Throws on invalid revspecs or on git failures.\n */\nexport function resolveDiff(revspec: string, cwd: string): ResolvedDiff {\n  const parts = revspec.split(\"..\");\n  if (parts.length !== 2 || !parts[0] || !parts[1]) {\n    throw new Error(\n      `invalid revspec \"${revspec}\": expected form <base>..<head> (two dots)`,\n    );\n  }\n  const [baseRef, headRef] = parts;\n\n  const base_sha = git([\"merge-base\", baseRef, headRef], cwd).trim();\n  const head_sha = git([\"rev-parse\", \"--verify\", `${headRef}^{commit}`], cwd).trim();\n  const diff = git([\"diff\", `${baseRef}...${headRef}`], cwd);\n\n  return { revspec, base_sha, head_sha, diff };\n}\n\n/**\n * Shared git-shell helper used by every command that needs to run git\n * subprocesses. Captures stderr (rather than inheriting it) so failures\n * surface via the thrown message — no raw `fatal: ...` lines bleed onto\n * the user's terminal alongside otherwise-successful output. Returns\n * stdout as utf-8.\n *\n * Use this in command modules (commands/*.ts) instead of a local copy.\n */\nexport function runGit(args: string[], cwd: string): string {\n  try {\n    return execFileSync(\"git\", args, {\n      cwd,\n      encoding: \"utf8\",\n      maxBuffer: 64 * 1024 * 1024, // 64MB; big diffs happen\n      stdio: [\"ignore\", \"pipe\", \"pipe\"],\n    });\n  } catch (err) {\n    const stderr = (err as { stderr?: Buffer | string } | null)?.stderr;\n    const stderrText =\n      typeof stderr === \"string\" ? stderr : stderr?.toString(\"utf8\") ?? \"\";\n    const base = err instanceof Error ? err.message : String(err);\n    throw new Error(\n      `git ${args.join(\" \")} failed: ${stderrText.trim() || base}`,\n    );\n  }\n}\n\n// Local alias so existing callers in this file keep their short name.\nconst git = runGit;\n","import { existsSync, mkdirSync, readFileSync, statSync } from \"node:fs\";\nimport { homedir } from \"node:os\";\nimport { dirname, isAbsolute, join, resolve } from \"node:path\";\n\nexport function findRepoRoot(startFrom: string = process.cwd()): string {\n  let current = resolve(startFrom);\n  while (true) {\n    if (existsSync(join(current, \".git\"))) return current;\n    const parent = dirname(current);\n    if (parent === current) {\n      throw new Error(\n        `not inside a git repository (searched up from ${startFrom})`,\n      );\n    }\n    current = parent;\n  }\n}\n\nexport function stampConfigDir(repoRoot: string): string {\n  return join(repoRoot, \".stamp\");\n}\n\nexport function stampReviewersDir(repoRoot: string): string {\n  return join(repoRoot, \".stamp\", \"reviewers\");\n}\n\nexport function stampTrustedKeysDir(repoRoot: string): string {\n  return join(repoRoot, \".stamp\", \"trusted-keys\");\n}\n\nexport function stampConfigFile(repoRoot: string): string {\n  return join(repoRoot, \".stamp\", \"config.yml\");\n}\n\nexport function stampStateDbPath(repoRoot: string): string {\n  return join(gitCommonDir(repoRoot), \"stamp\", \"state.db\");\n}\n\n/**\n * Marker file that records \"we have shown the LLM data-flow notice in this\n * repo at least once.\" Lives next to state.db under the git common dir so\n * it's per-repo (not per-worktree, not committed).\n */\nexport function stampLlmNoticeMarkerPath(repoRoot: string): string {\n  return join(gitCommonDir(repoRoot), \"stamp\", \"llm-notice-shown\");\n}\n\n/**\n * Resolve the git common directory for `repoRoot`. For a normal checkout this\n * is `<repoRoot>/.git`; for a worktree, `<repoRoot>/.git` is a *file* of the\n * form `gitdir: <path>` and the real common dir lives at `<gitdir>/commondir`\n * (a path relative to gitdir, typically `../..`). Mirrors `git rev-parse\n * --git-common-dir` without spawning git.\n *\n * State that should be shared across every worktree of one repository (review\n * verdicts, the per-machine sqlite db) lives under this common dir, so callers\n * resolve their paths through here rather than hard-coding `<repoRoot>/.git`.\n */\nexport function gitCommonDir(repoRoot: string): string {\n  const dotGit = join(repoRoot, \".git\");\n  const st = statSync(dotGit);\n  if (st.isDirectory()) return dotGit;\n\n  // Worktree (or submodule): `.git` is a file. Parse the `gitdir:` line, then\n  // follow the `commondir` pointer from there. Submodules have no `commondir`,\n  // so the gitdir itself is the writable common dir — fall through to that.\n  const contents = readFileSync(dotGit, \"utf8\");\n  const match = contents.match(/^gitdir:\\s*(.+)$/m);\n  if (!match || !match[1]) {\n    throw new Error(\n      `expected '.git' at ${repoRoot} to be a directory or a 'gitdir:' pointer file, got: ${contents.slice(0, 120)}`,\n    );\n  }\n  const gitdirRaw = match[1].trim();\n  const gitdir = isAbsolute(gitdirRaw) ? gitdirRaw : resolve(repoRoot, gitdirRaw);\n\n  const commondirPath = join(gitdir, \"commondir\");\n  if (!existsSync(commondirPath)) return gitdir;\n  const commondirRaw = readFileSync(commondirPath, \"utf8\").trim();\n  return isAbsolute(commondirRaw) ? commondirRaw : resolve(gitdir, commondirRaw);\n}\n\nexport function userKeysDir(): string {\n  return join(homedir(), \".stamp\", \"keys\");\n}\n\n/**\n * Per-user stamp-server config. Holds {host, port, user, repo_root_prefix}\n * so commands like `stamp provision` can reach the operator's stamp server\n * without making the agent guess at SSH endpoints.\n */\nexport function userServerConfigPath(): string {\n  return join(homedir(), \".stamp\", \"server.yml\");\n}\n\n/**\n * Per-user stamp config. Today holds reviewer-model selections; structured\n * as a top-level object so future per-user knobs (telemetry sinks, default\n * timeouts, etc.) can land alongside without renaming the file. Lives\n * separately from per-repo `.stamp/config.yml` because cost/speed is\n * operator infrastructure rather than committed review policy — different\n * operators on the same repo are free to pick different models without\n * a merge-conflict over preference, and this file is intentionally\n * EXCLUDED from the v3 reviewer attestation hash chain.\n */\nexport function userConfigPath(): string {\n  return join(homedir(), \".stamp\", \"config.yml\");\n}\n\nexport function ensureDir(path: string, mode = 0o755): void {\n  if (!existsSync(path)) {\n    mkdirSync(path, { recursive: true, mode });\n  }\n}\n\nexport function isFile(path: string): boolean {\n  try {\n    return statSync(path).isFile();\n  } catch {\n    return false;\n  }\n}\n","import { chmodSync, existsSync } from \"node:fs\";\nimport { DatabaseSync } from \"node:sqlite\";\nimport { dirname } from \"node:path\";\nimport { ensureDir } from \"./paths.js\";\n\nexport type Verdict = \"approved\" | \"changes_requested\" | \"denied\";\n\n/**\n * `schema_version` value stamped onto rows produced under the stamp 2.x\n * server-attested review model. Rows persisted by 1.x clients have NULL\n * here — a 2.x-only verifier reads NULL as \"legacy unsigned, do NOT trust\n * for merge-gate purposes\" while still letting `stamp log` display the row.\n *\n * Mirrors `CURRENT_V4_SCHEMA_VERSION` in `attestationV4.ts` deliberately:\n * a row that carries a server-signed approval is, by construction, a v4\n * artifact, and any v4 verifier consuming this DB column should compare\n * with the same integer. We don't import the constant directly to avoid\n * a dependency cycle (`db.ts` is leaf-ish; `attestationV4.ts` may grow\n * imports from elsewhere) — the two integers are pinned together via the\n * doc comment instead, and a guard test in `tests/db.test.ts` asserts\n * they match so a future bump to one drags the other along.\n */\nexport const REVIEW_ROW_SCHEMA_V4 = 4;\n\nexport interface ReviewRow {\n  id: number;\n  reviewer: string;\n  base_sha: string;\n  head_sha: string;\n  verdict: Verdict;\n  issues: string | null;\n  /** JSON-encoded ToolCall[] (see lib/toolCalls.ts), or null for reviews\n   *  recorded before Step 4 shipped or where no tools were invoked. */\n  tool_calls: string | null;\n  /** SHA-256 hex of the diff bytes the reviewer evaluated. Null for rows\n   *  recorded before 1.8.0 shipped. Cache key with prompt_hash + reviewer. */\n  diff_hash: string | null;\n  /** SHA-256 hex of the reviewer prompt text. Null for rows recorded before\n   *  1.8.0 shipped. Cache key with diff_hash + reviewer. */\n  prompt_hash: string | null;\n  /** JSON-stringified `ApprovalV4` (see `lib/attestationV4.ts`) as returned\n   *  by stamp-server's `stamp-review` SSH verb. Null for rows produced by\n   *  pre-2.x clients OR by a 2.x client running in local-only mode (no\n   *  `review_server` configured). When non-null, `server_signature_b64`\n   *  and `server_key_id` are non-null as well (writer-side invariant\n   *  enforced by `recordReview`); when null, all three are null together. */\n  server_approval_json: string | null;\n  /** Base64 Ed25519 signature the server produced over\n   *  `canonicalSerializeApproval(approval)`. Non-null iff\n   *  `server_approval_json` is non-null. */\n  server_signature_b64: string | null;\n  /** `sha256:<hex>` fingerprint of the server's review-signing key — same\n   *  string format the trusted-keys manifest uses to identify keys (see\n   *  `lib/trustedKeysManifest.ts`). Duplicates the `server_key_id` embedded\n   *  inside the signed `server_approval_json`; stored at the row level so\n   *  `stamp log` can render the signer without parsing the JSON blob, and\n   *  so AGT-334's `stamp merge` can index lookups by signer without\n   *  hydrating every approval. */\n  server_key_id: string | null;\n  /** Schema version of the persisted row. `null` for legacy 1.x rows that\n   *  predate the column; `REVIEW_ROW_SCHEMA_V4` for rows produced under\n   *  the server-attested model. The presence of a non-null value here is\n   *  the canonical marker that distinguishes a 2.x row from a 1.x row in\n   *  `stamp log` and (later) in AGT-334's merge-gate input filter. */\n  schema_version: number | null;\n  created_at: string;\n}\n\nexport interface RecordReviewInput {\n  reviewer: string;\n  base_sha: string;\n  head_sha: string;\n  verdict: Verdict;\n  issues?: string | null;\n  /** JSON-encoded ToolCall[] or null. See lib/toolCalls.ts. */\n  tool_calls?: string | null;\n  /** SHA-256 hex of the diff bytes (caller computes; see commands/review.ts).\n   *  Optional for pre-1.8.0 call sites that haven't been updated yet. */\n  diff_hash?: string | null;\n  /** SHA-256 hex of the reviewer prompt text. Optional for pre-1.8.0 call\n   *  sites that haven't been updated yet. */\n  prompt_hash?: string | null;\n  /** Server-attested approval persisted as a unit. Either provide all\n   *  three fields (server-attested 2.x row) or omit `serverAttestation`\n   *  entirely (local / 1.x-style row). Half-populated input is a writer\n   *  bug — `recordReview` enforces all-or-nothing so a downstream\n   *  verifier can rely on \"non-null server_approval_json ⇒ non-null\n   *  signature + key_id\" as a hard DB invariant.\n   *\n   *  AGT-334 (`stamp merge`) reads these back via `serverApprovalsFor`\n   *  to fold them into the v4 envelope; pre-2.x call sites simply\n   *  don't pass this field. */\n  serverAttestation?: {\n    /** JSON-serialized `ApprovalV4` — the bytes the server signed are\n     *  `canonicalSerializeApproval(parsed_approval)`, NOT this JSON\n     *  string verbatim (key order may differ; the canonical serializer\n     *  re-sorts at signature-verify time). */\n    approval_json: string;\n    /** Base64 Ed25519 over `canonicalSerializeApproval(approval)`. */\n    signature_b64: string;\n    /** `sha256:<hex>` server key fingerprint; must match the\n     *  `server_key_id` inside `approval_json`. The dup is intentional\n     *  (see `ReviewRow.server_key_id` docstring). */\n    server_key_id: string;\n  };\n}\n\nexport function openDb(path: string): DatabaseSync {\n  // Tighten parent directory to 0700 so peer users on shared/dev machines\n  // can't enter `.git/stamp/` to read state.db (or its WAL sidecars). Done\n  // before opening the DB so a brand-new file inherits the locked-down\n  // ancestor. Idempotent: chmodSync runs on every open even if ensureDir\n  // no-oped, which tightens an already-existing 0755 dir from prior versions.\n  const dir = dirname(path);\n  ensureDir(dir, 0o700);\n  chmodSync(dir, 0o700);\n\n  const db = new DatabaseSync(path);\n  db.exec(\"PRAGMA journal_mode = WAL\");\n  db.exec(\"PRAGMA foreign_keys = ON\");\n  initSchema(db);\n\n  // Tighten state.db itself plus the WAL sidecars (if SQLite has created\n  // them — `-wal` and `-shm` only exist while WAL writes are in flight or\n  // recently flushed). chmodSync targets the inode, not any open fd, so\n  // this is idempotent across opens; an in-flight write keeps its old fd\n  // mode but the on-disk bits flip immediately.\n  chmodSync(path, 0o600);\n  for (const sidecar of [`${path}-wal`, `${path}-shm`]) {\n    if (existsSync(sidecar)) chmodSync(sidecar, 0o600);\n  }\n\n  return db;\n}\n\nfunction initSchema(db: DatabaseSync): void {\n  // Base CREATE only — indexes that reference newly-added columns must wait\n  // until after the migration ALTERs below. Putting `idx_reviews_cache`\n  // here would crash on upgrade from ≤1.7.x: the CREATE TABLE no-ops\n  // (table exists with the old shape), then CREATE INDEX fails on the\n  // missing column, then the whole exec() throws and the ALTERs never\n  // run — leaving the DB stuck at the old schema forever.\n  db.exec(`\n    CREATE TABLE IF NOT EXISTS reviews (\n      id          INTEGER PRIMARY KEY AUTOINCREMENT,\n      reviewer    TEXT    NOT NULL,\n      base_sha    TEXT    NOT NULL,\n      head_sha    TEXT    NOT NULL,\n      verdict     TEXT    NOT NULL CHECK (verdict IN ('approved','changes_requested','denied')),\n      issues      TEXT,\n      tool_calls  TEXT,\n      diff_hash   TEXT,\n      prompt_hash TEXT,\n      created_at  TEXT    NOT NULL DEFAULT (datetime('now'))\n    );\n\n    CREATE INDEX IF NOT EXISTS idx_reviews_shas\n      ON reviews(base_sha, head_sha, reviewer);\n  `);\n\n  // Forward migrations: each column was added in a later release than the\n  // base schema. PRAGMA table_info lists current columns; missing ones get\n  // ALTER-added. Idempotent — repeat opens no-op.\n  //\n  // Forward-only by design: there is NO down-migration. A user who downgrades\n  // from a stamp version that ran these ALTERs back to one that doesn't know\n  // about them keeps the extra columns but the old binary simply ignores\n  // them (SELECTs naming explicit columns are unaffected; INSERTs through\n  // the old code path leave the new columns NULL). 1.x rows that predate\n  // these columns survive each migration step because ALTER TABLE ... ADD\n  // COLUMN populates existing rows with NULL — none of the additions take\n  // a NOT NULL constraint or a non-NULL default, so the legacy rows\n  // continue to read out with their original data intact and NULL in the\n  // new slots. That's the load-bearing AC for AGT-333 and is asserted\n  // structurally in `tests/db.test.ts` against a hand-built 1.x fixture.\n  const cols = db.prepare(\"PRAGMA table_info(reviews)\").all() as Array<{ name: string }>;\n  const have = new Set(cols.map((c) => c.name));\n  if (!have.has(\"tool_calls\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN tool_calls TEXT\");\n  }\n  if (!have.has(\"diff_hash\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN diff_hash TEXT\");\n  }\n  if (!have.has(\"prompt_hash\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN prompt_hash TEXT\");\n  }\n  // AGT-333 (stamp 2.x): server-attested review fields. All TEXT/INTEGER\n  // with no DEFAULT and no NOT NULL — that's what makes the 1.x-rows-\n  // survive guarantee mechanical: ALTER fills existing rows with NULL,\n  // every read site treats NULL as \"legacy / no server attestation here,\"\n  // and the writer-side invariant (`recordReview`) keeps the three server\n  // fields strictly all-or-nothing so downstream code never sees a half-\n  // populated row.\n  if (!have.has(\"server_approval_json\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN server_approval_json TEXT\");\n  }\n  if (!have.has(\"server_signature_b64\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN server_signature_b64 TEXT\");\n  }\n  if (!have.has(\"server_key_id\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN server_key_id TEXT\");\n  }\n  if (!have.has(\"schema_version\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN schema_version INTEGER\");\n  }\n  // Cache index created here (after the migration ALTERs above) so it works\n  // on both fresh installs and upgrades. Repeat-safe.\n  db.exec(`\n    CREATE INDEX IF NOT EXISTS idx_reviews_cache\n      ON reviews(reviewer, diff_hash, prompt_hash, created_at)\n  `);\n}\n\nexport function recordReview(\n  db: DatabaseSync,\n  input: RecordReviewInput,\n): number {\n  // All-or-nothing on the three server-attestation fields: every read\n  // site (stamp log marker, AGT-334's merge folder, future v4 verifier)\n  // treats \"row has a server signature\" as a binary state. Half-populated\n  // input here would let the row drift into an ambiguous middle state\n  // that no read site is prepared to handle. TypeScript already encodes\n  // this in `RecordReviewInput.serverAttestation` (the three fields ride\n  // together on a single object), but the runtime check guards against a\n  // future caller bypassing the type — and against accidental `as any`\n  // at the boundary.\n  const sa = input.serverAttestation ?? null;\n  const schemaVersion = sa === null ? null : REVIEW_ROW_SCHEMA_V4;\n  const stmt = db.prepare(\n    `INSERT INTO reviews\n       (reviewer, base_sha, head_sha, verdict, issues, tool_calls,\n        diff_hash, prompt_hash,\n        server_approval_json, server_signature_b64, server_key_id,\n        schema_version)\n     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,\n  );\n  const result = stmt.run(\n    input.reviewer,\n    input.base_sha,\n    input.head_sha,\n    input.verdict,\n    input.issues ?? null,\n    input.tool_calls ?? null,\n    input.diff_hash ?? null,\n    input.prompt_hash ?? null,\n    sa?.approval_json ?? null,\n    sa?.signature_b64 ?? null,\n    sa?.server_key_id ?? null,\n    schemaVersion,\n  );\n  return Number(result.lastInsertRowid);\n}\n\n/**\n * Server-attested row projection, returned by `serverApprovalsFor`. This\n * is the shape AGT-334's `stamp merge` consumes when folding stored\n * approvals into the v4 envelope — caller parses `approval_json` into\n * an `ApprovalV4` and wraps it with `signature_b64` + `server_key_id`\n * into an `ApprovalEntryV4`. Kept here (rather than in `attestationV4.ts`)\n * because `db.ts` is the boundary that knows the storage shape, and the\n * caller can do the JSON parse with full v4 typing.\n */\nexport interface ServerAttestedRow {\n  id: number;\n  reviewer: string;\n  base_sha: string;\n  head_sha: string;\n  verdict: Verdict;\n  /** JSON-stringified `ApprovalV4`. Caller `JSON.parse`s + canonical-\n   *  reserializes to verify the server's signature. */\n  approval_json: string;\n  /** Base64 Ed25519 over `canonicalSerializeApproval(approval)`. */\n  signature_b64: string;\n  /** `sha256:<hex>` server key fingerprint. */\n  server_key_id: string;\n  created_at: string;\n}\n\n/**\n * Return all server-attested rows for a given (base_sha, head_sha) pair,\n * one per reviewer (latest wins on ties — same `(created_at DESC, id DESC)`\n * ordering as `latestVerdicts`). Skips rows where `server_approval_json`\n * is NULL (legacy 1.x rows OR local-only 2.x rows with no server\n * attestation) — those are not eligible inputs to a v4 merge envelope.\n *\n * Intended consumer is AGT-334's `stamp merge`: it calls this, parses\n * each `approval_json`, and assembles `ApprovalEntryV4[]` for the v4\n * envelope. The merge code is responsible for verifying signatures and\n * matching `server_key_id` against the manifest at `base_sha` before\n * trusting the data.\n *\n * Returns rows in stable reviewer-name order so the resulting envelope\n * is deterministic across runs (the v4 canonical serializer sorts object\n * keys but preserves array order; deterministic input means deterministic\n * output, which matters for stamp's reproducibility property).\n */\nexport function serverApprovalsFor(\n  db: DatabaseSync,\n  base_sha: string,\n  head_sha: string,\n): ServerAttestedRow[] {\n  const stmt = db.prepare(`\n    SELECT id, reviewer, base_sha, head_sha, verdict,\n           server_approval_json AS approval_json,\n           server_signature_b64 AS signature_b64,\n           server_key_id,\n           created_at\n    FROM (\n      SELECT\n        id, reviewer, base_sha, head_sha, verdict,\n        server_approval_json,\n        server_signature_b64,\n        server_key_id,\n        created_at,\n        ROW_NUMBER() OVER (\n          PARTITION BY reviewer\n          ORDER BY created_at DESC, id DESC\n        ) AS rn\n      FROM reviews\n      WHERE base_sha = ? AND head_sha = ?\n        AND server_approval_json IS NOT NULL\n    )\n    WHERE rn = 1\n    ORDER BY reviewer ASC\n  `);\n  return stmt.all(base_sha, head_sha) as unknown as ServerAttestedRow[];\n}\n\nexport interface CachedVerdict {\n  verdict: Verdict;\n  /** Prose stored on the cached row; may be null on pre-prose rows. */\n  issues: string | null;\n  /** (base_sha, head_sha) the cached verdict was originally recorded against.\n   *  Surfaced in the cache-hit message so operators can trace provenance. */\n  base_sha: string;\n  head_sha: string;\n  created_at: string;\n}\n\n/**\n * Look up the most recent stored verdict for (reviewer, diff_hash, prompt_hash).\n * Both hashes are required — null/missing-hash rows never match, so pre-1.8.0\n * rows are silently skipped. Returns null when no matching row exists.\n *\n * Used by `stamp review` to short-circuit the LLM call when an identical\n * (diff, prompt, reviewer) tuple has already been evaluated. The point is\n * to break the treadmill where the model non-deterministically re-flips\n * verdicts on unchanged input.\n */\nexport function findCachedVerdict(\n  db: DatabaseSync,\n  reviewer: string,\n  diff_hash: string,\n  prompt_hash: string,\n): CachedVerdict | null {\n  const stmt = db.prepare(`\n    SELECT verdict, issues, base_sha, head_sha, created_at\n    FROM reviews\n    WHERE reviewer = ? AND diff_hash = ? AND prompt_hash = ?\n    ORDER BY created_at DESC, id DESC\n    LIMIT 1\n  `);\n  const row = stmt.get(reviewer, diff_hash, prompt_hash) as\n    | CachedVerdict\n    | undefined;\n  return row ?? null;\n}\n\nexport interface LatestVerdict {\n  reviewer: string;\n  verdict: Verdict;\n}\n\nexport interface LatestReview {\n  id: number;\n  reviewer: string;\n  verdict: Verdict;\n  issues: string | null;\n  tool_calls: string | null;\n}\n\nconst LATEST_VERDICTS_SQL = `\n  SELECT id, reviewer, verdict, issues, tool_calls\n  FROM (\n    SELECT\n      id,\n      reviewer,\n      verdict,\n      issues,\n      tool_calls,\n      ROW_NUMBER() OVER (\n        PARTITION BY reviewer\n        ORDER BY created_at DESC, id DESC\n      ) AS rn\n    FROM reviews\n    WHERE base_sha = ? AND head_sha = ?\n  )\n  WHERE rn = 1\n`;\n\n/**\n * For a given (base_sha, head_sha), return the latest verdict per reviewer.\n * Uses ROW_NUMBER() window function with (created_at DESC, id DESC) ordering\n * so same-second inserts tiebreak on insertion order.\n */\nexport function latestVerdicts(\n  db: DatabaseSync,\n  base_sha: string,\n  head_sha: string,\n): LatestVerdict[] {\n  const stmt = db.prepare(LATEST_VERDICTS_SQL);\n  return stmt.all(base_sha, head_sha) as unknown as LatestVerdict[];\n}\n\n/**\n * Same as latestVerdicts but also returns prose (for computing review_sha\n * during attestation, or for display).\n */\nexport function latestReviews(\n  db: DatabaseSync,\n  base_sha: string,\n  head_sha: string,\n): LatestReview[] {\n  const stmt = db.prepare(LATEST_VERDICTS_SQL);\n  return stmt.all(base_sha, head_sha) as unknown as LatestReview[];\n}\n\nexport interface PriorReviewRow {\n  /** Reviewer name (echoed for symmetry with the query input). */\n  reviewer: string;\n  /** Head SHA the prior verdict was recorded against. */\n  head_sha: string;\n  verdict: Verdict;\n  /** Prose body the reviewer submitted on the prior run; may be null on\n   *  pre-prose rows. */\n  issues: string | null;\n  /** ISO datetime when this row was inserted; surfaced so callers can show\n   *  age in operator-visible messaging if useful. */\n  created_at: string;\n}\n\n/**\n * Find the most recent prior review row by `reviewer` against the same\n * `base_sha`, excluding any row whose `head_sha` equals `excludeHeadSha`.\n * Returns null if no prior review exists.\n *\n * Used by `stamp review` to surface a reviewer's earlier verdict + prose\n * back into the prompt on subsequent runs of the same branch, so iterations\n * can ratchet toward approval instead of randomly re-flipping. The\n * `excludeHeadSha` argument is intended to be the current head_sha — we\n * want what came *before* the current attempt, not the row this very run\n * is about to write.\n *\n * Same ordering as latestVerdicts (created_at DESC, id DESC) so same-second\n * inserts tiebreak on insertion order.\n */\nexport function priorReviewByReviewer(\n  db: DatabaseSync,\n  reviewer: string,\n  base_sha: string,\n  excludeHeadSha?: string,\n): PriorReviewRow | null {\n  const stmt = db.prepare(`\n    SELECT reviewer, head_sha, verdict, issues, created_at\n    FROM reviews\n    WHERE reviewer = ?\n      AND base_sha = ?\n      AND (? IS NULL OR head_sha != ?)\n    ORDER BY created_at DESC, id DESC\n    LIMIT 1\n  `);\n  const row = stmt.get(\n    reviewer,\n    base_sha,\n    excludeHeadSha ?? null,\n    excludeHeadSha ?? null,\n  ) as PriorReviewRow | undefined;\n  return row ?? null;\n}\n\nexport function reviewHistory(\n  db: DatabaseSync,\n  opts: { limit?: number } = {},\n): ReviewRow[] {\n  const limit = opts.limit ?? 50;\n  // SELECT every column the ReviewRow type promises. The legacy version\n  // of this query only pulled a subset (id/reviewer/base/head/verdict/\n  // issues/created_at) and the implicit cast to ReviewRow[] put `undefined`\n  // into `tool_calls` / `diff_hash` / `prompt_hash` at runtime — a\n  // long-standing type lie. The marker logic added in AGT-333 needs\n  // `server_key_id` and `schema_version` to render the SIGNED-BY column,\n  // and the cheapest correct fix is to stop lying: pull the full row\n  // shape, let `stamp log` filter what it displays. The extra columns\n  // are TEXT/INTEGER scalars; the read-amplification is negligible at\n  // this command's call sites.\n  const stmt = db.prepare(`\n    SELECT id, reviewer, base_sha, head_sha, verdict, issues,\n           tool_calls, diff_hash, prompt_hash,\n           server_approval_json, server_signature_b64, server_key_id,\n           schema_version, created_at\n    FROM reviews\n    ORDER BY created_at DESC, id DESC\n    LIMIT ?\n  `);\n  return stmt.all(limit) as unknown as ReviewRow[];\n}\n\nexport interface ReviewerStats {\n  reviewer: string;\n  total: number;\n  approved: number;\n  changes_requested: number;\n  denied: number;\n  first_seen: string | null;\n  last_seen: string | null;\n}\n\nexport function reviewerStats(\n  db: DatabaseSync,\n  reviewer: string,\n): ReviewerStats {\n  const stmt = db.prepare(`\n    SELECT\n      COUNT(*) AS total,\n      SUM(CASE WHEN verdict = 'approved'          THEN 1 ELSE 0 END) AS approved,\n      SUM(CASE WHEN verdict = 'changes_requested' THEN 1 ELSE 0 END) AS changes_requested,\n      SUM(CASE WHEN verdict = 'denied'            THEN 1 ELSE 0 END) AS denied,\n      MIN(created_at) AS first_seen,\n      MAX(created_at) AS last_seen\n    FROM reviews\n    WHERE reviewer = ?\n  `);\n  const row = stmt.get(reviewer) as {\n    total: number;\n    approved: number | null;\n    changes_requested: number | null;\n    denied: number | null;\n    first_seen: string | null;\n    last_seen: string | null;\n  };\n  return {\n    reviewer,\n    total: row.total ?? 0,\n    approved: row.approved ?? 0,\n    changes_requested: row.changes_requested ?? 0,\n    denied: row.denied ?? 0,\n    first_seen: row.first_seen,\n    last_seen: row.last_seen,\n  };\n}\n\nexport function recentReviewsByReviewer(\n  db: DatabaseSync,\n  reviewer: string,\n  limit: number,\n): ReviewRow[] {\n  // See `reviewHistory` for the rationale on selecting the full row\n  // shape rather than a subset.\n  const stmt = db.prepare(`\n    SELECT id, reviewer, base_sha, head_sha, verdict, issues,\n           tool_calls, diff_hash, prompt_hash,\n           server_approval_json, server_signature_b64, server_key_id,\n           schema_version, created_at\n    FROM reviews\n    WHERE reviewer = ?\n    ORDER BY created_at DESC, id DESC\n    LIMIT ?\n  `);\n  return stmt.all(reviewer, limit) as unknown as ReviewRow[];\n}\n\nexport interface PrunePerReviewer {\n  reviewer: string;\n  count: number;\n}\n\nexport interface PrunePeekResult {\n  total: number;\n  perReviewer: PrunePerReviewer[];\n}\n\n/**\n * Count rows older than `now − sqliteModifier` per reviewer, without\n * deleting. Mirrors the row set that `pruneReviews` would delete given the\n * same modifier. Used by `--dry-run` and to compute the \"reviewers affected\"\n * count surfaced in non-dry-run output.\n *\n * `sqliteModifier` is a string suitable for SQLite's `datetime('now', ?)`\n * (e.g. `-30 days`, `-12 hours`); produced by parseRetentionDuration so the\n * cutoff is computed inside SQLite — avoids any wall-clock fencepost\n * between JS `Date.now()` and the `created_at` strings written via\n * `datetime('now')` at insert time.\n */\nexport function peekPrunable(\n  db: DatabaseSync,\n  sqliteModifier: string,\n): PrunePeekResult {\n  const stmt = db.prepare(`\n    SELECT reviewer, COUNT(*) AS count\n    FROM reviews\n    WHERE created_at < datetime('now', ?)\n    GROUP BY reviewer\n    ORDER BY reviewer\n  `);\n  const rows = stmt.all(sqliteModifier) as unknown as PrunePerReviewer[];\n  const total = rows.reduce((sum, r) => sum + r.count, 0);\n  return { total, perReviewer: rows };\n}\n\n/**\n * Delete rows older than `now − sqliteModifier`. Returns the same shape as\n * peekPrunable but with the actual deleted-row counts. The DELETE runs in\n * a single statement; callers must run VACUUM separately (and outside any\n * transaction) to actually shrink the file.\n */\nexport function pruneReviews(\n  db: DatabaseSync,\n  sqliteModifier: string,\n): PrunePeekResult {\n  const peek = peekPrunable(db, sqliteModifier);\n  if (peek.total === 0) return peek;\n  const del = db.prepare(\n    \"DELETE FROM reviews WHERE created_at < datetime('now', ?)\",\n  );\n  del.run(sqliteModifier);\n  return peek;\n}\n","import {\n  createHash,\n  createPublicKey,\n  generateKeyPairSync,\n  KeyObject,\n} from \"node:crypto\";\nimport {\n  chmodSync,\n  readdirSync,\n  readFileSync,\n  writeFileSync,\n} from \"node:fs\";\nimport { join } from \"node:path\";\nimport {\n  ensureDir,\n  isFile,\n  stampTrustedKeysDir,\n  userKeysDir,\n} from \"./paths.js\";\n\nexport interface Keypair {\n  privateKeyPem: string;\n  publicKeyPem: string;\n  fingerprint: string; // \"sha256:<hex>\"\n}\n\nconst PRIVATE_KEY_FILE = \"ed25519\";\nconst PUBLIC_KEY_FILE = \"ed25519.pub\";\n\nexport function generateKeypair(): Keypair {\n  const { publicKey, privateKey } = generateKeyPairSync(\"ed25519\");\n  const privateKeyPem = privateKey.export({\n    type: \"pkcs8\",\n    format: \"pem\",\n  }) as string;\n  const publicKeyPem = publicKey.export({\n    type: \"spki\",\n    format: \"pem\",\n  }) as string;\n  return {\n    privateKeyPem,\n    publicKeyPem,\n    fingerprint: fingerprintFromPem(publicKeyPem),\n  };\n}\n\nexport function fingerprintFromPem(publicKeyPem: string): string {\n  const pub = createPublicKey(publicKeyPem);\n  const raw = pub.export({ type: \"spki\", format: \"der\" }) as Buffer;\n  const hash = createHash(\"sha256\").update(raw).digest(\"hex\");\n  return `sha256:${hash}`;\n}\n\nexport function loadUserKeypair(): Keypair | null {\n  const dir = userKeysDir();\n  const privPath = join(dir, PRIVATE_KEY_FILE);\n  const pubPath = join(dir, PUBLIC_KEY_FILE);\n  if (!isFile(privPath) || !isFile(pubPath)) return null;\n  const privateKeyPem = readFileSync(privPath, \"utf8\");\n  const publicKeyPem = readFileSync(pubPath, \"utf8\");\n  return {\n    privateKeyPem,\n    publicKeyPem,\n    fingerprint: fingerprintFromPem(publicKeyPem),\n  };\n}\n\nexport function saveUserKeypair(kp: Keypair): void {\n  const dir = userKeysDir();\n  ensureDir(dir, 0o700);\n  chmodSync(dir, 0o700);\n  const privPath = join(dir, PRIVATE_KEY_FILE);\n  const pubPath = join(dir, PUBLIC_KEY_FILE);\n  writeFileSync(privPath, kp.privateKeyPem, { mode: 0o600 });\n  writeFileSync(pubPath, kp.publicKeyPem, { mode: 0o644 });\n}\n\nexport function ensureUserKeypair(): {\n  keypair: Keypair;\n  created: boolean;\n} {\n  const existing = loadUserKeypair();\n  if (existing) return { keypair: existing, created: false };\n  const kp = generateKeypair();\n  saveUserKeypair(kp);\n  return { keypair: kp, created: true };\n}\n\nexport function publicKeyFingerprintFilename(fingerprint: string): string {\n  // \"sha256:abc...\" -> \"sha256_abc....pub\" (colons are valid on unix but messy)\n  return fingerprint.replace(\":\", \"_\") + \".pub\";\n}\n\nexport function publicKeyFromObject(obj: KeyObject): string {\n  return obj.export({ type: \"spki\", format: \"pem\" }) as string;\n}\n\n/**\n * Look up a public key PEM in a repo's .stamp/trusted-keys/ directory by\n * fingerprint. Returns null if no file in the directory matches.\n */\nexport function findTrustedKey(\n  repoRoot: string,\n  fingerprint: string,\n): string | null {\n  const dir = stampTrustedKeysDir(repoRoot);\n  let files: string[];\n  try {\n    files = readdirSync(dir);\n  } catch {\n    return null;\n  }\n  for (const f of files) {\n    if (!f.endsWith(\".pub\")) continue;\n    let pem: string;\n    try {\n      pem = readFileSync(join(dir, f), \"utf8\");\n    } catch {\n      continue;\n    }\n    try {\n      if (fingerprintFromPem(pem) === fingerprint) return pem;\n    } catch {\n      // skip malformed keys\n    }\n  }\n  return null;\n}\n","import type { Verdict } from \"./db.js\";\nimport type { ToolCall } from \"./toolCalls.js\";\n\n/**\n * Current attestation payload schema version.\n *\n *   v1 (absent field) — initial shape; no hash binding to reviewer config.\n *   v2 — per-approval prompt/tools/mcp hashes, sourced from the merge\n *        commit's own tree. SECURITY ISSUE: a feature branch could modify\n *        a reviewer's prompt and the resulting attestation hash matched\n *        the modified prompt, so the server hook accepted a self-reviewing\n *        merge.\n *   v3 — same hash fields, but sourced from the merge-base tree (the\n *        common ancestor of the two merge parents). This is the version\n *        of the reviewer that existed BEFORE the diff, so a feature\n *        branch cannot self-review by modifying its own reviewer prompt.\n *\n * Verifiers reject v2 and below — they're known-broken under the self-\n * review attack. Only v3+ is accepted.\n */\nexport const CURRENT_PAYLOAD_VERSION = 3;\nexport const MIN_ACCEPTED_PAYLOAD_VERSION = 3;\n\nexport interface Approval {\n  reviewer: string;\n  verdict: Verdict;\n  /** sha256 of the review's prose, hex — lets verifiers tie attestation to a specific DB row */\n  review_sha: string;\n  /** v2+: sha256 of the reviewer's prompt file at merge time */\n  prompt_sha256?: string;\n  /** v2+: sha256 of the canonical-form tool allowlist (sorted JSON array) */\n  tools_sha256?: string;\n  /** v2+: sha256 of the canonical-form mcp_servers config (sorted-key JSON) */\n  mcp_sha256?: string;\n  /** v2+: canonical source the reviewer was fetched from (if a lock file\n   *  existed at merge time). Enables downstream audit: \"was this reviewer\n   *  fetched from an approved manifest at an approved version?\" */\n  reviewer_source?: {\n    source: string;\n    ref: string;\n  };\n  /** v2+: audit trace of tool calls the reviewer's agent made during review.\n   *  Each entry is `{ tool, input_sha256 }`. Not cryptographically verified —\n   *  the operator can forge the list — but catches lazy tampering and gives\n   *  auditors a concrete signal (\"did product call linear.get_issue at all?\").\n   *  Omitted or empty for reviewers that ran with no tools or where the SDK\n   *  version didn't surface tool-use blocks. */\n  tool_calls?: ToolCall[];\n}\n\nexport interface CheckAttestation {\n  name: string;\n  command: string;\n  exit_code: number;\n  output_sha: string;\n}\n\nexport interface AttestationPayload {\n  /** Schema version. Absent = v1 (pre-Step-2). Present = v2+. */\n  schema_version?: number;\n  base_sha: string;\n  head_sha: string;\n  target_branch: string;\n  approvals: Approval[];\n  /** Pre-merge checks that ran on the signer's machine and passed.\n   * Empty array if the branch has no required_checks configured. */\n  checks: CheckAttestation[];\n  /** \"sha256:<hex>\" fingerprint of the signer's public key */\n  signer_key_id: string;\n}\n\nexport const STAMP_PAYLOAD_TRAILER = \"Stamp-Payload\";\nexport const STAMP_VERIFIED_TRAILER = \"Stamp-Verified\";\n\n/**\n * Hard cap on the base64 trailer value AND its decoded bytes. parseCommit-\n * Attestation runs on every new commit in the pre-receive hook BEFORE the\n * Ed25519 signature is checked, so an attacker who can produce a commit\n * (any push attempt) could otherwise force JSON.parse on a multi-megabyte\n * payload before reaching the signature verification step that would\n * reject it. 64KB is generous for any sane attestation — the largest real\n * payloads are a few KB even with full tool-call traces.\n */\nexport const MAX_TRAILER_BYTES = 64 * 1024;\n\n/**\n * Serialize the payload to the exact bytes that will be signed. We do NOT\n * canonicalize JSON — the signer and verifier both operate on the base64\n * Stamp-Payload trailer value, so whatever bytes we produce here are the\n * same bytes the verifier base64-decodes. Deterministic serialization\n * isn't required for correctness.\n */\nexport function serializePayload(p: AttestationPayload): Buffer {\n  return Buffer.from(JSON.stringify(p), \"utf8\");\n}\n\nexport function payloadToTrailerValue(p: AttestationPayload): string {\n  return serializePayload(p).toString(\"base64\");\n}\n\nexport function trailerValueToPayload(b64: string): AttestationPayload {\n  const json = Buffer.from(b64, \"base64\").toString(\"utf8\");\n  return JSON.parse(json) as AttestationPayload;\n}\n\nexport function trailerValueToPayloadBytes(b64: string): Buffer {\n  return Buffer.from(b64, \"base64\");\n}\n\nexport interface ParsedAttestation {\n  payload: AttestationPayload;\n  payloadBytes: Buffer;\n  signatureBase64: string;\n}\n\n/**\n * Extract Stamp-Payload + Stamp-Verified trailers from a commit message.\n * Returns null if either is missing. Matches single-line trailer values.\n */\nexport function parseCommitAttestation(\n  commitMessage: string,\n): ParsedAttestation | null {\n  const payloadMatch = commitMessage.match(\n    new RegExp(`^${STAMP_PAYLOAD_TRAILER}:\\\\s*(.+)$`, \"m\"),\n  );\n  const sigMatch = commitMessage.match(\n    new RegExp(`^${STAMP_VERIFIED_TRAILER}:\\\\s*(.+)$`, \"m\"),\n  );\n  if (!payloadMatch || !sigMatch) return null;\n  const b64Payload = payloadMatch[1]?.trim();\n  const b64Sig = sigMatch[1]?.trim();\n  if (!b64Payload || !b64Sig) return null;\n\n  // Bail before allocating or parsing if the trailer is oversized — both as\n  // a base64 string and as decoded bytes. See MAX_TRAILER_BYTES rationale.\n  if (b64Payload.length > MAX_TRAILER_BYTES) return null;\n  const payloadBytes = trailerValueToPayloadBytes(b64Payload);\n  if (payloadBytes.length > MAX_TRAILER_BYTES) return null;\n  const payload = JSON.parse(payloadBytes.toString(\"utf8\")) as AttestationPayload;\n  return { payload, payloadBytes, signatureBase64: b64Sig };\n}\n\n/**\n * Format the two trailer lines. Suitable for appending to a commit message\n * body after a blank-line separator.\n */\nexport function formatTrailers(\n  p: AttestationPayload,\n  signatureBase64: string,\n): string {\n  return (\n    `${STAMP_PAYLOAD_TRAILER}: ${payloadToTrailerValue(p)}\\n` +\n    `${STAMP_VERIFIED_TRAILER}: ${signatureBase64}`\n  );\n}\n","import { createPrivateKey, createPublicKey, sign, verify } from \"node:crypto\";\n\n/**\n * Ed25519 signing. Per RFC 8032, Ed25519 signatures commit to the message\n * directly — no pre-hashing, no padding. Node's crypto.sign/verify accept\n * `null` as the algorithm to get this mode.\n */\n\nexport function signBytes(privateKeyPem: string, data: Buffer): string {\n  const key = createPrivateKey(privateKeyPem);\n  const sig = sign(null, data, key);\n  return sig.toString(\"base64\");\n}\n\nexport function verifyBytes(\n  publicKeyPem: string,\n  data: Buffer,\n  signatureBase64: string,\n): boolean {\n  const key = createPublicKey(publicKeyPem);\n  const sig = Buffer.from(signatureBase64, \"base64\");\n  return verify(null, data, key, sig);\n}\n"],"mappings":";;;;;;;;;AAAA,SAAS,cAAc,iBAAiB;AAwBjC,SAAS,cAAc,KAAqB;AACjD,SAAO,IAAI,CAAC,aAAa,gBAAgB,MAAM,GAAG,GAAG,EAAE,KAAK;AAC9D;AAOO,SAAS,mBACd,QACA,OACA,KACiB;AACjB,QAAM,MAAM;AACZ,QAAM,MAAM,mCAAmC,GAAG;AAClD,QAAM,MAAM;AAAA,IACV,CAAC,OAAO,kBAAkB,IAAI,KAAK,IAAI,YAAY,GAAG,IAAI,MAAM;AAAA,IAChE;AAAA,EACF;AACA,QAAM,UAAU,IAAI,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AAClE,QAAM,UAA2B,CAAC;AAClC,aAAW,OAAO,SAAS;AACzB,UAAM,QAAQ,IAAI,MAAM,IAAI;AAC5B,QAAI,MAAM,SAAS,EAAG;AACtB,UAAM,CAAC,KAAK,SAAS,QAAQ,MAAM,OAAO,GAAG,IAAI,IAAI;AAQrD,UAAM,OAAO,KAAK,KAAK,IAAI,EAAE,QAAQ,QAAQ,EAAE,EAAE,QAAQ;AACzD,YAAQ,KAAK;AAAA,MACX;AAAA,MACA,SAAS,QAAQ,MAAM,KAAK,EAAE,OAAO,OAAO;AAAA,MAC5C;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEO,SAAS,cAAc,KAAa,KAAqB;AAC9D,SAAO,IAAI,CAAC,QAAQ,MAAM,eAAe,GAAG,GAAG,GAAG;AACpD;AAYO,SAAS,UAAU,KAAa,MAAc,KAAqB;AACxE,SAAO,OAAO,CAAC,QAAQ,GAAG,GAAG,IAAI,IAAI,EAAE,GAAG,GAAG;AAC/C;AAWO,SAAS,eACd,KACA,SACA,KACU;AAKV,QAAM,SAAS;AAAA,IACb;AAAA,IACA,CAAC,WAAW,eAAe,GAAG,GAAG,IAAI,GAAG,OAAO,GAAG;AAAA,IAClD,EAAE,KAAK,OAAO,CAAC,UAAU,QAAQ,MAAM,EAAE;AAAA,EAC3C;AACA,MAAI,OAAO,WAAW,IAAK,QAAO,CAAC;AACnC,MAAI,OAAO,WAAW,GAAG;AACvB,UAAM,SAAS,OAAO,QAAQ,SAAS,MAAM,EAAE,KAAK,KAAK;AACzD,UAAM,IAAI;AAAA,MACR,eAAe,GAAG,IAAI,OAAO,mBAAmB,OAAO,MAAM,MAAM,UAAU,aAAa;AAAA,IAC5F;AAAA,EACF;AACA,QAAM,OAAO,OAAO,QAAQ,SAAS,MAAM,KAAK;AAChD,SAAO,KACJ,MAAM,IAAI,EACV,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,EAChC,IAAI,CAAC,SAAS;AACb,UAAM,SAAS,GAAG,OAAO;AACzB,WAAO,KAAK,WAAW,MAAM,IAAI,KAAK,MAAM,OAAO,MAAM,IAAI;AAAA,EAC/D,CAAC;AACL;AAgBO,SAAS,gBACd,KACA,MACA,KACS;AACT,QAAM,SAAS,UAAU,OAAO,CAAC,YAAY,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACpE;AAAA,IACA,OAAO,CAAC,UAAU,UAAU,MAAM;AAAA,EACpC,CAAC;AACD,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,MAAI,OAAO,WAAW,IAAK,QAAO;AAClC,QAAM,SAAS,OAAO,QAAQ,SAAS,MAAM,EAAE,KAAK,KAAK;AACzD,QAAM,IAAI;AAAA,IACR,mBAAmB,GAAG,IAAI,IAAI,mBAAmB,OAAO,MAAM,MAAM,UAAU,aAAa;AAAA,EAC7F;AACF;AAWO,SAAS,cAAc,MAAc,KAAsB;AAChE,MAAI;AACF,WAAO,CAAC,YAAY,mBAAmB,IAAI,GAAG,GAAG;AACjD,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMO,SAAS,iBAAiB,KAAsB;AACrD,MAAI;AACF,WAAO,CAAC,aAAa,YAAY,MAAM,GAAG,GAAG;AAC7C,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYO,SAAS,WACd,eACA,YACA,KACS;AACT,QAAM,SAAS;AAAA,IACb;AAAA,IACA,CAAC,cAAc,iBAAiB,eAAe,UAAU;AAAA,IACzD,EAAE,KAAK,OAAO,CAAC,UAAU,UAAU,MAAM,EAAE;AAAA,EAC7C;AACA,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,QAAM,SAAS,OAAO,QAAQ,SAAS,MAAM,EAAE,KAAK,KAAK;AACzD,QAAM,IAAI;AAAA,IACR,gCAAgC,aAAa,IAAI,UAAU,mBAAmB,OAAO,MAAM,MAAM,UAAU,aAAa;AAAA,EAC1H;AACF;AAkBO,SAAS,UAAU,KAAa,KAA4B;AACjE,MAAI;AACF,WAAO,IAAI,CAAC,aAAa,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,KAAK;AAAA,EACjD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAaO,SAAS,UACd,WACA,aACA,KACA,eAAe,IACP;AACR,SAAO;AAAA,IACL,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,SAAS,KAAK,WAAW,EAAE;AAAA,IAC5D;AAAA,EACF;AACF;AAWO,SAAS,YAAY,SAAiB,KAA2B;AACtE,QAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,oBAAoB,OAAO;AAAA,IAC7B;AAAA,EACF;AACA,QAAM,CAAC,SAAS,OAAO,IAAI;AAE3B,QAAM,WAAW,IAAI,CAAC,cAAc,SAAS,OAAO,GAAG,GAAG,EAAE,KAAK;AACjE,QAAM,WAAW,IAAI,CAAC,aAAa,YAAY,GAAG,OAAO,WAAW,GAAG,GAAG,EAAE,KAAK;AACjF,QAAM,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,MAAM,OAAO,EAAE,GAAG,GAAG;AAEzD,SAAO,EAAE,SAAS,UAAU,UAAU,KAAK;AAC7C;AAWO,SAAS,OAAO,MAAgB,KAAqB;AAC1D,MAAI;AACF,WAAO,aAAa,OAAO,MAAM;AAAA,MAC/B;AAAA,MACA,UAAU;AAAA,MACV,WAAW,KAAK,OAAO;AAAA;AAAA,MACvB,OAAO,CAAC,UAAU,QAAQ,MAAM;AAAA,IAClC,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,UAAM,SAAU,KAA6C;AAC7D,UAAM,aACJ,OAAO,WAAW,WAAW,SAAS,QAAQ,SAAS,MAAM,KAAK;AACpE,UAAM,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC5D,UAAM,IAAI;AAAA,MACR,OAAO,KAAK,KAAK,GAAG,CAAC,YAAY,WAAW,KAAK,KAAK,IAAI;AAAA,IAC5D;AAAA,EACF;AACF;AAGA,IAAM,MAAM;;;AC/TZ,SAAS,YAAY,WAAW,cAAc,gBAAgB;AAC9D,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY,MAAM,eAAe;AAE5C,SAAS,aAAa,YAAoB,QAAQ,IAAI,GAAW;AACtE,MAAI,UAAU,QAAQ,SAAS;AAC/B,SAAO,MAAM;AACX,QAAI,WAAW,KAAK,SAAS,MAAM,CAAC,EAAG,QAAO;AAC9C,UAAM,SAAS,QAAQ,OAAO;AAC9B,QAAI,WAAW,SAAS;AACtB,YAAM,IAAI;AAAA,QACR,iDAAiD,SAAS;AAAA,MAC5D;AAAA,IACF;AACA,cAAU;AAAA,EACZ;AACF;AAEO,SAAS,eAAe,UAA0B;AACvD,SAAO,KAAK,UAAU,QAAQ;AAChC;AAEO,SAAS,kBAAkB,UAA0B;AAC1D,SAAO,KAAK,UAAU,UAAU,WAAW;AAC7C;AAEO,SAAS,oBAAoB,UAA0B;AAC5D,SAAO,KAAK,UAAU,UAAU,cAAc;AAChD;AAEO,SAAS,gBAAgB,UAA0B;AACxD,SAAO,KAAK,UAAU,UAAU,YAAY;AAC9C;AAEO,SAAS,iBAAiB,UAA0B;AACzD,SAAO,KAAK,aAAa,QAAQ,GAAG,SAAS,UAAU;AACzD;AAOO,SAAS,yBAAyB,UAA0B;AACjE,SAAO,KAAK,aAAa,QAAQ,GAAG,SAAS,kBAAkB;AACjE;AAaO,SAAS,aAAa,UAA0B;AACrD,QAAM,SAAS,KAAK,UAAU,MAAM;AACpC,QAAM,KAAK,SAAS,MAAM;AAC1B,MAAI,GAAG,YAAY,EAAG,QAAO;AAK7B,QAAM,WAAW,aAAa,QAAQ,MAAM;AAC5C,QAAM,QAAQ,SAAS,MAAM,mBAAmB;AAChD,MAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG;AACvB,UAAM,IAAI;AAAA,MACR,sBAAsB,QAAQ,wDAAwD,SAAS,MAAM,GAAG,GAAG,CAAC;AAAA,IAC9G;AAAA,EACF;AACA,QAAM,YAAY,MAAM,CAAC,EAAE,KAAK;AAChC,QAAM,SAAS,WAAW,SAAS,IAAI,YAAY,QAAQ,UAAU,SAAS;AAE9E,QAAM,gBAAgB,KAAK,QAAQ,WAAW;AAC9C,MAAI,CAAC,WAAW,aAAa,EAAG,QAAO;AACvC,QAAM,eAAe,aAAa,eAAe,MAAM,EAAE,KAAK;AAC9D,SAAO,WAAW,YAAY,IAAI,eAAe,QAAQ,QAAQ,YAAY;AAC/E;AAEO,SAAS,cAAsB;AACpC,SAAO,KAAK,QAAQ,GAAG,UAAU,MAAM;AACzC;AAOO,SAAS,uBAA+B;AAC7C,SAAO,KAAK,QAAQ,GAAG,UAAU,YAAY;AAC/C;AAYO,SAAS,iBAAyB;AACvC,SAAO,KAAK,QAAQ,GAAG,UAAU,YAAY;AAC/C;AAEO,SAAS,UAAU,MAAc,OAAO,KAAa;AAC1D,MAAI,CAAC,WAAW,IAAI,GAAG;AACrB,cAAU,MAAM,EAAE,WAAW,MAAM,KAAK,CAAC;AAAA,EAC3C;AACF;AAEO,SAAS,OAAO,MAAuB;AAC5C,MAAI;AACF,WAAO,SAAS,IAAI,EAAE,OAAO;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACzHA,SAAS,WAAW,cAAAA,mBAAkB;AACtC,SAAS,oBAAoB;AAC7B,SAAS,WAAAC,gBAAe;AAoBjB,IAAM,uBAAuB;AAqF7B,SAAS,OAAO,MAA4B;AAMjD,QAAM,MAAMC,SAAQ,IAAI;AACxB,YAAU,KAAK,GAAK;AACpB,YAAU,KAAK,GAAK;AAEpB,QAAM,KAAK,IAAI,aAAa,IAAI;AAChC,KAAG,KAAK,2BAA2B;AACnC,KAAG,KAAK,0BAA0B;AAClC,aAAW,EAAE;AAOb,YAAU,MAAM,GAAK;AACrB,aAAW,WAAW,CAAC,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM,GAAG;AACpD,QAAIC,YAAW,OAAO,EAAG,WAAU,SAAS,GAAK;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,WAAW,IAAwB;AAO1C,KAAG,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBP;AAiBD,QAAM,OAAO,GAAG,QAAQ,4BAA4B,EAAE,IAAI;AAC1D,QAAM,OAAO,IAAI,IAAI,KAAK,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AAC5C,MAAI,CAAC,KAAK,IAAI,YAAY,GAAG;AAC3B,OAAG,KAAK,gDAAgD;AAAA,EAC1D;AACA,MAAI,CAAC,KAAK,IAAI,WAAW,GAAG;AAC1B,OAAG,KAAK,+CAA+C;AAAA,EACzD;AACA,MAAI,CAAC,KAAK,IAAI,aAAa,GAAG;AAC5B,OAAG,KAAK,iDAAiD;AAAA,EAC3D;AAQA,MAAI,CAAC,KAAK,IAAI,sBAAsB,GAAG;AACrC,OAAG,KAAK,0DAA0D;AAAA,EACpE;AACA,MAAI,CAAC,KAAK,IAAI,sBAAsB,GAAG;AACrC,OAAG,KAAK,0DAA0D;AAAA,EACpE;AACA,MAAI,CAAC,KAAK,IAAI,eAAe,GAAG;AAC9B,OAAG,KAAK,mDAAmD;AAAA,EAC7D;AACA,MAAI,CAAC,KAAK,IAAI,gBAAgB,GAAG;AAC/B,OAAG,KAAK,uDAAuD;AAAA,EACjE;AAGA,KAAG,KAAK;AAAA;AAAA;AAAA,GAGP;AACH;AAEO,SAAS,aACd,IACA,OACQ;AAUR,QAAM,KAAK,MAAM,qBAAqB;AACtC,QAAM,gBAAgB,OAAO,OAAO,OAAO;AAC3C,QAAM,OAAO,GAAG;AAAA,IACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMF;AACA,QAAM,SAAS,KAAK;AAAA,IAClB,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM,UAAU;AAAA,IAChB,MAAM,cAAc;AAAA,IACpB,MAAM,aAAa;AAAA,IACnB,MAAM,eAAe;AAAA,IACrB,IAAI,iBAAiB;AAAA,IACrB,IAAI,iBAAiB;AAAA,IACrB,IAAI,iBAAiB;AAAA,IACrB;AAAA,EACF;AACA,SAAO,OAAO,OAAO,eAAe;AACtC;AA6CO,SAAS,mBACd,IACA,UACA,UACqB;AACrB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAuBvB;AACD,SAAO,KAAK,IAAI,UAAU,QAAQ;AACpC;AAuBO,SAAS,kBACd,IACA,UACA,WACA,aACsB;AACtB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAMvB;AACD,QAAM,MAAM,KAAK,IAAI,UAAU,WAAW,WAAW;AAGrD,SAAO,OAAO;AAChB;AAeA,IAAM,sBAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAwBrB,SAAS,eACd,IACA,UACA,UACiB;AACjB,QAAM,OAAO,GAAG,QAAQ,mBAAmB;AAC3C,SAAO,KAAK,IAAI,UAAU,QAAQ;AACpC;AAMO,SAAS,cACd,IACA,UACA,UACgB;AAChB,QAAM,OAAO,GAAG,QAAQ,mBAAmB;AAC3C,SAAO,KAAK,IAAI,UAAU,QAAQ;AACpC;AA+BO,SAAS,sBACd,IACA,UACA,UACA,gBACuB;AACvB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAQvB;AACD,QAAM,MAAM,KAAK;AAAA,IACf;AAAA,IACA;AAAA,IACA,kBAAkB;AAAA,IAClB,kBAAkB;AAAA,EACpB;AACA,SAAO,OAAO;AAChB;AAEO,SAAS,cACd,IACA,OAA2B,CAAC,GACf;AACb,QAAM,QAAQ,KAAK,SAAS;AAW5B,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAQvB;AACD,SAAO,KAAK,IAAI,KAAK;AACvB;AAYO,SAAS,cACd,IACA,UACe;AACf,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAUvB;AACD,QAAM,MAAM,KAAK,IAAI,QAAQ;AAQ7B,SAAO;AAAA,IACL;AAAA,IACA,OAAO,IAAI,SAAS;AAAA,IACpB,UAAU,IAAI,YAAY;AAAA,IAC1B,mBAAmB,IAAI,qBAAqB;AAAA,IAC5C,QAAQ,IAAI,UAAU;AAAA,IACtB,YAAY,IAAI;AAAA,IAChB,WAAW,IAAI;AAAA,EACjB;AACF;AAEO,SAAS,wBACd,IACA,UACA,OACa;AAGb,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GASvB;AACD,SAAO,KAAK,IAAI,UAAU,KAAK;AACjC;AAwBO,SAAS,aACd,IACA,gBACiB;AACjB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAMvB;AACD,QAAM,OAAO,KAAK,IAAI,cAAc;AACpC,QAAM,QAAQ,KAAK,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,OAAO,CAAC;AACtD,SAAO,EAAE,OAAO,aAAa,KAAK;AACpC;AAQO,SAAS,aACd,IACA,gBACiB;AACjB,QAAM,OAAO,aAAa,IAAI,cAAc;AAC5C,MAAI,KAAK,UAAU,EAAG,QAAO;AAC7B,QAAM,MAAM,GAAG;AAAA,IACb;AAAA,EACF;AACA,MAAI,IAAI,cAAc;AACtB,SAAO;AACT;;;AClnBA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AACP;AAAA,EACE,aAAAC;AAAA,EACA;AAAA,EACA,gBAAAC;AAAA,EACA;AAAA,OACK;AACP,SAAS,QAAAC,aAAY;AAcrB,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAEjB,SAAS,kBAA2B;AACzC,QAAM,EAAE,WAAW,WAAW,IAAI,oBAAoB,SAAS;AAC/D,QAAM,gBAAgB,WAAW,OAAO;AAAA,IACtC,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC;AACD,QAAM,eAAe,UAAU,OAAO;AAAA,IACpC,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC;AACD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,aAAa,mBAAmB,YAAY;AAAA,EAC9C;AACF;AAEO,SAAS,mBAAmB,cAA8B;AAC/D,QAAM,MAAM,gBAAgB,YAAY;AACxC,QAAM,MAAM,IAAI,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AACtD,QAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,GAAG,EAAE,OAAO,KAAK;AAC1D,SAAO,UAAU,IAAI;AACvB;AAEO,SAAS,kBAAkC;AAChD,QAAM,MAAM,YAAY;AACxB,QAAM,WAAWC,MAAK,KAAK,gBAAgB;AAC3C,QAAM,UAAUA,MAAK,KAAK,eAAe;AACzC,MAAI,CAAC,OAAO,QAAQ,KAAK,CAAC,OAAO,OAAO,EAAG,QAAO;AAClD,QAAM,gBAAgBC,cAAa,UAAU,MAAM;AACnD,QAAM,eAAeA,cAAa,SAAS,MAAM;AACjD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,aAAa,mBAAmB,YAAY;AAAA,EAC9C;AACF;AAEO,SAAS,gBAAgB,IAAmB;AACjD,QAAM,MAAM,YAAY;AACxB,YAAU,KAAK,GAAK;AACpB,EAAAC,WAAU,KAAK,GAAK;AACpB,QAAM,WAAWF,MAAK,KAAK,gBAAgB;AAC3C,QAAM,UAAUA,MAAK,KAAK,eAAe;AACzC,gBAAc,UAAU,GAAG,eAAe,EAAE,MAAM,IAAM,CAAC;AACzD,gBAAc,SAAS,GAAG,cAAc,EAAE,MAAM,IAAM,CAAC;AACzD;AAEO,SAAS,oBAGd;AACA,QAAM,WAAW,gBAAgB;AACjC,MAAI,SAAU,QAAO,EAAE,SAAS,UAAU,SAAS,MAAM;AACzD,QAAM,KAAK,gBAAgB;AAC3B,kBAAgB,EAAE;AAClB,SAAO,EAAE,SAAS,IAAI,SAAS,KAAK;AACtC;AAEO,SAAS,6BAA6B,aAA6B;AAExE,SAAO,YAAY,QAAQ,KAAK,GAAG,IAAI;AACzC;AAUO,SAAS,eACd,UACA,aACe;AACf,QAAM,MAAM,oBAAoB,QAAQ;AACxC,MAAI;AACJ,MAAI;AACF,YAAQ,YAAY,GAAG;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACA,aAAW,KAAK,OAAO;AACrB,QAAI,CAAC,EAAE,SAAS,MAAM,EAAG;AACzB,QAAI;AACJ,QAAI;AACF,YAAMG,cAAaC,MAAK,KAAK,CAAC,GAAG,MAAM;AAAA,IACzC,QAAQ;AACN;AAAA,IACF;AACA,QAAI;AACF,UAAI,mBAAmB,GAAG,MAAM,YAAa,QAAO;AAAA,IACtD,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO;AACT;;;AC3GO,IAAM,0BAA0B;AAChC,IAAM,+BAA+B;AAkDrC,IAAM,wBAAwB;AAC9B,IAAM,yBAAyB;AAW/B,IAAM,oBAAoB,KAAK;AAS/B,SAAS,iBAAiB,GAA+B;AAC9D,SAAO,OAAO,KAAK,KAAK,UAAU,CAAC,GAAG,MAAM;AAC9C;AAEO,SAAS,sBAAsB,GAA+B;AACnE,SAAO,iBAAiB,CAAC,EAAE,SAAS,QAAQ;AAC9C;AAOO,SAAS,2BAA2B,KAAqB;AAC9D,SAAO,OAAO,KAAK,KAAK,QAAQ;AAClC;AAYO,SAAS,uBACdC,gBAC0B;AAC1B,QAAM,eAAeA,eAAc;AAAA,IACjC,IAAI,OAAO,IAAI,qBAAqB,cAAc,GAAG;AAAA,EACvD;AACA,QAAM,WAAWA,eAAc;AAAA,IAC7B,IAAI,OAAO,IAAI,sBAAsB,cAAc,GAAG;AAAA,EACxD;AACA,MAAI,CAAC,gBAAgB,CAAC,SAAU,QAAO;AACvC,QAAM,aAAa,aAAa,CAAC,GAAG,KAAK;AACzC,QAAM,SAAS,SAAS,CAAC,GAAG,KAAK;AACjC,MAAI,CAAC,cAAc,CAAC,OAAQ,QAAO;AAInC,MAAI,WAAW,SAAS,kBAAmB,QAAO;AAClD,QAAM,eAAe,2BAA2B,UAAU;AAC1D,MAAI,aAAa,SAAS,kBAAmB,QAAO;AACpD,QAAM,UAAU,KAAK,MAAM,aAAa,SAAS,MAAM,CAAC;AACxD,SAAO,EAAE,SAAS,cAAc,iBAAiB,OAAO;AAC1D;AAMO,SAAS,eACd,GACA,iBACQ;AACR,SACE,GAAG,qBAAqB,KAAK,sBAAsB,CAAC,CAAC;AAAA,EAClD,sBAAsB,KAAK,eAAe;AAEjD;;;AC1JA,SAAS,kBAAkB,mBAAAC,kBAAiB,MAAM,cAAc;AAQzD,SAAS,UAAU,eAAuB,MAAsB;AACrE,QAAM,MAAM,iBAAiB,aAAa;AAC1C,QAAM,MAAM,KAAK,MAAM,MAAM,GAAG;AAChC,SAAO,IAAI,SAAS,QAAQ;AAC9B;AAEO,SAAS,YACd,cACA,MACA,iBACS;AACT,QAAM,MAAMA,iBAAgB,YAAY;AACxC,QAAM,MAAM,OAAO,KAAK,iBAAiB,QAAQ;AACjD,SAAO,OAAO,MAAM,MAAM,KAAK,GAAG;AACpC;","names":["existsSync","dirname","dirname","existsSync","chmodSync","readFileSync","join","join","readFileSync","chmodSync","readFileSync","join","commitMessage","createPublicKey"]}
+{"version":3,"sources":["../src/lib/git.ts","../src/lib/paths.ts","../src/lib/db.ts","../src/lib/keys.ts","../src/lib/attestation.ts","../src/lib/signing.ts"],"sourcesContent":["import { execFileSync, spawnSync } from \"node:child_process\";\n\nexport interface ResolvedDiff {\n  /** Original revspec as passed by the user, e.g. \"main..HEAD\" */\n  revspec: string;\n  /** Commit SHA of the merge base (the \"base\" of the diff) */\n  base_sha: string;\n  /** Commit SHA of the head being reviewed */\n  head_sha: string;\n  /** Unified diff text covering the change from base to head */\n  diff: string;\n}\n\nexport interface CommitSummary {\n  sha: string;\n  title: string;\n  author: string;\n  date: string;\n  /** Full commit message body */\n  body: string;\n  /** Parent SHAs (typically 1 for normal commits, 2 for merges) */\n  parents: string[];\n}\n\nexport function currentBranch(cwd: string): string {\n  return git([\"rev-parse\", \"--abbrev-ref\", \"HEAD\"], cwd).trim();\n}\n\n/**\n * First-parent commit history on a branch — follows only the branch's linear\n * history, skipping commits that came in via merged feature branches. This\n * matches what the pre-receive hook verifies on push.\n */\nexport function firstParentCommits(\n  branch: string,\n  limit: number,\n  cwd: string,\n): CommitSummary[] {\n  const sep = \"----stamp-record-end----\";\n  const fmt = `%H%n%P%n%an <%ae>%n%ai%n%s%n%n%b${sep}`;\n  const out = git(\n    [\"log\", \"--first-parent\", `-${limit}`, `--format=${fmt}`, branch],\n    cwd,\n  );\n  const records = out.split(sep).map((r) => r.trim()).filter(Boolean);\n  const commits: CommitSummary[] = [];\n  for (const rec of records) {\n    const lines = rec.split(\"\\n\");\n    if (lines.length < 5) continue;\n    const [sha, parents, author, date, title, ...rest] = lines as [\n      string,\n      string,\n      string,\n      string,\n      string,\n      ...string[],\n    ];\n    const body = rest.join(\"\\n\").replace(/^\\n+/, \"\").trimEnd();\n    commits.push({\n      sha,\n      parents: parents.split(/\\s+/).filter(Boolean),\n      author,\n      date,\n      title,\n      body,\n    });\n  }\n  return commits;\n}\n\nexport function commitMessage(sha: string, cwd: string): string {\n  return git([\"show\", \"-s\", \"--format=%B\", sha], cwd);\n}\n\n/**\n * Read a file's contents from a specific git tree (commit / tag / branch /\n * tree-ish). Wraps `git show <ref>:<path>`. Throws via runGit's stderr-\n * capturing path if the file doesn't exist at that ref.\n *\n * Used by `stamp review` and `stamp merge` to source reviewer config +\n * prompts from the merge-base tree (rather than the working tree), which is\n * the security boundary that prevents a feature branch from reviewing\n * itself with a reviewer prompt it just modified.\n */\nexport function showAtRef(ref: string, path: string, cwd: string): string {\n  return runGit([\"show\", `${ref}:${path}`], cwd);\n}\n\n/**\n * List basenames directly under `<ref>:<dirPath>` (non-recursive). Empty\n * array if the directory doesn't exist at `<ref>` — distinguished from\n * \"git error\" by branching on git ls-tree's exit code the same way\n * `pathExistsAtRef` does. Used by `stamp review` (AGT-332) to enumerate\n * `.stamp/trusted-keys/*.pub` at base_sha so each pubkey can be loaded\n * from the merge-base tree (NOT the working tree — same security\n * boundary as reviewer prompts).\n */\nexport function listFilesAtRef(\n  ref: string,\n  dirPath: string,\n  cwd: string,\n): string[] {\n  // `--name-only` keeps the output a clean list of relative paths; we\n  // strip the directory prefix here so callers get bare filenames. The\n  // trailing `/` on the path argument tells ls-tree to enter the tree\n  // rather than echo the entry for the directory itself.\n  const result = spawnSync(\n    \"git\",\n    [\"ls-tree\", \"--name-only\", `${ref}`, `${dirPath}/`],\n    { cwd, stdio: [\"ignore\", \"pipe\", \"pipe\"] },\n  );\n  if (result.status === 128) return []; // directory absent at ref\n  if (result.status !== 0) {\n    const stderr = result.stderr?.toString(\"utf8\").trim() ?? \"\";\n    throw new Error(\n      `git ls-tree ${ref}:${dirPath} failed (status ${result.status}): ${stderr || \"(no stderr)\"}`,\n    );\n  }\n  const text = result.stdout?.toString(\"utf8\") ?? \"\";\n  return text\n    .split(\"\\n\")\n    .filter((line) => line.length > 0)\n    .map((line) => {\n      const prefix = `${dirPath}/`;\n      return line.startsWith(prefix) ? line.slice(prefix.length) : line;\n    });\n}\n\n/**\n * True when `<path>` exists in the tree at `<ref>`. Use this when \"missing\"\n * is a legitimate state to branch on rather than an error to recover from —\n * e.g. probing for an optional file like a reviewer lock that may or may\n * not be pinned.\n *\n * Branches on `git cat-file -e`'s exit code: 0 = present, 128 = absent\n * (git's catch-all for \"path or ref didn't resolve\"), anything else =\n * unexpected failure (rethrown). Matches the status-128 = \"legitimate\n * bootstrap state\" convention loadConfigAtSha already uses in verify.ts.\n *\n * Use this instead of try/catch around `git show` when absence is expected,\n * so genuine non-128 failures aren't silently swallowed as \"absent.\"\n */\nexport function pathExistsAtRef(\n  ref: string,\n  path: string,\n  cwd: string,\n): boolean {\n  const result = spawnSync(\"git\", [\"cat-file\", \"-e\", `${ref}:${path}`], {\n    cwd,\n    stdio: [\"ignore\", \"ignore\", \"pipe\"],\n  });\n  if (result.status === 0) return true;\n  if (result.status === 128) return false;\n  const stderr = result.stderr?.toString(\"utf8\").trim() ?? \"\";\n  throw new Error(\n    `git cat-file -e ${ref}:${path} failed (status ${result.status}): ${stderr || \"(no stderr)\"}`,\n  );\n}\n\n/**\n * True when `<path>` is already tracked by git on the current branch. Used\n * by `stamp init` to detect \"is this the first time we're adding stamp\n * config\" — the bootstrap moment where the scaffolding files can be\n * committed directly to main.\n *\n * `--error-unmatch` exits non-zero if the path isn't tracked, so we just\n * branch on whether the call throws.\n */\nexport function isPathTracked(path: string, cwd: string): boolean {\n  try {\n    runGit([\"ls-files\", \"--error-unmatch\", path], cwd);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * True when the repository has at least one commit on HEAD. False on a\n * freshly `git init`'d repo where no commits have been made yet.\n */\nexport function repoHasAnyCommit(cwd: string): boolean {\n  try {\n    runGit([\"rev-parse\", \"--verify\", \"HEAD\"], cwd);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * True when `maybeAncestor` is an ancestor of (or equal to) `descendant`.\n * Wraps `git merge-base --is-ancestor`: exit 0 = ancestor, 1 = not, anything\n * else = git error (rethrown).\n *\n * Used by `stamp review` to decide whether a previously-recorded verdict\n * applies to the current branch: a prior head_sha is \"on this branch\" iff\n * it's an ancestor of the current head, which rules out sibling branches\n * that happen to share a base_sha (parallel feature branches off main).\n */\nexport function isAncestor(\n  maybeAncestor: string,\n  descendant: string,\n  cwd: string,\n): boolean {\n  const result = spawnSync(\n    \"git\",\n    [\"merge-base\", \"--is-ancestor\", maybeAncestor, descendant],\n    { cwd, stdio: [\"ignore\", \"ignore\", \"pipe\"] },\n  );\n  if (result.status === 0) return true;\n  if (result.status === 1) return false;\n  const stderr = result.stderr?.toString(\"utf8\").trim() ?? \"\";\n  throw new Error(\n    `git merge-base --is-ancestor ${maybeAncestor} ${descendant} failed (status ${result.status}): ${stderr || \"(no stderr)\"}`,\n  );\n}\n\nexport function commitSummary(sha: string, cwd: string): CommitSummary {\n  const commits = firstParentCommits(sha, 1, cwd);\n  if (commits.length === 0) {\n    throw new Error(`commit ${sha} not found`);\n  }\n  return commits[0]!;\n}\n\n/**\n * Returns the SHA of the first parent of `sha`, or null if the commit has\n * no parent (root commit) or the lookup otherwise fails. Used by review's\n * carry-forward gate to detect amend/squash iteration — two commits with\n * the same first-parent are siblings produced by `git commit --amend` (or\n * `git reset --soft HEAD~ && git commit`), the dominant agent workflow\n * for single-commit feature branches.\n */\nexport function parentSha(sha: string, cwd: string): string | null {\n  try {\n    return git([\"rev-parse\", `${sha}^`], cwd).trim();\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Diff between two commits (`<priorHead>..<currentHead>`) with enlarged\n * unified-context lines. Used by `stamp review` to feed the LLM ONLY the\n * code that has changed since a prior approved/rejected review on the same\n * branch — the structural fix for \"reviewer flips verdict on unchanged\n * lines across rounds.\" The 20-line default context is wider than git's\n * default 3 so the reviewer has enough surrounding code to judge the\n * delta, but still narrow enough that the model cannot see (and therefore\n * cannot re-flag) code far from the changed hunks. Throws if either ref\n * doesn't resolve.\n */\nexport function deltaDiff(\n  priorHead: string,\n  currentHead: string,\n  cwd: string,\n  contextLines = 20,\n): string {\n  return git(\n    [\"diff\", `-U${contextLines}`, `${priorHead}..${currentHead}`],\n    cwd,\n  );\n}\n\n/**\n * Parse and resolve a git revspec of the form \"<base>..<head>\".\n * - base_sha is merge-base(<base>, <head>), the point at which <head> diverged\n * - head_sha is the commit SHA that <head> currently points to\n * - diff is `git diff <base>...<head>` — changes introduced by <head>\n *   relative to <base>, ignoring any changes that <base> has since made\n *\n * Throws on invalid revspecs or on git failures.\n */\nexport function resolveDiff(revspec: string, cwd: string): ResolvedDiff {\n  const parts = revspec.split(\"..\");\n  if (parts.length !== 2 || !parts[0] || !parts[1]) {\n    throw new Error(\n      `invalid revspec \"${revspec}\": expected form <base>..<head> (two dots)`,\n    );\n  }\n  const [baseRef, headRef] = parts;\n\n  const base_sha = git([\"merge-base\", baseRef, headRef], cwd).trim();\n  const head_sha = git([\"rev-parse\", \"--verify\", `${headRef}^{commit}`], cwd).trim();\n  const diff = git([\"diff\", `${baseRef}...${headRef}`], cwd);\n\n  return { revspec, base_sha, head_sha, diff };\n}\n\n/**\n * Shared git-shell helper used by every command that needs to run git\n * subprocesses. Captures stderr (rather than inheriting it) so failures\n * surface via the thrown message — no raw `fatal: ...` lines bleed onto\n * the user's terminal alongside otherwise-successful output. Returns\n * stdout as utf-8.\n *\n * Use this in command modules (commands/*.ts) instead of a local copy.\n */\nexport function runGit(args: string[], cwd: string): string {\n  try {\n    return execFileSync(\"git\", args, {\n      cwd,\n      encoding: \"utf8\",\n      maxBuffer: 64 * 1024 * 1024, // 64MB; big diffs happen\n      stdio: [\"ignore\", \"pipe\", \"pipe\"],\n    });\n  } catch (err) {\n    const stderr = (err as { stderr?: Buffer | string } | null)?.stderr;\n    const stderrText =\n      typeof stderr === \"string\" ? stderr : stderr?.toString(\"utf8\") ?? \"\";\n    const base = err instanceof Error ? err.message : String(err);\n    throw new Error(\n      `git ${args.join(\" \")} failed: ${stderrText.trim() || base}`,\n    );\n  }\n}\n\n// Local alias so existing callers in this file keep their short name.\nconst git = runGit;\n","import { existsSync, mkdirSync, readFileSync, statSync } from \"node:fs\";\nimport { homedir } from \"node:os\";\nimport { dirname, isAbsolute, join, resolve } from \"node:path\";\n\nexport function findRepoRoot(startFrom: string = process.cwd()): string {\n  let current = resolve(startFrom);\n  while (true) {\n    if (existsSync(join(current, \".git\"))) return current;\n    const parent = dirname(current);\n    if (parent === current) {\n      throw new Error(\n        `not inside a git repository (searched up from ${startFrom})`,\n      );\n    }\n    current = parent;\n  }\n}\n\nexport function stampConfigDir(repoRoot: string): string {\n  return join(repoRoot, \".stamp\");\n}\n\nexport function stampReviewersDir(repoRoot: string): string {\n  return join(repoRoot, \".stamp\", \"reviewers\");\n}\n\nexport function stampTrustedKeysDir(repoRoot: string): string {\n  return join(repoRoot, \".stamp\", \"trusted-keys\");\n}\n\nexport function stampConfigFile(repoRoot: string): string {\n  return join(repoRoot, \".stamp\", \"config.yml\");\n}\n\nexport function stampStateDbPath(repoRoot: string): string {\n  return join(gitCommonDir(repoRoot), \"stamp\", \"state.db\");\n}\n\n/**\n * Marker file that records \"we have shown the LLM data-flow notice in this\n * repo at least once.\" Lives next to state.db under the git common dir so\n * it's per-repo (not per-worktree, not committed).\n */\nexport function stampLlmNoticeMarkerPath(repoRoot: string): string {\n  return join(gitCommonDir(repoRoot), \"stamp\", \"llm-notice-shown\");\n}\n\n/**\n * Resolve the git common directory for `repoRoot`. For a normal checkout this\n * is `<repoRoot>/.git`; for a worktree, `<repoRoot>/.git` is a *file* of the\n * form `gitdir: <path>` and the real common dir lives at `<gitdir>/commondir`\n * (a path relative to gitdir, typically `../..`). Mirrors `git rev-parse\n * --git-common-dir` without spawning git.\n *\n * State that should be shared across every worktree of one repository (review\n * verdicts, the per-machine sqlite db) lives under this common dir, so callers\n * resolve their paths through here rather than hard-coding `<repoRoot>/.git`.\n */\nexport function gitCommonDir(repoRoot: string): string {\n  const dotGit = join(repoRoot, \".git\");\n  const st = statSync(dotGit);\n  if (st.isDirectory()) return dotGit;\n\n  // Worktree (or submodule): `.git` is a file. Parse the `gitdir:` line, then\n  // follow the `commondir` pointer from there. Submodules have no `commondir`,\n  // so the gitdir itself is the writable common dir — fall through to that.\n  const contents = readFileSync(dotGit, \"utf8\");\n  const match = contents.match(/^gitdir:\\s*(.+)$/m);\n  if (!match || !match[1]) {\n    throw new Error(\n      `expected '.git' at ${repoRoot} to be a directory or a 'gitdir:' pointer file, got: ${contents.slice(0, 120)}`,\n    );\n  }\n  const gitdirRaw = match[1].trim();\n  const gitdir = isAbsolute(gitdirRaw) ? gitdirRaw : resolve(repoRoot, gitdirRaw);\n\n  const commondirPath = join(gitdir, \"commondir\");\n  if (!existsSync(commondirPath)) return gitdir;\n  const commondirRaw = readFileSync(commondirPath, \"utf8\").trim();\n  return isAbsolute(commondirRaw) ? commondirRaw : resolve(gitdir, commondirRaw);\n}\n\nexport function userKeysDir(): string {\n  return join(homedir(), \".stamp\", \"keys\");\n}\n\n/**\n * Per-user stamp-server config. Holds {host, port, user, repo_root_prefix}\n * so commands like `stamp provision` can reach the operator's stamp server\n * without making the agent guess at SSH endpoints.\n */\nexport function userServerConfigPath(): string {\n  return join(homedir(), \".stamp\", \"server.yml\");\n}\n\n/**\n * Per-user stamp config. Today holds reviewer-model selections; structured\n * as a top-level object so future per-user knobs (telemetry sinks, default\n * timeouts, etc.) can land alongside without renaming the file. Lives\n * separately from per-repo `.stamp/config.yml` because cost/speed is\n * operator infrastructure rather than committed review policy — different\n * operators on the same repo are free to pick different models without\n * a merge-conflict over preference, and this file is intentionally\n * EXCLUDED from the v3 reviewer attestation hash chain.\n */\nexport function userConfigPath(): string {\n  return join(homedir(), \".stamp\", \"config.yml\");\n}\n\nexport function ensureDir(path: string, mode = 0o755): void {\n  if (!existsSync(path)) {\n    mkdirSync(path, { recursive: true, mode });\n  }\n}\n\nexport function isFile(path: string): boolean {\n  try {\n    return statSync(path).isFile();\n  } catch {\n    return false;\n  }\n}\n","import { chmodSync, existsSync } from \"node:fs\";\nimport { DatabaseSync } from \"node:sqlite\";\nimport { dirname } from \"node:path\";\nimport { ensureDir } from \"./paths.js\";\n\nexport type Verdict = \"approved\" | \"changes_requested\" | \"denied\";\n\n/**\n * `schema_version` value stamped onto rows produced under the stamp 2.x\n * server-attested review model. Rows persisted by 1.x clients have NULL\n * here — a 2.x-only verifier reads NULL as \"legacy unsigned, do NOT trust\n * for merge-gate purposes\" while still letting `stamp log` display the row.\n *\n * Mirrors `CURRENT_V4_SCHEMA_VERSION` in `attestationV4.ts` deliberately:\n * a row that carries a server-signed approval is, by construction, a v4\n * artifact, and any v4 verifier consuming this DB column should compare\n * with the same integer. We don't import the constant directly to avoid\n * a dependency cycle (`db.ts` is leaf-ish; `attestationV4.ts` may grow\n * imports from elsewhere) — the two integers are pinned together via the\n * doc comment instead, and a guard test in `tests/db.test.ts` asserts\n * they match so a future bump to one drags the other along.\n */\nexport const REVIEW_ROW_SCHEMA_V4 = 5;\n\nexport interface ReviewRow {\n  id: number;\n  reviewer: string;\n  base_sha: string;\n  head_sha: string;\n  verdict: Verdict;\n  issues: string | null;\n  /** JSON-encoded ToolCall[] (see lib/toolCalls.ts), or null for reviews\n   *  recorded before Step 4 shipped or where no tools were invoked. */\n  tool_calls: string | null;\n  /** SHA-256 hex of the diff bytes the reviewer evaluated. Null for rows\n   *  recorded before 1.8.0 shipped. Cache key with prompt_hash + reviewer. */\n  diff_hash: string | null;\n  /** SHA-256 hex of the reviewer prompt text. Null for rows recorded before\n   *  1.8.0 shipped. Cache key with diff_hash + reviewer. */\n  prompt_hash: string | null;\n  /** JSON-stringified `ApprovalV4` (see `lib/attestationV4.ts`) as returned\n   *  by stamp-server's `stamp-review` SSH verb. Null for rows produced by\n   *  pre-2.x clients OR by a 2.x client running in local-only mode (no\n   *  `review_server` configured). When non-null, `server_signature_b64`\n   *  and `server_key_id` are non-null as well (writer-side invariant\n   *  enforced by `recordReview`); when null, all three are null together. */\n  server_approval_json: string | null;\n  /** Base64 Ed25519 signature the server produced over\n   *  `canonicalSerializeApproval(approval)`. Non-null iff\n   *  `server_approval_json` is non-null. */\n  server_signature_b64: string | null;\n  /** `sha256:<hex>` fingerprint of the server's review-signing key — same\n   *  string format the trusted-keys manifest uses to identify keys (see\n   *  `lib/trustedKeysManifest.ts`). Duplicates the `server_key_id` embedded\n   *  inside the signed `server_approval_json`; stored at the row level so\n   *  `stamp log` can render the signer without parsing the JSON blob, and\n   *  so AGT-334's `stamp merge` can index lookups by signer without\n   *  hydrating every approval. */\n  server_key_id: string | null;\n  /** Schema version of the persisted row. `null` for legacy 1.x rows that\n   *  predate the column; `REVIEW_ROW_SCHEMA_V4` for rows produced under\n   *  the server-attested model. The presence of a non-null value here is\n   *  the canonical marker that distinguishes a 2.x row from a 1.x row in\n   *  `stamp log` and (later) in AGT-334's merge-gate input filter. */\n  schema_version: number | null;\n  created_at: string;\n}\n\nexport interface RecordReviewInput {\n  reviewer: string;\n  base_sha: string;\n  head_sha: string;\n  verdict: Verdict;\n  issues?: string | null;\n  /** JSON-encoded ToolCall[] or null. See lib/toolCalls.ts. */\n  tool_calls?: string | null;\n  /** SHA-256 hex of the diff bytes (caller computes; see commands/review.ts).\n   *  Optional for pre-1.8.0 call sites that haven't been updated yet. */\n  diff_hash?: string | null;\n  /** SHA-256 hex of the reviewer prompt text. Optional for pre-1.8.0 call\n   *  sites that haven't been updated yet. */\n  prompt_hash?: string | null;\n  /** Server-attested approval persisted as a unit. Either provide all\n   *  three fields (server-attested 2.x row) or omit `serverAttestation`\n   *  entirely (local / 1.x-style row). Half-populated input is a writer\n   *  bug — `recordReview` enforces all-or-nothing so a downstream\n   *  verifier can rely on \"non-null server_approval_json ⇒ non-null\n   *  signature + key_id\" as a hard DB invariant.\n   *\n   *  AGT-334 (`stamp merge`) reads these back via `serverApprovalsFor`\n   *  to fold them into the v4 envelope; pre-2.x call sites simply\n   *  don't pass this field. */\n  serverAttestation?: {\n    /** JSON-serialized `ApprovalV4` — the bytes the server signed are\n     *  `canonicalSerializeApproval(parsed_approval)`, NOT this JSON\n     *  string verbatim (key order may differ; the canonical serializer\n     *  re-sorts at signature-verify time). */\n    approval_json: string;\n    /** Base64 Ed25519 over `canonicalSerializeApproval(approval)`. */\n    signature_b64: string;\n    /** `sha256:<hex>` server key fingerprint; must match the\n     *  `server_key_id` inside `approval_json`. The dup is intentional\n     *  (see `ReviewRow.server_key_id` docstring). */\n    server_key_id: string;\n  };\n}\n\nexport function openDb(path: string): DatabaseSync {\n  // Tighten parent directory to 0700 so peer users on shared/dev machines\n  // can't enter `.git/stamp/` to read state.db (or its WAL sidecars). Done\n  // before opening the DB so a brand-new file inherits the locked-down\n  // ancestor. Idempotent: chmodSync runs on every open even if ensureDir\n  // no-oped, which tightens an already-existing 0755 dir from prior versions.\n  const dir = dirname(path);\n  ensureDir(dir, 0o700);\n  chmodSync(dir, 0o700);\n\n  const db = new DatabaseSync(path);\n  db.exec(\"PRAGMA journal_mode = WAL\");\n  db.exec(\"PRAGMA foreign_keys = ON\");\n  initSchema(db);\n\n  // Tighten state.db itself plus the WAL sidecars (if SQLite has created\n  // them — `-wal` and `-shm` only exist while WAL writes are in flight or\n  // recently flushed). chmodSync targets the inode, not any open fd, so\n  // this is idempotent across opens; an in-flight write keeps its old fd\n  // mode but the on-disk bits flip immediately.\n  chmodSync(path, 0o600);\n  for (const sidecar of [`${path}-wal`, `${path}-shm`]) {\n    if (existsSync(sidecar)) chmodSync(sidecar, 0o600);\n  }\n\n  return db;\n}\n\nfunction initSchema(db: DatabaseSync): void {\n  // Base CREATE only — indexes that reference newly-added columns must wait\n  // until after the migration ALTERs below. Putting `idx_reviews_cache`\n  // here would crash on upgrade from ≤1.7.x: the CREATE TABLE no-ops\n  // (table exists with the old shape), then CREATE INDEX fails on the\n  // missing column, then the whole exec() throws and the ALTERs never\n  // run — leaving the DB stuck at the old schema forever.\n  db.exec(`\n    CREATE TABLE IF NOT EXISTS reviews (\n      id          INTEGER PRIMARY KEY AUTOINCREMENT,\n      reviewer    TEXT    NOT NULL,\n      base_sha    TEXT    NOT NULL,\n      head_sha    TEXT    NOT NULL,\n      verdict     TEXT    NOT NULL CHECK (verdict IN ('approved','changes_requested','denied')),\n      issues      TEXT,\n      tool_calls  TEXT,\n      diff_hash   TEXT,\n      prompt_hash TEXT,\n      created_at  TEXT    NOT NULL DEFAULT (datetime('now'))\n    );\n\n    CREATE INDEX IF NOT EXISTS idx_reviews_shas\n      ON reviews(base_sha, head_sha, reviewer);\n  `);\n\n  // Forward migrations: each column was added in a later release than the\n  // base schema. PRAGMA table_info lists current columns; missing ones get\n  // ALTER-added. Idempotent — repeat opens no-op.\n  //\n  // Forward-only by design: there is NO down-migration. A user who downgrades\n  // from a stamp version that ran these ALTERs back to one that doesn't know\n  // about them keeps the extra columns but the old binary simply ignores\n  // them (SELECTs naming explicit columns are unaffected; INSERTs through\n  // the old code path leave the new columns NULL). 1.x rows that predate\n  // these columns survive each migration step because ALTER TABLE ... ADD\n  // COLUMN populates existing rows with NULL — none of the additions take\n  // a NOT NULL constraint or a non-NULL default, so the legacy rows\n  // continue to read out with their original data intact and NULL in the\n  // new slots. That's the load-bearing AC for AGT-333 and is asserted\n  // structurally in `tests/db.test.ts` against a hand-built 1.x fixture.\n  const cols = db.prepare(\"PRAGMA table_info(reviews)\").all() as Array<{ name: string }>;\n  const have = new Set(cols.map((c) => c.name));\n  if (!have.has(\"tool_calls\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN tool_calls TEXT\");\n  }\n  if (!have.has(\"diff_hash\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN diff_hash TEXT\");\n  }\n  if (!have.has(\"prompt_hash\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN prompt_hash TEXT\");\n  }\n  // AGT-333 (stamp 2.x): server-attested review fields. All TEXT/INTEGER\n  // with no DEFAULT and no NOT NULL — that's what makes the 1.x-rows-\n  // survive guarantee mechanical: ALTER fills existing rows with NULL,\n  // every read site treats NULL as \"legacy / no server attestation here,\"\n  // and the writer-side invariant (`recordReview`) keeps the three server\n  // fields strictly all-or-nothing so downstream code never sees a half-\n  // populated row.\n  if (!have.has(\"server_approval_json\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN server_approval_json TEXT\");\n  }\n  if (!have.has(\"server_signature_b64\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN server_signature_b64 TEXT\");\n  }\n  if (!have.has(\"server_key_id\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN server_key_id TEXT\");\n  }\n  if (!have.has(\"schema_version\")) {\n    db.exec(\"ALTER TABLE reviews ADD COLUMN schema_version INTEGER\");\n  }\n  // Cache index created here (after the migration ALTERs above) so it works\n  // on both fresh installs and upgrades. Repeat-safe.\n  db.exec(`\n    CREATE INDEX IF NOT EXISTS idx_reviews_cache\n      ON reviews(reviewer, diff_hash, prompt_hash, created_at)\n  `);\n}\n\nexport function recordReview(\n  db: DatabaseSync,\n  input: RecordReviewInput,\n): number {\n  // All-or-nothing on the three server-attestation fields: every read\n  // site (stamp log marker, AGT-334's merge folder, future v4 verifier)\n  // treats \"row has a server signature\" as a binary state. Half-populated\n  // input here would let the row drift into an ambiguous middle state\n  // that no read site is prepared to handle. TypeScript already encodes\n  // this in `RecordReviewInput.serverAttestation` (the three fields ride\n  // together on a single object), but the runtime check guards against a\n  // future caller bypassing the type — and against accidental `as any`\n  // at the boundary.\n  const sa = input.serverAttestation ?? null;\n  const schemaVersion = sa === null ? null : REVIEW_ROW_SCHEMA_V4;\n  const stmt = db.prepare(\n    `INSERT INTO reviews\n       (reviewer, base_sha, head_sha, verdict, issues, tool_calls,\n        diff_hash, prompt_hash,\n        server_approval_json, server_signature_b64, server_key_id,\n        schema_version)\n     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,\n  );\n  const result = stmt.run(\n    input.reviewer,\n    input.base_sha,\n    input.head_sha,\n    input.verdict,\n    input.issues ?? null,\n    input.tool_calls ?? null,\n    input.diff_hash ?? null,\n    input.prompt_hash ?? null,\n    sa?.approval_json ?? null,\n    sa?.signature_b64 ?? null,\n    sa?.server_key_id ?? null,\n    schemaVersion,\n  );\n  return Number(result.lastInsertRowid);\n}\n\n/**\n * Server-attested row projection, returned by `serverApprovalsFor`. This\n * is the shape AGT-334's `stamp merge` consumes when folding stored\n * approvals into the v4 envelope — caller parses `approval_json` into\n * an `ApprovalV4` and wraps it with `signature_b64` + `server_key_id`\n * into an `ApprovalEntryV4`. Kept here (rather than in `attestationV4.ts`)\n * because `db.ts` is the boundary that knows the storage shape, and the\n * caller can do the JSON parse with full v4 typing.\n */\nexport interface ServerAttestedRow {\n  id: number;\n  reviewer: string;\n  base_sha: string;\n  head_sha: string;\n  verdict: Verdict;\n  /** JSON-stringified `ApprovalV4`. Caller `JSON.parse`s + canonical-\n   *  reserializes to verify the server's signature. */\n  approval_json: string;\n  /** Base64 Ed25519 over `canonicalSerializeApproval(approval)`. */\n  signature_b64: string;\n  /** `sha256:<hex>` server key fingerprint. */\n  server_key_id: string;\n  created_at: string;\n}\n\n/**\n * Return all server-attested rows for a given (base_sha, head_sha) pair,\n * one per reviewer (latest wins on ties — same `(created_at DESC, id DESC)`\n * ordering as `latestVerdicts`). Skips rows where `server_approval_json`\n * is NULL (legacy 1.x rows OR local-only 2.x rows with no server\n * attestation) — those are not eligible inputs to a v4 merge envelope.\n *\n * Intended consumer is AGT-334's `stamp merge`: it calls this, parses\n * each `approval_json`, and assembles `ApprovalEntryV4[]` for the v4\n * envelope. The merge code is responsible for verifying signatures and\n * matching `server_key_id` against the manifest at `base_sha` before\n * trusting the data.\n *\n * Returns rows in stable reviewer-name order so the resulting envelope\n * is deterministic across runs (the v4 canonical serializer sorts object\n * keys but preserves array order; deterministic input means deterministic\n * output, which matters for stamp's reproducibility property).\n */\nexport function serverApprovalsFor(\n  db: DatabaseSync,\n  base_sha: string,\n  head_sha: string,\n): ServerAttestedRow[] {\n  const stmt = db.prepare(`\n    SELECT id, reviewer, base_sha, head_sha, verdict,\n           server_approval_json AS approval_json,\n           server_signature_b64 AS signature_b64,\n           server_key_id,\n           created_at\n    FROM (\n      SELECT\n        id, reviewer, base_sha, head_sha, verdict,\n        server_approval_json,\n        server_signature_b64,\n        server_key_id,\n        created_at,\n        ROW_NUMBER() OVER (\n          PARTITION BY reviewer\n          ORDER BY created_at DESC, id DESC\n        ) AS rn\n      FROM reviews\n      WHERE base_sha = ? AND head_sha = ?\n        AND server_approval_json IS NOT NULL\n    )\n    WHERE rn = 1\n    ORDER BY reviewer ASC\n  `);\n  return stmt.all(base_sha, head_sha) as unknown as ServerAttestedRow[];\n}\n\nexport interface CachedVerdict {\n  verdict: Verdict;\n  /** Prose stored on the cached row; may be null on pre-prose rows. */\n  issues: string | null;\n  /** (base_sha, head_sha) the cached verdict was originally recorded against.\n   *  Surfaced in the cache-hit message so operators can trace provenance. */\n  base_sha: string;\n  head_sha: string;\n  created_at: string;\n}\n\n/**\n * Look up the most recent stored verdict for (reviewer, diff_hash, prompt_hash).\n * Both hashes are required — null/missing-hash rows never match, so pre-1.8.0\n * rows are silently skipped. Returns null when no matching row exists.\n *\n * Used by `stamp review` to short-circuit the LLM call when an identical\n * (diff, prompt, reviewer) tuple has already been evaluated. The point is\n * to break the treadmill where the model non-deterministically re-flips\n * verdicts on unchanged input.\n */\nexport function findCachedVerdict(\n  db: DatabaseSync,\n  reviewer: string,\n  diff_hash: string,\n  prompt_hash: string,\n): CachedVerdict | null {\n  const stmt = db.prepare(`\n    SELECT verdict, issues, base_sha, head_sha, created_at\n    FROM reviews\n    WHERE reviewer = ? AND diff_hash = ? AND prompt_hash = ?\n    ORDER BY created_at DESC, id DESC\n    LIMIT 1\n  `);\n  const row = stmt.get(reviewer, diff_hash, prompt_hash) as\n    | CachedVerdict\n    | undefined;\n  return row ?? null;\n}\n\nexport interface LatestVerdict {\n  reviewer: string;\n  verdict: Verdict;\n}\n\nexport interface LatestReview {\n  id: number;\n  reviewer: string;\n  verdict: Verdict;\n  issues: string | null;\n  tool_calls: string | null;\n}\n\nconst LATEST_VERDICTS_SQL = `\n  SELECT id, reviewer, verdict, issues, tool_calls\n  FROM (\n    SELECT\n      id,\n      reviewer,\n      verdict,\n      issues,\n      tool_calls,\n      ROW_NUMBER() OVER (\n        PARTITION BY reviewer\n        ORDER BY created_at DESC, id DESC\n      ) AS rn\n    FROM reviews\n    WHERE base_sha = ? AND head_sha = ?\n  )\n  WHERE rn = 1\n`;\n\n/**\n * For a given (base_sha, head_sha), return the latest verdict per reviewer.\n * Uses ROW_NUMBER() window function with (created_at DESC, id DESC) ordering\n * so same-second inserts tiebreak on insertion order.\n */\nexport function latestVerdicts(\n  db: DatabaseSync,\n  base_sha: string,\n  head_sha: string,\n): LatestVerdict[] {\n  const stmt = db.prepare(LATEST_VERDICTS_SQL);\n  return stmt.all(base_sha, head_sha) as unknown as LatestVerdict[];\n}\n\n/**\n * Same as latestVerdicts but also returns prose (for computing review_sha\n * during attestation, or for display).\n */\nexport function latestReviews(\n  db: DatabaseSync,\n  base_sha: string,\n  head_sha: string,\n): LatestReview[] {\n  const stmt = db.prepare(LATEST_VERDICTS_SQL);\n  return stmt.all(base_sha, head_sha) as unknown as LatestReview[];\n}\n\nexport interface PriorReviewRow {\n  /** Reviewer name (echoed for symmetry with the query input). */\n  reviewer: string;\n  /** Head SHA the prior verdict was recorded against. */\n  head_sha: string;\n  verdict: Verdict;\n  /** Prose body the reviewer submitted on the prior run; may be null on\n   *  pre-prose rows. */\n  issues: string | null;\n  /** ISO datetime when this row was inserted; surfaced so callers can show\n   *  age in operator-visible messaging if useful. */\n  created_at: string;\n}\n\n/**\n * Find the most recent prior review row by `reviewer` against the same\n * `base_sha`, excluding any row whose `head_sha` equals `excludeHeadSha`.\n * Returns null if no prior review exists.\n *\n * Used by `stamp review` to surface a reviewer's earlier verdict + prose\n * back into the prompt on subsequent runs of the same branch, so iterations\n * can ratchet toward approval instead of randomly re-flipping. The\n * `excludeHeadSha` argument is intended to be the current head_sha — we\n * want what came *before* the current attempt, not the row this very run\n * is about to write.\n *\n * Same ordering as latestVerdicts (created_at DESC, id DESC) so same-second\n * inserts tiebreak on insertion order.\n */\nexport function priorReviewByReviewer(\n  db: DatabaseSync,\n  reviewer: string,\n  base_sha: string,\n  excludeHeadSha?: string,\n): PriorReviewRow | null {\n  const stmt = db.prepare(`\n    SELECT reviewer, head_sha, verdict, issues, created_at\n    FROM reviews\n    WHERE reviewer = ?\n      AND base_sha = ?\n      AND (? IS NULL OR head_sha != ?)\n    ORDER BY created_at DESC, id DESC\n    LIMIT 1\n  `);\n  const row = stmt.get(\n    reviewer,\n    base_sha,\n    excludeHeadSha ?? null,\n    excludeHeadSha ?? null,\n  ) as PriorReviewRow | undefined;\n  return row ?? null;\n}\n\nexport function reviewHistory(\n  db: DatabaseSync,\n  opts: { limit?: number } = {},\n): ReviewRow[] {\n  const limit = opts.limit ?? 50;\n  // SELECT every column the ReviewRow type promises. The legacy version\n  // of this query only pulled a subset (id/reviewer/base/head/verdict/\n  // issues/created_at) and the implicit cast to ReviewRow[] put `undefined`\n  // into `tool_calls` / `diff_hash` / `prompt_hash` at runtime — a\n  // long-standing type lie. The marker logic added in AGT-333 needs\n  // `server_key_id` and `schema_version` to render the SIGNED-BY column,\n  // and the cheapest correct fix is to stop lying: pull the full row\n  // shape, let `stamp log` filter what it displays. The extra columns\n  // are TEXT/INTEGER scalars; the read-amplification is negligible at\n  // this command's call sites.\n  const stmt = db.prepare(`\n    SELECT id, reviewer, base_sha, head_sha, verdict, issues,\n           tool_calls, diff_hash, prompt_hash,\n           server_approval_json, server_signature_b64, server_key_id,\n           schema_version, created_at\n    FROM reviews\n    ORDER BY created_at DESC, id DESC\n    LIMIT ?\n  `);\n  return stmt.all(limit) as unknown as ReviewRow[];\n}\n\nexport interface ReviewerStats {\n  reviewer: string;\n  total: number;\n  approved: number;\n  changes_requested: number;\n  denied: number;\n  first_seen: string | null;\n  last_seen: string | null;\n}\n\nexport function reviewerStats(\n  db: DatabaseSync,\n  reviewer: string,\n): ReviewerStats {\n  const stmt = db.prepare(`\n    SELECT\n      COUNT(*) AS total,\n      SUM(CASE WHEN verdict = 'approved'          THEN 1 ELSE 0 END) AS approved,\n      SUM(CASE WHEN verdict = 'changes_requested' THEN 1 ELSE 0 END) AS changes_requested,\n      SUM(CASE WHEN verdict = 'denied'            THEN 1 ELSE 0 END) AS denied,\n      MIN(created_at) AS first_seen,\n      MAX(created_at) AS last_seen\n    FROM reviews\n    WHERE reviewer = ?\n  `);\n  const row = stmt.get(reviewer) as {\n    total: number;\n    approved: number | null;\n    changes_requested: number | null;\n    denied: number | null;\n    first_seen: string | null;\n    last_seen: string | null;\n  };\n  return {\n    reviewer,\n    total: row.total ?? 0,\n    approved: row.approved ?? 0,\n    changes_requested: row.changes_requested ?? 0,\n    denied: row.denied ?? 0,\n    first_seen: row.first_seen,\n    last_seen: row.last_seen,\n  };\n}\n\nexport function recentReviewsByReviewer(\n  db: DatabaseSync,\n  reviewer: string,\n  limit: number,\n): ReviewRow[] {\n  // See `reviewHistory` for the rationale on selecting the full row\n  // shape rather than a subset.\n  const stmt = db.prepare(`\n    SELECT id, reviewer, base_sha, head_sha, verdict, issues,\n           tool_calls, diff_hash, prompt_hash,\n           server_approval_json, server_signature_b64, server_key_id,\n           schema_version, created_at\n    FROM reviews\n    WHERE reviewer = ?\n    ORDER BY created_at DESC, id DESC\n    LIMIT ?\n  `);\n  return stmt.all(reviewer, limit) as unknown as ReviewRow[];\n}\n\nexport interface PrunePerReviewer {\n  reviewer: string;\n  count: number;\n}\n\nexport interface PrunePeekResult {\n  total: number;\n  perReviewer: PrunePerReviewer[];\n}\n\n/**\n * Count rows older than `now − sqliteModifier` per reviewer, without\n * deleting. Mirrors the row set that `pruneReviews` would delete given the\n * same modifier. Used by `--dry-run` and to compute the \"reviewers affected\"\n * count surfaced in non-dry-run output.\n *\n * `sqliteModifier` is a string suitable for SQLite's `datetime('now', ?)`\n * (e.g. `-30 days`, `-12 hours`); produced by parseRetentionDuration so the\n * cutoff is computed inside SQLite — avoids any wall-clock fencepost\n * between JS `Date.now()` and the `created_at` strings written via\n * `datetime('now')` at insert time.\n */\nexport function peekPrunable(\n  db: DatabaseSync,\n  sqliteModifier: string,\n): PrunePeekResult {\n  const stmt = db.prepare(`\n    SELECT reviewer, COUNT(*) AS count\n    FROM reviews\n    WHERE created_at < datetime('now', ?)\n    GROUP BY reviewer\n    ORDER BY reviewer\n  `);\n  const rows = stmt.all(sqliteModifier) as unknown as PrunePerReviewer[];\n  const total = rows.reduce((sum, r) => sum + r.count, 0);\n  return { total, perReviewer: rows };\n}\n\n/**\n * Delete rows older than `now − sqliteModifier`. Returns the same shape as\n * peekPrunable but with the actual deleted-row counts. The DELETE runs in\n * a single statement; callers must run VACUUM separately (and outside any\n * transaction) to actually shrink the file.\n */\nexport function pruneReviews(\n  db: DatabaseSync,\n  sqliteModifier: string,\n): PrunePeekResult {\n  const peek = peekPrunable(db, sqliteModifier);\n  if (peek.total === 0) return peek;\n  const del = db.prepare(\n    \"DELETE FROM reviews WHERE created_at < datetime('now', ?)\",\n  );\n  del.run(sqliteModifier);\n  return peek;\n}\n","import {\n  createHash,\n  createPublicKey,\n  generateKeyPairSync,\n  KeyObject,\n} from \"node:crypto\";\nimport {\n  chmodSync,\n  readdirSync,\n  readFileSync,\n  writeFileSync,\n} from \"node:fs\";\nimport { join } from \"node:path\";\nimport {\n  ensureDir,\n  isFile,\n  stampTrustedKeysDir,\n  userKeysDir,\n} from \"./paths.js\";\n\nexport interface Keypair {\n  privateKeyPem: string;\n  publicKeyPem: string;\n  fingerprint: string; // \"sha256:<hex>\"\n}\n\nconst PRIVATE_KEY_FILE = \"ed25519\";\nconst PUBLIC_KEY_FILE = \"ed25519.pub\";\n\nexport function generateKeypair(): Keypair {\n  const { publicKey, privateKey } = generateKeyPairSync(\"ed25519\");\n  const privateKeyPem = privateKey.export({\n    type: \"pkcs8\",\n    format: \"pem\",\n  }) as string;\n  const publicKeyPem = publicKey.export({\n    type: \"spki\",\n    format: \"pem\",\n  }) as string;\n  return {\n    privateKeyPem,\n    publicKeyPem,\n    fingerprint: fingerprintFromPem(publicKeyPem),\n  };\n}\n\nexport function fingerprintFromPem(publicKeyPem: string): string {\n  const pub = createPublicKey(publicKeyPem);\n  const raw = pub.export({ type: \"spki\", format: \"der\" }) as Buffer;\n  const hash = createHash(\"sha256\").update(raw).digest(\"hex\");\n  return `sha256:${hash}`;\n}\n\nexport function loadUserKeypair(): Keypair | null {\n  const dir = userKeysDir();\n  const privPath = join(dir, PRIVATE_KEY_FILE);\n  const pubPath = join(dir, PUBLIC_KEY_FILE);\n  if (!isFile(privPath) || !isFile(pubPath)) return null;\n  const privateKeyPem = readFileSync(privPath, \"utf8\");\n  const publicKeyPem = readFileSync(pubPath, \"utf8\");\n  return {\n    privateKeyPem,\n    publicKeyPem,\n    fingerprint: fingerprintFromPem(publicKeyPem),\n  };\n}\n\nexport function saveUserKeypair(kp: Keypair): void {\n  const dir = userKeysDir();\n  ensureDir(dir, 0o700);\n  chmodSync(dir, 0o700);\n  const privPath = join(dir, PRIVATE_KEY_FILE);\n  const pubPath = join(dir, PUBLIC_KEY_FILE);\n  writeFileSync(privPath, kp.privateKeyPem, { mode: 0o600 });\n  writeFileSync(pubPath, kp.publicKeyPem, { mode: 0o644 });\n}\n\nexport function ensureUserKeypair(): {\n  keypair: Keypair;\n  created: boolean;\n} {\n  const existing = loadUserKeypair();\n  if (existing) return { keypair: existing, created: false };\n  const kp = generateKeypair();\n  saveUserKeypair(kp);\n  return { keypair: kp, created: true };\n}\n\nexport function publicKeyFingerprintFilename(fingerprint: string): string {\n  // \"sha256:abc...\" -> \"sha256_abc....pub\" (colons are valid on unix but messy)\n  return fingerprint.replace(\":\", \"_\") + \".pub\";\n}\n\nexport function publicKeyFromObject(obj: KeyObject): string {\n  return obj.export({ type: \"spki\", format: \"pem\" }) as string;\n}\n\n/**\n * Look up a public key PEM in a repo's .stamp/trusted-keys/ directory by\n * fingerprint. Returns null if no file in the directory matches.\n */\nexport function findTrustedKey(\n  repoRoot: string,\n  fingerprint: string,\n): string | null {\n  const dir = stampTrustedKeysDir(repoRoot);\n  let files: string[];\n  try {\n    files = readdirSync(dir);\n  } catch {\n    return null;\n  }\n  for (const f of files) {\n    if (!f.endsWith(\".pub\")) continue;\n    let pem: string;\n    try {\n      pem = readFileSync(join(dir, f), \"utf8\");\n    } catch {\n      continue;\n    }\n    try {\n      if (fingerprintFromPem(pem) === fingerprint) return pem;\n    } catch {\n      // skip malformed keys\n    }\n  }\n  return null;\n}\n","import type { Verdict } from \"./db.js\";\nimport type { ToolCall } from \"./toolCalls.js\";\n\n/**\n * Current attestation payload schema version.\n *\n *   v1 (absent field) — initial shape; no hash binding to reviewer config.\n *   v2 — per-approval prompt/tools/mcp hashes, sourced from the merge\n *        commit's own tree. SECURITY ISSUE: a feature branch could modify\n *        a reviewer's prompt and the resulting attestation hash matched\n *        the modified prompt, so the server hook accepted a self-reviewing\n *        merge.\n *   v3 — same hash fields, but sourced from the merge-base tree (the\n *        common ancestor of the two merge parents). This is the version\n *        of the reviewer that existed BEFORE the diff, so a feature\n *        branch cannot self-review by modifying its own reviewer prompt.\n *\n * Verifiers reject v2 and below — they're known-broken under the self-\n * review attack. Only v3+ is accepted.\n */\nexport const CURRENT_PAYLOAD_VERSION = 3;\nexport const MIN_ACCEPTED_PAYLOAD_VERSION = 3;\n\nexport interface Approval {\n  reviewer: string;\n  verdict: Verdict;\n  /** sha256 of the review's prose, hex — lets verifiers tie attestation to a specific DB row */\n  review_sha: string;\n  /** v2+: sha256 of the reviewer's prompt file at merge time */\n  prompt_sha256?: string;\n  /** v2+: sha256 of the canonical-form tool allowlist (sorted JSON array) */\n  tools_sha256?: string;\n  /** v2+: sha256 of the canonical-form mcp_servers config (sorted-key JSON) */\n  mcp_sha256?: string;\n  /** v2+: canonical source the reviewer was fetched from (if a lock file\n   *  existed at merge time). Enables downstream audit: \"was this reviewer\n   *  fetched from an approved manifest at an approved version?\" */\n  reviewer_source?: {\n    source: string;\n    ref: string;\n  };\n  /** v2+: audit trace of tool calls the reviewer's agent made during review.\n   *  Each entry is `{ tool, input_sha256 }`. Not cryptographically verified —\n   *  the operator can forge the list — but catches lazy tampering and gives\n   *  auditors a concrete signal (\"did product call linear.get_issue at all?\").\n   *  Omitted or empty for reviewers that ran with no tools or where the SDK\n   *  version didn't surface tool-use blocks. */\n  tool_calls?: ToolCall[];\n}\n\nexport interface CheckAttestation {\n  name: string;\n  command: string;\n  exit_code: number;\n  output_sha: string;\n}\n\nexport interface AttestationPayload {\n  /** Schema version. Absent = v1 (pre-Step-2). Present = v2+. */\n  schema_version?: number;\n  base_sha: string;\n  head_sha: string;\n  target_branch: string;\n  approvals: Approval[];\n  /** Pre-merge checks that ran on the signer's machine and passed.\n   * Empty array if the branch has no required_checks configured. */\n  checks: CheckAttestation[];\n  /** \"sha256:<hex>\" fingerprint of the signer's public key */\n  signer_key_id: string;\n}\n\nexport const STAMP_PAYLOAD_TRAILER = \"Stamp-Payload\";\nexport const STAMP_VERIFIED_TRAILER = \"Stamp-Verified\";\n\n/**\n * Hard cap on the base64 trailer value AND its decoded bytes. parseCommit-\n * Attestation runs on every new commit in the pre-receive hook BEFORE the\n * Ed25519 signature is checked, so an attacker who can produce a commit\n * (any push attempt) could otherwise force JSON.parse on a multi-megabyte\n * payload before reaching the signature verification step that would\n * reject it. 64KB is generous for any sane attestation — the largest real\n * payloads are a few KB even with full tool-call traces.\n */\nexport const MAX_TRAILER_BYTES = 64 * 1024;\n\n/**\n * Serialize the payload to the exact bytes that will be signed. We do NOT\n * canonicalize JSON — the signer and verifier both operate on the base64\n * Stamp-Payload trailer value, so whatever bytes we produce here are the\n * same bytes the verifier base64-decodes. Deterministic serialization\n * isn't required for correctness.\n */\nexport function serializePayload(p: AttestationPayload): Buffer {\n  return Buffer.from(JSON.stringify(p), \"utf8\");\n}\n\nexport function payloadToTrailerValue(p: AttestationPayload): string {\n  return serializePayload(p).toString(\"base64\");\n}\n\nexport function trailerValueToPayload(b64: string): AttestationPayload {\n  const json = Buffer.from(b64, \"base64\").toString(\"utf8\");\n  return JSON.parse(json) as AttestationPayload;\n}\n\nexport function trailerValueToPayloadBytes(b64: string): Buffer {\n  return Buffer.from(b64, \"base64\");\n}\n\nexport interface ParsedAttestation {\n  payload: AttestationPayload;\n  payloadBytes: Buffer;\n  signatureBase64: string;\n}\n\n/**\n * Extract Stamp-Payload + Stamp-Verified trailers from a commit message.\n * Returns null if either is missing. Matches single-line trailer values.\n */\nexport function parseCommitAttestation(\n  commitMessage: string,\n): ParsedAttestation | null {\n  const payloadMatch = commitMessage.match(\n    new RegExp(`^${STAMP_PAYLOAD_TRAILER}:\\\\s*(.+)$`, \"m\"),\n  );\n  const sigMatch = commitMessage.match(\n    new RegExp(`^${STAMP_VERIFIED_TRAILER}:\\\\s*(.+)$`, \"m\"),\n  );\n  if (!payloadMatch || !sigMatch) return null;\n  const b64Payload = payloadMatch[1]?.trim();\n  const b64Sig = sigMatch[1]?.trim();\n  if (!b64Payload || !b64Sig) return null;\n\n  // Bail before allocating or parsing if the trailer is oversized — both as\n  // a base64 string and as decoded bytes. See MAX_TRAILER_BYTES rationale.\n  if (b64Payload.length > MAX_TRAILER_BYTES) return null;\n  const payloadBytes = trailerValueToPayloadBytes(b64Payload);\n  if (payloadBytes.length > MAX_TRAILER_BYTES) return null;\n  const payload = JSON.parse(payloadBytes.toString(\"utf8\")) as AttestationPayload;\n  return { payload, payloadBytes, signatureBase64: b64Sig };\n}\n\n/**\n * Format the two trailer lines. Suitable for appending to a commit message\n * body after a blank-line separator.\n */\nexport function formatTrailers(\n  p: AttestationPayload,\n  signatureBase64: string,\n): string {\n  return (\n    `${STAMP_PAYLOAD_TRAILER}: ${payloadToTrailerValue(p)}\\n` +\n    `${STAMP_VERIFIED_TRAILER}: ${signatureBase64}`\n  );\n}\n","import { createPrivateKey, createPublicKey, sign, verify } from \"node:crypto\";\n\n/**\n * Ed25519 signing. Per RFC 8032, Ed25519 signatures commit to the message\n * directly — no pre-hashing, no padding. Node's crypto.sign/verify accept\n * `null` as the algorithm to get this mode.\n */\n\nexport function signBytes(privateKeyPem: string, data: Buffer): string {\n  const key = createPrivateKey(privateKeyPem);\n  const sig = sign(null, data, key);\n  return sig.toString(\"base64\");\n}\n\nexport function verifyBytes(\n  publicKeyPem: string,\n  data: Buffer,\n  signatureBase64: string,\n): boolean {\n  const key = createPublicKey(publicKeyPem);\n  const sig = Buffer.from(signatureBase64, \"base64\");\n  return verify(null, data, key, sig);\n}\n"],"mappings":";;;;;;;;;AAAA,SAAS,cAAc,iBAAiB;AAwBjC,SAAS,cAAc,KAAqB;AACjD,SAAO,IAAI,CAAC,aAAa,gBAAgB,MAAM,GAAG,GAAG,EAAE,KAAK;AAC9D;AAOO,SAAS,mBACd,QACA,OACA,KACiB;AACjB,QAAM,MAAM;AACZ,QAAM,MAAM,mCAAmC,GAAG;AAClD,QAAM,MAAM;AAAA,IACV,CAAC,OAAO,kBAAkB,IAAI,KAAK,IAAI,YAAY,GAAG,IAAI,MAAM;AAAA,IAChE;AAAA,EACF;AACA,QAAM,UAAU,IAAI,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO;AAClE,QAAM,UAA2B,CAAC;AAClC,aAAW,OAAO,SAAS;AACzB,UAAM,QAAQ,IAAI,MAAM,IAAI;AAC5B,QAAI,MAAM,SAAS,EAAG;AACtB,UAAM,CAAC,KAAK,SAAS,QAAQ,MAAM,OAAO,GAAG,IAAI,IAAI;AAQrD,UAAM,OAAO,KAAK,KAAK,IAAI,EAAE,QAAQ,QAAQ,EAAE,EAAE,QAAQ;AACzD,YAAQ,KAAK;AAAA,MACX;AAAA,MACA,SAAS,QAAQ,MAAM,KAAK,EAAE,OAAO,OAAO;AAAA,MAC5C;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEO,SAAS,cAAc,KAAa,KAAqB;AAC9D,SAAO,IAAI,CAAC,QAAQ,MAAM,eAAe,GAAG,GAAG,GAAG;AACpD;AAYO,SAAS,UAAU,KAAa,MAAc,KAAqB;AACxE,SAAO,OAAO,CAAC,QAAQ,GAAG,GAAG,IAAI,IAAI,EAAE,GAAG,GAAG;AAC/C;AAWO,SAAS,eACd,KACA,SACA,KACU;AAKV,QAAM,SAAS;AAAA,IACb;AAAA,IACA,CAAC,WAAW,eAAe,GAAG,GAAG,IAAI,GAAG,OAAO,GAAG;AAAA,IAClD,EAAE,KAAK,OAAO,CAAC,UAAU,QAAQ,MAAM,EAAE;AAAA,EAC3C;AACA,MAAI,OAAO,WAAW,IAAK,QAAO,CAAC;AACnC,MAAI,OAAO,WAAW,GAAG;AACvB,UAAM,SAAS,OAAO,QAAQ,SAAS,MAAM,EAAE,KAAK,KAAK;AACzD,UAAM,IAAI;AAAA,MACR,eAAe,GAAG,IAAI,OAAO,mBAAmB,OAAO,MAAM,MAAM,UAAU,aAAa;AAAA,IAC5F;AAAA,EACF;AACA,QAAM,OAAO,OAAO,QAAQ,SAAS,MAAM,KAAK;AAChD,SAAO,KACJ,MAAM,IAAI,EACV,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,EAChC,IAAI,CAAC,SAAS;AACb,UAAM,SAAS,GAAG,OAAO;AACzB,WAAO,KAAK,WAAW,MAAM,IAAI,KAAK,MAAM,OAAO,MAAM,IAAI;AAAA,EAC/D,CAAC;AACL;AAgBO,SAAS,gBACd,KACA,MACA,KACS;AACT,QAAM,SAAS,UAAU,OAAO,CAAC,YAAY,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,GAAG;AAAA,IACpE;AAAA,IACA,OAAO,CAAC,UAAU,UAAU,MAAM;AAAA,EACpC,CAAC;AACD,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,MAAI,OAAO,WAAW,IAAK,QAAO;AAClC,QAAM,SAAS,OAAO,QAAQ,SAAS,MAAM,EAAE,KAAK,KAAK;AACzD,QAAM,IAAI;AAAA,IACR,mBAAmB,GAAG,IAAI,IAAI,mBAAmB,OAAO,MAAM,MAAM,UAAU,aAAa;AAAA,EAC7F;AACF;AAWO,SAAS,cAAc,MAAc,KAAsB;AAChE,MAAI;AACF,WAAO,CAAC,YAAY,mBAAmB,IAAI,GAAG,GAAG;AACjD,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMO,SAAS,iBAAiB,KAAsB;AACrD,MAAI;AACF,WAAO,CAAC,aAAa,YAAY,MAAM,GAAG,GAAG;AAC7C,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAYO,SAAS,WACd,eACA,YACA,KACS;AACT,QAAM,SAAS;AAAA,IACb;AAAA,IACA,CAAC,cAAc,iBAAiB,eAAe,UAAU;AAAA,IACzD,EAAE,KAAK,OAAO,CAAC,UAAU,UAAU,MAAM,EAAE;AAAA,EAC7C;AACA,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,QAAM,SAAS,OAAO,QAAQ,SAAS,MAAM,EAAE,KAAK,KAAK;AACzD,QAAM,IAAI;AAAA,IACR,gCAAgC,aAAa,IAAI,UAAU,mBAAmB,OAAO,MAAM,MAAM,UAAU,aAAa;AAAA,EAC1H;AACF;AAkBO,SAAS,UAAU,KAAa,KAA4B;AACjE,MAAI;AACF,WAAO,IAAI,CAAC,aAAa,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,KAAK;AAAA,EACjD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAaO,SAAS,UACd,WACA,aACA,KACA,eAAe,IACP;AACR,SAAO;AAAA,IACL,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,SAAS,KAAK,WAAW,EAAE;AAAA,IAC5D;AAAA,EACF;AACF;AAWO,SAAS,YAAY,SAAiB,KAA2B;AACtE,QAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,MAAI,MAAM,WAAW,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG;AAChD,UAAM,IAAI;AAAA,MACR,oBAAoB,OAAO;AAAA,IAC7B;AAAA,EACF;AACA,QAAM,CAAC,SAAS,OAAO,IAAI;AAE3B,QAAM,WAAW,IAAI,CAAC,cAAc,SAAS,OAAO,GAAG,GAAG,EAAE,KAAK;AACjE,QAAM,WAAW,IAAI,CAAC,aAAa,YAAY,GAAG,OAAO,WAAW,GAAG,GAAG,EAAE,KAAK;AACjF,QAAM,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,MAAM,OAAO,EAAE,GAAG,GAAG;AAEzD,SAAO,EAAE,SAAS,UAAU,UAAU,KAAK;AAC7C;AAWO,SAAS,OAAO,MAAgB,KAAqB;AAC1D,MAAI;AACF,WAAO,aAAa,OAAO,MAAM;AAAA,MAC/B;AAAA,MACA,UAAU;AAAA,MACV,WAAW,KAAK,OAAO;AAAA;AAAA,MACvB,OAAO,CAAC,UAAU,QAAQ,MAAM;AAAA,IAClC,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,UAAM,SAAU,KAA6C;AAC7D,UAAM,aACJ,OAAO,WAAW,WAAW,SAAS,QAAQ,SAAS,MAAM,KAAK;AACpE,UAAM,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC5D,UAAM,IAAI;AAAA,MACR,OAAO,KAAK,KAAK,GAAG,CAAC,YAAY,WAAW,KAAK,KAAK,IAAI;AAAA,IAC5D;AAAA,EACF;AACF;AAGA,IAAM,MAAM;;;AC/TZ,SAAS,YAAY,WAAW,cAAc,gBAAgB;AAC9D,SAAS,eAAe;AACxB,SAAS,SAAS,YAAY,MAAM,eAAe;AAE5C,SAAS,aAAa,YAAoB,QAAQ,IAAI,GAAW;AACtE,MAAI,UAAU,QAAQ,SAAS;AAC/B,SAAO,MAAM;AACX,QAAI,WAAW,KAAK,SAAS,MAAM,CAAC,EAAG,QAAO;AAC9C,UAAM,SAAS,QAAQ,OAAO;AAC9B,QAAI,WAAW,SAAS;AACtB,YAAM,IAAI;AAAA,QACR,iDAAiD,SAAS;AAAA,MAC5D;AAAA,IACF;AACA,cAAU;AAAA,EACZ;AACF;AAEO,SAAS,eAAe,UAA0B;AACvD,SAAO,KAAK,UAAU,QAAQ;AAChC;AAEO,SAAS,kBAAkB,UAA0B;AAC1D,SAAO,KAAK,UAAU,UAAU,WAAW;AAC7C;AAEO,SAAS,oBAAoB,UAA0B;AAC5D,SAAO,KAAK,UAAU,UAAU,cAAc;AAChD;AAEO,SAAS,gBAAgB,UAA0B;AACxD,SAAO,KAAK,UAAU,UAAU,YAAY;AAC9C;AAEO,SAAS,iBAAiB,UAA0B;AACzD,SAAO,KAAK,aAAa,QAAQ,GAAG,SAAS,UAAU;AACzD;AAOO,SAAS,yBAAyB,UAA0B;AACjE,SAAO,KAAK,aAAa,QAAQ,GAAG,SAAS,kBAAkB;AACjE;AAaO,SAAS,aAAa,UAA0B;AACrD,QAAM,SAAS,KAAK,UAAU,MAAM;AACpC,QAAM,KAAK,SAAS,MAAM;AAC1B,MAAI,GAAG,YAAY,EAAG,QAAO;AAK7B,QAAM,WAAW,aAAa,QAAQ,MAAM;AAC5C,QAAM,QAAQ,SAAS,MAAM,mBAAmB;AAChD,MAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG;AACvB,UAAM,IAAI;AAAA,MACR,sBAAsB,QAAQ,wDAAwD,SAAS,MAAM,GAAG,GAAG,CAAC;AAAA,IAC9G;AAAA,EACF;AACA,QAAM,YAAY,MAAM,CAAC,EAAE,KAAK;AAChC,QAAM,SAAS,WAAW,SAAS,IAAI,YAAY,QAAQ,UAAU,SAAS;AAE9E,QAAM,gBAAgB,KAAK,QAAQ,WAAW;AAC9C,MAAI,CAAC,WAAW,aAAa,EAAG,QAAO;AACvC,QAAM,eAAe,aAAa,eAAe,MAAM,EAAE,KAAK;AAC9D,SAAO,WAAW,YAAY,IAAI,eAAe,QAAQ,QAAQ,YAAY;AAC/E;AAEO,SAAS,cAAsB;AACpC,SAAO,KAAK,QAAQ,GAAG,UAAU,MAAM;AACzC;AAOO,SAAS,uBAA+B;AAC7C,SAAO,KAAK,QAAQ,GAAG,UAAU,YAAY;AAC/C;AAYO,SAAS,iBAAyB;AACvC,SAAO,KAAK,QAAQ,GAAG,UAAU,YAAY;AAC/C;AAEO,SAAS,UAAU,MAAc,OAAO,KAAa;AAC1D,MAAI,CAAC,WAAW,IAAI,GAAG;AACrB,cAAU,MAAM,EAAE,WAAW,MAAM,KAAK,CAAC;AAAA,EAC3C;AACF;AAEO,SAAS,OAAO,MAAuB;AAC5C,MAAI;AACF,WAAO,SAAS,IAAI,EAAE,OAAO;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACzHA,SAAS,WAAW,cAAAA,mBAAkB;AACtC,SAAS,oBAAoB;AAC7B,SAAS,WAAAC,gBAAe;AAoBjB,IAAM,uBAAuB;AAqF7B,SAAS,OAAO,MAA4B;AAMjD,QAAM,MAAMC,SAAQ,IAAI;AACxB,YAAU,KAAK,GAAK;AACpB,YAAU,KAAK,GAAK;AAEpB,QAAM,KAAK,IAAI,aAAa,IAAI;AAChC,KAAG,KAAK,2BAA2B;AACnC,KAAG,KAAK,0BAA0B;AAClC,aAAW,EAAE;AAOb,YAAU,MAAM,GAAK;AACrB,aAAW,WAAW,CAAC,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM,GAAG;AACpD,QAAIC,YAAW,OAAO,EAAG,WAAU,SAAS,GAAK;AAAA,EACnD;AAEA,SAAO;AACT;AAEA,SAAS,WAAW,IAAwB;AAO1C,KAAG,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAgBP;AAiBD,QAAM,OAAO,GAAG,QAAQ,4BAA4B,EAAE,IAAI;AAC1D,QAAM,OAAO,IAAI,IAAI,KAAK,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AAC5C,MAAI,CAAC,KAAK,IAAI,YAAY,GAAG;AAC3B,OAAG,KAAK,gDAAgD;AAAA,EAC1D;AACA,MAAI,CAAC,KAAK,IAAI,WAAW,GAAG;AAC1B,OAAG,KAAK,+CAA+C;AAAA,EACzD;AACA,MAAI,CAAC,KAAK,IAAI,aAAa,GAAG;AAC5B,OAAG,KAAK,iDAAiD;AAAA,EAC3D;AAQA,MAAI,CAAC,KAAK,IAAI,sBAAsB,GAAG;AACrC,OAAG,KAAK,0DAA0D;AAAA,EACpE;AACA,MAAI,CAAC,KAAK,IAAI,sBAAsB,GAAG;AACrC,OAAG,KAAK,0DAA0D;AAAA,EACpE;AACA,MAAI,CAAC,KAAK,IAAI,eAAe,GAAG;AAC9B,OAAG,KAAK,mDAAmD;AAAA,EAC7D;AACA,MAAI,CAAC,KAAK,IAAI,gBAAgB,GAAG;AAC/B,OAAG,KAAK,uDAAuD;AAAA,EACjE;AAGA,KAAG,KAAK;AAAA;AAAA;AAAA,GAGP;AACH;AAEO,SAAS,aACd,IACA,OACQ;AAUR,QAAM,KAAK,MAAM,qBAAqB;AACtC,QAAM,gBAAgB,OAAO,OAAO,OAAO;AAC3C,QAAM,OAAO,GAAG;AAAA,IACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMF;AACA,QAAM,SAAS,KAAK;AAAA,IAClB,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM,UAAU;AAAA,IAChB,MAAM,cAAc;AAAA,IACpB,MAAM,aAAa;AAAA,IACnB,MAAM,eAAe;AAAA,IACrB,IAAI,iBAAiB;AAAA,IACrB,IAAI,iBAAiB;AAAA,IACrB,IAAI,iBAAiB;AAAA,IACrB;AAAA,EACF;AACA,SAAO,OAAO,OAAO,eAAe;AACtC;AA6CO,SAAS,mBACd,IACA,UACA,UACqB;AACrB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAuBvB;AACD,SAAO,KAAK,IAAI,UAAU,QAAQ;AACpC;AAuBO,SAAS,kBACd,IACA,UACA,WACA,aACsB;AACtB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAMvB;AACD,QAAM,MAAM,KAAK,IAAI,UAAU,WAAW,WAAW;AAGrD,SAAO,OAAO;AAChB;AAeA,IAAM,sBAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAwBrB,SAAS,eACd,IACA,UACA,UACiB;AACjB,QAAM,OAAO,GAAG,QAAQ,mBAAmB;AAC3C,SAAO,KAAK,IAAI,UAAU,QAAQ;AACpC;AAMO,SAAS,cACd,IACA,UACA,UACgB;AAChB,QAAM,OAAO,GAAG,QAAQ,mBAAmB;AAC3C,SAAO,KAAK,IAAI,UAAU,QAAQ;AACpC;AA+BO,SAAS,sBACd,IACA,UACA,UACA,gBACuB;AACvB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAQvB;AACD,QAAM,MAAM,KAAK;AAAA,IACf;AAAA,IACA;AAAA,IACA,kBAAkB;AAAA,IAClB,kBAAkB;AAAA,EACpB;AACA,SAAO,OAAO;AAChB;AAEO,SAAS,cACd,IACA,OAA2B,CAAC,GACf;AACb,QAAM,QAAQ,KAAK,SAAS;AAW5B,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAQvB;AACD,SAAO,KAAK,IAAI,KAAK;AACvB;AAYO,SAAS,cACd,IACA,UACe;AACf,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAUvB;AACD,QAAM,MAAM,KAAK,IAAI,QAAQ;AAQ7B,SAAO;AAAA,IACL;AAAA,IACA,OAAO,IAAI,SAAS;AAAA,IACpB,UAAU,IAAI,YAAY;AAAA,IAC1B,mBAAmB,IAAI,qBAAqB;AAAA,IAC5C,QAAQ,IAAI,UAAU;AAAA,IACtB,YAAY,IAAI;AAAA,IAChB,WAAW,IAAI;AAAA,EACjB;AACF;AAEO,SAAS,wBACd,IACA,UACA,OACa;AAGb,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GASvB;AACD,SAAO,KAAK,IAAI,UAAU,KAAK;AACjC;AAwBO,SAAS,aACd,IACA,gBACiB;AACjB,QAAM,OAAO,GAAG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAMvB;AACD,QAAM,OAAO,KAAK,IAAI,cAAc;AACpC,QAAM,QAAQ,KAAK,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,OAAO,CAAC;AACtD,SAAO,EAAE,OAAO,aAAa,KAAK;AACpC;AAQO,SAAS,aACd,IACA,gBACiB;AACjB,QAAM,OAAO,aAAa,IAAI,cAAc;AAC5C,MAAI,KAAK,UAAU,EAAG,QAAO;AAC7B,QAAM,MAAM,GAAG;AAAA,IACb;AAAA,EACF;AACA,MAAI,IAAI,cAAc;AACtB,SAAO;AACT;;;AClnBA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AACP;AAAA,EACE,aAAAC;AAAA,EACA;AAAA,EACA,gBAAAC;AAAA,EACA;AAAA,OACK;AACP,SAAS,QAAAC,aAAY;AAcrB,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAEjB,SAAS,kBAA2B;AACzC,QAAM,EAAE,WAAW,WAAW,IAAI,oBAAoB,SAAS;AAC/D,QAAM,gBAAgB,WAAW,OAAO;AAAA,IACtC,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC;AACD,QAAM,eAAe,UAAU,OAAO;AAAA,IACpC,MAAM;AAAA,IACN,QAAQ;AAAA,EACV,CAAC;AACD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,aAAa,mBAAmB,YAAY;AAAA,EAC9C;AACF;AAEO,SAAS,mBAAmB,cAA8B;AAC/D,QAAM,MAAM,gBAAgB,YAAY;AACxC,QAAM,MAAM,IAAI,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC;AACtD,QAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,GAAG,EAAE,OAAO,KAAK;AAC1D,SAAO,UAAU,IAAI;AACvB;AAEO,SAAS,kBAAkC;AAChD,QAAM,MAAM,YAAY;AACxB,QAAM,WAAWC,MAAK,KAAK,gBAAgB;AAC3C,QAAM,UAAUA,MAAK,KAAK,eAAe;AACzC,MAAI,CAAC,OAAO,QAAQ,KAAK,CAAC,OAAO,OAAO,EAAG,QAAO;AAClD,QAAM,gBAAgBC,cAAa,UAAU,MAAM;AACnD,QAAM,eAAeA,cAAa,SAAS,MAAM;AACjD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,aAAa,mBAAmB,YAAY;AAAA,EAC9C;AACF;AAEO,SAAS,gBAAgB,IAAmB;AACjD,QAAM,MAAM,YAAY;AACxB,YAAU,KAAK,GAAK;AACpB,EAAAC,WAAU,KAAK,GAAK;AACpB,QAAM,WAAWF,MAAK,KAAK,gBAAgB;AAC3C,QAAM,UAAUA,MAAK,KAAK,eAAe;AACzC,gBAAc,UAAU,GAAG,eAAe,EAAE,MAAM,IAAM,CAAC;AACzD,gBAAc,SAAS,GAAG,cAAc,EAAE,MAAM,IAAM,CAAC;AACzD;AAEO,SAAS,oBAGd;AACA,QAAM,WAAW,gBAAgB;AACjC,MAAI,SAAU,QAAO,EAAE,SAAS,UAAU,SAAS,MAAM;AACzD,QAAM,KAAK,gBAAgB;AAC3B,kBAAgB,EAAE;AAClB,SAAO,EAAE,SAAS,IAAI,SAAS,KAAK;AACtC;AAEO,SAAS,6BAA6B,aAA6B;AAExE,SAAO,YAAY,QAAQ,KAAK,GAAG,IAAI;AACzC;AAUO,SAAS,eACd,UACA,aACe;AACf,QAAM,MAAM,oBAAoB,QAAQ;AACxC,MAAI;AACJ,MAAI;AACF,YAAQ,YAAY,GAAG;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACA,aAAW,KAAK,OAAO;AACrB,QAAI,CAAC,EAAE,SAAS,MAAM,EAAG;AACzB,QAAI;AACJ,QAAI;AACF,YAAMG,cAAaC,MAAK,KAAK,CAAC,GAAG,MAAM;AAAA,IACzC,QAAQ;AACN;AAAA,IACF;AACA,QAAI;AACF,UAAI,mBAAmB,GAAG,MAAM,YAAa,QAAO;AAAA,IACtD,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO;AACT;;;AC3GO,IAAM,0BAA0B;AAChC,IAAM,+BAA+B;AAkDrC,IAAM,wBAAwB;AAC9B,IAAM,yBAAyB;AAW/B,IAAM,oBAAoB,KAAK;AAS/B,SAAS,iBAAiB,GAA+B;AAC9D,SAAO,OAAO,KAAK,KAAK,UAAU,CAAC,GAAG,MAAM;AAC9C;AAEO,SAAS,sBAAsB,GAA+B;AACnE,SAAO,iBAAiB,CAAC,EAAE,SAAS,QAAQ;AAC9C;AAOO,SAAS,2BAA2B,KAAqB;AAC9D,SAAO,OAAO,KAAK,KAAK,QAAQ;AAClC;AAYO,SAAS,uBACdC,gBAC0B;AAC1B,QAAM,eAAeA,eAAc;AAAA,IACjC,IAAI,OAAO,IAAI,qBAAqB,cAAc,GAAG;AAAA,EACvD;AACA,QAAM,WAAWA,eAAc;AAAA,IAC7B,IAAI,OAAO,IAAI,sBAAsB,cAAc,GAAG;AAAA,EACxD;AACA,MAAI,CAAC,gBAAgB,CAAC,SAAU,QAAO;AACvC,QAAM,aAAa,aAAa,CAAC,GAAG,KAAK;AACzC,QAAM,SAAS,SAAS,CAAC,GAAG,KAAK;AACjC,MAAI,CAAC,cAAc,CAAC,OAAQ,QAAO;AAInC,MAAI,WAAW,SAAS,kBAAmB,QAAO;AAClD,QAAM,eAAe,2BAA2B,UAAU;AAC1D,MAAI,aAAa,SAAS,kBAAmB,QAAO;AACpD,QAAM,UAAU,KAAK,MAAM,aAAa,SAAS,MAAM,CAAC;AACxD,SAAO,EAAE,SAAS,cAAc,iBAAiB,OAAO;AAC1D;AAMO,SAAS,eACd,GACA,iBACQ;AACR,SACE,GAAG,qBAAqB,KAAK,sBAAsB,CAAC,CAAC;AAAA,EAClD,sBAAsB,KAAK,eAAe;AAEjD;;;AC1JA,SAAS,kBAAkB,mBAAAC,kBAAiB,MAAM,cAAc;AAQzD,SAAS,UAAU,eAAuB,MAAsB;AACrE,QAAM,MAAM,iBAAiB,aAAa;AAC1C,QAAM,MAAM,KAAK,MAAM,MAAM,GAAG;AAChC,SAAO,IAAI,SAAS,QAAQ;AAC9B;AAEO,SAAS,YACd,cACA,MACA,iBACS;AACT,QAAM,MAAMA,iBAAgB,YAAY;AACxC,QAAM,MAAM,OAAO,KAAK,iBAAiB,QAAQ;AACjD,SAAO,OAAO,MAAM,MAAM,KAAK,GAAG;AACpC;","names":["existsSync","dirname","dirname","existsSync","chmodSync","readFileSync","join","join","readFileSync","chmodSync","readFileSync","join","commitMessage","createPublicKey"]}

package/dist/hooks/post-receive.cjs

@@ -7340,7 +7340,7 @@ __export(post_receive_exports, {
 });
 module.exports = __toCommonJS(post_receive_exports);
 var import_node_child_process = require("child_process");
-var import_node_fs3 = require("fs");
+var import_node_fs4 = require("fs");
 var import_yaml = __toESM(require_dist(), 1);
 
 // src/lib/attestation.ts
@@ -7577,8 +7577,10 @@ function matchesAnyPattern(name, patterns) {
 }
 var matchesAnyTagPattern = matchesAnyPattern;
 
-// src/hooks/post-receive.ts
-function loadServerEnvFile(path = "/etc/stamp/env") {
+// src/lib/serverEnvFile.ts
+var import_node_fs3 = require("fs");
+var DEFAULT_PATH = "/etc/stamp/env";
+function loadServerEnvFile(path = DEFAULT_PATH) {
   if (!(0, import_node_fs3.existsSync)(path)) return;
   let content;
   try {
@@ -7595,6 +7597,8 @@ function loadServerEnvFile(path = "/etc/stamp/env") {
     }
   }
 }
+
+// src/hooks/post-receive.ts
 function scrubTokenUrls(s) {
   return s.replace(/x-access-token:[^@\s]*@/g, "x-access-token:***@");
 }
@@ -7662,7 +7666,7 @@ async function mirrorRef(label, refname, oldSha, newSha, githubRepo) {
     );
     perRepoKeyPath = null;
   }
-  const sshKeyPath = perRepoKeyPath && (0, import_node_fs3.existsSync)(perRepoKeyPath) ? perRepoKeyPath : (0, import_node_fs3.existsSync)(SSH_DEPLOY_KEY_PATH) ? null : void 0;
+  const sshKeyPath = perRepoKeyPath && (0, import_node_fs4.existsSync)(perRepoKeyPath) ? perRepoKeyPath : (0, import_node_fs4.existsSync)(SSH_DEPLOY_KEY_PATH) ? null : void 0;
   const useSsh = sshKeyPath !== void 0;
   if (!useSsh && !token) {
     warn(
@@ -7877,9 +7881,9 @@ function run(args) {
   });
 }
 function readAllStdin() {
-  const { readFileSync: readFileSync4 } = require("fs");
+  const { readFileSync: readFileSync5 } = require("fs");
   try {
-    return readFileSync4(0).toString("utf8");
+    return readFileSync5(0).toString("utf8");
   } catch {
     return "";
   }