npm - @openthink/stamp - Versions diffs - 2.0.2 → 2.1.0 - Mend

@openthink/stamp 2.0.2 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/{chunk-4PFD2DSY.js → chunk-MJULVH4B.js} +2 -2
package/dist/{chunk-4PFD2DSY.js.map → chunk-MJULVH4B.js.map} +1 -1
package/dist/hooks/post-receive.cjs +10 -6
package/dist/hooks/post-receive.cjs.map +1 -1
package/dist/hooks/pre-receive.cjs +25 -48
package/dist/hooks/pre-receive.cjs.map +1 -1
package/dist/index.js +111 -72
package/dist/index.js.map +1 -1
package/dist/server/stamp-review.cjs +8399 -7460
package/dist/server/stamp-review.cjs.map +1 -1
package/dist/{ui-P5DRAT3P.js → ui-67BDQPER.js} +2 -2
package/package.json +1 -1
/package/dist/{ui-P5DRAT3P.js.map → ui-67BDQPER.js.map} +0 -0

package/dist/hooks/pre-receive.cjs CHANGED Viewed

@@ -7341,6 +7341,7 @@ __export(pre_receive_exports, {
   verifyV4Approvals: () => verifyV4Approvals,
   verifyV4Checks: () => verifyV4Checks,
   verifyV4DiffHash: () => verifyV4DiffHash,
+  verifyV4ManifestSnapshot: () => verifyV4ManifestSnapshot,
   verifyV4MergeStructure: () => verifyV4MergeStructure,
   verifyV4OuterSignature: () => verifyV4OuterSignature,
   verifyV4SignerTrust: () => verifyV4SignerTrust,
@@ -7380,7 +7381,7 @@ function parseCommitAttestation(commitMessage) {
 }
 // src/lib/attestationV4.ts
-var MIN_ACCEPTED_V4_SCHEMA_VERSION = 4;
+var MIN_ACCEPTED_V4_SCHEMA_VERSION = 5;
 var MAX_V4_ENVELOPE_BYTES = 64 * 1024;
 function sortKeysDeep(value) {
   if (value === null || typeof value !== "object") return value;
@@ -7663,6 +7664,11 @@ var COMMIT_PHASES_V4 = [
   { name: "verifyV4TargetBranch", fn: verifyV4TargetBranch },
   { name: "verifyV4SignerTrust", fn: verifyV4SignerTrust },
   { name: "verifyV4OuterSignature", fn: verifyV4OuterSignature },
+  // AGT-370: envelope-level manifest snapshot binding (lifted from
+  // the per-approval slot in v4). Runs once before the per-approval
+  // loop in verifyV4ApprovalSignatures — a single check replaces the
+  // N-checks per envelope the v4 verifier did.
+  { name: "verifyV4ManifestSnapshot", fn: verifyV4ManifestSnapshot },
   { name: "verifyV4Approvals", fn: verifyV4Approvals },
   { name: "verifyV4DiffHash", fn: verifyV4DiffHash },
   { name: "verifyV4ApprovalSignatures", fn: verifyV4ApprovalSignatures },
@@ -7795,10 +7801,19 @@ function verifyV4DiffHash(input) {
   }
   return { ok: true };
 }
+function verifyV4ManifestSnapshot(input) {
+  const { sha, payload, manifest } = input;
+  const computed = snapshotSha256(manifest);
+  if (payload.manifest_snapshot_sha256 !== computed) {
+    return {
+      ok: false,
+      reason: `commit ${sha.slice(0, 8)}: v4 manifest_snapshot_sha256 (${payload.manifest_snapshot_sha256.slice(0, 16)}\u2026) does not match the manifest at base ${payload.base_sha.slice(0, 8)} (${computed.slice(0, 16)}\u2026). The envelope was signed against a different snapshot of the trust set than the one committed at the merge base. Re-run \`stamp merge\` (or \`stamp attest\`) so the outer signature binds to the current manifest.`
+    };
+  }
+  return { ok: true };
+}
 function verifyV4ApprovalSignatures(input) {
   const { sha, payload, manifest, pubkeyByFingerprint } = input;
-  const manifestSnapshot = snapshotSha256(manifest);
-  const reviewerDefs = readReviewerDefsAtRef(payload.base_sha);
   for (const entry of payload.approvals) {
     const a = entry.approval;
     const reviewerLabel = `"${a.reviewer}"`;
@@ -7820,12 +7835,6 @@ function verifyV4ApprovalSignatures(input) {
         reason: `commit ${sha.slice(0, 8)}: v4 approval ${reviewerLabel}: server_attestation.server_key_id (${entry.server_attestation.server_key_id}) does not match inner approval.server_key_id (${a.server_key_id}). The inner signed payload is authoritative; one of the two was tampered with after signing.`
       };
     }
-    if (a.trusted_keys_snapshot_sha256 !== manifestSnapshot) {
-      return {
-        ok: false,
-        reason: `commit ${sha.slice(0, 8)}: v4 approval ${reviewerLabel}: trusted_keys_snapshot_sha256 (${a.trusted_keys_snapshot_sha256.slice(0, 16)}\u2026) does not match the manifest at base ${payload.base_sha.slice(0, 8)} (${manifestSnapshot.slice(0, 16)}\u2026). The server signed against a different snapshot of the trust set than the one committed at the merge base.`
-      };
-    }
     const caps = resolveCapability(manifest, a.server_key_id);
     if (caps === null) {
       return {
@@ -7865,29 +7874,6 @@ function verifyV4ApprovalSignatures(input) {
         reason: `commit ${sha.slice(0, 8)}: v4 approval ${reviewerLabel}: server signature does not verify against ${a.server_key_id} over canonical approval bytes`
       };
     }
-    const def = reviewerDefs[a.reviewer];
-    if (!def) {
-      return {
-        ok: false,
-        reason: `commit ${sha.slice(0, 8)}: v4 approval ${reviewerLabel}: reviewer is not defined in .stamp/config.yml at base ${payload.base_sha.slice(0, 8)}`
-      };
-    }
-    let promptText;
-    try {
-      promptText = run(["show", `${payload.base_sha}:${def.prompt}`]);
-    } catch {
-      return {
-        ok: false,
-        reason: `commit ${sha.slice(0, 8)}: v4 approval ${reviewerLabel}: prompt "${def.prompt}" is unreadable at base ${payload.base_sha.slice(0, 8)}`
-      };
-    }
-    const recomputedPromptSha = hashPromptBytes(Buffer.from(promptText, "utf8"));
-    if (recomputedPromptSha !== a.prompt_sha256) {
-      return {
-        ok: false,
-        reason: `commit ${sha.slice(0, 8)}: v4 approval ${reviewerLabel}: prompt_sha256 mismatch \u2014 server signed ${a.prompt_sha256.slice(0, 12)}\u2026 but prompt file at base hashes to ${recomputedPromptSha.slice(0, 12)}\u2026. The reviewer prompt the server reviewed differs from the one in the merge-base tree.`
-      };
-    }
   }
   return { ok: true };
 }
@@ -8053,22 +8039,6 @@ function readPubkeyMapAt(ref) {
   }
   return buildPubkeyMap(names, (relPath) => run(["show", `${ref}:${relPath}`]));
 }
-function readReviewerDefsAtRef(ref) {
-  let yaml;
-  try {
-    yaml = run(["show", `${ref}:.stamp/config.yml`]);
-  } catch {
-    return {};
-  }
-  const defs = readReviewersFromYaml(yaml);
-  const out = {};
-  for (const [name, def] of Object.entries(defs)) {
-    if (def && typeof def.prompt === "string") {
-      out[name] = { prompt: def.prompt };
-    }
-  }
-  return out;
-}
 function readChangedFilesAtRef(baseSha, headSha) {
   let out;
   try {
@@ -8457,6 +8427,12 @@ function verifyReviewerHashesAtMergeBase(input) {
         reason: `${prefix} reviewer "${approval.reviewer}" not defined in .stamp/config.yml at merge-base`
       };
     }
+    if (def.prompt === void 0) {
+      return {
+        ok: false,
+        reason: `${prefix} reviewer "${approval.reviewer}" has no \`prompt:\` in .stamp/config.yml at merge-base; v3 attestation references prompt_sha256 but the producer flow for server-bundled prompts is v4 (server-attested). The attestation envelope and the config shape are inconsistent.`
+      };
+    }
     let promptBytes;
     try {
       promptBytes = run2(["show", `${baseSha}:${def.prompt}`]);
@@ -8715,6 +8691,7 @@ if (isMainModule()) {
   verifyV4Approvals,
   verifyV4Checks,
   verifyV4DiffHash,
+  verifyV4ManifestSnapshot,
   verifyV4MergeStructure,
   verifyV4OuterSignature,
   verifyV4SignerTrust,