@stackwright-pro/mcp 0.2.0-alpha.21 → 0.2.0-alpha.22

package/dist/integrity.js

@@ -32,39 +32,39 @@ var import_path = require("path");
 var _checksums = /* @__PURE__ */ new Map([
   [
     "stackwright-pro-api-otter.json",
-    "f1cc9edf2dd1df3ebcea1d0ab33d17a358faaf8aa97ee232cd7994042f2eac0d"
+    "0ac26d85a5ad35b072a58965e1d5e090dd5c5f16dc14e68c452c3e99fcbb5510"
   ],
   [
     "stackwright-pro-auth-otter.json",
-    "a19e06c503209a8a35fe321d30448623545b36b48c47a6ec064d13406ad1f725"
+    "d789b71f196659d5745ebfca87a7bda60a1bb63cfeccd17b4a273ac1e29bb08d"
   ],
   [
     "stackwright-pro-dashboard-otter.json",
-    "b3cb3d7554f2e9eed3b57d5e0e3bf85d6ba5b4db5d3af5514391cf0575fcc001"
+    "600e8597429c353e5b886f316731be84a86cd8b93617bf046e3cbf390b31a431"
   ],
   [
     "stackwright-pro-data-otter.json",
-    "bfacb87ae82867472a75982215554336a105a658d6cd3dd2c8b819fa1e11d7ac"
+    "b2946e3da3b53282c122d150e6db86b0cb89d2edba2a94a7666b26d27051be96"
   ],
   [
     "stackwright-pro-designer-otter.json",
-    "c58fa7c7ead9e6398074e1c7ce3f31a8ef4eb3679f5fa18cc03cae3a87878c88"
+    "f4dbff5149051c77be1645de5ee12c0bd7d590c687a0b2d86737b915a5a6d5f0"
   ],
   [
     "stackwright-pro-foreman-otter.json",
-    "f52264c1f6297b72f3da6d92d41b6d63356db776242caeab25571e6a8df628e4"
+    "7464523d7288374dc6efa5c213c825ec0616e00cf4f739d8039eb41df812cbc5"
   ],
   [
     "stackwright-pro-page-otter.json",
-    "65bec3a3a0dda6b7591bba2de9399f1e3a4fb99cfe1075342f4f4be98d917b67"
+    "12aca7b666b3c85c1d96c700a2da7f209604cb75d0f064995e052711ddafd657"
   ],
   [
     "stackwright-pro-theme-otter.json",
-    "1f182326f1acd3d4091a38c7012085cbb4945893e95be4ca3de72318ad092767"
+    "a303ec6c045420f2c916583e3f6efcda469e9610fedfc84a508ed8a8a75866bc"
   ],
   [
     "stackwright-pro-workflow-otter.json",
-    "0eec9d6a731678cf547c2a7b0b6fc338ca143c35501365a1e4e5dd2779dd5510"
+    "16da6c109d0b5ee60d0a14e009dbeab02a7bbac3b0947795769da053565b9821"
   ]
 ]);
 Object.freeze(_checksums);

package/dist/integrity.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/integrity.ts"],"sourcesContent":["/**\n * Otter Integrity Verification\n * ============================\n * Protects the Pro Otter Raft from disk-based prompt injection / jailbreak attacks.\n *\n * TypeScript port of python/src/stackwright_pro/raft/integrity.py — this lets\n * the MCP package verify otter files without a Python dependency.\n *\n * Certificate-pinned canonical checksums — hardcoded in the MCP package.\n *\n * These are NOT read from disk. An attacker who modifies otter JSON files\n * in @stackwright-pro/otters cannot also modify these constants without\n * compromising the separately-published @stackwright-pro/mcp package.\n *\n * To update: node scripts/sync-mcp-checksums.cjs\n * (reads from packages/otters/src/checksums.json, writes this file)\n */\nimport { createHash, timingSafeEqual } from 'crypto';\nimport { readFileSync, readdirSync, lstatSync } from 'fs';\nimport { join, basename } from 'path';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\n\n// ---------------------------------------------------------------------------\n// Certificate-pinned canonical checksums — frozen Map, immutable by design.\n// DO NOT read these from disk — that would defeat the entire purpose.\n// Object.freeze prevents property mutation at runtime; ReadonlyMap prevents\n// .set() / .delete() at compile time (belt-and-suspenders).\n// ---------------------------------------------------------------------------\n\nconst _checksums = new Map<string, string>([\n  [\n    'stackwright-pro-api-otter.json',\n    'f1cc9edf2dd1df3ebcea1d0ab33d17a358faaf8aa97ee232cd7994042f2eac0d',\n  ],\n  [\n    'stackwright-pro-auth-otter.json',\n    'a19e06c503209a8a35fe321d30448623545b36b48c47a6ec064d13406ad1f725',\n  ],\n  [\n    'stackwright-pro-dashboard-otter.json',\n    'b3cb3d7554f2e9eed3b57d5e0e3bf85d6ba5b4db5d3af5514391cf0575fcc001',\n  ],\n  [\n    'stackwright-pro-data-otter.json',\n    'bfacb87ae82867472a75982215554336a105a658d6cd3dd2c8b819fa1e11d7ac',\n  ],\n  [\n    'stackwright-pro-designer-otter.json',\n    'c58fa7c7ead9e6398074e1c7ce3f31a8ef4eb3679f5fa18cc03cae3a87878c88',\n  ],\n  [\n    'stackwright-pro-foreman-otter.json',\n    'f52264c1f6297b72f3da6d92d41b6d63356db776242caeab25571e6a8df628e4',\n  ],\n  [\n    'stackwright-pro-page-otter.json',\n    '65bec3a3a0dda6b7591bba2de9399f1e3a4fb99cfe1075342f4f4be98d917b67',\n  ],\n  [\n    'stackwright-pro-theme-otter.json',\n    '1f182326f1acd3d4091a38c7012085cbb4945893e95be4ca3de72318ad092767',\n  ],\n  [\n    'stackwright-pro-workflow-otter.json',\n    '0eec9d6a731678cf547c2a7b0b6fc338ca143c35501365a1e4e5dd2779dd5510',\n  ],\n]);\nObject.freeze(_checksums);\nconst CANONICAL_CHECKSUMS: ReadonlyMap<string, string> = _checksums;\n\n// ---------------------------------------------------------------------------\n// Import-time format validation — malformed constants are a packaging bug,\n// not a runtime surprise. Fail fast, fail loud.\n// ---------------------------------------------------------------------------\n\nconst SHA256_HEX_RE = /^[0-9a-f]{64}$/;\n\nfor (const [name, digest] of CANONICAL_CHECKSUMS) {\n  if (!SHA256_HEX_RE.test(digest)) {\n    throw new Error(\n      `Malformed SHA-256 in CANONICAL_CHECKSUMS for \"${name}\": ` +\n        `expected 64 hex chars, got ${digest.length}: \"${digest}\"`\n    );\n  }\n}\n\n// 1 MB — generous headroom for agent definitions; anything larger is suspicious.\nconst MAX_OTTER_BYTES = 1 * 1024 * 1024;\n\n// ---------------------------------------------------------------------------\n// Core functions (exported for direct testing — no MCP server needed)\n// ---------------------------------------------------------------------------\n\n/** Compute the hex-encoded SHA-256 digest of raw bytes. Pure, no I/O. */\nexport function computeSha256(data: Buffer): string {\n  return createHash('sha256').update(data).digest('hex');\n}\n\n/** Constant-time comparison of two hex digest strings. */\nfunction safeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) return false;\n  return timingSafeEqual(Buffer.from(a, 'utf8'), Buffer.from(b, 'utf8'));\n}\n\n// ---------------------------------------------------------------------------\n// Single-file verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyOtterFileResult {\n  verified: boolean;\n  filename: string;\n  error?: string;\n}\n\n/**\n * Read a single otter JSON file, check its size, compute its SHA-256,\n * and constant-time compare against the canonical checksum.\n *\n * Single read → hash → decode. No TOCTOU window.\n */\nexport function verifyOtterFile(filePath: string): VerifyOtterFileResult {\n  const filename = basename(filePath);\n\n  // Fast-fail on unknown filenames before any I/O\n  const expected = CANONICAL_CHECKSUMS.get(filename);\n  if (expected === undefined) {\n    return { verified: false, filename, error: `Unknown otter file: not in canonical set` };\n  }\n\n  // Symlink guard — refuse to follow symlinks (prevents symlink-based swaps)\n  let stat: ReturnType<typeof lstatSync>;\n  try {\n    stat = lstatSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot stat file: ${msg}` };\n  }\n\n  if (stat.isSymbolicLink()) {\n    return { verified: false, filename, error: 'Refusing to verify symlink' };\n  }\n\n  // Stat-based size pre-check — don't materialise oversized payloads\n  const size = stat.size;\n\n  if (size > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${size.toLocaleString()})`,\n    };\n  }\n\n  // Single read — used for hashing and UTF-8 validation (zero TOCTOU window)\n  let raw: Buffer;\n  try {\n    raw = readFileSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot read file: ${msg}` };\n  }\n\n  // Belt-and-suspenders: re-check length after read in case of a race\n  if (raw.length > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit after read (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${raw.length.toLocaleString()})`,\n    };\n  }\n\n  // Hash the raw bytes\n  const actual = computeSha256(raw);\n\n  // Constant-time comparison prevents timing-oracle attacks\n  if (!safeEqual(actual, expected)) {\n    return {\n      verified: false,\n      filename,\n      error: `SHA-256 mismatch: expected ${expected.substring(0, 8)}…, got ${actual.substring(0, 8)}…`,\n    };\n  }\n\n  // UTF-8 validation — binary injection guard\n  try {\n    const decoder = new TextDecoder('utf-8', { fatal: true });\n    decoder.decode(raw);\n  } catch {\n    return {\n      verified: false,\n      filename,\n      error: 'File is not valid UTF-8 — may be corrupted or contain binary injection',\n    };\n  }\n\n  return { verified: true, filename };\n}\n\n// ---------------------------------------------------------------------------\n// Directory-level verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyAllOttersResult {\n  verified: string[];\n  failed: Array<{ filename: string; error: string }>;\n  unknown: string[];\n}\n\n/**\n * Scan a directory for `*-otter.json` files, verify each one against\n * canonical checksums. Returns lists of verified, failed, and unknown files.\n */\nexport function verifyAllOtters(otterDir: string): VerifyAllOttersResult {\n  const verified: string[] = [];\n  const failed: Array<{ filename: string; error: string }> = [];\n  const unknown: string[] = [];\n\n  let entries: string[];\n  try {\n    entries = readdirSync(otterDir);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return {\n      verified: [],\n      failed: [{ filename: '<directory>', error: `Cannot read directory: ${msg}` }],\n      unknown: [],\n    };\n  }\n\n  const otterFiles = entries.filter((f) => f.endsWith('-otter.json'));\n\n  for (const filename of otterFiles) {\n    const filePath = join(otterDir, filename);\n\n    // Skip symlinks at the directory-scan level too\n    try {\n      if (lstatSync(filePath).isSymbolicLink()) {\n        failed.push({ filename, error: 'Skipped: symlink' });\n        continue;\n      }\n    } catch {\n      // verifyOtterFile will handle stat errors\n    }\n\n    const result = verifyOtterFile(filePath);\n\n    if (result.verified) {\n      verified.push(result.filename);\n    } else if (result.error?.startsWith('Unknown otter file')) {\n      unknown.push(result.filename);\n    } else {\n      failed.push({ filename: result.filename, error: result.error ?? 'Unknown error' });\n    }\n  }\n\n  // Check for missing canonical files — ones we expect but didn't find on disk\n  for (const canonicalName of CANONICAL_CHECKSUMS.keys()) {\n    if (!otterFiles.includes(canonicalName)) {\n      failed.push({ filename: canonicalName, error: 'Missing from directory' });\n    }\n  }\n\n  return { verified, failed, unknown };\n}\n\n// ---------------------------------------------------------------------------\n// Otter directory resolution\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_SEARCH_PATHS = ['node_modules/@stackwright-pro/otters/src/', 'packages/otters/src/'];\n\nfunction resolveOtterDir(): string | null {\n  const cwd = process.cwd();\n  for (const relative of DEFAULT_SEARCH_PATHS) {\n    const candidate = join(cwd, relative);\n    try {\n      lstatSync(candidate);\n      return candidate;\n    } catch {\n      // Not found, try next\n    }\n  }\n  return null;\n}\n\n// ---------------------------------------------------------------------------\n// MCP tool registration\n// ---------------------------------------------------------------------------\n\nexport function registerIntegrityTools(server: McpServer): void {\n  server.tool(\n    'stackwright_pro_verify_otter_integrity',\n    'Verify SHA-256 integrity of all Pro otter agent definitions. Call this at startup before discovering otters. Auto-discovers the otter directory from known paths. Returns verified/failed/unknown lists.',\n    {},\n    async () => {\n      const resolved = resolveOtterDir();\n\n      if (!resolved) {\n        return {\n          content: [\n            {\n              type: 'text' as const,\n              text: JSON.stringify({\n                error: true,\n                message:\n                  'Could not locate otter directory. Searched: ' + DEFAULT_SEARCH_PATHS.join(', '),\n              }),\n            },\n          ],\n          isError: true,\n        };\n      }\n\n      const result = verifyAllOtters(resolved);\n\n      const allGood = result.failed.length === 0 && result.unknown.length === 0;\n\n      return {\n        content: [\n          {\n            type: 'text' as const,\n            text: JSON.stringify({\n              otterDir: resolved,\n              totalCanonical: CANONICAL_CHECKSUMS.size,\n              verifiedCount: result.verified.length,\n              failedCount: result.failed.length,\n              unknownCount: result.unknown.length,\n              verified: result.verified,\n              failed: result.failed,\n              unknown: result.unknown,\n              warning:\n                result.failed.length > 0\n                  ? 'SHA-256 mismatches detected (non-blocking). PKI-signed manifest support coming soon.'\n                  : undefined,\n            }),\n          },\n        ],\n        isError: false,\n      };\n    }\n  );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiBA,oBAA4C;AAC5C,gBAAqD;AACrD,kBAA+B;AAU/B,IAAM,aAAa,oBAAI,IAAoB;AAAA,EACzC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AACF,CAAC;AACD,OAAO,OAAO,UAAU;AACxB,IAAM,sBAAmD;AAOzD,IAAM,gBAAgB;AAEtB,WAAW,CAAC,MAAM,MAAM,KAAK,qBAAqB;AAChD,MAAI,CAAC,cAAc,KAAK,MAAM,GAAG;AAC/B,UAAM,IAAI;AAAA,MACR,iDAAiD,IAAI,iCACrB,OAAO,MAAM,MAAM,MAAM;AAAA,IAC3D;AAAA,EACF;AACF;AAGA,IAAM,kBAAkB,IAAI,OAAO;AAO5B,SAAS,cAAc,MAAsB;AAClD,aAAO,0BAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACvD;AAGA,SAAS,UAAU,GAAW,GAAoB;AAChD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,aAAO,+BAAgB,OAAO,KAAK,GAAG,MAAM,GAAG,OAAO,KAAK,GAAG,MAAM,CAAC;AACvE;AAkBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,eAAW,sBAAS,QAAQ;AAGlC,QAAM,WAAW,oBAAoB,IAAI,QAAQ;AACjD,MAAI,aAAa,QAAW;AAC1B,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,2CAA2C;AAAA,EACxF;AAGA,MAAI;AACJ,MAAI;AACF,eAAO,qBAAU,QAAQ;AAAA,EAC3B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAEA,MAAI,KAAK,eAAe,GAAG;AACzB,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,6BAA6B;AAAA,EAC1E;AAGA,QAAM,OAAO,KAAK;AAElB,MAAI,OAAO,iBAAiB;AAC1B,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,4BAA4B,gBAAgB,eAAe,CAAC,eAAe,KAAK,eAAe,CAAC;AAAA,IACzG;AAAA,EACF;AAGA,MAAI;AACJ,MAAI;AACF,cAAM,wBAAa,QAAQ;AAAA,EAC7B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAGA,MAAI,IAAI,SAAS,iBAAiB;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,uCAAuC,gBAAgB,eAAe,CAAC,eAAe,IAAI,OAAO,eAAe,CAAC;AAAA,IAC1H;AAAA,EACF;AAGA,QAAM,SAAS,cAAc,GAAG;AAGhC,MAAI,CAAC,UAAU,QAAQ,QAAQ,GAAG;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,8BAA8B,SAAS,UAAU,GAAG,CAAC,CAAC,eAAU,OAAO,UAAU,GAAG,CAAC,CAAC;AAAA,IAC/F;AAAA,EACF;AAGA,MAAI;AACF,UAAM,UAAU,IAAI,YAAY,SAAS,EAAE,OAAO,KAAK,CAAC;AACxD,YAAQ,OAAO,GAAG;AAAA,EACpB,QAAQ;AACN,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,MAAM,SAAS;AACpC;AAgBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,WAAqB,CAAC;AAC5B,QAAM,SAAqD,CAAC;AAC5D,QAAM,UAAoB,CAAC;AAE3B,MAAI;AACJ,MAAI;AACF,kBAAU,uBAAY,QAAQ;AAAA,EAChC,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO;AAAA,MACL,UAAU,CAAC;AAAA,MACX,QAAQ,CAAC,EAAE,UAAU,eAAe,OAAO,0BAA0B,GAAG,GAAG,CAAC;AAAA,MAC5E,SAAS,CAAC;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,OAAO,CAAC,MAAM,EAAE,SAAS,aAAa,CAAC;AAElE,aAAW,YAAY,YAAY;AACjC,UAAM,eAAW,kBAAK,UAAU,QAAQ;AAGxC,QAAI;AACF,cAAI,qBAAU,QAAQ,EAAE,eAAe,GAAG;AACxC,eAAO,KAAK,EAAE,UAAU,OAAO,mBAAmB,CAAC;AACnD;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER;AAEA,UAAM,SAAS,gBAAgB,QAAQ;AAEvC,QAAI,OAAO,UAAU;AACnB,eAAS,KAAK,OAAO,QAAQ;AAAA,IAC/B,WAAW,OAAO,OAAO,WAAW,oBAAoB,GAAG;AACzD,cAAQ,KAAK,OAAO,QAAQ;AAAA,IAC9B,OAAO;AACL,aAAO,KAAK,EAAE,UAAU,OAAO,UAAU,OAAO,OAAO,SAAS,gBAAgB,CAAC;AAAA,IACnF;AAAA,EACF;AAGA,aAAW,iBAAiB,oBAAoB,KAAK,GAAG;AACtD,QAAI,CAAC,WAAW,SAAS,aAAa,GAAG;AACvC,aAAO,KAAK,EAAE,UAAU,eAAe,OAAO,yBAAyB,CAAC;AAAA,IAC1E;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,QAAQ,QAAQ;AACrC;AAMA,IAAM,uBAAuB,CAAC,6CAA6C,sBAAsB;AAEjG,SAAS,kBAAiC;AACxC,QAAM,MAAM,QAAQ,IAAI;AACxB,aAAW,YAAY,sBAAsB;AAC3C,UAAM,gBAAY,kBAAK,KAAK,QAAQ;AACpC,QAAI;AACF,+BAAU,SAAS;AACnB,aAAO;AAAA,IACT,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,uBAAuB,QAAyB;AAC9D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC;AAAA,IACD,YAAY;AACV,YAAM,WAAW,gBAAgB;AAEjC,UAAI,CAAC,UAAU;AACb,eAAO;AAAA,UACL,SAAS;AAAA,YACP;AAAA,cACE,MAAM;AAAA,cACN,MAAM,KAAK,UAAU;AAAA,gBACnB,OAAO;AAAA,gBACP,SACE,iDAAiD,qBAAqB,KAAK,IAAI;AAAA,cACnF,CAAC;AAAA,YACH;AAAA,UACF;AAAA,UACA,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,SAAS,gBAAgB,QAAQ;AAEvC,YAAM,UAAU,OAAO,OAAO,WAAW,KAAK,OAAO,QAAQ,WAAW;AAExE,aAAO;AAAA,QACL,SAAS;AAAA,UACP;AAAA,YACE,MAAM;AAAA,YACN,MAAM,KAAK,UAAU;AAAA,cACnB,UAAU;AAAA,cACV,gBAAgB,oBAAoB;AAAA,cACpC,eAAe,OAAO,SAAS;AAAA,cAC/B,aAAa,OAAO,OAAO;AAAA,cAC3B,cAAc,OAAO,QAAQ;AAAA,cAC7B,UAAU,OAAO;AAAA,cACjB,QAAQ,OAAO;AAAA,cACf,SAAS,OAAO;AAAA,cAChB,SACE,OAAO,OAAO,SAAS,IACnB,yFACA;AAAA,YACR,CAAC;AAAA,UACH;AAAA,QACF;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../src/integrity.ts"],"sourcesContent":["/**\n * Otter Integrity Verification\n * ============================\n * Protects the Pro Otter Raft from disk-based prompt injection / jailbreak attacks.\n *\n * TypeScript port of python/src/stackwright_pro/raft/integrity.py — this lets\n * the MCP package verify otter files without a Python dependency.\n *\n * Certificate-pinned canonical checksums — hardcoded in the MCP package.\n *\n * These are NOT read from disk. An attacker who modifies otter JSON files\n * in @stackwright-pro/otters cannot also modify these constants without\n * compromising the separately-published @stackwright-pro/mcp package.\n *\n * To update: node scripts/sync-mcp-checksums.cjs\n * (reads from packages/otters/src/checksums.json, writes this file)\n */\nimport { createHash, timingSafeEqual } from 'crypto';\nimport { readFileSync, readdirSync, lstatSync } from 'fs';\nimport { join, basename } from 'path';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\n\n// ---------------------------------------------------------------------------\n// Certificate-pinned canonical checksums — frozen Map, immutable by design.\n// DO NOT read these from disk — that would defeat the entire purpose.\n// Object.freeze prevents property mutation at runtime; ReadonlyMap prevents\n// .set() / .delete() at compile time (belt-and-suspenders).\n// ---------------------------------------------------------------------------\n\nconst _checksums = new Map<string, string>([\n  [\n    'stackwright-pro-api-otter.json',\n    '0ac26d85a5ad35b072a58965e1d5e090dd5c5f16dc14e68c452c3e99fcbb5510',\n  ],\n  [\n    'stackwright-pro-auth-otter.json',\n    'd789b71f196659d5745ebfca87a7bda60a1bb63cfeccd17b4a273ac1e29bb08d',\n  ],\n  [\n    'stackwright-pro-dashboard-otter.json',\n    '600e8597429c353e5b886f316731be84a86cd8b93617bf046e3cbf390b31a431',\n  ],\n  [\n    'stackwright-pro-data-otter.json',\n    'b2946e3da3b53282c122d150e6db86b0cb89d2edba2a94a7666b26d27051be96',\n  ],\n  [\n    'stackwright-pro-designer-otter.json',\n    'f4dbff5149051c77be1645de5ee12c0bd7d590c687a0b2d86737b915a5a6d5f0',\n  ],\n  [\n    'stackwright-pro-foreman-otter.json',\n    '7464523d7288374dc6efa5c213c825ec0616e00cf4f739d8039eb41df812cbc5',\n  ],\n  [\n    'stackwright-pro-page-otter.json',\n    '12aca7b666b3c85c1d96c700a2da7f209604cb75d0f064995e052711ddafd657',\n  ],\n  [\n    'stackwright-pro-theme-otter.json',\n    'a303ec6c045420f2c916583e3f6efcda469e9610fedfc84a508ed8a8a75866bc',\n  ],\n  [\n    'stackwright-pro-workflow-otter.json',\n    '16da6c109d0b5ee60d0a14e009dbeab02a7bbac3b0947795769da053565b9821',\n  ],\n]);\nObject.freeze(_checksums);\nconst CANONICAL_CHECKSUMS: ReadonlyMap<string, string> = _checksums;\n\n// ---------------------------------------------------------------------------\n// Import-time format validation — malformed constants are a packaging bug,\n// not a runtime surprise. Fail fast, fail loud.\n// ---------------------------------------------------------------------------\n\nconst SHA256_HEX_RE = /^[0-9a-f]{64}$/;\n\nfor (const [name, digest] of CANONICAL_CHECKSUMS) {\n  if (!SHA256_HEX_RE.test(digest)) {\n    throw new Error(\n      `Malformed SHA-256 in CANONICAL_CHECKSUMS for \"${name}\": ` +\n        `expected 64 hex chars, got ${digest.length}: \"${digest}\"`\n    );\n  }\n}\n\n// 1 MB — generous headroom for agent definitions; anything larger is suspicious.\nconst MAX_OTTER_BYTES = 1 * 1024 * 1024;\n\n// ---------------------------------------------------------------------------\n// Core functions (exported for direct testing — no MCP server needed)\n// ---------------------------------------------------------------------------\n\n/** Compute the hex-encoded SHA-256 digest of raw bytes. Pure, no I/O. */\nexport function computeSha256(data: Buffer): string {\n  return createHash('sha256').update(data).digest('hex');\n}\n\n/** Constant-time comparison of two hex digest strings. */\nfunction safeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) return false;\n  return timingSafeEqual(Buffer.from(a, 'utf8'), Buffer.from(b, 'utf8'));\n}\n\n// ---------------------------------------------------------------------------\n// Single-file verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyOtterFileResult {\n  verified: boolean;\n  filename: string;\n  error?: string;\n}\n\n/**\n * Read a single otter JSON file, check its size, compute its SHA-256,\n * and constant-time compare against the canonical checksum.\n *\n * Single read → hash → decode. No TOCTOU window.\n */\nexport function verifyOtterFile(filePath: string): VerifyOtterFileResult {\n  const filename = basename(filePath);\n\n  // Fast-fail on unknown filenames before any I/O\n  const expected = CANONICAL_CHECKSUMS.get(filename);\n  if (expected === undefined) {\n    return { verified: false, filename, error: `Unknown otter file: not in canonical set` };\n  }\n\n  // Symlink guard — refuse to follow symlinks (prevents symlink-based swaps)\n  let stat: ReturnType<typeof lstatSync>;\n  try {\n    stat = lstatSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot stat file: ${msg}` };\n  }\n\n  if (stat.isSymbolicLink()) {\n    return { verified: false, filename, error: 'Refusing to verify symlink' };\n  }\n\n  // Stat-based size pre-check — don't materialise oversized payloads\n  const size = stat.size;\n\n  if (size > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${size.toLocaleString()})`,\n    };\n  }\n\n  // Single read — used for hashing and UTF-8 validation (zero TOCTOU window)\n  let raw: Buffer;\n  try {\n    raw = readFileSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot read file: ${msg}` };\n  }\n\n  // Belt-and-suspenders: re-check length after read in case of a race\n  if (raw.length > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit after read (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${raw.length.toLocaleString()})`,\n    };\n  }\n\n  // Hash the raw bytes\n  const actual = computeSha256(raw);\n\n  // Constant-time comparison prevents timing-oracle attacks\n  if (!safeEqual(actual, expected)) {\n    return {\n      verified: false,\n      filename,\n      error: `SHA-256 mismatch: expected ${expected.substring(0, 8)}…, got ${actual.substring(0, 8)}…`,\n    };\n  }\n\n  // UTF-8 validation — binary injection guard\n  try {\n    const decoder = new TextDecoder('utf-8', { fatal: true });\n    decoder.decode(raw);\n  } catch {\n    return {\n      verified: false,\n      filename,\n      error: 'File is not valid UTF-8 — may be corrupted or contain binary injection',\n    };\n  }\n\n  return { verified: true, filename };\n}\n\n// ---------------------------------------------------------------------------\n// Directory-level verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyAllOttersResult {\n  verified: string[];\n  failed: Array<{ filename: string; error: string }>;\n  unknown: string[];\n}\n\n/**\n * Scan a directory for `*-otter.json` files, verify each one against\n * canonical checksums. Returns lists of verified, failed, and unknown files.\n */\nexport function verifyAllOtters(otterDir: string): VerifyAllOttersResult {\n  const verified: string[] = [];\n  const failed: Array<{ filename: string; error: string }> = [];\n  const unknown: string[] = [];\n\n  let entries: string[];\n  try {\n    entries = readdirSync(otterDir);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return {\n      verified: [],\n      failed: [{ filename: '<directory>', error: `Cannot read directory: ${msg}` }],\n      unknown: [],\n    };\n  }\n\n  const otterFiles = entries.filter((f) => f.endsWith('-otter.json'));\n\n  for (const filename of otterFiles) {\n    const filePath = join(otterDir, filename);\n\n    // Skip symlinks at the directory-scan level too\n    try {\n      if (lstatSync(filePath).isSymbolicLink()) {\n        failed.push({ filename, error: 'Skipped: symlink' });\n        continue;\n      }\n    } catch {\n      // verifyOtterFile will handle stat errors\n    }\n\n    const result = verifyOtterFile(filePath);\n\n    if (result.verified) {\n      verified.push(result.filename);\n    } else if (result.error?.startsWith('Unknown otter file')) {\n      unknown.push(result.filename);\n    } else {\n      failed.push({ filename: result.filename, error: result.error ?? 'Unknown error' });\n    }\n  }\n\n  // Check for missing canonical files — ones we expect but didn't find on disk\n  for (const canonicalName of CANONICAL_CHECKSUMS.keys()) {\n    if (!otterFiles.includes(canonicalName)) {\n      failed.push({ filename: canonicalName, error: 'Missing from directory' });\n    }\n  }\n\n  return { verified, failed, unknown };\n}\n\n// ---------------------------------------------------------------------------\n// Otter directory resolution\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_SEARCH_PATHS = ['node_modules/@stackwright-pro/otters/src/', 'packages/otters/src/'];\n\nfunction resolveOtterDir(): string | null {\n  const cwd = process.cwd();\n  for (const relative of DEFAULT_SEARCH_PATHS) {\n    const candidate = join(cwd, relative);\n    try {\n      lstatSync(candidate);\n      return candidate;\n    } catch {\n      // Not found, try next\n    }\n  }\n  return null;\n}\n\n// ---------------------------------------------------------------------------\n// MCP tool registration\n// ---------------------------------------------------------------------------\n\nexport function registerIntegrityTools(server: McpServer): void {\n  server.tool(\n    'stackwright_pro_verify_otter_integrity',\n    'Verify SHA-256 integrity of all Pro otter agent definitions. Call this at startup before discovering otters. Auto-discovers the otter directory from known paths. Returns verified/failed/unknown lists.',\n    {},\n    async () => {\n      const resolved = resolveOtterDir();\n\n      if (!resolved) {\n        return {\n          content: [\n            {\n              type: 'text' as const,\n              text: JSON.stringify({\n                error: true,\n                message:\n                  'Could not locate otter directory. Searched: ' + DEFAULT_SEARCH_PATHS.join(', '),\n              }),\n            },\n          ],\n          isError: true,\n        };\n      }\n\n      const result = verifyAllOtters(resolved);\n\n      const allGood = result.failed.length === 0 && result.unknown.length === 0;\n\n      return {\n        content: [\n          {\n            type: 'text' as const,\n            text: JSON.stringify({\n              otterDir: resolved,\n              totalCanonical: CANONICAL_CHECKSUMS.size,\n              verifiedCount: result.verified.length,\n              failedCount: result.failed.length,\n              unknownCount: result.unknown.length,\n              verified: result.verified,\n              failed: result.failed,\n              unknown: result.unknown,\n              warning:\n                result.failed.length > 0\n                  ? 'SHA-256 mismatches detected (non-blocking). PKI-signed manifest support coming soon.'\n                  : undefined,\n            }),\n          },\n        ],\n        isError: false,\n      };\n    }\n  );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiBA,oBAA4C;AAC5C,gBAAqD;AACrD,kBAA+B;AAU/B,IAAM,aAAa,oBAAI,IAAoB;AAAA,EACzC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AACF,CAAC;AACD,OAAO,OAAO,UAAU;AACxB,IAAM,sBAAmD;AAOzD,IAAM,gBAAgB;AAEtB,WAAW,CAAC,MAAM,MAAM,KAAK,qBAAqB;AAChD,MAAI,CAAC,cAAc,KAAK,MAAM,GAAG;AAC/B,UAAM,IAAI;AAAA,MACR,iDAAiD,IAAI,iCACrB,OAAO,MAAM,MAAM,MAAM;AAAA,IAC3D;AAAA,EACF;AACF;AAGA,IAAM,kBAAkB,IAAI,OAAO;AAO5B,SAAS,cAAc,MAAsB;AAClD,aAAO,0BAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACvD;AAGA,SAAS,UAAU,GAAW,GAAoB;AAChD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,aAAO,+BAAgB,OAAO,KAAK,GAAG,MAAM,GAAG,OAAO,KAAK,GAAG,MAAM,CAAC;AACvE;AAkBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,eAAW,sBAAS,QAAQ;AAGlC,QAAM,WAAW,oBAAoB,IAAI,QAAQ;AACjD,MAAI,aAAa,QAAW;AAC1B,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,2CAA2C;AAAA,EACxF;AAGA,MAAI;AACJ,MAAI;AACF,eAAO,qBAAU,QAAQ;AAAA,EAC3B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAEA,MAAI,KAAK,eAAe,GAAG;AACzB,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,6BAA6B;AAAA,EAC1E;AAGA,QAAM,OAAO,KAAK;AAElB,MAAI,OAAO,iBAAiB;AAC1B,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,4BAA4B,gBAAgB,eAAe,CAAC,eAAe,KAAK,eAAe,CAAC;AAAA,IACzG;AAAA,EACF;AAGA,MAAI;AACJ,MAAI;AACF,cAAM,wBAAa,QAAQ;AAAA,EAC7B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAGA,MAAI,IAAI,SAAS,iBAAiB;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,uCAAuC,gBAAgB,eAAe,CAAC,eAAe,IAAI,OAAO,eAAe,CAAC;AAAA,IAC1H;AAAA,EACF;AAGA,QAAM,SAAS,cAAc,GAAG;AAGhC,MAAI,CAAC,UAAU,QAAQ,QAAQ,GAAG;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,8BAA8B,SAAS,UAAU,GAAG,CAAC,CAAC,eAAU,OAAO,UAAU,GAAG,CAAC,CAAC;AAAA,IAC/F;AAAA,EACF;AAGA,MAAI;AACF,UAAM,UAAU,IAAI,YAAY,SAAS,EAAE,OAAO,KAAK,CAAC;AACxD,YAAQ,OAAO,GAAG;AAAA,EACpB,QAAQ;AACN,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,MAAM,SAAS;AACpC;AAgBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,WAAqB,CAAC;AAC5B,QAAM,SAAqD,CAAC;AAC5D,QAAM,UAAoB,CAAC;AAE3B,MAAI;AACJ,MAAI;AACF,kBAAU,uBAAY,QAAQ;AAAA,EAChC,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO;AAAA,MACL,UAAU,CAAC;AAAA,MACX,QAAQ,CAAC,EAAE,UAAU,eAAe,OAAO,0BAA0B,GAAG,GAAG,CAAC;AAAA,MAC5E,SAAS,CAAC;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,OAAO,CAAC,MAAM,EAAE,SAAS,aAAa,CAAC;AAElE,aAAW,YAAY,YAAY;AACjC,UAAM,eAAW,kBAAK,UAAU,QAAQ;AAGxC,QAAI;AACF,cAAI,qBAAU,QAAQ,EAAE,eAAe,GAAG;AACxC,eAAO,KAAK,EAAE,UAAU,OAAO,mBAAmB,CAAC;AACnD;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER;AAEA,UAAM,SAAS,gBAAgB,QAAQ;AAEvC,QAAI,OAAO,UAAU;AACnB,eAAS,KAAK,OAAO,QAAQ;AAAA,IAC/B,WAAW,OAAO,OAAO,WAAW,oBAAoB,GAAG;AACzD,cAAQ,KAAK,OAAO,QAAQ;AAAA,IAC9B,OAAO;AACL,aAAO,KAAK,EAAE,UAAU,OAAO,UAAU,OAAO,OAAO,SAAS,gBAAgB,CAAC;AAAA,IACnF;AAAA,EACF;AAGA,aAAW,iBAAiB,oBAAoB,KAAK,GAAG;AACtD,QAAI,CAAC,WAAW,SAAS,aAAa,GAAG;AACvC,aAAO,KAAK,EAAE,UAAU,eAAe,OAAO,yBAAyB,CAAC;AAAA,IAC1E;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,QAAQ,QAAQ;AACrC;AAMA,IAAM,uBAAuB,CAAC,6CAA6C,sBAAsB;AAEjG,SAAS,kBAAiC;AACxC,QAAM,MAAM,QAAQ,IAAI;AACxB,aAAW,YAAY,sBAAsB;AAC3C,UAAM,gBAAY,kBAAK,KAAK,QAAQ;AACpC,QAAI;AACF,+BAAU,SAAS;AACnB,aAAO;AAAA,IACT,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,uBAAuB,QAAyB;AAC9D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC;AAAA,IACD,YAAY;AACV,YAAM,WAAW,gBAAgB;AAEjC,UAAI,CAAC,UAAU;AACb,eAAO;AAAA,UACL,SAAS;AAAA,YACP;AAAA,cACE,MAAM;AAAA,cACN,MAAM,KAAK,UAAU;AAAA,gBACnB,OAAO;AAAA,gBACP,SACE,iDAAiD,qBAAqB,KAAK,IAAI;AAAA,cACnF,CAAC;AAAA,YACH;AAAA,UACF;AAAA,UACA,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,SAAS,gBAAgB,QAAQ;AAEvC,YAAM,UAAU,OAAO,OAAO,WAAW,KAAK,OAAO,QAAQ,WAAW;AAExE,aAAO;AAAA,QACL,SAAS;AAAA,UACP;AAAA,YACE,MAAM;AAAA,YACN,MAAM,KAAK,UAAU;AAAA,cACnB,UAAU;AAAA,cACV,gBAAgB,oBAAoB;AAAA,cACpC,eAAe,OAAO,SAAS;AAAA,cAC/B,aAAa,OAAO,OAAO;AAAA,cAC3B,cAAc,OAAO,QAAQ;AAAA,cAC7B,UAAU,OAAO;AAAA,cACjB,QAAQ,OAAO;AAAA,cACf,SAAS,OAAO;AAAA,cAChB,SACE,OAAO,OAAO,SAAS,IACnB,yFACA;AAAA,YACR,CAAC;AAAA,UACH;AAAA,QACF;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/integrity.mjs

@@ -5,39 +5,39 @@ import { join, basename } from "path";
 var _checksums = /* @__PURE__ */ new Map([
   [
     "stackwright-pro-api-otter.json",
-    "f1cc9edf2dd1df3ebcea1d0ab33d17a358faaf8aa97ee232cd7994042f2eac0d"
+    "0ac26d85a5ad35b072a58965e1d5e090dd5c5f16dc14e68c452c3e99fcbb5510"
   ],
   [
     "stackwright-pro-auth-otter.json",
-    "a19e06c503209a8a35fe321d30448623545b36b48c47a6ec064d13406ad1f725"
+    "d789b71f196659d5745ebfca87a7bda60a1bb63cfeccd17b4a273ac1e29bb08d"
   ],
   [
     "stackwright-pro-dashboard-otter.json",
-    "b3cb3d7554f2e9eed3b57d5e0e3bf85d6ba5b4db5d3af5514391cf0575fcc001"
+    "600e8597429c353e5b886f316731be84a86cd8b93617bf046e3cbf390b31a431"
   ],
   [
     "stackwright-pro-data-otter.json",
-    "bfacb87ae82867472a75982215554336a105a658d6cd3dd2c8b819fa1e11d7ac"
+    "b2946e3da3b53282c122d150e6db86b0cb89d2edba2a94a7666b26d27051be96"
   ],
   [
     "stackwright-pro-designer-otter.json",
-    "c58fa7c7ead9e6398074e1c7ce3f31a8ef4eb3679f5fa18cc03cae3a87878c88"
+    "f4dbff5149051c77be1645de5ee12c0bd7d590c687a0b2d86737b915a5a6d5f0"
   ],
   [
     "stackwright-pro-foreman-otter.json",
-    "f52264c1f6297b72f3da6d92d41b6d63356db776242caeab25571e6a8df628e4"
+    "7464523d7288374dc6efa5c213c825ec0616e00cf4f739d8039eb41df812cbc5"
   ],
   [
     "stackwright-pro-page-otter.json",
-    "65bec3a3a0dda6b7591bba2de9399f1e3a4fb99cfe1075342f4f4be98d917b67"
+    "12aca7b666b3c85c1d96c700a2da7f209604cb75d0f064995e052711ddafd657"
   ],
   [
     "stackwright-pro-theme-otter.json",
-    "1f182326f1acd3d4091a38c7012085cbb4945893e95be4ca3de72318ad092767"
+    "a303ec6c045420f2c916583e3f6efcda469e9610fedfc84a508ed8a8a75866bc"
   ],
   [
     "stackwright-pro-workflow-otter.json",
-    "0eec9d6a731678cf547c2a7b0b6fc338ca143c35501365a1e4e5dd2779dd5510"
+    "16da6c109d0b5ee60d0a14e009dbeab02a7bbac3b0947795769da053565b9821"
   ]
 ]);
 Object.freeze(_checksums);

package/dist/integrity.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/integrity.ts"],"sourcesContent":["/**\n * Otter Integrity Verification\n * ============================\n * Protects the Pro Otter Raft from disk-based prompt injection / jailbreak attacks.\n *\n * TypeScript port of python/src/stackwright_pro/raft/integrity.py — this lets\n * the MCP package verify otter files without a Python dependency.\n *\n * Certificate-pinned canonical checksums — hardcoded in the MCP package.\n *\n * These are NOT read from disk. An attacker who modifies otter JSON files\n * in @stackwright-pro/otters cannot also modify these constants without\n * compromising the separately-published @stackwright-pro/mcp package.\n *\n * To update: node scripts/sync-mcp-checksums.cjs\n * (reads from packages/otters/src/checksums.json, writes this file)\n */\nimport { createHash, timingSafeEqual } from 'crypto';\nimport { readFileSync, readdirSync, lstatSync } from 'fs';\nimport { join, basename } from 'path';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\n\n// ---------------------------------------------------------------------------\n// Certificate-pinned canonical checksums — frozen Map, immutable by design.\n// DO NOT read these from disk — that would defeat the entire purpose.\n// Object.freeze prevents property mutation at runtime; ReadonlyMap prevents\n// .set() / .delete() at compile time (belt-and-suspenders).\n// ---------------------------------------------------------------------------\n\nconst _checksums = new Map<string, string>([\n  [\n    'stackwright-pro-api-otter.json',\n    'f1cc9edf2dd1df3ebcea1d0ab33d17a358faaf8aa97ee232cd7994042f2eac0d',\n  ],\n  [\n    'stackwright-pro-auth-otter.json',\n    'a19e06c503209a8a35fe321d30448623545b36b48c47a6ec064d13406ad1f725',\n  ],\n  [\n    'stackwright-pro-dashboard-otter.json',\n    'b3cb3d7554f2e9eed3b57d5e0e3bf85d6ba5b4db5d3af5514391cf0575fcc001',\n  ],\n  [\n    'stackwright-pro-data-otter.json',\n    'bfacb87ae82867472a75982215554336a105a658d6cd3dd2c8b819fa1e11d7ac',\n  ],\n  [\n    'stackwright-pro-designer-otter.json',\n    'c58fa7c7ead9e6398074e1c7ce3f31a8ef4eb3679f5fa18cc03cae3a87878c88',\n  ],\n  [\n    'stackwright-pro-foreman-otter.json',\n    'f52264c1f6297b72f3da6d92d41b6d63356db776242caeab25571e6a8df628e4',\n  ],\n  [\n    'stackwright-pro-page-otter.json',\n    '65bec3a3a0dda6b7591bba2de9399f1e3a4fb99cfe1075342f4f4be98d917b67',\n  ],\n  [\n    'stackwright-pro-theme-otter.json',\n    '1f182326f1acd3d4091a38c7012085cbb4945893e95be4ca3de72318ad092767',\n  ],\n  [\n    'stackwright-pro-workflow-otter.json',\n    '0eec9d6a731678cf547c2a7b0b6fc338ca143c35501365a1e4e5dd2779dd5510',\n  ],\n]);\nObject.freeze(_checksums);\nconst CANONICAL_CHECKSUMS: ReadonlyMap<string, string> = _checksums;\n\n// ---------------------------------------------------------------------------\n// Import-time format validation — malformed constants are a packaging bug,\n// not a runtime surprise. Fail fast, fail loud.\n// ---------------------------------------------------------------------------\n\nconst SHA256_HEX_RE = /^[0-9a-f]{64}$/;\n\nfor (const [name, digest] of CANONICAL_CHECKSUMS) {\n  if (!SHA256_HEX_RE.test(digest)) {\n    throw new Error(\n      `Malformed SHA-256 in CANONICAL_CHECKSUMS for \"${name}\": ` +\n        `expected 64 hex chars, got ${digest.length}: \"${digest}\"`\n    );\n  }\n}\n\n// 1 MB — generous headroom for agent definitions; anything larger is suspicious.\nconst MAX_OTTER_BYTES = 1 * 1024 * 1024;\n\n// ---------------------------------------------------------------------------\n// Core functions (exported for direct testing — no MCP server needed)\n// ---------------------------------------------------------------------------\n\n/** Compute the hex-encoded SHA-256 digest of raw bytes. Pure, no I/O. */\nexport function computeSha256(data: Buffer): string {\n  return createHash('sha256').update(data).digest('hex');\n}\n\n/** Constant-time comparison of two hex digest strings. */\nfunction safeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) return false;\n  return timingSafeEqual(Buffer.from(a, 'utf8'), Buffer.from(b, 'utf8'));\n}\n\n// ---------------------------------------------------------------------------\n// Single-file verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyOtterFileResult {\n  verified: boolean;\n  filename: string;\n  error?: string;\n}\n\n/**\n * Read a single otter JSON file, check its size, compute its SHA-256,\n * and constant-time compare against the canonical checksum.\n *\n * Single read → hash → decode. No TOCTOU window.\n */\nexport function verifyOtterFile(filePath: string): VerifyOtterFileResult {\n  const filename = basename(filePath);\n\n  // Fast-fail on unknown filenames before any I/O\n  const expected = CANONICAL_CHECKSUMS.get(filename);\n  if (expected === undefined) {\n    return { verified: false, filename, error: `Unknown otter file: not in canonical set` };\n  }\n\n  // Symlink guard — refuse to follow symlinks (prevents symlink-based swaps)\n  let stat: ReturnType<typeof lstatSync>;\n  try {\n    stat = lstatSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot stat file: ${msg}` };\n  }\n\n  if (stat.isSymbolicLink()) {\n    return { verified: false, filename, error: 'Refusing to verify symlink' };\n  }\n\n  // Stat-based size pre-check — don't materialise oversized payloads\n  const size = stat.size;\n\n  if (size > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${size.toLocaleString()})`,\n    };\n  }\n\n  // Single read — used for hashing and UTF-8 validation (zero TOCTOU window)\n  let raw: Buffer;\n  try {\n    raw = readFileSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot read file: ${msg}` };\n  }\n\n  // Belt-and-suspenders: re-check length after read in case of a race\n  if (raw.length > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit after read (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${raw.length.toLocaleString()})`,\n    };\n  }\n\n  // Hash the raw bytes\n  const actual = computeSha256(raw);\n\n  // Constant-time comparison prevents timing-oracle attacks\n  if (!safeEqual(actual, expected)) {\n    return {\n      verified: false,\n      filename,\n      error: `SHA-256 mismatch: expected ${expected.substring(0, 8)}…, got ${actual.substring(0, 8)}…`,\n    };\n  }\n\n  // UTF-8 validation — binary injection guard\n  try {\n    const decoder = new TextDecoder('utf-8', { fatal: true });\n    decoder.decode(raw);\n  } catch {\n    return {\n      verified: false,\n      filename,\n      error: 'File is not valid UTF-8 — may be corrupted or contain binary injection',\n    };\n  }\n\n  return { verified: true, filename };\n}\n\n// ---------------------------------------------------------------------------\n// Directory-level verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyAllOttersResult {\n  verified: string[];\n  failed: Array<{ filename: string; error: string }>;\n  unknown: string[];\n}\n\n/**\n * Scan a directory for `*-otter.json` files, verify each one against\n * canonical checksums. Returns lists of verified, failed, and unknown files.\n */\nexport function verifyAllOtters(otterDir: string): VerifyAllOttersResult {\n  const verified: string[] = [];\n  const failed: Array<{ filename: string; error: string }> = [];\n  const unknown: string[] = [];\n\n  let entries: string[];\n  try {\n    entries = readdirSync(otterDir);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return {\n      verified: [],\n      failed: [{ filename: '<directory>', error: `Cannot read directory: ${msg}` }],\n      unknown: [],\n    };\n  }\n\n  const otterFiles = entries.filter((f) => f.endsWith('-otter.json'));\n\n  for (const filename of otterFiles) {\n    const filePath = join(otterDir, filename);\n\n    // Skip symlinks at the directory-scan level too\n    try {\n      if (lstatSync(filePath).isSymbolicLink()) {\n        failed.push({ filename, error: 'Skipped: symlink' });\n        continue;\n      }\n    } catch {\n      // verifyOtterFile will handle stat errors\n    }\n\n    const result = verifyOtterFile(filePath);\n\n    if (result.verified) {\n      verified.push(result.filename);\n    } else if (result.error?.startsWith('Unknown otter file')) {\n      unknown.push(result.filename);\n    } else {\n      failed.push({ filename: result.filename, error: result.error ?? 'Unknown error' });\n    }\n  }\n\n  // Check for missing canonical files — ones we expect but didn't find on disk\n  for (const canonicalName of CANONICAL_CHECKSUMS.keys()) {\n    if (!otterFiles.includes(canonicalName)) {\n      failed.push({ filename: canonicalName, error: 'Missing from directory' });\n    }\n  }\n\n  return { verified, failed, unknown };\n}\n\n// ---------------------------------------------------------------------------\n// Otter directory resolution\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_SEARCH_PATHS = ['node_modules/@stackwright-pro/otters/src/', 'packages/otters/src/'];\n\nfunction resolveOtterDir(): string | null {\n  const cwd = process.cwd();\n  for (const relative of DEFAULT_SEARCH_PATHS) {\n    const candidate = join(cwd, relative);\n    try {\n      lstatSync(candidate);\n      return candidate;\n    } catch {\n      // Not found, try next\n    }\n  }\n  return null;\n}\n\n// ---------------------------------------------------------------------------\n// MCP tool registration\n// ---------------------------------------------------------------------------\n\nexport function registerIntegrityTools(server: McpServer): void {\n  server.tool(\n    'stackwright_pro_verify_otter_integrity',\n    'Verify SHA-256 integrity of all Pro otter agent definitions. Call this at startup before discovering otters. Auto-discovers the otter directory from known paths. Returns verified/failed/unknown lists.',\n    {},\n    async () => {\n      const resolved = resolveOtterDir();\n\n      if (!resolved) {\n        return {\n          content: [\n            {\n              type: 'text' as const,\n              text: JSON.stringify({\n                error: true,\n                message:\n                  'Could not locate otter directory. Searched: ' + DEFAULT_SEARCH_PATHS.join(', '),\n              }),\n            },\n          ],\n          isError: true,\n        };\n      }\n\n      const result = verifyAllOtters(resolved);\n\n      const allGood = result.failed.length === 0 && result.unknown.length === 0;\n\n      return {\n        content: [\n          {\n            type: 'text' as const,\n            text: JSON.stringify({\n              otterDir: resolved,\n              totalCanonical: CANONICAL_CHECKSUMS.size,\n              verifiedCount: result.verified.length,\n              failedCount: result.failed.length,\n              unknownCount: result.unknown.length,\n              verified: result.verified,\n              failed: result.failed,\n              unknown: result.unknown,\n              warning:\n                result.failed.length > 0\n                  ? 'SHA-256 mismatches detected (non-blocking). PKI-signed manifest support coming soon.'\n                  : undefined,\n            }),\n          },\n        ],\n        isError: false,\n      };\n    }\n  );\n}\n"],"mappings":";AAiBA,SAAS,YAAY,uBAAuB;AAC5C,SAAS,cAAc,aAAa,iBAAiB;AACrD,SAAS,MAAM,gBAAgB;AAU/B,IAAM,aAAa,oBAAI,IAAoB;AAAA,EACzC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AACF,CAAC;AACD,OAAO,OAAO,UAAU;AACxB,IAAM,sBAAmD;AAOzD,IAAM,gBAAgB;AAEtB,WAAW,CAAC,MAAM,MAAM,KAAK,qBAAqB;AAChD,MAAI,CAAC,cAAc,KAAK,MAAM,GAAG;AAC/B,UAAM,IAAI;AAAA,MACR,iDAAiD,IAAI,iCACrB,OAAO,MAAM,MAAM,MAAM;AAAA,IAC3D;AAAA,EACF;AACF;AAGA,IAAM,kBAAkB,IAAI,OAAO;AAO5B,SAAS,cAAc,MAAsB;AAClD,SAAO,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACvD;AAGA,SAAS,UAAU,GAAW,GAAoB;AAChD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,SAAO,gBAAgB,OAAO,KAAK,GAAG,MAAM,GAAG,OAAO,KAAK,GAAG,MAAM,CAAC;AACvE;AAkBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,WAAW,SAAS,QAAQ;AAGlC,QAAM,WAAW,oBAAoB,IAAI,QAAQ;AACjD,MAAI,aAAa,QAAW;AAC1B,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,2CAA2C;AAAA,EACxF;AAGA,MAAI;AACJ,MAAI;AACF,WAAO,UAAU,QAAQ;AAAA,EAC3B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAEA,MAAI,KAAK,eAAe,GAAG;AACzB,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,6BAA6B;AAAA,EAC1E;AAGA,QAAM,OAAO,KAAK;AAElB,MAAI,OAAO,iBAAiB;AAC1B,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,4BAA4B,gBAAgB,eAAe,CAAC,eAAe,KAAK,eAAe,CAAC;AAAA,IACzG;AAAA,EACF;AAGA,MAAI;AACJ,MAAI;AACF,UAAM,aAAa,QAAQ;AAAA,EAC7B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAGA,MAAI,IAAI,SAAS,iBAAiB;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,uCAAuC,gBAAgB,eAAe,CAAC,eAAe,IAAI,OAAO,eAAe,CAAC;AAAA,IAC1H;AAAA,EACF;AAGA,QAAM,SAAS,cAAc,GAAG;AAGhC,MAAI,CAAC,UAAU,QAAQ,QAAQ,GAAG;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,8BAA8B,SAAS,UAAU,GAAG,CAAC,CAAC,eAAU,OAAO,UAAU,GAAG,CAAC,CAAC;AAAA,IAC/F;AAAA,EACF;AAGA,MAAI;AACF,UAAM,UAAU,IAAI,YAAY,SAAS,EAAE,OAAO,KAAK,CAAC;AACxD,YAAQ,OAAO,GAAG;AAAA,EACpB,QAAQ;AACN,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,MAAM,SAAS;AACpC;AAgBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,WAAqB,CAAC;AAC5B,QAAM,SAAqD,CAAC;AAC5D,QAAM,UAAoB,CAAC;AAE3B,MAAI;AACJ,MAAI;AACF,cAAU,YAAY,QAAQ;AAAA,EAChC,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO;AAAA,MACL,UAAU,CAAC;AAAA,MACX,QAAQ,CAAC,EAAE,UAAU,eAAe,OAAO,0BAA0B,GAAG,GAAG,CAAC;AAAA,MAC5E,SAAS,CAAC;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,OAAO,CAAC,MAAM,EAAE,SAAS,aAAa,CAAC;AAElE,aAAW,YAAY,YAAY;AACjC,UAAM,WAAW,KAAK,UAAU,QAAQ;AAGxC,QAAI;AACF,UAAI,UAAU,QAAQ,EAAE,eAAe,GAAG;AACxC,eAAO,KAAK,EAAE,UAAU,OAAO,mBAAmB,CAAC;AACnD;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER;AAEA,UAAM,SAAS,gBAAgB,QAAQ;AAEvC,QAAI,OAAO,UAAU;AACnB,eAAS,KAAK,OAAO,QAAQ;AAAA,IAC/B,WAAW,OAAO,OAAO,WAAW,oBAAoB,GAAG;AACzD,cAAQ,KAAK,OAAO,QAAQ;AAAA,IAC9B,OAAO;AACL,aAAO,KAAK,EAAE,UAAU,OAAO,UAAU,OAAO,OAAO,SAAS,gBAAgB,CAAC;AAAA,IACnF;AAAA,EACF;AAGA,aAAW,iBAAiB,oBAAoB,KAAK,GAAG;AACtD,QAAI,CAAC,WAAW,SAAS,aAAa,GAAG;AACvC,aAAO,KAAK,EAAE,UAAU,eAAe,OAAO,yBAAyB,CAAC;AAAA,IAC1E;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,QAAQ,QAAQ;AACrC;AAMA,IAAM,uBAAuB,CAAC,6CAA6C,sBAAsB;AAEjG,SAAS,kBAAiC;AACxC,QAAM,MAAM,QAAQ,IAAI;AACxB,aAAW,YAAY,sBAAsB;AAC3C,UAAM,YAAY,KAAK,KAAK,QAAQ;AACpC,QAAI;AACF,gBAAU,SAAS;AACnB,aAAO;AAAA,IACT,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,uBAAuB,QAAyB;AAC9D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC;AAAA,IACD,YAAY;AACV,YAAM,WAAW,gBAAgB;AAEjC,UAAI,CAAC,UAAU;AACb,eAAO;AAAA,UACL,SAAS;AAAA,YACP;AAAA,cACE,MAAM;AAAA,cACN,MAAM,KAAK,UAAU;AAAA,gBACnB,OAAO;AAAA,gBACP,SACE,iDAAiD,qBAAqB,KAAK,IAAI;AAAA,cACnF,CAAC;AAAA,YACH;AAAA,UACF;AAAA,UACA,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,SAAS,gBAAgB,QAAQ;AAEvC,YAAM,UAAU,OAAO,OAAO,WAAW,KAAK,OAAO,QAAQ,WAAW;AAExE,aAAO;AAAA,QACL,SAAS;AAAA,UACP;AAAA,YACE,MAAM;AAAA,YACN,MAAM,KAAK,UAAU;AAAA,cACnB,UAAU;AAAA,cACV,gBAAgB,oBAAoB;AAAA,cACpC,eAAe,OAAO,SAAS;AAAA,cAC/B,aAAa,OAAO,OAAO;AAAA,cAC3B,cAAc,OAAO,QAAQ;AAAA,cAC7B,UAAU,OAAO;AAAA,cACjB,QAAQ,OAAO;AAAA,cACf,SAAS,OAAO;AAAA,cAChB,SACE,OAAO,OAAO,SAAS,IACnB,yFACA;AAAA,YACR,CAAC;AAAA,UACH;AAAA,QACF;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
+{"version":3,"sources":["../src/integrity.ts"],"sourcesContent":["/**\n * Otter Integrity Verification\n * ============================\n * Protects the Pro Otter Raft from disk-based prompt injection / jailbreak attacks.\n *\n * TypeScript port of python/src/stackwright_pro/raft/integrity.py — this lets\n * the MCP package verify otter files without a Python dependency.\n *\n * Certificate-pinned canonical checksums — hardcoded in the MCP package.\n *\n * These are NOT read from disk. An attacker who modifies otter JSON files\n * in @stackwright-pro/otters cannot also modify these constants without\n * compromising the separately-published @stackwright-pro/mcp package.\n *\n * To update: node scripts/sync-mcp-checksums.cjs\n * (reads from packages/otters/src/checksums.json, writes this file)\n */\nimport { createHash, timingSafeEqual } from 'crypto';\nimport { readFileSync, readdirSync, lstatSync } from 'fs';\nimport { join, basename } from 'path';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\n\n// ---------------------------------------------------------------------------\n// Certificate-pinned canonical checksums — frozen Map, immutable by design.\n// DO NOT read these from disk — that would defeat the entire purpose.\n// Object.freeze prevents property mutation at runtime; ReadonlyMap prevents\n// .set() / .delete() at compile time (belt-and-suspenders).\n// ---------------------------------------------------------------------------\n\nconst _checksums = new Map<string, string>([\n  [\n    'stackwright-pro-api-otter.json',\n    '0ac26d85a5ad35b072a58965e1d5e090dd5c5f16dc14e68c452c3e99fcbb5510',\n  ],\n  [\n    'stackwright-pro-auth-otter.json',\n    'd789b71f196659d5745ebfca87a7bda60a1bb63cfeccd17b4a273ac1e29bb08d',\n  ],\n  [\n    'stackwright-pro-dashboard-otter.json',\n    '600e8597429c353e5b886f316731be84a86cd8b93617bf046e3cbf390b31a431',\n  ],\n  [\n    'stackwright-pro-data-otter.json',\n    'b2946e3da3b53282c122d150e6db86b0cb89d2edba2a94a7666b26d27051be96',\n  ],\n  [\n    'stackwright-pro-designer-otter.json',\n    'f4dbff5149051c77be1645de5ee12c0bd7d590c687a0b2d86737b915a5a6d5f0',\n  ],\n  [\n    'stackwright-pro-foreman-otter.json',\n    '7464523d7288374dc6efa5c213c825ec0616e00cf4f739d8039eb41df812cbc5',\n  ],\n  [\n    'stackwright-pro-page-otter.json',\n    '12aca7b666b3c85c1d96c700a2da7f209604cb75d0f064995e052711ddafd657',\n  ],\n  [\n    'stackwright-pro-theme-otter.json',\n    'a303ec6c045420f2c916583e3f6efcda469e9610fedfc84a508ed8a8a75866bc',\n  ],\n  [\n    'stackwright-pro-workflow-otter.json',\n    '16da6c109d0b5ee60d0a14e009dbeab02a7bbac3b0947795769da053565b9821',\n  ],\n]);\nObject.freeze(_checksums);\nconst CANONICAL_CHECKSUMS: ReadonlyMap<string, string> = _checksums;\n\n// ---------------------------------------------------------------------------\n// Import-time format validation — malformed constants are a packaging bug,\n// not a runtime surprise. Fail fast, fail loud.\n// ---------------------------------------------------------------------------\n\nconst SHA256_HEX_RE = /^[0-9a-f]{64}$/;\n\nfor (const [name, digest] of CANONICAL_CHECKSUMS) {\n  if (!SHA256_HEX_RE.test(digest)) {\n    throw new Error(\n      `Malformed SHA-256 in CANONICAL_CHECKSUMS for \"${name}\": ` +\n        `expected 64 hex chars, got ${digest.length}: \"${digest}\"`\n    );\n  }\n}\n\n// 1 MB — generous headroom for agent definitions; anything larger is suspicious.\nconst MAX_OTTER_BYTES = 1 * 1024 * 1024;\n\n// ---------------------------------------------------------------------------\n// Core functions (exported for direct testing — no MCP server needed)\n// ---------------------------------------------------------------------------\n\n/** Compute the hex-encoded SHA-256 digest of raw bytes. Pure, no I/O. */\nexport function computeSha256(data: Buffer): string {\n  return createHash('sha256').update(data).digest('hex');\n}\n\n/** Constant-time comparison of two hex digest strings. */\nfunction safeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) return false;\n  return timingSafeEqual(Buffer.from(a, 'utf8'), Buffer.from(b, 'utf8'));\n}\n\n// ---------------------------------------------------------------------------\n// Single-file verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyOtterFileResult {\n  verified: boolean;\n  filename: string;\n  error?: string;\n}\n\n/**\n * Read a single otter JSON file, check its size, compute its SHA-256,\n * and constant-time compare against the canonical checksum.\n *\n * Single read → hash → decode. No TOCTOU window.\n */\nexport function verifyOtterFile(filePath: string): VerifyOtterFileResult {\n  const filename = basename(filePath);\n\n  // Fast-fail on unknown filenames before any I/O\n  const expected = CANONICAL_CHECKSUMS.get(filename);\n  if (expected === undefined) {\n    return { verified: false, filename, error: `Unknown otter file: not in canonical set` };\n  }\n\n  // Symlink guard — refuse to follow symlinks (prevents symlink-based swaps)\n  let stat: ReturnType<typeof lstatSync>;\n  try {\n    stat = lstatSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot stat file: ${msg}` };\n  }\n\n  if (stat.isSymbolicLink()) {\n    return { verified: false, filename, error: 'Refusing to verify symlink' };\n  }\n\n  // Stat-based size pre-check — don't materialise oversized payloads\n  const size = stat.size;\n\n  if (size > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${size.toLocaleString()})`,\n    };\n  }\n\n  // Single read — used for hashing and UTF-8 validation (zero TOCTOU window)\n  let raw: Buffer;\n  try {\n    raw = readFileSync(filePath);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return { verified: false, filename, error: `Cannot read file: ${msg}` };\n  }\n\n  // Belt-and-suspenders: re-check length after read in case of a race\n  if (raw.length > MAX_OTTER_BYTES) {\n    return {\n      verified: false,\n      filename,\n      error: `File exceeds size limit after read (${MAX_OTTER_BYTES.toLocaleString()} bytes, got ${raw.length.toLocaleString()})`,\n    };\n  }\n\n  // Hash the raw bytes\n  const actual = computeSha256(raw);\n\n  // Constant-time comparison prevents timing-oracle attacks\n  if (!safeEqual(actual, expected)) {\n    return {\n      verified: false,\n      filename,\n      error: `SHA-256 mismatch: expected ${expected.substring(0, 8)}…, got ${actual.substring(0, 8)}…`,\n    };\n  }\n\n  // UTF-8 validation — binary injection guard\n  try {\n    const decoder = new TextDecoder('utf-8', { fatal: true });\n    decoder.decode(raw);\n  } catch {\n    return {\n      verified: false,\n      filename,\n      error: 'File is not valid UTF-8 — may be corrupted or contain binary injection',\n    };\n  }\n\n  return { verified: true, filename };\n}\n\n// ---------------------------------------------------------------------------\n// Directory-level verification\n// ---------------------------------------------------------------------------\n\nexport interface VerifyAllOttersResult {\n  verified: string[];\n  failed: Array<{ filename: string; error: string }>;\n  unknown: string[];\n}\n\n/**\n * Scan a directory for `*-otter.json` files, verify each one against\n * canonical checksums. Returns lists of verified, failed, and unknown files.\n */\nexport function verifyAllOtters(otterDir: string): VerifyAllOttersResult {\n  const verified: string[] = [];\n  const failed: Array<{ filename: string; error: string }> = [];\n  const unknown: string[] = [];\n\n  let entries: string[];\n  try {\n    entries = readdirSync(otterDir);\n  } catch (err) {\n    const msg = err instanceof Error ? err.message : String(err);\n    return {\n      verified: [],\n      failed: [{ filename: '<directory>', error: `Cannot read directory: ${msg}` }],\n      unknown: [],\n    };\n  }\n\n  const otterFiles = entries.filter((f) => f.endsWith('-otter.json'));\n\n  for (const filename of otterFiles) {\n    const filePath = join(otterDir, filename);\n\n    // Skip symlinks at the directory-scan level too\n    try {\n      if (lstatSync(filePath).isSymbolicLink()) {\n        failed.push({ filename, error: 'Skipped: symlink' });\n        continue;\n      }\n    } catch {\n      // verifyOtterFile will handle stat errors\n    }\n\n    const result = verifyOtterFile(filePath);\n\n    if (result.verified) {\n      verified.push(result.filename);\n    } else if (result.error?.startsWith('Unknown otter file')) {\n      unknown.push(result.filename);\n    } else {\n      failed.push({ filename: result.filename, error: result.error ?? 'Unknown error' });\n    }\n  }\n\n  // Check for missing canonical files — ones we expect but didn't find on disk\n  for (const canonicalName of CANONICAL_CHECKSUMS.keys()) {\n    if (!otterFiles.includes(canonicalName)) {\n      failed.push({ filename: canonicalName, error: 'Missing from directory' });\n    }\n  }\n\n  return { verified, failed, unknown };\n}\n\n// ---------------------------------------------------------------------------\n// Otter directory resolution\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_SEARCH_PATHS = ['node_modules/@stackwright-pro/otters/src/', 'packages/otters/src/'];\n\nfunction resolveOtterDir(): string | null {\n  const cwd = process.cwd();\n  for (const relative of DEFAULT_SEARCH_PATHS) {\n    const candidate = join(cwd, relative);\n    try {\n      lstatSync(candidate);\n      return candidate;\n    } catch {\n      // Not found, try next\n    }\n  }\n  return null;\n}\n\n// ---------------------------------------------------------------------------\n// MCP tool registration\n// ---------------------------------------------------------------------------\n\nexport function registerIntegrityTools(server: McpServer): void {\n  server.tool(\n    'stackwright_pro_verify_otter_integrity',\n    'Verify SHA-256 integrity of all Pro otter agent definitions. Call this at startup before discovering otters. Auto-discovers the otter directory from known paths. Returns verified/failed/unknown lists.',\n    {},\n    async () => {\n      const resolved = resolveOtterDir();\n\n      if (!resolved) {\n        return {\n          content: [\n            {\n              type: 'text' as const,\n              text: JSON.stringify({\n                error: true,\n                message:\n                  'Could not locate otter directory. Searched: ' + DEFAULT_SEARCH_PATHS.join(', '),\n              }),\n            },\n          ],\n          isError: true,\n        };\n      }\n\n      const result = verifyAllOtters(resolved);\n\n      const allGood = result.failed.length === 0 && result.unknown.length === 0;\n\n      return {\n        content: [\n          {\n            type: 'text' as const,\n            text: JSON.stringify({\n              otterDir: resolved,\n              totalCanonical: CANONICAL_CHECKSUMS.size,\n              verifiedCount: result.verified.length,\n              failedCount: result.failed.length,\n              unknownCount: result.unknown.length,\n              verified: result.verified,\n              failed: result.failed,\n              unknown: result.unknown,\n              warning:\n                result.failed.length > 0\n                  ? 'SHA-256 mismatches detected (non-blocking). PKI-signed manifest support coming soon.'\n                  : undefined,\n            }),\n          },\n        ],\n        isError: false,\n      };\n    }\n  );\n}\n"],"mappings":";AAiBA,SAAS,YAAY,uBAAuB;AAC5C,SAAS,cAAc,aAAa,iBAAiB;AACrD,SAAS,MAAM,gBAAgB;AAU/B,IAAM,aAAa,oBAAI,IAAoB;AAAA,EACzC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAAA,EACA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AACF,CAAC;AACD,OAAO,OAAO,UAAU;AACxB,IAAM,sBAAmD;AAOzD,IAAM,gBAAgB;AAEtB,WAAW,CAAC,MAAM,MAAM,KAAK,qBAAqB;AAChD,MAAI,CAAC,cAAc,KAAK,MAAM,GAAG;AAC/B,UAAM,IAAI;AAAA,MACR,iDAAiD,IAAI,iCACrB,OAAO,MAAM,MAAM,MAAM;AAAA,IAC3D;AAAA,EACF;AACF;AAGA,IAAM,kBAAkB,IAAI,OAAO;AAO5B,SAAS,cAAc,MAAsB;AAClD,SAAO,WAAW,QAAQ,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;AACvD;AAGA,SAAS,UAAU,GAAW,GAAoB;AAChD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,SAAO,gBAAgB,OAAO,KAAK,GAAG,MAAM,GAAG,OAAO,KAAK,GAAG,MAAM,CAAC;AACvE;AAkBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,WAAW,SAAS,QAAQ;AAGlC,QAAM,WAAW,oBAAoB,IAAI,QAAQ;AACjD,MAAI,aAAa,QAAW;AAC1B,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,2CAA2C;AAAA,EACxF;AAGA,MAAI;AACJ,MAAI;AACF,WAAO,UAAU,QAAQ;AAAA,EAC3B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAEA,MAAI,KAAK,eAAe,GAAG;AACzB,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,6BAA6B;AAAA,EAC1E;AAGA,QAAM,OAAO,KAAK;AAElB,MAAI,OAAO,iBAAiB;AAC1B,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,4BAA4B,gBAAgB,eAAe,CAAC,eAAe,KAAK,eAAe,CAAC;AAAA,IACzG;AAAA,EACF;AAGA,MAAI;AACJ,MAAI;AACF,UAAM,aAAa,QAAQ;AAAA,EAC7B,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO,EAAE,UAAU,OAAO,UAAU,OAAO,qBAAqB,GAAG,GAAG;AAAA,EACxE;AAGA,MAAI,IAAI,SAAS,iBAAiB;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,uCAAuC,gBAAgB,eAAe,CAAC,eAAe,IAAI,OAAO,eAAe,CAAC;AAAA,IAC1H;AAAA,EACF;AAGA,QAAM,SAAS,cAAc,GAAG;AAGhC,MAAI,CAAC,UAAU,QAAQ,QAAQ,GAAG;AAChC,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO,8BAA8B,SAAS,UAAU,GAAG,CAAC,CAAC,eAAU,OAAO,UAAU,GAAG,CAAC,CAAC;AAAA,IAC/F;AAAA,EACF;AAGA,MAAI;AACF,UAAM,UAAU,IAAI,YAAY,SAAS,EAAE,OAAO,KAAK,CAAC;AACxD,YAAQ,OAAO,GAAG;AAAA,EACpB,QAAQ;AACN,WAAO;AAAA,MACL,UAAU;AAAA,MACV;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,MAAM,SAAS;AACpC;AAgBO,SAAS,gBAAgB,UAAyC;AACvE,QAAM,WAAqB,CAAC;AAC5B,QAAM,SAAqD,CAAC;AAC5D,QAAM,UAAoB,CAAC;AAE3B,MAAI;AACJ,MAAI;AACF,cAAU,YAAY,QAAQ;AAAA,EAChC,SAAS,KAAK;AACZ,UAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,WAAO;AAAA,MACL,UAAU,CAAC;AAAA,MACX,QAAQ,CAAC,EAAE,UAAU,eAAe,OAAO,0BAA0B,GAAG,GAAG,CAAC;AAAA,MAC5E,SAAS,CAAC;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,OAAO,CAAC,MAAM,EAAE,SAAS,aAAa,CAAC;AAElE,aAAW,YAAY,YAAY;AACjC,UAAM,WAAW,KAAK,UAAU,QAAQ;AAGxC,QAAI;AACF,UAAI,UAAU,QAAQ,EAAE,eAAe,GAAG;AACxC,eAAO,KAAK,EAAE,UAAU,OAAO,mBAAmB,CAAC;AACnD;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER;AAEA,UAAM,SAAS,gBAAgB,QAAQ;AAEvC,QAAI,OAAO,UAAU;AACnB,eAAS,KAAK,OAAO,QAAQ;AAAA,IAC/B,WAAW,OAAO,OAAO,WAAW,oBAAoB,GAAG;AACzD,cAAQ,KAAK,OAAO,QAAQ;AAAA,IAC9B,OAAO;AACL,aAAO,KAAK,EAAE,UAAU,OAAO,UAAU,OAAO,OAAO,SAAS,gBAAgB,CAAC;AAAA,IACnF;AAAA,EACF;AAGA,aAAW,iBAAiB,oBAAoB,KAAK,GAAG;AACtD,QAAI,CAAC,WAAW,SAAS,aAAa,GAAG;AACvC,aAAO,KAAK,EAAE,UAAU,eAAe,OAAO,yBAAyB,CAAC;AAAA,IAC1E;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,QAAQ,QAAQ;AACrC;AAMA,IAAM,uBAAuB,CAAC,6CAA6C,sBAAsB;AAEjG,SAAS,kBAAiC;AACxC,QAAM,MAAM,QAAQ,IAAI;AACxB,aAAW,YAAY,sBAAsB;AAC3C,UAAM,YAAY,KAAK,KAAK,QAAQ;AACpC,QAAI;AACF,gBAAU,SAAS;AACnB,aAAO;AAAA,IACT,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,uBAAuB,QAAyB;AAC9D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC;AAAA,IACD,YAAY;AACV,YAAM,WAAW,gBAAgB;AAEjC,UAAI,CAAC,UAAU;AACb,eAAO;AAAA,UACL,SAAS;AAAA,YACP;AAAA,cACE,MAAM;AAAA,cACN,MAAM,KAAK,UAAU;AAAA,gBACnB,OAAO;AAAA,gBACP,SACE,iDAAiD,qBAAqB,KAAK,IAAI;AAAA,cACnF,CAAC;AAAA,YACH;AAAA,UACF;AAAA,UACA,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,SAAS,gBAAgB,QAAQ;AAEvC,YAAM,UAAU,OAAO,OAAO,WAAW,KAAK,OAAO,QAAQ,WAAW;AAExE,aAAO;AAAA,QACL,SAAS;AAAA,UACP;AAAA,YACE,MAAM;AAAA,YACN,MAAM,KAAK,UAAU;AAAA,cACnB,UAAU;AAAA,cACV,gBAAgB,oBAAoB;AAAA,cACpC,eAAe,OAAO,SAAS;AAAA,cAC/B,aAAa,OAAO,OAAO;AAAA,cAC3B,cAAc,OAAO,QAAQ;AAAA,cAC7B,UAAU,OAAO;AAAA,cACjB,QAAQ,OAAO;AAAA,cACf,SAAS,OAAO;AAAA,cAChB,SACE,OAAO,OAAO,SAAS,IACnB,yFACA;AAAA,YACR,CAAC;AAAA,UACH;AAAA,QACF;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AACF;","names":[]}