@stackwright-pro/mcp 0.2.0-alpha.40 → 0.2.0-alpha.49

package/dist/server.js

@@ -1402,6 +1402,25 @@ function registerQuestionTools(server2) {
         }
       }
       const adapted = adaptQuestions(resolvedQuestions, answers ?? {});
+      const labelSchema = import_zod8.z.string().max(50, "Value should have at most 50 characters");
+      for (const q of adapted) {
+        for (const opt of q.options) {
+          const check = labelSchema.safeParse(opt.label);
+          if (!check.success) {
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: JSON.stringify({
+                    error: `Option label for phase "${phase}" exceeds 50 characters: ${check.error.issues[0]?.message ?? "label too long"}. Truncate option labels to \u226450 characters before calling this tool.`
+                  })
+                }
+              ],
+              isError: true
+            };
+          }
+        }
+      }
       if (adapted.length === 0) {
         return {
           content: [
@@ -1897,9 +1916,334 @@ function registerOrchestrationTools(server2) {
 }
 
 // src/tools/pipeline.ts
-var import_zod10 = require("zod");
+var import_zod11 = require("zod");
+var import_fs5 = require("fs");
+var import_path5 = require("path");
+var import_crypto3 = require("crypto");
+
+// src/artifact-signing.ts
+var import_crypto2 = require("crypto");
 var import_fs4 = require("fs");
 var import_path4 = require("path");
+var import_zod10 = require("zod");
+var ALGORITHM = "ECDSA-P384-SHA384";
+var KEY_FILE = "pipeline-keys.json";
+var KEY_DIR = ".stackwright";
+var SIGNATURE_MANIFEST = "signatures.json";
+var ARTIFACTS_DIR = ".stackwright/artifacts";
+function rejectSymlink(filePath, context) {
+  if (!(0, import_fs4.existsSync)(filePath)) return;
+  const stat = (0, import_fs4.lstatSync)(filePath);
+  if (stat.isSymbolicLink()) {
+    throw new Error(`Security: refusing to follow symlink at ${context}: ${filePath}`);
+  }
+}
+function computeSha384(data) {
+  return (0, import_crypto2.createHash)("sha384").update(data).digest("hex");
+}
+function safeDigestEqual(a, b) {
+  if (a.length !== b.length) return false;
+  return (0, import_crypto2.timingSafeEqual)(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
+}
+function emptyManifest() {
+  return {
+    version: "1.0",
+    algorithm: ALGORITHM,
+    signatures: {}
+  };
+}
+function initPipelineKeys(cwd) {
+  const keyDir = (0, import_path4.join)(cwd, KEY_DIR);
+  const keyPath = (0, import_path4.join)(keyDir, KEY_FILE);
+  rejectSymlink(keyPath, "pipeline-keys.json");
+  (0, import_fs4.mkdirSync)(keyDir, { recursive: true });
+  const { publicKey, privateKey } = (0, import_crypto2.generateKeyPairSync)("ec", {
+    namedCurve: "P-384"
+  });
+  const publicKeyPem = publicKey.export({ type: "spki", format: "pem" });
+  const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" });
+  const fingerprint = (0, import_crypto2.createHash)("sha256").update(publicKeyPem).digest("hex");
+  const keyFile = {
+    version: "1.0",
+    algorithm: ALGORITHM,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    publicKeyPem,
+    privateKeyPem
+  };
+  (0, import_fs4.writeFileSync)(keyPath, JSON.stringify(keyFile, null, 2), { encoding: "utf-8" });
+  return { publicKeyPem, fingerprint };
+}
+function loadPipelineKeys(cwd) {
+  const keyPath = (0, import_path4.join)(cwd, KEY_DIR, KEY_FILE);
+  rejectSymlink(keyPath, "pipeline-keys.json");
+  if (!(0, import_fs4.existsSync)(keyPath)) {
+    throw new Error("Pipeline keys not found \u2014 call initPipelineKeys() first");
+  }
+  let raw;
+  try {
+    raw = (0, import_fs4.readFileSync)(keyPath, "utf-8");
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    throw new Error(`Cannot read pipeline keys: ${msg}`, { cause: err });
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error("Pipeline keys file is not valid JSON");
+  }
+  if (typeof parsed.publicKeyPem !== "string" || !parsed.publicKeyPem.includes("-----BEGIN PUBLIC KEY-----")) {
+    throw new Error("Invalid public key PEM in pipeline keys file");
+  }
+  if (typeof parsed.privateKeyPem !== "string" || !parsed.privateKeyPem.includes("-----BEGIN")) {
+    throw new Error("Invalid private key PEM in pipeline keys file");
+  }
+  const publicKey = (0, import_crypto2.createPublicKey)(parsed.publicKeyPem);
+  const privateKey = (0, import_crypto2.createPrivateKey)(parsed.privateKeyPem);
+  return { privateKey, publicKey };
+}
+function signArtifact(artifactBytes, privateKey) {
+  const digest = computeSha384(artifactBytes);
+  const sig = (0, import_crypto2.sign)("SHA384", artifactBytes, privateKey);
+  return {
+    digest,
+    signature: sig.toString("base64"),
+    algorithm: ALGORITHM,
+    signedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function verifyArtifact(artifactBytes, signature, publicKey) {
+  const sigValid = (0, import_crypto2.verify)(
+    "SHA384",
+    artifactBytes,
+    publicKey,
+    Buffer.from(signature.signature, "base64")
+  );
+  if (!sigValid) return false;
+  const actualDigest = computeSha384(artifactBytes);
+  return safeDigestEqual(actualDigest, signature.digest);
+}
+function loadSignatureManifest(cwd) {
+  const manifestPath = (0, import_path4.join)(cwd, ARTIFACTS_DIR, SIGNATURE_MANIFEST);
+  rejectSymlink(manifestPath, "signatures.json");
+  if (!(0, import_fs4.existsSync)(manifestPath)) return emptyManifest();
+  let raw;
+  try {
+    raw = (0, import_fs4.readFileSync)(manifestPath, "utf-8");
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    throw new Error(`Cannot read signature manifest: ${msg}`, { cause: err });
+  }
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed.version !== "1.0" || typeof parsed.signatures !== "object") {
+      throw new Error("Malformed signature manifest: invalid version or missing signatures object");
+    }
+    return parsed;
+  } catch (err) {
+    if (err instanceof Error && err.message.startsWith("Malformed")) throw err;
+    throw new Error("Signature manifest is not valid JSON", { cause: err });
+  }
+}
+function saveArtifactSignature(cwd, artifactFilename, sig, signerOtter) {
+  const artifactsDir = (0, import_path4.join)(cwd, ARTIFACTS_DIR);
+  const manifestPath = (0, import_path4.join)(artifactsDir, SIGNATURE_MANIFEST);
+  rejectSymlink(manifestPath, "signatures.json (save)");
+  (0, import_fs4.mkdirSync)(artifactsDir, { recursive: true });
+  const manifest = loadSignatureManifest(cwd);
+  manifest.signatures[artifactFilename] = {
+    ...sig,
+    signedBy: signerOtter
+  };
+  (0, import_fs4.writeFileSync)(manifestPath, JSON.stringify(manifest, null, 2), { encoding: "utf-8" });
+}
+function getArtifactSignature(cwd, artifactFilename) {
+  const manifest = loadSignatureManifest(cwd);
+  const entry = manifest.signatures[artifactFilename];
+  if (!entry) return null;
+  return {
+    digest: entry.digest,
+    signature: entry.signature,
+    algorithm: entry.algorithm,
+    signedAt: entry.signedAt
+  };
+}
+function emitSignatureAuditEvent(params) {
+  const record = JSON.stringify({
+    level: "AUDIT",
+    event: "ARTIFACT_SIGNATURE_FAIL",
+    timestamp: params.timestamp,
+    source: params.source,
+    artifactFilename: params.artifactFilename,
+    expectedDigest: params.expectedDigest,
+    actualDigest: params.actualDigest,
+    phase: params.phase
+  });
+  process.stderr.write(`ARTIFACT_SIGNATURE_FAIL ${record}
+`);
+}
+function registerArtifactSigningTools(server2) {
+  server2.tool(
+    "stackwright_pro_verify_artifact_signatures",
+    "Verify ECDSA P-384 signatures for all pipeline artifacts in .stackwright/artifacts/. Auto-discovers keys from .stackwright/pipeline-keys.json. Returns per-artifact verification status.",
+    {
+      cwd: import_zod10.z.string().optional().describe("Project root directory. Defaults to process.cwd().")
+    },
+    async ({ cwd: cwdParam }) => {
+      const cwd = cwdParam ?? process.cwd();
+      let publicKey;
+      try {
+        const keys = loadPipelineKeys(cwd);
+        publicKey = keys.publicKey;
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                error: true,
+                message: `Cannot load pipeline keys: ${msg}`
+              })
+            }
+          ],
+          isError: true
+        };
+      }
+      let manifest;
+      try {
+        manifest = loadSignatureManifest(cwd);
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                error: true,
+                message: `Cannot load signature manifest: ${msg}`
+              })
+            }
+          ],
+          isError: true
+        };
+      }
+      const artifactsPath = (0, import_path4.join)(cwd, ARTIFACTS_DIR);
+      let artifactFiles = [];
+      try {
+        if ((0, import_fs4.existsSync)(artifactsPath)) {
+          artifactFiles = (0, import_fs4.readdirSync)(artifactsPath).filter(
+            (f) => f.endsWith(".json") && f !== SIGNATURE_MANIFEST
+          );
+        }
+      } catch {
+      }
+      const results = [];
+      let hasFailure = false;
+      for (const filename of artifactFiles) {
+        const filePath = (0, import_path4.join)(artifactsPath, filename);
+        try {
+          rejectSymlink(filePath, `artifact ${filename}`);
+        } catch {
+          results.push({
+            filename,
+            verified: false,
+            error: "Refusing to verify symlink"
+          });
+          hasFailure = true;
+          continue;
+        }
+        let artifactBytes;
+        try {
+          artifactBytes = (0, import_fs4.readFileSync)(filePath);
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          results.push({
+            filename,
+            verified: false,
+            error: `Cannot read artifact: ${msg}`
+          });
+          hasFailure = true;
+          continue;
+        }
+        const entry = manifest.signatures[filename];
+        if (!entry) {
+          results.push({
+            filename,
+            verified: false,
+            error: "No signature found in manifest"
+          });
+          hasFailure = true;
+          continue;
+        }
+        const sig = {
+          digest: entry.digest,
+          signature: entry.signature,
+          algorithm: entry.algorithm,
+          signedAt: entry.signedAt
+        };
+        const verified = verifyArtifact(artifactBytes, sig, publicKey);
+        if (!verified) {
+          const actualDigest = computeSha384(artifactBytes);
+          emitSignatureAuditEvent({
+            artifactFilename: filename,
+            expectedDigest: sig.digest,
+            actualDigest,
+            phase: entry.signedBy ?? "unknown",
+            timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+            source: "stackwright_pro_verify_artifact_signatures"
+          });
+          results.push({
+            filename,
+            verified: false,
+            error: `Signature verification failed \u2014 artifact may have been tampered with`,
+            signedBy: entry.signedBy,
+            signedAt: entry.signedAt
+          });
+          hasFailure = true;
+        } else {
+          results.push({
+            filename,
+            verified: true,
+            signedBy: entry.signedBy,
+            signedAt: entry.signedAt
+          });
+        }
+      }
+      for (const manifestFilename of Object.keys(manifest.signatures)) {
+        if (!artifactFiles.includes(manifestFilename)) {
+          results.push({
+            filename: manifestFilename,
+            verified: false,
+            error: "Artifact referenced in manifest but missing from disk"
+          });
+          hasFailure = true;
+        }
+      }
+      const verifiedCount = results.filter((r) => r.verified).length;
+      const failedCount = results.filter((r) => !r.verified).length;
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({
+              totalArtifacts: artifactFiles.length,
+              verifiedCount,
+              failedCount,
+              results,
+              ...hasFailure ? {
+                error: "SIGNATURE VERIFICATION FAILED: One or more artifact signatures are invalid. Do not proceed \u2014 artifacts may have been tampered with."
+              } : {}
+            })
+          }
+        ],
+        isError: hasFailure
+      };
+    }
+  );
+}
+
+// src/tools/pipeline.ts
 var import_types = require("@stackwright-pro/types");
 var PHASE_ORDER = [
   "designer",
@@ -1975,11 +2319,11 @@ function createDefaultState() {
   };
 }
 function statePath(cwd) {
-  return (0, import_path4.join)(cwd, ".stackwright", "pipeline-state.json");
+  return (0, import_path5.join)(cwd, ".stackwright", "pipeline-state.json");
 }
 function readState(cwd) {
   const p = statePath(cwd);
-  if (!(0, import_fs4.existsSync)(p)) return createDefaultState();
+  if (!(0, import_fs5.existsSync)(p)) return createDefaultState();
   const raw = JSON.parse(safeReadSync(p));
   if (typeof raw !== "object" || raw === null || raw.version !== "1.0") {
     return createDefaultState();
@@ -1987,26 +2331,26 @@ function readState(cwd) {
   return raw;
 }
 function safeWriteSync(filePath, content) {
-  if ((0, import_fs4.existsSync)(filePath)) {
-    const stat = (0, import_fs4.lstatSync)(filePath);
+  if ((0, import_fs5.existsSync)(filePath)) {
+    const stat = (0, import_fs5.lstatSync)(filePath);
     if (stat.isSymbolicLink()) {
       throw new Error(`Refusing to write to symlink: ${filePath}`);
     }
   }
-  (0, import_fs4.writeFileSync)(filePath, content);
+  (0, import_fs5.writeFileSync)(filePath, content);
 }
 function safeReadSync(filePath) {
-  if ((0, import_fs4.existsSync)(filePath)) {
-    const stat = (0, import_fs4.lstatSync)(filePath);
+  if ((0, import_fs5.existsSync)(filePath)) {
+    const stat = (0, import_fs5.lstatSync)(filePath);
     if (stat.isSymbolicLink()) {
       throw new Error(`Refusing to read symlink: ${filePath}`);
     }
   }
-  return (0, import_fs4.readFileSync)(filePath, "utf-8");
+  return (0, import_fs5.readFileSync)(filePath, "utf-8");
 }
 function writeState(cwd, state) {
-  const dir = (0, import_path4.join)(cwd, ".stackwright");
-  (0, import_fs4.mkdirSync)(dir, { recursive: true });
+  const dir = (0, import_path5.join)(cwd, ".stackwright");
+  (0, import_fs5.mkdirSync)(dir, { recursive: true });
   state.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
   safeWriteSync(statePath(cwd), JSON.stringify(state, null, 2) + "\n");
 }
@@ -2027,6 +2371,15 @@ function handleGetPipelineState(_cwd) {
   const cwd = _cwd ?? process.cwd();
   try {
     const state = readState(cwd);
+    const keyPath = (0, import_path5.join)(cwd, ".stackwright", "pipeline-keys.json");
+    if (!(0, import_fs5.existsSync)(keyPath)) {
+      try {
+        const { fingerprint } = initPipelineKeys(cwd);
+        state["signingKeyFingerprint"] = fingerprint;
+        writeState(cwd, state);
+      } catch {
+      }
+    }
     return { text: JSON.stringify(state), isError: false };
   } catch (err) {
     return { text: JSON.stringify({ error: true, message: String(err) }), isError: true };
@@ -2090,8 +2443,8 @@ function handleCheckExecutionReady(_cwd, phase) {
         isError: true
       };
     }
-    const answerFile = (0, import_path4.join)(cwd, ".stackwright", "answers", `${phase}.json`);
-    if (!(0, import_fs4.existsSync)(answerFile)) {
+    const answerFile = (0, import_path5.join)(cwd, ".stackwright", "answers", `${phase}.json`);
+    if (!(0, import_fs5.existsSync)(answerFile)) {
       return {
         text: JSON.stringify({ ready: false, phase, reason: "Answer file not found" }),
         isError: false
@@ -2115,12 +2468,12 @@ function handleCheckExecutionReady(_cwd, phase) {
     }
   }
   try {
-    const answersDir = (0, import_path4.join)(cwd, ".stackwright", "answers");
+    const answersDir = (0, import_path5.join)(cwd, ".stackwright", "answers");
     const answeredPhases = [];
     const missingPhases = [];
     for (const phase2 of PHASE_ORDER) {
-      const answerFile = (0, import_path4.join)(answersDir, `${phase2}.json`);
-      if ((0, import_fs4.existsSync)(answerFile)) {
+      const answerFile = (0, import_path5.join)(answersDir, `${phase2}.json`);
+      if ((0, import_fs5.existsSync)(answerFile)) {
         try {
           const raw = safeReadSync(answerFile);
           const parsed = JSON.parse(raw);
@@ -2152,15 +2505,35 @@ function handleCheckExecutionReady(_cwd, phase) {
 function handleListArtifacts(_cwd) {
   const cwd = _cwd ?? process.cwd();
   try {
-    const artifactsDir = (0, import_path4.join)(cwd, ".stackwright", "artifacts");
+    const artifactsDir = (0, import_path5.join)(cwd, ".stackwright", "artifacts");
+    let manifest = null;
+    try {
+      manifest = loadSignatureManifest(cwd);
+    } catch {
+    }
     const artifacts = [];
     let completedCount = 0;
     for (const phase of PHASE_ORDER) {
       const expectedFile = PHASE_ARTIFACT[phase];
-      const fullPath = (0, import_path4.join)(artifactsDir, expectedFile);
-      const exists = (0, import_fs4.existsSync)(fullPath);
+      const fullPath = (0, import_path5.join)(artifactsDir, expectedFile);
+      const exists = (0, import_fs5.existsSync)(fullPath);
       if (exists) completedCount++;
-      artifacts.push({ phase, expectedFile, exists, path: fullPath });
+      let signed = false;
+      let signatureValid = null;
+      if (exists && manifest) {
+        const entry = manifest.signatures[expectedFile];
+        if (entry) {
+          signed = true;
+          try {
+            const rawBytes = Buffer.from(safeReadSync(fullPath), "utf-8");
+            const { publicKey } = loadPipelineKeys(cwd);
+            signatureValid = verifyArtifact(rawBytes, entry, publicKey);
+          } catch {
+            signatureValid = null;
+          }
+        }
+      }
+      artifacts.push({ phase, expectedFile, exists, path: fullPath, signed, signatureValid });
     }
     return {
       text: JSON.stringify({ artifacts, completedCount, totalCount: PHASE_ORDER.length }),
@@ -2196,9 +2569,9 @@ function handleWritePhaseQuestions(input) {
       }
     } catch {
     }
-    const questionsDir = (0, import_path4.join)(cwd, ".stackwright", "questions");
-    (0, import_fs4.mkdirSync)(questionsDir, { recursive: true });
-    const filePath = (0, import_path4.join)(questionsDir, `${phase}.json`);
+    const questionsDir = (0, import_path5.join)(cwd, ".stackwright", "questions");
+    (0, import_fs5.mkdirSync)(questionsDir, { recursive: true });
+    const filePath = (0, import_path5.join)(questionsDir, `${phase}.json`);
     const payload = {
       version: "1.0",
       phase,
@@ -2238,14 +2611,14 @@ function handleBuildSpecialistPrompt(input) {
     };
   }
   try {
-    const answersPath = (0, import_path4.join)(cwd, ".stackwright", "answers", `${phase}.json`);
+    const answersPath = (0, import_path5.join)(cwd, ".stackwright", "answers", `${phase}.json`);
     let answers = {};
-    if ((0, import_fs4.existsSync)(answersPath)) {
+    if ((0, import_fs5.existsSync)(answersPath)) {
       answers = JSON.parse(safeReadSync(answersPath));
     }
     let buildContextText = "";
-    const buildContextPath = (0, import_path4.join)(cwd, ".stackwright", "build-context.json");
-    if ((0, import_fs4.existsSync)(buildContextPath)) {
+    const buildContextPath = (0, import_path5.join)(cwd, ".stackwright", "build-context.json");
+    if ((0, import_fs5.existsSync)(buildContextPath)) {
       try {
         const bcRaw = JSON.parse(safeReadSync(buildContextPath));
         if (typeof bcRaw.buildContext === "string" && bcRaw.buildContext.trim().length > 0) {
@@ -2259,9 +2632,39 @@ function handleBuildSpecialistPrompt(input) {
     const missingDependencies = [];
     for (const dep of deps) {
       const artifactFile = PHASE_ARTIFACT[dep];
-      const artifactPath = (0, import_path4.join)(cwd, ".stackwright", "artifacts", artifactFile);
-      if ((0, import_fs4.existsSync)(artifactPath)) {
-        const content = JSON.parse(safeReadSync(artifactPath));
+      const artifactPath = (0, import_path5.join)(cwd, ".stackwright", "artifacts", artifactFile);
+      if ((0, import_fs5.existsSync)(artifactPath)) {
+        const rawContent = safeReadSync(artifactPath);
+        const rawBytes = Buffer.from(rawContent, "utf-8");
+        const content = JSON.parse(rawContent);
+        let signatureVerified = false;
+        let signatureAvailable = false;
+        try {
+          const sig = getArtifactSignature(cwd, artifactFile);
+          if (sig) {
+            signatureAvailable = true;
+            const { publicKey } = loadPipelineKeys(cwd);
+            signatureVerified = verifyArtifact(rawBytes, sig, publicKey);
+            if (!signatureVerified) {
+              const actualDigest = (0, import_crypto3.createHash)("sha384").update(rawBytes).digest("hex");
+              emitSignatureAuditEvent({
+                artifactFilename: artifactFile,
+                expectedDigest: sig.digest,
+                actualDigest,
+                phase: dep,
+                timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+                source: "stackwright_pro_build_specialist_prompt"
+              });
+              missingDependencies.push(dep);
+              artifactSections.push(
+                `[${artifactFile}]:
+(integrity check failed: ECDSA-P384 signature verification failed \u2014 artifact may have been tampered with)`
+              );
+              continue;
+            }
+          }
+        } catch {
+        }
         const expectedOtter = PHASE_TO_OTTER2[dep];
         const artifactOtter = content["generatedBy"];
         const normalizedOtter = artifactOtter?.replace(/-[a-f0-9]{6}$/, "");
@@ -2278,8 +2681,11 @@ function handleBuildSpecialistPrompt(input) {
 (integrity check failed: artifact claims generatedBy="${artifactOtter}" but expected="${expectedOtter}")`
           );
         } else {
-          artifactSections.push(`[${artifactFile}]:
-${JSON.stringify(content, null, 2)}`);
+          const sigStatus = signatureAvailable ? signatureVerified ? " [signature verified]" : " [signature check skipped]" : " [unsigned]";
+          artifactSections.push(
+            `[${artifactFile}]${sigStatus}:
+${JSON.stringify(content, null, 2)}`
+          );
         }
       } else {
         missingDependencies.push(dep);
@@ -2295,6 +2701,9 @@ ${JSON.stringify(content, null, 2)}`);
     if (artifactSections.length > 0) {
       parts.push("", "UPSTREAM ARTIFACTS:", "", ...artifactSections);
     }
+    const artifactSchema = PHASE_ARTIFACT_SCHEMA[phase];
+    parts.push("", "REQUIRED_ARTIFACT_SCHEMA:");
+    parts.push(artifactSchema);
     parts.push("", "Execute using these answers and the upstream artifacts provided.");
     const prompt = parts.join("\n");
     const dependenciesSatisfied = missingDependencies.length === 0;
@@ -2336,6 +2745,187 @@ var PHASE_REQUIRED_KEYS = {
   dashboard: ["version", "generatedBy"],
   workflow: ["version", "generatedBy"]
 };
+var PHASE_ARTIFACT_SCHEMA = {
+  designer: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-designer-otter",
+      application: {
+        type: "<operational|data-explorer|admin|logistics|general>",
+        environment: "<workstation|field|control-room|mixed>",
+        density: "<compact|balanced|spacious>",
+        accessibility: "<wcag-aa|section-508|none>",
+        colorScheme: "<light|dark|both>"
+      },
+      designLanguage: {
+        rationale: "<design rationale>",
+        spacingScale: { base: 8, scale: [0, 4, 8, 16, 24, 32, 48, 64] },
+        colorSemantics: { primary: "#1a365d", accent: "#e53e3e" },
+        typography: {
+          dataFont: "Inter",
+          headingFont: "Inter",
+          monoFont: "monospace",
+          dataSizePx: 12,
+          bodySizePx: 14
+        },
+        contrastRatio: "4.5",
+        borderRadius: "4",
+        shadowElevation: "standard"
+      },
+      themeTokenSeeds: {
+        light: {
+          background: "#ffffff",
+          foreground: "#1a1a1a",
+          primary: "#1a365d",
+          surface: "#f7f7f7",
+          border: "#e2e8f0"
+        },
+        dark: {
+          background: "#1a1a1a",
+          foreground: "#ffffff",
+          primary: "#90cdf4",
+          surface: "#2d2d2d",
+          border: "#4a5568"
+        }
+      },
+      conformsTo: null,
+      operationalNotes: []
+    },
+    null,
+    2
+  ),
+  theme: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-theme-otter",
+      componentLibrary: "shadcn",
+      colorScheme: "<light|dark|both>",
+      tokens: {
+        colors: { "primary-500": "#1a365d", background: "#ffffff" },
+        spacing: { "spacing-1": "8px", "spacing-2": "16px" },
+        typography: { "font-data": "Inter", "text-sm": "12px" },
+        shape: { "radius-sm": "4px", "radius-md": "8px" },
+        shadows: { "shadow-sm": "0 1px 2px rgba(0,0,0,0.08)" }
+      },
+      cssVariables: {
+        "--background": "0 0% 100%",
+        "--foreground": "222.2 84% 4.9%",
+        "--primary": "222.2 47.4% 11.2%",
+        "--primary-foreground": "210 40% 98%",
+        "--surface": "210 40% 98%",
+        "--border": "214.3 31.8% 91.4%"
+      },
+      dark: { "--background": "222.2 84% 4.9%", "--foreground": "210 40% 98%" }
+    },
+    null,
+    2
+  ),
+  api: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-api-otter",
+      entities: [
+        {
+          name: "Shipment",
+          endpoint: "/shipments",
+          method: "GET",
+          revalidate: 60,
+          mutationType: null
+        }
+      ],
+      auth: { type: "bearer", header: "Authorization", envVar: "API_TOKEN" },
+      baseUrl: "https://api.example.mil/v2",
+      specPath: "./specs/api.yaml"
+    },
+    null,
+    2
+  ),
+  data: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-data-otter",
+      strategy: "<pulse-fast|isr-fast|isr-standard|isr-slow>",
+      pulseMode: false,
+      collections: [{ name: "equipment", revalidate: 60, pulse: false }],
+      endpoints: { included: ["/equipment/**"], excluded: ["/admin/**"] },
+      requiredPackages: { dependencies: {}, devPackages: {} }
+    },
+    null,
+    2
+  ),
+  workflow: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-workflow-otter",
+      workflowConfig: {
+        id: "procurement-approval",
+        route: "/procurement",
+        files: ["workflows/procurement-approval.yml"],
+        serviceDependencies: ["service:workflow-state"],
+        warnings: []
+      }
+    },
+    null,
+    2
+  ),
+  pages: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-page-otter",
+      pages: [
+        {
+          slug: "catalog",
+          type: "collection_listing",
+          collection: "products",
+          themeApplied: true,
+          authRequired: false
+        },
+        {
+          slug: "admin",
+          type: "protected",
+          collection: null,
+          themeApplied: true,
+          authRequired: true
+        }
+      ]
+    },
+    null,
+    2
+  ),
+  dashboard: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-dashboard-otter",
+      pages: [
+        {
+          slug: "dashboard",
+          layout: "<grid|table|mixed>",
+          collections: ["equipment", "supplies"],
+          mode: "<ISR|Pulse>"
+        }
+      ]
+    },
+    null,
+    2
+  ),
+  auth: JSON.stringify(
+    {
+      version: "1.0",
+      generatedBy: "stackwright-pro-auth-otter",
+      authConfig: {
+        method: "<cac|oidc|oauth2|none>",
+        provider: "<azure-ad|okta|ping|cognito \u2014 if OIDC, else null>",
+        rbacRoles: ["ADMIN", "ANALYST"],
+        rbacDefaultRole: "ANALYST",
+        protectedRoutes: ["/dashboard/:path*", "/procurement/:path*"],
+        auditEnabled: true,
+        auditRetentionDays: 90
+      }
+    },
+    null,
+    2
+  )
+};
 function handleValidateArtifact(input) {
   const cwd = input._cwd ?? process.cwd();
   const { phase, responseText, artifact: directArtifact } = input;
@@ -2429,11 +3019,22 @@ function handleValidateArtifact(input) {
     }
   }
   try {
-    const artifactsDir = (0, import_path4.join)(cwd, ".stackwright", "artifacts");
-    (0, import_fs4.mkdirSync)(artifactsDir, { recursive: true });
+    const artifactsDir = (0, import_path5.join)(cwd, ".stackwright", "artifacts");
+    (0, import_fs5.mkdirSync)(artifactsDir, { recursive: true });
     const artifactFile = PHASE_ARTIFACT[phase];
-    const artifactPath = (0, import_path4.join)(artifactsDir, artifactFile);
-    safeWriteSync(artifactPath, JSON.stringify(artifact, null, 2) + "\n");
+    const artifactPath = (0, import_path5.join)(artifactsDir, artifactFile);
+    const serialized = JSON.stringify(artifact, null, 2) + "\n";
+    const artifactBytes = Buffer.from(serialized, "utf-8");
+    safeWriteSync(artifactPath, serialized);
+    let signed = false;
+    try {
+      const { privateKey } = loadPipelineKeys(cwd);
+      const sig = signArtifact(artifactBytes, privateKey);
+      const signerOtter = PHASE_TO_OTTER2[phase];
+      saveArtifactSignature(cwd, artifactFile, sig, signerOtter);
+      signed = true;
+    } catch {
+    }
     const state = readState(cwd);
     if (!state.phases[phase]) state.phases[phase] = defaultPhaseStatus();
     const ps = state.phases[phase];
@@ -2444,7 +3045,7 @@ function handleValidateArtifact(input) {
       valid: true,
       phase,
       artifactPath,
-      summary: `Wrote ${artifactFile} (keys: ${topKeys}${Object.keys(artifact).length > 5 ? ", ..." : ""})`
+      summary: `Wrote ${artifactFile} (keys: ${topKeys}${Object.keys(artifact).length > 5 ? ", ..." : ""})${signed ? " [signed]" : ""}`
     };
     return { text: JSON.stringify(result), isError: false };
   } catch (err) {
@@ -2468,13 +3069,13 @@ function registerPipelineTools(server2) {
     "stackwright_pro_set_pipeline_state",
     `Atomic read\u2192modify\u2192write pipeline state. ${DESC}`,
     {
-      phase: import_zod10.z.string().optional().describe('Phase to update, e.g. "designer"'),
-      field: import_zod10.z.enum(["questionsCollected", "answered", "executed", "artifactWritten"]).optional().describe("Boolean field to set"),
-      value: boolCoerce(import_zod10.z.boolean().optional()).describe(
+      phase: import_zod11.z.string().optional().describe('Phase to update, e.g. "designer"'),
+      field: import_zod11.z.enum(["questionsCollected", "answered", "executed", "artifactWritten"]).optional().describe("Boolean field to set"),
+      value: boolCoerce(import_zod11.z.boolean().optional()).describe(
         'Value for the field \u2014 must be a JSON boolean (true/false), NOT the string "true"/"false"'
       ),
-      status: import_zod10.z.enum(["setup", "questions", "execution", "done"]).optional().describe("Top-level status override"),
-      incrementRetry: boolCoerce(import_zod10.z.boolean().optional()).describe(
+      status: import_zod11.z.enum(["setup", "questions", "execution", "done"]).optional().describe("Top-level status override"),
+      incrementRetry: boolCoerce(import_zod11.z.boolean().optional()).describe(
         "Bump retryCount by 1 \u2014 must be a JSON boolean"
       )
     },
@@ -2492,7 +3093,7 @@ function registerPipelineTools(server2) {
     "stackwright_pro_check_execution_ready",
     `Check all phases have answer files in .stackwright/answers/. If phase is provided, check only that phase. ${DESC}`,
     {
-      phase: import_zod10.z.string().optional().describe("If provided, check only this phase's readiness. Omit to check all phases.")
+      phase: import_zod11.z.string().optional().describe("If provided, check only this phase's readiness. Omit to check all phases.")
     },
     async ({ phase }) => res(handleCheckExecutionReady(void 0, phase))
   );
@@ -2506,9 +3107,9 @@ function registerPipelineTools(server2) {
     "stackwright_pro_write_phase_questions",
     `Parse otter question-collection response \u2192 .stackwright/questions/{phase}.json. Specialists may also call this directly with a parsed questions array. ${DESC}`,
     {
-      phase: import_zod10.z.string().optional().describe('Phase name, e.g. "designer" (required for direct write)'),
-      responseText: import_zod10.z.string().optional().describe("Raw LLM response from QUESTION_COLLECTION_MODE"),
-      questions: jsonCoerce(import_zod10.z.array(import_zod10.z.any()).optional()).describe(
+      phase: import_zod11.z.string().optional().describe('Phase name, e.g. "designer" (required for direct write)'),
+      responseText: import_zod11.z.string().optional().describe("Raw LLM response from QUESTION_COLLECTION_MODE"),
+      questions: jsonCoerce(import_zod11.z.array(import_zod11.z.any()).optional()).describe(
         "Questions array for direct specialist write"
       )
     },
@@ -2523,10 +3124,10 @@ function registerPipelineTools(server2) {
             isError: true
           };
         }
-        const questionsDir = (0, import_path4.join)(process.cwd(), ".stackwright", "questions");
-        (0, import_fs4.mkdirSync)(questionsDir, { recursive: true });
-        const outPath = (0, import_path4.join)(questionsDir, `${phase}.json`);
-        (0, import_fs4.writeFileSync)(
+        const questionsDir = (0, import_path5.join)(process.cwd(), ".stackwright", "questions");
+        (0, import_fs5.mkdirSync)(questionsDir, { recursive: true });
+        const outPath = (0, import_path5.join)(questionsDir, `${phase}.json`);
+        (0, import_fs5.writeFileSync)(
           outPath,
           JSON.stringify({ phase, questions, writtenAt: (/* @__PURE__ */ new Date()).toISOString() }, null, 2)
         );
@@ -2551,16 +3152,16 @@ function registerPipelineTools(server2) {
   server2.tool(
     "stackwright_pro_build_specialist_prompt",
     `Assemble execution prompt from answers + upstream artifacts. Foreman passes verbatim. ${DESC}`,
-    { phase: import_zod10.z.string().describe('Phase to build prompt for, e.g. "pages"') },
+    { phase: import_zod11.z.string().describe('Phase to build prompt for, e.g. "pages"') },
     async ({ phase }) => res(handleBuildSpecialistPrompt({ phase }))
   );
   server2.tool(
     "stackwright_pro_validate_artifact",
     `Validate and write artifact to .stackwright/artifacts/. Returns retryPrompt on failure. ${DESC}`,
     {
-      phase: import_zod10.z.string().describe('Phase that produced this artifact, e.g. "designer"'),
-      responseText: import_zod10.z.string().optional().describe("Raw response text from the specialist otter (Foreman-mediated path, legacy)"),
-      artifact: import_zod10.z.record(import_zod10.z.unknown()).optional().describe(
+      phase: import_zod11.z.string().describe('Phase that produced this artifact, e.g. "designer"'),
+      responseText: import_zod11.z.string().optional().describe("Raw response text from the specialist otter (Foreman-mediated path, legacy)"),
+      artifact: jsonCoerce(import_zod11.z.record(import_zod11.z.string(), import_zod11.z.unknown()).optional()).describe(
         "Artifact object to validate and write directly (specialist direct path \u2014 skips off-script detection and JSON parsing)"
       )
     },
@@ -2576,9 +3177,9 @@ function registerPipelineTools(server2) {
 }
 
 // src/tools/safe-write.ts
-var import_zod11 = require("zod");
-var import_fs5 = require("fs");
-var import_path5 = require("path");
+var import_zod12 = require("zod");
+var import_fs6 = require("fs");
+var import_path6 = require("path");
 var OTTER_WRITE_ALLOWLISTS = {
   "stackwright-pro-designer-otter": [
     { prefix: ".stackwright/artifacts/", suffix: ".json", description: "Design language artifact" }
@@ -2621,15 +3222,31 @@ var OTTER_WRITE_ALLOWLISTS = {
 };
 var PROTECTED_PATH_PREFIXES = [
   ".stackwright/pipeline-state.json",
+  ".stackwright/pipeline-keys.json",
+  // ephemeral signing keys
+  ".stackwright/artifacts/signatures.json",
+  // artifact signature manifest
   ".stackwright/questions/",
   ".stackwright/answers/"
 ];
+var MAX_SAFE_WRITE_BYTES_JSON = 512 * 1024;
+var MAX_SAFE_WRITE_BYTES_YAML = 256 * 1024;
+var MAX_SAFE_WRITE_BYTES_ENV = 4 * 1024;
+var MAX_SAFE_WRITE_BYTES_DEFAULT = 256 * 1024;
+function getMaxBytesForPath(filePath) {
+  if (filePath.endsWith(".json")) return { limit: MAX_SAFE_WRITE_BYTES_JSON, label: "JSON" };
+  if (filePath.endsWith(".yml") || filePath.endsWith(".yaml"))
+    return { limit: MAX_SAFE_WRITE_BYTES_YAML, label: "YAML" };
+  if (filePath === ".env" || /^\.env\.[a-zA-Z0-9]+/.test(filePath))
+    return { limit: MAX_SAFE_WRITE_BYTES_ENV, label: "env" };
+  return { limit: MAX_SAFE_WRITE_BYTES_DEFAULT, label: "default" };
+}
 function checkPathAllowed(callerOtter, filePath) {
-  const normalized = (0, import_path5.normalize)(filePath);
+  const normalized = (0, import_path6.normalize)(filePath);
   if (normalized.includes("..")) {
     return { allowed: false, error: 'Path traversal detected: ".." segments are not allowed' };
   }
-  if ((0, import_path5.isAbsolute)(normalized)) {
+  if ((0, import_path6.isAbsolute)(normalized)) {
     return {
       allowed: false,
       error: "Absolute paths are not allowed \u2014 use paths relative to project root"
@@ -2749,11 +3366,23 @@ function handleSafeWrite(input) {
     };
     return { text: JSON.stringify(result), isError: true };
   }
-  const normalized = (0, import_path5.normalize)(filePath);
-  const fullPath = (0, import_path5.join)(cwd, normalized);
-  if ((0, import_fs5.existsSync)(fullPath)) {
+  const contentBytes = Buffer.byteLength(content, "utf-8");
+  const { limit: maxBytes, label: fileTypeLabel } = getMaxBytesForPath(filePath);
+  if (contentBytes > maxBytes) {
+    const result = {
+      success: false,
+      error: `Content size ${contentBytes} bytes exceeds ${fileTypeLabel} limit of ${maxBytes} bytes (${maxBytes / 1024} KB)`,
+      callerOtter,
+      attemptedPath: filePath,
+      allowedPaths: []
+    };
+    return { text: JSON.stringify(result), isError: true };
+  }
+  const normalized = (0, import_path6.normalize)(filePath);
+  const fullPath = (0, import_path6.join)(cwd, normalized);
+  if ((0, import_fs6.existsSync)(fullPath)) {
     try {
-      const stat = (0, import_fs5.lstatSync)(fullPath);
+      const stat = (0, import_fs6.lstatSync)(fullPath);
       if (stat.isSymbolicLink()) {
         const result = {
           success: false,
@@ -2780,9 +3409,9 @@ function handleSafeWrite(input) {
   }
   try {
     if (createDirectories) {
-      (0, import_fs5.mkdirSync)((0, import_path5.dirname)(fullPath), { recursive: true });
+      (0, import_fs6.mkdirSync)((0, import_path6.dirname)(fullPath), { recursive: true });
     }
-    (0, import_fs5.writeFileSync)(fullPath, content, { encoding: "utf-8" });
+    (0, import_fs6.writeFileSync)(fullPath, content, { encoding: "utf-8" });
     const result = {
       success: true,
       path: normalized,
@@ -2808,10 +3437,10 @@ function registerSafeWriteTools(server2) {
     "stackwright_pro_safe_write",
     DESC,
     {
-      callerOtter: import_zod11.z.string().describe('The otter agent name requesting the write, e.g. "stackwright-pro-page-otter"'),
-      filePath: import_zod11.z.string().describe('Relative path from project root, e.g. "pages/dashboard/content.yml"'),
-      content: import_zod11.z.string().describe("File content to write"),
-      createDirectories: boolCoerce(import_zod11.z.boolean().optional().default(true)).describe(
+      callerOtter: import_zod12.z.string().describe('The otter agent name requesting the write, e.g. "stackwright-pro-page-otter"'),
+      filePath: import_zod12.z.string().describe('Relative path from project root, e.g. "pages/dashboard/content.yml"'),
+      content: import_zod12.z.string().describe("File content to write"),
+      createDirectories: boolCoerce(import_zod12.z.boolean().optional().default(true)).describe(
         "Create parent directories if they don't exist. Default: true"
       )
     },
@@ -2828,9 +3457,9 @@ function registerSafeWriteTools(server2) {
 }
 
 // src/tools/auth.ts
-var import_zod12 = require("zod");
-var import_fs6 = require("fs");
-var import_path6 = require("path");
+var import_zod13 = require("zod");
+var import_fs7 = require("fs");
+var import_path7 = require("path");
 function buildHierarchy(roles) {
   const h = {};
   for (let i = 0; i < roles.length - 1; i++) {
@@ -3092,7 +3721,7 @@ async function configureAuthHandler(params, cwd) {
       auditRetentionDays,
       protectedRoutes
     );
-    (0, import_fs6.writeFileSync)((0, import_path6.join)(cwd, "middleware.ts"), middlewareContent, "utf8");
+    (0, import_fs7.writeFileSync)((0, import_path7.join)(cwd, "middleware.ts"), middlewareContent, "utf8");
     filesWritten.push("middleware.ts");
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
@@ -3108,12 +3737,12 @@ async function configureAuthHandler(params, cwd) {
   }
   try {
     const envBlock = generateEnvBlock(method, params);
-    const envPath = (0, import_path6.join)(cwd, ".env.example");
-    if ((0, import_fs6.existsSync)(envPath)) {
-      const existing = (0, import_fs6.readFileSync)(envPath, "utf8");
-      (0, import_fs6.writeFileSync)(envPath, existing.trimEnd() + "\n\n" + envBlock, "utf8");
+    const envPath = (0, import_path7.join)(cwd, ".env.example");
+    if ((0, import_fs7.existsSync)(envPath)) {
+      const existing = (0, import_fs7.readFileSync)(envPath, "utf8");
+      (0, import_fs7.writeFileSync)(envPath, existing.trimEnd() + "\n\n" + envBlock, "utf8");
     } else {
-      (0, import_fs6.writeFileSync)(envPath, envBlock, "utf8");
+      (0, import_fs7.writeFileSync)(envPath, envBlock, "utf8");
     }
     filesWritten.push(".env.example");
   } catch (err) {
@@ -3139,12 +3768,12 @@ async function configureAuthHandler(params, cwd) {
       auditRetentionDays,
       protectedRoutes
     );
-    const ymlPath = (0, import_path6.join)(cwd, "stackwright.yml");
-    if (!(0, import_fs6.existsSync)(ymlPath)) {
-      (0, import_fs6.writeFileSync)(ymlPath, authYaml, "utf8");
+    const ymlPath = (0, import_path7.join)(cwd, "stackwright.yml");
+    if (!(0, import_fs7.existsSync)(ymlPath)) {
+      (0, import_fs7.writeFileSync)(ymlPath, authYaml, "utf8");
     } else {
-      const existing = (0, import_fs6.readFileSync)(ymlPath, "utf8");
-      (0, import_fs6.writeFileSync)(ymlPath, upsertAuthBlock(existing, authYaml), "utf8");
+      const existing = (0, import_fs7.readFileSync)(ymlPath, "utf8");
+      (0, import_fs7.writeFileSync)(ymlPath, upsertAuthBlock(existing, authYaml), "utf8");
     }
     filesWritten.push("stackwright.yml");
   } catch (err) {
@@ -3183,35 +3812,35 @@ function registerAuthTools(server2) {
     "stackwright_pro_configure_auth",
     "Generate authentication middleware and configuration for a Next.js Stackwright application. Writes `middleware.ts` from a secure template, appends/updates the `auth:` section in `stackwright.yml`, and generates `.env.example` with required environment variables. \u26A0\uFE0F For CAC/PKI: generated `middleware.ts` carries a SECURITY REVIEW REQUIRED comment \u2014 certificate chain validation must be verified by a DoD security officer before production deployment. This is the ONLY approved path to generating `middleware.ts`. Never write TypeScript auth files directly.",
     {
-      method: import_zod12.z.enum(["cac", "oidc", "oauth2", "none"]),
-      provider: import_zod12.z.enum(["azure-ad", "okta", "ping", "cognito", "custom"]).optional(),
+      method: import_zod13.z.enum(["cac", "oidc", "oauth2", "none"]),
+      provider: import_zod13.z.enum(["azure-ad", "okta", "ping", "cognito", "custom"]).optional(),
       // CAC
-      cacCaBundle: import_zod12.z.string().optional(),
-      cacEdipiLookup: import_zod12.z.string().optional(),
-      cacOcspEndpoint: import_zod12.z.string().optional(),
-      cacCertHeader: import_zod12.z.string().optional(),
+      cacCaBundle: import_zod13.z.string().optional(),
+      cacEdipiLookup: import_zod13.z.string().optional(),
+      cacOcspEndpoint: import_zod13.z.string().optional(),
+      cacCertHeader: import_zod13.z.string().optional(),
       // OIDC
-      oidcDiscoveryUrl: import_zod12.z.string().optional(),
-      oidcClientId: import_zod12.z.string().optional(),
-      oidcClientSecret: import_zod12.z.string().optional(),
-      oidcScopes: import_zod12.z.string().optional(),
-      oidcRoleClaim: import_zod12.z.string().optional(),
+      oidcDiscoveryUrl: import_zod13.z.string().optional(),
+      oidcClientId: import_zod13.z.string().optional(),
+      oidcClientSecret: import_zod13.z.string().optional(),
+      oidcScopes: import_zod13.z.string().optional(),
+      oidcRoleClaim: import_zod13.z.string().optional(),
       // OAuth2
-      oauth2AuthUrl: import_zod12.z.string().optional(),
-      oauth2TokenUrl: import_zod12.z.string().optional(),
-      oauth2ClientId: import_zod12.z.string().optional(),
-      oauth2ClientSecret: import_zod12.z.string().optional(),
-      oauth2Scopes: import_zod12.z.string().optional(),
+      oauth2AuthUrl: import_zod13.z.string().optional(),
+      oauth2TokenUrl: import_zod13.z.string().optional(),
+      oauth2ClientId: import_zod13.z.string().optional(),
+      oauth2ClientSecret: import_zod13.z.string().optional(),
+      oauth2Scopes: import_zod13.z.string().optional(),
       // RBAC
-      rbacRoles: jsonCoerce(import_zod12.z.array(import_zod12.z.string()).optional()),
-      rbacDefaultRole: import_zod12.z.string().optional(),
+      rbacRoles: jsonCoerce(import_zod13.z.array(import_zod13.z.string()).optional()),
+      rbacDefaultRole: import_zod13.z.string().optional(),
       // Audit
-      auditEnabled: boolCoerce(import_zod12.z.boolean().optional()),
-      auditRetentionDays: numCoerce(import_zod12.z.number().int().positive().optional()),
+      auditEnabled: boolCoerce(import_zod13.z.boolean().optional()),
+      auditRetentionDays: numCoerce(import_zod13.z.number().int().positive().optional()),
       // Routes
-      protectedRoutes: jsonCoerce(import_zod12.z.array(import_zod12.z.string()).optional()),
+      protectedRoutes: jsonCoerce(import_zod13.z.array(import_zod13.z.string()).optional()),
       // Injection for tests
-      _cwd: import_zod12.z.string().optional()
+      _cwd: import_zod13.z.string().optional()
     },
     async (params) => {
       const cwd = params._cwd ?? process.cwd();
@@ -3221,13 +3850,13 @@ function registerAuthTools(server2) {
 }
 
 // src/integrity.ts
-var import_crypto2 = require("crypto");
-var import_fs7 = require("fs");
-var import_path7 = require("path");
+var import_crypto4 = require("crypto");
+var import_fs8 = require("fs");
+var import_path8 = require("path");
 var _checksums = /* @__PURE__ */ new Map([
   [
     "stackwright-pro-api-otter.json",
-    "1fd28747ff43121533d40d6446f2d2670d6247afb04e3025cbbcb9ace0e7d1e2"
+    "ed667124af3f025e090c0e65d0a86f0ef08fea06c0029b8fd0edf6df33df9f9c"
   ],
   [
     "stackwright-pro-auth-otter.json",
@@ -3235,7 +3864,7 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-dashboard-otter.json",
-    "a9e50f26e8b2b687910685f15104b4e76a74ad2e1e5a6021237e1eeb1cbde2ae"
+    "5e930b4092b9002e3c1a413b36418e49c865199af12a546890ccf7f9e56a5593"
   ],
   [
     "stackwright-pro-data-otter.json",
@@ -3243,11 +3872,11 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-designer-otter.json",
-    "41c5b6b9f1f0f6eb0851e473f9d7d6ebd6a7e00dafd5cdeb8a8b12b0b756e245"
+    "e80d4e7bab87d8647debadb238a58aac498ec5074ff25b21abd3b13ff778bf71"
   ],
   [
     "stackwright-pro-foreman-otter.json",
-    "7c8af9ce5b157ad3030f0255218a6ea923df18a36fe44db9bd5f04897434fc05"
+    "02dd2485562361f2f3cfd998981349020d7599dcd2d969bb022f9f6d537f3517"
   ],
   [
     "stackwright-pro-page-otter.json",
@@ -3255,11 +3884,11 @@ var _checksums = /* @__PURE__ */ new Map([
   ],
   [
     "stackwright-pro-theme-otter.json",
-    "3a37d4bd696f142c4a4278ef653984fca4b776caa610182c2cb82f6732ef9b62"
+    "d3a15871b71a466c12c4711fe37cbb018c768cb99eff15c40dbbc7061d4e966b"
   ],
   [
     "stackwright-pro-workflow-otter.json",
-    "fa2bae06e0f9e6b844008adc933d24b6a210708c0812ce068fc43733ee98b98e"
+    "2ce1bcbb5c45dbb214499ea08c7175f8b743b51b8cb2ad539faf7df11edcf88a"
   ]
 ]);
 Object.freeze(_checksums);
@@ -3274,21 +3903,21 @@ for (const [name, digest] of CANONICAL_CHECKSUMS) {
 }
 var MAX_OTTER_BYTES = 1 * 1024 * 1024;
 function computeSha256(data) {
-  return (0, import_crypto2.createHash)("sha256").update(data).digest("hex");
+  return (0, import_crypto4.createHash)("sha256").update(data).digest("hex");
 }
 function safeEqual(a, b) {
   if (a.length !== b.length) return false;
-  return (0, import_crypto2.timingSafeEqual)(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
+  return (0, import_crypto4.timingSafeEqual)(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
 }
 function verifyOtterFile(filePath) {
-  const filename = (0, import_path7.basename)(filePath);
+  const filename = (0, import_path8.basename)(filePath);
   const expected = CANONICAL_CHECKSUMS.get(filename);
   if (expected === void 0) {
     return { verified: false, filename, error: `Unknown otter file: not in canonical set` };
   }
   let stat;
   try {
-    stat = (0, import_fs7.lstatSync)(filePath);
+    stat = (0, import_fs8.lstatSync)(filePath);
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     return { verified: false, filename, error: `Cannot stat file: ${msg}` };
@@ -3306,7 +3935,7 @@ function verifyOtterFile(filePath) {
   }
   let raw;
   try {
-    raw = (0, import_fs7.readFileSync)(filePath);
+    raw = (0, import_fs8.readFileSync)(filePath);
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     return { verified: false, filename, error: `Cannot read file: ${msg}` };
@@ -3339,12 +3968,24 @@ function verifyOtterFile(filePath) {
   return { verified: true, filename };
 }
 function verifyAllOtters(otterDir) {
+  if (/(?:^|[/\\])\.\.(?:[/\\]|$)/.test(otterDir) || otterDir.includes("..")) {
+    return {
+      verified: [],
+      failed: [
+        {
+          filename: "<directory>",
+          error: `Security: path traversal sequence detected in otter directory parameter`
+        }
+      ],
+      unknown: []
+    };
+  }
   const verified = [];
   const failed = [];
   const unknown = [];
   let entries;
   try {
-    entries = (0, import_fs7.readdirSync)(otterDir);
+    entries = (0, import_fs8.readdirSync)(otterDir);
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     return {
@@ -3355,9 +3996,9 @@ function verifyAllOtters(otterDir) {
   }
   const otterFiles = entries.filter((f) => f.endsWith("-otter.json"));
   for (const filename of otterFiles) {
-    const filePath = (0, import_path7.join)(otterDir, filename);
+    const filePath = (0, import_path8.join)(otterDir, filename);
     try {
-      if ((0, import_fs7.lstatSync)(filePath).isSymbolicLink()) {
+      if ((0, import_fs8.lstatSync)(filePath).isSymbolicLink()) {
         failed.push({ filename, error: "Skipped: symlink" });
         continue;
       }
@@ -3383,15 +4024,30 @@ var DEFAULT_SEARCH_PATHS = ["node_modules/@stackwright-pro/otters/src/", "packag
 function resolveOtterDir() {
   const cwd = process.cwd();
   for (const relative of DEFAULT_SEARCH_PATHS) {
-    const candidate = (0, import_path7.join)(cwd, relative);
+    const candidate = (0, import_path8.join)(cwd, relative);
     try {
-      (0, import_fs7.lstatSync)(candidate);
+      (0, import_fs8.lstatSync)(candidate);
       return candidate;
     } catch {
     }
   }
   return null;
 }
+function emitIntegrityAuditEvent(params) {
+  const record = JSON.stringify({
+    level: "AUDIT",
+    event: "INTEGRITY_FAIL",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    source: "stackwright_pro_verify_otter_integrity",
+    otterDir: params.otterDir,
+    failedCount: params.failed.length,
+    unknownCount: params.unknown.length,
+    failures: params.failed,
+    unknown: params.unknown
+  });
+  process.stderr.write(`INTEGRITY_FAIL ${record}
+`);
+}
 function registerIntegrityTools(server2) {
   server2.tool(
     "stackwright_pro_verify_otter_integrity",
@@ -3415,6 +4071,13 @@ function registerIntegrityTools(server2) {
       }
       const result = verifyAllOtters(resolved);
       const allGood = result.failed.length === 0 && result.unknown.length === 0;
+      if (!allGood) {
+        emitIntegrityAuditEvent({
+          otterDir: resolved,
+          failed: result.failed,
+          unknown: result.unknown
+        });
+      }
       return {
         content: [
           {
@@ -3428,25 +4091,27 @@ function registerIntegrityTools(server2) {
               verified: result.verified,
               failed: result.failed,
               unknown: result.unknown,
-              warning: result.failed.length > 0 ? "SHA-256 mismatches detected (non-blocking). PKI-signed manifest support coming soon." : void 0
+              ...allGood ? {} : {
+                error: "INTEGRITY CHECK FAILED: SHA-256 mismatch detected in otter agent definitions. Do not proceed \u2014 otter files may have been tampered with."
+              }
             })
           }
         ],
-        isError: false
+        isError: !allGood
       };
     }
   );
 }
 
 // src/tools/domain.ts
-var import_zod13 = require("zod");
-var import_fs8 = require("fs");
-var import_path8 = require("path");
+var import_zod14 = require("zod");
+var import_fs9 = require("fs");
+var import_path9 = require("path");
 function handleListCollections(input) {
   const cwd = input._cwd ?? process.cwd();
   const sources = [
     {
-      path: (0, import_path8.join)(cwd, ".stackwright", "artifacts", "data-config.json"),
+      path: (0, import_path9.join)(cwd, ".stackwright", "artifacts", "data-config.json"),
       source: "data-config.json",
       parse: (raw) => {
         const parsed = JSON.parse(raw);
@@ -3457,15 +4122,15 @@ function handleListCollections(input) {
       }
     },
     {
-      path: (0, import_path8.join)(cwd, "stackwright.yml"),
+      path: (0, import_path9.join)(cwd, "stackwright.yml"),
       source: "stackwright.yml",
       parse: extractCollectionsFromYaml
     }
   ];
   for (const { path: path3, source, parse } of sources) {
-    if (!(0, import_fs8.existsSync)(path3)) continue;
+    if (!(0, import_fs9.existsSync)(path3)) continue;
     try {
-      const collections = parse((0, import_fs8.readFileSync)(path3, "utf8"));
+      const collections = parse((0, import_fs9.readFileSync)(path3, "utf8"));
       return {
         text: JSON.stringify({ collections, source, collectionCount: collections.length }),
         isError: false
@@ -3616,8 +4281,8 @@ function handleValidateWorkflow(input) {
   if (input.workflow && Object.keys(input.workflow).length > 0) {
     raw = input.workflow;
   } else {
-    const artifactPath = (0, import_path8.join)(cwd, ".stackwright", "artifacts", "workflow-config.json");
-    if (!(0, import_fs8.existsSync)(artifactPath)) {
+    const artifactPath = (0, import_path9.join)(cwd, ".stackwright", "artifacts", "workflow-config.json");
+    if (!(0, import_fs9.existsSync)(artifactPath)) {
       return fail([
         {
           code: "NO_WORKFLOW",
@@ -3626,7 +4291,7 @@ function handleValidateWorkflow(input) {
       ]);
     }
     try {
-      raw = JSON.parse((0, import_fs8.readFileSync)(artifactPath, "utf8"));
+      raw = JSON.parse((0, import_fs9.readFileSync)(artifactPath, "utf8"));
     } catch (err) {
       return fail([{ code: "INVALID_JSON", message: `Failed to parse workflow artifact: ${err}` }]);
     }
@@ -3825,7 +4490,7 @@ function registerDomainTools(server2) {
     "stackwright_pro_resolve_data_strategy",
     "Look up the data freshness strategy configuration from the user's answer. Returns mechanism, revalidation seconds, required packages, and the exact MCP tool call to make. Replaces the strategy table in the data-otter prompt.",
     {
-      strategy: import_zod13.z.string().describe(
+      strategy: import_zod14.z.string().describe(
         'The data-1 answer value: "pulse-fast", "isr-fast", "isr-standard", or "isr-slow"'
       )
     },
@@ -3835,7 +4500,7 @@ function registerDomainTools(server2) {
     "stackwright_pro_validate_workflow",
     "Validate a workflow definition against the Stackwright workflow schema. Checks step ID uniqueness, transition targets, terminal state existence, and service references. Call this after the workflow otter produces output.",
     {
-      workflow: jsonCoerce(import_zod13.z.record(import_zod13.z.string(), import_zod13.z.unknown()).optional()).describe(
+      workflow: jsonCoerce(import_zod14.z.record(import_zod14.z.string(), import_zod14.z.unknown()).optional()).describe(
         "Parsed workflow object. If omitted, reads from .stackwright/artifacts/workflow-config.json"
       )
     },
@@ -3844,7 +4509,7 @@ function registerDomainTools(server2) {
 }
 
 // src/tools/type-schemas.ts
-var import_zod14 = require("zod");
+var import_zod15 = require("zod");
 function buildTypeSchemaSummary() {
   return {
     version: "1.0",
@@ -3921,7 +4586,7 @@ function registerTypeSchemasTool(server2) {
     "stackwright_pro_get_type_schemas",
     "Returns a structured summary of all canonical @stackwright-pro/types schemas, organized by domain. Use this to determine which otter owns a given schema and what artifact key to expect.",
     {
-      format: import_zod14.z.enum(["full", "domains-only"]).optional().default("full").describe("full = complete summary with all fields; domains-only = just domain names")
+      format: import_zod15.z.enum(["full", "domains-only"]).optional().default("full").describe("full = complete summary with all fields; domains-only = just domain names")
     },
     async ({ format }) => {
       const summary = buildTypeSchemaSummary();
@@ -3939,13 +4604,13 @@ var package_default = {
     "@stackwright-pro/types": "workspace:*",
     "@modelcontextprotocol/sdk": "^1.10.0",
     "@stackwright-pro/cli-data-explorer": "workspace:*",
-    zod: "^4.3.6"
+    zod: "^4.4.3"
   },
   devDependencies: {
-    "@types/node": "^24.1.0",
-    tsup: "^8.5.0",
-    typescript: "^5.8.3",
-    vitest: "^4.0.18"
+    "@types/node": "catalog:",
+    tsup: "catalog:",
+    typescript: "catalog:",
+    vitest: "catalog:"
   },
   scripts: {
     prepublishOnly: "node scripts/verify-integrity-sync.js",
@@ -3956,9 +4621,9 @@ var package_default = {
     "test:coverage": "vitest run --coverage"
   },
   name: "@stackwright-pro/mcp",
-  version: "0.2.0-alpha.32",
+  version: "0.2.0-alpha.48",
   description: "MCP tools for Stackwright Pro - Data Explorer, Security, ISR, and Dashboard generation",
-  license: "PROPRIETARY",
+  license: "SEE LICENSE IN LICENSE",
   main: "./dist/server.js",
   bin: {
     "stackwright-pro-mcp": "./dist/server.js"
@@ -4007,6 +4672,7 @@ registerPipelineTools(server);
 registerSafeWriteTools(server);
 registerAuthTools(server);
 registerIntegrityTools(server);
+registerArtifactSigningTools(server);
 registerDomainTools(server);
 registerTypeSchemasTool(server);
 async function main() {