@synctek/forgeos 2.0.0

package/dist/trust/chain.js

@@ -0,0 +1,176 @@
+/**
+ * Hash-chain primitives for the ForgeOS Trust Ledger.
+ *
+ * Binary-compatible with the Python ledger.py implementation.
+ *
+ * Chain hash formula (matches Python _compute_chain_hash):
+ *   chain_hash = SHA-256("{seq}:{prev_hash}:{payload_hash}:{timestamp}")
+ *
+ * Payload hash formula (matches Python _sha256_dict):
+ *   payload_hash = SHA-256(JSON.stringify(payload, sortedKeys))
+ *   where JSON uses ensure_ascii=false equivalent (UTF-8) and sort_keys=True.
+ *
+ * The genesis sentinel is "GENESIS" (matches Python GENESIS_SENTINEL),
+ * NOT a zero-filled hex string.
+ */
+import { createHash } from 'crypto';
+/** Genesis sentinel value — used as prev_hash for the first entry. */
+export const GENESIS_SENTINEL = 'GENESIS';
+/** Schema version constant matching the Python implementation. */
+export const SCHEMA_VERSION = '1.0';
+/** Valid entry types — must match Python ENTRY_TYPES (§5.3 of architecture spec). */
+export const ENTRY_TYPES = new Set([
+    'analysis_snapshot',
+    'job_record',
+    'review_received',
+    'improvement_applied',
+    'capability_declared',
+    'metric_change',
+    'decay_checkpoint',
+]);
+/**
+ * Compute the chain hash for a ledger entry.
+ *
+ * Formula: SHA-256("{seq}:{prev_hash}:{payload_hash}:{timestamp}")
+ *
+ * This exactly replicates Python's:
+ *   material = f"{seq}:{prev_hash}:{payload_hash}:{timestamp}"
+ *   return hashlib.sha256(material.encode("utf-8")).hexdigest()
+ *
+ * @param seq - Zero-based integer sequence number of the entry.
+ * @param prevHash - chain_hash of the previous entry, or GENESIS_SENTINEL for seq 0.
+ * @param payloadHash - SHA-256 hex digest of the payload dict.
+ * @param timestamp - ISO 8601 UTC timestamp string.
+ * @returns 64-character hex SHA-256 digest.
+ */
+export function computeChainHash(seq, prevHash, payloadHash, timestamp) {
+    const material = `${seq}:${prevHash}:${payloadHash}:${timestamp}`;
+    return createHash('sha256').update(material, 'utf8').digest('hex');
+}
+/**
+ * Compute the payload hash for a ledger entry.
+ *
+ * Replicates Python's _sha256_dict:
+ *   canonical = json.dumps(d, ensure_ascii=False, sort_keys=True)
+ *   return hashlib.sha256(canonical.encode("utf-8")).hexdigest()
+ *
+ * Keys are sorted recursively at the top level only (matching Python's
+ * sort_keys=True which sorts only the top-level dict keys in standard
+ * json.dumps — nested dicts are sorted too since Python json.dumps
+ * sort_keys=True applies recursively).
+ *
+ * IMPORTANT: JSON.stringify with a replacer that sorts keys at every
+ * level is required for full binary compatibility with Python's
+ * json.dumps(..., sort_keys=True) which sorts ALL nested dict keys.
+ *
+ * @param payload - The payload dict to hash.
+ * @returns 64-character hex SHA-256 digest.
+ */
+export function computePayloadHash(payload) {
+    const canonical = sortedJsonStringify(payload);
+    return createHash('sha256').update(canonical, 'utf8').digest('hex');
+}
+/**
+ * JSON serialization matching Python's json.dumps(d, ensure_ascii=False, sort_keys=True).
+ *
+ * CRITICAL compatibility requirement:
+ * Python's json.dumps uses ": " (space after colon) and ", " (space after comma)
+ * as default separators. JavaScript's JSON.stringify uses ":" and "," (no spaces).
+ * For binary hash compatibility, we must reproduce Python's exact output.
+ *
+ * Python also sorts ALL dict keys recursively (sort_keys=True applies at every
+ * nesting level). JavaScript's JSON.stringify does not sort keys.
+ *
+ * Python's ensure_ascii=False means non-ASCII chars pass through unescaped.
+ * JavaScript's JSON.stringify also does not escape non-ASCII chars by default.
+ *
+ * This function produces output IDENTICAL to Python's json.dumps with those
+ * settings, enabling cross-language hash chain verification.
+ *
+ * @param value - Value to stringify.
+ * @returns JSON string matching Python's json.dumps output exactly.
+ */
+export function sortedJsonStringify(value) {
+    return pythonJsonDumps(value);
+}
+/**
+ * Serialize value to JSON matching Python's json.dumps(ensure_ascii=False, sort_keys=True).
+ *
+ * Uses ": " after colons and ", " after commas — exactly Python's default separators.
+ * Sorts all object keys recursively. Does not escape non-ASCII characters.
+ */
+export function pythonJsonDumps(value) {
+    if (value === null)
+        return 'null';
+    if (value === true)
+        return 'true';
+    if (value === false)
+        return 'false';
+    if (typeof value === 'number') {
+        // Match Python's number serialization
+        if (!isFinite(value))
+            throw new Error('Cannot serialize non-finite number to JSON');
+        return String(value);
+    }
+    if (typeof value === 'string') {
+        return jsonEncodeString(value);
+    }
+    if (Array.isArray(value)) {
+        if (value.length === 0)
+            return '[]';
+        const items = value.map(pythonJsonDumps);
+        return '[' + items.join(', ') + ']';
+    }
+    if (typeof value === 'object') {
+        const obj = value;
+        const keys = Object.keys(obj).sort();
+        if (keys.length === 0)
+            return '{}';
+        const pairs = keys.map(k => `${jsonEncodeString(k)}: ${pythonJsonDumps(obj[k])}`);
+        return '{' + pairs.join(', ') + '}';
+    }
+    throw new Error(`Cannot serialize value of type ${typeof value} to JSON`);
+}
+/**
+ * Encode a string as a JSON string literal.
+ *
+ * Matches Python's json.dumps string encoding with ensure_ascii=False:
+ * - Escapes: \", \\, \n, \r, \t, \b, \f
+ * - Control characters (U+0000–U+001F, U+007F) are \uXXXX escaped
+ * - Non-ASCII characters are NOT escaped (ensure_ascii=False)
+ * - Unicode characters above U+FFFF use surrogate pairs in Python too
+ *
+ * This matches the subset of JSON string encoding Python uses.
+ */
+function jsonEncodeString(s) {
+    let result = '"';
+    for (let i = 0; i < s.length; i++) {
+        const ch = s[i];
+        const code = s.charCodeAt(i);
+        if (ch === '"')
+            result += '\\"';
+        else if (ch === '\\')
+            result += '\\\\';
+        else if (ch === '\n')
+            result += '\\n';
+        else if (ch === '\r')
+            result += '\\r';
+        else if (ch === '\t')
+            result += '\\t';
+        else if (ch === '\b')
+            result += '\\b';
+        else if (ch === '\f')
+            result += '\\f';
+        else if (code < 0x20 || code === 0x7f) {
+            // Control characters — escape as \uXXXX
+            result += '\\u' + code.toString(16).padStart(4, '0');
+        }
+        else {
+            // All other characters (including non-ASCII) pass through unescaped
+            result += ch;
+        }
+    }
+    result += '"';
+    return result;
+}
+//# sourceMappingURL=chain.js.map

package/dist/trust/chain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain.js","sourceRoot":"","sources":["../../src/trust/chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,sEAAsE;AACtE,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAS,CAAC;AAE1C,kEAAkE;AAClE,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,CAAC;AAEpC,qFAAqF;AACrF,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IACjC,mBAAmB;IACnB,YAAY;IACZ,iBAAiB;IACjB,qBAAqB;IACrB,qBAAqB;IACrB,eAAe;IACf,kBAAkB;CACnB,CAAC,CAAC;AAEH;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAW,EACX,QAAgB,EAChB,WAAmB,EACnB,SAAiB;IAEjB,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,QAAQ,IAAI,WAAW,IAAI,SAAS,EAAE,CAAC;IAClE,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAgC;IACjE,MAAM,SAAS,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAc;IAChD,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,OAAO,CAAC;IACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,sCAAsC;QACtC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACpF,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACzC,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,KAAK,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAClF,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;IACtC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,KAAK,UAAU,CAAC,CAAC;AAC5E,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAChB,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,EAAE,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC;aAC3B,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,MAAM,CAAC;aAClC,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC;aACjC,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC;aACjC,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC;aACjC,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC;aACjC,IAAI,EAAE,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC;aACjC,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACtC,wCAAwC;YACxC,MAAM,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,oEAAoE;YACpE,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,CAAC;IACd,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/trust/git-binding.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Git state binding for Trust Ledger entries.
+ *
+ * Binary-compatible with the Python git_binding.py implementation.
+ *
+ * The source_tree_hash field is the output of `git rev-parse HEAD`,
+ * with a "-dirty" suffix if the working tree has uncommitted changes
+ * (staged or unstaged, or untracked files that affect reproducibility).
+ *
+ * Security note (architecture §C-02):
+ *   All functions return null / false rather than throwing on git errors.
+ *   Callers treat null as "unverifiable" and annotate accordingly.
+ *   Actual tampering is detected by the chain hash, not git binding.
+ */
+export declare class GitBindingError extends Error {
+    constructor(message: string);
+}
+export interface GitMetadata {
+    commit: string | null;
+    branch: string | null;
+    dirty: boolean;
+    sourceTreeHash: string | null;
+}
+/**
+ * Compute a deterministic hash of the current git tree state.
+ *
+ * Returns the full commit SHA-1 from `git rev-parse HEAD`, appending
+ * the "-dirty" suffix if there are any uncommitted changes or untracked
+ * files (matching Python's _is_dirty which checks both `git diff --stat HEAD`
+ * and `git status --porcelain`).
+ *
+ * @param repoPath - Absolute path to the git repository root.
+ * @returns "<sha1>", "<sha1>-dirty", or null if not a git repo / git unavailable.
+ */
+export declare function computeSourceTreeHash(repoPath: string): string | null;
+/**
+ * Verify that the current git state matches the entry's recorded hash.
+ *
+ * Per architecture §C-02, returns false on any unverifiable condition.
+ *
+ * An entry is considered verified if ALL of the following hold:
+ * 1. The entry contains a non-null, non-empty source_tree_hash.
+ * 2. The stored hash does not end in "-dirty".
+ * 3. The current `git rev-parse HEAD` matches the stored hash.
+ *
+ * @param entry - A ledger entry dict.
+ * @param repoPath - Path to the git repository root.
+ * @returns true if verified, false in all other cases.
+ */
+export declare function verifyGitBinding(entry: Record<string, unknown>, repoPath: string): boolean;
+/**
+ * Return a dict of current git state metadata for ledger payloads.
+ *
+ * Matches Python's get_git_metadata() exactly — same field names,
+ * same dirty detection logic, same null-on-error behavior.
+ *
+ * @param repoPath - Path to the git repository root.
+ * @returns Git metadata dict, or null fields on any failure.
+ */
+export declare function getGitMetadata(repoPath: string): GitMetadata;
+//# sourceMappingURL=git-binding.d.ts.map

package/dist/trust/git-binding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-binding.d.ts","sourceRoot":"","sources":["../../src/trust/git-binding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWrE;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,QAAQ,EAAE,MAAM,GACf,OAAO,CAiBT;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CAW5D"}

package/dist/trust/git-binding.js

@@ -0,0 +1,133 @@
+/**
+ * Git state binding for Trust Ledger entries.
+ *
+ * Binary-compatible with the Python git_binding.py implementation.
+ *
+ * The source_tree_hash field is the output of `git rev-parse HEAD`,
+ * with a "-dirty" suffix if the working tree has uncommitted changes
+ * (staged or unstaged, or untracked files that affect reproducibility).
+ *
+ * Security note (architecture §C-02):
+ *   All functions return null / false rather than throwing on git errors.
+ *   Callers treat null as "unverifiable" and annotate accordingly.
+ *   Actual tampering is detected by the chain hash, not git binding.
+ */
+import { execFileSync } from 'child_process';
+export class GitBindingError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'GitBindingError';
+    }
+}
+/**
+ * Compute a deterministic hash of the current git tree state.
+ *
+ * Returns the full commit SHA-1 from `git rev-parse HEAD`, appending
+ * the "-dirty" suffix if there are any uncommitted changes or untracked
+ * files (matching Python's _is_dirty which checks both `git diff --stat HEAD`
+ * and `git status --porcelain`).
+ *
+ * @param repoPath - Absolute path to the git repository root.
+ * @returns "<sha1>", "<sha1>-dirty", or null if not a git repo / git unavailable.
+ */
+export function computeSourceTreeHash(repoPath) {
+    const commitHash = getCommitHash(repoPath);
+    if (commitHash === null) {
+        return null;
+    }
+    if (isDirty(repoPath)) {
+        return `${commitHash}-dirty`;
+    }
+    return commitHash;
+}
+/**
+ * Verify that the current git state matches the entry's recorded hash.
+ *
+ * Per architecture §C-02, returns false on any unverifiable condition.
+ *
+ * An entry is considered verified if ALL of the following hold:
+ * 1. The entry contains a non-null, non-empty source_tree_hash.
+ * 2. The stored hash does not end in "-dirty".
+ * 3. The current `git rev-parse HEAD` matches the stored hash.
+ *
+ * @param entry - A ledger entry dict.
+ * @param repoPath - Path to the git repository root.
+ * @returns true if verified, false in all other cases.
+ */
+export function verifyGitBinding(entry, repoPath) {
+    const storedHash = entry['source_tree_hash'];
+    if (!storedHash || typeof storedHash !== 'string') {
+        return false;
+    }
+    if (storedHash.endsWith('-dirty')) {
+        return false;
+    }
+    const currentHash = getCommitHash(repoPath);
+    if (currentHash === null) {
+        return false;
+    }
+    return currentHash === storedHash;
+}
+/**
+ * Return a dict of current git state metadata for ledger payloads.
+ *
+ * Matches Python's get_git_metadata() exactly — same field names,
+ * same dirty detection logic, same null-on-error behavior.
+ *
+ * @param repoPath - Path to the git repository root.
+ * @returns Git metadata dict, or null fields on any failure.
+ */
+export function getGitMetadata(repoPath) {
+    const commit = getCommitHash(repoPath);
+    const branch = getBranchName(repoPath);
+    const dirty = commit !== null ? isDirty(repoPath) : false;
+    let sourceTreeHash = null;
+    if (commit !== null) {
+        sourceTreeHash = dirty ? `${commit}-dirty` : commit;
+    }
+    return { commit, branch, dirty, sourceTreeHash };
+}
+// ------------------------------------------------------------------
+// Internal helpers — each wraps a single git subprocess call
+// ------------------------------------------------------------------
+/**
+ * Run a git command and return stdout, or null on failure.
+ *
+ * Never throws — all errors are swallowed and null is returned.
+ * This keeps all git binding failures soft (unverifiable, not broken).
+ */
+function runGit(args, cwd) {
+    try {
+        const output = execFileSync('git', args, {
+            cwd,
+            encoding: 'utf8',
+            timeout: 10_000,
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        const trimmed = output.trim();
+        return trimmed.length > 0 ? trimmed : null;
+    }
+    catch {
+        return null;
+    }
+}
+function getCommitHash(repoPath) {
+    return runGit(['rev-parse', 'HEAD'], repoPath);
+}
+function getBranchName(repoPath) {
+    // `git symbolic-ref --short HEAD` fails in detached HEAD state
+    const branch = runGit(['symbolic-ref', '--short', 'HEAD'], repoPath);
+    if (branch !== null) {
+        return branch;
+    }
+    // Detached HEAD — return abbreviated commit hash as a label
+    return runGit(['rev-parse', '--short', 'HEAD'], repoPath);
+}
+function isDirty(repoPath) {
+    // `git diff --stat HEAD` includes both staged and unstaged changes
+    const diffOutput = runGit(['diff', '--stat', 'HEAD'], repoPath);
+    // Also check for untracked new files that affect reproducibility
+    const statusOutput = runGit(['status', '--porcelain'], repoPath);
+    return diffOutput !== null || statusOutput !== null;
+}
+//# sourceMappingURL=git-binding.js.map

package/dist/trust/git-binding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-binding.js","sourceRoot":"","sources":["../../src/trust/git-binding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AASD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,UAAU,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtB,OAAO,GAAG,UAAU,QAAQ,CAAC;IAC/B,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAA8B,EAC9B,QAAgB;IAEhB,MAAM,UAAU,GAAG,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,WAAW,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,WAAW,KAAK,UAAU,CAAC;AACpC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAE1D,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;AACnD,CAAC;AAED,qEAAqE;AACrE,6DAA6D;AAC7D,qEAAqE;AAErE;;;;;GAKG;AACH,SAAS,MAAM,CAAC,IAAc,EAAE,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE;YACvC,GAAG;YACH,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,MAAM;YACf,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;SACpC,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,OAAO,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,+DAA+D;IAC/D,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,cAAc,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;IACrE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,4DAA4D;IAC5D,OAAO,MAAM,CAAC,CAAC,WAAW,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,OAAO,CAAC,QAAgB;IAC/B,mEAAmE;IACnE,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;IAChE,iEAAiE;IACjE,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,QAAQ,EAAE,aAAa,CAAC,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,UAAU,KAAK,IAAI,IAAI,YAAY,KAAK,IAAI,CAAC;AACtD,CAAC"}

package/dist/trust/index.d.ts

@@ -0,0 +1,20 @@
+/**
+ * ForgeOS Trust Ledger — TypeScript port of the Python trust module.
+ *
+ * Provides a fully local, tamper-evident, Ed25519-signed, hash-chained
+ * audit trail for code quality tracking. No engine dependency.
+ *
+ * Binary-compatible with the Python forgeos-cli trust module.
+ *
+ * Usage:
+ *   import { TrustLedger, KeyManager, computeChainHash } from '@synctek/forgeos-mcp/trust';
+ */
+export { GENESIS_SENTINEL, SCHEMA_VERSION, ENTRY_TYPES, computeChainHash, computePayloadHash, sortedJsonStringify, } from './chain.js';
+export { KeyManager, SigningError, KeyNotFoundError, KeyPermissionError, } from './signing.js';
+export { computeSourceTreeHash, verifyGitBinding, getGitMetadata, GitBindingError, } from './git-binding.js';
+export { TrustLedger, LedgerError, ChainIntegrityError, } from './ledger.js';
+export type { LedgerEntry, VerifyResult, ChainStats, } from './ledger.js';
+export type { GitMetadata } from './git-binding.js';
+export { TRANSMITTABLE_FIELDS, LOCAL_ONLY_FIELDS, TransmissionError, PrivacyViolationError, prepareTransmission, detectSensitiveContent, generateManifest, generatePlainManifest, logTransmission, loadAllowedEndpoints, sendTransmission, } from './transmission.js';
+export type { TransmissionPayload, TransmissionResult, TransmissionLogRecord, } from './transmission.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/trust/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/trust/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,cAAc,EACd,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,WAAW,EACX,WAAW,EACX,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,UAAU,GACX,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EACV,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC"}

package/dist/trust/index.js

@@ -0,0 +1,17 @@
+/**
+ * ForgeOS Trust Ledger — TypeScript port of the Python trust module.
+ *
+ * Provides a fully local, tamper-evident, Ed25519-signed, hash-chained
+ * audit trail for code quality tracking. No engine dependency.
+ *
+ * Binary-compatible with the Python forgeos-cli trust module.
+ *
+ * Usage:
+ *   import { TrustLedger, KeyManager, computeChainHash } from '@synctek/forgeos-mcp/trust';
+ */
+export { GENESIS_SENTINEL, SCHEMA_VERSION, ENTRY_TYPES, computeChainHash, computePayloadHash, sortedJsonStringify, } from './chain.js';
+export { KeyManager, SigningError, KeyNotFoundError, KeyPermissionError, } from './signing.js';
+export { computeSourceTreeHash, verifyGitBinding, getGitMetadata, GitBindingError, } from './git-binding.js';
+export { TrustLedger, LedgerError, ChainIntegrityError, } from './ledger.js';
+export { TRANSMITTABLE_FIELDS, LOCAL_ONLY_FIELDS, TransmissionError, PrivacyViolationError, prepareTransmission, detectSensitiveContent, generateManifest, generatePlainManifest, logTransmission, loadAllowedEndpoints, sendTransmission, } from './transmission.js';
+//# sourceMappingURL=index.js.map

package/dist/trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/trust/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,cAAc,EACd,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,WAAW,EACX,WAAW,EACX,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAUrB,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,EACjB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC"}

package/dist/trust/ledger.d.ts

@@ -0,0 +1,144 @@
+/**
+ * Local Trust Ledger — hash-chained JSONL audit trail for code intelligence.
+ *
+ * Binary-compatible with the Python ledger.py implementation.
+ *
+ * Each ForgeOS project maintains a local append-only ledger at
+ * `.forgeos/ledger.jsonl`. Entries are hash-chained using SHA-256 over
+ * the canonical fields "seq:prev_hash:payload_hash:timestamp", producing
+ * a tamper-evident record of every analysis run, review, and metric change.
+ *
+ * Chain hash formula:
+ *   chain_hash = SHA-256("{seq}:{prev_hash}:{payload_hash}:{timestamp}")
+ *
+ * JSONL format: one JSON object per line, keys sorted (sort_keys=True),
+ * written with appendFileSync. Matches Python's json.dumps(..., sort_keys=True).
+ *
+ * File locking: Node.js single-threaded event loop provides safe sequential
+ * writes within one process. For cross-process safety, a .ledger.lock file
+ * is created (advisory lock, best-effort) — same approach as Python's
+ * fcntl.LOCK_EX. Full POSIX flock is not available in pure Node stdlib;
+ * the lock file is written atomically and removed after use.
+ *
+ * Entry field order in JSONL (matches Python's sort_keys=True output):
+ *   chain_hash, entry_type, payload, payload_hash, prev_hash, schema_version,
+ *   seq, signature, source_tree_hash, timestamp
+ */
+/**
+ * A single entry in the trust ledger.
+ *
+ * Field names and types match the Python ledger schema exactly.
+ * The JSONL serialization sorts these keys alphabetically (sort_keys=True).
+ */
+export interface LedgerEntry {
+    schema_version: string;
+    seq: number;
+    timestamp: string;
+    entry_type: string;
+    payload: Record<string, unknown>;
+    payload_hash: string;
+    prev_hash: string;
+    chain_hash: string;
+    source_tree_hash: string | null;
+    signature: string | null;
+}
+export interface VerifyResult {
+    valid: boolean;
+    total_entries: number;
+    first_break_at: number | null;
+    message: string;
+}
+export interface ChainStats {
+    entry_count: number;
+    first_timestamp: string | null;
+    last_timestamp: string | null;
+    chain_valid: boolean;
+    by_type: Record<string, number>;
+    shareable_chain_hash: string | null;
+}
+export declare class LedgerError extends Error {
+    constructor(message: string);
+}
+export declare class ChainIntegrityError extends LedgerError {
+    seq: number;
+    constructor(seq: number, message: string);
+}
+/**
+ * Append-only, hash-chained ledger for local code intelligence data.
+ *
+ * The ledger lives at {projectPath}/.forgeos/ledger.jsonl.
+ *
+ * Example:
+ *   const ledger = new TrustLedger('/my/project');
+ *   const entry = ledger.append('analysis_snapshot', { quality_score: 82.4 });
+ *   const result = ledger.verifyChain();
+ *   const stats = ledger.getChainStats();
+ */
+export declare class TrustLedger {
+    private ledgerPath;
+    private lockPath;
+    private keyManager;
+    constructor(projectPath: string);
+    /**
+     * Append a new entry to the ledger and return the complete record.
+     *
+     * Optionally binds to git state (sourceTreeHash) and signs the entry
+     * (signature) if keys are available.
+     *
+     * @param entryType - One of the 7 canonical entry types.
+     * @param payload - Arbitrary JSON-serializable payload dict.
+     * @param repoPath - Optional repo path for git binding.
+     * @param signature - Optional pre-computed Ed25519 signature (base64).
+     *                    If null, the ledger will attempt to self-sign if keys exist.
+     * @returns The complete ledger entry.
+     * @throws LedgerError if the ledger directory does not exist.
+     * @throws Error if entryType is not in ENTRY_TYPES.
+     */
+    append(entryType: string, payload: Record<string, unknown>, repoPath?: string, signature?: string | null): LedgerEntry;
+    /**
+     * Verify the integrity of the entire hash chain.
+     *
+     * Walks every entry in order, recomputing each chain_hash and checking
+     * that it matches the stored value, and that prev_hash matches the
+     * chain_hash of the preceding entry.
+     *
+     * @returns VerifyResult with validity, entry count, and first break location.
+     */
+    verifyChain(): VerifyResult;
+    /**
+     * Read entries from the ledger with optional filtering.
+     *
+     * @param entryType - If set, only return entries of this type.
+     * @param since - If set, only return entries with timestamp >= this ISO string.
+     * @param limit - Maximum number of entries to return.
+     * @returns Array of entry dicts in chronological order.
+     */
+    readEntries(entryType?: string, since?: string, limit?: number): LedgerEntry[];
+    /**
+     * Return the most recent ledger entry, or null if empty.
+     */
+    getLatest(): LedgerEntry | null;
+    /**
+     * Return aggregate statistics about the ledger chain.
+     *
+     * Matches Python's get_chain_stats() return structure exactly.
+     */
+    getChainStats(): ChainStats;
+    /**
+     * Write a new entry.
+     *
+     * Advisory file locking via .ledger.lock is used for cross-process safety.
+     * Node.js is single-threaded so within one process this is sequential.
+     */
+    private appendLocked;
+    /** Read all non-empty lines from the ledger file. */
+    private readRawLines;
+    /**
+     * Acquire advisory lock by creating .ledger.lock.
+     * Returns true if lock was created (should be released), false if lock
+     * already existed (proceeding anyway — this is advisory only).
+     */
+    private acquireLock;
+    private releaseLock;
+}
+//# sourceMappingURL=ledger.d.ts.map

package/dist/trust/ledger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ledger.d.ts","sourceRoot":"","sources":["../../src/trust/ledger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AA0BH;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;CACrC;AAED,qBAAa,WAAY,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,mBAAoB,SAAQ,WAAW;IAClD,GAAG,EAAE,MAAM,CAAC;gBACA,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAKzC;AAMD;;;;;;;;;;GAUG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,UAAU,CAAoB;gBAE1B,WAAW,EAAE,MAAM;IAY/B;;;;;;;;;;;;;;OAcG;IACH,MAAM,CACJ,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GACxB,WAAW;IAoBd;;;;;;;;OAQG;IACH,WAAW,IAAI,YAAY;IA4E3B;;;;;;;OAOG;IACH,WAAW,CACT,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,WAAW,EAAE;IAyBhB;;OAEG;IACH,SAAS,IAAI,WAAW,GAAG,IAAI;IAW/B;;;;OAIG;IACH,aAAa,IAAI,UAAU;IAkD3B;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IA6DpB,qDAAqD;IACrD,OAAO,CAAC,YAAY;IAKpB;;;;OAIG;IACH,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,WAAW;CAOpB"}