bootproof 0.1.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/README.md +873 -109
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +936 -38
  9. package/dist/diagnosis.js +114 -17
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +332 -37
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +489 -41
  17. package/dist/plan.d.ts +2 -0
  18. package/dist/plan.js +49 -7
  19. package/dist/proof.d.ts +78 -2
  20. package/dist/proof.js +266 -13
  21. package/dist/receipt.d.ts +52 -0
  22. package/dist/receipt.js +356 -0
  23. package/dist/redact.d.ts +4 -0
  24. package/dist/redact.js +86 -2
  25. package/dist/registry.d.ts +82 -30
  26. package/dist/registry.js +355 -53
  27. package/dist/remote.d.ts +12 -1
  28. package/dist/remote.js +62 -18
  29. package/dist/repair-playbooks.d.ts +24 -0
  30. package/dist/repair-playbooks.js +593 -0
  31. package/dist/repair-safety.d.ts +130 -0
  32. package/dist/repair-safety.js +766 -0
  33. package/dist/repair.d.ts +142 -0
  34. package/dist/repair.js +1566 -0
  35. package/dist/run.d.ts +6 -1
  36. package/dist/run.js +385 -46
  37. package/dist/sbom.d.ts +22 -0
  38. package/dist/sbom.js +99 -0
  39. package/dist/taxonomy.d.ts +8 -2
  40. package/dist/taxonomy.js +428 -8
  41. package/dist/types.d.ts +57 -2
  42. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  43. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  44. package/docs/CI_ACTION.md +71 -5
  45. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  46. package/docs/FAILURE_TAXONOMY.md +30 -1
  47. package/docs/HONESTY_CONTRACT.md +55 -4
  48. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  49. package/docs/REAL_REPO_EVIDENCE.md +77 -0
  50. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  51. package/docs/REGISTRY.md +48 -28
  52. package/docs/RELEASE_CHECKLIST.md +9 -1
  53. package/docs/REPAIR_RECEIPT.md +224 -0
  54. package/docs/agent-loop-gap-analysis.md +188 -0
  55. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  56. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  57. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  58. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  59. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  60. package/docs/examples/registry-seeds/php-composer.json +33 -0
  61. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  62. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  63. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  64. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  65. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  66. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  67. package/docs/schemas/ci-context-v1.schema.json +63 -0
  68. package/docs/schemas/diff-result-v1.schema.json +66 -0
  69. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  70. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  71. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  72. package/docs/schemas/repair-action-v1.schema.json +136 -0
  73. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  74. package/package.json +13 -6
@@ -0,0 +1,142 @@
1
+ import { type SignatureTrustResult } from "./proof.js";
2
+ import { type RepairAction, type RepairReceiptBase } from "./repair-safety.js";
3
+ import { type DeterministicRepairCandidate } from "./repair-playbooks.js";
4
+ import type { Attestation, FailureClass, PackageManager } from "./types.js";
5
+ import type { RequestedAiRepair } from "./ai-repair.js";
6
+ export * from "./repair-safety.js";
7
+ export * from "./repair-playbooks.js";
8
+ export type RepairKind = "repo-diff" | "plan-step" | "environment";
9
+ export interface RepairReceipt extends RepairReceiptBase {
10
+ tool?: string;
11
+ repo?: {
12
+ remote: string | null;
13
+ commit: string | null;
14
+ dirty: boolean | null;
15
+ };
16
+ environment?: {
17
+ os: string;
18
+ arch: string;
19
+ node: string;
20
+ };
21
+ failure?: {
22
+ class: FailureClass;
23
+ beforeAttestationSha256: string;
24
+ };
25
+ repair?: {
26
+ id: string;
27
+ kind: RepairKind;
28
+ description: string;
29
+ diff: string | null;
30
+ filesChanged: string[];
31
+ fileChanges: RepairReceiptFileChange[];
32
+ preconditions: RepairReceiptPrecondition[];
33
+ planDelta: string | null;
34
+ envDelta: string | null;
35
+ };
36
+ verification?: {
37
+ before: {
38
+ booted: false;
39
+ failureClass: FailureClass;
40
+ attestationSha256: string;
41
+ };
42
+ after: {
43
+ booted: boolean;
44
+ bootproofOrchestrated: boolean;
45
+ healthObservation: string;
46
+ attestationSha256: string;
47
+ };
48
+ };
49
+ startedAt?: string;
50
+ finishedAt?: string;
51
+ signer: {
52
+ publicKey: string;
53
+ algorithm: "ed25519";
54
+ } | null;
55
+ signature: string | null;
56
+ /**
57
+ * AI evidence captured for auditability when source === "ai_suggested".
58
+ * Contains the redacted prompt context and the AI's structured suggestion.
59
+ * Required by the AGENTS.md constitution: an auditor must be able to
60
+ * reconstruct what the AI proposed without trusting the AI provider.
61
+ */
62
+ aiEvidence?: {
63
+ provider: "openai" | "anthropic";
64
+ model: string;
65
+ /** The redacted bootproof/ai-repair-context/v1 object sent to the AI. */
66
+ context: Record<string, unknown>;
67
+ /** The validated bootproof/ai-repair-suggestion/v1 object the AI returned. */
68
+ suggestion: Record<string, unknown>;
69
+ };
70
+ }
71
+ export interface RepairResult {
72
+ schema: "bootproof/repair-result/v1";
73
+ repaired: boolean;
74
+ failureClass: FailureClass | null;
75
+ repairId: string | null;
76
+ receiptPath: string | null;
77
+ patchPath: string | null;
78
+ afterAttestationPath: string | null;
79
+ explanation: string;
80
+ }
81
+ export interface RepairApplyResult {
82
+ schema: "bootproof/repair-apply-result/v1";
83
+ applied: boolean;
84
+ receiptPath: string;
85
+ filesChanged: string[];
86
+ explanation: string;
87
+ }
88
+ export interface RepairOptions {
89
+ provider?: "docker" | "local";
90
+ unsafeLocal: boolean;
91
+ timeoutMs: number;
92
+ port?: number;
93
+ remoteSource?: string;
94
+ commandApproved?: boolean;
95
+ actionApproved?: boolean;
96
+ /** The full AI repair request (context + suggestion) to embed in the receipt for audit. */
97
+ aiRepair?: RequestedAiRepair | null;
98
+ }
99
+ export interface LatestRepairCandidate {
100
+ attestation: Attestation;
101
+ candidate: DeterministicRepairCandidate;
102
+ }
103
+ export interface RepairFileChange {
104
+ path: string;
105
+ before: string | null;
106
+ after: string;
107
+ }
108
+ export interface RepairReceiptFileChange {
109
+ path: string;
110
+ beforeSha256: string | null;
111
+ afterSha256: string;
112
+ beforeContent: string | null;
113
+ afterContent: string;
114
+ }
115
+ export interface RepairReceiptPrecondition {
116
+ path: string;
117
+ sha256: string;
118
+ }
119
+ export declare function assertRepairTargetPath(repoPath: string, file: string): void;
120
+ export declare function assertRepairScope(changes: RepairFileChange[]): void;
121
+ export declare function verifyRepairReceipt(receipt: RepairReceipt): boolean;
122
+ export declare function evaluateRepairReceiptSignature(receipt: RepairReceipt): SignatureTrustResult;
123
+ export declare function sha256Attestation(attestation: Attestation): string;
124
+ export declare function composePortRepair(source: string, service: string, occupiedPort: number, replacementPort: number, containerPort: number): string;
125
+ export declare function packageManagerActivationCommand(packageManager: PackageManager, version: string | null): string | null;
126
+ export declare function prismaRepairCommand(repo: string): string;
127
+ export interface MigrationRepair {
128
+ id: string;
129
+ framework: "prisma" | "django" | "rails" | "knex" | "drizzle";
130
+ command: string;
131
+ source: string;
132
+ }
133
+ export declare function migrationRepairFor(repo: string, evidence: string): MigrationRepair | null;
134
+ export declare function registeredRemediationsFor(failureClass: FailureClass): {
135
+ id: string;
136
+ kind: RepairKind;
137
+ }[];
138
+ export declare function latestDeterministicRepairCandidate(repoPath: string, requestedProvider?: "docker" | "local"): LatestRepairCandidate | null;
139
+ export declare function latestFailedAttestation(repoPath: string, requestedProvider?: "docker" | "local"): Attestation | null;
140
+ export declare function executeAiSuggestedRepair(repoPath: string, before: Attestation, action: RepairAction, options: RepairOptions): Promise<RepairResult>;
141
+ export declare function applyVerifiedRepair(repoPath: string, receiptFile?: string): RepairApplyResult;
142
+ export declare function repairRepo(repoPath: string, options: RepairOptions): Promise<RepairResult>;