bootproof 0.1.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/README.md +873 -109
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +936 -38
  9. package/dist/diagnosis.js +114 -17
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +332 -37
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +489 -41
  17. package/dist/plan.d.ts +2 -0
  18. package/dist/plan.js +49 -7
  19. package/dist/proof.d.ts +78 -2
  20. package/dist/proof.js +266 -13
  21. package/dist/receipt.d.ts +52 -0
  22. package/dist/receipt.js +356 -0
  23. package/dist/redact.d.ts +4 -0
  24. package/dist/redact.js +86 -2
  25. package/dist/registry.d.ts +82 -30
  26. package/dist/registry.js +355 -53
  27. package/dist/remote.d.ts +12 -1
  28. package/dist/remote.js +62 -18
  29. package/dist/repair-playbooks.d.ts +24 -0
  30. package/dist/repair-playbooks.js +593 -0
  31. package/dist/repair-safety.d.ts +130 -0
  32. package/dist/repair-safety.js +766 -0
  33. package/dist/repair.d.ts +142 -0
  34. package/dist/repair.js +1566 -0
  35. package/dist/run.d.ts +6 -1
  36. package/dist/run.js +385 -46
  37. package/dist/sbom.d.ts +22 -0
  38. package/dist/sbom.js +99 -0
  39. package/dist/taxonomy.d.ts +8 -2
  40. package/dist/taxonomy.js +428 -8
  41. package/dist/types.d.ts +57 -2
  42. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  43. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  44. package/docs/CI_ACTION.md +71 -5
  45. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  46. package/docs/FAILURE_TAXONOMY.md +30 -1
  47. package/docs/HONESTY_CONTRACT.md +55 -4
  48. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  49. package/docs/REAL_REPO_EVIDENCE.md +77 -0
  50. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  51. package/docs/REGISTRY.md +48 -28
  52. package/docs/RELEASE_CHECKLIST.md +9 -1
  53. package/docs/REPAIR_RECEIPT.md +224 -0
  54. package/docs/agent-loop-gap-analysis.md +188 -0
  55. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  56. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  57. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  58. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  59. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  60. package/docs/examples/registry-seeds/php-composer.json +33 -0
  61. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  62. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  63. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  64. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  65. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  66. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  67. package/docs/schemas/ci-context-v1.schema.json +63 -0
  68. package/docs/schemas/diff-result-v1.schema.json +66 -0
  69. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  70. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  71. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  72. package/docs/schemas/repair-action-v1.schema.json +136 -0
  73. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  74. package/package.json +13 -6
package/docs/REGISTRY.md CHANGED
@@ -1,49 +1,69 @@
1
- # Git-Native Registry Design
1
+ # Registry Export Formats
2
2
 
3
- BootProof does not operate a public registry service today.
3
+ BootProof supports local, redacted registry artifacts. It does not operate a public index from
4
+ this repository, upload evidence automatically, or call a registry service.
4
5
 
5
- The current primitive is portable signed evidence:
6
+ Create a local entry explicitly:
6
7
 
7
- ```text
8
- .bootproof/attestation.json
8
+ ```bash
9
+ bootproof registry export .
9
10
  ```
10
11
 
11
- Projects may deliberately commit that file or export a redacted entry:
12
+ This writes `.bootproof/registry-entry.json` using
13
+ `bootproof/registry-entry/v1`. `bootproof attest export .` remains a compatibility alias.
12
14
 
13
- ```bash
14
- bootproof attest export .
15
- ```
15
+ ## Public/Federated Registry
16
16
 
17
- This writes:
17
+ Public repositories may explicitly create a public-candidate wrapper:
18
18
 
19
- ```text
20
- .bootproof/registry-entry.json
19
+ ```bash
20
+ bootproof registry export . --federated
21
21
  ```
22
22
 
23
- Nothing is uploaded automatically.
23
+ This writes a redacted, signed `bootproof/federated-receipt/v1` artifact under
24
+ `.bootproof/registry/`. A repository owner may review and deliberately commit that receipt to
25
+ the repository's own Git history.
26
+
27
+ A future BootProof indexer could crawl public receipts, verify signatures, and build an open
28
+ commons of verified boot, failure, and repair knowledge. The crawler and public index do not
29
+ exist in this repository and are not implemented by this command.
24
30
 
25
- ## Intended Design
31
+ `bootproof attest check` distinguishes this machine's signer, explicitly pinned known signers,
32
+ and unknown foreign signers. Signature integrity alone does not establish authorship.
26
33
 
27
- The proposed registry model is federated:
34
+ ## Private Cloud Registry
28
35
 
29
- - write path: repositories deliberately publish signed proof through Git
30
- - read path: a future index discovers public attestations, verifies signatures, and links claims to source commits
31
- - failure corpus: classified failures improve detectors without converting failures into success claims
36
+ Organisations may later explicitly upload redacted attestations and repair receipts to
37
+ BootProof Cloud. Private repository data would remain governed, tenant-isolated, and paid.
32
38
 
33
- The index, badge service, freshness tracking, and signer trust graph are roadmap items. They are not deployed capabilities.
39
+ This repository only supports producing a `cloud_upload_candidate` local export. BootProof
40
+ Cloud, upload transport, billing, governance, and hosted registry storage are intentionally
41
+ not implemented here.
34
42
 
35
43
  ## Consent And Privacy
36
44
 
37
- 1. BootProof sends no telemetry or hidden evidence upload.
38
- 2. Sharing requires a visible local artifact and an explicit user action.
39
- 3. Full local attestations may contain raw failure evidence.
40
- 4. Registry export applies redaction and records which redactions were used.
41
- 5. A future index should trust only valid signatures and public evidence.
45
+ 1. Every registry entry has `optInRequired: true`; federated wrappers contain that entry.
46
+ 2. Export builders perform no network calls and do not upload telemetry or evidence.
47
+ 3. Files are written only after an explicit export command.
48
+ 4. Raw environment values, tokens, private keys, protected `.env` contents, and local username
49
+ paths are excluded or redacted.
50
+ 5. Repository owner and name identifiers are hashed; a public repository URL is included only
51
+ when it is a credential-free URL on a supported public Git host.
52
+ 6. Full local attestations may contain raw evidence and should not be treated as public exports.
53
+
54
+ The strict schemas are:
42
55
 
43
- Repository commands executed by BootProof may access the network independently. The no-upload promise applies to BootProof's own telemetry and evidence handling, not arbitrary install or application commands.
56
+ - [`schemas/registry-entry-v1.schema.json`](schemas/registry-entry-v1.schema.json)
57
+ - [`schemas/federated-receipt-v1.schema.json`](schemas/federated-receipt-v1.schema.json)
44
58
 
45
- ## Trust
59
+ ## Documentation Seeds
46
60
 
47
- Current attestations are `local_developer_signed`.
61
+ Small synthetic examples of the real-world classifier and inference coverage live
62
+ under [`examples/registry-seeds/`](examples/registry-seeds/). They use the
63
+ documentation-only
64
+ [`registry-seed-example-v1` schema](schemas/registry-seed-example-v1.schema.json)
65
+ and are explained in [REAL_WORLD_FIXTURES.md](REAL_WORLD_FIXTURES.md).
48
66
 
49
- CI/OIDC-backed proof will be stronger because a verifier can bind the signature to a repository workflow identity. BootProof does not claim that trust level yet.
67
+ These examples are not attestations, proof, upload requests, or production
68
+ registry entries. They contain no network behavior and are never submitted
69
+ automatically.
@@ -71,4 +71,12 @@ BootProof publishes compiled JavaScript, not TypeScript source. `dist/` is requi
71
71
  npx bootproof up https://github.com/user/repository
72
72
  ```
73
73
 
74
- Remote URL mode accepts credential-free public HTTPS GitHub repositories. It retains clones under `.bootproof/remotes/` and requires `--provider local --unsafe-local` before executing remote repository code.
74
+ Remote URL mode accepts credential-free public HTTPS repositories from GitHub, GitLab, Bitbucket, and Codeberg. It retains clones under `.bootproof/remotes/` and requires `--provider local --unsafe-local` before executing remote repository code.
75
+
76
+ Remote repair follows the same rule:
77
+
78
+ ```bash
79
+ npx bootproof fix https://github.com/user/repository --provider local --unsafe-local
80
+ ```
81
+
82
+ `fix` never mutates the source tree. `apply-repair` is the separate explicit application step and refuses invalid signatures, disallowed paths, and stale preimages.
@@ -0,0 +1,224 @@
1
+ # Repair Receipts
2
+
3
+ `bootproof fix` treats the normal BootProof verdict as the oracle. The deterministic MVP reads
4
+ the latest signature-valid classified failure and maps only exact known evidence to a repair
5
+ action. It never uses AI.
6
+
7
+ Receipts preserve the complete lifecycle:
8
+
9
+ - suggested
10
+ - approved or declined
11
+ - applied or failed
12
+ - progressed or unchanged
13
+ - verified or unverified
14
+
15
+ Declined and failed attempts are valuable evidence, so they also produce signed receipts.
16
+ Only observed healthy HTTP sets `verified: true`. Progress without verification requires a
17
+ different after failure class.
18
+
19
+ ## Schema
20
+
21
+ ```text
22
+ bootproof/repair-receipt/v1
23
+ ```
24
+
25
+ The strict machine schemas are:
26
+
27
+ - [`schemas/repair-action-v1.schema.json`](schemas/repair-action-v1.schema.json)
28
+ - [`schemas/repair-receipt-v1.schema.json`](schemas/repair-receipt-v1.schema.json)
29
+
30
+ The v1 receipt now includes additive safety-foundation fields: the deterministic proposed
31
+ action, mutation scope, risk level, approval requirement, apply result, progress and
32
+ verification booleans, and redaction record. Existing signed verification fields remain for
33
+ backward-compatible inspection and application.
34
+
35
+ ```json
36
+ {
37
+ "schema": "bootproof/repair-receipt/v1",
38
+ "tool": "bootproof@0.3.0",
39
+ "repo": {
40
+ "remote": null,
41
+ "commit": null,
42
+ "dirty": null
43
+ },
44
+ "environment": {
45
+ "os": "darwin 25.4.0",
46
+ "arch": "arm64",
47
+ "node": "v22.0.0"
48
+ },
49
+ "failure": {
50
+ "class": "service_port_allocated",
51
+ "beforeAttestationSha256": "..."
52
+ },
53
+ "repair": {
54
+ "id": "remap-conflicting-service-port",
55
+ "kind": "plan-step",
56
+ "description": "...",
57
+ "diff": null,
58
+ "filesChanged": [
59
+ "docker-compose.bootproof.override.yml"
60
+ ],
61
+ "fileChanges": [
62
+ {
63
+ "path": "docker-compose.bootproof.override.yml",
64
+ "beforeSha256": null,
65
+ "afterSha256": "...",
66
+ "beforeContent": null,
67
+ "afterContent": "..."
68
+ }
69
+ ],
70
+ "preconditions": [
71
+ {
72
+ "path": "docker-compose.yml",
73
+ "sha256": "..."
74
+ }
75
+ ],
76
+ "planDelta": "...",
77
+ "envDelta": null
78
+ },
79
+ "verification": {
80
+ "before": {
81
+ "booted": false,
82
+ "failureClass": "service_port_allocated",
83
+ "attestationSha256": "..."
84
+ },
85
+ "after": {
86
+ "booted": true,
87
+ "healthObservation": "HTTP 200 at http://localhost:4000/",
88
+ "attestationSha256": "..."
89
+ }
90
+ },
91
+ "startedAt": "...",
92
+ "finishedAt": "...",
93
+ "signer": {
94
+ "publicKey": "...",
95
+ "algorithm": "ed25519"
96
+ },
97
+ "signature": "..."
98
+ }
99
+ ```
100
+
101
+ The receipt uses the same Ed25519 canonical-body pattern as attestations: `signer` and `signature` are excluded from the signed body. Tampering with the repair, before result, or after result invalidates verification.
102
+
103
+ An intact signature establishes integrity, not authorship by itself. `bootproof verify` reports
104
+ whether the repair receipt signer is this machine, explicitly known, or unknown foreign, using
105
+ the same local trust store as attestation verification.
106
+
107
+ `beforeAttestationSha256` and both verification hashes are SHA-256 hashes of the corresponding attestation JSON objects.
108
+
109
+ `fileChanges` is a signed application manifest. It contains only allowlisted boot-plumbing files and binds the expected preimage and verified after-content to SHA-256 hashes. `preconditions` binds read-only source inputs, such as the repository Compose file from which a repaired copy was derived.
110
+
111
+ ## Result Interface
112
+
113
+ ```bash
114
+ bootproof fix . --json
115
+ ```
116
+
117
+ emits exactly one:
118
+
119
+ ```text
120
+ bootproof/repair-result/v1
121
+ ```
122
+
123
+ Exit `0` means the rerun observed healthy HTTP. A declined, failed, progressed-but-unverified,
124
+ unknown, or inapplicable remediation exits `1`, even when a signed receipt was written.
125
+
126
+ `bootproof fix . --dry-run` executes nothing, writes nothing, and produces no proof.
127
+
128
+ Local sandbox execution still requires:
129
+
130
+ ```bash
131
+ bootproof fix . --provider local --unsafe-local
132
+ ```
133
+
134
+ Remote repair accepts credential-free public HTTPS repositories from GitHub, GitLab, Bitbucket, and Codeberg and keeps all evidence in the retained clone:
135
+
136
+ ```bash
137
+ bootproof fix https://github.com/user/repo --provider local --unsafe-local
138
+ ```
139
+
140
+ Cloning is not execution consent. The existing local execution acknowledgement remains mandatory.
141
+
142
+ Human command repairs show:
143
+
144
+ ```text
145
+ This repair may modify your local machine or services.
146
+ Command: <exact command>
147
+ Risk: medium
148
+ Run this command? Type Y to approve:
149
+ ```
150
+
151
+ Only uppercase `Y` approves. JSON and CI modes never prompt and never execute a repair command.
152
+
153
+ ## Explicit Application
154
+
155
+ Repair generation and repair application are separate operations:
156
+
157
+ ```bash
158
+ bootproof apply-repair .
159
+ ```
160
+
161
+ Application exits `0` only after all signed file changes are written and re-hashed. It writes nothing when:
162
+
163
+ - the receipt signature is invalid
164
+ - a path is outside the repair allowlist
165
+ - signed content hashes are inconsistent
166
+ - a signed read-only repair prerequisite changed
167
+ - the current file preimage differs from the verified preimage
168
+ - the receipt is environment-only or plan-only
169
+
170
+ `bootproof apply-repair . --dry-run` writes nothing. No repair is ever auto-applied by `bootproof fix`.
171
+
172
+ ## v0.3 Registry
173
+
174
+ | Failure class | Deterministic remediation |
175
+ |---|---|
176
+ | `missing_ruby_version` | Propose `rbenv install <requiredVersion>` as a medium-risk host mutation. |
177
+ | `missing_build_tool` with exact CMake evidence | Propose `brew install cmake` as a host mutation requiring approval. |
178
+ | `native_extension_compile_failed` for `idn-ruby` | Propose Homebrew native dependencies, then a separately approved static-prefix Bundler configuration action. |
179
+ | `missing_database_config` | Preview a patch copying the repository PostgreSQL/example config when the destination is absent and the content is safe to persist. |
180
+ | `missing_required_config` for `config/gitlab.yml` | Preview a patch copying `config/gitlab.yml.example` when the destination is absent. |
181
+ | `postgres_unavailable` | Start only a detected local Homebrew PostgreSQL package and show `pg_isready`; otherwise emit an instruction. |
182
+ | `postgres_role_missing` | Propose `createuser -s <role>` only for an exact shell-safe role from evidence. |
183
+ | `database_schema_missing` | Propose high-risk `bundle exec rails db:migrate`. |
184
+ | `unsupported_database_version` | Propose separate high-risk install and service-start actions for the exact PostgreSQL major without changing PATH. |
185
+ | `unsupported_database_config` | Preview removal of only exact `geo`/`embedding` top-level sections when the patch contains no secrets. |
186
+ | `redis_unavailable` | Propose `brew services start redis` when Homebrew is detectable; otherwise emit a generic instruction. |
187
+ | `missing_env_var` for only `RAILS_ENV` | Emit `RAILS_ENV=development bootproof up . --provider local --unsafe-local --install` as a non-executed instruction. |
188
+ | `service_port_allocated` | Remap a BootProof-generated Compose host port, or create a complete BootProof-owned repaired Compose copy beside the repository file without editing it. |
189
+ | `package_manager_version_mismatch` | Run the exact declared `corepack prepare <manager>@<version> --activate` command in the sandbox. |
190
+ | `migrations_missing` | Select one exact migration framework from repository markers plus preserved evidence: Prisma, Django, Rails, Knex, or Drizzle. Ambiguous matches refuse instead of guessing. |
191
+
192
+ There are no LLM calls in the repair registry.
193
+
194
+ Local host execution still requires `--unsafe-local`, and `fix` never auto-applies a repair. These are honesty boundaries. The separate application command exists so mutation is deliberate and independently verified.
195
+
196
+ ## Files
197
+
198
+ Repair output is kept in the original repository's BootProof output directory:
199
+
200
+ ```text
201
+ .bootproof/attestation.json
202
+ .bootproof/repair-receipt.json
203
+ .bootproof/repair-after-attestation.json
204
+ .bootproof/repair-<id>.patch
205
+ ```
206
+
207
+ The patch is present only when the repair produced a repository or repaired-Compose file change. Plan-only and environment-only repairs may have no patch.
208
+
209
+ The after attestation exists only when an approved command triggered a rerun. It is retained so
210
+ progress and verification can be inspected independently.
211
+
212
+ ## Allowed Scope
213
+
214
+ Repair file changes are hard-limited to:
215
+
216
+ - `package.json`, and only its `engines` or `packageManager` keys
217
+ - lockfiles
218
+ - `*.bootproof.*` files
219
+ - `.env*.example` files
220
+ - Compose override files created by BootProof
221
+
222
+ Application source is outside repair scope. A remediation that attempts to edit it throws an honesty-contract violation.
223
+
224
+ Repository Compose repair files are complete copies invoked directly. They do not rely on the version-specific `!override` merge tag, and they are written beside the source Compose file so relative build contexts keep the same base directory.
@@ -0,0 +1,188 @@
1
+ # Agent-Loop Gap Analysis
2
+
3
+ Audit date: 2026-06-12
4
+
5
+ Target architecture:
6
+
7
+ > Diagnose -> Classify -> Plan -> Risk-Classify -> Approve -> Execute One Step
8
+ > -> Verify -> Receipt -> Repeat
9
+
10
+ This document tracks the current OSS agent-loop architecture. It does not
11
+ authorize autonomous execution.
12
+
13
+ ## Status Summary
14
+
15
+ | Capability | Status | Current repository state |
16
+ |---|---|---|
17
+ | Engineering constitution | Exists | `AGENTS.md` contains the complete agent-loop principles, approval boundary, one-step rule, verification rule, receipt rule, honest-stop rule, and OSS/Cloud boundary. |
18
+ | External health verification | Exists | `verify-url` and `up --external-health` record external-health attestations with explicit non-orchestration ownership and honest auth/unreachable classifications. |
19
+ | Agent planning | Planning-only foundation exists | `bootproof plan-agent` writes a strict local agent plan with evidence, risk-classified candidate actions, approvals, verification steps, and stop conditions. It executes no candidate action. |
20
+ | Shared action risk model | Exists | Deterministic repair and `plan-agent` use one strict action-risk classifier with canonical mutation scopes, approval prompts, blocked reasons, verification steps, a hard blocklist, and at-least-medium risk for unknown commands. |
21
+ | Airbyte runbook recognition | Exists | Planning identifies Airbyte from repository identity and structural evidence, emits the abctl-managed orchestration classifications, uses the shared high-risk Kubernetes model, marks credential access secret-sensitive, and plans external health verification without execution. |
22
+ | Local agent receipt chain | Exists for planning and verification | `plan-agent` creates a redacted run directory with hash-linked diagnosis, plan, and action receipts. Repository-scoped external health can append verification receipts, the derived final summary states ownership and stop status, and `explain-run` verifies the chain. Approved action execution remains intentionally unimplemented. |
23
+
24
+ ## Existing Capabilities
25
+
26
+ ### Constitution
27
+
28
+ `AGENTS.md` already states that BootProof may plan and risk-classify actions,
29
+ may execute only approved local actions, must execute one step at a time,
30
+ must verify after every action, must save local receipts, and must stop on
31
+ unknown or unsafe steps.
32
+
33
+ It also preserves these boundaries:
34
+
35
+ - `bootproof up` is deterministic, zero-AI, and evidence-based.
36
+ - Planning and action completion are not proof.
37
+ - External health must not imply that BootProof started the application.
38
+ - AI assistance is optional and must use the same safety model.
39
+ - Cloud/SaaS, telemetry, and automatic upload remain outside this OSS repo.
40
+
41
+ ### Deterministic Repair Loop
42
+
43
+ The current `bootproof fix` path implements a human-driven subset of the loop:
44
+
45
+ - reads a signature-valid failed attestation;
46
+ - classifies exact known evidence;
47
+ - selects one deterministic repair candidate;
48
+ - displays action type, mutation scope, risk, and exact command or patch;
49
+ - requires uppercase `Y` for command or patch testing;
50
+ - executes only the selected action;
51
+ - reruns BootProof in a sandbox;
52
+ - records declined, failed, progressed, or verified outcomes;
53
+ - writes a signed local repair receipt.
54
+
55
+ Later candidate actions may be displayed, but they are not silently chained or
56
+ executed in the same approval.
57
+
58
+ ### Health and Evidence Primitives
59
+
60
+ The health engine already:
61
+
62
+ - records requested URL, HTTP status, headers, redirect location, body excerpt,
63
+ timestamp, acceptance decision, and connection errors;
64
+ - accepts HTTP 2xx and expected application sign-in redirects;
65
+ - preserves failed observations;
66
+ - clears stale health evidence during later successful observations.
67
+
68
+ External verification now provides `bootproof verify-url <url>` and
69
+ `bootproof up . --external-health <url>`. Its attestations use
70
+ `verificationMode: external-health`, set `bootproofOrchestrated: false`, and
71
+ classify successful HTTP 2xx/3xx observations as `external_service_verified`.
72
+ HTTP 401/403 is `auth_required`; connection and non-success responses are
73
+ `external_health_unreachable`.
74
+
75
+ ### Safety and Receipt Primitives
76
+
77
+ `bootproof/repair-action/v1` currently provides:
78
+
79
+ - `actionType`;
80
+ - `mutationScope`;
81
+ - `riskLevel`;
82
+ - `requiresApproval`;
83
+ - structured commands, patches, and instructions;
84
+ - a hard safety validator for shell control, `sudo`, destructive commands,
85
+ protected environment files, blocked paths, and exfiltration patterns.
86
+
87
+ `bootproof/repair-receipt/v1` currently records:
88
+
89
+ - proposed action and risk fields;
90
+ - approval and application timestamps;
91
+ - apply result;
92
+ - before and after failure classes;
93
+ - progress and verification;
94
+ - redactions;
95
+ - signature-valid before/after attestation hashes when available.
96
+
97
+ ## Partial Capabilities
98
+
99
+ ### Run Planning
100
+
101
+ `bootproof plan` is planning-only and performs no execution or writes. Its
102
+ `RunPlan` steps contain an identifier, kind, optional command, description,
103
+ and required flag.
104
+
105
+ It is not an agent plan because it does not contain:
106
+
107
+ - candidate alternatives;
108
+ - per-action risk classification;
109
+ - mutation scope;
110
+ - approval requirement;
111
+ - blocked reason;
112
+ - verification step;
113
+ - secret-sensitivity metadata;
114
+ - a persisted `.bootproof/agent-plan.json`.
115
+
116
+ ### Shared Risk Model
117
+
118
+ The deterministic repair safety module is the shared action-risk contract used
119
+ by deterministic repair and `plan-agent`. It provides:
120
+
121
+ - canonical action type, mutation scope, risk, and approval fields;
122
+ - generated approval prompts, blocked reasons, and verification steps;
123
+ - deterministic high-risk classification for host installs, Kubernetes
124
+ mutations, database migrations, and credential generation;
125
+ - at-least-medium classification for unknown commands;
126
+ - one hard blocklist before any command can become executable.
127
+
128
+ Deterministic repair actions remain sourced from `deterministic_playbook`.
129
+ `plan-agent` consumes the same classifier but remains planning-only.
130
+
131
+ ### Receipt History
132
+
133
+ BootProof writes `.bootproof/attestation.json`,
134
+ `.bootproof/repair-receipt.json`, and, after a rerun,
135
+ `.bootproof/repair-after-attestation.json`. Repair receipts are signed and bind
136
+ before/after attestations with hashes.
137
+
138
+ Repair files remain attempt-scoped. Agent planning now additionally creates a
139
+ run-scoped local chain under `.bootproof/agent-runs/<run-id>/`, where immutable
140
+ diagnosis, plan, action, and verification receipts link by SHA-256 hash.
141
+ `final-summary.json` records the current derived status, and
142
+ `bootproof explain-run <run-id>` verifies and explains the chain.
143
+
144
+ ## Existing Agent Run Capability
145
+
146
+ - `.bootproof/agent-runs/<run-id>/`;
147
+ - redacted initial attestation and plan snapshots;
148
+ - per-action planning receipts;
149
+ - appendable verification receipts;
150
+ - previous-receipt SHA-256 links;
151
+ - a derived final summary;
152
+ - `bootproof explain-run <run-id>`.
153
+
154
+ Planning still executes nothing. No autonomous or approved action runner exists.
155
+
156
+ ## Recommended Next Prompt Order
157
+
158
+ 1. **Only after the receipt contracts are stable, add a human-driven
159
+ single-step runner.**
160
+ Execute exactly one approved local action, verify it, write the chained
161
+ receipts, and stop for a new explicit approval. Do not add autonomous
162
+ multi-step execution in this stage.
163
+
164
+ ## Files Inspected
165
+
166
+ - `AGENTS.md`
167
+ - `src/cli.ts`
168
+ - `src/types.ts`
169
+ - `src/infer.ts`
170
+ - `src/plan.ts`
171
+ - `src/run.ts`
172
+ - `src/exec.ts`
173
+ - `src/proof.ts`
174
+ - `src/taxonomy.ts`
175
+ - `src/diagnosis.ts`
176
+ - `src/repair-safety.ts`
177
+ - `src/repair-playbooks.ts`
178
+ - `src/repair.ts`
179
+ - `src/registry.ts`
180
+ - `docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md`
181
+ - `docs/FAILURE_TAXONOMY.md`
182
+ - `docs/HONESTY_CONTRACT.md`
183
+ - `docs/REPAIR_RECEIPT.md`
184
+ - `docs/REGISTRY.md`
185
+ - `docs/schemas/repair-action-v1.schema.json`
186
+ - `docs/schemas/repair-receipt-v1.schema.json`
187
+ - `tests/unit.test.mjs`
188
+ - `tests/e2e.test.mjs`
@@ -0,0 +1,28 @@
1
+ {
2
+ "schema": "bootproof/registry-seed-example/v1",
3
+ "name": "advertised-port-mismatch",
4
+ "source": "synthetic_minimal_fixture",
5
+ "structuralMarkers": [
6
+ "selected command starts a Vite asset server",
7
+ "inferred health URL uses port 8080",
8
+ "process output advertises https://localhost:5173/",
9
+ "no successful response on inferred health candidate"
10
+ ],
11
+ "expectedBootProof": {
12
+ "kind": "classification",
13
+ "values": [
14
+ "health_candidate_port_mismatch"
15
+ ]
16
+ },
17
+ "safeNextStep": "Confirm whether the advertised endpoint is an asset server or the primary application, correct the reviewed health target, and rerun verification.",
18
+ "repairDisposition": "refused",
19
+ "externallyOrchestrated": false,
20
+ "evidenceOutcome": "diagnostic_only",
21
+ "verificationBasis": "An advertised URL mismatch is precise failure evidence, not successful health evidence; BootProof must still observe the intended application endpoint.",
22
+ "redactionsApplied": [
23
+ "only localhost URL patterns included",
24
+ "no response body data included",
25
+ "no local username paths included"
26
+ ]
27
+ }
28
+
@@ -0,0 +1,36 @@
1
+ {
2
+ "schema": "bootproof/registry-seed-example/v1",
3
+ "name": "airbyte-abctl-external-orchestrator",
4
+ "source": "synthetic_minimal_fixture",
5
+ "structuralMarkers": [
6
+ "Airbyte Open Source README marker",
7
+ "settings.gradle root project airbyte",
8
+ "airbyte-cdk/",
9
+ "airbyte-integrations/",
10
+ "docker-images/",
11
+ "docs mention abctl",
12
+ "kind and Helm deployment markers"
13
+ ],
14
+ "expectedBootProof": {
15
+ "kind": "agent_plan",
16
+ "values": [
17
+ "airbyte_abctl_managed",
18
+ "large_orchestration_repo",
19
+ "external_orchestrator_required",
20
+ "kind_kubernetes_backed",
21
+ "helm_deployed",
22
+ "auth_required"
23
+ ]
24
+ },
25
+ "safeNextStep": "Review host tooling, explicitly approve the high-risk abctl local install step outside bootproof up, then use bootproof verify-url against http://localhost:8001/api/v1/health.",
26
+ "repairDisposition": "approval_required",
27
+ "externallyOrchestrated": true,
28
+ "evidenceOutcome": "verified_boot_possible",
29
+ "verificationBasis": "An observed successful external health response can verify the already-running service, but BootProof must not claim that it started Airbyte.",
30
+ "redactionsApplied": [
31
+ "no credentials output included",
32
+ "no Kubernetes secrets included",
33
+ "no copied vendor manifests included"
34
+ ]
35
+ }
36
+
@@ -0,0 +1,36 @@
1
+ {
2
+ "schema": "bootproof/registry-seed-example/v1",
3
+ "name": "go-ollama-service",
4
+ "source": "synthetic_minimal_fixture",
5
+ "structuralMarkers": [
6
+ "go.mod",
7
+ "main.go",
8
+ "cmd/",
9
+ "OLLAMA_HOST",
10
+ "serve command",
11
+ "port 11434",
12
+ "/api/tags"
13
+ ],
14
+ "expectedBootProof": {
15
+ "kind": "classification_and_inference",
16
+ "values": [
17
+ "go-backend",
18
+ "go run . serve",
19
+ "go_runtime_missing",
20
+ "go_build_failed",
21
+ "http://127.0.0.1:11434/",
22
+ "http://127.0.0.1:11434/api/tags"
23
+ ]
24
+ },
25
+ "safeNextStep": "Use the evidenced Go serve command only when the repository markers support it, then require an observed HTTP response on port 11434.",
26
+ "repairDisposition": "refused",
27
+ "externallyOrchestrated": false,
28
+ "evidenceOutcome": "verified_boot_possible",
29
+ "verificationBasis": "Observed HTTP 200 health from the root or /api/tags can verify the service; Go markers and a running process cannot.",
30
+ "redactionsApplied": [
31
+ "no model data included",
32
+ "no host environment values included",
33
+ "no local username paths included"
34
+ ]
35
+ }
36
+
@@ -0,0 +1,36 @@
1
+ {
2
+ "schema": "bootproof/registry-seed-example/v1",
3
+ "name": "laravel-vite-sqlite",
4
+ "source": "synthetic_minimal_fixture",
5
+ "structuralMarkers": [
6
+ "artisan",
7
+ "composer.json",
8
+ "package.json",
9
+ "vite.config.js",
10
+ ".env.example",
11
+ "Connection: sqlite",
12
+ "database/database.sqlite missing"
13
+ ],
14
+ "expectedBootProof": {
15
+ "kind": "classification_and_inference",
16
+ "values": [
17
+ "php-backend",
18
+ "laravel",
19
+ "node-frontend",
20
+ "vite",
21
+ "laravel_sqlite_database_missing",
22
+ "laravel_migrations_required"
23
+ ]
24
+ },
25
+ "safeNextStep": "Review creation of database/database.sqlite, separately approve php artisan migrate, then rerun the Laravel application and require observed HTTP health.",
26
+ "repairDisposition": "approval_required",
27
+ "externallyOrchestrated": false,
28
+ "evidenceOutcome": "verified_boot_possible",
29
+ "verificationBasis": "A later observed HTTP 2xx response or accepted redirect to /login can verify the Laravel application; file creation and migration completion alone cannot.",
30
+ "redactionsApplied": [
31
+ "no environment values included",
32
+ "no database contents included",
33
+ "no local username paths included"
34
+ ]
35
+ }
36
+