bootproof 0.1.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +873 -109
- package/dist/agent-plan.d.ts +44 -0
- package/dist/agent-plan.js +826 -0
- package/dist/agent-run.d.ts +117 -0
- package/dist/agent-run.js +459 -0
- package/dist/ai-repair.d.ts +58 -0
- package/dist/ai-repair.js +380 -0
- package/dist/cli.js +936 -38
- package/dist/diagnosis.js +114 -17
- package/dist/diff.d.ts +29 -0
- package/dist/diff.js +569 -0
- package/dist/exec.d.ts +30 -2
- package/dist/exec.js +332 -37
- package/dist/external-health.d.ts +16 -0
- package/dist/external-health.js +214 -0
- package/dist/infer.js +489 -41
- package/dist/plan.d.ts +2 -0
- package/dist/plan.js +49 -7
- package/dist/proof.d.ts +78 -2
- package/dist/proof.js +266 -13
- package/dist/receipt.d.ts +52 -0
- package/dist/receipt.js +356 -0
- package/dist/redact.d.ts +4 -0
- package/dist/redact.js +86 -2
- package/dist/registry.d.ts +82 -30
- package/dist/registry.js +355 -53
- package/dist/remote.d.ts +12 -1
- package/dist/remote.js +62 -18
- package/dist/repair-playbooks.d.ts +24 -0
- package/dist/repair-playbooks.js +593 -0
- package/dist/repair-safety.d.ts +130 -0
- package/dist/repair-safety.js +766 -0
- package/dist/repair.d.ts +142 -0
- package/dist/repair.js +1566 -0
- package/dist/run.d.ts +6 -1
- package/dist/run.js +385 -46
- package/dist/sbom.d.ts +22 -0
- package/dist/sbom.js +99 -0
- package/dist/taxonomy.d.ts +8 -2
- package/dist/taxonomy.js +428 -8
- package/dist/types.d.ts +57 -2
- package/docs/AGENT_IN_THE_LOOP.md +171 -0
- package/docs/AGENT_RUN_RECEIPTS.md +38 -0
- package/docs/CI_ACTION.md +71 -5
- package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
- package/docs/FAILURE_TAXONOMY.md +30 -1
- package/docs/HONESTY_CONTRACT.md +55 -4
- package/docs/LAUNCH_PLAYBOOK.md +232 -0
- package/docs/REAL_REPO_EVIDENCE.md +77 -0
- package/docs/REAL_WORLD_FIXTURES.md +105 -0
- package/docs/REGISTRY.md +48 -28
- package/docs/RELEASE_CHECKLIST.md +9 -1
- package/docs/REPAIR_RECEIPT.md +224 -0
- package/docs/agent-loop-gap-analysis.md +188 -0
- package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
- package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
- package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
- package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
- package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
- package/docs/examples/registry-seeds/php-composer.json +33 -0
- package/docs/examples/registry-seeds/rails-bundler.json +32 -0
- package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
- package/docs/schemas/action-verdict-v1.schema.json +64 -0
- package/docs/schemas/agent-plan-v1.schema.json +148 -0
- package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
- package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
- package/docs/schemas/ci-context-v1.schema.json +63 -0
- package/docs/schemas/diff-result-v1.schema.json +66 -0
- package/docs/schemas/federated-receipt-v1.schema.json +51 -0
- package/docs/schemas/registry-entry-v1.schema.json +95 -0
- package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
- package/docs/schemas/repair-action-v1.schema.json +136 -0
- package/docs/schemas/repair-receipt-v1.schema.json +221 -0
- package/package.json +13 -6
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "monorepo-ambiguous-health",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"root package.json workspaces",
|
|
7
|
+
"parallel root dev command",
|
|
8
|
+
"apps/web/package.json",
|
|
9
|
+
"apps/docs/package.json",
|
|
10
|
+
"multiple plausible health ports"
|
|
11
|
+
],
|
|
12
|
+
"expectedBootProof": {
|
|
13
|
+
"kind": "classification",
|
|
14
|
+
"values": [
|
|
15
|
+
"workspace_ambiguous"
|
|
16
|
+
]
|
|
17
|
+
},
|
|
18
|
+
"safeNextStep": "Select one reviewed workspace explicitly and rerun BootProof against that application instead of guessing among parallel services.",
|
|
19
|
+
"repairDisposition": "refused",
|
|
20
|
+
"externallyOrchestrated": false,
|
|
21
|
+
"evidenceOutcome": "diagnostic_only",
|
|
22
|
+
"verificationBasis": "Ambiguous workspace markers justify refusal only; no workspace can be marked verified until its own health response is observed.",
|
|
23
|
+
"redactionsApplied": [
|
|
24
|
+
"workspace names are generic",
|
|
25
|
+
"no repository source included",
|
|
26
|
+
"no environment values included"
|
|
27
|
+
]
|
|
28
|
+
}
|
|
29
|
+
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "php-composer",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"composer.json",
|
|
7
|
+
"composer.lock",
|
|
8
|
+
"php command not found",
|
|
9
|
+
"composer command not found",
|
|
10
|
+
"lock file package PHP constraint mismatch",
|
|
11
|
+
"vendor/autoload.php missing"
|
|
12
|
+
],
|
|
13
|
+
"expectedBootProof": {
|
|
14
|
+
"kind": "classification",
|
|
15
|
+
"values": [
|
|
16
|
+
"missing_php_runtime",
|
|
17
|
+
"missing_composer",
|
|
18
|
+
"unsupported_php_version_for_composer_lock",
|
|
19
|
+
"missing_php_vendor_autoload"
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
"safeNextStep": "Select a PHP version compatible with composer.lock, install Composer through the documented local method, and run composer install without editing the lockfile as the first step.",
|
|
23
|
+
"repairDisposition": "refused",
|
|
24
|
+
"externallyOrchestrated": false,
|
|
25
|
+
"evidenceOutcome": "diagnostic_only",
|
|
26
|
+
"verificationBasis": "Runtime and dependency evidence can support only a failed diagnostic receipt until a separate application health check succeeds.",
|
|
27
|
+
"redactionsApplied": [
|
|
28
|
+
"no package registry credentials included",
|
|
29
|
+
"no private package names included",
|
|
30
|
+
"no local filesystem paths included"
|
|
31
|
+
]
|
|
32
|
+
}
|
|
33
|
+
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "rails-bundler",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"Gemfile",
|
|
7
|
+
"bin/rails",
|
|
8
|
+
"config/database.yml example marker",
|
|
9
|
+
"rbenv version is not installed",
|
|
10
|
+
"Gem::Ext::BuildError",
|
|
11
|
+
"Failed to build gem native extension"
|
|
12
|
+
],
|
|
13
|
+
"expectedBootProof": {
|
|
14
|
+
"kind": "classification_and_inference",
|
|
15
|
+
"values": [
|
|
16
|
+
"ruby-backend",
|
|
17
|
+
"missing_ruby_version",
|
|
18
|
+
"native_extension_compile_failed"
|
|
19
|
+
]
|
|
20
|
+
},
|
|
21
|
+
"safeNextStep": "Approve installation of the exact repository-required Ruby version or evidenced native build dependency, rerun dependency installation, then require observed Rails HTTP health.",
|
|
22
|
+
"repairDisposition": "approval_required",
|
|
23
|
+
"externallyOrchestrated": false,
|
|
24
|
+
"evidenceOutcome": "verified_boot_possible",
|
|
25
|
+
"verificationBasis": "An observed Rails HTTP response, including an accepted authentication redirect, may verify boot; successful Bundler installation is not proof.",
|
|
26
|
+
"redactionsApplied": [
|
|
27
|
+
"no Bundler credentials included",
|
|
28
|
+
"no database values included",
|
|
29
|
+
"no copied application configuration included"
|
|
30
|
+
]
|
|
31
|
+
}
|
|
32
|
+
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "sentry-devenv-direnv",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"pyproject.toml",
|
|
7
|
+
"Makefile",
|
|
8
|
+
"package.json",
|
|
9
|
+
"pnpm-lock.yaml",
|
|
10
|
+
"devservices/",
|
|
11
|
+
"scripts/do.sh mentions devenv",
|
|
12
|
+
"devenv sync",
|
|
13
|
+
"direnv allow"
|
|
14
|
+
],
|
|
15
|
+
"expectedBootProof": {
|
|
16
|
+
"kind": "classification_and_inference",
|
|
17
|
+
"values": [
|
|
18
|
+
"python-backend",
|
|
19
|
+
"node-frontend",
|
|
20
|
+
"make-driven",
|
|
21
|
+
"devservices-backed",
|
|
22
|
+
"devenv-managed",
|
|
23
|
+
"large-hybrid-app",
|
|
24
|
+
"repo_requires_devenv",
|
|
25
|
+
"missing_devenv_tool",
|
|
26
|
+
"missing_direnv_tool",
|
|
27
|
+
"sentry_virtualenv_not_activated"
|
|
28
|
+
]
|
|
29
|
+
},
|
|
30
|
+
"safeNextStep": "Install and configure the documented devenv and direnv tools, review and run devenv sync, activate with direnv allow, and rerun BootProof without automatic setup execution.",
|
|
31
|
+
"repairDisposition": "approval_required",
|
|
32
|
+
"externallyOrchestrated": false,
|
|
33
|
+
"evidenceOutcome": "diagnostic_only",
|
|
34
|
+
"verificationBasis": "Setup-path evidence supports conservative diagnosis only; verified boot requires a later observed application health response.",
|
|
35
|
+
"redactionsApplied": [
|
|
36
|
+
"no virtual environment contents included",
|
|
37
|
+
"no package registry credentials included",
|
|
38
|
+
"no copied vendor scripts included"
|
|
39
|
+
]
|
|
40
|
+
}
|
|
41
|
+
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://bootproof.dev/schemas/action-verdict-v1.schema.json",
|
|
4
|
+
"title": "BootProof GitHub Action Verdict v1",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema",
|
|
9
|
+
"verified",
|
|
10
|
+
"shouldFail",
|
|
11
|
+
"failureReason",
|
|
12
|
+
"failureClass",
|
|
13
|
+
"bootproofExitCode",
|
|
14
|
+
"driftDetected",
|
|
15
|
+
"commandsExecuted",
|
|
16
|
+
"cloudUploadPerformed",
|
|
17
|
+
"federatedReceiptCommitted",
|
|
18
|
+
"agentActionsExecuted"
|
|
19
|
+
],
|
|
20
|
+
"properties": {
|
|
21
|
+
"schema": {
|
|
22
|
+
"const": "bootproof/action-verdict/v1"
|
|
23
|
+
},
|
|
24
|
+
"verified": {
|
|
25
|
+
"type": "boolean"
|
|
26
|
+
},
|
|
27
|
+
"shouldFail": {
|
|
28
|
+
"type": "boolean"
|
|
29
|
+
},
|
|
30
|
+
"failureReason": {
|
|
31
|
+
"type": "string"
|
|
32
|
+
},
|
|
33
|
+
"failureClass": {
|
|
34
|
+
"type": "string"
|
|
35
|
+
},
|
|
36
|
+
"bootproofExitCode": {
|
|
37
|
+
"type": [
|
|
38
|
+
"integer",
|
|
39
|
+
"null"
|
|
40
|
+
]
|
|
41
|
+
},
|
|
42
|
+
"driftDetected": {
|
|
43
|
+
"type": "boolean"
|
|
44
|
+
},
|
|
45
|
+
"commandsExecuted": {
|
|
46
|
+
"type": "array",
|
|
47
|
+
"items": {
|
|
48
|
+
"type": "array",
|
|
49
|
+
"items": {
|
|
50
|
+
"type": "string"
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
},
|
|
54
|
+
"cloudUploadPerformed": {
|
|
55
|
+
"const": false
|
|
56
|
+
},
|
|
57
|
+
"federatedReceiptCommitted": {
|
|
58
|
+
"const": false
|
|
59
|
+
},
|
|
60
|
+
"agentActionsExecuted": {
|
|
61
|
+
"const": false
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
}
|
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://bootproof.dev/schemas/agent-plan-v1.schema.json",
|
|
4
|
+
"title": "BootProof Agent Plan v1",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema",
|
|
9
|
+
"mode",
|
|
10
|
+
"classifications",
|
|
11
|
+
"currentFailureClass",
|
|
12
|
+
"observedEvidence",
|
|
13
|
+
"suspectedStack",
|
|
14
|
+
"missingTools",
|
|
15
|
+
"candidateNextActions",
|
|
16
|
+
"verificationSteps",
|
|
17
|
+
"stopConditions",
|
|
18
|
+
"canBootProofOrchestrateDirectly",
|
|
19
|
+
"canBootProofVerifyExternally"
|
|
20
|
+
],
|
|
21
|
+
"properties": {
|
|
22
|
+
"schema": { "const": "bootproof/agent-plan/v1" },
|
|
23
|
+
"mode": { "const": "agent-plan" },
|
|
24
|
+
"classifications": {
|
|
25
|
+
"type": "array",
|
|
26
|
+
"uniqueItems": true,
|
|
27
|
+
"items": {
|
|
28
|
+
"enum": [
|
|
29
|
+
"airbyte_abctl_managed",
|
|
30
|
+
"large_orchestration_repo",
|
|
31
|
+
"external_orchestrator_required",
|
|
32
|
+
"kind_kubernetes_backed",
|
|
33
|
+
"helm_deployed",
|
|
34
|
+
"auth_required"
|
|
35
|
+
]
|
|
36
|
+
}
|
|
37
|
+
},
|
|
38
|
+
"currentFailureClass": { "type": "string" },
|
|
39
|
+
"observedEvidence": {
|
|
40
|
+
"type": "array",
|
|
41
|
+
"uniqueItems": true,
|
|
42
|
+
"items": { "type": "string" }
|
|
43
|
+
},
|
|
44
|
+
"suspectedStack": {
|
|
45
|
+
"type": "array",
|
|
46
|
+
"uniqueItems": true,
|
|
47
|
+
"items": { "type": "string" }
|
|
48
|
+
},
|
|
49
|
+
"missingTools": {
|
|
50
|
+
"type": "array",
|
|
51
|
+
"uniqueItems": true,
|
|
52
|
+
"items": { "type": "string" }
|
|
53
|
+
},
|
|
54
|
+
"candidateNextActions": {
|
|
55
|
+
"type": "array",
|
|
56
|
+
"items": { "$ref": "#/$defs/action" }
|
|
57
|
+
},
|
|
58
|
+
"verificationSteps": {
|
|
59
|
+
"type": "array",
|
|
60
|
+
"uniqueItems": true,
|
|
61
|
+
"items": { "type": "string" }
|
|
62
|
+
},
|
|
63
|
+
"stopConditions": {
|
|
64
|
+
"type": "array",
|
|
65
|
+
"uniqueItems": true,
|
|
66
|
+
"items": { "type": "string" }
|
|
67
|
+
},
|
|
68
|
+
"canBootProofOrchestrateDirectly": { "type": "boolean" },
|
|
69
|
+
"canBootProofVerifyExternally": { "type": "boolean" }
|
|
70
|
+
},
|
|
71
|
+
"$defs": {
|
|
72
|
+
"action": {
|
|
73
|
+
"type": "object",
|
|
74
|
+
"additionalProperties": false,
|
|
75
|
+
"required": [
|
|
76
|
+
"classification",
|
|
77
|
+
"actionType",
|
|
78
|
+
"command",
|
|
79
|
+
"reason",
|
|
80
|
+
"evidence",
|
|
81
|
+
"riskLevel",
|
|
82
|
+
"mutationScope",
|
|
83
|
+
"requiresApproval",
|
|
84
|
+
"approvalPrompt",
|
|
85
|
+
"blockedReason",
|
|
86
|
+
"verificationStep",
|
|
87
|
+
"stopCondition",
|
|
88
|
+
"secretSensitive"
|
|
89
|
+
],
|
|
90
|
+
"properties": {
|
|
91
|
+
"classification": {
|
|
92
|
+
"enum": [
|
|
93
|
+
"host_tool_install_required",
|
|
94
|
+
"kubernetes_cluster_creation_required",
|
|
95
|
+
"heavy_orchestration_required",
|
|
96
|
+
"external_orchestrator_required",
|
|
97
|
+
"credential_required",
|
|
98
|
+
"auth_required",
|
|
99
|
+
"external_health_verification_required"
|
|
100
|
+
]
|
|
101
|
+
},
|
|
102
|
+
"actionType": { "enum": ["command", "instruction"] },
|
|
103
|
+
"command": { "type": "string" },
|
|
104
|
+
"reason": { "type": "string", "minLength": 1 },
|
|
105
|
+
"evidence": {
|
|
106
|
+
"type": "array",
|
|
107
|
+
"uniqueItems": true,
|
|
108
|
+
"items": { "type": "string" }
|
|
109
|
+
},
|
|
110
|
+
"riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
|
|
111
|
+
"mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
|
|
112
|
+
"requiresApproval": { "type": "boolean" },
|
|
113
|
+
"approvalPrompt": { "type": "string", "minLength": 1 },
|
|
114
|
+
"blockedReason": { "type": "string" },
|
|
115
|
+
"verificationStep": { "type": "string", "minLength": 1 },
|
|
116
|
+
"stopCondition": { "type": "string", "minLength": 1 },
|
|
117
|
+
"secretSensitive": { "type": "boolean" }
|
|
118
|
+
},
|
|
119
|
+
"allOf": [
|
|
120
|
+
{
|
|
121
|
+
"if": { "properties": { "actionType": { "const": "command" } } },
|
|
122
|
+
"then": { "properties": { "command": { "type": "string", "minLength": 1 } } }
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
"if": { "properties": { "actionType": { "const": "instruction" } } },
|
|
126
|
+
"then": { "properties": { "command": { "const": "" } } }
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
"if": { "properties": { "riskLevel": { "enum": ["medium", "high"] } } },
|
|
130
|
+
"then": { "properties": { "requiresApproval": { "const": true } } }
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
"if": { "properties": { "riskLevel": { "const": "blocked" } } },
|
|
134
|
+
"then": {
|
|
135
|
+
"properties": {
|
|
136
|
+
"requiresApproval": { "const": false },
|
|
137
|
+
"blockedReason": { "type": "string", "minLength": 1 }
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"if": { "properties": { "mutationScope": { "const": "credentials" } } },
|
|
143
|
+
"then": { "properties": { "secretSensitive": { "const": true } } }
|
|
144
|
+
}
|
|
145
|
+
]
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
}
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://bootproof.dev/schemas/agent-run-receipts-v1.schema.json",
|
|
4
|
+
"title": "BootProof Agent Run Receipts v1",
|
|
5
|
+
"oneOf": [
|
|
6
|
+
{ "$ref": "#/$defs/initialReceipt" },
|
|
7
|
+
{ "$ref": "#/$defs/planReceipt" },
|
|
8
|
+
{ "$ref": "#/$defs/actionReceipt" },
|
|
9
|
+
{ "$ref": "#/$defs/verificationReceipt" },
|
|
10
|
+
{ "$ref": "#/$defs/finalSummary" }
|
|
11
|
+
],
|
|
12
|
+
"$defs": {
|
|
13
|
+
"hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
|
|
14
|
+
"nullableHash": {
|
|
15
|
+
"oneOf": [
|
|
16
|
+
{ "$ref": "#/$defs/hash" },
|
|
17
|
+
{ "type": "null" }
|
|
18
|
+
]
|
|
19
|
+
},
|
|
20
|
+
"runId": {
|
|
21
|
+
"type": "string",
|
|
22
|
+
"pattern": "^\\d{8}T\\d{9}Z-[0-9a-f]{12}$"
|
|
23
|
+
},
|
|
24
|
+
"redactions": {
|
|
25
|
+
"type": "array",
|
|
26
|
+
"uniqueItems": true,
|
|
27
|
+
"items": { "type": "string" }
|
|
28
|
+
},
|
|
29
|
+
"initialReceipt": {
|
|
30
|
+
"type": "object",
|
|
31
|
+
"additionalProperties": false,
|
|
32
|
+
"required": [
|
|
33
|
+
"schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
|
|
34
|
+
"receiptHash", "redactionsApplied", "sourceAttestationHash",
|
|
35
|
+
"sourceSignatureValid", "attestation", "diagnosis"
|
|
36
|
+
],
|
|
37
|
+
"properties": {
|
|
38
|
+
"schema": { "const": "bootproof/agent-run-initial/v1" },
|
|
39
|
+
"receiptType": { "const": "initial-attestation" },
|
|
40
|
+
"runId": { "$ref": "#/$defs/runId" },
|
|
41
|
+
"timestamp": { "type": "string", "format": "date-time" },
|
|
42
|
+
"previousReceiptHash": { "type": "null" },
|
|
43
|
+
"receiptHash": { "$ref": "#/$defs/hash" },
|
|
44
|
+
"redactionsApplied": { "$ref": "#/$defs/redactions" },
|
|
45
|
+
"sourceAttestationHash": { "$ref": "#/$defs/nullableHash" },
|
|
46
|
+
"sourceSignatureValid": { "type": "boolean" },
|
|
47
|
+
"attestation": {
|
|
48
|
+
"oneOf": [
|
|
49
|
+
{ "type": "object" },
|
|
50
|
+
{ "type": "null" }
|
|
51
|
+
]
|
|
52
|
+
},
|
|
53
|
+
"diagnosis": {
|
|
54
|
+
"type": "object",
|
|
55
|
+
"additionalProperties": false,
|
|
56
|
+
"required": [
|
|
57
|
+
"failureClass", "observedEvidence", "verificationMode",
|
|
58
|
+
"bootproofOrchestrated", "healthVerified"
|
|
59
|
+
],
|
|
60
|
+
"properties": {
|
|
61
|
+
"failureClass": { "type": ["string", "null"] },
|
|
62
|
+
"observedEvidence": {
|
|
63
|
+
"type": "array",
|
|
64
|
+
"items": { "type": "string" }
|
|
65
|
+
},
|
|
66
|
+
"verificationMode": { "type": "string" },
|
|
67
|
+
"bootproofOrchestrated": { "type": "boolean" },
|
|
68
|
+
"healthVerified": { "type": "boolean" }
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
},
|
|
73
|
+
"planReceipt": {
|
|
74
|
+
"type": "object",
|
|
75
|
+
"additionalProperties": false,
|
|
76
|
+
"required": [
|
|
77
|
+
"schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
|
|
78
|
+
"receiptHash", "redactionsApplied", "plan"
|
|
79
|
+
],
|
|
80
|
+
"properties": {
|
|
81
|
+
"schema": { "const": "bootproof/agent-run-plan/v1" },
|
|
82
|
+
"receiptType": { "const": "agent-plan" },
|
|
83
|
+
"runId": { "$ref": "#/$defs/runId" },
|
|
84
|
+
"timestamp": { "type": "string", "format": "date-time" },
|
|
85
|
+
"previousReceiptHash": { "$ref": "#/$defs/hash" },
|
|
86
|
+
"receiptHash": { "$ref": "#/$defs/hash" },
|
|
87
|
+
"redactionsApplied": { "$ref": "#/$defs/redactions" },
|
|
88
|
+
"plan": { "$ref": "agent-plan-v1.schema.json" }
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
"actionReceipt": {
|
|
92
|
+
"type": "object",
|
|
93
|
+
"additionalProperties": false,
|
|
94
|
+
"required": [
|
|
95
|
+
"schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
|
|
96
|
+
"receiptHash", "redactionsApplied", "actionIndex", "classification",
|
|
97
|
+
"actionType", "command", "riskLevel", "mutationScope",
|
|
98
|
+
"approvalStatus", "executionStatus", "verificationResult",
|
|
99
|
+
"failureClassBefore", "failureClassAfter", "blockedReason",
|
|
100
|
+
"secretSensitive"
|
|
101
|
+
],
|
|
102
|
+
"properties": {
|
|
103
|
+
"schema": { "const": "bootproof/agent-action-receipt/v1" },
|
|
104
|
+
"receiptType": { "const": "action" },
|
|
105
|
+
"runId": { "$ref": "#/$defs/runId" },
|
|
106
|
+
"timestamp": { "type": "string", "format": "date-time" },
|
|
107
|
+
"previousReceiptHash": { "$ref": "#/$defs/hash" },
|
|
108
|
+
"receiptHash": { "$ref": "#/$defs/hash" },
|
|
109
|
+
"redactionsApplied": { "$ref": "#/$defs/redactions" },
|
|
110
|
+
"actionIndex": { "type": "integer", "minimum": 0 },
|
|
111
|
+
"classification": { "type": "string", "minLength": 1 },
|
|
112
|
+
"actionType": { "enum": ["command", "instruction"] },
|
|
113
|
+
"command": { "type": "string" },
|
|
114
|
+
"riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
|
|
115
|
+
"mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
|
|
116
|
+
"approvalStatus": { "enum": ["not_required", "pending", "approved", "declined", "blocked"] },
|
|
117
|
+
"executionStatus": { "enum": ["not_executed", "executed", "failed"] },
|
|
118
|
+
"verificationResult": { "type": ["string", "null"] },
|
|
119
|
+
"failureClassBefore": { "type": ["string", "null"] },
|
|
120
|
+
"failureClassAfter": { "type": ["string", "null"] },
|
|
121
|
+
"blockedReason": { "type": "string" },
|
|
122
|
+
"secretSensitive": { "type": "boolean" }
|
|
123
|
+
}
|
|
124
|
+
},
|
|
125
|
+
"verificationReceipt": {
|
|
126
|
+
"type": "object",
|
|
127
|
+
"additionalProperties": false,
|
|
128
|
+
"required": [
|
|
129
|
+
"schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
|
|
130
|
+
"receiptHash", "redactionsApplied", "verificationMode",
|
|
131
|
+
"bootproofOrchestrated", "result", "classification", "requestedUrl",
|
|
132
|
+
"observedStatus", "observedFinalUrl", "observedAt",
|
|
133
|
+
"healthObservation", "connectionError", "failureClassBefore",
|
|
134
|
+
"failureClassAfter", "attestationHash"
|
|
135
|
+
],
|
|
136
|
+
"properties": {
|
|
137
|
+
"schema": { "const": "bootproof/agent-verification-receipt/v1" },
|
|
138
|
+
"receiptType": { "const": "verification" },
|
|
139
|
+
"runId": { "$ref": "#/$defs/runId" },
|
|
140
|
+
"timestamp": { "type": "string", "format": "date-time" },
|
|
141
|
+
"previousReceiptHash": { "$ref": "#/$defs/hash" },
|
|
142
|
+
"receiptHash": { "$ref": "#/$defs/hash" },
|
|
143
|
+
"redactionsApplied": { "$ref": "#/$defs/redactions" },
|
|
144
|
+
"verificationMode": { "enum": ["bootproof-orchestrated", "external-health"] },
|
|
145
|
+
"bootproofOrchestrated": { "type": "boolean" },
|
|
146
|
+
"result": { "enum": ["verified", "not_verified"] },
|
|
147
|
+
"classification": { "type": ["string", "null"] },
|
|
148
|
+
"requestedUrl": { "type": ["string", "null"] },
|
|
149
|
+
"observedStatus": { "type": ["integer", "null"] },
|
|
150
|
+
"observedFinalUrl": { "type": ["string", "null"] },
|
|
151
|
+
"observedAt": { "type": ["string", "null"] },
|
|
152
|
+
"healthObservation": { "type": ["string", "null"] },
|
|
153
|
+
"connectionError": { "type": ["string", "null"] },
|
|
154
|
+
"failureClassBefore": { "type": ["string", "null"] },
|
|
155
|
+
"failureClassAfter": { "type": ["string", "null"] },
|
|
156
|
+
"attestationHash": { "$ref": "#/$defs/hash" }
|
|
157
|
+
}
|
|
158
|
+
},
|
|
159
|
+
"finalSummary": {
|
|
160
|
+
"type": "object",
|
|
161
|
+
"additionalProperties": false,
|
|
162
|
+
"required": [
|
|
163
|
+
"schema", "runId", "createdAt", "updatedAt", "status",
|
|
164
|
+
"lastReceiptHash", "receiptCount", "chainValid",
|
|
165
|
+
"initialFailureClass", "currentFailureClass",
|
|
166
|
+
"bootproofOrchestrated", "verifiedExternalHealth", "onlyPlanned",
|
|
167
|
+
"stoppedForApproval", "stoppedDueBlockedAction", "verified",
|
|
168
|
+
"explanation", "redactionsApplied"
|
|
169
|
+
],
|
|
170
|
+
"properties": {
|
|
171
|
+
"schema": { "const": "bootproof/agent-run-summary/v1" },
|
|
172
|
+
"runId": { "$ref": "#/$defs/runId" },
|
|
173
|
+
"createdAt": { "type": "string", "format": "date-time" },
|
|
174
|
+
"updatedAt": { "type": "string", "format": "date-time" },
|
|
175
|
+
"status": { "enum": ["planned", "stopped_for_approval", "stopped_blocked", "awaiting_verification", "verified_external_health", "verified_bootproof_orchestrated", "verification_failed"] },
|
|
176
|
+
"lastReceiptHash": { "$ref": "#/$defs/hash" },
|
|
177
|
+
"receiptCount": { "type": "integer", "minimum": 2 },
|
|
178
|
+
"chainValid": { "type": "boolean" },
|
|
179
|
+
"initialFailureClass": { "type": ["string", "null"] },
|
|
180
|
+
"currentFailureClass": { "type": ["string", "null"] },
|
|
181
|
+
"bootproofOrchestrated": { "type": "boolean" },
|
|
182
|
+
"verifiedExternalHealth": { "type": "boolean" },
|
|
183
|
+
"onlyPlanned": { "type": "boolean" },
|
|
184
|
+
"stoppedForApproval": { "type": "boolean" },
|
|
185
|
+
"stoppedDueBlockedAction": { "type": "boolean" },
|
|
186
|
+
"verified": { "type": "boolean" },
|
|
187
|
+
"explanation": { "type": "string", "minLength": 1 },
|
|
188
|
+
"redactionsApplied": { "$ref": "#/$defs/redactions" }
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://bootproof.dev/schemas/ai-repair-suggestion-v1.schema.json",
|
|
4
|
+
"title": "BootProof AI Repair Suggestion v1",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema",
|
|
9
|
+
"confidence",
|
|
10
|
+
"failure_class",
|
|
11
|
+
"suggested_action_type",
|
|
12
|
+
"suggested_command",
|
|
13
|
+
"suggested_patch",
|
|
14
|
+
"explanation_for_user",
|
|
15
|
+
"risk_level",
|
|
16
|
+
"requires_human_approval",
|
|
17
|
+
"why_this_is_safe",
|
|
18
|
+
"what_to_check_after"
|
|
19
|
+
],
|
|
20
|
+
"properties": {
|
|
21
|
+
"schema": { "const": "bootproof/ai-repair-suggestion/v1" },
|
|
22
|
+
"confidence": { "type": "number", "minimum": 0, "maximum": 1 },
|
|
23
|
+
"failure_class": { "type": "string", "minLength": 1 },
|
|
24
|
+
"suggested_action_type": { "enum": ["command", "patch", "instruction"] },
|
|
25
|
+
"suggested_command": {
|
|
26
|
+
"anyOf": [
|
|
27
|
+
{ "$ref": "#/$defs/command" },
|
|
28
|
+
{ "type": "null" }
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
"suggested_patch": {
|
|
32
|
+
"anyOf": [
|
|
33
|
+
{ "$ref": "#/$defs/patch" },
|
|
34
|
+
{ "type": "null" }
|
|
35
|
+
]
|
|
36
|
+
},
|
|
37
|
+
"explanation_for_user": { "type": "string", "minLength": 1 },
|
|
38
|
+
"risk_level": { "enum": ["none", "low", "medium", "high", "blocked"] },
|
|
39
|
+
"requires_human_approval": { "const": true },
|
|
40
|
+
"why_this_is_safe": { "type": "string", "minLength": 1 },
|
|
41
|
+
"what_to_check_after": { "type": "string", "minLength": 1 }
|
|
42
|
+
},
|
|
43
|
+
"$defs": {
|
|
44
|
+
"command": {
|
|
45
|
+
"type": "object",
|
|
46
|
+
"additionalProperties": false,
|
|
47
|
+
"required": ["executable", "args", "display"],
|
|
48
|
+
"properties": {
|
|
49
|
+
"executable": { "type": "string", "minLength": 1 },
|
|
50
|
+
"args": { "type": "array", "items": { "type": "string" } },
|
|
51
|
+
"display": { "type": "string", "minLength": 1 }
|
|
52
|
+
}
|
|
53
|
+
},
|
|
54
|
+
"patch": {
|
|
55
|
+
"type": "object",
|
|
56
|
+
"additionalProperties": false,
|
|
57
|
+
"required": ["format", "content", "files"],
|
|
58
|
+
"properties": {
|
|
59
|
+
"format": { "const": "unified-diff" },
|
|
60
|
+
"content": { "type": "string", "minLength": 1 },
|
|
61
|
+
"files": {
|
|
62
|
+
"type": "array",
|
|
63
|
+
"minItems": 1,
|
|
64
|
+
"uniqueItems": true,
|
|
65
|
+
"items": { "type": "string", "minLength": 1 }
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|