bootproof 0.1.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/README.md +873 -109
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +936 -38
  9. package/dist/diagnosis.js +114 -17
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +332 -37
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +489 -41
  17. package/dist/plan.d.ts +2 -0
  18. package/dist/plan.js +49 -7
  19. package/dist/proof.d.ts +78 -2
  20. package/dist/proof.js +266 -13
  21. package/dist/receipt.d.ts +52 -0
  22. package/dist/receipt.js +356 -0
  23. package/dist/redact.d.ts +4 -0
  24. package/dist/redact.js +86 -2
  25. package/dist/registry.d.ts +82 -30
  26. package/dist/registry.js +355 -53
  27. package/dist/remote.d.ts +12 -1
  28. package/dist/remote.js +62 -18
  29. package/dist/repair-playbooks.d.ts +24 -0
  30. package/dist/repair-playbooks.js +593 -0
  31. package/dist/repair-safety.d.ts +130 -0
  32. package/dist/repair-safety.js +766 -0
  33. package/dist/repair.d.ts +142 -0
  34. package/dist/repair.js +1566 -0
  35. package/dist/run.d.ts +6 -1
  36. package/dist/run.js +385 -46
  37. package/dist/sbom.d.ts +22 -0
  38. package/dist/sbom.js +99 -0
  39. package/dist/taxonomy.d.ts +8 -2
  40. package/dist/taxonomy.js +428 -8
  41. package/dist/types.d.ts +57 -2
  42. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  43. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  44. package/docs/CI_ACTION.md +71 -5
  45. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  46. package/docs/FAILURE_TAXONOMY.md +30 -1
  47. package/docs/HONESTY_CONTRACT.md +55 -4
  48. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  49. package/docs/REAL_REPO_EVIDENCE.md +77 -0
  50. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  51. package/docs/REGISTRY.md +48 -28
  52. package/docs/RELEASE_CHECKLIST.md +9 -1
  53. package/docs/REPAIR_RECEIPT.md +224 -0
  54. package/docs/agent-loop-gap-analysis.md +188 -0
  55. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  56. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  57. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  58. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  59. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  60. package/docs/examples/registry-seeds/php-composer.json +33 -0
  61. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  62. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  63. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  64. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  65. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  66. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  67. package/docs/schemas/ci-context-v1.schema.json +63 -0
  68. package/docs/schemas/diff-result-v1.schema.json +66 -0
  69. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  70. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  71. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  72. package/docs/schemas/repair-action-v1.schema.json +136 -0
  73. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  74. package/package.json +13 -6
@@ -0,0 +1,63 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/ci-context-v1.schema.json",
4
+ "title": "BootProof CI Context v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "repository",
10
+ "workflow",
11
+ "runId",
12
+ "runAttempt",
13
+ "sha",
14
+ "ref",
15
+ "actor",
16
+ "eventName",
17
+ "job",
18
+ "serverUrl",
19
+ "githubActions",
20
+ "oidcSigned"
21
+ ],
22
+ "properties": {
23
+ "schema": {
24
+ "const": "bootproof/ci-context/v1"
25
+ },
26
+ "repository": {
27
+ "type": "string"
28
+ },
29
+ "workflow": {
30
+ "type": "string"
31
+ },
32
+ "runId": {
33
+ "type": "string"
34
+ },
35
+ "runAttempt": {
36
+ "type": "string"
37
+ },
38
+ "sha": {
39
+ "type": "string"
40
+ },
41
+ "ref": {
42
+ "type": "string"
43
+ },
44
+ "actor": {
45
+ "type": "string"
46
+ },
47
+ "eventName": {
48
+ "type": "string"
49
+ },
50
+ "job": {
51
+ "type": "string"
52
+ },
53
+ "serverUrl": {
54
+ "type": "string"
55
+ },
56
+ "githubActions": {
57
+ "type": "boolean"
58
+ },
59
+ "oidcSigned": {
60
+ "const": false
61
+ }
62
+ }
63
+ }
@@ -0,0 +1,66 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/diff-result-v1.schema.json",
4
+ "title": "BootProof Infrastructure Diff Result v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "base",
10
+ "head",
11
+ "changedFiles",
12
+ "addedServices",
13
+ "removedServices",
14
+ "addedPorts",
15
+ "removedPorts",
16
+ "addedEnvVars",
17
+ "removedEnvVars",
18
+ "changedCommands",
19
+ "changedPackageManagers",
20
+ "riskLevel",
21
+ "proofRequired",
22
+ "suggestedReviewNotes",
23
+ "redactionsApplied"
24
+ ],
25
+ "properties": {
26
+ "schema": { "const": "bootproof/diff-result/v1" },
27
+ "base": { "type": "string", "minLength": 1 },
28
+ "head": { "type": "string", "minLength": 1 },
29
+ "changedFiles": { "$ref": "#/$defs/stringArray" },
30
+ "addedServices": { "$ref": "#/$defs/stringArray" },
31
+ "removedServices": { "$ref": "#/$defs/stringArray" },
32
+ "addedPorts": { "$ref": "#/$defs/stringArray" },
33
+ "removedPorts": { "$ref": "#/$defs/stringArray" },
34
+ "addedEnvVars": { "$ref": "#/$defs/stringArray" },
35
+ "removedEnvVars": { "$ref": "#/$defs/stringArray" },
36
+ "changedCommands": {
37
+ "type": "array",
38
+ "items": { "$ref": "#/$defs/change" }
39
+ },
40
+ "changedPackageManagers": {
41
+ "type": "array",
42
+ "items": { "$ref": "#/$defs/change" }
43
+ },
44
+ "riskLevel": { "enum": ["low", "medium", "high"] },
45
+ "proofRequired": { "type": "boolean" },
46
+ "suggestedReviewNotes": { "$ref": "#/$defs/stringArray" },
47
+ "redactionsApplied": { "$ref": "#/$defs/stringArray" }
48
+ },
49
+ "$defs": {
50
+ "stringArray": {
51
+ "type": "array",
52
+ "items": { "type": "string" },
53
+ "uniqueItems": true
54
+ },
55
+ "change": {
56
+ "type": "object",
57
+ "additionalProperties": false,
58
+ "required": ["source", "before", "after"],
59
+ "properties": {
60
+ "source": { "type": "string", "minLength": 1 },
61
+ "before": { "type": ["string", "null"] },
62
+ "after": { "type": ["string", "null"] }
63
+ }
64
+ }
65
+ }
66
+ }
@@ -0,0 +1,51 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/federated-receipt-v1.schema.json",
4
+ "title": "BootProof Federated Receipt v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "createdAt",
10
+ "registryEntry",
11
+ "attestationHash",
12
+ "publicRepoDeclaration",
13
+ "crawlerHint",
14
+ "redactionsApplied",
15
+ "noSecretsIncluded"
16
+ ],
17
+ "properties": {
18
+ "schema": { "const": "bootproof/federated-receipt/v1" },
19
+ "createdAt": { "type": "string", "format": "date-time" },
20
+ "registryEntry": { "$ref": "registry-entry-v1.schema.json" },
21
+ "attestationHash": { "$ref": "#/$defs/hash" },
22
+ "repairReceiptHash": { "$ref": "#/$defs/hash" },
23
+ "signature": { "$ref": "#/$defs/signature" },
24
+ "publicRepoDeclaration": { "const": true },
25
+ "crawlerHint": {
26
+ "type": "object",
27
+ "additionalProperties": false,
28
+ "required": ["commitHash", "branch"],
29
+ "properties": {
30
+ "repoUrl": { "type": "string", "format": "uri" },
31
+ "commitHash": { "type": ["string", "null"] },
32
+ "branch": { "type": ["string", "null"] }
33
+ }
34
+ },
35
+ "redactionsApplied": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
36
+ "noSecretsIncluded": { "const": true }
37
+ },
38
+ "$defs": {
39
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
40
+ "signature": {
41
+ "type": "object",
42
+ "additionalProperties": false,
43
+ "required": ["algorithm", "publicKey", "value"],
44
+ "properties": {
45
+ "algorithm": { "const": "ed25519" },
46
+ "publicKey": { "type": "string" },
47
+ "value": { "type": "string" }
48
+ }
49
+ }
50
+ }
51
+ }
@@ -0,0 +1,95 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/registry-entry-v1.schema.json",
4
+ "title": "BootProof Registry Entry v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "createdAt",
10
+ "bootproofVersion",
11
+ "source",
12
+ "registryMode",
13
+ "repoFingerprint",
14
+ "repoHost",
15
+ "repoOwnerHash",
16
+ "repoNameHash",
17
+ "commitHash",
18
+ "branch",
19
+ "os",
20
+ "arch",
21
+ "platform",
22
+ "packageManager",
23
+ "detectedStack",
24
+ "detectedServices",
25
+ "selectedCommandHash",
26
+ "selectedCommandRedacted",
27
+ "failureClass",
28
+ "failureEvidenceFingerprint",
29
+ "evidenceHeadRedacted",
30
+ "evidenceTailRedacted",
31
+ "healthStatus",
32
+ "healthUrlPattern",
33
+ "healthRedirectLocationPattern",
34
+ "verified",
35
+ "attestationHash",
36
+ "redactionsApplied",
37
+ "optInRequired"
38
+ ],
39
+ "properties": {
40
+ "schema": { "const": "bootproof/registry-entry/v1" },
41
+ "createdAt": { "type": "string", "format": "date-time" },
42
+ "bootproofVersion": { "type": "string", "minLength": 1 },
43
+ "source": { "const": "local_cli" },
44
+ "registryMode": {
45
+ "enum": ["local_export", "federated_public_candidate", "cloud_upload_candidate"]
46
+ },
47
+ "repoFingerprint": { "$ref": "#/$defs/hash" },
48
+ "repoHost": { "type": ["string", "null"] },
49
+ "repoOwnerHash": { "$ref": "#/$defs/hash" },
50
+ "repoNameHash": { "$ref": "#/$defs/hash" },
51
+ "publicRepoHint": { "type": "string", "format": "uri" },
52
+ "commitHash": { "type": ["string", "null"] },
53
+ "branch": { "type": ["string", "null"] },
54
+ "os": { "type": "string" },
55
+ "arch": { "type": "string" },
56
+ "platform": { "type": "string" },
57
+ "packageManager": { "type": "string" },
58
+ "detectedStack": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
59
+ "detectedServices": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
60
+ "selectedCommandHash": { "anyOf": [{ "$ref": "#/$defs/hash" }, { "type": "null" }] },
61
+ "selectedCommandRedacted": { "type": ["string", "null"] },
62
+ "failureClass": { "type": ["string", "null"] },
63
+ "failureEvidenceFingerprint": { "anyOf": [{ "$ref": "#/$defs/hash" }, { "type": "null" }] },
64
+ "evidenceHeadRedacted": { "type": ["string", "null"] },
65
+ "evidenceTailRedacted": { "type": ["string", "null"] },
66
+ "healthStatus": { "enum": ["healthy", "unhealthy", "connection_error", "not_observed"] },
67
+ "healthUrlPattern": { "type": ["string", "null"] },
68
+ "healthRedirectLocationPattern": { "type": ["string", "null"] },
69
+ "repairActionType": { "enum": ["repo-diff", "plan-step", "environment"] },
70
+ "repairCommandHash": { "$ref": "#/$defs/hash" },
71
+ "repairCommandRedacted": { "type": "string" },
72
+ "beforeFailureClass": { "type": "string" },
73
+ "afterFailureClass": { "type": "string" },
74
+ "progressed": { "type": "boolean" },
75
+ "verified": { "type": "boolean" },
76
+ "attestationHash": { "$ref": "#/$defs/hash" },
77
+ "repairReceiptHash": { "$ref": "#/$defs/hash" },
78
+ "redactionsApplied": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
79
+ "signature": { "$ref": "#/$defs/signature" },
80
+ "optInRequired": { "const": true }
81
+ },
82
+ "$defs": {
83
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
84
+ "signature": {
85
+ "type": "object",
86
+ "additionalProperties": false,
87
+ "required": ["algorithm", "publicKey", "value"],
88
+ "properties": {
89
+ "algorithm": { "const": "ed25519" },
90
+ "publicKey": { "type": "string" },
91
+ "value": { "type": "string" }
92
+ }
93
+ }
94
+ }
95
+ }
@@ -0,0 +1,102 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/registry-seed-example-v1.schema.json",
4
+ "title": "BootProof real-world registry seed example",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "name",
10
+ "source",
11
+ "structuralMarkers",
12
+ "expectedBootProof",
13
+ "safeNextStep",
14
+ "repairDisposition",
15
+ "externallyOrchestrated",
16
+ "evidenceOutcome",
17
+ "verificationBasis",
18
+ "redactionsApplied"
19
+ ],
20
+ "properties": {
21
+ "schema": {
22
+ "const": "bootproof/registry-seed-example/v1"
23
+ },
24
+ "name": {
25
+ "type": "string",
26
+ "minLength": 1
27
+ },
28
+ "source": {
29
+ "const": "synthetic_minimal_fixture"
30
+ },
31
+ "structuralMarkers": {
32
+ "type": "array",
33
+ "minItems": 1,
34
+ "uniqueItems": true,
35
+ "items": {
36
+ "type": "string",
37
+ "minLength": 1
38
+ }
39
+ },
40
+ "expectedBootProof": {
41
+ "type": "object",
42
+ "additionalProperties": false,
43
+ "required": [
44
+ "kind",
45
+ "values"
46
+ ],
47
+ "properties": {
48
+ "kind": {
49
+ "enum": [
50
+ "classification",
51
+ "inference",
52
+ "classification_and_inference",
53
+ "agent_plan"
54
+ ]
55
+ },
56
+ "values": {
57
+ "type": "array",
58
+ "minItems": 1,
59
+ "uniqueItems": true,
60
+ "items": {
61
+ "type": "string",
62
+ "minLength": 1
63
+ }
64
+ }
65
+ }
66
+ },
67
+ "safeNextStep": {
68
+ "type": "string",
69
+ "minLength": 1
70
+ },
71
+ "repairDisposition": {
72
+ "enum": [
73
+ "automatic",
74
+ "approval_required",
75
+ "refused"
76
+ ]
77
+ },
78
+ "externallyOrchestrated": {
79
+ "type": "boolean"
80
+ },
81
+ "evidenceOutcome": {
82
+ "enum": [
83
+ "verified_boot_possible",
84
+ "diagnostic_only"
85
+ ]
86
+ },
87
+ "verificationBasis": {
88
+ "type": "string",
89
+ "minLength": 1
90
+ },
91
+ "redactionsApplied": {
92
+ "type": "array",
93
+ "minItems": 1,
94
+ "uniqueItems": true,
95
+ "items": {
96
+ "type": "string",
97
+ "minLength": 1
98
+ }
99
+ }
100
+ }
101
+ }
102
+
@@ -0,0 +1,136 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/repair-action-v1.schema.json",
4
+ "title": "BootProof Repair Action v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "actionType",
10
+ "mutationScope",
11
+ "riskLevel",
12
+ "requiresApproval",
13
+ "approvalPrompt",
14
+ "blockedReason",
15
+ "verificationStep",
16
+ "command",
17
+ "patch",
18
+ "instruction",
19
+ "explanation",
20
+ "evidenceRefs",
21
+ "deterministic",
22
+ "source"
23
+ ],
24
+ "properties": {
25
+ "schema": { "const": "bootproof/repair-action/v1" },
26
+ "actionType": { "enum": ["command", "patch", "instruction"] },
27
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
28
+ "riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
29
+ "requiresApproval": { "type": "boolean", "default": true },
30
+ "approvalPrompt": { "type": "string", "minLength": 1 },
31
+ "blockedReason": { "type": "string" },
32
+ "verificationStep": { "type": "string", "minLength": 1 },
33
+ "command": {
34
+ "anyOf": [
35
+ { "$ref": "#/$defs/command" },
36
+ { "type": "null" }
37
+ ]
38
+ },
39
+ "patch": {
40
+ "anyOf": [
41
+ { "$ref": "#/$defs/patch" },
42
+ { "type": "null" }
43
+ ]
44
+ },
45
+ "instruction": { "type": ["string", "null"] },
46
+ "explanation": { "type": "string", "minLength": 1 },
47
+ "evidenceRefs": {
48
+ "type": "array",
49
+ "items": { "type": "string" },
50
+ "uniqueItems": true
51
+ },
52
+ "deterministic": { "type": "boolean" },
53
+ "source": { "enum": ["deterministic_playbook", "ai_suggested"] }
54
+ },
55
+ "allOf": [
56
+ {
57
+ "if": { "properties": { "actionType": { "const": "command" } } },
58
+ "then": {
59
+ "properties": {
60
+ "command": { "$ref": "#/$defs/command" },
61
+ "patch": { "type": "null" },
62
+ "instruction": { "type": "null" },
63
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] }
64
+ }
65
+ }
66
+ },
67
+ {
68
+ "if": { "properties": { "actionType": { "const": "patch" } } },
69
+ "then": {
70
+ "properties": {
71
+ "command": { "type": "null" },
72
+ "patch": { "$ref": "#/$defs/patch" },
73
+ "instruction": { "type": "null" },
74
+ "mutationScope": { "const": "repo_only" },
75
+ "requiresApproval": { "const": true }
76
+ }
77
+ }
78
+ },
79
+ {
80
+ "if": { "properties": { "actionType": { "const": "instruction" } } },
81
+ "then": {
82
+ "properties": {
83
+ "command": { "type": "null" },
84
+ "patch": { "type": "null" },
85
+ "instruction": { "type": "string", "minLength": 1 }
86
+ }
87
+ }
88
+ },
89
+ {
90
+ "if": { "properties": { "riskLevel": { "enum": ["medium", "high"] } } },
91
+ "then": {
92
+ "properties": {
93
+ "requiresApproval": { "const": true }
94
+ }
95
+ }
96
+ },
97
+ {
98
+ "if": { "properties": { "source": { "const": "deterministic_playbook" } } },
99
+ "then": { "properties": { "deterministic": { "const": true } } }
100
+ },
101
+ {
102
+ "if": { "properties": { "source": { "const": "ai_suggested" } } },
103
+ "then": { "properties": { "deterministic": { "const": false } } }
104
+ }
105
+ ],
106
+ "$defs": {
107
+ "command": {
108
+ "type": "object",
109
+ "additionalProperties": false,
110
+ "required": ["executable", "args", "display"],
111
+ "properties": {
112
+ "executable": { "type": "string", "minLength": 1 },
113
+ "args": {
114
+ "type": "array",
115
+ "items": { "type": "string" }
116
+ },
117
+ "display": { "type": "string", "minLength": 1 }
118
+ }
119
+ },
120
+ "patch": {
121
+ "type": "object",
122
+ "additionalProperties": false,
123
+ "required": ["format", "content", "files"],
124
+ "properties": {
125
+ "format": { "const": "unified-diff" },
126
+ "content": { "type": "string", "minLength": 1 },
127
+ "files": {
128
+ "type": "array",
129
+ "minItems": 1,
130
+ "uniqueItems": true,
131
+ "items": { "type": "string", "minLength": 1 }
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }