bootproof 0.1.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/README.md +873 -109
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +936 -38
  9. package/dist/diagnosis.js +114 -17
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +332 -37
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +489 -41
  17. package/dist/plan.d.ts +2 -0
  18. package/dist/plan.js +49 -7
  19. package/dist/proof.d.ts +78 -2
  20. package/dist/proof.js +266 -13
  21. package/dist/receipt.d.ts +52 -0
  22. package/dist/receipt.js +356 -0
  23. package/dist/redact.d.ts +4 -0
  24. package/dist/redact.js +86 -2
  25. package/dist/registry.d.ts +82 -30
  26. package/dist/registry.js +355 -53
  27. package/dist/remote.d.ts +12 -1
  28. package/dist/remote.js +62 -18
  29. package/dist/repair-playbooks.d.ts +24 -0
  30. package/dist/repair-playbooks.js +593 -0
  31. package/dist/repair-safety.d.ts +130 -0
  32. package/dist/repair-safety.js +766 -0
  33. package/dist/repair.d.ts +142 -0
  34. package/dist/repair.js +1566 -0
  35. package/dist/run.d.ts +6 -1
  36. package/dist/run.js +385 -46
  37. package/dist/sbom.d.ts +22 -0
  38. package/dist/sbom.js +99 -0
  39. package/dist/taxonomy.d.ts +8 -2
  40. package/dist/taxonomy.js +428 -8
  41. package/dist/types.d.ts +57 -2
  42. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  43. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  44. package/docs/CI_ACTION.md +71 -5
  45. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  46. package/docs/FAILURE_TAXONOMY.md +30 -1
  47. package/docs/HONESTY_CONTRACT.md +55 -4
  48. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  49. package/docs/REAL_REPO_EVIDENCE.md +77 -0
  50. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  51. package/docs/REGISTRY.md +48 -28
  52. package/docs/RELEASE_CHECKLIST.md +9 -1
  53. package/docs/REPAIR_RECEIPT.md +224 -0
  54. package/docs/agent-loop-gap-analysis.md +188 -0
  55. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  56. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  57. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  58. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  59. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  60. package/docs/examples/registry-seeds/php-composer.json +33 -0
  61. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  62. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  63. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  64. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  65. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  66. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  67. package/docs/schemas/ci-context-v1.schema.json +63 -0
  68. package/docs/schemas/diff-result-v1.schema.json +66 -0
  69. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  70. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  71. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  72. package/docs/schemas/repair-action-v1.schema.json +136 -0
  73. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  74. package/package.json +13 -6
@@ -0,0 +1,221 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/repair-receipt-v1.schema.json",
4
+ "title": "BootProof Repair Receipt v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "repairId",
10
+ "createdAt",
11
+ "bootproofVersion",
12
+ "source",
13
+ "beforeFailureClass",
14
+ "beforeEvidenceHash",
15
+ "proposedAction",
16
+ "actionType",
17
+ "mutationScope",
18
+ "riskLevel",
19
+ "userApprovalRequired",
20
+ "applyResult",
21
+ "progressed",
22
+ "verified",
23
+ "explanation",
24
+ "redactionsApplied"
25
+ ],
26
+ "properties": {
27
+ "schema": { "const": "bootproof/repair-receipt/v1" },
28
+ "repairId": { "type": "string", "minLength": 1 },
29
+ "createdAt": { "type": "string", "format": "date-time" },
30
+ "bootproofVersion": { "type": "string", "minLength": 1 },
31
+ "source": { "enum": ["deterministic_playbook", "ai_suggested"] },
32
+ "beforeFailureClass": { "type": "string", "minLength": 1 },
33
+ "beforeEvidenceHash": { "$ref": "#/$defs/hash" },
34
+ "proposedAction": { "$ref": "repair-action-v1.schema.json" },
35
+ "actionType": { "enum": ["command", "patch", "instruction"] },
36
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
37
+ "riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
38
+ "userApprovalRequired": { "type": "boolean" },
39
+ "approvedAt": { "type": "string", "format": "date-time" },
40
+ "appliedAt": { "type": "string", "format": "date-time" },
41
+ "applyResult": { "$ref": "#/$defs/applyResult" },
42
+ "afterFailureClass": { "type": "string", "minLength": 1 },
43
+ "progressed": { "type": "boolean" },
44
+ "verified": { "type": "boolean" },
45
+ "explanation": { "type": "string", "minLength": 1 },
46
+ "redactionsApplied": {
47
+ "type": "array",
48
+ "items": { "type": "string" },
49
+ "uniqueItems": true
50
+ },
51
+ "tool": { "type": "string" },
52
+ "repo": { "$ref": "#/$defs/repo" },
53
+ "environment": { "$ref": "#/$defs/environment" },
54
+ "failure": { "$ref": "#/$defs/failure" },
55
+ "repair": { "$ref": "#/$defs/legacyRepair" },
56
+ "verification": { "$ref": "#/$defs/verification" },
57
+ "aiEvidence": { "$ref": "#/$defs/aiEvidence" },
58
+ "startedAt": { "type": "string", "format": "date-time" },
59
+ "finishedAt": { "type": "string", "format": "date-time" },
60
+ "signer": {
61
+ "anyOf": [
62
+ { "$ref": "#/$defs/signer" },
63
+ { "type": "null" }
64
+ ]
65
+ },
66
+ "signature": { "type": ["string", "null"] }
67
+ },
68
+ "$defs": {
69
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
70
+ "applyResult": {
71
+ "type": "object",
72
+ "additionalProperties": false,
73
+ "required": ["status", "exitCode", "filesChanged", "evidence"],
74
+ "properties": {
75
+ "status": { "enum": ["not_applied", "applied", "failed"] },
76
+ "exitCode": { "type": ["integer", "null"] },
77
+ "filesChanged": {
78
+ "type": "array",
79
+ "items": { "type": "string" }
80
+ },
81
+ "evidence": { "type": ["string", "null"] }
82
+ }
83
+ },
84
+ "repo": {
85
+ "type": "object",
86
+ "additionalProperties": false,
87
+ "required": ["remote", "commit", "dirty"],
88
+ "properties": {
89
+ "remote": { "type": ["string", "null"] },
90
+ "commit": { "type": ["string", "null"] },
91
+ "dirty": { "type": ["boolean", "null"] }
92
+ }
93
+ },
94
+ "environment": {
95
+ "type": "object",
96
+ "additionalProperties": false,
97
+ "required": ["os", "arch", "node"],
98
+ "properties": {
99
+ "os": { "type": "string" },
100
+ "arch": { "type": "string" },
101
+ "node": { "type": "string" }
102
+ }
103
+ },
104
+ "failure": {
105
+ "type": "object",
106
+ "additionalProperties": false,
107
+ "required": ["class", "beforeAttestationSha256"],
108
+ "properties": {
109
+ "class": { "type": "string" },
110
+ "beforeAttestationSha256": { "$ref": "#/$defs/hash" }
111
+ }
112
+ },
113
+ "legacyRepair": {
114
+ "type": "object",
115
+ "additionalProperties": false,
116
+ "required": [
117
+ "id",
118
+ "kind",
119
+ "description",
120
+ "diff",
121
+ "filesChanged",
122
+ "fileChanges",
123
+ "preconditions",
124
+ "planDelta",
125
+ "envDelta"
126
+ ],
127
+ "properties": {
128
+ "id": { "type": "string" },
129
+ "kind": { "enum": ["repo-diff", "plan-step", "environment"] },
130
+ "description": { "type": "string" },
131
+ "diff": { "type": ["string", "null"] },
132
+ "filesChanged": { "type": "array", "items": { "type": "string" } },
133
+ "fileChanges": { "type": "array", "items": { "$ref": "#/$defs/fileChange" } },
134
+ "preconditions": { "type": "array", "items": { "$ref": "#/$defs/precondition" } },
135
+ "planDelta": { "type": ["string", "null"] },
136
+ "envDelta": { "type": ["string", "null"] }
137
+ }
138
+ },
139
+ "fileChange": {
140
+ "type": "object",
141
+ "additionalProperties": false,
142
+ "required": ["path", "beforeSha256", "afterSha256", "beforeContent", "afterContent"],
143
+ "properties": {
144
+ "path": { "type": "string" },
145
+ "beforeSha256": {
146
+ "anyOf": [
147
+ { "$ref": "#/$defs/hash" },
148
+ { "type": "null" }
149
+ ]
150
+ },
151
+ "afterSha256": { "$ref": "#/$defs/hash" },
152
+ "beforeContent": { "type": ["string", "null"] },
153
+ "afterContent": { "type": "string" }
154
+ }
155
+ },
156
+ "precondition": {
157
+ "type": "object",
158
+ "additionalProperties": false,
159
+ "required": ["path", "sha256"],
160
+ "properties": {
161
+ "path": { "type": "string" },
162
+ "sha256": { "$ref": "#/$defs/hash" }
163
+ }
164
+ },
165
+ "verification": {
166
+ "type": "object",
167
+ "additionalProperties": false,
168
+ "required": ["before", "after"],
169
+ "properties": {
170
+ "before": {
171
+ "type": "object",
172
+ "additionalProperties": false,
173
+ "required": ["booted", "failureClass", "attestationSha256"],
174
+ "properties": {
175
+ "booted": { "const": false },
176
+ "failureClass": { "type": "string" },
177
+ "attestationSha256": { "$ref": "#/$defs/hash" }
178
+ }
179
+ },
180
+ "after": {
181
+ "type": "object",
182
+ "additionalProperties": false,
183
+ "required": ["booted", "bootproofOrchestrated", "healthObservation", "attestationSha256"],
184
+ "properties": {
185
+ "booted": { "type": "boolean" },
186
+ "bootproofOrchestrated": { "type": "boolean" },
187
+ "healthObservation": { "type": "string" },
188
+ "attestationSha256": { "$ref": "#/$defs/hash" }
189
+ }
190
+ }
191
+ }
192
+ },
193
+ "signer": {
194
+ "type": "object",
195
+ "additionalProperties": false,
196
+ "required": ["publicKey", "algorithm"],
197
+ "properties": {
198
+ "publicKey": { "type": "string" },
199
+ "algorithm": { "const": "ed25519" }
200
+ }
201
+ },
202
+ "aiEvidence": {
203
+ "type": "object",
204
+ "additionalProperties": false,
205
+ "required": ["provider", "model", "context", "suggestion"],
206
+ "description": "AI prompt and response evidence for auditability. Present only when source === 'ai_suggested'. The context is redacted before storage; the suggestion is the validated structured response.",
207
+ "properties": {
208
+ "provider": { "enum": ["openai", "anthropic"] },
209
+ "model": { "type": "string", "minLength": 1 },
210
+ "context": {
211
+ "type": "object",
212
+ "description": "The redacted bootproof/ai-repair-context/v1 object sent to the AI provider."
213
+ },
214
+ "suggestion": {
215
+ "type": "object",
216
+ "description": "The validated bootproof/ai-repair-suggestion/v1 object the AI returned."
217
+ }
218
+ }
219
+ }
220
+ }
221
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "bootproof",
3
- "version": "0.1.0",
3
+ "version": "0.4.0",
4
4
  "description": "The honest run button for repos. Boots unfamiliar code when it safely can, tells the truth when it cannot, and signs proof of what happened.",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
@@ -15,17 +15,17 @@
15
15
  ],
16
16
  "scripts": {
17
17
  "clean": "node -e \"require('node:fs').rmSync('dist', { recursive: true, force: true })\"",
18
- "build": "npm run clean && tsc -p tsconfig.json",
18
+ "build": "npm run clean && tsc -p tsconfig.json && chmod +x dist/cli.js",
19
19
  "prepack": "npm run build",
20
20
  "pack:check": "node scripts/pack-smoke.mjs",
21
21
  "release:check": "npm test && npm run build && npm run pack:check && npm publish --dry-run",
22
22
  "lint": "tsc -p tsconfig.json --noEmit",
23
- "test": "npm run build && node --test tests/*.test.mjs",
23
+ "test": "npm run build && node --test tests/unit.test.mjs tests/action.test.mjs tests/e2e.test.mjs tests/receipt.test.mjs",
24
24
  "ci": "npm run lint && npm run test"
25
25
  },
26
26
  "repository": {
27
27
  "type": "git",
28
- "url": "git+https://github.com/rossbuckley1990-hash/bootproof.git"
28
+ "url": "git+https://github.com/bootproof/bootproof.git"
29
29
  },
30
30
  "keywords": [
31
31
  "devtools",
@@ -42,11 +42,18 @@
42
42
  "access": "public"
43
43
  },
44
44
  "devDependencies": {
45
+ "@noble/curves": "^1.6.0",
46
+ "@noble/hashes": "^1.5.0",
45
47
  "@types/node": "^22.19.20",
48
+ "esbuild": "^0.28.1",
49
+ "playwright": "^1.61.1",
46
50
  "typescript": "5.8.3"
47
51
  },
48
52
  "bugs": {
49
- "url": "https://github.com/rossbuckley1990-hash/bootproof/issues"
53
+ "url": "https://github.com/bootproof/bootproof/issues"
50
54
  },
51
- "homepage": "https://github.com/rossbuckley1990-hash/bootproof#readme"
55
+ "homepage": "https://github.com/bootproof/bootproof#readme",
56
+ "dependencies": {
57
+ "yaml": "^2.9.0"
58
+ }
52
59
  }