bootproof 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +840 -152
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +730 -46
  9. package/dist/diagnosis.js +101 -16
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +329 -51
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +238 -39
  17. package/dist/plan.js +2 -0
  18. package/dist/proof.d.ts +78 -2
  19. package/dist/proof.js +265 -12
  20. package/dist/receipt.d.ts +52 -0
  21. package/dist/receipt.js +356 -0
  22. package/dist/redact.d.ts +4 -0
  23. package/dist/redact.js +86 -2
  24. package/dist/registry.d.ts +82 -30
  25. package/dist/registry.js +355 -53
  26. package/dist/remote.js +3 -3
  27. package/dist/repair-playbooks.d.ts +24 -0
  28. package/dist/repair-playbooks.js +593 -0
  29. package/dist/repair-safety.d.ts +130 -0
  30. package/dist/repair-safety.js +766 -0
  31. package/dist/repair.d.ts +43 -11
  32. package/dist/repair.js +716 -7
  33. package/dist/run.d.ts +3 -0
  34. package/dist/run.js +218 -41
  35. package/dist/sbom.d.ts +22 -0
  36. package/dist/sbom.js +99 -0
  37. package/dist/taxonomy.d.ts +8 -3
  38. package/dist/taxonomy.js +404 -8
  39. package/dist/types.d.ts +40 -1
  40. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  41. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  42. package/docs/CI_ACTION.md +67 -2
  43. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  44. package/docs/FAILURE_TAXONOMY.md +28 -1
  45. package/docs/HONESTY_CONTRACT.md +34 -12
  46. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  47. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  48. package/docs/REGISTRY.md +48 -28
  49. package/docs/REPAIR_RECEIPT.md +54 -8
  50. package/docs/agent-loop-gap-analysis.md +188 -0
  51. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  52. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  53. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  54. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  55. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  56. package/docs/examples/registry-seeds/php-composer.json +33 -0
  57. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  58. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  59. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  60. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  61. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  62. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  63. package/docs/schemas/ci-context-v1.schema.json +63 -0
  64. package/docs/schemas/diff-result-v1.schema.json +66 -0
  65. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  66. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  67. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  68. package/docs/schemas/repair-action-v1.schema.json +136 -0
  69. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  70. package/package.json +10 -6
@@ -0,0 +1,171 @@
1
+ # Agent-In-The-Loop Architecture
2
+
3
+ Works on my machine is dead.
4
+
5
+ No proof, no green check.
6
+
7
+ Predictable failure is a feature.
8
+
9
+ BootProof turns AI repo onboarding from a hallucinated shell loop into a
10
+ verified execution loop.
11
+
12
+ The distinction is evidence. A human or AI may suggest that a package should be
13
+ installed, a service started, or a command rerun. A suggestion is not proof.
14
+ Command completion is not proof. Planning is not proof. BootProof establishes a
15
+ successful result only through the verification contract, such as an observed
16
+ healthy HTTP response.
17
+
18
+ ## The Loop
19
+
20
+ ```text
21
+ Diagnose → Classify → Plan → Risk-Classify → Approve
22
+ → Execute One Step → Verify → Receipt → Repeat
23
+ ```
24
+
25
+ This is the target architecture and safety contract:
26
+
27
+ - diagnosis preserves observed evidence;
28
+ - classification names known failures and leaves unknown failures honest;
29
+ - planning proposes deterministic next actions;
30
+ - risk classification records mutation scope and approval requirements;
31
+ - approval applies to one exact local action, not a hidden chain;
32
+ - execution performs at most the approved step;
33
+ - verification observes the result before any success claim;
34
+ - receipts preserve the local audit trail;
35
+ - repetition requires a new plan or approval decision.
36
+
37
+ The complete autonomous loop is not implemented. `plan-agent` is planning-only.
38
+ It writes candidate actions and receipts but executes no candidate command.
39
+ Deterministic repair implements a narrower, human-approved loop for registered
40
+ failures. Unknown or blocked actions stop.
41
+
42
+ ## Current Modes
43
+
44
+ ### Direct Orchestration
45
+
46
+ ```bash
47
+ bootproof up .
48
+ ```
49
+
50
+ For a supported repository, BootProof constructs a deterministic local plan,
51
+ executes the selected path, observes health, and writes a signed attestation.
52
+ If the repository requires unsupported, ambiguous, or unsafe orchestration,
53
+ BootProof refuses and preserves the failure evidence.
54
+
55
+ `bootproof up` is zero-AI. It never treats an AI judgment as execution evidence.
56
+
57
+ ### External Verification
58
+
59
+ ```bash
60
+ bootproof verify-url http://localhost:8001/api/v1/health
61
+ ```
62
+
63
+ This mode verifies a service managed outside BootProof. It records the HTTP
64
+ status, safe headers, response snippet, timestamp, and connection evidence.
65
+ A successful result is `external_service_verified`, with
66
+ `bootproofOrchestrated: false`.
67
+
68
+ External verification proves only that the endpoint responded according to the
69
+ health contract. It does not prove that BootProof started the application.
70
+
71
+ For repository-scoped evidence, use:
72
+
73
+ ```bash
74
+ bootproof up . --external-health http://localhost:8001/api/v1/health
75
+ ```
76
+
77
+ ### Agent Planning
78
+
79
+ ```bash
80
+ bootproof plan-agent .
81
+ ```
82
+
83
+ Planning inspects repository evidence and existing attestations, then writes:
84
+
85
+ - `.bootproof/agent-plan.json`;
86
+ - a redacted receipt chain under `.bootproof/agent-runs/<run-id>/`;
87
+ - candidate actions with risk, mutation scope, approval, verification, and stop
88
+ fields.
89
+
90
+ It does not execute candidate actions. It does not claim the repository booted.
91
+ Use `bootproof explain-run <run-id>` to inspect the local chain.
92
+
93
+ ### Deterministic Repair
94
+
95
+ ```bash
96
+ bootproof fix
97
+ ```
98
+
99
+ Deterministic repair reads a signature-valid classified failure and selects only
100
+ registered playbook actions. It shows the exact command or patch, mutation
101
+ scope, and risk. Commands and patches that require approval run only after the
102
+ literal response `Y`.
103
+
104
+ The repair path records declined, failed, progressed, and verified outcomes.
105
+ Only observed health can set the verified result.
106
+
107
+ ## Airbyte Case Study
108
+
109
+ Airbyte demonstrated why BootProof needs more than a universal run command.
110
+
111
+ 1. BootProof inspected the repository and refused direct orchestration.
112
+ 2. Repository evidence showed that local Airbyte deployment required `abctl`,
113
+ `kind`, Helm, Kubernetes, Docker, and local authentication.
114
+ 3. A human followed the documented Airbyte runbook and started the application
115
+ outside BootProof.
116
+ 4. The resulting service exposed
117
+ `http://localhost:8001/api/v1/health`.
118
+ 5. BootProof external verification observed a successful response from that
119
+ endpoint without claiming it ran `abctl` or started Airbyte.
120
+
121
+ This is a successful honesty outcome. BootProof withheld a false green check,
122
+ the manual runbook handled orchestration, and the health endpoint supplied
123
+ proof of the externally managed service.
124
+
125
+ **Airbyte validates the design of the loop, not full autonomous execution yet.**
126
+
127
+ BootProof currently recognizes the Airbyte runbook in planning mode. It may
128
+ describe `abctl local install --port 8001` as a high-risk,
129
+ approval-required Kubernetes action, but it does not execute Airbyte, abctl,
130
+ kind, Helm, Kubernetes, or credential commands through `plan-agent`.
131
+
132
+ Airbyte-style repositories are externally orchestrated. BootProof may produce a
133
+ local plan and may verify an already-running documented health endpoint, but it
134
+ must not silently create or mutate a cluster. Cluster-level actions, including
135
+ `abctl local install`, `kind create cluster`, and `helm install`, are high-risk
136
+ and require explicit approval. CI planning remains non-interactive and executes
137
+ none of those candidate actions.
138
+
139
+ ## Open-Source Boundary
140
+
141
+ The public repository owns the local brakes and trust layer:
142
+
143
+ - local diagnosis;
144
+ - local planning;
145
+ - local receipts;
146
+ - local approvals;
147
+ - optional BYOK AI suggestions, when implemented, using the same redaction,
148
+ risk, approval, verification, and receipt model;
149
+ - no telemetry, hidden upload, or automatic receipt submission.
150
+
151
+ BYOK AI is optional and must remain outside `bootproof up`. AI output is
152
+ untrusted input: it may suggest, but BootProof must prove.
153
+
154
+ The local proof engine must work offline without a Cloud account.
155
+
156
+ ## Cloud Boundary
157
+
158
+ BootProof Cloud is a separate private product boundary for:
159
+
160
+ - hosted AI;
161
+ - shared registry;
162
+ - team approval workflows;
163
+ - GitHub App;
164
+ - SSO/RBAC;
165
+ - policy;
166
+ - fleet dashboards;
167
+ - audit retention.
168
+
169
+ This public repository does not implement those capabilities. Registry or
170
+ evidence upload must remain explicit and opt-in; no Cloud service is required
171
+ for local diagnosis, planning, receipts, repair, or proof.
@@ -0,0 +1,38 @@
1
+ # Agent Run Receipts
2
+
3
+ `bootproof plan-agent <path>` starts a local, redacted receipt chain under:
4
+
5
+ ```text
6
+ .bootproof/agent-runs/<run-id>/
7
+ initial-attestation.json
8
+ agent-plan.json
9
+ actions/<timestamp>-action.json
10
+ verifications/<timestamp>-verification.json
11
+ final-summary.json
12
+ ```
13
+
14
+ Each immutable receipt contains its own SHA-256 hash and the previous receipt
15
+ hash. `final-summary.json` is a replaceable derived snapshot that points to the
16
+ last immutable receipt; it is not itself part of the chain.
17
+
18
+ Planning records candidate actions as not executed. It does not approve or run
19
+ them and cannot claim success. A later repository-scoped
20
+ `bootproof up . --external-health <url>` appends the observed verification to
21
+ the latest local run. The standalone `bootproof verify-url` command keeps its
22
+ existing file-free behavior.
23
+
24
+ Inspect and verify a run from the repository root:
25
+
26
+ ```bash
27
+ bootproof explain-run <run-id>
28
+ ```
29
+
30
+ The explanation distinguishes planning-only, approval stops, blocked actions,
31
+ external health verification, and BootProof-orchestrated verification.
32
+
33
+ Receipts are local only. BootProof redacts secret-like values and local username
34
+ paths before hashing and writing them. It performs no upload, telemetry, or
35
+ registry submission.
36
+
37
+ The machine schema is
38
+ [`schemas/agent-run-receipts-v1.schema.json`](schemas/agent-run-receipts-v1.schema.json).
package/docs/CI_ACTION.md CHANGED
@@ -8,7 +8,65 @@ bootproof up . --ci --json
8
8
 
9
9
  Exit `0` means both `booted` and `healthVerified` are true. Every refusal or failure exits `1`.
10
10
 
11
- ## GitHub Actions Example
11
+ ## BootProof GitHub Action
12
+
13
+ The GitHub Action runs the same deterministic CLI interface, writes a Markdown
14
+ job summary, and can post or update a sticky pull request comment:
15
+
16
+ ```yaml
17
+ name: bootproof
18
+
19
+ on:
20
+ pull_request:
21
+
22
+ permissions:
23
+ contents: read
24
+ pull-requests: write
25
+
26
+ jobs:
27
+ bootproof:
28
+ runs-on: ubuntu-latest
29
+ steps:
30
+ - uses: actions/checkout@v6
31
+ with:
32
+ fetch-depth: 0
33
+
34
+ - uses: bootproof/action@v1
35
+ with:
36
+ install: true
37
+ diff: true
38
+ upload-artifact: true
39
+ ```
40
+
41
+ Evidence upload is explicit. `upload-artifact` defaults to `false`; setting it
42
+ to `true` uploads only the action's staged allowlist, including the attestation
43
+ when one was produced. It does not upload the whole `.bootproof/` directory.
44
+
45
+ The action can explicitly generate redacted registry or federated
46
+ public-candidate artifacts:
47
+
48
+ ```yaml
49
+ - uses: bootproof/action@v1
50
+ with:
51
+ registry-export: true
52
+ federated-receipt: true
53
+ upload-artifact: true
54
+ ```
55
+
56
+ Nothing is committed or uploaded to a registry. Cloud upload is not
57
+ implemented in this OSS action, and Cloud inputs are rejected rather than
58
+ silently ignored.
59
+
60
+ The action never runs `bootproof fix`, `bootproof plan-agent`, agent actions,
61
+ or repair commands. If `agent-plan-summary` is enabled, it only summarises an
62
+ existing `.bootproof/agent-plan.json`.
63
+
64
+ The action uses its bundled compiled CLI when present. Release tags without a
65
+ bundle install the exact `bootproof` version declared by that action release;
66
+ they never prefer a target repository's local `bootproof` executable. Publish
67
+ that npm version before creating the corresponding action tag.
68
+
69
+ ## Manual GitHub Actions Example
12
70
 
13
71
  This example records the JSON result and preserves the signed attestation even when verification fails:
14
72
 
@@ -71,6 +129,13 @@ Current attestations still say:
71
129
  local_developer_signed
72
130
  ```
73
131
 
74
- They are signed evidence generated on a CI runner, but they are not yet `ci_oidc_signed`. Workload-identity-backed signing remains future work.
132
+ They are signed evidence generated on a CI runner. By default they are `local_developer_signed` (signed with the runner's local ed25519 key). To upgrade to `ci_oidc_signed`, set the `ci-oidc` input to `true` and grant `permissions: id-token: write` on the workflow — BootProof will fetch the runner's OIDC token and embed the claims in the attestation trust block.
75
133
 
76
134
  BootProof does not silently push commits or upload evidence. The workflow owner chooses whether to retain artifacts or commit `.bootproof/`.
135
+
136
+ The action records GitHub workflow context as unsigned provenance metadata. When `ci-oidc: true` is set, it also requests an OIDC token and emits `ci_oidc_signed` attestations with embedded workload-identity claims.
137
+
138
+ The action-owned machine artifacts use strict schemas:
139
+
140
+ - [`schemas/action-verdict-v1.schema.json`](schemas/action-verdict-v1.schema.json)
141
+ - [`schemas/ci-context-v1.schema.json`](schemas/ci-context-v1.schema.json)