bootproof 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +840 -152
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +730 -46
  9. package/dist/diagnosis.js +101 -16
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +329 -51
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +238 -39
  17. package/dist/plan.js +2 -0
  18. package/dist/proof.d.ts +78 -2
  19. package/dist/proof.js +265 -12
  20. package/dist/receipt.d.ts +52 -0
  21. package/dist/receipt.js +356 -0
  22. package/dist/redact.d.ts +4 -0
  23. package/dist/redact.js +86 -2
  24. package/dist/registry.d.ts +82 -30
  25. package/dist/registry.js +355 -53
  26. package/dist/remote.js +3 -3
  27. package/dist/repair-playbooks.d.ts +24 -0
  28. package/dist/repair-playbooks.js +593 -0
  29. package/dist/repair-safety.d.ts +130 -0
  30. package/dist/repair-safety.js +766 -0
  31. package/dist/repair.d.ts +43 -11
  32. package/dist/repair.js +716 -7
  33. package/dist/run.d.ts +3 -0
  34. package/dist/run.js +218 -41
  35. package/dist/sbom.d.ts +22 -0
  36. package/dist/sbom.js +99 -0
  37. package/dist/taxonomy.d.ts +8 -3
  38. package/dist/taxonomy.js +404 -8
  39. package/dist/types.d.ts +40 -1
  40. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  41. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  42. package/docs/CI_ACTION.md +67 -2
  43. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  44. package/docs/FAILURE_TAXONOMY.md +28 -1
  45. package/docs/HONESTY_CONTRACT.md +34 -12
  46. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  47. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  48. package/docs/REGISTRY.md +48 -28
  49. package/docs/REPAIR_RECEIPT.md +54 -8
  50. package/docs/agent-loop-gap-analysis.md +188 -0
  51. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  52. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  53. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  54. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  55. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  56. package/docs/examples/registry-seeds/php-composer.json +33 -0
  57. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  58. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  59. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  60. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  61. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  62. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  63. package/docs/schemas/ci-context-v1.schema.json +63 -0
  64. package/docs/schemas/diff-result-v1.schema.json +66 -0
  65. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  66. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  67. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  68. package/docs/schemas/repair-action-v1.schema.json +136 -0
  69. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  70. package/package.json +10 -6
@@ -15,14 +15,39 @@ Unknown evidence remains `unknown_failure`. BootProof does not pick a more marke
15
15
  |---|---|---|
16
16
  | `not_an_application` | No trustworthy runnable entrypoint was found. | Select a runnable workspace or add an explicit start command. |
17
17
  | `orchestration_not_supported` | An application stack was detected, but no explicit supported entrypoint or source-built Compose web service was found. | Use the repository's documented runbook; treat the signed result as diagnosis, not boot proof. |
18
+ | `go_service_orchestration_not_supported` | A Go service was detected, but no safe runnable service command and health contract could be established. | Use the documented service command or provide an explicit reviewed override; do not treat detection as boot proof. |
19
+ | `host_execution_not_acknowledged` | Host execution, including execution of a cloned remote repository, was selected without the explicit `--unsafe-local` acknowledgement. | Review the inferred commands, then rerun with `--provider local --unsafe-local` only if you accept host execution. |
20
+ | `auth_required` | An externally managed health endpoint returned HTTP 401 or 403. | Use a separate unauthenticated health endpoint or verify authentication manually without exposing credentials. |
21
+ | `external_health_unreachable` | An externally managed health endpoint could not be reached or did not return HTTP 2xx/3xx. | Confirm the service and endpoint are reachable, then rerun external verification. |
18
22
  | `runtime_engine_mismatch` | Node.js does not satisfy the declared engine. | Switch to a compatible runtime and rerun. |
23
+ | `missing_ruby_version` | The exact Ruby version selected by rbenv is not installed. | Run `rbenv install <version>`. |
19
24
  | `missing_package_manager` | The declared package manager executable is absent. | Enable Corepack or install the required manager. |
20
- | `missing_runtime_tool` | An explicit Go, Ruby, Bundler, or Make run path was selected, but the executable is absent. | Install the repository-supported runtime or tool and rerun. |
25
+ | `missing_runtime_tool` | An explicit Ruby, Bundler, Make, Python, PHP, or Composer run path was selected, but the executable is absent. | Install the repository-supported runtime or tool and rerun. |
26
+ | `go_runtime_missing` | A selected Go service command cannot run because the `go` executable is unavailable. | Install the repository-supported Go version and rerun. |
27
+ | `go_build_failed` | Go module resolution or compilation failed for the selected service. | Inspect the preserved compiler/module evidence and resolve the specific source or dependency error. |
28
+ | `missing_project_cli` | A selected package script references a repository CLI that is unavailable in the prepared development environment. | Complete the repository's documented bootstrap or development-environment setup, then rerun. |
29
+ | `missing_php_runtime` | The repository requires PHP, but the `php` executable is unavailable. | Install a repository-supported PHP version; mention Homebrew only when its presence is evidenced. |
30
+ | `missing_composer` | The repository requires Composer, but the `composer` executable is unavailable. | Install Composer through an evidenced or documented method. |
31
+ | `unsupported_php_version_for_composer_lock` | The current PHP version does not satisfy package constraints recorded in `composer.lock`. | Select a compatible PHP version, then rerun `composer install`; do not edit the lockfile as the first step. |
32
+ | `missing_php_vendor_autoload` | `vendor/autoload.php` is absent after PHP dependencies failed or were not installed. | Resolve PHP/Composer compatibility, then run `composer install`. |
33
+ | `laravel_sqlite_database_missing` | Laravel's configured SQLite database file does not exist. | Review and approve creation of `database/database.sqlite`, then separately approve `php artisan migrate`. |
34
+ | `laravel_migrations_required` | Laravel started, but one or more required database tables are missing. | Run `php artisan migrate` only with explicit approval because it mutates local database state. |
35
+ | `missing_build_tool` | A named native build tool required by a dependency is absent. | Install the reported tool, such as `brew install cmake`. |
36
+ | `native_extension_compile_failed` | A gem native extension failed to compile. | Install the affected gem's native dependencies and rerun installation. |
21
37
  | `package_manager_version_mismatch` | The available package-manager version differs from the exact/simple declared version. | Activate the declared version, then rerun. |
22
38
  | `dependency_install_skipped` | A dependency-backed application was not started because install was not requested. | Review the install command and opt in with `--install`. |
23
39
  | `python_flask_setup_required` | Python/Flask setup requires migrations, initialization, workers, frontend, or service orchestration not yet supported safely. | Complete the documented setup manually; do not treat detection as full support. |
40
+ | `laravel_vite_ci_hmr_blocked` | Laravel's Vite plugin refused to start the HMR asset server in CI. | Use a production asset build in CI, or run the Laravel application server for app verification. |
24
41
  | `missing_env_var` | Required environment configuration is missing. | Supply real values through the repository's documented path. BootProof will not edit `.env`. |
42
+ | `missing_database_config` | `config/database.yml` could not be loaded or is absent. | Create it from the repository's documented example and review it. |
43
+ | `missing_required_config` | Another explicitly named required configuration file is absent. | Restore the reported file from the repository's documented example. |
25
44
  | `database_unreachable` | A required database or cache could not be reached. | Start the real required service and verify its address. |
45
+ | `postgres_unavailable` | PostgreSQL refused or could not accept the connection. | Start PostgreSQL and verify the configured host and port. |
46
+ | `postgres_role_missing` | PostgreSQL is reachable, but the configured role does not exist. | Create the role or configure an existing one. |
47
+ | `database_schema_missing` | PostgreSQL reports an undefined table or missing relation. | Run the repository's documented migrations or database setup. |
48
+ | `unsupported_database_version` | The installed PostgreSQL version is outside the repository's supported range. | Install or select a supported version. |
49
+ | `unsupported_database_config` | `config/database.yml` contains unsupported database names. | Use only the repository-supported names. |
50
+ | `redis_unavailable` | Redis refused or could not accept the connection. | Start Redis and verify the configured host and port. |
26
51
  | `postgres_auth_env_missing` | Postgres was reached but authentication or env configuration did not match. | Correct the real database configuration; BootProof will not invent credentials. |
27
52
  | `migrations_missing` | The database schema is absent or behind. | Run the repository's documented migration flow. Repair is attempted only for one unambiguous recognized framework. |
28
53
  | `port_in_use` | The application port is occupied. | Stop the process or use a supported explicit port. |
@@ -33,8 +58,10 @@ Unknown evidence remains `unknown_failure`. BootProof does not pick a more marke
33
58
  | `docker_unavailable` | Docker is required by the plan but unavailable. | Start Docker or explicitly choose a safe local path. |
34
59
  | `install_failed` | Dependency installation failed for an otherwise unclassified reason. | Inspect preserved install evidence and fix the underlying cause. |
35
60
  | `app_exited_early` | The application exited before health was observed. | Inspect process evidence and fix startup. |
61
+ | `health_preoccupied` | A health candidate was already responding successfully before BootProof started the application. | Stop the existing service and rerun, or explicitly verify it with `bootproof verify-url <url>`. |
36
62
  | `health_check_timeout` | No HTTP response was observed before timeout. | Check logs, port inference, and health candidates. |
37
63
  | `health_http_error` | A health candidate returned HTTP 5xx. | Fix the server error; a responding process is not yet healthy. |
64
+ | `health_candidate_port_mismatch` | Process output advertised a different port from the inferred application health URL. | Confirm the primary app command and intended health port; do not mistake an asset server for the Laravel app. |
38
65
  | `workspace_ambiguous` | Multiple applications or health targets are plausible. | Choose one with `--workspace <dir>`. |
39
66
  | `unknown_failure` | Available evidence does not match a trustworthy detector. | Inspect the signed raw evidence and report a reproducible detector case. |
40
67
 
@@ -13,15 +13,18 @@ BootProof's promise is not that every repository boots. Its promise is that the
13
13
  7. Ambiguous workspaces are surfaced instead of guessed.
14
14
  8. Generated files are referenced as generated evidence only when they were actually written.
15
15
  9. Refusals and execution failures write signed failed attestations where a signer is available.
16
- 10. Failed attestations preserve available raw local evidence; exported registry entries redact it.
16
+ 10. Failed attestations preserve available diagnostic evidence, redacted at capture before it is persisted. Registry export applies its own additional public-artifact redaction.
17
17
  11. A process starting is not enough. A health signal must be observed.
18
18
  12. Confidence describes evidence found, not predicted success.
19
19
  13. An image-only Compose service does not prove the checked-out source. Compose application proof requires a repository-local build context, a published HTTP port, and an observed HTTP response.
20
- 14. A repair is only ever proposed with a verified before and after attestation.
21
- 15. Repair generation never touches the user's working tree; applying a diff requires the separate explicit `apply-repair` command. This separation is intentional and is not bypassed by `fix`.
22
- 16. Repair diffs are restricted to boot-plumbing scope; application logic is never edited.
23
- 17. An unverified or failed remediation is reported as such and is never proposed on hope.
24
- 18. Explicit repair application requires a valid signed receipt and exact file preimages; stale or tampered receipts write nothing.
20
+ 14. A deterministic repair suggestion requires a signature-valid classified failed attestation.
21
+ 15. A valid signature proves the attestation was not altered after signing. It does not, by itself, prove WHO produced it. BootProof distinguishes self-signed, known-signer, and unknown-foreign signatures, and binds directory verification to the repository's current commit.
22
+ 16. Commands run only after the exact command, mutation scope, and risk are shown and the user types uppercase `Y`. JSON and CI modes never approve commands.
23
+ 17. Repair generation never patches the user's working tree; applying a diff requires the separate explicit `apply-repair` command.
24
+ 18. Repair diffs are restricted to boot-plumbing scope; application logic is never edited.
25
+ 19. Declined, failed, progressed, and verified repair attempts remain distinct signed receipt states.
26
+ 20. Explicit repair application requires a valid signed receipt and exact file preimages; stale or tampered receipts write nothing.
27
+ 21. A health response may only be recorded as a verified boot if it could have come from the process BootProof started. Pre-existing responders are refused (`health_preoccupied`); a response observed after the supervised process has exited is not a boot.
25
28
 
26
29
  These behaviors are enforced by tests.
27
30
 
@@ -71,16 +74,22 @@ A repository Compose receipt is equally narrow. `docker compose up -d` exit 0 pr
71
74
 
72
75
  ## Verified Repairs
73
76
 
74
- `bootproof fix` copies the repository to a temporary sandbox, applies one registered deterministic remediation, and reruns the full BootProof verification engine. It reuses an existing failed attestation only when its signature is valid and it names the exact current clean Git commit; otherwise the failure is reproduced in the sandbox first.
77
+ `bootproof fix` reads the latest signature-valid classified failure. The first interactive
78
+ command playbooks cover missing CMake and unavailable Redis; `RAILS_ENV` receives a safe
79
+ instruction only. Commands are structured argv, pass the safety validator, and require the
80
+ literal response `Y`. After an approved command, BootProof copies the repository to a temporary
81
+ sandbox and reruns the normal proof engine.
75
82
 
76
83
  The original working tree is never used as the repair target. BootProof writes only its evidence under `.bootproof/`:
77
84
 
78
85
  - the signed failed before attestation
79
86
  - a human-reviewable patch when files changed
80
- - the signed healthy after attestation
81
- - the signed repair receipt linking both hashes
87
+ - the signed after attestation when a command was rerun
88
+ - the signed repair receipt recording suggestion, approval, application, progress, and verification
82
89
 
83
- If the sandbox does not reach observed HTTP health, no repair receipt or patch is emitted. The failed attempt is appended to signed failure evidence.
90
+ Declined, failed, and unverified attempts still produce receipts because failed attestations and
91
+ repair attempts are valuable. `verified` remains false unless the rerun observes healthy HTTP.
92
+ `progressed` is true only for verified health or a changed failure class.
84
93
 
85
94
  `bootproof fix` never auto-applies a patch. `bootproof apply-repair` is a separate, explicit mutation command. It verifies the receipt signature, scope whitelist, signed content hashes, and current preimages before writing. A mismatch writes nothing.
86
95
 
@@ -94,9 +103,22 @@ Current local runs use:
94
103
  local_developer_signed
95
104
  ```
96
105
 
97
- Local attestations are useful evidence. CI/OIDC attestations are stronger supply-chain proof. BootProof does not pretend local laptop proof is enterprise CI proof.
106
+ The embedded public key proves integrity only. Local verification reports whether that key is
107
+ this machine's signer, an explicitly pinned signer in `~/.bootproof/known_signers.json`, or an
108
+ unknown foreign signer. Pinning uses `bootproof verify <proof> --trust-signer` and never happens
109
+ automatically on first use.
98
110
 
99
- `ci_oidc_signed` is reserved for future workload-identity-backed signing. BootProof does not emit it today.
111
+ `--require-known-signer` fails on unknown foreign signers. Directory verification compares the
112
+ attested commit with live Git `HEAD`, and `--strict` fails if they differ.
113
+
114
+ Local attestations are useful evidence. CI/OIDC attestations are stronger supply-chain proof.
115
+ BootProof does not pretend local laptop proof is enterprise CI proof.
116
+
117
+ `ci_oidc_signed` is emitted when `--ci-oidc` is passed to `bootproof up` inside a GitHub Actions
118
+ workflow with `permissions: id-token: write`. The composite Action exposes this as the `ci-oidc`
119
+ input (default: `false`). When enabled, BootProof fetches the runner's OIDC token and embeds the
120
+ claims (iss, sub, repository, run_id, workflow, etc.) in the attestation trust block. The
121
+ ed25519 signature still provides integrity; the OIDC evidence provides CI provenance.
100
122
 
101
123
  ## Network And Sharing
102
124
 
@@ -0,0 +1,232 @@
1
+ # The First 1,000 Receipts — Launch Playbook
2
+
3
+ > Distribution is the engine; the moat is its exhaust.
4
+
5
+ This is the concrete, week-by-week plan for getting BootProof from zero to the first 1,000 Living Receipts in the wild. Every phase has a single success metric. If the metric doesn't hit, the phase isn't done — don't move on, fix why.
6
+
7
+ ---
8
+
9
+ ## The thesis (read this first)
10
+
11
+ The Living Receipt is not the moat. It is the **distribution weapon** — a viral, self-proving object that floods the gates with users. The moat (workflow lock-in as the merge gate, plus a compounding boot-inference flywheel) is **earned at scale**, not owned on day one.
12
+
13
+ The slop crisis is real and cresting: curl shut down its bug bounty (January 2026), Jazzband shut down entirely, tldraw auto-closes all external PRs, Ghostty's Mitchell Hashimoto named the exact mechanism BootProof attacks ("running it was the filter"). The demand is assembled and screaming. The audience is not cold — they are posting in GitHub community discussion #185387, literally spec'ing the feature.
14
+
15
+ The only thing standing between BootProof and 1,000 receipts is the single thing every prior project skipped: **shipping and distributing**. This playbook exists to make that skip impossible.
16
+
17
+ ---
18
+
19
+ ## Phase 0 — Ship the alpha (TODAY, before anything else)
20
+
21
+ **Goal:** a stranger can `npx bootproof up <repo>` and get a Living Receipt.
22
+
23
+ **Checklist:**
24
+ - [x] Fix the npm package metadata (homepage/repository fields point to the wrong URL — `rossbuckley1990-hash/bootproof` instead of `bootproof/bootproof`). This is a 5-minute fix that has been leaking every visitor. **Fixed in commit on `main` — `repository`, `bugs.url`, and `homepage` now all point to `github.com/bootproof/bootproof`. The published npm package at `0.1.0` still has the old URL until 0.3.0 is published (next item).**
25
+ - [ ] Publish `0.3.0` to npm. The published version is `0.1.0`; the repo is three minor versions ahead. The publishing muscle exists — the release cadence is broken. **Requires `npm publish` with npm credentials — run locally, not from a CI/sandbox. The `release:check` script (`npm test && npm run build && npm run pack:check && npm publish --dry-run`) is the pre-flight.**
26
+ - [x] The Living Receipt HTML (`assets/living-receipt.html`) is on `main` and reachable via raw.githubusercontent.com.
27
+ - [x] The badge template (`assets/bootproof-badge-template.md`) is on `main`.
28
+ - [x] The README links to the Living Receipt with a clickable badge.
29
+
30
+ **Success metric:** `npx bootproof up https://github.com/any-public-repo` works on a fresh machine with Node 20+. No errors. Writes a receipt.
31
+
32
+ **If this doesn't work, nothing else in this playbook matters.** Do not proceed to Phase 1 until a stranger can run the command and get a receipt.
33
+
34
+ ---
35
+
36
+ ## Phase 1 — Maintainer #1 (Week 1)
37
+
38
+ **Goal:** one prominent open-source maintainer adopts BootProof as a PR gate.
39
+
40
+ **Why this first:** the slop-crisis maintainers are the exact audience, they're already gathered, and one public adoption is the equivalent of Slack's "8,000 signups in 24 hours" — but slower, over weeks, because maintainer-to-maintainer viral spread is real but skeptical.
41
+
42
+ **The target list (in priority order):**
43
+
44
+ 1. **The GitHub community discussion #185387 participants.** This is the single highest-signal list. People who posted in "Exploring Solutions to Tackle Low-Quality Contributions on GitHub" are literally asking for this. Read the thread, identify the most active commenters, DM them with the receipt attached.
45
+
46
+ 2. **The curl orbit.** Daniel Stenberg shut down curl's bug bounty in January 2026 because AI slop reports collapsed the valid-rate from 1-in-6 to 1-in-20. BootProof is the automated version of "did you actually run it?" — exactly the filter he lost. He is reachable on GitHub and Mastodon.
47
+
48
+ 3. **The Ghostty orbit.** Mitchell Hashimoto named the exact mechanism ("running it was the filter") that BootProof re-imposes. He is reachable on GitHub.
49
+
50
+ 4. **The tldraw orbit.** They auto-close all external PRs — the most extreme response to slop. A BootProof gate is the less drastic alternative they haven't tried yet.
51
+
52
+ 5. **The six stargazers.** `serious-angel`, `jon91`, `highway900`, `mkkzkk`, `DoddiC`, `tkersey`. They already raised their hands. They're the warmest leads you have.
53
+
54
+ **The DM template (3 lines, attach the Living Receipt HTML):**
55
+
56
+ ```
57
+ Hi [name] — I saw your [post/comment about AI slop in PRs]. I built
58
+ something that might help: a tool that actually boots a repo and signs
59
+ proof of what happened. I attached a Living Receipt — double-click it,
60
+ it verifies itself in your browser. If it's useful, I'd value your
61
+ honest reaction. If not, tell me why. — Ross
62
+ ```
63
+
64
+ **Rules:**
65
+ - Do NOT lead with the architecture, the trust ladder, or the moat thesis. Lead with the artifact.
66
+ - Do NOT pitch the hosted runner, the enterprise tier, or the roadmap. Pitch the free thing.
67
+ - Do NOT send a form letter. Reference something specific they said about slop.
68
+ - Attach the Living Receipt HTML. The artifact does the convincing — your words just get them to open it.
69
+
70
+ **Success metric:** one maintainer runs `npx bootproof up` on a repo they care about and replies with a reaction that isn't "cool, thanks." The reaction you're looking for is "wait, how does this work?" or "can I use this as a PR gate?" — those are buying signals.
71
+
72
+ **If you don't get a reply from any of the six stargazers in 72 hours:** the problem isn't the message, it's that the artifact doesn't land. Go back and watch someone open it in person. The "what the hell" moment has to be visible on their face. If it isn't, the receipt isn't good enough yet.
73
+
74
+ ---
75
+
76
+ ## Phase 2 — The public launch (Week 2)
77
+
78
+ **Goal:** 100 receipts in the wild, traced to a single public launch.
79
+
80
+ **The launch surfaces, in order:**
81
+
82
+ ### 2a. Hacker News (Tuesday or Wednesday, 7–9am Pacific)
83
+
84
+ **Title (use exactly this — it's been pressure-tested against the HN aesthetic):**
85
+
86
+ > Show HN: BootProof — the run button that can't lie (boots any repo, signs proof)
87
+
88
+ **First comment (yours, posted immediately):**
89
+
90
+ ```
91
+ I built this because AI-generated PRs that merge clean but don't actually
92
+ boot are drowning maintainers. curl shut down its bug bounty over this.
93
+ tldraw auto-closes all external PRs. The filter that used to exist —
94
+ "you had to actually run the code to contribute" — is gone.
95
+
96
+ BootProof re-imposes it. Point it at any repo, it infers how to run,
97
+ boots it, observes whether localhost actually responds, and signs a
98
+ receipt. The receipt is a single HTML file that re-verifies its own
99
+ signature in your browser. Tamper with one byte and the verdict collapses.
100
+
101
+ Two real captures in the repo: one that boots to HTTP 200, one that
102
+ builds clean and segfaults at runtime. Both are real, not mock.
103
+
104
+ Free, open source, Apache 2.0. I'm looking for maintainers who want
105
+ to try it as a PR gate. — Ross
106
+ ```
107
+
108
+ **Rules:**
109
+ - Do NOT post on Monday (low traffic) or Friday (weekend death).
110
+ - Do NOT post on the hour — post at :07 or :12 to avoid the submission queue.
111
+ - Do NOT use a link shortener. HN penalizes them.
112
+ - Respond to every comment within 15 minutes for the first 4 hours. The first hour determines whether it hits the front page.
113
+ - When someone says "why not just use CI?" — answer: "CI tells you the script exited 0. BootProof tells you localhost responded. Green CI, dead app is the entire slop archetype. Here's a receipt: [link]."
114
+
115
+ ### 2b. r/programming (same day, 2 hours after HN)
116
+
117
+ Cross-post the HN link. Title: "BootProof — a run button that actually verifies your repo boots (signed proof, not green CI)".
118
+
119
+ ### 2c. r/devops, r/node, r/rust, r/python (staggered over Week 2)
120
+
121
+ One post per subreddit, tailored to the language. For r/rust, lead with the segfault receipt. For r/node, lead with the HTTP 200 receipt. For r/devops, lead with the CI-gate angle.
122
+
123
+ ### 2d. The agent-integration communities
124
+
125
+ Post in the Cursor Discord, the Claude Code community, the Devin Slack. The pitch: "your agent emits a Living Receipt when it finishes — the human verifies it actually booted before merging." This is the "App Store moment" distribution surface.
126
+
127
+ **Success metric:** 100 Living Receipts downloaded from the repo (track via GitHub raw file download analytics), 50 npm installs, 10 badges appearing in public READMEs (search GitHub for `bootproof` in README files).
128
+
129
+ **If HN doesn't hit the front page:** the title or the first comment didn't land. The most common failure mode is leading with the technology instead of the pain. Rewrite the first comment to lead with curl/tldraw, not with ed25519.
130
+
131
+ ---
132
+
133
+ ## Phase 3 — The agent integrations (Week 3)
134
+
135
+ **Goal:** BootProof is the default "does-it-boot" check in at least one agent ecosystem.
136
+
137
+ **The targets:**
138
+
139
+ 1. **A Claude Code skill** — `bootproof-verify` — that an agent can invoke after writing code. The skill runs `bootproof up` on the changed workspace and attaches the Living Receipt to the PR. This is the highest-leverage integration because Claude Code users are the exact audience generating slop.
140
+
141
+ 2. **A Cursor rule** — `.cursorrules` snippet that tells Cursor to run BootProof before declaring a task complete. Distribute as a copy-paste snippet in the README.
142
+
143
+ 3. **A GitHub Action** — `bootproof/bootproof-action@v1` — that runs on every PR, boots the repo, and posts the Living Receipt as a comment. This is the merge-gate moat in its earliest form. Get it into the GitHub Actions marketplace. Be the top result for "boot" and "verify" and "run".
144
+
145
+ 4. **A Devin integration** — reach out to the Devin team. Their agents produce code; BootProof proves it runs. Co-marketing opportunity.
146
+
147
+ **The pitch to agent builders:**
148
+
149
+ ```
150
+ Your agent writes code and says "done." The human has to trust it.
151
+ BootProof makes the agent prove it — runs the repo, observes health,
152
+ signs a receipt. The human clicks the receipt, it verifies itself,
153
+ they see the actual boot. No more "the agent said it worked" — now
154
+ it's "the agent proved it boots."
155
+ ```
156
+
157
+ **Success metric:** one agent integration shipped and used by at least 10 developers. The Claude Code skill is the most reachable — it's a single file.
158
+
159
+ ---
160
+
161
+ ## Phase 4 — The "Green CI, Dead App" gallery (Week 4+)
162
+
163
+ **Goal:** a public, indexed gallery of real slop PRs that pass CI but don't boot, each with its Living Receipt.
164
+
165
+ **This is the content engine.** Every entry is simultaneously:
166
+ - Proof (a real receipt)
167
+ - Propaganda (the contrast with GitHub's green check)
168
+ - Distribution (every receipt links home)
169
+
170
+ **How to build it:**
171
+
172
+ 1. Find public PRs that pass CI but are reported as "doesn't work" in comments. Search GitHub for `"doesn't work"`, `"won't run"`, `"broken"` in PR comments on popular repos.
173
+ 2. Run `bootproof up` on the PR's branch.
174
+ 3. Generate a Living Receipt.
175
+ 4. Post it to `gallery/` in the repo, with a one-line description: "PR #1234 on repo X — green CI, dead app, BootProof says NOT BOOTED with classified failure Y."
176
+ 5. Each gallery entry has its own badge that links to its receipt.
177
+
178
+ **The viral loop:**
179
+
180
+ ```
181
+ gallery entry → HN/Reddit/Twitter → click → Living Receipt →
182
+ "Get your own receipt" → npx bootproof up → new receipt →
183
+ new badge in a new README → new gallery entry → repeat
184
+ ```
185
+
186
+ **Success metric:** 50 gallery entries, each one a real public slop PR with a real receipt. The gallery itself becomes a destination — "the slop museum."
187
+
188
+ ---
189
+
190
+ ## The loop that ties it all together
191
+
192
+ ```
193
+ Phase 1: maintainer #1 (credibility)
194
+
195
+ Phase 2: public launch (100 receipts in the wild)
196
+
197
+ Phase 3: agent integrations (default-status in one ecosystem)
198
+
199
+ Phase 4: gallery (compounding content engine)
200
+
201
+ Each receipt → badge in a README → click → new user → new receipt → repeat
202
+
203
+ Workflow lock-in (the merge gate) + boot-inference flywheel (each run makes the next inference better)
204
+
205
+ The moat. Earned, not built.
206
+ ```
207
+
208
+ ---
209
+
210
+ ## What NOT to do (the trap list)
211
+
212
+ 1. **Do not build the hosted runner before Phase 4.** The `neutral_runner_signed` trust level is the cash-cow path, but it's premature. The free local-signed receipt is the distribution weapon. Build the hosted runner when you have 1,000 receipts and someone offers to pay for it.
213
+
214
+ 2. **Do not build the failure-taxonomy dashboard before Phase 4.** The corpus becomes a moat only if each run feeds back into measurably better inference that users feel. Ship the inference improvement first; dashboard it later.
215
+
216
+ 3. **Do not write a blog post about the architecture.** Write a blog post about curl shutting down its bug bounty. The architecture is not the story — the pain is.
217
+
218
+ 4. **Do not rename anything.** "BootProof" is fine. "Living Receipt" is fine. The urge to rename is the cathedral instinct sneaking back in.
219
+
220
+ 5. **Do not wait for the engine to be perfect before launching.** The engine in `scripts/bootproof_up.mjs` is MVP — it handles Node, Rust, Go, Python. That's enough for the first 1,000 receipts. Ship it. Add more stacks based on what users actually ask for.
221
+
222
+ 6. **Do not skip the DM step.** The temptation is to go straight to HN and skip the maintainer-by-maintainer grind. That's the exact skip that has cost every prior launch. The DMs are where you learn whether the artifact lands. HN is where you scale what already works.
223
+
224
+ ---
225
+
226
+ ## The honest gate
227
+
228
+ None of this is real until **maintainer #1** runs it on a repo they care about and reacts. The Living Receipt in `assets/living-receipt.html` is the artifact. The DM template in Phase 1 is the message. The six stargazers are the warmest leads.
229
+
230
+ Open the receipt yourself first. Feel the "what the hell" moment. Then attach it to the first DM.
231
+
232
+ That's the move. Everything else in this playbook is downstream of it.
@@ -0,0 +1,105 @@
1
+ # Real-World Fixture Guide
2
+
3
+ BootProof uses small, synthetic fixtures to preserve lessons from real repository
4
+ testing without copying entire third-party repositories. A fixture captures only
5
+ the structural markers and minimal evidence needed to exercise an inference,
6
+ classification, safety decision, or verification path.
7
+
8
+ Predictions and examples are not proof. A fixture may show what BootProof should
9
+ infer or classify, but verified boot still requires observed health evidence from
10
+ the application or an explicitly external health endpoint.
11
+
12
+ ## Why Fixtures Stay Small
13
+
14
+ Whole external repositories are unsuitable test fixtures because they:
15
+
16
+ - add large, unstable dependency trees;
17
+ - can contain copyrighted implementation details or vendor configuration;
18
+ - may expose secrets, usernames, local paths, or private operational data;
19
+ - change independently of BootProof and make tests nondeterministic; and
20
+ - can tempt tests to execute untrusted setup or orchestration commands.
21
+
22
+ BootProof fixtures instead use placeholder package names, empty marker files,
23
+ minimal manifests, and short synthetic evidence strings. They should reproduce
24
+ the shape of a failure, not the source repository.
25
+
26
+ ## Coverage Map
27
+
28
+ The documentation seeds under
29
+ [`examples/registry-seeds/`](examples/registry-seeds/) summarize the current
30
+ real-world coverage:
31
+
32
+ | Seed | Representative repository class |
33
+ |---|---|
34
+ | `laravel-vite-sqlite` | Laravel backend with Vite assets and local SQLite setup |
35
+ | `rails-bundler` | Rails application with Ruby/Bundler runtime and native extension blockers |
36
+ | `php-composer` | Composer lockfile and vendor bootstrap failures |
37
+ | `go-ollama-service` | Go service with an evidenced command, port, and health contract |
38
+ | `airbyte-abctl-external-orchestrator` | Heavy external orchestration through abctl, kind, Helm, and Kubernetes |
39
+ | `sentry-devenv-direnv` | Large Python/Node hybrid with devenv and direnv setup |
40
+ | `monorepo-ambiguous-health` | Multiple plausible workspaces or health targets |
41
+ | `advertised-port-mismatch` | Process output advertises a different port from the inferred health candidate |
42
+
43
+ These JSON files use `bootproof/registry-seed-example/v1`. They are
44
+ documentation examples, not signed attestations, importable deterministic
45
+ playbooks, public corpus submissions, or production registry entries.
46
+
47
+ ## Seed Fields
48
+
49
+ Each seed records:
50
+
51
+ - structural markers that may be represented by a minimal fixture;
52
+ - expected classifications or inference labels;
53
+ - a conservative safe next step;
54
+ - whether repair is approval-required or refused;
55
+ - whether the application is externally orchestrated;
56
+ - whether the described path can eventually support verified boot or only a
57
+ failed/diagnostic receipt; and
58
+ - the observed evidence still required before any verified claim.
59
+
60
+ `repairDisposition: automatic` is reserved for non-mutating behavior. It must
61
+ never be used to authorize silent command execution, host mutation, database
62
+ mutation, or repository patches. Commands and patches remain approval-gated.
63
+
64
+ ## Adding A Fixture Safely
65
+
66
+ 1. Identify the smallest structural markers required for the behavior.
67
+ 2. Write synthetic manifests and evidence instead of copying vendor files.
68
+ 3. Remove real repository names when they are not necessary to the detector.
69
+ 4. Use placeholders for hosts, package names, paths, and versions.
70
+ 5. Never include `.env` contents, tokens, credentials, private keys, user data,
71
+ private hostnames, or username-bearing local paths.
72
+ 6. Add a focused test for the intended inference or classifier and at least one
73
+ nearby case that must not be overclassified.
74
+ 7. Keep commands inert in fixtures. Tests must not install tools, start external
75
+ orchestrators, run migrations, or execute repository setup scripts.
76
+ 8. Document whether the safe next step is approval-required or refused.
77
+ 9. Require a real health observation before a test or example can represent a
78
+ verified boot.
79
+
80
+ Public documentation may name a real repository family when that context is
81
+ useful, but it must not reproduce vendor config blobs, source files, private
82
+ incident data, or proprietary runbooks. Evidence strings should be the minimum
83
+ short patterns needed to explain classifier behavior.
84
+
85
+ ## Evidence And Honesty
86
+
87
+ Classifiers must remain evidence-based and conservative. A marker can justify an
88
+ inference, and an exact failure string can justify a failure class, but neither
89
+ proves that the application booted.
90
+
91
+ BootProof may record a failed or diagnostic receipt when setup is incomplete,
92
+ orchestrator ownership is external, a workspace is ambiguous, or a health
93
+ candidate is wrong. It may report verified boot only after observed health
94
+ evidence satisfies the health contract.
95
+
96
+ For external orchestration, BootProof must state that it verified an
97
+ already-running service and must not claim that it started the application.
98
+
99
+ ## Registry Boundary
100
+
101
+ Seed examples are local documentation only. Reading or testing them performs no
102
+ network calls, telemetry, upload, registry submission, Cloud API request, or
103
+ automatic file mutation. To produce a real redacted registry entry, use the
104
+ explicit local export workflow described in [REGISTRY.md](REGISTRY.md).
105
+
package/docs/REGISTRY.md CHANGED
@@ -1,49 +1,69 @@
1
- # Git-Native Registry Design
1
+ # Registry Export Formats
2
2
 
3
- BootProof does not operate a public registry service today.
3
+ BootProof supports local, redacted registry artifacts. It does not operate a public index from
4
+ this repository, upload evidence automatically, or call a registry service.
4
5
 
5
- The current primitive is portable signed evidence:
6
+ Create a local entry explicitly:
6
7
 
7
- ```text
8
- .bootproof/attestation.json
8
+ ```bash
9
+ bootproof registry export .
9
10
  ```
10
11
 
11
- Projects may deliberately commit that file or export a redacted entry:
12
+ This writes `.bootproof/registry-entry.json` using
13
+ `bootproof/registry-entry/v1`. `bootproof attest export .` remains a compatibility alias.
12
14
 
13
- ```bash
14
- bootproof attest export .
15
- ```
15
+ ## Public/Federated Registry
16
16
 
17
- This writes:
17
+ Public repositories may explicitly create a public-candidate wrapper:
18
18
 
19
- ```text
20
- .bootproof/registry-entry.json
19
+ ```bash
20
+ bootproof registry export . --federated
21
21
  ```
22
22
 
23
- Nothing is uploaded automatically.
23
+ This writes a redacted, signed `bootproof/federated-receipt/v1` artifact under
24
+ `.bootproof/registry/`. A repository owner may review and deliberately commit that receipt to
25
+ the repository's own Git history.
26
+
27
+ A future BootProof indexer could crawl public receipts, verify signatures, and build an open
28
+ commons of verified boot, failure, and repair knowledge. The crawler and public index do not
29
+ exist in this repository and are not implemented by this command.
24
30
 
25
- ## Intended Design
31
+ `bootproof attest check` distinguishes this machine's signer, explicitly pinned known signers,
32
+ and unknown foreign signers. Signature integrity alone does not establish authorship.
26
33
 
27
- The proposed registry model is federated:
34
+ ## Private Cloud Registry
28
35
 
29
- - write path: repositories deliberately publish signed proof through Git
30
- - read path: a future index discovers public attestations, verifies signatures, and links claims to source commits
31
- - failure corpus: classified failures improve detectors without converting failures into success claims
36
+ Organisations may later explicitly upload redacted attestations and repair receipts to
37
+ BootProof Cloud. Private repository data would remain governed, tenant-isolated, and paid.
32
38
 
33
- The index, badge service, freshness tracking, and signer trust graph are roadmap items. They are not deployed capabilities.
39
+ This repository only supports producing a `cloud_upload_candidate` local export. BootProof
40
+ Cloud, upload transport, billing, governance, and hosted registry storage are intentionally
41
+ not implemented here.
34
42
 
35
43
  ## Consent And Privacy
36
44
 
37
- 1. BootProof sends no telemetry or hidden evidence upload.
38
- 2. Sharing requires a visible local artifact and an explicit user action.
39
- 3. Full local attestations may contain raw failure evidence.
40
- 4. Registry export applies redaction and records which redactions were used.
41
- 5. A future index should trust only valid signatures and public evidence.
45
+ 1. Every registry entry has `optInRequired: true`; federated wrappers contain that entry.
46
+ 2. Export builders perform no network calls and do not upload telemetry or evidence.
47
+ 3. Files are written only after an explicit export command.
48
+ 4. Raw environment values, tokens, private keys, protected `.env` contents, and local username
49
+ paths are excluded or redacted.
50
+ 5. Repository owner and name identifiers are hashed; a public repository URL is included only
51
+ when it is a credential-free URL on a supported public Git host.
52
+ 6. Full local attestations may contain raw evidence and should not be treated as public exports.
53
+
54
+ The strict schemas are:
42
55
 
43
- Repository commands executed by BootProof may access the network independently. The no-upload promise applies to BootProof's own telemetry and evidence handling, not arbitrary install or application commands.
56
+ - [`schemas/registry-entry-v1.schema.json`](schemas/registry-entry-v1.schema.json)
57
+ - [`schemas/federated-receipt-v1.schema.json`](schemas/federated-receipt-v1.schema.json)
44
58
 
45
- ## Trust
59
+ ## Documentation Seeds
46
60
 
47
- Current attestations are `local_developer_signed`.
61
+ Small synthetic examples of the real-world classifier and inference coverage live
62
+ under [`examples/registry-seeds/`](examples/registry-seeds/). They use the
63
+ documentation-only
64
+ [`registry-seed-example-v1` schema](schemas/registry-seed-example-v1.schema.json)
65
+ and are explained in [REAL_WORLD_FIXTURES.md](REAL_WORLD_FIXTURES.md).
48
66
 
49
- CI/OIDC-backed proof will be stronger because a verifier can bind the signature to a repository workflow identity. BootProof does not claim that trust level yet.
67
+ These examples are not attestations, proof, upload requests, or production
68
+ registry entries. They contain no network behavior and are never submitted
69
+ automatically.