bootproof 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +840 -152
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +730 -46
  9. package/dist/diagnosis.js +101 -16
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +329 -51
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +238 -39
  17. package/dist/plan.js +2 -0
  18. package/dist/proof.d.ts +78 -2
  19. package/dist/proof.js +265 -12
  20. package/dist/receipt.d.ts +52 -0
  21. package/dist/receipt.js +356 -0
  22. package/dist/redact.d.ts +4 -0
  23. package/dist/redact.js +86 -2
  24. package/dist/registry.d.ts +82 -30
  25. package/dist/registry.js +355 -53
  26. package/dist/remote.js +3 -3
  27. package/dist/repair-playbooks.d.ts +24 -0
  28. package/dist/repair-playbooks.js +593 -0
  29. package/dist/repair-safety.d.ts +130 -0
  30. package/dist/repair-safety.js +766 -0
  31. package/dist/repair.d.ts +43 -11
  32. package/dist/repair.js +716 -7
  33. package/dist/run.d.ts +3 -0
  34. package/dist/run.js +218 -41
  35. package/dist/sbom.d.ts +22 -0
  36. package/dist/sbom.js +99 -0
  37. package/dist/taxonomy.d.ts +8 -3
  38. package/dist/taxonomy.js +404 -8
  39. package/dist/types.d.ts +40 -1
  40. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  41. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  42. package/docs/CI_ACTION.md +67 -2
  43. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  44. package/docs/FAILURE_TAXONOMY.md +28 -1
  45. package/docs/HONESTY_CONTRACT.md +34 -12
  46. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  47. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  48. package/docs/REGISTRY.md +48 -28
  49. package/docs/REPAIR_RECEIPT.md +54 -8
  50. package/docs/agent-loop-gap-analysis.md +188 -0
  51. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  52. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  53. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  54. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  55. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  56. package/docs/examples/registry-seeds/php-composer.json +33 -0
  57. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  58. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  59. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  60. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  61. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  62. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  63. package/docs/schemas/ci-context-v1.schema.json +63 -0
  64. package/docs/schemas/diff-result-v1.schema.json +66 -0
  65. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  66. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  67. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  68. package/docs/schemas/repair-action-v1.schema.json +136 -0
  69. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  70. package/package.json +10 -6
@@ -0,0 +1,148 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/agent-plan-v1.schema.json",
4
+ "title": "BootProof Agent Plan v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "mode",
10
+ "classifications",
11
+ "currentFailureClass",
12
+ "observedEvidence",
13
+ "suspectedStack",
14
+ "missingTools",
15
+ "candidateNextActions",
16
+ "verificationSteps",
17
+ "stopConditions",
18
+ "canBootProofOrchestrateDirectly",
19
+ "canBootProofVerifyExternally"
20
+ ],
21
+ "properties": {
22
+ "schema": { "const": "bootproof/agent-plan/v1" },
23
+ "mode": { "const": "agent-plan" },
24
+ "classifications": {
25
+ "type": "array",
26
+ "uniqueItems": true,
27
+ "items": {
28
+ "enum": [
29
+ "airbyte_abctl_managed",
30
+ "large_orchestration_repo",
31
+ "external_orchestrator_required",
32
+ "kind_kubernetes_backed",
33
+ "helm_deployed",
34
+ "auth_required"
35
+ ]
36
+ }
37
+ },
38
+ "currentFailureClass": { "type": "string" },
39
+ "observedEvidence": {
40
+ "type": "array",
41
+ "uniqueItems": true,
42
+ "items": { "type": "string" }
43
+ },
44
+ "suspectedStack": {
45
+ "type": "array",
46
+ "uniqueItems": true,
47
+ "items": { "type": "string" }
48
+ },
49
+ "missingTools": {
50
+ "type": "array",
51
+ "uniqueItems": true,
52
+ "items": { "type": "string" }
53
+ },
54
+ "candidateNextActions": {
55
+ "type": "array",
56
+ "items": { "$ref": "#/$defs/action" }
57
+ },
58
+ "verificationSteps": {
59
+ "type": "array",
60
+ "uniqueItems": true,
61
+ "items": { "type": "string" }
62
+ },
63
+ "stopConditions": {
64
+ "type": "array",
65
+ "uniqueItems": true,
66
+ "items": { "type": "string" }
67
+ },
68
+ "canBootProofOrchestrateDirectly": { "type": "boolean" },
69
+ "canBootProofVerifyExternally": { "type": "boolean" }
70
+ },
71
+ "$defs": {
72
+ "action": {
73
+ "type": "object",
74
+ "additionalProperties": false,
75
+ "required": [
76
+ "classification",
77
+ "actionType",
78
+ "command",
79
+ "reason",
80
+ "evidence",
81
+ "riskLevel",
82
+ "mutationScope",
83
+ "requiresApproval",
84
+ "approvalPrompt",
85
+ "blockedReason",
86
+ "verificationStep",
87
+ "stopCondition",
88
+ "secretSensitive"
89
+ ],
90
+ "properties": {
91
+ "classification": {
92
+ "enum": [
93
+ "host_tool_install_required",
94
+ "kubernetes_cluster_creation_required",
95
+ "heavy_orchestration_required",
96
+ "external_orchestrator_required",
97
+ "credential_required",
98
+ "auth_required",
99
+ "external_health_verification_required"
100
+ ]
101
+ },
102
+ "actionType": { "enum": ["command", "instruction"] },
103
+ "command": { "type": "string" },
104
+ "reason": { "type": "string", "minLength": 1 },
105
+ "evidence": {
106
+ "type": "array",
107
+ "uniqueItems": true,
108
+ "items": { "type": "string" }
109
+ },
110
+ "riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
111
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
112
+ "requiresApproval": { "type": "boolean" },
113
+ "approvalPrompt": { "type": "string", "minLength": 1 },
114
+ "blockedReason": { "type": "string" },
115
+ "verificationStep": { "type": "string", "minLength": 1 },
116
+ "stopCondition": { "type": "string", "minLength": 1 },
117
+ "secretSensitive": { "type": "boolean" }
118
+ },
119
+ "allOf": [
120
+ {
121
+ "if": { "properties": { "actionType": { "const": "command" } } },
122
+ "then": { "properties": { "command": { "type": "string", "minLength": 1 } } }
123
+ },
124
+ {
125
+ "if": { "properties": { "actionType": { "const": "instruction" } } },
126
+ "then": { "properties": { "command": { "const": "" } } }
127
+ },
128
+ {
129
+ "if": { "properties": { "riskLevel": { "enum": ["medium", "high"] } } },
130
+ "then": { "properties": { "requiresApproval": { "const": true } } }
131
+ },
132
+ {
133
+ "if": { "properties": { "riskLevel": { "const": "blocked" } } },
134
+ "then": {
135
+ "properties": {
136
+ "requiresApproval": { "const": false },
137
+ "blockedReason": { "type": "string", "minLength": 1 }
138
+ }
139
+ }
140
+ },
141
+ {
142
+ "if": { "properties": { "mutationScope": { "const": "credentials" } } },
143
+ "then": { "properties": { "secretSensitive": { "const": true } } }
144
+ }
145
+ ]
146
+ }
147
+ }
148
+ }
@@ -0,0 +1,192 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/agent-run-receipts-v1.schema.json",
4
+ "title": "BootProof Agent Run Receipts v1",
5
+ "oneOf": [
6
+ { "$ref": "#/$defs/initialReceipt" },
7
+ { "$ref": "#/$defs/planReceipt" },
8
+ { "$ref": "#/$defs/actionReceipt" },
9
+ { "$ref": "#/$defs/verificationReceipt" },
10
+ { "$ref": "#/$defs/finalSummary" }
11
+ ],
12
+ "$defs": {
13
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
14
+ "nullableHash": {
15
+ "oneOf": [
16
+ { "$ref": "#/$defs/hash" },
17
+ { "type": "null" }
18
+ ]
19
+ },
20
+ "runId": {
21
+ "type": "string",
22
+ "pattern": "^\\d{8}T\\d{9}Z-[0-9a-f]{12}$"
23
+ },
24
+ "redactions": {
25
+ "type": "array",
26
+ "uniqueItems": true,
27
+ "items": { "type": "string" }
28
+ },
29
+ "initialReceipt": {
30
+ "type": "object",
31
+ "additionalProperties": false,
32
+ "required": [
33
+ "schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
34
+ "receiptHash", "redactionsApplied", "sourceAttestationHash",
35
+ "sourceSignatureValid", "attestation", "diagnosis"
36
+ ],
37
+ "properties": {
38
+ "schema": { "const": "bootproof/agent-run-initial/v1" },
39
+ "receiptType": { "const": "initial-attestation" },
40
+ "runId": { "$ref": "#/$defs/runId" },
41
+ "timestamp": { "type": "string", "format": "date-time" },
42
+ "previousReceiptHash": { "type": "null" },
43
+ "receiptHash": { "$ref": "#/$defs/hash" },
44
+ "redactionsApplied": { "$ref": "#/$defs/redactions" },
45
+ "sourceAttestationHash": { "$ref": "#/$defs/nullableHash" },
46
+ "sourceSignatureValid": { "type": "boolean" },
47
+ "attestation": {
48
+ "oneOf": [
49
+ { "type": "object" },
50
+ { "type": "null" }
51
+ ]
52
+ },
53
+ "diagnosis": {
54
+ "type": "object",
55
+ "additionalProperties": false,
56
+ "required": [
57
+ "failureClass", "observedEvidence", "verificationMode",
58
+ "bootproofOrchestrated", "healthVerified"
59
+ ],
60
+ "properties": {
61
+ "failureClass": { "type": ["string", "null"] },
62
+ "observedEvidence": {
63
+ "type": "array",
64
+ "items": { "type": "string" }
65
+ },
66
+ "verificationMode": { "type": "string" },
67
+ "bootproofOrchestrated": { "type": "boolean" },
68
+ "healthVerified": { "type": "boolean" }
69
+ }
70
+ }
71
+ }
72
+ },
73
+ "planReceipt": {
74
+ "type": "object",
75
+ "additionalProperties": false,
76
+ "required": [
77
+ "schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
78
+ "receiptHash", "redactionsApplied", "plan"
79
+ ],
80
+ "properties": {
81
+ "schema": { "const": "bootproof/agent-run-plan/v1" },
82
+ "receiptType": { "const": "agent-plan" },
83
+ "runId": { "$ref": "#/$defs/runId" },
84
+ "timestamp": { "type": "string", "format": "date-time" },
85
+ "previousReceiptHash": { "$ref": "#/$defs/hash" },
86
+ "receiptHash": { "$ref": "#/$defs/hash" },
87
+ "redactionsApplied": { "$ref": "#/$defs/redactions" },
88
+ "plan": { "$ref": "agent-plan-v1.schema.json" }
89
+ }
90
+ },
91
+ "actionReceipt": {
92
+ "type": "object",
93
+ "additionalProperties": false,
94
+ "required": [
95
+ "schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
96
+ "receiptHash", "redactionsApplied", "actionIndex", "classification",
97
+ "actionType", "command", "riskLevel", "mutationScope",
98
+ "approvalStatus", "executionStatus", "verificationResult",
99
+ "failureClassBefore", "failureClassAfter", "blockedReason",
100
+ "secretSensitive"
101
+ ],
102
+ "properties": {
103
+ "schema": { "const": "bootproof/agent-action-receipt/v1" },
104
+ "receiptType": { "const": "action" },
105
+ "runId": { "$ref": "#/$defs/runId" },
106
+ "timestamp": { "type": "string", "format": "date-time" },
107
+ "previousReceiptHash": { "$ref": "#/$defs/hash" },
108
+ "receiptHash": { "$ref": "#/$defs/hash" },
109
+ "redactionsApplied": { "$ref": "#/$defs/redactions" },
110
+ "actionIndex": { "type": "integer", "minimum": 0 },
111
+ "classification": { "type": "string", "minLength": 1 },
112
+ "actionType": { "enum": ["command", "instruction"] },
113
+ "command": { "type": "string" },
114
+ "riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
115
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
116
+ "approvalStatus": { "enum": ["not_required", "pending", "approved", "declined", "blocked"] },
117
+ "executionStatus": { "enum": ["not_executed", "executed", "failed"] },
118
+ "verificationResult": { "type": ["string", "null"] },
119
+ "failureClassBefore": { "type": ["string", "null"] },
120
+ "failureClassAfter": { "type": ["string", "null"] },
121
+ "blockedReason": { "type": "string" },
122
+ "secretSensitive": { "type": "boolean" }
123
+ }
124
+ },
125
+ "verificationReceipt": {
126
+ "type": "object",
127
+ "additionalProperties": false,
128
+ "required": [
129
+ "schema", "receiptType", "runId", "timestamp", "previousReceiptHash",
130
+ "receiptHash", "redactionsApplied", "verificationMode",
131
+ "bootproofOrchestrated", "result", "classification", "requestedUrl",
132
+ "observedStatus", "observedFinalUrl", "observedAt",
133
+ "healthObservation", "connectionError", "failureClassBefore",
134
+ "failureClassAfter", "attestationHash"
135
+ ],
136
+ "properties": {
137
+ "schema": { "const": "bootproof/agent-verification-receipt/v1" },
138
+ "receiptType": { "const": "verification" },
139
+ "runId": { "$ref": "#/$defs/runId" },
140
+ "timestamp": { "type": "string", "format": "date-time" },
141
+ "previousReceiptHash": { "$ref": "#/$defs/hash" },
142
+ "receiptHash": { "$ref": "#/$defs/hash" },
143
+ "redactionsApplied": { "$ref": "#/$defs/redactions" },
144
+ "verificationMode": { "enum": ["bootproof-orchestrated", "external-health"] },
145
+ "bootproofOrchestrated": { "type": "boolean" },
146
+ "result": { "enum": ["verified", "not_verified"] },
147
+ "classification": { "type": ["string", "null"] },
148
+ "requestedUrl": { "type": ["string", "null"] },
149
+ "observedStatus": { "type": ["integer", "null"] },
150
+ "observedFinalUrl": { "type": ["string", "null"] },
151
+ "observedAt": { "type": ["string", "null"] },
152
+ "healthObservation": { "type": ["string", "null"] },
153
+ "connectionError": { "type": ["string", "null"] },
154
+ "failureClassBefore": { "type": ["string", "null"] },
155
+ "failureClassAfter": { "type": ["string", "null"] },
156
+ "attestationHash": { "$ref": "#/$defs/hash" }
157
+ }
158
+ },
159
+ "finalSummary": {
160
+ "type": "object",
161
+ "additionalProperties": false,
162
+ "required": [
163
+ "schema", "runId", "createdAt", "updatedAt", "status",
164
+ "lastReceiptHash", "receiptCount", "chainValid",
165
+ "initialFailureClass", "currentFailureClass",
166
+ "bootproofOrchestrated", "verifiedExternalHealth", "onlyPlanned",
167
+ "stoppedForApproval", "stoppedDueBlockedAction", "verified",
168
+ "explanation", "redactionsApplied"
169
+ ],
170
+ "properties": {
171
+ "schema": { "const": "bootproof/agent-run-summary/v1" },
172
+ "runId": { "$ref": "#/$defs/runId" },
173
+ "createdAt": { "type": "string", "format": "date-time" },
174
+ "updatedAt": { "type": "string", "format": "date-time" },
175
+ "status": { "enum": ["planned", "stopped_for_approval", "stopped_blocked", "awaiting_verification", "verified_external_health", "verified_bootproof_orchestrated", "verification_failed"] },
176
+ "lastReceiptHash": { "$ref": "#/$defs/hash" },
177
+ "receiptCount": { "type": "integer", "minimum": 2 },
178
+ "chainValid": { "type": "boolean" },
179
+ "initialFailureClass": { "type": ["string", "null"] },
180
+ "currentFailureClass": { "type": ["string", "null"] },
181
+ "bootproofOrchestrated": { "type": "boolean" },
182
+ "verifiedExternalHealth": { "type": "boolean" },
183
+ "onlyPlanned": { "type": "boolean" },
184
+ "stoppedForApproval": { "type": "boolean" },
185
+ "stoppedDueBlockedAction": { "type": "boolean" },
186
+ "verified": { "type": "boolean" },
187
+ "explanation": { "type": "string", "minLength": 1 },
188
+ "redactionsApplied": { "$ref": "#/$defs/redactions" }
189
+ }
190
+ }
191
+ }
192
+ }
@@ -0,0 +1,70 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/ai-repair-suggestion-v1.schema.json",
4
+ "title": "BootProof AI Repair Suggestion v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "confidence",
10
+ "failure_class",
11
+ "suggested_action_type",
12
+ "suggested_command",
13
+ "suggested_patch",
14
+ "explanation_for_user",
15
+ "risk_level",
16
+ "requires_human_approval",
17
+ "why_this_is_safe",
18
+ "what_to_check_after"
19
+ ],
20
+ "properties": {
21
+ "schema": { "const": "bootproof/ai-repair-suggestion/v1" },
22
+ "confidence": { "type": "number", "minimum": 0, "maximum": 1 },
23
+ "failure_class": { "type": "string", "minLength": 1 },
24
+ "suggested_action_type": { "enum": ["command", "patch", "instruction"] },
25
+ "suggested_command": {
26
+ "anyOf": [
27
+ { "$ref": "#/$defs/command" },
28
+ { "type": "null" }
29
+ ]
30
+ },
31
+ "suggested_patch": {
32
+ "anyOf": [
33
+ { "$ref": "#/$defs/patch" },
34
+ { "type": "null" }
35
+ ]
36
+ },
37
+ "explanation_for_user": { "type": "string", "minLength": 1 },
38
+ "risk_level": { "enum": ["none", "low", "medium", "high", "blocked"] },
39
+ "requires_human_approval": { "const": true },
40
+ "why_this_is_safe": { "type": "string", "minLength": 1 },
41
+ "what_to_check_after": { "type": "string", "minLength": 1 }
42
+ },
43
+ "$defs": {
44
+ "command": {
45
+ "type": "object",
46
+ "additionalProperties": false,
47
+ "required": ["executable", "args", "display"],
48
+ "properties": {
49
+ "executable": { "type": "string", "minLength": 1 },
50
+ "args": { "type": "array", "items": { "type": "string" } },
51
+ "display": { "type": "string", "minLength": 1 }
52
+ }
53
+ },
54
+ "patch": {
55
+ "type": "object",
56
+ "additionalProperties": false,
57
+ "required": ["format", "content", "files"],
58
+ "properties": {
59
+ "format": { "const": "unified-diff" },
60
+ "content": { "type": "string", "minLength": 1 },
61
+ "files": {
62
+ "type": "array",
63
+ "minItems": 1,
64
+ "uniqueItems": true,
65
+ "items": { "type": "string", "minLength": 1 }
66
+ }
67
+ }
68
+ }
69
+ }
70
+ }
@@ -0,0 +1,63 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/ci-context-v1.schema.json",
4
+ "title": "BootProof CI Context v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "repository",
10
+ "workflow",
11
+ "runId",
12
+ "runAttempt",
13
+ "sha",
14
+ "ref",
15
+ "actor",
16
+ "eventName",
17
+ "job",
18
+ "serverUrl",
19
+ "githubActions",
20
+ "oidcSigned"
21
+ ],
22
+ "properties": {
23
+ "schema": {
24
+ "const": "bootproof/ci-context/v1"
25
+ },
26
+ "repository": {
27
+ "type": "string"
28
+ },
29
+ "workflow": {
30
+ "type": "string"
31
+ },
32
+ "runId": {
33
+ "type": "string"
34
+ },
35
+ "runAttempt": {
36
+ "type": "string"
37
+ },
38
+ "sha": {
39
+ "type": "string"
40
+ },
41
+ "ref": {
42
+ "type": "string"
43
+ },
44
+ "actor": {
45
+ "type": "string"
46
+ },
47
+ "eventName": {
48
+ "type": "string"
49
+ },
50
+ "job": {
51
+ "type": "string"
52
+ },
53
+ "serverUrl": {
54
+ "type": "string"
55
+ },
56
+ "githubActions": {
57
+ "type": "boolean"
58
+ },
59
+ "oidcSigned": {
60
+ "const": false
61
+ }
62
+ }
63
+ }
@@ -0,0 +1,66 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/diff-result-v1.schema.json",
4
+ "title": "BootProof Infrastructure Diff Result v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "base",
10
+ "head",
11
+ "changedFiles",
12
+ "addedServices",
13
+ "removedServices",
14
+ "addedPorts",
15
+ "removedPorts",
16
+ "addedEnvVars",
17
+ "removedEnvVars",
18
+ "changedCommands",
19
+ "changedPackageManagers",
20
+ "riskLevel",
21
+ "proofRequired",
22
+ "suggestedReviewNotes",
23
+ "redactionsApplied"
24
+ ],
25
+ "properties": {
26
+ "schema": { "const": "bootproof/diff-result/v1" },
27
+ "base": { "type": "string", "minLength": 1 },
28
+ "head": { "type": "string", "minLength": 1 },
29
+ "changedFiles": { "$ref": "#/$defs/stringArray" },
30
+ "addedServices": { "$ref": "#/$defs/stringArray" },
31
+ "removedServices": { "$ref": "#/$defs/stringArray" },
32
+ "addedPorts": { "$ref": "#/$defs/stringArray" },
33
+ "removedPorts": { "$ref": "#/$defs/stringArray" },
34
+ "addedEnvVars": { "$ref": "#/$defs/stringArray" },
35
+ "removedEnvVars": { "$ref": "#/$defs/stringArray" },
36
+ "changedCommands": {
37
+ "type": "array",
38
+ "items": { "$ref": "#/$defs/change" }
39
+ },
40
+ "changedPackageManagers": {
41
+ "type": "array",
42
+ "items": { "$ref": "#/$defs/change" }
43
+ },
44
+ "riskLevel": { "enum": ["low", "medium", "high"] },
45
+ "proofRequired": { "type": "boolean" },
46
+ "suggestedReviewNotes": { "$ref": "#/$defs/stringArray" },
47
+ "redactionsApplied": { "$ref": "#/$defs/stringArray" }
48
+ },
49
+ "$defs": {
50
+ "stringArray": {
51
+ "type": "array",
52
+ "items": { "type": "string" },
53
+ "uniqueItems": true
54
+ },
55
+ "change": {
56
+ "type": "object",
57
+ "additionalProperties": false,
58
+ "required": ["source", "before", "after"],
59
+ "properties": {
60
+ "source": { "type": "string", "minLength": 1 },
61
+ "before": { "type": ["string", "null"] },
62
+ "after": { "type": ["string", "null"] }
63
+ }
64
+ }
65
+ }
66
+ }
@@ -0,0 +1,51 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/federated-receipt-v1.schema.json",
4
+ "title": "BootProof Federated Receipt v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "createdAt",
10
+ "registryEntry",
11
+ "attestationHash",
12
+ "publicRepoDeclaration",
13
+ "crawlerHint",
14
+ "redactionsApplied",
15
+ "noSecretsIncluded"
16
+ ],
17
+ "properties": {
18
+ "schema": { "const": "bootproof/federated-receipt/v1" },
19
+ "createdAt": { "type": "string", "format": "date-time" },
20
+ "registryEntry": { "$ref": "registry-entry-v1.schema.json" },
21
+ "attestationHash": { "$ref": "#/$defs/hash" },
22
+ "repairReceiptHash": { "$ref": "#/$defs/hash" },
23
+ "signature": { "$ref": "#/$defs/signature" },
24
+ "publicRepoDeclaration": { "const": true },
25
+ "crawlerHint": {
26
+ "type": "object",
27
+ "additionalProperties": false,
28
+ "required": ["commitHash", "branch"],
29
+ "properties": {
30
+ "repoUrl": { "type": "string", "format": "uri" },
31
+ "commitHash": { "type": ["string", "null"] },
32
+ "branch": { "type": ["string", "null"] }
33
+ }
34
+ },
35
+ "redactionsApplied": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
36
+ "noSecretsIncluded": { "const": true }
37
+ },
38
+ "$defs": {
39
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
40
+ "signature": {
41
+ "type": "object",
42
+ "additionalProperties": false,
43
+ "required": ["algorithm", "publicKey", "value"],
44
+ "properties": {
45
+ "algorithm": { "const": "ed25519" },
46
+ "publicKey": { "type": "string" },
47
+ "value": { "type": "string" }
48
+ }
49
+ }
50
+ }
51
+ }