bootproof 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/README.md +844 -152
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +730 -46
  9. package/dist/diagnosis.js +101 -16
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +329 -51
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +238 -39
  17. package/dist/plan.js +2 -0
  18. package/dist/proof.d.ts +78 -2
  19. package/dist/proof.js +265 -12
  20. package/dist/receipt.d.ts +52 -0
  21. package/dist/receipt.js +356 -0
  22. package/dist/redact.d.ts +4 -0
  23. package/dist/redact.js +86 -2
  24. package/dist/registry.d.ts +82 -30
  25. package/dist/registry.js +355 -53
  26. package/dist/remote.js +3 -3
  27. package/dist/repair-playbooks.d.ts +24 -0
  28. package/dist/repair-playbooks.js +593 -0
  29. package/dist/repair-safety.d.ts +130 -0
  30. package/dist/repair-safety.js +766 -0
  31. package/dist/repair.d.ts +43 -11
  32. package/dist/repair.js +716 -7
  33. package/dist/run.d.ts +3 -0
  34. package/dist/run.js +218 -41
  35. package/dist/sbom.d.ts +22 -0
  36. package/dist/sbom.js +99 -0
  37. package/dist/taxonomy.d.ts +8 -3
  38. package/dist/taxonomy.js +404 -8
  39. package/dist/types.d.ts +40 -1
  40. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  41. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  42. package/docs/CI_ACTION.md +67 -2
  43. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  44. package/docs/DISTRIBUTION.md +83 -0
  45. package/docs/FAILURE_TAXONOMY.md +28 -1
  46. package/docs/HONESTY_CONTRACT.md +34 -12
  47. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  48. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  49. package/docs/REGISTRY.md +48 -28
  50. package/docs/REPAIR_RECEIPT.md +54 -8
  51. package/docs/agent-loop-gap-analysis.md +188 -0
  52. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  53. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  54. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  55. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  56. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  57. package/docs/examples/registry-seeds/php-composer.json +33 -0
  58. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  59. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  60. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  61. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  62. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  63. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  64. package/docs/schemas/ci-context-v1.schema.json +63 -0
  65. package/docs/schemas/diff-result-v1.schema.json +66 -0
  66. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  67. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  68. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  69. package/docs/schemas/repair-action-v1.schema.json +136 -0
  70. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  71. package/package.json +21 -11
package/README.md CHANGED
@@ -1,116 +1,382 @@
1
1
  # BootProof
2
2
 
3
3
  [![CI](https://github.com/bootproof/bootproof/actions/workflows/ci.yml/badge.svg)](https://github.com/bootproof/bootproof/actions/workflows/ci.yml)
4
+ [![Receipt Gate](https://github.com/bootproof/bootproof/actions/workflows/receipt-gate.yml/badge.svg)](https://github.com/bootproof/bootproof/actions/workflows/receipt-gate.yml)
4
5
 
5
- > **The honest Run Button for repos with proof, not vibes.**
6
+ BootProof answers one question: **did this repository actually boot?** Not "did a command run?" Not "did Docker say containers are up?" Not "did an AI agent say it worked?" BootProof inspects a repo, builds an evidence-based run plan, executes only what it can justify, observes real health, and writes a signed attestation for success or failure. No proof, no green check.
6
7
 
7
- **Human diagnosis. Machine proof. One engine.**
8
+ <p align="center">
9
+ <img src="assets/bootproof-supabase-demo.gif" alt="BootProof verifying a Supabase-style stack: infers the boot path, starts services, observes HTTP health, writes a signed attestation" width="900">
10
+ </p>
8
11
 
9
- ```text
10
- bootproof up https://github.com/dubinc/dub
12
+ ---
11
13
 
12
- Remote source: https://github.com/dubinc/dub.git
13
- Clone retained at: .bootproof/remotes/github.com/dubinc/dub-*/repo
14
+ ## The Living Receipt: proof that travels
14
15
 
15
- Inference (evidence-based)
16
- application: yes
17
- package manager: pnpm.15.9
18
- selected command: pnpm dev
16
+ The Living Receipt is the same evidence as the JSON attestation, rendered as a single self-contained HTML file that re-verifies its own ed25519 signature in your browser with zero network calls. Download it, open it locally, then click **Tamper with signature** to watch the verdict collapse:
19
17
 
20
- ✗ NOT VERIFIED — remote_code_execution_blocked
21
- Why BootProof refused: remote repositories are untrusted code and require explicit consent.
18
+ ```bash
19
+ curl -sL https://github.com/bootproof/bootproof/raw/main/assets/living-receipt.html -o proof.bootproof.html
20
+ open proof.bootproof.html # macOS; xdg-open on Linux; double-click on Windows
21
+ ```
22
22
 
23
- bootproof up . --provider local --unsafe-local --install
23
+ The receipt is signed at the `local_developer_signed` trust level — it proves integrity-since-signing, not that the signer's machine was honest. The trust ladder (`local_developer_signed` → `ci_oidc_signed` → `neutral_runner_signed` → `transparency_logged`) is documented in the artifact itself. Generate your own with `npx bootproof up <repo> --receipt`.
24
24
 
25
- install: dependencies installed
26
- start-app: app process started and was supervised
27
- health: observed HTTP 200 at http://localhost:3333
25
+ <p align="center">
26
+ <a href="https://github.com/bootproof/bootproof/raw/main/assets/living-receipt.html"><img src="https://img.shields.io/badge/download%20the%20Living%20Receipt-%E2%9C%93%20real%20capture%20%C2%B7%20self--verifying-0E9D5B?style=flat-square&labelColor=16181D" alt="Download the Living Receipt"></a>
27
+ <sub>(right-click Save Link As… save as <code>.html</code> → double-click to open)</sub>
28
+ </p>
28
29
 
29
- ✓ BOOTED — HTTP 200 at http://localhost:3333
30
- Evidence: .bootproof/attestation.json
30
+ ---
31
+
32
+ ## Quick start: up and verify
33
+
34
+ ```bash
35
+ cd /path/to/repository
36
+ npx bootproof up .
31
37
  ```
32
38
 
33
- BootProof inspects a local repository, builds an evidence-based run plan, executes only what it can justify, observes HTTP health, and writes a signed attestation for success or failure.
39
+ BootProof inspects the repo and either proves it booted or explains why it refused. For explicit local execution with dependency installation:
40
+
41
+ ```bash
42
+ npx bootproof up . --provider local --unsafe-local --install
43
+ ```
34
44
 
35
- It does not turn every repository green. That would defeat the point.
45
+ Verify a signed attestation:
36
46
 
37
- ```text
38
- No proof, no green check.
47
+ ```bash
48
+ npx bootproof verify .bootproof/attestation.json
49
+ npx bootproof verify . --require-known-signer # CI gating: reject unknown signers
39
50
  ```
40
51
 
41
- ## One engine. Two interfaces.
52
+ ---
53
+
54
+ ## Receipt Gate: CI and AI agents
42
55
 
43
- Humans run:
56
+ Receipt Gate is a GitHub Action that blocks PR merges unless BootProof observes a real boot. No proof, no merge.
57
+
58
+ ```yaml
59
+ - uses: bootproof/receipt-gate@v1
60
+ with:
61
+ path: .
62
+ require-health: 'true' # default: observed HTTP health required
63
+ ```
64
+
65
+ Gate your AI agent directly — in `.claude/settings.json`, make the agent hand you a receipt every time it claims done:
66
+
67
+ ```json
68
+ {
69
+ "hooks": {
70
+ "Stop": [{
71
+ "hooks": [{
72
+ "type": "command",
73
+ "command": "npx -y bootproof@0.4.0 up . --provider local --unsafe-local --json --timeout 60000 > .bootproof-last.json; node -e \"const r=require('./.bootproof-last.json'); console.log(r.booted && r.healthVerified ? '✅ RECEIPT: work boots and answers' : '❌ NO RECEIPT: ' + (r.failureClass||'boot not observed'));\""
74
+ }]
75
+ }]
76
+ }
77
+ }
78
+ ```
79
+
80
+ See [`bootproof/receipt-gate`](https://github.com/bootproof/receipt-gate) for the full Action and the agent-hook snippet.
81
+
82
+ ---
83
+
84
+ ## Full command surface
85
+
86
+ ### Boot a selected workspace
44
87
 
45
88
  ```bash
46
- bootproof up .
89
+ npx bootproof up . --workspace apps/studio
90
+ ```
91
+
92
+ ### Run in CI/machine mode
93
+
94
+ ```bash
95
+ npx bootproof up . --ci --json
96
+ ```
97
+
98
+ ### Verify an existing service
99
+
100
+ ```bash
101
+ npx bootproof verify-url http://localhost:8001/api/v1/health
102
+ ```
103
+
104
+ ### Attach external health to the current repo
105
+
106
+ ```bash
107
+ npx bootproof up . --external-health http://localhost:8001/api/v1/health
47
108
  ```
48
109
 
49
- They get a diagnosis and a runbook.
110
+ ### Explain an attestation
111
+
112
+ ```bash
113
+ npx bootproof explain .bootproof/attestation.json
114
+ ```
50
115
 
51
- Machines run:
116
+ ### Static infrastructure diff
52
117
 
53
118
  ```bash
54
- bootproof up . --ci --json
119
+ npx bootproof diff --base main --head HEAD
120
+ npx bootproof diff --base main --head HEAD --json
55
121
  ```
56
122
 
57
- They get a signed verdict and a deterministic exit code.
123
+ ### Export a CycloneDX SBOM
58
124
 
59
- The same engine powers both.
125
+ ```bash
126
+ npx bootproof export-sbom .
127
+ npx bootproof export-sbom . --json
128
+ ```
60
129
 
61
- ## Verified Repairs
130
+ Reads `package-lock.json` and writes `.bootproof/sbom.cdx.json` in CycloneDX 1.5 JSON format. Each top-level dependency in the lockfile becomes a `library` component with a `pkg:npm/{name}@{version}` purl. The application itself is recorded as the `metadata.component`. No transitive resolution is performed beyond what the lockfile already records, and no code is executed to produce the SBOM. Repositories without a `package-lock.json` are refused. The only supported `--format` value is `cyclonedx-json`.
62
131
 
63
- For the small deterministic repair registry:
132
+ ### Deterministic repair
64
133
 
65
134
  ```bash
66
- bootproof fix .
135
+ npx bootproof fix .
67
136
  ```
68
137
 
69
- BootProof reuses a signature-valid failure only at the exact clean Git commit; otherwise it reproduces the failure in a temporary copy. It applies one known remediation there and reruns full verification. It emits a signed `bootproof/repair-receipt/v1` only when the before run failed and the after run observed successful HTTP health.
138
+ ### Optional BYOK AI repair suggestion
70
139
 
71
- The original working tree is not edited. File changes are written as a reviewable patch under `.bootproof/`; the human decides whether to apply it.
140
+ ```bash
141
+ OPENAI_API_KEY=... npx bootproof fix . --ai
142
+ ```
72
143
 
73
- Machine mode is:
144
+ or:
74
145
 
75
146
  ```bash
76
- bootproof fix . --json
147
+ ANTHROPIC_API_KEY=... BOOTPROOF_AI_PROVIDER=anthropic npx bootproof fix . --ai
77
148
  ```
78
149
 
79
- It emits one `bootproof/repair-result/v1` object and exits `0` only when a verified receipt exists.
150
+ `bootproof up` remains zero-AI.
80
151
 
81
- Public GitHub, GitLab, Bitbucket, and Codeberg repositories use the same retained managed workspace and execution gate as `up`:
152
+ ### Key rotation
82
153
 
83
154
  ```bash
84
- bootproof fix https://github.com/user/repo --provider local --unsafe-local
155
+ bootproof rotate-keys # generate new key, back up old
156
+ bootproof rotate-keys --repo . --resign # also re-sign the latest attestation
85
157
  ```
86
158
 
87
- `fix` never applies its patch. To explicitly apply a signature-valid file repair to a local working tree:
159
+ ---
160
+
161
+ ## Demos
162
+
163
+ ### Supabase-style stack, verified locally
164
+
165
+ BootProof treats a Supabase-style stack as something that must be proved, not assumed. It infers the stack, identifies the boot path, starts the services, verifies localhost health, and writes a signed attestation.
166
+
167
+ <p align="center">
168
+ <img src="assets/bootproof-supabase-demo.gif" alt="BootProof demo verifying a Supabase-style stack" width="900">
169
+ </p>
170
+
171
+ ### GitLab-style repo, AI repair gated by proof
172
+
173
+ AI coding agents can suggest commands, but they should not be trusted to declare success. This demo shows the BootProof agent loop: AI suggests a repair, BootProof requires approval, runs one bounded step, reruns verification, and writes a receipt showing what changed.
174
+
175
+ <p align="center">
176
+ <img src="assets/bootproof-gitlab-agent-demo.gif" alt="BootProof demo showing AI repair suggestions gated by proof" width="900">
177
+ </p>
178
+
179
+ ### Living Receipt reproduction
180
+
181
+ The two receipts in the Living Receipt download are real captures from a real `bootproof up` run — one that boots to HTTP 200, and one that segfaults at runtime. Reproduce them:
88
182
 
89
183
  ```bash
90
- bootproof apply-repair .
184
+ # Using the TypeScript CLI — emits the receipt natively
185
+ npx bootproof up <any-repo> --provider local --unsafe-local --install --receipt
186
+
187
+ # Or use the standalone MVP engine (for development/testing)
188
+ node scripts/bootproof_up.mjs fixtures/real-booting-app --label "real-booting-app"
189
+
190
+ # Regenerate the Living Receipt HTML from MVP captures
191
+ node scripts/build_living_receipt.mjs \
192
+ scripts/records/real-booting-app.json \
193
+ scripts/records/real-slop-app.json \
194
+ --out assets/living-receipt.html
195
+
196
+ # Run the smoke test (verifies both native and fallback paths)
197
+ node scripts/verify_living_receipt.mjs
91
198
  ```
92
199
 
93
- Application checks the receipt signature, allowed file scope, signed content hashes, and exact current preimages before writing. Environment-only and plan-only receipts have no file change to apply.
200
+ The Living Receipt carries PLG hooks: a first-time visitor banner, a "Copy markdown badge" button, a "Download this file" button, and a page-level CTA. See [`assets/bootproof-badge-template.md`](assets/bootproof-badge-template.md) for badge snippets and [`docs/LAUNCH_PLAYBOOK.md`](docs/LAUNCH_PLAYBOOK.md) for the distribution sequence.
94
201
 
95
- See [docs/REPAIR_RECEIPT.md](docs/REPAIR_RECEIPT.md).
202
+ ---
203
+
204
+ ## Why BootProof exists
205
+
206
+ Every developer knows this loop:
207
+
208
+ ```bash
209
+ git clone some/repo
210
+ npm install
211
+ npm run dev
212
+ ```
213
+
214
+ Then reality appears.
215
+
216
+ Wrong Node version. Wrong pnpm version. Missing Java. Missing Clojure. Docker is running but the service is not healthy. Postgres exists but the role does not. Redis is missing. A migration fails. The app starts but nothing responds. A container is “up” but the product is unusable. An AI agent confidently says “done” because a process started.
217
+
218
+ That is not proof.
219
+
220
+ BootProof exists because repo onboarding should not depend on hope, terminal archaeology, or fake green checks.
221
+
222
+ ---
223
+
224
+ ## The problem
225
+
226
+ Modern repositories are no longer simple.
227
+
228
+ A repo might contain:
229
+
230
+ - multiple workspaces
231
+ - Docker Compose services
232
+ - frontend and backend apps
233
+ - hidden runtime requirements
234
+ - package-manager version constraints
235
+ - generated assets
236
+ - database migrations
237
+ - health endpoints
238
+ - undocumented local assumptions
239
+
240
+ A README can be useful, but it is not proof.
241
+
242
+ A terminal command can be useful, but it is not proof.
243
+
244
+ A model response can be useful, but it is not proof.
245
+
246
+ BootProof turns repo booting into an evidence trail.
247
+
248
+ ---
96
249
 
97
- ## What It Tells Humans
250
+ ## The core idea
98
251
 
99
- A failed run is still useful:
252
+ BootProof separates **activity** from **evidence**.
253
+
254
+ | Weak signal | What BootProof wants instead |
255
+ |---|---|
256
+ | command exited | observed health |
257
+ | process started | reachable endpoint |
258
+ | container running | service actually responds |
259
+ | README says it works | repo evidence + runtime proof |
260
+ | AI says it is done | signed attestation |
261
+ | one workspace responded | selected app/workspace proof |
262
+
263
+ A failed run is still useful if it tells the truth.
264
+
265
+ ```text
266
+ ✗ NOT VERIFIED — package_manager_version_mismatch
267
+
268
+ What happened:
269
+ The repository requires pnpm 10.24.0, but this environment has pnpm 9.15.4.
270
+
271
+ Why BootProof refused:
272
+ The dependency install cannot be trusted with the wrong package manager version.
273
+
274
+ Safe next step:
275
+ Run corepack enable && corepack prepare pnpm@10.24.0 --activate, then rerun BootProof.
276
+
277
+ Evidence:
278
+ .bootproof/attestation.json
279
+ ```
280
+
281
+ Predictable failure is a feature.
282
+
283
+ ---
284
+
285
+ ## Try it on a public Git repo
286
+
287
+ BootProof can inspect public HTTPS repositories from GitHub, GitLab, Bitbucket, and Codeberg.
288
+
289
+ ```bash
290
+ npx bootproof up https://github.com/dubinc/dub
291
+ ```
292
+
293
+ Remote repositories are untrusted code, so BootProof inspects first and refuses execution until you explicitly opt in.
294
+
295
+ ```text
296
+ Remote source: https://github.com/dubinc/dub.git
297
+ Clone retained at: .bootproof/remotes/github.com/dubinc/dub-*/repo
298
+
299
+ Inference
300
+ application: yes
301
+ package manager: pnpm
302
+ selected command: pnpm dev
303
+
304
+ ✗ NOT VERIFIED — remote_code_execution_blocked
305
+
306
+ Why BootProof refused:
307
+ Remote repositories are untrusted code and require explicit consent.
308
+ ```
309
+
310
+ To run remote code locally, you must say so explicitly:
311
+
312
+ ```bash
313
+ npx bootproof up https://github.com/dubinc/dub --provider local --unsafe-local --install
314
+ ```
315
+
316
+ BootProof never silently executes remote code.
317
+
318
+ ---
319
+
320
+ ## What a successful run looks like
321
+
322
+ ```text
323
+ ✓ install: dependencies installed
324
+ ✓ start-app: app process started and was supervised
325
+ ✓ health: observed HTTP 200 at http://localhost:3333
326
+
327
+ ✓ BOOTED — HTTP 200 at http://localhost:3333
328
+
329
+ Evidence:
330
+ .bootproof/attestation.json
331
+ ```
332
+
333
+ A repository is only marked `BOOTED` when BootProof observes health evidence.
334
+
335
+ A process start is not enough.
336
+ A successful install is not enough.
337
+ A Docker container is not enough.
338
+ A command exiting is not enough.
339
+
340
+ ---
341
+
342
+ ## What BootProof gives humans
343
+
344
+ Humans get a readable diagnosis:
100
345
 
101
346
  ```text
102
- NOT VERIFIED — package_manager_version_mismatch
103
- What happened: The repository requires pnpm 10.24.0, but this environment has pnpm 9.15.4.
104
- Why BootProof refused: The dependency install cannot be trusted with the wrong package manager version.
105
- Safe next step: Run corepack enable && corepack prepare pnpm@10.24.0 --activate, then rerun BootProof.
106
- Evidence: .bootproof/attestation.json
347
+ NOT VERIFIED — workspace_ambiguous
348
+
349
+ BootProof detected a root command that starts multiple workspaces in parallel.
350
+ Choose a specific application with --workspace <dir>; one responding workspace
351
+ is not proof that the whole repository booted.
352
+ ```
353
+
354
+ Example:
355
+
356
+ ```bash
357
+ npx bootproof up . --workspace apps/studio
107
358
  ```
108
359
 
109
- BootProof distinguishes diagnosis from proof. It can execute a narrow explicit Go main package, Rails `bin/rails` entrypoint, or Make run target, but detection alone never implies general support for every Go, Ruby, Make, Python, or monorepo architecture.
360
+ BootProof is designed to make failures legible.
361
+
362
+ It should tell you whether the problem is:
363
+
364
+ - package-manager mismatch
365
+ - skipped install
366
+ - missing runtime
367
+ - ambiguous workspace
368
+ - unsupported orchestration
369
+ - allocated port
370
+ - failed service
371
+ - failed app start
372
+ - unhealthy endpoint
373
+ - health timeout
374
+
375
+ ---
110
376
 
111
- ## What It Gives Machines
377
+ ## What BootProof gives machines
112
378
 
113
- `--json` emits exactly one `bootproof/result/v1` object to stdout:
379
+ `--json` emits exactly one `bootproof/result/v1` object:
114
380
 
115
381
  ```json
116
382
  {
@@ -125,129 +391,438 @@ BootProof distinguishes diagnosis from proof. It can execute a narrow explicit G
125
391
  }
126
392
  ```
127
393
 
128
- `--ci` disables colour and interactive output. Exit codes are deterministic:
394
+ `--ci` disables colour and interactive prompts.
395
+
396
+ Exit codes are deterministic:
397
+
398
+ | Exit code | Meaning |
399
+ |---:|---|
400
+ | `0` | `booted === true` and `healthVerified === true` |
401
+ | `1` | refusal, ambiguity, install failure, app failure, service failure, or health failure |
402
+
403
+ That makes BootProof useful for CI, agent workflows, and repo-quality gates.
404
+
405
+ ---
406
+
407
+ ## Real repo evidence
408
+
409
+ BootProof has been tested against real repositories, including small apps, monorepos, large platforms, and multi-service stacks.
410
+
411
+ The point is not to turn every repo green. The point is to produce the correct verdict.
412
+
413
+ | Repository | Result | What it proved |
414
+ |---|---|---|
415
+ | `dubinc/dub` | `NOT VERIFIED — remote_code_execution_blocked` | BootProof inspected the repo but refused to execute remote code without explicit consent. |
416
+ | `makeplane/plane` | useful monorepo path | BootProof handled a more complex workspace-style repo and produced actionable evidence. |
417
+ | `airbytehq/airbyte` | refused direct orchestration, then externally verified | Airbyte required `abctl`, Kind, Helm and a documented local path. BootProof refused to pretend a normal command was enough, then verified the external health endpoint. |
418
+ | `gitlabhq/gitlabhq` | manual boot loop exposed hidden environment assumptions | GitLab showed why large repos need evidence trails rather than README optimism. |
419
+ | `metabase/metabase` | backend health reached, frontend missing | Metabase showed the difference between “backend is alive” and “full UI booted”. |
420
+ | `supabase/supabase` | `workspace_ambiguous`; manual Compose platform boot | BootProof correctly refused a fake monorepo-wide green check. The official Docker Compose path booted core services, proving the need for explicit full-platform compose mode. |
421
+
422
+ Failure is not hidden or relabelled as support.
423
+
424
+ Evidence stays evidence.
425
+
426
+ See [docs/REAL_REPO_EVIDENCE.md](docs/REAL_REPO_EVIDENCE.md).
129
427
 
130
- - `0`: `booted === true` and `healthVerified === true`
131
- - `1`: every refusal, ambiguity, install failure, service failure, app failure, or health failure
428
+ ---
132
429
 
133
- ## Quick Start
430
+ ## Supabase example: why honest failure matters
134
431
 
135
- Run against a local repository:
432
+ A fresh BootProof run against `supabase/supabase` detected:
433
+
434
+ ```text
435
+ stack: make-driven, node-frontend, docker-compose
436
+ repo compose: docker/docker-compose.yml
437
+ workspaces: apps/studio, apps/www, apps/docs, packages/*
438
+ selected command: make dev
439
+ ```
440
+
441
+ BootProof refused:
442
+
443
+ ```text
444
+ ✗ NOT VERIFIED — workspace_ambiguous
445
+
446
+ The root command starts multiple workspaces in parallel.
447
+ One responding workspace would not prove that the whole repository booted.
448
+ ```
449
+
450
+ That refusal is correct.
451
+
452
+ Manual follow-up through Supabase’s official Docker route proved the platform path:
136
453
 
137
454
  ```bash
138
- cd /path/to/repository
139
- npx bootproof up .
455
+ cd docker
456
+ cp .env.example .env
457
+ docker compose up -d
458
+ ```
459
+
460
+ Core services such as Kong, Studio, DB, Auth, REST and Pooler reported healthy/running, and `localhost:8000` returned Kong/API responses.
461
+
462
+ The lesson:
463
+
464
+ > BootProof should not fake a monorepo-wide success just because one endpoint responds.
465
+
466
+ ---
467
+
468
+ ## Airbyte example: external verification
469
+
470
+ Airbyte correctly exceeded BootProof’s direct orchestration boundary.
471
+
472
+ BootProof refused instead of pretending a normal Gradle, Make, or Compose command was enough. The documented local path required `abctl`, Kind and Helm. A human followed that runbook and booted the application.
473
+
474
+ BootProof could then verify the external health endpoint without claiming it started Airbyte.
475
+
476
+ ```bash
477
+ bootproof verify-url http://localhost:8001/api/v1/health
140
478
  ```
141
479
 
142
- Host execution can be selected explicitly:
480
+ External verification means:
481
+
482
+ ```text
483
+ This endpoint responded.
484
+ BootProof did not orchestrate the startup.
485
+ ```
486
+
487
+ That distinction matters.
488
+
489
+ ---
490
+
491
+ ## Verifying attestations: signer tiers
492
+
493
+ Signature verification reports one of three local signer tiers:
494
+
495
+ - `this machine`: the artifact was signed by `~/.bootproof/signer.json`;
496
+ - `known`: the signer was explicitly pinned in `~/.bootproof/known_signers.json`;
497
+ - `UNKNOWN`: the signature is intact, but it proves integrity only and the signer is not trusted.
498
+
499
+ Unknown foreign signers are never pinned automatically. To deliberately trust an intact
500
+ foreign signer, review the printed SHA-256 SPKI fingerprint and run:
143
501
 
144
502
  ```bash
145
- npx bootproof up . --provider local --unsafe-local
503
+ npx bootproof verify proof.json --trust-signer
504
+ ```
505
+
506
+ Use `--require-known-signer` for CI gating. When verification targets a repository directory,
507
+ BootProof also compares the attested commit with the repository's current `HEAD`; `--strict`
508
+ fails on either an unknown signer or a commit mismatch. A valid signature proves the artifact
509
+ was not altered after signing. It does not, by itself, prove who produced it.
510
+
511
+ ---
512
+
513
+ ## The agent-in-the-loop model
514
+
515
+ BootProof is built for a world where humans and AI agents both touch repositories.
516
+
517
+ The intended loop is:
518
+
519
+ ```text
520
+ Diagnose
521
+ → Classify
522
+ → Plan
523
+ → Risk-classify
524
+ → Approve
525
+ → Execute one step
526
+ → Verify
527
+ → Receipt
528
+ → Repeat
146
529
  ```
147
530
 
148
- Run dependency installation only when intended:
531
+ AI can suggest.
532
+ Humans can approve.
533
+ BootProof proves.
534
+
535
+ The complete autonomous loop is not implemented. Today BootProof exposes four honest modes.
536
+
537
+ ### 1. Direct orchestration
149
538
 
150
539
  ```bash
151
- npx bootproof up . --install
540
+ bootproof up .
152
541
  ```
153
542
 
154
- Explain and verify the signed result:
543
+ BootProof infers a supported local run path, executes it within the selected safety boundary, observes health, and writes an attestation.
544
+
545
+ Unsupported or ambiguous orchestration is refused.
546
+
547
+ ### 2. External verification
155
548
 
156
549
  ```bash
157
- npx bootproof explain .bootproof/attestation.json
158
- npx bootproof verify .bootproof/attestation.json
550
+ bootproof verify-url http://localhost:8001/api/v1/health
551
+ ```
552
+
553
+ BootProof observes a service started outside BootProof. Successful evidence is classified as externally verified and never claims BootProof started the app.
554
+
555
+ ### 3. Agent planning
556
+
557
+ ```bash
558
+ bootproof plan-agent .
559
+ ```
560
+
561
+ BootProof writes a deterministic, risk-classified plan and a redacted local receipt chain. It does not execute candidate actions, and planning never counts as success.
562
+
563
+ ### 4. Deterministic repair
564
+
565
+ ```bash
566
+ bootproof fix .
567
+ ```
568
+
569
+ BootProof maps exact known failures to deterministic repair actions. Mutating commands and patches require explicit approval. Verification decides whether the failure progressed or the application booted.
570
+
571
+ See:
572
+
573
+ - [docs/AGENT_IN_THE_LOOP.md](docs/AGENT_IN_THE_LOOP.md)
574
+ - [docs/AGENT_RUN_RECEIPTS.md](docs/AGENT_RUN_RECEIPTS.md)
575
+ - [docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md](docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md)
576
+
577
+ ---
578
+
579
+ ## Deterministic repair
580
+
581
+ `bootproof fix` reads the latest signature-valid classified failure and maps exact known failures to deterministic actions.
582
+
583
+ ```bash
584
+ bootproof fix .
585
+ ```
586
+
587
+ Host and service commands show the exact command, scope and risk. They run only when the user gives explicit approval. JSON and CI modes never approve commands.
588
+
589
+ Repair receipts distinguish:
590
+
591
+ - declined
592
+ - failed
593
+ - progressed
594
+ - verified
595
+
596
+ Machine mode:
597
+
598
+ ```bash
599
+ bootproof fix . --json
600
+ ```
601
+
602
+ It emits one `bootproof/repair-result/v1` object and exits `0` only when a verified receipt exists.
603
+
604
+ `fix` never applies file patches directly. To explicitly apply a signature-valid file repair to a local working tree:
605
+
606
+ ```bash
607
+ bootproof apply-repair .
159
608
  ```
160
609
 
161
- Run against a public HTTPS Git repository on GitHub, GitLab, Bitbucket, or Codeberg:
610
+ Application checks the receipt signature, allowed file scope, signed content hashes, and exact current preimages before writing.
611
+
612
+ See [docs/REPAIR_RECEIPT.md](docs/REPAIR_RECEIPT.md).
613
+
614
+ ---
615
+
616
+ ## Optional BYOK AI
617
+
618
+ AI suggestions are optional and are only available after no deterministic repair is known.
162
619
 
163
620
  ```bash
164
- npx bootproof up https://github.com/user/repo
621
+ OPENAI_API_KEY=... bootproof fix . --ai
165
622
  ```
166
623
 
167
- BootProof clones credential-free HTTPS URLs from those named providers into `.bootproof/remotes/` and retains the clone so its evidence and any generated files continue to exist. It inspects the clone but refuses to execute remote code until host execution is explicitly acknowledged:
624
+ or:
168
625
 
169
626
  ```bash
170
- npx bootproof up https://github.com/user/repo --provider local --unsafe-local
627
+ ANTHROPIC_API_KEY=... BOOTPROOF_AI_PROVIDER=anthropic bootproof fix . --ai
171
628
  ```
172
629
 
173
- Review the inferred commands before using that acknowledgement. Add `--install` only when you also intend to run dependency installation and its lifecycle scripts. Remote `--dry-run` is refused before cloning because dry runs promise to write nothing.
630
+ BootProof asks before contacting the provider, sends only redacted structured failure evidence, validates the strict `bootproof/ai-repair-suggestion/v1` response through the shared safety model, and asks again before any command or patch is tested.
174
631
 
175
- Contributors working from this source repository can use `npm ci`, `npm run build`, and `npm link`. Those steps are not required for npm users.
632
+ AI suggestions are recorded as `ai_suggested`.
633
+
634
+ They never enter the deterministic registry automatically.
635
+
636
+ ---
637
+
638
+ ## Static infrastructure diff
639
+
640
+ ```bash
641
+ bootproof diff --base main --head feature-branch
642
+ bootproof diff --base main --head HEAD --json
643
+ ```
176
644
 
177
- ## Honesty Contract
645
+ `diff` reads committed Git objects and performs static analysis only.
178
646
 
179
- BootProof is constrained on purpose:
647
+ It does not:
180
648
 
181
- - no verified boot without an observed health signal
182
- - no Docker-to-host execution fallback; host commands require `--provider local --unsafe-local`
183
- - no success rendering for skipped steps
184
- - no invented secrets
185
- - no writes to `.env`, `.env.local`, `.env.development`, or `.env.production`
186
- - no silent project patching
187
- - no guessed workspace when the repository is ambiguous
188
- - no claim that generated scaffolding exists unless it was written
189
- - signed failed attestations for refusals and execution failures
190
- - raw local evidence preserved in the attestation
191
- - no telemetry or hidden evidence upload
649
+ - check out either ref
650
+ - execute repository code
651
+ - install dependencies
652
+ - read protected `.env` contents
653
+ - upload data
654
+
655
+ It reports supported drift in:
656
+
657
+ - dependency manifests and lockfiles
658
+ - Compose services and ports
659
+ - environment variable names
660
+ - start commands
661
+ - package managers
662
+ - runtime markers
663
+ - detectable health routes
664
+
665
+ A diff can require fresh proof, but it never claims the head revision boots. Run `bootproof up` against the intended revision to establish that with observed health evidence.
666
+
667
+ ---
668
+
669
+ ## Honesty contract
670
+
671
+ BootProof is constrained on purpose.
672
+
673
+ It will not:
674
+
675
+ - mark a repo `BOOTED` without observed health
676
+ - execute remote code without explicit consent
677
+ - fall back from Docker to host execution silently
678
+ - render skipped steps as success
679
+ - invent secrets
680
+ - write protected `.env` files
681
+ - silently patch project code
682
+ - guess a workspace when the repo is ambiguous
683
+ - claim generated scaffolding exists unless it was written
684
+ - upload telemetry or hidden evidence
685
+
686
+ It will:
687
+
688
+ - sign successful attestations
689
+ - sign failed attestations
690
+ - preserve local evidence
691
+ - classify known failures
692
+ - refuse unsupported paths clearly
192
693
 
193
694
  See [docs/HONESTY_CONTRACT.md](docs/HONESTY_CONTRACT.md).
194
695
 
195
- ## Current Capabilities
696
+ ---
697
+
698
+ ## Safety model
699
+
700
+ ### Execution isolation (read this before running on a repo you don't trust)
701
+
702
+ BootProof's execution model is **honest by default, not isolated by default**. There is no general-purpose container sandbox in the current release. Here is exactly what happens when you run `bootproof up`:
703
+
704
+ - **Default (`--provider docker`)**: BootProof will only execute inside Docker for **source-built Compose applications** (repos with a `docker-compose.yml` where the app service is built from source). For every other repo — plain Node, Python, Rust, Go — the Docker provider **refuses to run** with `orchestration_not_supported` rather than silently falling back to the host. This is intentional: the default is fail-closed, not silent host execution.
705
+ - **`--provider local --unsafe-local`**: runs install and start commands **directly on your host machine** using `spawn(command, { shell: true })`. There is no container, no network restriction, no read-only filesystem. The `--unsafe-local` flag is the explicit consent gate — you are acknowledging that you have reviewed the inferred commands and accept that the repo's code (including `postinstall` scripts, `prestart` hooks, and anything the start command does) will run on your machine with your privileges.
706
+ - **Remote repos** (`bootproof up https://github.com/...`): BootProof clones for inspection but **refuses to execute** without `--provider local --unsafe-local`. Inspection is safe; execution requires consent.
707
+
708
+ **Before running `bootproof up --provider local --unsafe-local` on a repo you didn't write:**
709
+ 1. Run `bootproof up <repo> --dry-run` first to see the inferred commands without executing them.
710
+ 2. Read the plan. The install command and start command will run on your host.
711
+ 3. Only then add `--unsafe-local --install` to actually execute.
712
+
713
+ This is the current truth. General-purpose Docker isolation for non-Compose repos is on the roadmap but is not in this release. If that's a blocker for your use case, do not use BootProof on untrusted repos yet.
714
+
715
+ ### Repair safety
716
+
717
+ BootProof treats repair actions as executable risk.
718
+
719
+ The repair safety model blocks or escalates dangerous commands before they run.
720
+
721
+ Blocked examples include:
722
+
723
+ - `sudo`
724
+ - shell interpreters
725
+ - pipe-to-shell downloads such as `curl | sh`
726
+ - inline arbitrary execution such as `node -e`, `python -c`, `ruby -e`
727
+ - recursive world-writable chmod
728
+ - raw disk writes
729
+ - destructive database drops
730
+ - protected `.env` writes
731
+ - secret exfiltration patterns
732
+
733
+ High-risk actions require explicit approval and can never be downgraded by AI-provided risk labels.
734
+
735
+ See [docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md](docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md).
736
+
737
+ ---
738
+
739
+ ## Current capabilities
196
740
 
197
741
  BootProof currently provides:
198
742
 
199
743
  - Node package-manager and start-command inference
200
- - conservative Go main-package, Rails `bin/rails`, and explicit Make run-target execution
201
- - Python/Flask and Go/Node hybrid detection
202
744
  - monorepo candidate ranking
203
- - Docker service dependency detection and scaffolding
204
- - repository Compose execution when a web service builds the checked-out source and publishes an HTTP port
205
- - localhost health-candidate discovery from repository evidence and app logs
745
+ - Docker service dependency detection
746
+ - repository Compose detection
747
+ - conservative Go main-package execution
748
+ - Rails `bin/rails` entrypoint detection
749
+ - explicit Make run-target execution
750
+ - Python/Flask and Go/Node hybrid detection
751
+ - localhost health-candidate discovery from repo evidence and app logs
206
752
  - classified failures
207
753
  - signed Ed25519 attestations
208
754
  - strict JSON and fail-closed CI output
209
755
  - redacted registry-entry export
210
- - deterministic sandboxed repairs with signed before/after receipts for the registered v0.3 classes
211
- - explicit repair application with signature, scope, and stale-preimage checks
212
- - marker-and-evidence-backed migration repair for Prisma, Django, Rails, Knex, and Drizzle
756
+ - deterministic sandboxed repairs for registered failure classes
757
+ - explicit repair application with signature, scope and stale-preimage checks
758
+ - static infrastructure diff
759
+
760
+ Detection is broader than orchestration. BootProof may detect a stack and still refuse to run it if the proof boundary is not safe or clear.
761
+
762
+ ---
763
+
764
+ ## Supported entrypoints
765
+
766
+ Supported execution paths are deliberately narrow.
767
+
768
+ | Type | Supported path |
769
+ |---|---|
770
+ | Node | package manager + selected start/dev script |
771
+ | Go | exactly one `main.go` or `cmd/*/main.go` |
772
+ | Ruby/Rails | `Gemfile` plus `bin/rails` |
773
+ | Make | explicit `run`, `serve`, `server`, `start`, or `dev` target |
774
+ | Compose | repository-local build context with published HTTP port |
775
+
776
+ Each path still requires observed health.
777
+
778
+ A successful `docker compose up -d`, process spawn, or command exit is not a green result by itself.
779
+
780
+ ---
213
781
 
214
- Detection is broader than orchestration. For example:
782
+ ## Failure taxonomy
215
783
 
216
- - Superset-like Python/Flask/React/Celery repos are detected, then honestly refused with `python_flask_setup_required`.
217
- - Grafana-like Go/Node hybrids are detected without pretending a frontend watcher is the whole application.
218
- - Parallel monorepo root commands are refused until a specific workspace is selected.
219
- - Image-only or infrastructure-only Compose services are not accepted as proof of the checked-out source.
784
+ Common failure classes include:
220
785
 
221
- The supported repository entrypoints are deliberately narrow:
786
+ - `not_an_application`
787
+ - `workspace_ambiguous`
788
+ - `dependency_install_skipped`
789
+ - `package_manager_version_mismatch`
790
+ - `python_flask_setup_required`
791
+ - `service_port_allocated`
792
+ - `postgres_auth_env_missing`
793
+ - `health_http_error`
794
+ - `health_check_timeout`
795
+ - `remote_code_execution_blocked`
796
+ - `unknown_failure`
222
797
 
223
- - Go: exactly one `main.go` or `cmd/*/main.go`
224
- - Ruby: `Gemfile` plus `bin/rails`
225
- - Make: an explicit `run`, `serve`, `server`, `start`, or `dev` target
226
- - Compose: a service with a repository-local build context and a published HTTP port
798
+ Unknown failures remain unknown, with evidence preserved for the next detector.
227
799
 
228
- Each path still requires an observed HTTP response. A successful Compose `up -d`, process spawn, or command exit is not a green result by itself.
800
+ See [docs/FAILURE_TAXONOMY.md](docs/FAILURE_TAXONOMY.md).
229
801
 
230
- ## Files Written
802
+ ---
231
803
 
232
- Depending on the observed plan, BootProof may write:
804
+ ## Files BootProof may write
805
+
806
+ Depending on the command and observed plan, BootProof may write:
233
807
 
234
808
  ```text
235
809
  .bootproof/attestation.json
236
810
  .bootproof/registry-entry.json
811
+ .bootproof/registry/<timestamp>-<hash>.json
237
812
  .bootproof/runtime/
238
813
  docker-compose.bootproof.yml
239
814
  .env.bootproof.example
240
815
  ```
241
816
 
242
- `registry-entry.json` is written only by `bootproof attest export`.
243
-
244
- Docker and env guidance files are listed in proof only when BootProof actually generated them.
817
+ Registry artifacts are written only by explicit export commands.
245
818
 
246
819
  Protected application env files remain untouched.
247
820
 
248
- ## Attestation Trust
821
+ ---
822
+
823
+ ## Attestation trust
249
824
 
250
- Current attestations contain:
825
+ Local attestations (the default) contain:
251
826
 
252
827
  ```json
253
828
  {
@@ -259,67 +834,181 @@ Current attestations contain:
259
834
  }
260
835
  ```
261
836
 
262
- Local attestations are useful evidence. CI/OIDC attestations are stronger supply-chain proof. BootProof does not pretend local laptop proof is enterprise CI proof.
837
+ The embedded trust value is an attested claim, not an external identity proof. Local
838
+ verification separately classifies the signer as this machine, explicitly known, or unknown
839
+ foreign. Repair receipts and registry entries use the same signer tiers.
263
840
 
264
- The future `ci_oidc_signed` level is reserved but is not emitted today.
841
+ Local attestations are useful evidence. CI/OIDC attestations are stronger supply-chain proof.
842
+ Cryptographic authorship binding through keyless/OIDC is intentionally deferred to the
843
+ CI/Action work. BootProof does not pretend local laptop proof is enterprise CI proof.
265
844
 
266
- ## Failure Taxonomy
845
+ ### CI OIDC signing
267
846
 
268
- Examples include:
847
+ Inside GitHub Actions with `permissions: id-token: write`, pass `--ci-oidc` to fetch the runner's OIDC token and embed its claims in the attestation:
269
848
 
270
- - `not_an_application`
271
- - `workspace_ambiguous`
272
- - `dependency_install_skipped`
273
- - `package_manager_version_mismatch`
274
- - `python_flask_setup_required`
275
- - `service_port_allocated`
276
- - `postgres_auth_env_missing`
277
- - `health_http_error`
278
- - `health_check_timeout`
279
- - `unknown_failure`
849
+ ```bash
850
+ bootproof up . --provider local --unsafe-local --ci-oidc
851
+ ```
280
852
 
281
- Unknown failures remain unknown, with evidence preserved for the next detector.
853
+ The attestation then carries `ci_oidc_signed` trust with the OIDC claims:
282
854
 
283
- See [docs/FAILURE_TAXONOMY.md](docs/FAILURE_TAXONOMY.md).
855
+ ```json
856
+ {
857
+ "trust": {
858
+ "level": "ci_oidc_signed",
859
+ "signer": "local_ed25519",
860
+ "oidc": {
861
+ "iss": "https://token.actions.githubusercontent.com",
862
+ "sub": "repo:bootproof/bootproof:ref:refs/heads/main",
863
+ "repository": "bootproof/bootproof",
864
+ "run_id": "123456",
865
+ "workflow": "CI",
866
+ "job_workflow_ref": "bootproof/bootproof/.github/workflows/ci.yml@refs/heads/main"
867
+ }
868
+ }
869
+ }
870
+ ```
284
871
 
285
- ## Real Repository Evidence
872
+ The ed25519 signature still provides integrity; the OIDC evidence provides CI provenance. A verifier can independently validate both the signature and the OIDC claims. The `neutral_runner_signed` and `transparency_logged` levels remain on the roadmap.
286
873
 
287
- BootProof records both useful successes and useful failures. The evidence ledger does not relabel failure as support.
874
+ ### Key rotation
288
875
 
289
- See [docs/REAL_REPO_EVIDENCE.md](docs/REAL_REPO_EVIDENCE.md).
876
+ The local signing key can be rotated without invalidating existing attestations (each carries its public key inline and verifies independently):
877
+
878
+ ```bash
879
+ bootproof rotate-keys # generate new key, back up old
880
+ bootproof rotate-keys --repo . --resign # also re-sign the latest attestation
881
+ ```
882
+
883
+ Old keys are archived to `~/.bootproof/archived-keys/` so existing attestations remain verifiable.
884
+
885
+ ### What the local key does and does not protect
886
+
887
+ The local signing key lives at `~/.bootproof/signer.json` (0600 permissions; the `~/.bootproof/` directory is 0700). Pinned foreign signers are stored in `~/.bootproof/known_signers.json` (also 0600). Archived keys from rotation are stored in `~/.bootproof/archived-keys/` (0600).
888
+
889
+ The key protects **integrity**: a valid ed25519 signature proves the attestation was not altered after signing. It does not protect **authorship**: anyone who obtains this key file can sign attestations that will verify as "this machine." If the key is compromised, `bootproof rotate-keys` generates a new keypair and archives the old one — but existing attestations signed by the compromised key will still verify as intact (they carry the old public key inline). Rotation prevents future compromise; it does not revoke past signatures.
890
+
891
+ `local_developer_signed` has **no revocation mechanism**. There is no key revocation server, no CRL, no OCSP responder. The trust ladder (`local_developer_signed` → `ci_oidc_signed` → `neutral_runner_signed` → `transparency_logged`) is the mitigation, not a hidden feature: higher rungs bind signatures to external identities (OIDC, neutral runners, transparency logs) that are harder to forge than a local key file. A verifier who requires `--require-known-signer` rejects any signer not explicitly pinned, which limits the blast radius of a compromised key to the set of pinned keys.
892
+
893
+ ---
894
+
895
+ ## CI and registry
290
896
 
291
- ## CI And Registry
897
+ BootProof does not upload attestations.
292
898
 
293
- BootProof does not upload attestations. A project can deliberately commit `.bootproof/` or export a redacted registry entry.
899
+ A project can deliberately export a redacted local registry entry or federated public-candidate receipt and review it before committing it.
294
900
 
295
- The Git-native registry and OIDC-backed trust model are designs in progress, not deployed services.
901
+ ```bash
902
+ bootproof registry export .
903
+ bootproof attest export .
904
+ bootproof registry export . --federated
905
+ ```
906
+
907
+ Public crawler, private cloud upload, and OIDC-backed trust are future integrations, not deployed services in this repository.
908
+
909
+ See:
296
910
 
297
911
  - [docs/CI_ACTION.md](docs/CI_ACTION.md)
298
912
  - [docs/REGISTRY.md](docs/REGISTRY.md)
299
913
 
300
- ## Release Packaging
914
+ ---
301
915
 
302
- The npm package contains the compiled CLI, license, README, and docs. `dist/` is required at runtime, generated by `npm run build` during `prepack`, and intentionally not committed.
916
+ ## Open-source boundary
303
917
 
304
- Run `npm run pack:check` to pack BootProof, install the tarball in an isolated temporary directory, and exercise the installed CLI. See [docs/RELEASE_CHECKLIST.md](docs/RELEASE_CHECKLIST.md).
918
+ This repository contains the local trust layer:
305
919
 
306
- ## Release Hygiene
920
+ - local diagnosis
921
+ - local planning
922
+ - local receipts
923
+ - local approvals
924
+ - optional BYOK AI suggestions
925
+ - deterministic repair safety
926
+ - no telemetry
927
+ - no automatic upload
307
928
 
308
- `node_modules/`, `.DS_Store`, and generated `dist/` are ignored and not committed.
929
+ The OSS engine works offline and does not require BootProof Cloud.
309
930
 
310
- `dist/` is generated by `npm run build`. It is included in the npm package because `dist/cli.js` is the executable, and `npm pack`/publish runs the `prepack` build.
931
+ ---
311
932
 
312
- Repository metadata points to:
933
+ ## Cloud boundary
313
934
 
314
- ```text
315
- https://github.com/rossbuckley1990-hash/bootproof
935
+ BootProof Cloud belongs in a separate private repository.
936
+
937
+ Its boundary includes future hosted capabilities such as:
938
+
939
+ - hosted AI
940
+ - shared registry
941
+ - team approval workflows
942
+ - GitHub App
943
+ - SSO/RBAC
944
+ - policy
945
+ - fleet dashboards
946
+ - audit retention
947
+
948
+ These are product boundaries, not claims that those services are implemented in this public repository.
949
+
950
+ No Cloud/SaaS code is included here.
951
+
952
+ ---
953
+
954
+ ## Release packaging
955
+
956
+ The npm package contains the compiled CLI, license, README and docs.
957
+
958
+ `dist/` is required at runtime, generated by `npm run build` during `prepack`, and intentionally not committed.
959
+
960
+ Run:
961
+
962
+ ```bash
963
+ npm run pack:check
316
964
  ```
317
965
 
318
- ## What BootProof Is Not
966
+ This packs BootProof, installs the tarball in an isolated temporary directory, and exercises the installed CLI.
967
+
968
+ See [docs/RELEASE_CHECKLIST.md](docs/RELEASE_CHECKLIST.md).
969
+
970
+ ---
319
971
 
320
- BootProof is not a deployment platform, a general CI replacement, or a magic environment fixer.
972
+ ## Development
321
973
 
322
- It is the honest Run Button for repos. It runs what it can, refuses what it cannot prove, signs both success and failure, and gives humans and machines the same evidence.
974
+ For contributors working from source:
975
+
976
+ ```bash
977
+ git clone https://github.com/bootproof/bootproof.git
978
+ cd bootproof
979
+ npm ci
980
+ npm run build
981
+ npm test
982
+ npm link
983
+ ```
984
+
985
+ Then from another repository:
986
+
987
+ ```bash
988
+ bootproof up .
989
+ ```
990
+
991
+ Generated files such as `dist/`, `node_modules/`, and `.DS_Store` are ignored and not committed.
992
+
993
+ ---
994
+
995
+ ## What BootProof is not
996
+
997
+ BootProof is not:
998
+
999
+ - a deployment platform
1000
+ - a general CI replacement
1001
+ - a magic environment fixer
1002
+ - an AI coding agent
1003
+ - a guarantee that every repo can be run automatically
1004
+ - a cloud product hidden inside an OSS repo
1005
+ - a sandbox or container runtime — `--provider local` runs code on your host; `--provider docker` only isolates source-built Compose apps
1006
+
1007
+ BootProof is the honest run button for repos.
1008
+
1009
+ It runs what it can, refuses what it cannot prove, signs both success and failure, and gives humans and machines the same evidence.
1010
+
1011
+ ---
323
1012
 
324
1013
  ## Status
325
1014
 
@@ -327,15 +1016,18 @@ BootProof is early alpha.
327
1016
 
328
1017
  Near-term work includes:
329
1018
 
330
- - additional remote source providers beyond GitHub, GitLab, Bitbucket, and Codeberg
1019
+ - explicit full-platform Compose mode
1020
+ - stronger multi-service health modelling
331
1021
  - broader deterministic remediation coverage
332
- - stronger multi-service orchestration
333
- - broader Python, Go, Ruby, and Make execution support
1022
+ - more Python, Go, Ruby and Make entrypoints
334
1023
  - CI/OIDC-backed signing
335
- - proof-linked badges and a verified public index
1024
+ - proof-linked badges
1025
+ - verified public evidence index
336
1026
 
337
1027
  Unsupported paths should fail clearly, not magically.
338
1028
 
1029
+ ---
1030
+
339
1031
  ## License
340
1032
 
341
1033
  Apache-2.0