bootproof 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/README.md +844 -152
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +730 -46
  9. package/dist/diagnosis.js +101 -16
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +329 -51
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +238 -39
  17. package/dist/plan.js +2 -0
  18. package/dist/proof.d.ts +78 -2
  19. package/dist/proof.js +265 -12
  20. package/dist/receipt.d.ts +52 -0
  21. package/dist/receipt.js +356 -0
  22. package/dist/redact.d.ts +4 -0
  23. package/dist/redact.js +86 -2
  24. package/dist/registry.d.ts +82 -30
  25. package/dist/registry.js +355 -53
  26. package/dist/remote.js +3 -3
  27. package/dist/repair-playbooks.d.ts +24 -0
  28. package/dist/repair-playbooks.js +593 -0
  29. package/dist/repair-safety.d.ts +130 -0
  30. package/dist/repair-safety.js +766 -0
  31. package/dist/repair.d.ts +43 -11
  32. package/dist/repair.js +716 -7
  33. package/dist/run.d.ts +3 -0
  34. package/dist/run.js +218 -41
  35. package/dist/sbom.d.ts +22 -0
  36. package/dist/sbom.js +99 -0
  37. package/dist/taxonomy.d.ts +8 -3
  38. package/dist/taxonomy.js +404 -8
  39. package/dist/types.d.ts +40 -1
  40. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  41. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  42. package/docs/CI_ACTION.md +67 -2
  43. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  44. package/docs/DISTRIBUTION.md +83 -0
  45. package/docs/FAILURE_TAXONOMY.md +28 -1
  46. package/docs/HONESTY_CONTRACT.md +34 -12
  47. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  48. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  49. package/docs/REGISTRY.md +48 -28
  50. package/docs/REPAIR_RECEIPT.md +54 -8
  51. package/docs/agent-loop-gap-analysis.md +188 -0
  52. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  53. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  54. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  55. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  56. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  57. package/docs/examples/registry-seeds/php-composer.json +33 -0
  58. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  59. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  60. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  61. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  62. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  63. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  64. package/docs/schemas/ci-context-v1.schema.json +63 -0
  65. package/docs/schemas/diff-result-v1.schema.json +66 -0
  66. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  67. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  68. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  69. package/docs/schemas/repair-action-v1.schema.json +136 -0
  70. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  71. package/package.json +21 -11
package/dist/repair.d.ts CHANGED
@@ -1,23 +1,28 @@
1
+ import { type SignatureTrustResult } from "./proof.js";
2
+ import { type RepairAction, type RepairReceiptBase } from "./repair-safety.js";
3
+ import { type DeterministicRepairCandidate } from "./repair-playbooks.js";
1
4
  import type { Attestation, FailureClass, PackageManager } from "./types.js";
5
+ import type { RequestedAiRepair } from "./ai-repair.js";
6
+ export * from "./repair-safety.js";
7
+ export * from "./repair-playbooks.js";
2
8
  export type RepairKind = "repo-diff" | "plan-step" | "environment";
3
- export interface RepairReceipt {
4
- schema: "bootproof/repair-receipt/v1";
5
- tool: string;
6
- repo: {
9
+ export interface RepairReceipt extends RepairReceiptBase {
10
+ tool?: string;
11
+ repo?: {
7
12
  remote: string | null;
8
13
  commit: string | null;
9
14
  dirty: boolean | null;
10
15
  };
11
- environment: {
16
+ environment?: {
12
17
  os: string;
13
18
  arch: string;
14
19
  node: string;
15
20
  };
16
- failure: {
21
+ failure?: {
17
22
  class: FailureClass;
18
23
  beforeAttestationSha256: string;
19
24
  };
20
- repair: {
25
+ repair?: {
21
26
  id: string;
22
27
  kind: RepairKind;
23
28
  description: string;
@@ -28,25 +33,40 @@ export interface RepairReceipt {
28
33
  planDelta: string | null;
29
34
  envDelta: string | null;
30
35
  };
31
- verification: {
36
+ verification?: {
32
37
  before: {
33
38
  booted: false;
34
39
  failureClass: FailureClass;
35
40
  attestationSha256: string;
36
41
  };
37
42
  after: {
38
- booted: true;
43
+ booted: boolean;
44
+ bootproofOrchestrated: boolean;
39
45
  healthObservation: string;
40
46
  attestationSha256: string;
41
47
  };
42
48
  };
43
- startedAt: string;
44
- finishedAt: string;
49
+ startedAt?: string;
50
+ finishedAt?: string;
45
51
  signer: {
46
52
  publicKey: string;
47
53
  algorithm: "ed25519";
48
54
  } | null;
49
55
  signature: string | null;
56
+ /**
57
+ * AI evidence captured for auditability when source === "ai_suggested".
58
+ * Contains the redacted prompt context and the AI's structured suggestion.
59
+ * Required by the AGENTS.md constitution: an auditor must be able to
60
+ * reconstruct what the AI proposed without trusting the AI provider.
61
+ */
62
+ aiEvidence?: {
63
+ provider: "openai" | "anthropic";
64
+ model: string;
65
+ /** The redacted bootproof/ai-repair-context/v1 object sent to the AI. */
66
+ context: Record<string, unknown>;
67
+ /** The validated bootproof/ai-repair-suggestion/v1 object the AI returned. */
68
+ suggestion: Record<string, unknown>;
69
+ };
50
70
  }
51
71
  export interface RepairResult {
52
72
  schema: "bootproof/repair-result/v1";
@@ -71,6 +91,14 @@ export interface RepairOptions {
71
91
  timeoutMs: number;
72
92
  port?: number;
73
93
  remoteSource?: string;
94
+ commandApproved?: boolean;
95
+ actionApproved?: boolean;
96
+ /** The full AI repair request (context + suggestion) to embed in the receipt for audit. */
97
+ aiRepair?: RequestedAiRepair | null;
98
+ }
99
+ export interface LatestRepairCandidate {
100
+ attestation: Attestation;
101
+ candidate: DeterministicRepairCandidate;
74
102
  }
75
103
  export interface RepairFileChange {
76
104
  path: string;
@@ -91,6 +119,7 @@ export interface RepairReceiptPrecondition {
91
119
  export declare function assertRepairTargetPath(repoPath: string, file: string): void;
92
120
  export declare function assertRepairScope(changes: RepairFileChange[]): void;
93
121
  export declare function verifyRepairReceipt(receipt: RepairReceipt): boolean;
122
+ export declare function evaluateRepairReceiptSignature(receipt: RepairReceipt): SignatureTrustResult;
94
123
  export declare function sha256Attestation(attestation: Attestation): string;
95
124
  export declare function composePortRepair(source: string, service: string, occupiedPort: number, replacementPort: number, containerPort: number): string;
96
125
  export declare function packageManagerActivationCommand(packageManager: PackageManager, version: string | null): string | null;
@@ -106,5 +135,8 @@ export declare function registeredRemediationsFor(failureClass: FailureClass): {
106
135
  id: string;
107
136
  kind: RepairKind;
108
137
  }[];
138
+ export declare function latestDeterministicRepairCandidate(repoPath: string, requestedProvider?: "docker" | "local"): LatestRepairCandidate | null;
139
+ export declare function latestFailedAttestation(repoPath: string, requestedProvider?: "docker" | "local"): Attestation | null;
140
+ export declare function executeAiSuggestedRepair(repoPath: string, before: Attestation, action: RepairAction, options: RepairOptions): Promise<RepairResult>;
109
141
  export declare function applyVerifiedRepair(repoPath: string, receiptFile?: string): RepairApplyResult;
110
142
  export declare function repairRepo(repoPath: string, options: RepairOptions): Promise<RepairResult>;