bootproof 0.3.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +844 -152
- package/dist/agent-plan.d.ts +44 -0
- package/dist/agent-plan.js +826 -0
- package/dist/agent-run.d.ts +117 -0
- package/dist/agent-run.js +459 -0
- package/dist/ai-repair.d.ts +58 -0
- package/dist/ai-repair.js +380 -0
- package/dist/cli.js +730 -46
- package/dist/diagnosis.js +101 -16
- package/dist/diff.d.ts +29 -0
- package/dist/diff.js +569 -0
- package/dist/exec.d.ts +30 -2
- package/dist/exec.js +329 -51
- package/dist/external-health.d.ts +16 -0
- package/dist/external-health.js +214 -0
- package/dist/infer.js +238 -39
- package/dist/plan.js +2 -0
- package/dist/proof.d.ts +78 -2
- package/dist/proof.js +265 -12
- package/dist/receipt.d.ts +52 -0
- package/dist/receipt.js +356 -0
- package/dist/redact.d.ts +4 -0
- package/dist/redact.js +86 -2
- package/dist/registry.d.ts +82 -30
- package/dist/registry.js +355 -53
- package/dist/remote.js +3 -3
- package/dist/repair-playbooks.d.ts +24 -0
- package/dist/repair-playbooks.js +593 -0
- package/dist/repair-safety.d.ts +130 -0
- package/dist/repair-safety.js +766 -0
- package/dist/repair.d.ts +43 -11
- package/dist/repair.js +716 -7
- package/dist/run.d.ts +3 -0
- package/dist/run.js +218 -41
- package/dist/sbom.d.ts +22 -0
- package/dist/sbom.js +99 -0
- package/dist/taxonomy.d.ts +8 -3
- package/dist/taxonomy.js +404 -8
- package/dist/types.d.ts +40 -1
- package/docs/AGENT_IN_THE_LOOP.md +171 -0
- package/docs/AGENT_RUN_RECEIPTS.md +38 -0
- package/docs/CI_ACTION.md +67 -2
- package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
- package/docs/DISTRIBUTION.md +83 -0
- package/docs/FAILURE_TAXONOMY.md +28 -1
- package/docs/HONESTY_CONTRACT.md +34 -12
- package/docs/LAUNCH_PLAYBOOK.md +232 -0
- package/docs/REAL_WORLD_FIXTURES.md +105 -0
- package/docs/REGISTRY.md +48 -28
- package/docs/REPAIR_RECEIPT.md +54 -8
- package/docs/agent-loop-gap-analysis.md +188 -0
- package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
- package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
- package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
- package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
- package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
- package/docs/examples/registry-seeds/php-composer.json +33 -0
- package/docs/examples/registry-seeds/rails-bundler.json +32 -0
- package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
- package/docs/schemas/action-verdict-v1.schema.json +64 -0
- package/docs/schemas/agent-plan-v1.schema.json +148 -0
- package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
- package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
- package/docs/schemas/ci-context-v1.schema.json +63 -0
- package/docs/schemas/diff-result-v1.schema.json +66 -0
- package/docs/schemas/federated-receipt-v1.schema.json +51 -0
- package/docs/schemas/registry-entry-v1.schema.json +95 -0
- package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
- package/docs/schemas/repair-action-v1.schema.json +136 -0
- package/docs/schemas/repair-receipt-v1.schema.json +221 -0
- package/package.json +21 -11
package/docs/REGISTRY.md
CHANGED
|
@@ -1,49 +1,69 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Registry Export Formats
|
|
2
2
|
|
|
3
|
-
BootProof does not operate a public
|
|
3
|
+
BootProof supports local, redacted registry artifacts. It does not operate a public index from
|
|
4
|
+
this repository, upload evidence automatically, or call a registry service.
|
|
4
5
|
|
|
5
|
-
|
|
6
|
+
Create a local entry explicitly:
|
|
6
7
|
|
|
7
|
-
```
|
|
8
|
-
|
|
8
|
+
```bash
|
|
9
|
+
bootproof registry export .
|
|
9
10
|
```
|
|
10
11
|
|
|
11
|
-
|
|
12
|
+
This writes `.bootproof/registry-entry.json` using
|
|
13
|
+
`bootproof/registry-entry/v1`. `bootproof attest export .` remains a compatibility alias.
|
|
12
14
|
|
|
13
|
-
|
|
14
|
-
bootproof attest export .
|
|
15
|
-
```
|
|
15
|
+
## Public/Federated Registry
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
Public repositories may explicitly create a public-candidate wrapper:
|
|
18
18
|
|
|
19
|
-
```
|
|
20
|
-
|
|
19
|
+
```bash
|
|
20
|
+
bootproof registry export . --federated
|
|
21
21
|
```
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
This writes a redacted, signed `bootproof/federated-receipt/v1` artifact under
|
|
24
|
+
`.bootproof/registry/`. A repository owner may review and deliberately commit that receipt to
|
|
25
|
+
the repository's own Git history.
|
|
26
|
+
|
|
27
|
+
A future BootProof indexer could crawl public receipts, verify signatures, and build an open
|
|
28
|
+
commons of verified boot, failure, and repair knowledge. The crawler and public index do not
|
|
29
|
+
exist in this repository and are not implemented by this command.
|
|
24
30
|
|
|
25
|
-
|
|
31
|
+
`bootproof attest check` distinguishes this machine's signer, explicitly pinned known signers,
|
|
32
|
+
and unknown foreign signers. Signature integrity alone does not establish authorship.
|
|
26
33
|
|
|
27
|
-
|
|
34
|
+
## Private Cloud Registry
|
|
28
35
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
- failure corpus: classified failures improve detectors without converting failures into success claims
|
|
36
|
+
Organisations may later explicitly upload redacted attestations and repair receipts to
|
|
37
|
+
BootProof Cloud. Private repository data would remain governed, tenant-isolated, and paid.
|
|
32
38
|
|
|
33
|
-
|
|
39
|
+
This repository only supports producing a `cloud_upload_candidate` local export. BootProof
|
|
40
|
+
Cloud, upload transport, billing, governance, and hosted registry storage are intentionally
|
|
41
|
+
not implemented here.
|
|
34
42
|
|
|
35
43
|
## Consent And Privacy
|
|
36
44
|
|
|
37
|
-
1.
|
|
38
|
-
2.
|
|
39
|
-
3.
|
|
40
|
-
4.
|
|
41
|
-
|
|
45
|
+
1. Every registry entry has `optInRequired: true`; federated wrappers contain that entry.
|
|
46
|
+
2. Export builders perform no network calls and do not upload telemetry or evidence.
|
|
47
|
+
3. Files are written only after an explicit export command.
|
|
48
|
+
4. Raw environment values, tokens, private keys, protected `.env` contents, and local username
|
|
49
|
+
paths are excluded or redacted.
|
|
50
|
+
5. Repository owner and name identifiers are hashed; a public repository URL is included only
|
|
51
|
+
when it is a credential-free URL on a supported public Git host.
|
|
52
|
+
6. Full local attestations may contain raw evidence and should not be treated as public exports.
|
|
53
|
+
|
|
54
|
+
The strict schemas are:
|
|
42
55
|
|
|
43
|
-
|
|
56
|
+
- [`schemas/registry-entry-v1.schema.json`](schemas/registry-entry-v1.schema.json)
|
|
57
|
+
- [`schemas/federated-receipt-v1.schema.json`](schemas/federated-receipt-v1.schema.json)
|
|
44
58
|
|
|
45
|
-
##
|
|
59
|
+
## Documentation Seeds
|
|
46
60
|
|
|
47
|
-
|
|
61
|
+
Small synthetic examples of the real-world classifier and inference coverage live
|
|
62
|
+
under [`examples/registry-seeds/`](examples/registry-seeds/). They use the
|
|
63
|
+
documentation-only
|
|
64
|
+
[`registry-seed-example-v1` schema](schemas/registry-seed-example-v1.schema.json)
|
|
65
|
+
and are explained in [REAL_WORLD_FIXTURES.md](REAL_WORLD_FIXTURES.md).
|
|
48
66
|
|
|
49
|
-
|
|
67
|
+
These examples are not attestations, proof, upload requests, or production
|
|
68
|
+
registry entries. They contain no network behavior and are never submitted
|
|
69
|
+
automatically.
|
package/docs/REPAIR_RECEIPT.md
CHANGED
|
@@ -1,13 +1,20 @@
|
|
|
1
1
|
# Repair Receipts
|
|
2
2
|
|
|
3
|
-
`bootproof fix` treats the normal BootProof verdict as
|
|
3
|
+
`bootproof fix` treats the normal BootProof verdict as the oracle. The deterministic MVP reads
|
|
4
|
+
the latest signature-valid classified failure and maps only exact known evidence to a repair
|
|
5
|
+
action. It never uses AI.
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
Receipts preserve the complete lifecycle:
|
|
6
8
|
|
|
7
|
-
-
|
|
8
|
-
-
|
|
9
|
+
- suggested
|
|
10
|
+
- approved or declined
|
|
11
|
+
- applied or failed
|
|
12
|
+
- progressed or unchanged
|
|
13
|
+
- verified or unverified
|
|
9
14
|
|
|
10
|
-
|
|
15
|
+
Declined and failed attempts are valuable evidence, so they also produce signed receipts.
|
|
16
|
+
Only observed healthy HTTP sets `verified: true`. Progress without verification requires a
|
|
17
|
+
different after failure class.
|
|
11
18
|
|
|
12
19
|
## Schema
|
|
13
20
|
|
|
@@ -15,6 +22,16 @@ No receipt is emitted unless both statements are signed evidence:
|
|
|
15
22
|
bootproof/repair-receipt/v1
|
|
16
23
|
```
|
|
17
24
|
|
|
25
|
+
The strict machine schemas are:
|
|
26
|
+
|
|
27
|
+
- [`schemas/repair-action-v1.schema.json`](schemas/repair-action-v1.schema.json)
|
|
28
|
+
- [`schemas/repair-receipt-v1.schema.json`](schemas/repair-receipt-v1.schema.json)
|
|
29
|
+
|
|
30
|
+
The v1 receipt now includes additive safety-foundation fields: the deterministic proposed
|
|
31
|
+
action, mutation scope, risk level, approval requirement, apply result, progress and
|
|
32
|
+
verification booleans, and redaction record. Existing signed verification fields remain for
|
|
33
|
+
backward-compatible inspection and application.
|
|
34
|
+
|
|
18
35
|
```json
|
|
19
36
|
{
|
|
20
37
|
"schema": "bootproof/repair-receipt/v1",
|
|
@@ -83,6 +100,10 @@ bootproof/repair-receipt/v1
|
|
|
83
100
|
|
|
84
101
|
The receipt uses the same Ed25519 canonical-body pattern as attestations: `signer` and `signature` are excluded from the signed body. Tampering with the repair, before result, or after result invalidates verification.
|
|
85
102
|
|
|
103
|
+
An intact signature establishes integrity, not authorship by itself. `bootproof verify` reports
|
|
104
|
+
whether the repair receipt signer is this machine, explicitly known, or unknown foreign, using
|
|
105
|
+
the same local trust store as attestation verification.
|
|
106
|
+
|
|
86
107
|
`beforeAttestationSha256` and both verification hashes are SHA-256 hashes of the corresponding attestation JSON objects.
|
|
87
108
|
|
|
88
109
|
`fileChanges` is a signed application manifest. It contains only allowlisted boot-plumbing files and binds the expected preimage and verified after-content to SHA-256 hashes. `preconditions` binds read-only source inputs, such as the repository Compose file from which a repaired copy was derived.
|
|
@@ -99,7 +120,8 @@ emits exactly one:
|
|
|
99
120
|
bootproof/repair-result/v1
|
|
100
121
|
```
|
|
101
122
|
|
|
102
|
-
Exit `0` means
|
|
123
|
+
Exit `0` means the rerun observed healthy HTTP. A declined, failed, progressed-but-unverified,
|
|
124
|
+
unknown, or inapplicable remediation exits `1`, even when a signed receipt was written.
|
|
103
125
|
|
|
104
126
|
`bootproof fix . --dry-run` executes nothing, writes nothing, and produces no proof.
|
|
105
127
|
|
|
@@ -117,6 +139,17 @@ bootproof fix https://github.com/user/repo --provider local --unsafe-local
|
|
|
117
139
|
|
|
118
140
|
Cloning is not execution consent. The existing local execution acknowledgement remains mandatory.
|
|
119
141
|
|
|
142
|
+
Human command repairs show:
|
|
143
|
+
|
|
144
|
+
```text
|
|
145
|
+
This repair may modify your local machine or services.
|
|
146
|
+
Command: <exact command>
|
|
147
|
+
Risk: medium
|
|
148
|
+
Run this command? Type Y to approve:
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
Only uppercase `Y` approves. JSON and CI modes never prompt and never execute a repair command.
|
|
152
|
+
|
|
120
153
|
## Explicit Application
|
|
121
154
|
|
|
122
155
|
Repair generation and repair application are separate operations:
|
|
@@ -140,6 +173,18 @@ Application exits `0` only after all signed file changes are written and re-hash
|
|
|
140
173
|
|
|
141
174
|
| Failure class | Deterministic remediation |
|
|
142
175
|
|---|---|
|
|
176
|
+
| `missing_ruby_version` | Propose `rbenv install <requiredVersion>` as a medium-risk host mutation. |
|
|
177
|
+
| `missing_build_tool` with exact CMake evidence | Propose `brew install cmake` as a host mutation requiring approval. |
|
|
178
|
+
| `native_extension_compile_failed` for `idn-ruby` | Propose Homebrew native dependencies, then a separately approved static-prefix Bundler configuration action. |
|
|
179
|
+
| `missing_database_config` | Preview a patch copying the repository PostgreSQL/example config when the destination is absent and the content is safe to persist. |
|
|
180
|
+
| `missing_required_config` for `config/gitlab.yml` | Preview a patch copying `config/gitlab.yml.example` when the destination is absent. |
|
|
181
|
+
| `postgres_unavailable` | Start only a detected local Homebrew PostgreSQL package and show `pg_isready`; otherwise emit an instruction. |
|
|
182
|
+
| `postgres_role_missing` | Propose `createuser -s <role>` only for an exact shell-safe role from evidence. |
|
|
183
|
+
| `database_schema_missing` | Propose high-risk `bundle exec rails db:migrate`. |
|
|
184
|
+
| `unsupported_database_version` | Propose separate high-risk install and service-start actions for the exact PostgreSQL major without changing PATH. |
|
|
185
|
+
| `unsupported_database_config` | Preview removal of only exact `geo`/`embedding` top-level sections when the patch contains no secrets. |
|
|
186
|
+
| `redis_unavailable` | Propose `brew services start redis` when Homebrew is detectable; otherwise emit a generic instruction. |
|
|
187
|
+
| `missing_env_var` for only `RAILS_ENV` | Emit `RAILS_ENV=development bootproof up . --provider local --unsafe-local --install` as a non-executed instruction. |
|
|
143
188
|
| `service_port_allocated` | Remap a BootProof-generated Compose host port, or create a complete BootProof-owned repaired Compose copy beside the repository file without editing it. |
|
|
144
189
|
| `package_manager_version_mismatch` | Run the exact declared `corepack prepare <manager>@<version> --activate` command in the sandbox. |
|
|
145
190
|
| `migrations_missing` | Select one exact migration framework from repository markers plus preserved evidence: Prisma, Django, Rails, Knex, or Drizzle. Ambiguous matches refuse instead of guessing. |
|
|
@@ -150,7 +195,7 @@ Local host execution still requires `--unsafe-local`, and `fix` never auto-appli
|
|
|
150
195
|
|
|
151
196
|
## Files
|
|
152
197
|
|
|
153
|
-
|
|
198
|
+
Repair output is kept in the original repository's BootProof output directory:
|
|
154
199
|
|
|
155
200
|
```text
|
|
156
201
|
.bootproof/attestation.json
|
|
@@ -161,7 +206,8 @@ Successful repair output is kept in the original repository's BootProof output d
|
|
|
161
206
|
|
|
162
207
|
The patch is present only when the repair produced a repository or repaired-Compose file change. Plan-only and environment-only repairs may have no patch.
|
|
163
208
|
|
|
164
|
-
The after attestation
|
|
209
|
+
The after attestation exists only when an approved command triggered a rerun. It is retained so
|
|
210
|
+
progress and verification can be inspected independently.
|
|
165
211
|
|
|
166
212
|
## Allowed Scope
|
|
167
213
|
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# Agent-Loop Gap Analysis
|
|
2
|
+
|
|
3
|
+
Audit date: 2026-06-12
|
|
4
|
+
|
|
5
|
+
Target architecture:
|
|
6
|
+
|
|
7
|
+
> Diagnose -> Classify -> Plan -> Risk-Classify -> Approve -> Execute One Step
|
|
8
|
+
> -> Verify -> Receipt -> Repeat
|
|
9
|
+
|
|
10
|
+
This document tracks the current OSS agent-loop architecture. It does not
|
|
11
|
+
authorize autonomous execution.
|
|
12
|
+
|
|
13
|
+
## Status Summary
|
|
14
|
+
|
|
15
|
+
| Capability | Status | Current repository state |
|
|
16
|
+
|---|---|---|
|
|
17
|
+
| Engineering constitution | Exists | `AGENTS.md` contains the complete agent-loop principles, approval boundary, one-step rule, verification rule, receipt rule, honest-stop rule, and OSS/Cloud boundary. |
|
|
18
|
+
| External health verification | Exists | `verify-url` and `up --external-health` record external-health attestations with explicit non-orchestration ownership and honest auth/unreachable classifications. |
|
|
19
|
+
| Agent planning | Planning-only foundation exists | `bootproof plan-agent` writes a strict local agent plan with evidence, risk-classified candidate actions, approvals, verification steps, and stop conditions. It executes no candidate action. |
|
|
20
|
+
| Shared action risk model | Exists | Deterministic repair and `plan-agent` use one strict action-risk classifier with canonical mutation scopes, approval prompts, blocked reasons, verification steps, a hard blocklist, and at-least-medium risk for unknown commands. |
|
|
21
|
+
| Airbyte runbook recognition | Exists | Planning identifies Airbyte from repository identity and structural evidence, emits the abctl-managed orchestration classifications, uses the shared high-risk Kubernetes model, marks credential access secret-sensitive, and plans external health verification without execution. |
|
|
22
|
+
| Local agent receipt chain | Exists for planning and verification | `plan-agent` creates a redacted run directory with hash-linked diagnosis, plan, and action receipts. Repository-scoped external health can append verification receipts, the derived final summary states ownership and stop status, and `explain-run` verifies the chain. Approved action execution remains intentionally unimplemented. |
|
|
23
|
+
|
|
24
|
+
## Existing Capabilities
|
|
25
|
+
|
|
26
|
+
### Constitution
|
|
27
|
+
|
|
28
|
+
`AGENTS.md` already states that BootProof may plan and risk-classify actions,
|
|
29
|
+
may execute only approved local actions, must execute one step at a time,
|
|
30
|
+
must verify after every action, must save local receipts, and must stop on
|
|
31
|
+
unknown or unsafe steps.
|
|
32
|
+
|
|
33
|
+
It also preserves these boundaries:
|
|
34
|
+
|
|
35
|
+
- `bootproof up` is deterministic, zero-AI, and evidence-based.
|
|
36
|
+
- Planning and action completion are not proof.
|
|
37
|
+
- External health must not imply that BootProof started the application.
|
|
38
|
+
- AI assistance is optional and must use the same safety model.
|
|
39
|
+
- Cloud/SaaS, telemetry, and automatic upload remain outside this OSS repo.
|
|
40
|
+
|
|
41
|
+
### Deterministic Repair Loop
|
|
42
|
+
|
|
43
|
+
The current `bootproof fix` path implements a human-driven subset of the loop:
|
|
44
|
+
|
|
45
|
+
- reads a signature-valid failed attestation;
|
|
46
|
+
- classifies exact known evidence;
|
|
47
|
+
- selects one deterministic repair candidate;
|
|
48
|
+
- displays action type, mutation scope, risk, and exact command or patch;
|
|
49
|
+
- requires uppercase `Y` for command or patch testing;
|
|
50
|
+
- executes only the selected action;
|
|
51
|
+
- reruns BootProof in a sandbox;
|
|
52
|
+
- records declined, failed, progressed, or verified outcomes;
|
|
53
|
+
- writes a signed local repair receipt.
|
|
54
|
+
|
|
55
|
+
Later candidate actions may be displayed, but they are not silently chained or
|
|
56
|
+
executed in the same approval.
|
|
57
|
+
|
|
58
|
+
### Health and Evidence Primitives
|
|
59
|
+
|
|
60
|
+
The health engine already:
|
|
61
|
+
|
|
62
|
+
- records requested URL, HTTP status, headers, redirect location, body excerpt,
|
|
63
|
+
timestamp, acceptance decision, and connection errors;
|
|
64
|
+
- accepts HTTP 2xx and expected application sign-in redirects;
|
|
65
|
+
- preserves failed observations;
|
|
66
|
+
- clears stale health evidence during later successful observations.
|
|
67
|
+
|
|
68
|
+
External verification now provides `bootproof verify-url <url>` and
|
|
69
|
+
`bootproof up . --external-health <url>`. Its attestations use
|
|
70
|
+
`verificationMode: external-health`, set `bootproofOrchestrated: false`, and
|
|
71
|
+
classify successful HTTP 2xx/3xx observations as `external_service_verified`.
|
|
72
|
+
HTTP 401/403 is `auth_required`; connection and non-success responses are
|
|
73
|
+
`external_health_unreachable`.
|
|
74
|
+
|
|
75
|
+
### Safety and Receipt Primitives
|
|
76
|
+
|
|
77
|
+
`bootproof/repair-action/v1` currently provides:
|
|
78
|
+
|
|
79
|
+
- `actionType`;
|
|
80
|
+
- `mutationScope`;
|
|
81
|
+
- `riskLevel`;
|
|
82
|
+
- `requiresApproval`;
|
|
83
|
+
- structured commands, patches, and instructions;
|
|
84
|
+
- a hard safety validator for shell control, `sudo`, destructive commands,
|
|
85
|
+
protected environment files, blocked paths, and exfiltration patterns.
|
|
86
|
+
|
|
87
|
+
`bootproof/repair-receipt/v1` currently records:
|
|
88
|
+
|
|
89
|
+
- proposed action and risk fields;
|
|
90
|
+
- approval and application timestamps;
|
|
91
|
+
- apply result;
|
|
92
|
+
- before and after failure classes;
|
|
93
|
+
- progress and verification;
|
|
94
|
+
- redactions;
|
|
95
|
+
- signature-valid before/after attestation hashes when available.
|
|
96
|
+
|
|
97
|
+
## Partial Capabilities
|
|
98
|
+
|
|
99
|
+
### Run Planning
|
|
100
|
+
|
|
101
|
+
`bootproof plan` is planning-only and performs no execution or writes. Its
|
|
102
|
+
`RunPlan` steps contain an identifier, kind, optional command, description,
|
|
103
|
+
and required flag.
|
|
104
|
+
|
|
105
|
+
It is not an agent plan because it does not contain:
|
|
106
|
+
|
|
107
|
+
- candidate alternatives;
|
|
108
|
+
- per-action risk classification;
|
|
109
|
+
- mutation scope;
|
|
110
|
+
- approval requirement;
|
|
111
|
+
- blocked reason;
|
|
112
|
+
- verification step;
|
|
113
|
+
- secret-sensitivity metadata;
|
|
114
|
+
- a persisted `.bootproof/agent-plan.json`.
|
|
115
|
+
|
|
116
|
+
### Shared Risk Model
|
|
117
|
+
|
|
118
|
+
The deterministic repair safety module is the shared action-risk contract used
|
|
119
|
+
by deterministic repair and `plan-agent`. It provides:
|
|
120
|
+
|
|
121
|
+
- canonical action type, mutation scope, risk, and approval fields;
|
|
122
|
+
- generated approval prompts, blocked reasons, and verification steps;
|
|
123
|
+
- deterministic high-risk classification for host installs, Kubernetes
|
|
124
|
+
mutations, database migrations, and credential generation;
|
|
125
|
+
- at-least-medium classification for unknown commands;
|
|
126
|
+
- one hard blocklist before any command can become executable.
|
|
127
|
+
|
|
128
|
+
Deterministic repair actions remain sourced from `deterministic_playbook`.
|
|
129
|
+
`plan-agent` consumes the same classifier but remains planning-only.
|
|
130
|
+
|
|
131
|
+
### Receipt History
|
|
132
|
+
|
|
133
|
+
BootProof writes `.bootproof/attestation.json`,
|
|
134
|
+
`.bootproof/repair-receipt.json`, and, after a rerun,
|
|
135
|
+
`.bootproof/repair-after-attestation.json`. Repair receipts are signed and bind
|
|
136
|
+
before/after attestations with hashes.
|
|
137
|
+
|
|
138
|
+
Repair files remain attempt-scoped. Agent planning now additionally creates a
|
|
139
|
+
run-scoped local chain under `.bootproof/agent-runs/<run-id>/`, where immutable
|
|
140
|
+
diagnosis, plan, action, and verification receipts link by SHA-256 hash.
|
|
141
|
+
`final-summary.json` records the current derived status, and
|
|
142
|
+
`bootproof explain-run <run-id>` verifies and explains the chain.
|
|
143
|
+
|
|
144
|
+
## Existing Agent Run Capability
|
|
145
|
+
|
|
146
|
+
- `.bootproof/agent-runs/<run-id>/`;
|
|
147
|
+
- redacted initial attestation and plan snapshots;
|
|
148
|
+
- per-action planning receipts;
|
|
149
|
+
- appendable verification receipts;
|
|
150
|
+
- previous-receipt SHA-256 links;
|
|
151
|
+
- a derived final summary;
|
|
152
|
+
- `bootproof explain-run <run-id>`.
|
|
153
|
+
|
|
154
|
+
Planning still executes nothing. No autonomous or approved action runner exists.
|
|
155
|
+
|
|
156
|
+
## Recommended Next Prompt Order
|
|
157
|
+
|
|
158
|
+
1. **Only after the receipt contracts are stable, add a human-driven
|
|
159
|
+
single-step runner.**
|
|
160
|
+
Execute exactly one approved local action, verify it, write the chained
|
|
161
|
+
receipts, and stop for a new explicit approval. Do not add autonomous
|
|
162
|
+
multi-step execution in this stage.
|
|
163
|
+
|
|
164
|
+
## Files Inspected
|
|
165
|
+
|
|
166
|
+
- `AGENTS.md`
|
|
167
|
+
- `src/cli.ts`
|
|
168
|
+
- `src/types.ts`
|
|
169
|
+
- `src/infer.ts`
|
|
170
|
+
- `src/plan.ts`
|
|
171
|
+
- `src/run.ts`
|
|
172
|
+
- `src/exec.ts`
|
|
173
|
+
- `src/proof.ts`
|
|
174
|
+
- `src/taxonomy.ts`
|
|
175
|
+
- `src/diagnosis.ts`
|
|
176
|
+
- `src/repair-safety.ts`
|
|
177
|
+
- `src/repair-playbooks.ts`
|
|
178
|
+
- `src/repair.ts`
|
|
179
|
+
- `src/registry.ts`
|
|
180
|
+
- `docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md`
|
|
181
|
+
- `docs/FAILURE_TAXONOMY.md`
|
|
182
|
+
- `docs/HONESTY_CONTRACT.md`
|
|
183
|
+
- `docs/REPAIR_RECEIPT.md`
|
|
184
|
+
- `docs/REGISTRY.md`
|
|
185
|
+
- `docs/schemas/repair-action-v1.schema.json`
|
|
186
|
+
- `docs/schemas/repair-receipt-v1.schema.json`
|
|
187
|
+
- `tests/unit.test.mjs`
|
|
188
|
+
- `tests/e2e.test.mjs`
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "advertised-port-mismatch",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"selected command starts a Vite asset server",
|
|
7
|
+
"inferred health URL uses port 8080",
|
|
8
|
+
"process output advertises https://localhost:5173/",
|
|
9
|
+
"no successful response on inferred health candidate"
|
|
10
|
+
],
|
|
11
|
+
"expectedBootProof": {
|
|
12
|
+
"kind": "classification",
|
|
13
|
+
"values": [
|
|
14
|
+
"health_candidate_port_mismatch"
|
|
15
|
+
]
|
|
16
|
+
},
|
|
17
|
+
"safeNextStep": "Confirm whether the advertised endpoint is an asset server or the primary application, correct the reviewed health target, and rerun verification.",
|
|
18
|
+
"repairDisposition": "refused",
|
|
19
|
+
"externallyOrchestrated": false,
|
|
20
|
+
"evidenceOutcome": "diagnostic_only",
|
|
21
|
+
"verificationBasis": "An advertised URL mismatch is precise failure evidence, not successful health evidence; BootProof must still observe the intended application endpoint.",
|
|
22
|
+
"redactionsApplied": [
|
|
23
|
+
"only localhost URL patterns included",
|
|
24
|
+
"no response body data included",
|
|
25
|
+
"no local username paths included"
|
|
26
|
+
]
|
|
27
|
+
}
|
|
28
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "airbyte-abctl-external-orchestrator",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"Airbyte Open Source README marker",
|
|
7
|
+
"settings.gradle root project airbyte",
|
|
8
|
+
"airbyte-cdk/",
|
|
9
|
+
"airbyte-integrations/",
|
|
10
|
+
"docker-images/",
|
|
11
|
+
"docs mention abctl",
|
|
12
|
+
"kind and Helm deployment markers"
|
|
13
|
+
],
|
|
14
|
+
"expectedBootProof": {
|
|
15
|
+
"kind": "agent_plan",
|
|
16
|
+
"values": [
|
|
17
|
+
"airbyte_abctl_managed",
|
|
18
|
+
"large_orchestration_repo",
|
|
19
|
+
"external_orchestrator_required",
|
|
20
|
+
"kind_kubernetes_backed",
|
|
21
|
+
"helm_deployed",
|
|
22
|
+
"auth_required"
|
|
23
|
+
]
|
|
24
|
+
},
|
|
25
|
+
"safeNextStep": "Review host tooling, explicitly approve the high-risk abctl local install step outside bootproof up, then use bootproof verify-url against http://localhost:8001/api/v1/health.",
|
|
26
|
+
"repairDisposition": "approval_required",
|
|
27
|
+
"externallyOrchestrated": true,
|
|
28
|
+
"evidenceOutcome": "verified_boot_possible",
|
|
29
|
+
"verificationBasis": "An observed successful external health response can verify the already-running service, but BootProof must not claim that it started Airbyte.",
|
|
30
|
+
"redactionsApplied": [
|
|
31
|
+
"no credentials output included",
|
|
32
|
+
"no Kubernetes secrets included",
|
|
33
|
+
"no copied vendor manifests included"
|
|
34
|
+
]
|
|
35
|
+
}
|
|
36
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "go-ollama-service",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"go.mod",
|
|
7
|
+
"main.go",
|
|
8
|
+
"cmd/",
|
|
9
|
+
"OLLAMA_HOST",
|
|
10
|
+
"serve command",
|
|
11
|
+
"port 11434",
|
|
12
|
+
"/api/tags"
|
|
13
|
+
],
|
|
14
|
+
"expectedBootProof": {
|
|
15
|
+
"kind": "classification_and_inference",
|
|
16
|
+
"values": [
|
|
17
|
+
"go-backend",
|
|
18
|
+
"go run . serve",
|
|
19
|
+
"go_runtime_missing",
|
|
20
|
+
"go_build_failed",
|
|
21
|
+
"http://127.0.0.1:11434/",
|
|
22
|
+
"http://127.0.0.1:11434/api/tags"
|
|
23
|
+
]
|
|
24
|
+
},
|
|
25
|
+
"safeNextStep": "Use the evidenced Go serve command only when the repository markers support it, then require an observed HTTP response on port 11434.",
|
|
26
|
+
"repairDisposition": "refused",
|
|
27
|
+
"externallyOrchestrated": false,
|
|
28
|
+
"evidenceOutcome": "verified_boot_possible",
|
|
29
|
+
"verificationBasis": "Observed HTTP 200 health from the root or /api/tags can verify the service; Go markers and a running process cannot.",
|
|
30
|
+
"redactionsApplied": [
|
|
31
|
+
"no model data included",
|
|
32
|
+
"no host environment values included",
|
|
33
|
+
"no local username paths included"
|
|
34
|
+
]
|
|
35
|
+
}
|
|
36
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "laravel-vite-sqlite",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"artisan",
|
|
7
|
+
"composer.json",
|
|
8
|
+
"package.json",
|
|
9
|
+
"vite.config.js",
|
|
10
|
+
".env.example",
|
|
11
|
+
"Connection: sqlite",
|
|
12
|
+
"database/database.sqlite missing"
|
|
13
|
+
],
|
|
14
|
+
"expectedBootProof": {
|
|
15
|
+
"kind": "classification_and_inference",
|
|
16
|
+
"values": [
|
|
17
|
+
"php-backend",
|
|
18
|
+
"laravel",
|
|
19
|
+
"node-frontend",
|
|
20
|
+
"vite",
|
|
21
|
+
"laravel_sqlite_database_missing",
|
|
22
|
+
"laravel_migrations_required"
|
|
23
|
+
]
|
|
24
|
+
},
|
|
25
|
+
"safeNextStep": "Review creation of database/database.sqlite, separately approve php artisan migrate, then rerun the Laravel application and require observed HTTP health.",
|
|
26
|
+
"repairDisposition": "approval_required",
|
|
27
|
+
"externallyOrchestrated": false,
|
|
28
|
+
"evidenceOutcome": "verified_boot_possible",
|
|
29
|
+
"verificationBasis": "A later observed HTTP 2xx response or accepted redirect to /login can verify the Laravel application; file creation and migration completion alone cannot.",
|
|
30
|
+
"redactionsApplied": [
|
|
31
|
+
"no environment values included",
|
|
32
|
+
"no database contents included",
|
|
33
|
+
"no local username paths included"
|
|
34
|
+
]
|
|
35
|
+
}
|
|
36
|
+
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "monorepo-ambiguous-health",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"root package.json workspaces",
|
|
7
|
+
"parallel root dev command",
|
|
8
|
+
"apps/web/package.json",
|
|
9
|
+
"apps/docs/package.json",
|
|
10
|
+
"multiple plausible health ports"
|
|
11
|
+
],
|
|
12
|
+
"expectedBootProof": {
|
|
13
|
+
"kind": "classification",
|
|
14
|
+
"values": [
|
|
15
|
+
"workspace_ambiguous"
|
|
16
|
+
]
|
|
17
|
+
},
|
|
18
|
+
"safeNextStep": "Select one reviewed workspace explicitly and rerun BootProof against that application instead of guessing among parallel services.",
|
|
19
|
+
"repairDisposition": "refused",
|
|
20
|
+
"externallyOrchestrated": false,
|
|
21
|
+
"evidenceOutcome": "diagnostic_only",
|
|
22
|
+
"verificationBasis": "Ambiguous workspace markers justify refusal only; no workspace can be marked verified until its own health response is observed.",
|
|
23
|
+
"redactionsApplied": [
|
|
24
|
+
"workspace names are generic",
|
|
25
|
+
"no repository source included",
|
|
26
|
+
"no environment values included"
|
|
27
|
+
]
|
|
28
|
+
}
|
|
29
|
+
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "php-composer",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"composer.json",
|
|
7
|
+
"composer.lock",
|
|
8
|
+
"php command not found",
|
|
9
|
+
"composer command not found",
|
|
10
|
+
"lock file package PHP constraint mismatch",
|
|
11
|
+
"vendor/autoload.php missing"
|
|
12
|
+
],
|
|
13
|
+
"expectedBootProof": {
|
|
14
|
+
"kind": "classification",
|
|
15
|
+
"values": [
|
|
16
|
+
"missing_php_runtime",
|
|
17
|
+
"missing_composer",
|
|
18
|
+
"unsupported_php_version_for_composer_lock",
|
|
19
|
+
"missing_php_vendor_autoload"
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
"safeNextStep": "Select a PHP version compatible with composer.lock, install Composer through the documented local method, and run composer install without editing the lockfile as the first step.",
|
|
23
|
+
"repairDisposition": "refused",
|
|
24
|
+
"externallyOrchestrated": false,
|
|
25
|
+
"evidenceOutcome": "diagnostic_only",
|
|
26
|
+
"verificationBasis": "Runtime and dependency evidence can support only a failed diagnostic receipt until a separate application health check succeeds.",
|
|
27
|
+
"redactionsApplied": [
|
|
28
|
+
"no package registry credentials included",
|
|
29
|
+
"no private package names included",
|
|
30
|
+
"no local filesystem paths included"
|
|
31
|
+
]
|
|
32
|
+
}
|
|
33
|
+
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema": "bootproof/registry-seed-example/v1",
|
|
3
|
+
"name": "rails-bundler",
|
|
4
|
+
"source": "synthetic_minimal_fixture",
|
|
5
|
+
"structuralMarkers": [
|
|
6
|
+
"Gemfile",
|
|
7
|
+
"bin/rails",
|
|
8
|
+
"config/database.yml example marker",
|
|
9
|
+
"rbenv version is not installed",
|
|
10
|
+
"Gem::Ext::BuildError",
|
|
11
|
+
"Failed to build gem native extension"
|
|
12
|
+
],
|
|
13
|
+
"expectedBootProof": {
|
|
14
|
+
"kind": "classification_and_inference",
|
|
15
|
+
"values": [
|
|
16
|
+
"ruby-backend",
|
|
17
|
+
"missing_ruby_version",
|
|
18
|
+
"native_extension_compile_failed"
|
|
19
|
+
]
|
|
20
|
+
},
|
|
21
|
+
"safeNextStep": "Approve installation of the exact repository-required Ruby version or evidenced native build dependency, rerun dependency installation, then require observed Rails HTTP health.",
|
|
22
|
+
"repairDisposition": "approval_required",
|
|
23
|
+
"externallyOrchestrated": false,
|
|
24
|
+
"evidenceOutcome": "verified_boot_possible",
|
|
25
|
+
"verificationBasis": "An observed Rails HTTP response, including an accepted authentication redirect, may verify boot; successful Bundler installation is not proof.",
|
|
26
|
+
"redactionsApplied": [
|
|
27
|
+
"no Bundler credentials included",
|
|
28
|
+
"no database values included",
|
|
29
|
+
"no copied application configuration included"
|
|
30
|
+
]
|
|
31
|
+
}
|
|
32
|
+
|