bootproof 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/README.md +844 -152
  2. package/dist/agent-plan.d.ts +44 -0
  3. package/dist/agent-plan.js +826 -0
  4. package/dist/agent-run.d.ts +117 -0
  5. package/dist/agent-run.js +459 -0
  6. package/dist/ai-repair.d.ts +58 -0
  7. package/dist/ai-repair.js +380 -0
  8. package/dist/cli.js +730 -46
  9. package/dist/diagnosis.js +101 -16
  10. package/dist/diff.d.ts +29 -0
  11. package/dist/diff.js +569 -0
  12. package/dist/exec.d.ts +30 -2
  13. package/dist/exec.js +329 -51
  14. package/dist/external-health.d.ts +16 -0
  15. package/dist/external-health.js +214 -0
  16. package/dist/infer.js +238 -39
  17. package/dist/plan.js +2 -0
  18. package/dist/proof.d.ts +78 -2
  19. package/dist/proof.js +265 -12
  20. package/dist/receipt.d.ts +52 -0
  21. package/dist/receipt.js +356 -0
  22. package/dist/redact.d.ts +4 -0
  23. package/dist/redact.js +86 -2
  24. package/dist/registry.d.ts +82 -30
  25. package/dist/registry.js +355 -53
  26. package/dist/remote.js +3 -3
  27. package/dist/repair-playbooks.d.ts +24 -0
  28. package/dist/repair-playbooks.js +593 -0
  29. package/dist/repair-safety.d.ts +130 -0
  30. package/dist/repair-safety.js +766 -0
  31. package/dist/repair.d.ts +43 -11
  32. package/dist/repair.js +716 -7
  33. package/dist/run.d.ts +3 -0
  34. package/dist/run.js +218 -41
  35. package/dist/sbom.d.ts +22 -0
  36. package/dist/sbom.js +99 -0
  37. package/dist/taxonomy.d.ts +8 -3
  38. package/dist/taxonomy.js +404 -8
  39. package/dist/types.d.ts +40 -1
  40. package/docs/AGENT_IN_THE_LOOP.md +171 -0
  41. package/docs/AGENT_RUN_RECEIPTS.md +38 -0
  42. package/docs/CI_ACTION.md +67 -2
  43. package/docs/DETERMINISTIC_REPAIR_SAFETY_MODEL.md +705 -0
  44. package/docs/DISTRIBUTION.md +83 -0
  45. package/docs/FAILURE_TAXONOMY.md +28 -1
  46. package/docs/HONESTY_CONTRACT.md +34 -12
  47. package/docs/LAUNCH_PLAYBOOK.md +232 -0
  48. package/docs/REAL_WORLD_FIXTURES.md +105 -0
  49. package/docs/REGISTRY.md +48 -28
  50. package/docs/REPAIR_RECEIPT.md +54 -8
  51. package/docs/agent-loop-gap-analysis.md +188 -0
  52. package/docs/examples/registry-seeds/advertised-port-mismatch.json +28 -0
  53. package/docs/examples/registry-seeds/airbyte-abctl-external-orchestrator.json +36 -0
  54. package/docs/examples/registry-seeds/go-ollama-service.json +36 -0
  55. package/docs/examples/registry-seeds/laravel-vite-sqlite.json +36 -0
  56. package/docs/examples/registry-seeds/monorepo-ambiguous-health.json +29 -0
  57. package/docs/examples/registry-seeds/php-composer.json +33 -0
  58. package/docs/examples/registry-seeds/rails-bundler.json +32 -0
  59. package/docs/examples/registry-seeds/sentry-devenv-direnv.json +41 -0
  60. package/docs/schemas/action-verdict-v1.schema.json +64 -0
  61. package/docs/schemas/agent-plan-v1.schema.json +148 -0
  62. package/docs/schemas/agent-run-receipts-v1.schema.json +192 -0
  63. package/docs/schemas/ai-repair-suggestion-v1.schema.json +70 -0
  64. package/docs/schemas/ci-context-v1.schema.json +63 -0
  65. package/docs/schemas/diff-result-v1.schema.json +66 -0
  66. package/docs/schemas/federated-receipt-v1.schema.json +51 -0
  67. package/docs/schemas/registry-entry-v1.schema.json +95 -0
  68. package/docs/schemas/registry-seed-example-v1.schema.json +102 -0
  69. package/docs/schemas/repair-action-v1.schema.json +136 -0
  70. package/docs/schemas/repair-receipt-v1.schema.json +221 -0
  71. package/package.json +21 -11
@@ -0,0 +1,51 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/federated-receipt-v1.schema.json",
4
+ "title": "BootProof Federated Receipt v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "createdAt",
10
+ "registryEntry",
11
+ "attestationHash",
12
+ "publicRepoDeclaration",
13
+ "crawlerHint",
14
+ "redactionsApplied",
15
+ "noSecretsIncluded"
16
+ ],
17
+ "properties": {
18
+ "schema": { "const": "bootproof/federated-receipt/v1" },
19
+ "createdAt": { "type": "string", "format": "date-time" },
20
+ "registryEntry": { "$ref": "registry-entry-v1.schema.json" },
21
+ "attestationHash": { "$ref": "#/$defs/hash" },
22
+ "repairReceiptHash": { "$ref": "#/$defs/hash" },
23
+ "signature": { "$ref": "#/$defs/signature" },
24
+ "publicRepoDeclaration": { "const": true },
25
+ "crawlerHint": {
26
+ "type": "object",
27
+ "additionalProperties": false,
28
+ "required": ["commitHash", "branch"],
29
+ "properties": {
30
+ "repoUrl": { "type": "string", "format": "uri" },
31
+ "commitHash": { "type": ["string", "null"] },
32
+ "branch": { "type": ["string", "null"] }
33
+ }
34
+ },
35
+ "redactionsApplied": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
36
+ "noSecretsIncluded": { "const": true }
37
+ },
38
+ "$defs": {
39
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
40
+ "signature": {
41
+ "type": "object",
42
+ "additionalProperties": false,
43
+ "required": ["algorithm", "publicKey", "value"],
44
+ "properties": {
45
+ "algorithm": { "const": "ed25519" },
46
+ "publicKey": { "type": "string" },
47
+ "value": { "type": "string" }
48
+ }
49
+ }
50
+ }
51
+ }
@@ -0,0 +1,95 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/registry-entry-v1.schema.json",
4
+ "title": "BootProof Registry Entry v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "createdAt",
10
+ "bootproofVersion",
11
+ "source",
12
+ "registryMode",
13
+ "repoFingerprint",
14
+ "repoHost",
15
+ "repoOwnerHash",
16
+ "repoNameHash",
17
+ "commitHash",
18
+ "branch",
19
+ "os",
20
+ "arch",
21
+ "platform",
22
+ "packageManager",
23
+ "detectedStack",
24
+ "detectedServices",
25
+ "selectedCommandHash",
26
+ "selectedCommandRedacted",
27
+ "failureClass",
28
+ "failureEvidenceFingerprint",
29
+ "evidenceHeadRedacted",
30
+ "evidenceTailRedacted",
31
+ "healthStatus",
32
+ "healthUrlPattern",
33
+ "healthRedirectLocationPattern",
34
+ "verified",
35
+ "attestationHash",
36
+ "redactionsApplied",
37
+ "optInRequired"
38
+ ],
39
+ "properties": {
40
+ "schema": { "const": "bootproof/registry-entry/v1" },
41
+ "createdAt": { "type": "string", "format": "date-time" },
42
+ "bootproofVersion": { "type": "string", "minLength": 1 },
43
+ "source": { "const": "local_cli" },
44
+ "registryMode": {
45
+ "enum": ["local_export", "federated_public_candidate", "cloud_upload_candidate"]
46
+ },
47
+ "repoFingerprint": { "$ref": "#/$defs/hash" },
48
+ "repoHost": { "type": ["string", "null"] },
49
+ "repoOwnerHash": { "$ref": "#/$defs/hash" },
50
+ "repoNameHash": { "$ref": "#/$defs/hash" },
51
+ "publicRepoHint": { "type": "string", "format": "uri" },
52
+ "commitHash": { "type": ["string", "null"] },
53
+ "branch": { "type": ["string", "null"] },
54
+ "os": { "type": "string" },
55
+ "arch": { "type": "string" },
56
+ "platform": { "type": "string" },
57
+ "packageManager": { "type": "string" },
58
+ "detectedStack": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
59
+ "detectedServices": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
60
+ "selectedCommandHash": { "anyOf": [{ "$ref": "#/$defs/hash" }, { "type": "null" }] },
61
+ "selectedCommandRedacted": { "type": ["string", "null"] },
62
+ "failureClass": { "type": ["string", "null"] },
63
+ "failureEvidenceFingerprint": { "anyOf": [{ "$ref": "#/$defs/hash" }, { "type": "null" }] },
64
+ "evidenceHeadRedacted": { "type": ["string", "null"] },
65
+ "evidenceTailRedacted": { "type": ["string", "null"] },
66
+ "healthStatus": { "enum": ["healthy", "unhealthy", "connection_error", "not_observed"] },
67
+ "healthUrlPattern": { "type": ["string", "null"] },
68
+ "healthRedirectLocationPattern": { "type": ["string", "null"] },
69
+ "repairActionType": { "enum": ["repo-diff", "plan-step", "environment"] },
70
+ "repairCommandHash": { "$ref": "#/$defs/hash" },
71
+ "repairCommandRedacted": { "type": "string" },
72
+ "beforeFailureClass": { "type": "string" },
73
+ "afterFailureClass": { "type": "string" },
74
+ "progressed": { "type": "boolean" },
75
+ "verified": { "type": "boolean" },
76
+ "attestationHash": { "$ref": "#/$defs/hash" },
77
+ "repairReceiptHash": { "$ref": "#/$defs/hash" },
78
+ "redactionsApplied": { "type": "array", "items": { "type": "string" }, "uniqueItems": true },
79
+ "signature": { "$ref": "#/$defs/signature" },
80
+ "optInRequired": { "const": true }
81
+ },
82
+ "$defs": {
83
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
84
+ "signature": {
85
+ "type": "object",
86
+ "additionalProperties": false,
87
+ "required": ["algorithm", "publicKey", "value"],
88
+ "properties": {
89
+ "algorithm": { "const": "ed25519" },
90
+ "publicKey": { "type": "string" },
91
+ "value": { "type": "string" }
92
+ }
93
+ }
94
+ }
95
+ }
@@ -0,0 +1,102 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/registry-seed-example-v1.schema.json",
4
+ "title": "BootProof real-world registry seed example",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "name",
10
+ "source",
11
+ "structuralMarkers",
12
+ "expectedBootProof",
13
+ "safeNextStep",
14
+ "repairDisposition",
15
+ "externallyOrchestrated",
16
+ "evidenceOutcome",
17
+ "verificationBasis",
18
+ "redactionsApplied"
19
+ ],
20
+ "properties": {
21
+ "schema": {
22
+ "const": "bootproof/registry-seed-example/v1"
23
+ },
24
+ "name": {
25
+ "type": "string",
26
+ "minLength": 1
27
+ },
28
+ "source": {
29
+ "const": "synthetic_minimal_fixture"
30
+ },
31
+ "structuralMarkers": {
32
+ "type": "array",
33
+ "minItems": 1,
34
+ "uniqueItems": true,
35
+ "items": {
36
+ "type": "string",
37
+ "minLength": 1
38
+ }
39
+ },
40
+ "expectedBootProof": {
41
+ "type": "object",
42
+ "additionalProperties": false,
43
+ "required": [
44
+ "kind",
45
+ "values"
46
+ ],
47
+ "properties": {
48
+ "kind": {
49
+ "enum": [
50
+ "classification",
51
+ "inference",
52
+ "classification_and_inference",
53
+ "agent_plan"
54
+ ]
55
+ },
56
+ "values": {
57
+ "type": "array",
58
+ "minItems": 1,
59
+ "uniqueItems": true,
60
+ "items": {
61
+ "type": "string",
62
+ "minLength": 1
63
+ }
64
+ }
65
+ }
66
+ },
67
+ "safeNextStep": {
68
+ "type": "string",
69
+ "minLength": 1
70
+ },
71
+ "repairDisposition": {
72
+ "enum": [
73
+ "automatic",
74
+ "approval_required",
75
+ "refused"
76
+ ]
77
+ },
78
+ "externallyOrchestrated": {
79
+ "type": "boolean"
80
+ },
81
+ "evidenceOutcome": {
82
+ "enum": [
83
+ "verified_boot_possible",
84
+ "diagnostic_only"
85
+ ]
86
+ },
87
+ "verificationBasis": {
88
+ "type": "string",
89
+ "minLength": 1
90
+ },
91
+ "redactionsApplied": {
92
+ "type": "array",
93
+ "minItems": 1,
94
+ "uniqueItems": true,
95
+ "items": {
96
+ "type": "string",
97
+ "minLength": 1
98
+ }
99
+ }
100
+ }
101
+ }
102
+
@@ -0,0 +1,136 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/repair-action-v1.schema.json",
4
+ "title": "BootProof Repair Action v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "actionType",
10
+ "mutationScope",
11
+ "riskLevel",
12
+ "requiresApproval",
13
+ "approvalPrompt",
14
+ "blockedReason",
15
+ "verificationStep",
16
+ "command",
17
+ "patch",
18
+ "instruction",
19
+ "explanation",
20
+ "evidenceRefs",
21
+ "deterministic",
22
+ "source"
23
+ ],
24
+ "properties": {
25
+ "schema": { "const": "bootproof/repair-action/v1" },
26
+ "actionType": { "enum": ["command", "patch", "instruction"] },
27
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
28
+ "riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
29
+ "requiresApproval": { "type": "boolean", "default": true },
30
+ "approvalPrompt": { "type": "string", "minLength": 1 },
31
+ "blockedReason": { "type": "string" },
32
+ "verificationStep": { "type": "string", "minLength": 1 },
33
+ "command": {
34
+ "anyOf": [
35
+ { "$ref": "#/$defs/command" },
36
+ { "type": "null" }
37
+ ]
38
+ },
39
+ "patch": {
40
+ "anyOf": [
41
+ { "$ref": "#/$defs/patch" },
42
+ { "type": "null" }
43
+ ]
44
+ },
45
+ "instruction": { "type": ["string", "null"] },
46
+ "explanation": { "type": "string", "minLength": 1 },
47
+ "evidenceRefs": {
48
+ "type": "array",
49
+ "items": { "type": "string" },
50
+ "uniqueItems": true
51
+ },
52
+ "deterministic": { "type": "boolean" },
53
+ "source": { "enum": ["deterministic_playbook", "ai_suggested"] }
54
+ },
55
+ "allOf": [
56
+ {
57
+ "if": { "properties": { "actionType": { "const": "command" } } },
58
+ "then": {
59
+ "properties": {
60
+ "command": { "$ref": "#/$defs/command" },
61
+ "patch": { "type": "null" },
62
+ "instruction": { "type": "null" },
63
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] }
64
+ }
65
+ }
66
+ },
67
+ {
68
+ "if": { "properties": { "actionType": { "const": "patch" } } },
69
+ "then": {
70
+ "properties": {
71
+ "command": { "type": "null" },
72
+ "patch": { "$ref": "#/$defs/patch" },
73
+ "instruction": { "type": "null" },
74
+ "mutationScope": { "const": "repo_only" },
75
+ "requiresApproval": { "const": true }
76
+ }
77
+ }
78
+ },
79
+ {
80
+ "if": { "properties": { "actionType": { "const": "instruction" } } },
81
+ "then": {
82
+ "properties": {
83
+ "command": { "type": "null" },
84
+ "patch": { "type": "null" },
85
+ "instruction": { "type": "string", "minLength": 1 }
86
+ }
87
+ }
88
+ },
89
+ {
90
+ "if": { "properties": { "riskLevel": { "enum": ["medium", "high"] } } },
91
+ "then": {
92
+ "properties": {
93
+ "requiresApproval": { "const": true }
94
+ }
95
+ }
96
+ },
97
+ {
98
+ "if": { "properties": { "source": { "const": "deterministic_playbook" } } },
99
+ "then": { "properties": { "deterministic": { "const": true } } }
100
+ },
101
+ {
102
+ "if": { "properties": { "source": { "const": "ai_suggested" } } },
103
+ "then": { "properties": { "deterministic": { "const": false } } }
104
+ }
105
+ ],
106
+ "$defs": {
107
+ "command": {
108
+ "type": "object",
109
+ "additionalProperties": false,
110
+ "required": ["executable", "args", "display"],
111
+ "properties": {
112
+ "executable": { "type": "string", "minLength": 1 },
113
+ "args": {
114
+ "type": "array",
115
+ "items": { "type": "string" }
116
+ },
117
+ "display": { "type": "string", "minLength": 1 }
118
+ }
119
+ },
120
+ "patch": {
121
+ "type": "object",
122
+ "additionalProperties": false,
123
+ "required": ["format", "content", "files"],
124
+ "properties": {
125
+ "format": { "const": "unified-diff" },
126
+ "content": { "type": "string", "minLength": 1 },
127
+ "files": {
128
+ "type": "array",
129
+ "minItems": 1,
130
+ "uniqueItems": true,
131
+ "items": { "type": "string", "minLength": 1 }
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
@@ -0,0 +1,221 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://bootproof.dev/schemas/repair-receipt-v1.schema.json",
4
+ "title": "BootProof Repair Receipt v1",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema",
9
+ "repairId",
10
+ "createdAt",
11
+ "bootproofVersion",
12
+ "source",
13
+ "beforeFailureClass",
14
+ "beforeEvidenceHash",
15
+ "proposedAction",
16
+ "actionType",
17
+ "mutationScope",
18
+ "riskLevel",
19
+ "userApprovalRequired",
20
+ "applyResult",
21
+ "progressed",
22
+ "verified",
23
+ "explanation",
24
+ "redactionsApplied"
25
+ ],
26
+ "properties": {
27
+ "schema": { "const": "bootproof/repair-receipt/v1" },
28
+ "repairId": { "type": "string", "minLength": 1 },
29
+ "createdAt": { "type": "string", "format": "date-time" },
30
+ "bootproofVersion": { "type": "string", "minLength": 1 },
31
+ "source": { "enum": ["deterministic_playbook", "ai_suggested"] },
32
+ "beforeFailureClass": { "type": "string", "minLength": 1 },
33
+ "beforeEvidenceHash": { "$ref": "#/$defs/hash" },
34
+ "proposedAction": { "$ref": "repair-action-v1.schema.json" },
35
+ "actionType": { "enum": ["command", "patch", "instruction"] },
36
+ "mutationScope": { "enum": ["none", "repo_only", "project_cache", "container_runtime", "host_tool_install", "host_network", "kubernetes_cluster", "database", "service", "credentials", "unknown"] },
37
+ "riskLevel": { "enum": ["none", "low", "medium", "high", "blocked"] },
38
+ "userApprovalRequired": { "type": "boolean" },
39
+ "approvedAt": { "type": "string", "format": "date-time" },
40
+ "appliedAt": { "type": "string", "format": "date-time" },
41
+ "applyResult": { "$ref": "#/$defs/applyResult" },
42
+ "afterFailureClass": { "type": "string", "minLength": 1 },
43
+ "progressed": { "type": "boolean" },
44
+ "verified": { "type": "boolean" },
45
+ "explanation": { "type": "string", "minLength": 1 },
46
+ "redactionsApplied": {
47
+ "type": "array",
48
+ "items": { "type": "string" },
49
+ "uniqueItems": true
50
+ },
51
+ "tool": { "type": "string" },
52
+ "repo": { "$ref": "#/$defs/repo" },
53
+ "environment": { "$ref": "#/$defs/environment" },
54
+ "failure": { "$ref": "#/$defs/failure" },
55
+ "repair": { "$ref": "#/$defs/legacyRepair" },
56
+ "verification": { "$ref": "#/$defs/verification" },
57
+ "aiEvidence": { "$ref": "#/$defs/aiEvidence" },
58
+ "startedAt": { "type": "string", "format": "date-time" },
59
+ "finishedAt": { "type": "string", "format": "date-time" },
60
+ "signer": {
61
+ "anyOf": [
62
+ { "$ref": "#/$defs/signer" },
63
+ { "type": "null" }
64
+ ]
65
+ },
66
+ "signature": { "type": ["string", "null"] }
67
+ },
68
+ "$defs": {
69
+ "hash": { "type": "string", "pattern": "^[0-9a-f]{64}$" },
70
+ "applyResult": {
71
+ "type": "object",
72
+ "additionalProperties": false,
73
+ "required": ["status", "exitCode", "filesChanged", "evidence"],
74
+ "properties": {
75
+ "status": { "enum": ["not_applied", "applied", "failed"] },
76
+ "exitCode": { "type": ["integer", "null"] },
77
+ "filesChanged": {
78
+ "type": "array",
79
+ "items": { "type": "string" }
80
+ },
81
+ "evidence": { "type": ["string", "null"] }
82
+ }
83
+ },
84
+ "repo": {
85
+ "type": "object",
86
+ "additionalProperties": false,
87
+ "required": ["remote", "commit", "dirty"],
88
+ "properties": {
89
+ "remote": { "type": ["string", "null"] },
90
+ "commit": { "type": ["string", "null"] },
91
+ "dirty": { "type": ["boolean", "null"] }
92
+ }
93
+ },
94
+ "environment": {
95
+ "type": "object",
96
+ "additionalProperties": false,
97
+ "required": ["os", "arch", "node"],
98
+ "properties": {
99
+ "os": { "type": "string" },
100
+ "arch": { "type": "string" },
101
+ "node": { "type": "string" }
102
+ }
103
+ },
104
+ "failure": {
105
+ "type": "object",
106
+ "additionalProperties": false,
107
+ "required": ["class", "beforeAttestationSha256"],
108
+ "properties": {
109
+ "class": { "type": "string" },
110
+ "beforeAttestationSha256": { "$ref": "#/$defs/hash" }
111
+ }
112
+ },
113
+ "legacyRepair": {
114
+ "type": "object",
115
+ "additionalProperties": false,
116
+ "required": [
117
+ "id",
118
+ "kind",
119
+ "description",
120
+ "diff",
121
+ "filesChanged",
122
+ "fileChanges",
123
+ "preconditions",
124
+ "planDelta",
125
+ "envDelta"
126
+ ],
127
+ "properties": {
128
+ "id": { "type": "string" },
129
+ "kind": { "enum": ["repo-diff", "plan-step", "environment"] },
130
+ "description": { "type": "string" },
131
+ "diff": { "type": ["string", "null"] },
132
+ "filesChanged": { "type": "array", "items": { "type": "string" } },
133
+ "fileChanges": { "type": "array", "items": { "$ref": "#/$defs/fileChange" } },
134
+ "preconditions": { "type": "array", "items": { "$ref": "#/$defs/precondition" } },
135
+ "planDelta": { "type": ["string", "null"] },
136
+ "envDelta": { "type": ["string", "null"] }
137
+ }
138
+ },
139
+ "fileChange": {
140
+ "type": "object",
141
+ "additionalProperties": false,
142
+ "required": ["path", "beforeSha256", "afterSha256", "beforeContent", "afterContent"],
143
+ "properties": {
144
+ "path": { "type": "string" },
145
+ "beforeSha256": {
146
+ "anyOf": [
147
+ { "$ref": "#/$defs/hash" },
148
+ { "type": "null" }
149
+ ]
150
+ },
151
+ "afterSha256": { "$ref": "#/$defs/hash" },
152
+ "beforeContent": { "type": ["string", "null"] },
153
+ "afterContent": { "type": "string" }
154
+ }
155
+ },
156
+ "precondition": {
157
+ "type": "object",
158
+ "additionalProperties": false,
159
+ "required": ["path", "sha256"],
160
+ "properties": {
161
+ "path": { "type": "string" },
162
+ "sha256": { "$ref": "#/$defs/hash" }
163
+ }
164
+ },
165
+ "verification": {
166
+ "type": "object",
167
+ "additionalProperties": false,
168
+ "required": ["before", "after"],
169
+ "properties": {
170
+ "before": {
171
+ "type": "object",
172
+ "additionalProperties": false,
173
+ "required": ["booted", "failureClass", "attestationSha256"],
174
+ "properties": {
175
+ "booted": { "const": false },
176
+ "failureClass": { "type": "string" },
177
+ "attestationSha256": { "$ref": "#/$defs/hash" }
178
+ }
179
+ },
180
+ "after": {
181
+ "type": "object",
182
+ "additionalProperties": false,
183
+ "required": ["booted", "bootproofOrchestrated", "healthObservation", "attestationSha256"],
184
+ "properties": {
185
+ "booted": { "type": "boolean" },
186
+ "bootproofOrchestrated": { "type": "boolean" },
187
+ "healthObservation": { "type": "string" },
188
+ "attestationSha256": { "$ref": "#/$defs/hash" }
189
+ }
190
+ }
191
+ }
192
+ },
193
+ "signer": {
194
+ "type": "object",
195
+ "additionalProperties": false,
196
+ "required": ["publicKey", "algorithm"],
197
+ "properties": {
198
+ "publicKey": { "type": "string" },
199
+ "algorithm": { "const": "ed25519" }
200
+ }
201
+ },
202
+ "aiEvidence": {
203
+ "type": "object",
204
+ "additionalProperties": false,
205
+ "required": ["provider", "model", "context", "suggestion"],
206
+ "description": "AI prompt and response evidence for auditability. Present only when source === 'ai_suggested'. The context is redacted before storage; the suggestion is the validated structured response.",
207
+ "properties": {
208
+ "provider": { "enum": ["openai", "anthropic"] },
209
+ "model": { "type": "string", "minLength": 1 },
210
+ "context": {
211
+ "type": "object",
212
+ "description": "The redacted bootproof/ai-repair-context/v1 object sent to the AI provider."
213
+ },
214
+ "suggestion": {
215
+ "type": "object",
216
+ "description": "The validated bootproof/ai-repair-suggestion/v1 object the AI returned."
217
+ }
218
+ }
219
+ }
220
+ }
221
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "bootproof",
3
- "version": "0.3.0",
3
+ "version": "0.4.1",
4
4
  "description": "The honest run button for repos. Boots unfamiliar code when it safely can, tells the truth when it cannot, and signs proof of what happened.",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
@@ -15,25 +15,31 @@
15
15
  ],
16
16
  "scripts": {
17
17
  "clean": "node -e \"require('node:fs').rmSync('dist', { recursive: true, force: true })\"",
18
- "build": "npm run clean && tsc -p tsconfig.json",
18
+ "build": "npm run clean && tsc -p tsconfig.json && chmod +x dist/cli.js",
19
19
  "prepack": "npm run build",
20
20
  "pack:check": "node scripts/pack-smoke.mjs",
21
21
  "release:check": "npm test && npm run build && npm run pack:check && npm publish --dry-run",
22
22
  "lint": "tsc -p tsconfig.json --noEmit",
23
- "test": "npm run build && node --test tests/unit.test.mjs tests/e2e.test.mjs",
23
+ "test": "npm run build && node --test tests/unit.test.mjs tests/action.test.mjs tests/e2e.test.mjs tests/receipt.test.mjs",
24
24
  "ci": "npm run lint && npm run test"
25
25
  },
26
26
  "repository": {
27
27
  "type": "git",
28
- "url": "git+https://github.com/rossbuckley1990-hash/bootproof.git"
28
+ "url": "git+https://github.com/bootproof/bootproof.git"
29
29
  },
30
30
  "keywords": [
31
- "devtools",
32
- "onboarding",
33
- "docker",
34
- "run",
35
31
  "attestation",
36
- "reproducibility"
32
+ "runtime-verification",
33
+ "ai-agents",
34
+ "claude-code",
35
+ "ci",
36
+ "signed",
37
+ "receipt",
38
+ "proof",
39
+ "health-check",
40
+ "supply-chain",
41
+ "provenance",
42
+ "verification"
37
43
  ],
38
44
  "engines": {
39
45
  "node": ">=20.11"
@@ -42,13 +48,17 @@
42
48
  "access": "public"
43
49
  },
44
50
  "devDependencies": {
51
+ "@noble/curves": "^1.6.0",
52
+ "@noble/hashes": "^1.5.0",
45
53
  "@types/node": "^22.19.20",
54
+ "esbuild": "^0.28.1",
55
+ "playwright": "^1.61.1",
46
56
  "typescript": "5.8.3"
47
57
  },
48
58
  "bugs": {
49
- "url": "https://github.com/rossbuckley1990-hash/bootproof/issues"
59
+ "url": "https://github.com/bootproof/bootproof/issues"
50
60
  },
51
- "homepage": "https://github.com/rossbuckley1990-hash/bootproof#readme",
61
+ "homepage": "https://github.com/bootproof/bootproof#readme",
52
62
  "dependencies": {
53
63
  "yaml": "^2.9.0"
54
64
  }