lastgen 1.2.0 → 1.2.1

package/src/core/verify.ts

@@ -1,213 +0,0 @@
-/**
- * @fileoverview Certificate verification logic. Platform-agnostic: no I/O, no display.
- * Accepts parsed data and a HashFn, returns structured results.
- */
-
-import type { Certificate, HashFn, VerifyResult } from './types.ts';
-import { CUTOFF_DATE, THIRTY_DAYS_MS } from './types.ts';
-import { fetchCommit } from './github.ts';
-import { generateCertificateHash, resolveProofDate } from './proof.ts';
-
-export function isValidCertificate(data: unknown): data is Certificate {
-  if (typeof data !== 'object' || data === null) {
-    return false;
-  }
-  const cert = data as Record<string, unknown>;
-  return (
-    cert.type === 'LASTGEN_CERTIFICATE' &&
-    typeof cert.version === 'string' &&
-    typeof cert.identity === 'object' &&
-    typeof cert.proof === 'object' &&
-    typeof cert.verification === 'object' &&
-    typeof cert.certificateNumber === 'string'
-  );
-}
-
-function matchesNoreplyEmail(email: string, username: string): boolean {
-  const lower = email.toLowerCase();
-  const user = username.toLowerCase();
-  const pattern = new RegExp(`^(\\d+\\+)?${escapeRegex(user)}@users\\.noreply\\.github\\.com$`);
-  return pattern.test(lower);
-}
-
-function escapeRegex(str: string): string {
-  return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-}
-
-export interface VerifyCertificateResult {
-  valid: boolean;
-  results: VerifyResult[];
-  certificateNumber: string;
-  username: string;
-}
-
-export async function verifyCertificateData(
-  cert: Certificate,
-  hashFn: HashFn,
-  token?: string,
-): Promise<VerifyCertificateResult> {
-  const results: VerifyResult[] = [];
-
-  const expectedHash = await generateCertificateHash(
-    hashFn,
-    cert.identity.username,
-    cert.identity.githubId,
-    cert.proof.proofDate,
-    cert.era,
-  );
-
-  const actualHash = cert.verification.hash.replace('sha256:', '');
-  results.push({
-    check: 'Hash integrity',
-    passed: expectedHash === actualHash,
-    detail:
-      expectedHash === actualHash
-        ? 'Certificate hash is valid'
-        : 'Certificate hash does not match - data may have been tampered with',
-  });
-
-  const proofDate = new Date(cert.proof.proofDate);
-  const cutoff = new Date(CUTOFF_DATE);
-  const isBeforeCutoff = proofDate.getTime() < cutoff.getTime();
-  const expectedEra = isBeforeCutoff ? 'LAST_GEN' : 'AI_NATIVE';
-  results.push({
-    check: 'Era classification',
-    passed: cert.era === expectedEra,
-    detail:
-      cert.era === expectedEra
-        ? `Era ${cert.era} is correct for proof date ${cert.proof.proofDate}`
-        : `Era should be ${expectedEra} but certificate claims ${cert.era}`,
-  });
-
-  const reconstructedUser = {
-    login: cert.identity.username,
-    id: cert.identity.githubId,
-    name: cert.identity.name,
-    createdAt: cert.proof.accountCreated,
-  };
-  const expectedProofDate = resolveProofDate(
-    reconstructedUser,
-    cert.proof.firstCommit.sha ? cert.proof.firstCommit : null,
-  );
-  const proofDateMatch =
-    Math.abs(new Date(expectedProofDate).getTime() - proofDate.getTime()) < 60000;
-  results.push({
-    check: 'Proof date',
-    passed: proofDateMatch,
-    detail: proofDateMatch
-      ? `Proof date ${cert.proof.proofDate} is consistent with commit and account data`
-      : `Proof date should be ${expectedProofDate} but certificate claims ${cert.proof.proofDate}`,
-  });
-
-  if (cert.proof.firstCommit.sha) {
-    try {
-      const commitDetail = await fetchCommit(
-        cert.proof.firstCommit.repo,
-        cert.proof.firstCommit.sha,
-        token,
-      );
-
-      const username = cert.identity.username.toLowerCase();
-      const authorMatch = (commitDetail.authorLogin ?? '').toLowerCase() === username;
-      const committerMatch = (commitDetail.committerLogin ?? '').toLowerCase() === username;
-      const emailMatch = commitDetail.authorEmail
-        ? matchesNoreplyEmail(commitDetail.authorEmail, cert.identity.username)
-        : false;
-
-      const identityMatch = authorMatch || committerMatch || emailMatch;
-      const matchMethods: string[] = [];
-      if (authorMatch) matchMethods.push('author login');
-      if (committerMatch) matchMethods.push('committer login');
-      if (emailMatch) matchMethods.push('noreply email');
-
-      results.push({
-        check: 'Identity',
-        passed: identityMatch,
-        detail: identityMatch
-          ? `Matched via: ${matchMethods.join(', ')}`
-          : `Commit author (${commitDetail.authorLogin}) does not match ${cert.identity.username}`,
-      });
-
-      const repoOwner = cert.proof.firstCommit.repo.split('/')[0] ?? '';
-      const isSelfOwned = repoOwner.toLowerCase() === cert.identity.username.toLowerCase();
-      results.push({
-        check: 'Repo ownership',
-        passed: true,
-        detail: isSelfOwned
-          ? `Commit is in a repo owned by ${cert.identity.username}`
-          : `Commit is in a third-party repo (${cert.proof.firstCommit.repo})`,
-      });
-
-      if (commitDetail.authorId !== null) {
-        const idMatch = commitDetail.authorId === cert.identity.githubId;
-        results.push({
-          check: 'GitHub ID',
-          passed: idMatch,
-          detail: idMatch
-            ? `GitHub ID ${commitDetail.authorId} matches certificate`
-            : `Commit author ID ${commitDetail.authorId} does not match certificate ID ${cert.identity.githubId}`,
-        });
-      }
-
-      const commitDate = new Date(commitDetail.authorDate ?? '');
-      const certDate = new Date(cert.proof.firstCommit.date);
-      const datesClose = Math.abs(commitDate.getTime() - certDate.getTime()) < 60000;
-      results.push({
-        check: 'Commit date',
-        passed: datesClose,
-        detail: datesClose
-          ? `Commit date matches certificate (${commitDetail.authorDate})`
-          : `Commit date ${commitDetail.authorDate} differs from certificate ${cert.proof.firstCommit.date}`,
-      });
-
-      if (commitDetail.authorDate && commitDetail.committerDate) {
-        const authorTime = new Date(commitDetail.authorDate).getTime();
-        const committerTime = new Date(commitDetail.committerDate).getTime();
-        const driftMs = Math.abs(committerTime - authorTime);
-        const driftDays = Math.round(driftMs / (24 * 60 * 60 * 1000));
-        const consistent = driftMs <= THIRTY_DAYS_MS;
-        results.push({
-          check: 'Date consistency',
-          passed: consistent,
-          detail: consistent
-            ? `Author/committer date drift: ${driftDays}d (within 30d threshold)`
-            : `Author/committer date drift: ${driftDays}d exceeds 30d - author date may be forged`,
-        });
-      }
-
-      if (commitDetail.isRootCommit) {
-        results.push({
-          check: 'Root commit',
-          passed: true,
-          detail: 'Commit has no parents (first commit in repo - higher trust)',
-        });
-      }
-
-      if (commitDetail.verified) {
-        const reason = commitDetail.verificationReason;
-        const reasonDetail = reason && reason !== 'valid' ? ` (${reason})` : '';
-        results.push({
-          check: 'GPG signature',
-          passed: true,
-          detail: `Commit is GPG-signed${reasonDetail}`,
-        });
-      }
-    } catch (fetchError) {
-      const message = fetchError instanceof Error ? fetchError.message : String(fetchError);
-      results.push({
-        check: 'Commit verification',
-        passed: false,
-        detail: `Could not fetch commit from GitHub: ${message}`,
-      });
-    }
-  }
-
-  const allPassed = results.every((r) => r.passed);
-
-  return {
-    valid: allPassed,
-    results,
-    certificateNumber: cert.certificateNumber,
-    username: cert.identity.username,
-  };
-}

package/src/display.ts

@@ -1,142 +0,0 @@
-/**
- * @fileoverview Terminal output formatting with ASCII box-drawing for certificates and verification.
- */
-
-import { styleText } from 'node:util';
-
-import type { Certificate } from './core/types.ts';
-import { ERAS } from './core/types.ts';
-
-function shouldUseColor(): boolean {
-  if (process.env['NO_COLOR'] !== undefined) {
-    return false;
-  }
-  if (process.env['TERM'] === 'dumb') {
-    return false;
-  }
-  if (process.argv.includes('--no-color')) {
-    return false;
-  }
-  return process.stdout.isTTY === true;
-}
-
-export function style(format: string | string[], text: string): string {
-  if (!shouldUseColor()) {
-    return text;
-  }
-  return styleText(format as Parameters<typeof styleText>[0], text);
-}
-
-export const BOX_WIDTH = 50;
-
-export function boxRule(): string {
-  return style('dim', '+' + '-'.repeat(BOX_WIDTH + 2) + '+');
-}
-
-export function boxLine(content: string, rawLength: number): string {
-  const pad = BOX_WIDTH - rawLength;
-  return style('dim', '|') + ' ' + content + ' '.repeat(Math.max(pad, 0)) + ' ' + style('dim', '|');
-}
-
-function boxEmpty(): string {
-  return boxLine('', 0);
-}
-
-const LABEL_WIDTH = 13;
-
-function labelLine(label: string, value: string, styledValue: string, lines: string[]): void {
-  const max = BOX_WIDTH - LABEL_WIDTH;
-  if (value.length <= max) {
-    lines.push(boxLine(style('dim', label) + styledValue, LABEL_WIDTH + value.length));
-    return;
-  }
-  const indent = ' '.repeat(LABEL_WIDTH);
-  let remaining = value;
-  let isFirst = true;
-  while (remaining.length > 0) {
-    const chunk = remaining.slice(0, max);
-    remaining = remaining.slice(max);
-    const prefix = isFirst ? style('dim', label) : indent;
-    lines.push(boxLine(prefix + chunk, LABEL_WIDTH + chunk.length));
-    isFirst = false;
-  }
-}
-
-export function displayCertificate(cert: Certificate): void {
-  const out = process.stdout;
-  const isLastGen = cert.era === 'LAST_GEN';
-  const eraInfo = ERAS[cert.era];
-  const lines: string[] = [];
-
-  lines.push(boxRule());
-
-  const title = style('bold', 'LASTGEN CERTIFICATE');
-  const titleRaw = 'LASTGEN CERTIFICATE';
-  const titlePadL = Math.floor((BOX_WIDTH - titleRaw.length) / 2);
-  const titlePadR = BOX_WIDTH - titleRaw.length - titlePadL;
-  lines.push(boxLine(' '.repeat(titlePadL) + title + ' '.repeat(titlePadR), BOX_WIDTH));
-
-  lines.push(boxRule());
-
-  labelLine('Certificate  ', cert.certificateNumber, cert.certificateNumber, lines);
-
-  const issuedDate = new Date(cert.issuedAt).toISOString().slice(0, 10);
-  labelLine('Issued       ', issuedDate, issuedDate, lines);
-
-  lines.push(boxEmpty());
-
-  const devValue = cert.identity.name
-    ? `${cert.identity.username} (${cert.identity.name})`
-    : cert.identity.username;
-  labelLine('Developer    ', devValue, devValue, lines);
-
-  const eraColor = isLastGen ? 'green' : 'cyan';
-  labelLine('Era          ', eraInfo.title, style(eraColor, eraInfo.title), lines);
-  labelLine('             ', eraInfo.description, style('dim', eraInfo.description), lines);
-
-  if (cert.proof.firstCommit.sha) {
-    lines.push(boxEmpty());
-
-    const commitDate = new Date(cert.proof.firstCommit.date).toISOString().slice(0, 10);
-    const repo = cert.proof.firstCommit.repo;
-    labelLine('Proof Commit ', repo, repo, lines);
-    const shaShort = cert.proof.firstCommit.sha.slice(0, 7);
-    const commitMsg = `${shaShort} ${cert.proof.firstCommit.message.replace(/\n/g, ' ')}`;
-    labelLine('             ', commitMsg, style('dim', commitMsg), lines);
-    labelLine('Commit Date  ', commitDate, commitDate, lines);
-  }
-
-  lines.push(boxEmpty());
-
-  const hash = cert.verification.hash;
-  labelLine('Hash         ', hash, style('dim', hash), lines);
-
-  lines.push(boxRule());
-
-  out.write('\n' + lines.join('\n') + '\n\n');
-}
-
-export function displayBadgeMarkdown(cert: Certificate): void {
-  const out = process.stdout;
-  const eraLabel = cert.era === 'LAST_GEN' ? 'Last%20Gen' : 'AI%20Native';
-  const color = cert.era === 'LAST_GEN' ? 'blue' : 'brightgreen';
-  const badgeUrl = `https://img.shields.io/badge/lastgen-${eraLabel}-${color}?style=for-the-badge`;
-
-  out.write('\n');
-  out.write(style('bold', '  Add to your GitHub README:') + '\n');
-  out.write('\n');
-  out.write(`  [![Last Gen Coder](${badgeUrl})](https://github.com/pgagnidze/lastgen)\n`);
-  out.write('\n');
-}
-
-export function displayJson(cert: Certificate): void {
-  process.stdout.write(JSON.stringify(cert, null, 2) + '\n');
-}
-
-export function info(message: string): void {
-  process.stderr.write(style('dim', `  ${message}`) + '\n');
-}
-
-export function error(message: string): void {
-  process.stderr.write(style('red', `  ${message}`) + '\n');
-}

package/src/hash.ts

@@ -1,11 +0,0 @@
-/**
- * @fileoverview Node.js SHA-256 hash implementation using node:crypto.
- */
-
-import { createHash } from 'node:crypto';
-
-import type { HashFn } from './core/types.ts';
-
-export const nodeHash: HashFn = async (data: string): Promise<string> => {
-  return createHash('sha256').update(data).digest('hex');
-};

package/src/index.ts

@@ -1,12 +0,0 @@
-#!/usr/bin/env node
-
-import { run } from './cli.ts';
-import { error } from './display.ts';
-
-try {
-  await run(process.argv.slice(2));
-} catch (err) {
-  const message = err instanceof Error ? err.message : String(err);
-  error(message);
-  process.exitCode = 1;
-}

package/src/serve.ts

@@ -1,77 +0,0 @@
-/**
- * @fileoverview Static HTTP server for the pre-built web frontend.
- * Zero dependencies — uses node:http and node:fs.
- */
-
-import { createServer } from 'node:http';
-import { readFileSync, existsSync } from 'node:fs';
-import { join, extname } from 'node:path';
-import { dirname } from 'node:path';
-import { fileURLToPath } from 'node:url';
-
-const MIME_TYPES: Record<string, string> = {
-  '.html': 'text/html; charset=utf-8',
-  '.css': 'text/css; charset=utf-8',
-  '.js': 'application/javascript; charset=utf-8',
-  '.json': 'application/json; charset=utf-8',
-  '.svg': 'image/svg+xml',
-  '.png': 'image/png',
-  '.ico': 'image/x-icon',
-};
-
-export function serve(port: number = 3000): void {
-  const __filename = fileURLToPath(import.meta.url);
-  const __dirname = dirname(__filename);
-  const distDir = join(__dirname, '..', 'web', 'dist');
-
-  if (!existsSync(distDir)) {
-    process.stderr.write(
-      `  Web assets not found at ${distDir}\n` +
-        '  Run "cd web && npm install && npm run build" first.\n',
-    );
-    process.exitCode = 1;
-    return;
-  }
-
-  const server = createServer((req, res) => {
-    let urlPath = req.url ?? '/';
-
-    const qIndex = urlPath.indexOf('?');
-    if (qIndex !== -1) urlPath = urlPath.slice(0, qIndex);
-
-    if (urlPath.startsWith('/lastgen/')) {
-      urlPath = urlPath.slice('/lastgen'.length);
-    }
-
-    if (urlPath === '/' || urlPath === '') urlPath = '/index.html';
-
-    const filePath = join(distDir, urlPath);
-
-    if (!filePath.startsWith(distDir)) {
-      res.writeHead(403);
-      res.end('Forbidden');
-      return;
-    }
-
-    try {
-      const content = readFileSync(filePath);
-      const ext = extname(filePath);
-      const contentType = MIME_TYPES[ext] ?? 'application/octet-stream';
-      res.writeHead(200, { 'Content-Type': contentType });
-      res.end(content);
-    } catch {
-      try {
-        const indexContent = readFileSync(join(distDir, 'index.html'));
-        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
-        res.end(indexContent);
-      } catch {
-        res.writeHead(404);
-        res.end('Not found');
-      }
-    }
-  });
-
-  server.listen(port, '127.0.0.1', () => {
-    process.stderr.write(`\n  lastgen web UI running at http://localhost:${port}/\n\n`);
-  });
-}

package/src/verify-cli.ts

@@ -1,89 +0,0 @@
-/**
- * @fileoverview CLI wrapper for certificate verification. Handles file I/O and display.
- */
-
-import { readFileSync } from 'node:fs';
-
-import type { HashFn } from './core/types.ts';
-import { isValidCertificate, verifyCertificateData } from './core/verify.ts';
-import { BOX_WIDTH, boxLine, boxRule, error, info, style } from './display.ts';
-
-export async function verifyCertificate(
-  filePath: string,
-  hashFn: HashFn,
-  token?: string,
-): Promise<boolean> {
-  let raw: string;
-  try {
-    raw = readFileSync(filePath, 'utf-8');
-  } catch {
-    error(`Cannot read file: ${filePath}`);
-    return false;
-  }
-
-  let cert: unknown;
-  try {
-    cert = JSON.parse(raw);
-  } catch {
-    error('Invalid JSON in certificate file.');
-    return false;
-  }
-
-  if (!isValidCertificate(cert)) {
-    error('File is not a valid lastgen certificate.');
-    return false;
-  }
-
-  info(`Verifying certificate ${cert.certificateNumber}...`);
-  info(`Developer: ${cert.identity.username}`);
-  info('');
-
-  if (cert.proof.firstCommit.sha) {
-    info(`Fetching commit ${cert.proof.firstCommit.sha.slice(0, 7)} from GitHub...`);
-  }
-
-  const { valid, results } = await verifyCertificateData(cert, hashFn, token);
-
-  const out = process.stdout;
-  const lines: string[] = [];
-
-  lines.push(boxRule());
-
-  const title = style('bold', 'VERIFICATION');
-  const titleRaw = 'VERIFICATION';
-  const titlePadL = Math.floor((BOX_WIDTH - titleRaw.length) / 2);
-  const titlePadR = BOX_WIDTH - titleRaw.length - titlePadL;
-  lines.push(boxLine(' '.repeat(titlePadL) + title + ' '.repeat(titlePadR), BOX_WIDTH));
-
-  lines.push(boxRule());
-
-  for (const result of results) {
-    const icon = result.passed ? style('green', 'PASS') : style('red', 'FAIL');
-    const checkLine = `${icon}  ${style('bold', result.check)}`;
-    lines.push(boxLine(checkLine, 4 + 2 + result.check.length));
-    const indent = 6;
-    const maxLen = BOX_WIDTH - indent;
-    let remaining = result.detail;
-    while (remaining.length > 0) {
-      const chunk = remaining.slice(0, maxLen);
-      remaining = remaining.slice(maxLen);
-      const line = ' '.repeat(indent) + style('dim', chunk);
-      lines.push(boxLine(line, indent + chunk.length));
-    }
-  }
-
-  lines.push(boxRule());
-
-  if (valid) {
-    const msg = style('green', 'Certificate is valid.');
-    lines.push(boxLine(msg, 21));
-  } else {
-    const msg = style('red', 'Certificate verification failed.');
-    lines.push(boxLine(msg, 32));
-  }
-
-  lines.push(boxRule());
-
-  out.write('\n' + lines.join('\n') + '\n\n');
-  return valid;
-}