monomind 1.8.0 → 1.9.1

package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.js

@@ -3,6 +3,19 @@
  *
  * ASCII and DOT (Graphviz) renderers for communication flow edges.
  */
+/** Escape a slug for safe DOT identifier interpolation. */
+function dotEscape(s) {
+    return String(s ?? '').replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+}
+/** Strip newlines/CR for safe ASCII line emission (log-injection defense). */
+function asciiSafe(s) {
+    return String(s ?? '').replace(/[\r\n\x00-\x1f\x7f]/g, '?');
+}
+/** Restrict graph names to a safe DOT identifier — graph_name must be an ID. */
+function safeGraphName(name) {
+    return /^[a-zA-Z_][a-zA-Z0-9_]{0,63}$/.test(name) ? name : 'swarm_flow';
+}
+const MAX_DISPLAY_EDGES = 500;
 /**
  * Render edges as human-readable ASCII art.
  * Empty edges produce a single-line "unrestricted" notice.
@@ -10,23 +23,30 @@
 export function toAscii(edges, title) {
     const lines = [];
     if (title) {
-        lines.push(`=== ${title} ===`);
+        lines.push(`=== ${asciiSafe(title)} ===`);
         lines.push('');
     }
     if (edges.length === 0) {
         lines.push('(unrestricted — all agents may communicate freely)');
         return lines.join('\n');
     }
-    for (const [from, to] of edges) {
-        lines.push(`  ${from} --> ${to}`);
+    const capped = edges.slice(0, MAX_DISPLAY_EDGES);
+    for (const [from, to] of capped) {
+        lines.push(`  ${asciiSafe(from)} --> ${asciiSafe(to)}`);
+    }
+    if (edges.length > MAX_DISPLAY_EDGES) {
+        lines.push(`  ... (${edges.length - MAX_DISPLAY_EDGES} more edges omitted)`);
     }
     return lines.join('\n');
 }
 /**
  * Render edges as a DOT language digraph (Graphviz compatible).
+ * Slugs are escaped so a malicious slug cannot inject DOT attributes
+ * (e.g., URL="javascript:..." would be rendered as a clickable link
+ * by Graphviz's SVG output without escaping).
  */
 export function toDOT(edges, graphName) {
-    const name = graphName ?? 'swarm_flow';
+    const name = safeGraphName(graphName ?? 'swarm_flow');
     const lines = [];
     lines.push(`digraph ${name} {`);
     lines.push('  rankdir=LR;');
@@ -34,8 +54,12 @@ export function toDOT(edges, graphName) {
         lines.push('  // unrestricted — no explicit edges');
     }
     else {
-        for (const [from, to] of edges) {
-            lines.push(`  "${from}" -> "${to}";`);
+        const capped = edges.slice(0, MAX_DISPLAY_EDGES);
+        for (const [from, to] of capped) {
+            lines.push(`  "${dotEscape(from)}" -> "${dotEscape(to)}";`);
+        }
+        if (edges.length > MAX_DISPLAY_EDGES) {
+            lines.push(`  // ... (${edges.length - MAX_DISPLAY_EDGES} more edges omitted)`);
         }
     }
     lines.push('}');

package/packages/@monomind/cli/dist/src/transfer/anonymization/index.js

@@ -113,10 +113,12 @@ export function anonymizeCFP(cfp, level) {
     }
     // Level: Standard
     if (['standard', 'strict', 'paranoid'].includes(level)) {
-        // Redact PII from all string fields
-        const jsonStr = JSON.stringify(anonymized.patterns);
+        // Redact PII from all string fields including metadata
+        const jsonStr = JSON.stringify({ patterns: anonymized.patterns, metadata: anonymized.metadata });
         const redacted = redactPII(jsonStr);
-        anonymized.patterns = JSON.parse(redacted);
+        const redactedObj = JSON.parse(redacted);
+        anonymized.patterns = redactedObj.patterns;
+        anonymized.metadata = redactedObj.metadata;
         transforms.push('pii-redacted');
         // Generalize timestamps
         anonymized.anonymization.timestampsGeneralized = true;

package/packages/@monomind/cli/dist/src/transfer/export.js

@@ -54,13 +54,15 @@ export async function exportPatterns(cfp, options = {}) {
         if (!fs.existsSync(dir)) {
             fs.mkdirSync(dir, { recursive: true });
         }
-        // Write file
+        // Write file atomically
+        const tmp = outputPath + '.tmp';
         if (typeof serialized === 'string') {
-            fs.writeFileSync(outputPath, serialized, 'utf-8');
+            fs.writeFileSync(tmp, serialized, 'utf-8');
         }
         else {
-            fs.writeFileSync(outputPath, serialized);
+            fs.writeFileSync(tmp, serialized);
         }
+        fs.renameSync(tmp, outputPath);
         console.log(`Exported to: ${outputPath}`);
     }
     // Calculate pattern count

package/packages/@monomind/cli/dist/src/transfer/ipfs/client.js

@@ -19,6 +19,68 @@ export const IPFS_GATEWAYS = [
     'https://dweb.link',
     'https://w3s.link', // web3.storage gateway
 ];
+/** Maximum response size for IPFS fetches — prevents OOM on attacker-controlled response bodies */
+const MAX_IPFS_RESPONSE_BYTES = 50 * 1024 * 1024; // 50 MB
+/**
+ * Allowlist gateway hosts to prevent SSRF when user-supplied gateways are passed in.
+ * Any preferredGateway must match this allowlist.
+ */
+const ALLOWED_GATEWAY_HOSTS = new Set([
+    'gateway.pinata.cloud',
+    'cloudflare-ipfs.com',
+    'ipfs.io',
+    'dweb.link',
+    'w3s.link',
+]);
+function isAllowedGatewayUrl(url) {
+    try {
+        const parsed = new URL(url);
+        return parsed.protocol === 'https:' && ALLOWED_GATEWAY_HOSTS.has(parsed.hostname);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Fetch a response body with a hard byte cap. Aborts the stream if the limit is exceeded
+ * to prevent OOM from attacker-controlled response bodies.
+ */
+async function readBodyWithLimit(response, maxBytes) {
+    // Fast-path: trust Content-Length when present
+    const lengthHeader = response.headers.get('content-length');
+    if (lengthHeader) {
+        const declared = parseInt(lengthHeader, 10);
+        if (Number.isFinite(declared) && declared > maxBytes) {
+            throw new Error(`Response too large: ${declared} bytes (max ${maxBytes})`);
+        }
+    }
+    const reader = response.body?.getReader();
+    if (!reader)
+        return '';
+    const chunks = [];
+    let total = 0;
+    while (true) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        if (value) {
+            total += value.byteLength;
+            if (total > maxBytes) {
+                await reader.cancel();
+                throw new Error(`Response too large: exceeded ${maxBytes} bytes`);
+            }
+            chunks.push(value);
+        }
+    }
+    // Concatenate and decode as UTF-8
+    const combined = new Uint8Array(total);
+    let offset = 0;
+    for (const c of chunks) {
+        combined.set(c, offset);
+        offset += c.byteLength;
+    }
+    return new TextDecoder('utf-8').decode(combined);
+}
 /**
  * IPNS resolvers
  */
@@ -35,6 +97,10 @@ export const IPNS_RESOLVERS = [
  * @returns CID string or null if resolution fails
  */
 export async function resolveIPNS(ipnsName, preferredGateway) {
+    if (!isValidIPNS(ipnsName))
+        return null;
+    if (preferredGateway && !isAllowedGatewayUrl(preferredGateway))
+        return null;
     const resolvers = preferredGateway
         ? [preferredGateway, ...IPNS_RESOLVERS.filter(r => r !== preferredGateway)]
         : IPNS_RESOLVERS;
@@ -50,22 +116,24 @@ export async function resolveIPNS(ipnsName, preferredGateway) {
                     headers: { 'Accept': 'application/json' },
                 });
                 if (response.ok) {
-                    const data = await response.json();
+                    const text = await readBodyWithLimit(response, 64 * 1024); // IPNS resolve is tiny
+                    const data = JSON.parse(text);
                     cid = data.Path?.replace('/ipfs/', '') || null;
                 }
             }
-            // Method 2: Direct IPNS key resolution via gateway redirect
+            // Method 2: Direct IPNS key resolution via gateway redirect.
+            // Final URL must still be on a trusted gateway host (SSRF / open-redirect defense)
+            // and the extracted CID must pass `isValidCID` to prevent injection.
             if (!cid) {
                 const response = await fetch(`${gateway}/ipns/${ipnsName}`, {
                     method: 'HEAD',
                     signal: AbortSignal.timeout(10000),
                     redirect: 'follow',
                 });
-                if (response.ok) {
-                    // Extract CID from the final URL after redirects
+                if (response.ok && isAllowedGatewayUrl(response.url)) {
                     const finalUrl = response.url;
                     const cidMatch = finalUrl.match(/\/ipfs\/([a-zA-Z0-9]+)/);
-                    if (cidMatch) {
+                    if (cidMatch && isValidCID(cidMatch[1])) {
                         cid = cidMatch[1];
                     }
                 }
@@ -95,6 +163,9 @@ export async function resolveIPNS(ipnsName, preferredGateway) {
 export async function fetchFromIPFS(cid, preferredGateway) {
     if (!isValidCID(cid))
         return null;
+    // Reject preferred gateways outside the allowlist (SSRF defense)
+    if (preferredGateway && !isAllowedGatewayUrl(preferredGateway))
+        return null;
     const gateways = preferredGateway
         ? [preferredGateway, ...IPFS_GATEWAYS.filter(g => g !== preferredGateway)]
         : IPFS_GATEWAYS;
@@ -111,7 +182,8 @@ export async function fetchFromIPFS(cid, preferredGateway) {
                 },
             });
             if (response.ok) {
-                const data = await response.json();
+                const text = await readBodyWithLimit(response, MAX_IPFS_RESPONSE_BYTES);
+                const data = JSON.parse(text);
                 const latency = Date.now() - startTime;
                 console.log(`[IPFS] Fetched ${cid} from ${gateway} (${latency}ms)`);
                 return data;
@@ -139,6 +211,8 @@ export async function fetchFromIPFS(cid, preferredGateway) {
 export async function fetchFromIPFSWithMetadata(cid, preferredGateway) {
     if (!isValidCID(cid))
         return null;
+    if (preferredGateway && !isAllowedGatewayUrl(preferredGateway))
+        return null;
     const gateways = preferredGateway
         ? [preferredGateway, ...IPFS_GATEWAYS.filter(g => g !== preferredGateway)]
         : IPFS_GATEWAYS;
@@ -153,7 +227,8 @@ export async function fetchFromIPFSWithMetadata(cid, preferredGateway) {
                 },
             });
             if (response.ok) {
-                const data = await response.json();
+                const text = await readBodyWithLimit(response, MAX_IPFS_RESPONSE_BYTES);
+                const data = JSON.parse(text);
                 const latencyMs = Date.now() - startTime;
                 const cached = response.headers.get('X-Cache')?.includes('HIT') ||
                     response.headers.get('CF-Cache-Status') === 'HIT';
@@ -178,6 +253,8 @@ export async function fetchFromIPFSWithMetadata(cid, preferredGateway) {
 export async function isPinned(cid, gateway = 'https://ipfs.io') {
     if (!isValidCID(cid))
         return false;
+    if (!isAllowedGatewayUrl(gateway))
+        return false;
     try {
         const response = await fetch(`${gateway}/ipfs/${cid}`, {
             method: 'HEAD',

package/packages/@monomind/cli/dist/src/transfer/ipfs/upload.js

@@ -2,7 +2,7 @@
  * IPFS Upload Module
  * Real upload support via web3.storage, Pinata, or local IPFS
  *
- * @module @monoes/cli/transfer/ipfs/upload
+ * @module @monomind/cli/transfer/ipfs/upload
  * @version 3.0.0
  */
 import * as crypto from 'crypto';
@@ -65,7 +65,10 @@ async function uploadToWeb3Storage(content, options) {
         const error = await response.text();
         throw new Error(`Web3.storage upload failed: ${response.status} ${error}`);
     }
-    const result = await response.json();
+    const rawText = await response.arrayBuffer();
+    if (rawText.byteLength > 64 * 1024)
+        throw new Error('Web3.storage response too large');
+    const result = JSON.parse(new TextDecoder().decode(rawText));
     const cid = result.cid;
     const gateway = options.gateway || 'https://w3s.link';
     console.log(`[IPFS] Upload complete!`);
@@ -115,7 +118,10 @@ async function uploadToPinata(content, options) {
         const error = await response.text();
         throw new Error(`Pinata upload failed: ${response.status} ${error}`);
     }
-    const result = await response.json();
+    const rawText2 = await response.arrayBuffer();
+    if (rawText2.byteLength > 64 * 1024)
+        throw new Error('Pinata response too large');
+    const result = JSON.parse(new TextDecoder().decode(rawText2));
     const cid = result.IpfsHash;
     const gateway = options.gateway || 'https://gateway.pinata.cloud';
     console.log(`[IPFS] Upload complete!`);
@@ -330,7 +336,10 @@ async function uploadToLocalIPFS(content, options) {
         const error = await response.text();
         throw new Error(`Local IPFS upload failed: ${response.status} ${error}`);
     }
-    const result = await response.json();
+    const rawText3 = await response.arrayBuffer();
+    if (rawText3.byteLength > 64 * 1024)
+        throw new Error('Local IPFS response too large');
+    const result = JSON.parse(new TextDecoder().decode(rawText3));
     const cid = result.Hash;
     // Try to get external gateway URL if configured
     const gatewayUrl = process.env.IPFS_GATEWAY_URL || options.gateway || 'https://ipfs.io';

package/packages/@monomind/cli/dist/src/transfer/storage/gcs.js

@@ -2,7 +2,7 @@
  * Google Cloud Storage Backend
  * Real storage implementation using gcloud CLI or GCS APIs
  *
- * @module @monoes/cli/transfer/storage/gcs
+ * @module @monomind/cli/transfer/storage/gcs
  * @version 3.0.0
  */
 import * as crypto from 'crypto';
@@ -93,15 +93,16 @@ export async function uploadToGCS(content, options = {}) {
     console.log(`[GCS] Uploading to gs://${config.bucket}/${objectPath}...`);
     // Write content to temp file
     const tempDir = process.env.TMPDIR || '/tmp';
-    const tempFile = path.join(tempDir, `monomind-upload-${Date.now()}.json`);
-    fs.writeFileSync(tempFile, content);
+    const tempFile = path.join(tempDir, `monomind-upload-${crypto.randomUUID()}.json`);
+    // wx flag = O_CREAT | O_EXCL — fails if path exists (symlink-attack defense)
+    fs.writeFileSync(tempFile, content, { flag: 'wx', mode: 0o600 });
     try {
         // Build gcloud args (array form prevents shell injection)
         const uploadArgs = ['storage', 'cp', tempFile, `gs://${config.bucket}/${objectPath}`];
         if (config.projectId)
             uploadArgs.push(`--project=${config.projectId}`);
         uploadArgs.push(`--content-type=${options.contentType || 'application/json'}`);
-        execFileSync('gcloud', uploadArgs, { encoding: 'utf-8', stdio: 'pipe' });
+        execFileSync('gcloud', uploadArgs, { encoding: 'utf-8', stdio: 'pipe', timeout: 60000 });
         // Set metadata if provided
         if (options.metadata && Object.keys(options.metadata).length > 0) {
             const metadataJson = JSON.stringify(options.metadata);
@@ -109,7 +110,7 @@ export async function uploadToGCS(content, options = {}) {
                 const metaArgs = ['storage', 'objects', 'update', `gs://${config.bucket}/${objectPath}`, `--custom-metadata=${metadataJson}`];
                 if (config.projectId)
                     metaArgs.push(`--project=${config.projectId}`);
-                execFileSync('gcloud', metaArgs, { encoding: 'utf-8', stdio: 'pipe' });
+                execFileSync('gcloud', metaArgs, { encoding: 'utf-8', stdio: 'pipe', timeout: 60000 });
             }
             catch {
                 // Metadata update failed, but upload succeeded
@@ -152,10 +153,14 @@ export async function downloadFromGCS(uri, config) {
     console.log(`[GCS] Downloading from ${uri}...`);
     // Write to temp file first
     const tempDir = process.env.TMPDIR || '/tmp';
-    const tempFile = path.join(tempDir, `monomind-download-${Date.now()}.json`);
+    const tempFile = path.join(tempDir, `monomind-download-${crypto.randomUUID()}.json`);
+    if (!uri.startsWith('gs://')) {
+        console.error('[GCS] Invalid URI: must start with gs://');
+        return null;
+    }
     try {
-        // Download using gcloud storage cp (array form prevents shell injection)
-        const downloadArgs = ['storage', 'cp', uri, tempFile];
+        // Download using gcloud storage cp; '--' prevents URI from being parsed as a flag
+        const downloadArgs = ['storage', 'cp', '--', uri, tempFile];
         if (cfg?.projectId)
             downloadArgs.push(`--project=${cfg.projectId}`);
         execFileSync('gcloud', downloadArgs, { encoding: 'utf-8', stdio: 'pipe' });
@@ -184,8 +189,10 @@ export async function downloadFromGCS(uri, config) {
  */
 export async function existsInGCS(uri, config) {
     const cfg = config || getGCSConfig();
+    if (!uri.startsWith('gs://'))
+        return false;
     try {
-        const lsArgs = ['storage', 'ls', uri];
+        const lsArgs = ['storage', 'ls', '--', uri];
         if (cfg?.projectId)
             lsArgs.push(`--project=${cfg.projectId}`);
         execFileSync('gcloud', lsArgs, { encoding: 'utf-8', stdio: 'pipe' });
@@ -225,8 +232,10 @@ export async function listGCSObjects(prefix, config) {
  */
 export async function deleteFromGCS(uri, config) {
     const cfg = config || getGCSConfig();
+    if (!uri.startsWith('gs://'))
+        return false;
     try {
-        const rmArgs = ['storage', 'rm', uri];
+        const rmArgs = ['storage', 'rm', '--', uri];
         if (cfg?.projectId)
             rmArgs.push(`--project=${cfg.projectId}`);
         execFileSync('gcloud', rmArgs, { encoding: 'utf-8', stdio: 'pipe' });

package/packages/@monomind/cli/dist/src/transfer/store/discovery.d.ts

@@ -53,9 +53,14 @@ export declare class PatternDiscovery {
      */
     private getGenesisRegistry;
     /**
-     * Verify registry signature
+     * Verify registry signature.
+     *
+     * DEPRECATED: Do not use this method. It was a length-only stub. Real
+     * verification must use `verifyRegistrySignature` from registry.ts which
+     * performs Ed25519 verification. This stub is preserved only to avoid
+     * breaking callers that imported it; it now always returns false.
      */
-    verifyRegistry(registry: PatternRegistry, expectedPublicKey: string): boolean;
+    verifyRegistry(_registry: PatternRegistry, _expectedPublicKey: string): boolean;
     /**
      * Get cached registry
      */
@@ -63,6 +68,8 @@ export declare class PatternDiscovery {
     /**
      * Cache registry
      */
+    private static readonly MAX_REGISTRY_CACHE;
+    private static readonly MAX_IPNS_CACHE;
     cacheRegistry(ipnsName: string, registry: PatternRegistry): void;
     /**
      * Clear cache

package/packages/@monomind/cli/dist/src/transfer/store/discovery.js

@@ -66,11 +66,41 @@ export class PatternDiscovery {
                 error: 'Failed to fetch registry from IPFS',
             };
         }
-        // Verify registry if trusted
-        if (knownRegistry.trusted && registry.registrySignature) {
-            const verified = this.verifyRegistry(registry, knownRegistry.publicKey);
+        // Verify registry — fail closed for trusted registries.
+        // Previously this only warn-and-continued, and the `&& registry.registrySignature`
+        // guard meant an attacker could simply omit the signature to bypass verification entirely.
+        if (knownRegistry.trusted) {
+            // Use the real Ed25519 verifier from registry.ts, not the stub length-check below
+            const { verifyRegistrySignature } = await import('./registry.js');
+            const expected = knownRegistry.publicKey;
+            if (!registry.registrySignature || !registry.registryPublicKey) {
+                return {
+                    success: false,
+                    source: knownRegistry.name,
+                    fromCache: false,
+                    cid: resolution.cid,
+                    error: 'Trusted registry response is missing required signature/publicKey fields',
+                };
+            }
+            // Pin the public key to the known registry's expected key
+            if (registry.registryPublicKey !== expected) {
+                return {
+                    success: false,
+                    source: knownRegistry.name,
+                    fromCache: false,
+                    cid: resolution.cid,
+                    error: 'Registry public key does not match pinned trusted key',
+                };
+            }
+            const verified = await verifyRegistrySignature(registry);
             if (!verified) {
-                console.warn(`[Discovery] Warning: Registry signature verification failed`);
+                return {
+                    success: false,
+                    source: knownRegistry.name,
+                    fromCache: false,
+                    cid: resolution.cid,
+                    error: 'Registry signature verification failed',
+                };
             }
         }
         // Cache the result
@@ -115,6 +145,11 @@ export class PatternDiscovery {
                             resolvedAt: new Date().toISOString(),
                             expiresAt: new Date(Date.now() + 3600000).toISOString(), // 1 hour
                         };
+                        if (this.ipnsCache.size >= PatternDiscovery.MAX_IPNS_CACHE && !this.ipnsCache.has(ipnsName)) {
+                            const oldest = this.ipnsCache.keys().next().value;
+                            if (oldest !== undefined)
+                                this.ipnsCache.delete(oldest);
+                        }
                         this.ipnsCache.set(ipnsName, resolution);
                         console.log(`[Discovery] Resolved IPNS to CID: ${cid}`);
                         return resolution;
@@ -138,6 +173,11 @@ export class PatternDiscovery {
                             resolvedAt: new Date().toISOString(),
                             expiresAt: new Date(Date.now() + 3600000).toISOString(),
                         };
+                        if (this.ipnsCache.size >= PatternDiscovery.MAX_IPNS_CACHE && !this.ipnsCache.has(ipnsName)) {
+                            const oldest = this.ipnsCache.keys().next().value;
+                            if (oldest !== undefined)
+                                this.ipnsCache.delete(oldest);
+                        }
                         this.ipnsCache.set(ipnsName, resolution);
                         console.log(`[Discovery] Resolved IPNS via redirect to CID: ${cid}`);
                         return resolution;
@@ -313,20 +353,28 @@ export class PatternDiscovery {
             featured: ['seraphine-genesis-v1'],
             trending: ['seraphine-genesis-v1'],
             newest: ['seraphine-genesis-v1'],
-            registrySignature: crypto.randomBytes(32).toString('hex'),
+            // No signature on the genesis fallback. Previously this slot used
+            // `crypto.randomBytes(32)` which is meaningless by construction — every
+            // call would produce a different "valid" signature that no real key
+            // signed. Trusted-registry callers must reject this fallback (the
+            // verification path requires `registrySignature` to be present and
+            // verified against a pinned public key).
             registryPublicKey: 'ed25519:monomind-registry-key',
         };
     }
     /**
-     * Verify registry signature
+     * Verify registry signature.
+     *
+     * DEPRECATED: Do not use this method. It was a length-only stub. Real
+     * verification must use `verifyRegistrySignature` from registry.ts which
+     * performs Ed25519 verification. This stub is preserved only to avoid
+     * breaking callers that imported it; it now always returns false.
      */
-    verifyRegistry(registry, expectedPublicKey) {
-        if (!registry.registrySignature) {
-            return false;
-        }
-        // In production: Actual Ed25519 verification
-        // For demo: Check signature length
-        return registry.registrySignature.length === 64;
+    verifyRegistry(_registry, _expectedPublicKey) {
+        // Always return false — the call site at line 117 was already migrated to
+        // the real verifier. Any other caller using this stub is treated as a
+        // verification failure (fail-closed).
+        return false;
     }
     /**
      * Get cached registry
@@ -341,7 +389,14 @@ export class PatternDiscovery {
     /**
      * Cache registry
      */
+    static MAX_REGISTRY_CACHE = 50;
+    static MAX_IPNS_CACHE = 200;
     cacheRegistry(ipnsName, registry) {
+        if (this.cache.size >= PatternDiscovery.MAX_REGISTRY_CACHE && !this.cache.has(ipnsName)) {
+            const oldest = this.cache.keys().next().value;
+            if (oldest !== undefined)
+                this.cache.delete(oldest);
+        }
         this.cache.set(ipnsName, {
             registry,
             expiresAt: Date.now() + this.config.cacheExpiry,

package/packages/@monomind/cli/dist/src/transfer/store/download.d.ts

@@ -11,10 +11,6 @@ export type DownloadProgressCallback = (progress: {
     totalBytes: number;
     percentage: number;
 }) => void;
-/**
- * Pattern Downloader
- * Handles secure download and verification of patterns
- */
 export declare class PatternDownloader {
     private config;
     private downloadCache;
@@ -36,11 +32,24 @@ export declare class PatternDownloader {
      */
     private verifyChecksum;
     /**
-     * Verify content signature using crypto
+     * Verify content signature using real Ed25519.
+     *
+     * CRITICAL FIX: Previously this used HMAC-SHA256 keyed with the *public* key —
+     * which is a no-op for security since the key is, by definition, public.
+     * Anyone reading the registry could recompute a valid "signature".
+     * The fallback at the bottom returned true for length>20, which made the
+     * function effectively a length check rather than a signature check.
+     * Now uses @noble/ed25519 verifyAsync, the same library used in publish.ts,
+     * and fails closed on any error.
      */
     private verifySignature;
     /**
-     * Resolve output path for pattern
+     * Resolve output path for pattern.
+     *
+     * CRITICAL: pattern.name and pattern.version come from registry data fetched
+     * over the network. Without strict validation, an attacker who controls the
+     * registry response can write to arbitrary paths (e.g. ~/.claude/helpers/
+     * hook-handler.cjs) via traversal sequences in pattern.name.
      */
     private resolveOutputPath;
     /**