multimodel-dev-os 3.1.0 → 3.5.0

package/.ai/policies/registry-policy.yaml

@@ -12,9 +12,14 @@ require_approval_for_remote_sync: true
 # Require SHA256 checksum verification for synced catalog files.
 require_checksum: true
 
-# Require cryptographic signature verification (placeholder for future release).
+# Require cryptographic signature verification (HMAC-SHA256).
+# Requires a signing key at .ai/registry-signing-key (generate with: registry keygen --approved).
 require_signature: false
 
+# Require that registry verify checks the local lockfile (.ai/registry-lock.json).
+# When true, verify will fail if no lockfile entry exists for the registry.
+require_lockfile_on_verify: false
+
 # Allow installing plugins from registries with trust_level: untrusted.
 allow_untrusted_install: false
 
@@ -49,3 +54,26 @@ allowed_file_extensions:
   - ".yaml"
   - ".yml"
   - ".json"
+
+# Allow unsigned local registries.
+allow_unsigned_local: true
+
+# Allow unsigned bundled registries.
+allow_unsigned_bundled: true
+
+# Allow unsigned remote registries.
+allow_unsigned_remote: false
+
+# Path to the trusted keys configuration file.
+trusted_keys_file: ".ai/registries/trusted-keys.yaml"
+
+# Allowed signature algorithms.
+allowed_signature_algorithms:
+  - "ed25519"
+  - "hmac-sha256"
+
+# Require signature to be from a trusted publisher in the trust store.
+require_trusted_publisher: false
+
+# Require provenance lockfile verification.
+provenance_required: true

package/.ai/registries/trusted-keys.yaml

@@ -0,0 +1,12 @@
+# MultiModel Dev OS Trusted Keys
+# Stores trusted public keys for registry publisher verification.
+# Only active keys with matching scopes ('registry' or 'catalog') can verify signatures.
+# Never store private keys in this file or in this repository.
+
+trusted_publishers:
+  - key_id: example-maintainer-key
+    name: "Example Maintainer (Test/Example Key Only)"
+    algorithm: ed25519
+    public_key: "MCowBQYDK2VwAyEA9vWwyE5+fY0dvEzl9S1UcvtoMkOAIDhDCzZAkP+CVNo="
+    scopes: ["registry", "catalog"]
+    status: "active"

package/.ai/schema/registry-manifest.schema.json

@@ -49,8 +49,37 @@
       "description": "Version of the safety policy specification this registry conforms to."
     },
     "signature": {
-      "type": ["string", "null"],
-      "description": "Cryptographic signature of the manifest. Placeholder for future implementation."
+      "type": ["object", "null"],
+      "description": "Cryptographic signature block of the manifest.",
+      "properties": {
+        "algorithm": { "type": "string", "enum": ["ed25519", "hmac-sha256"] },
+        "key_id": { "type": "string" },
+        "signature": { "type": "string" },
+        "signed_fields": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      },
+      "required": ["algorithm", "key_id", "signature", "signed_fields"],
+      "additionalProperties": false
+    },
+    "signatures": {
+      "type": "array",
+      "description": "List of cryptographic signature blocks of the manifest.",
+      "items": {
+        "type": "object",
+        "properties": {
+          "algorithm": { "type": "string", "enum": ["ed25519", "hmac-sha256"] },
+          "key_id": { "type": "string" },
+          "signature": { "type": "string" },
+          "signed_fields": {
+            "type": "array",
+            "items": { "type": "string" }
+          }
+        },
+        "required": ["algorithm", "key_id", "signature", "signed_fields"],
+        "additionalProperties": false
+      }
     }
   },
   "additionalProperties": false

package/.ai/schema/registry-policy.schema.json

@@ -11,7 +11,14 @@
     "allow_untrusted_install",
     "allowed_write_roots",
     "blocked_paths",
-    "allowed_file_extensions"
+    "allowed_file_extensions",
+    "allow_unsigned_local",
+    "allow_unsigned_bundled",
+    "allow_unsigned_remote",
+    "trusted_keys_file",
+    "allowed_signature_algorithms",
+    "require_trusted_publisher",
+    "provenance_required"
   ],
   "properties": {
     "allow_remote_registries": {
@@ -60,6 +67,35 @@
       "type": "array",
       "items": { "type": "string" },
       "description": "File extensions permitted for plugin asset files."
+    },
+    "allow_unsigned_local": {
+      "type": "boolean",
+      "description": "Whether unsigned local registries are permitted."
+    },
+    "allow_unsigned_bundled": {
+      "type": "boolean",
+      "description": "Whether unsigned bundled registries are permitted."
+    },
+    "allow_unsigned_remote": {
+      "type": "boolean",
+      "description": "Whether unsigned remote registries are permitted."
+    },
+    "trusted_keys_file": {
+      "type": "string",
+      "description": "Path to the trusted keys yaml configuration file."
+    },
+    "allowed_signature_algorithms": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Cryptographic signature algorithms allowed for manifest verification."
+    },
+    "require_trusted_publisher": {
+      "type": "boolean",
+      "description": "Whether signatures must come from a trusted publisher in the trust store."
+    },
+    "provenance_required": {
+      "type": "boolean",
+      "description": "Whether a provenance record (lockfile entry) is required."
     }
   },
   "additionalProperties": false

package/.ai/schema/trusted-keys.schema.json

@@ -0,0 +1,69 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "MultiModel Dev OS Trusted Keys Schema",
+  "description": "JSON schema defining trusted publisher keys for remote registry signature verification",
+  "type": "object",
+  "required": [
+    "trusted_publishers"
+  ],
+  "properties": {
+    "trusted_publishers": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": [
+          "key_id",
+          "name",
+          "algorithm",
+          "public_key",
+          "scopes",
+          "status"
+        ],
+        "properties": {
+          "key_id": {
+            "type": "string",
+            "description": "Unique identifier of the trusted key."
+          },
+          "name": {
+            "type": "string",
+            "description": "Name of the publisher associated with the key."
+          },
+          "algorithm": {
+            "type": "string",
+            "enum": [
+              "ed25519",
+              "hmac-sha256"
+            ],
+            "description": "Cryptographic signature algorithm."
+          },
+          "public_key": {
+            "type": "string",
+            "description": "PEM-encoded public key or key string."
+          },
+          "scopes": {
+            "type": "array",
+            "items": {
+              "type": "string",
+              "enum": [
+                "registry",
+                "catalog"
+              ]
+            },
+            "description": "Allowed scopes for this key."
+          },
+          "status": {
+            "type": "string",
+            "enum": [
+              "active",
+              "revoked",
+              "disabled"
+            ],
+            "description": "Key status."
+          }
+        },
+        "additionalProperties": false
+      }
+    }
+  },
+  "additionalProperties": false
+}

package/AGENTS.md

@@ -5,38 +5,34 @@
 
 ## Project Overview
 
-<!-- Replace with your project description -->
-project: null
-stack: null
-description: null
+project: multimodel-dev-os
+stack: Node.js (ES modules), esbuild, Vitest
+description: MultiModel Dev OS is a zero-dependency local CLI and developer configuration standard that enforces structure, memory, tasks, and registry safety boundaries for AI coding agents.
 
 ## Build Commands
 
-<!-- Replace with your actual commands -->
 ```
-dev:   null
-build: null
-test:  null
-lint:  null
+build: npm run build (compiles src/ to bin/multimodel-dev-os.js)
+test:  npm test (runs vitest suites)
+verify: node scripts/verify.js (runs strict audit checks)
 ```
 
 ## Coding Conventions
 
-<!-- Define your style rules -->
-- Language: null
-- Framework: null
-- Style guide: null
-- Type checking: null
-- Formatting: null
+- Language: JavaScript (ES Modules, Node.js native API)
+- Framework: Zero runtime dependencies (standard library crypto, fs, path, readline, https, etc.)
+- Style guide: Clear JSDoc typing, deterministic canonical serializations, timing-safe crypto
+- Type checking: JSDoc type comments
+- Formatting: 2-space indentation, single-shebang binary layout
 
 ## File Structure Rules
 
-<!-- Which directories serve which purpose -->
 ```
 src/       → Application source code
-lib/       → Shared libraries and utilities
-tests/     → Test files
-docs/      → Documentation
+bin/       → Standalone built binary (do not edit bin/ directly, edit src/)
+tests/     → Unit test files and mock fixtures
+docs/      → Developer manuals and architecture documentation
+scripts/   → Packaging, compilation, and validation scripts
 ```
 
 ## Boundaries
@@ -48,6 +44,8 @@ no-touch:
   - .env.local
   - node_modules/
   - package-lock.json (do not manually edit)
+  - bin/multimodel-dev-os.js (auto-generated by esbuild, modify src/)
+  - .ai/registry-signing-key (gitignored private key, generate via keygen)
 ```
 
 ## Agent Roles
@@ -61,19 +59,17 @@ no-touch:
 
 ## Dependencies
 
-<!-- Key dependencies agents should be aware of -->
-- null
+- Runtime: Zero runtime dependencies
+- Dev: esbuild, vitest
 
 ## Testing Strategy
 
-<!-- How agents should approach testing -->
-- Unit tests: null
-- Integration tests: null
-- E2E tests: null
+- Unit tests: Vitest coverage for YAML parser, policy engine, signatures, trust store, and URL validators.
+- Verification: Scripts checking binary shebangs, header lines, and path boundaries.
 
 ## Additional Context
 
-<!-- Any other context agents need -->
 - See `MEMORY.md` for project history and decisions
 - See `TASKS.md` for current work items
 - See `RUNBOOK.md` for operational procedures
+

package/MEMORY.md

@@ -9,34 +9,57 @@
 
 | Date | Decision | Rationale |
 |------|----------|-----------|
-| null | null | null |
+| 2026-06-19 | Modular src/ layout (v3.1.0) | Maintainability + testability over single-file monolith |
+| 2026-06-19 | esbuild for single-file dist (v3.1.0) | Zero-runtime-dep bundle, deterministic builds |
+| 2026-06-19 | HMAC-SHA256 for registry signing (v3.5.0-prep) | No external PKI/GPG; Node built-in crypto only; project-scoped key |
+| 2026-06-19 | Lockfile separate from sources.yaml (v3.5.0-prep) | Clear separation: sources.yaml = config, registry-lock.json = provenance |
+| 2026-06-19 | timingSafeEqual for signature compare (v3.5.0-prep) | Prevents timing-based side-channel attacks |
+| 2026-06-20 | Ed25519 Asymmetric Signatures (v3.5.0-prep Sprint 2) | Provides public-key trust boundary, avoiding private key disclosures. |
+| 2026-06-20 | Trust Store Configuration (v3.5.0-prep Sprint 2) | Local key-based mapping of trusted keys and publishers with scope filters. |
+| 2026-06-20 | Canonical payload via recursive sorting (v3.5.0-prep) | Guarantees stable JSON representations independent of property order. |
+| 2026-06-20 | Structured Verdict Reporting (v3.5.0-prep Sprint 3) | Standardizes verification status output across CLI, lockfile, and audit logs. |
+| 2026-06-20 | Offline E2E Signed Fixtures (v3.5.0-prep Sprint 3) | Validates edge cases without hitting live remote servers. |
 
 ## Key Patterns
 
 <!-- Patterns agents should follow consistently -->
 
-- null
+- All signing/verification uses Node.js built-in `crypto` — zero runtime deps
+- Registry signing key lives in `.ai/registry-signing-key` (gitignored, 0o600 permissions)
+- Lockfile `.ai/registry-lock.json` is committed to VCS (tamper evidence)
+- CLI handlers follow the pattern: validate → check policy → check --approved → execute
+- `src/` modules are pure ES modules bundled by `scripts/build-cli.js` into `bin/`
+- `scripts/verify.js` must be expanded with assertions for every new module/test file added
 
 ## Known Issues
 
 <!-- Gotchas, workarounds, and technical debt -->
 
-- null
+- Signing key rotation invalidates all lockfile signatures — users must re-sync after keygen --force
+- `.gitignore` patterns for `.ai/registry-signing-key` use exact path (not wildcard)
+- On Windows, `chmodSync` to `0o600` is a no-op — key security relies on gitignore there
 
 ## Environment Notes
 
 <!-- Environment-specific context (OS quirks, CI setup, etc.) -->
 
-- OS: null
-- CI: null
-- Hosting: null
+- OS: Windows (development), Ubuntu + macOS (CI matrix)
+- CI: GitHub Actions, Node 20.x and 22.x
+- Hosting: npm registry (manual publish only — no CI auto-publish)
 
 ## Session Notes
 
 <!-- Recent session summaries — newest first, keep last 5 -->
 
-### Session: null
-**Date:** null
-**Agent:** null
-**Summary:** null
-**Files changed:** null
+### Session: v3.5.0-prep Sprint 3 — Signed Registry E2E Fixtures + Release Readiness
+**Date:** 2026-06-20
+**Agent:** Antigravity
+**Summary:** Implemented `src/registry/verdict.js` module for structured trust verdicts. Created offline E2E signed registry fixtures covering valid, tampered, wrong key, revoked key, unsigned remote, and unsupported algorithm states. Deployed comprehensive E2E tests in `tests/unit/registry-e2e-signature-fixtures.test.js` validating signature blocks, trust store loading, policies, and CLI subprocess outputs. Added threat model `docs/security-threat-model.md` and release readiness checklist `docs/v3.5.0-readiness.md`. Fully updated all verification scripts and sitemaps. All 113 unit tests and 305 verification audit checks pass cleanly.
+**Files changed:** src/registry/verdict.js (new), tests/fixtures/signed-registries/* (new), tests/unit/registry-e2e-signature-fixtures.test.js (new), docs/security-threat-model.md (new), docs/v3.5.0-readiness.md (new), src/cli/main.js, scripts/verify.js, docs/.vitepress/config.js, docs/public/sitemap.xml, docs/public/llms.txt, docs/public/llms-full.txt, docs/registry-security.md, docs/registry-signing.md, CHANGELOG.md
+
+### Session: v3.5.0-prep Sprint 2 — Public-Key Registry Signatures + Trust Store
+**Date:** 2026-06-20
+**Agent:** Antigravity
+**Summary:** Implemented Ed25519 signing support, trusted-keys schema, trust store validator/loader, policy configuration updates, lockfile entries with detailed trust/signature verdicts, `registry trust list/show` subcommands, 3 new unit test suites (public-signing, trust-store, signature-policy), and release audit assertions. Verified that all 98 unit tests and 297 release verification checks pass cleanly.
+**Files changed:** src/registry/signing.js, src/registry/trust-store.js (new), .ai/registries/trusted-keys.yaml (new), .ai/schema/trusted-keys.schema.json (new), .ai/schema/registry-manifest.schema.json, src/core/policy.js, .ai/policies/registry-policy.yaml, .ai/schema/registry-policy.schema.json, src/registry/provenance.js, src/cli/main.js, src/cli/help.js, scripts/verify.js, tests/unit/registry-public-signing.test.js (new), tests/unit/registry-trust-store.test.js (new), tests/unit/registry-signature-policy.test.js (new), docs/registry-signing.md (new), docs/registry-trust-store.md (new), docs/registry-security.md, docs/trusted-registries.md, docs/registry-policy.md, docs/architecture.md, docs/registry-sync.md, docs/package-safety.md, docs/v3-roadmap.md, docs/testing.md, CHANGELOG.md
+

package/README.md

@@ -161,7 +161,8 @@ npx multimodel-dev-os@latest handoff build
 | **v3.0.1** | Registry UX & Policy Safety Patch | ✅ Released |
 | **v3.0.2** | Registry Sync Security Hotfix | ✅ Released |
 | **v3.1.0** | Modular Source Layout + Formal Unit Tests | ✅ Released |
-
+| **v3.2.0** | Stable Modular Build + Package Governance | ✅ Released |
+| **v3.5.0** | Trusted Registry Signing + Provenance Foundation | ✅ Released |
 
 **[Full Roadmap →](https://rizvee.github.io/multimodel-dev-os/v3-roadmap)**
 

package/RUNBOOK.md

@@ -1,6 +1,6 @@
 # Runbook
 
-> Operational procedures for deployment, rollback, and incident response.
+> Operational procedures for development setup, testing, packaging, and rollback.
 > AI agents reference this before executing critical operations.
 
 ## Environment Setup
@@ -10,64 +10,56 @@
 ```bash
 # 1. Clone the repo
 git clone <repo-url>
-cd <project-name>
+cd multimodel-dev-os
 
-# 2. Install dependencies
-null
+# 2. Install dev dependencies
+npm install
 
-# 3. Set up environment variables
-cp .env.example .env
-# Edit .env with your values
+# 3. Build the CLI binary
+npm run build
 
-# 4. Start development server
-null
+# 4. Run tests
+npm test
 ```
 
-## Deploy
+## Deploy / Release
 
-<!-- Step-by-step deployment procedure -->
+As this is a local CLI utility distributed via npm, deployment is done by compiling the binary and publishing to npm.
 
 | Step | Command | Notes |
 |------|---------|-------|
-| 1 | null | null |
-| 2 | null | null |
-
-**Deploy URL:** null
-**Deploy branch:** null
+| 1 | `npm run verify` | Runs unit tests, generated CLI freshness check, and strict code validations |
+| 2 | `$env:MMDO_ALLOW_PUBLISH="true"; npm publish` | Set environment variable to bypass prepublish-guard |
 
 ## Rollback
 
-<!-- How to revert a bad deployment -->
+To roll back a released npm package or local commit:
 
 ```bash
-# Quick rollback to previous version
-null
-```
-
-**Last known good commit:** null
-
-## Incident Response
+# Deprecate the broken package version on npm
+npm deprecate multimodel-dev-os@<version> "Deprecation message detailing reason"
 
-<!-- What to do when things break -->
+# Revert local repository main branch to last stable tag
+git reset --hard v3.5.0
+```
 
-1. **Identify:** Check error logs at `null`
-2. **Communicate:** Notify team at `null`
-3. **Mitigate:** Rollback if necessary (see above)
-4. **Resolve:** Fix the root cause
-5. **Document:** Add post-mortem to `MEMORY.md`
+**Last known good release tag:** `v3.5.0`
 
 ## Health Checks
 
-<!-- Endpoints or commands to verify the system is working -->
+Run diagnostics to verify CLI health:
 
-| Check | Command/URL | Expected |
+| Check | Command | Expected |
 |-------|-------------|----------|
-| null | null | null |
+| CLI Help / Version | `node bin/multimodel-dev-os.js --help` | Prints help text displaying current version |
+| Registry Policy Engine | `node bin/multimodel-dev-os.js registry status` | Shows correct policy state and configuration values |
+| Trust Store Integrity | `node bin/multimodel-dev-os.js registry trust verify` | Validates all trusted public key formats in the store |
+| Strict Audit Check | `npm run verify` | Completes successfully with 0 failures |
 
 ## Secrets & Config
 
-<!-- Where secrets are stored (never put actual secrets here) -->
-
 | Secret | Location | Rotation |
 |--------|----------|----------|
-| null | null | null |
+| Project Registry Sync Key | `.ai/registry-signing-key` | Run `registry keygen --approved --force` |
+| npm Publish Token | `~/.npmrc` or user environment | Managed in npmjs.com account settings |
+

package/TASKS.md

@@ -7,22 +7,32 @@
 
 <!-- Active work items — agents pick from here -->
 
-- [ ] null
+- [ ] Sprint 4 Planning — Trust Store Remote Key Sync & GPG Signatures
 
 ## Backlog
 
 <!-- Upcoming work — not yet started -->
 
-- [ ] null
+- [ ] Deployed trust key sync capability from verified remote registries
+- [ ] Support GPG-compatible signatures for enterprise environments
 
 ## In Review
 
 <!-- Completed work awaiting review -->
 
-- [ ] null
-
 ## Done
 
 <!-- Completed and merged — keep last 10 items, archive the rest -->
 
-- [x] null
+- [x] Deployed E2E offline signed registry fixtures and unit test validation suite (`registry-e2e-signature-fixtures.test.js`)
+- [x] Implemented verdict module for structured trust verdict reporting (`src/registry/verdict.js`)
+- [x] Created Threat Model documentation (`docs/security-threat-model.md`) and v3.5.0 Release Readiness Checklist (`docs/v3.5.0-readiness.md`)
+- [x] Updated existing docs, config sidebars, sitemaps, and LLM discoverability indices
+- [x] Deployed Ed25519 public key registry signatures (`src/registry/signing.js`)
+- [x] Implemented trusted key store and scope check policies (`src/registry/trust-store.js`)
+- [x] Added `registry trust` CLI subcommand suites (`list`, `show <key_id>`, `verify`)
+- [x] Configured signature validation rules and policy config schemas (`registry-policy.schema.json`)
+- [x] Deployed 113 unit tests with 100% pass rates across Windows, Linux, and macOS
+- [x] Hardened release audit verifier with 305 structural and functional checks passing
+- [x] Implemented HMAC-SHA256 registry signing foundation and provenance lockfile (`src/registry/provenance.js`)
+