npm - multimodel-dev-os - Versions diffs - 3.2.0 → 3.5.0 - Mend

multimodel-dev-os 3.2.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/.ai/policies/registry-policy.yaml +29 -1
package/.ai/registries/trusted-keys.yaml +12 -0
package/.ai/schema/registry-manifest.schema.json +31 -2
package/.ai/schema/registry-policy.schema.json +37 -1
package/.ai/schema/trusted-keys.schema.json +69 -0
package/AGENTS.md +22 -26
package/MEMORY.md +34 -11
package/README.md +1 -1
package/RUNBOOK.md +28 -36
package/TASKS.md +15 -5
package/bin/multimodel-dev-os.js +1366 -548
package/docs/.vitepress/config.js +3 -1
package/docs/architecture.md +3 -1
package/docs/index.md +5 -5
package/docs/npm-publishing.md +5 -5
package/docs/package-safety.md +3 -2
package/docs/public/llms-full.txt +5 -1
package/docs/public/llms.txt +6 -1
package/docs/public/sitemap.xml +10 -0
package/docs/registry-policy.md +29 -1
package/docs/registry-security.md +73 -6
package/docs/registry-signing.md +70 -0
package/docs/registry-sync.md +5 -2
package/docs/registry-trust-store.md +66 -0
package/docs/release-policy.md +1 -1
package/docs/security-threat-model.md +96 -0
package/docs/testing.md +15 -2
package/docs/trusted-registries.md +1 -1
package/docs/v3-roadmap.md +11 -6
package/docs/v3.5.0-readiness.md +46 -0
package/package.json +1 -1
package/scripts/install.ps1 +1 -1
package/scripts/install.sh +1 -1
package/scripts/verify.js +206 -9
package/src/cli/help.js +1 -1
package/src/cli/main.js +626 -81
package/src/core/policy.js +9 -1
package/src/registry/provenance.js +114 -0
package/src/registry/signing.js +392 -0
package/src/registry/trust-store.js +41 -0
package/src/registry/verdict.js +51 -0
package/tests/fixtures/signed-registries/README.md +4 -0
package/tests/fixtures/signed-registries/revoked-key/catalog.yaml +8 -0
package/tests/fixtures/signed-registries/revoked-key/expected-verdict.json +7 -0
package/tests/fixtures/signed-registries/revoked-key/registry-manifest.yaml +14 -0
package/tests/fixtures/signed-registries/tampered-manifest/catalog.yaml +8 -0
package/tests/fixtures/signed-registries/tampered-manifest/expected-verdict.json +7 -0
package/tests/fixtures/signed-registries/tampered-manifest/registry-manifest.yaml +14 -0
package/tests/fixtures/signed-registries/trusted-keys.yaml +23 -0
package/tests/fixtures/signed-registries/unsigned-remote-required/catalog.yaml +8 -0
package/tests/fixtures/signed-registries/unsigned-remote-required/expected-verdict.json +7 -0
package/tests/fixtures/signed-registries/unsigned-remote-required/registry-manifest.yaml +9 -0
package/tests/fixtures/signed-registries/unsupported-algorithm/catalog.yaml +8 -0
package/tests/fixtures/signed-registries/unsupported-algorithm/expected-verdict.json +7 -0
package/tests/fixtures/signed-registries/unsupported-algorithm/registry-manifest.yaml +14 -0
package/tests/fixtures/signed-registries/valid-signed-registry/catalog.yaml +8 -0
package/tests/fixtures/signed-registries/valid-signed-registry/expected-verdict.json +7 -0
package/tests/fixtures/signed-registries/valid-signed-registry/registry-manifest.yaml +14 -0
package/tests/fixtures/signed-registries/wrong-key/catalog.yaml +8 -0
package/tests/fixtures/signed-registries/wrong-key/expected-verdict.json +7 -0
package/tests/fixtures/signed-registries/wrong-key/registry-manifest.yaml +14 -0
package/tests/unit/registry-e2e-signature-fixtures.test.js +288 -0
package/tests/unit/registry-policy.test.js +6 -0
package/tests/unit/registry-provenance.test.js +185 -0
package/tests/unit/registry-public-signing.test.js +109 -0
package/tests/unit/registry-signature-policy.test.js +100 -0
package/tests/unit/registry-signing.test.js +193 -0
package/tests/unit/registry-trust-store.test.js +133 -0

package/src/cli/main.js CHANGED Viewed

@@ -20,6 +20,20 @@ import { loadRegistryPolicy } from '../core/policy.js';
 import { shouldIgnorePath, isSafePath } from '../core/security.js';
 import { validateRegistryUrl } from '../registry/validation.js';
 import { loadRegistrySources, saveRegistrySources } from '../registry/sources.js';
+import { loadRegistryLockfile, saveRegistryLockfile, updateLockfileEntry, getLockfilePath } from '../registry/provenance.js';
+import {
+  loadSigningKey,
+  generateSigningKey,
+  saveSigningKey,
+  signPayload,
+  verifySignature,
+  getSigningKeyPath,
+  verifySignatureBlock,
+  createCanonicalPayload,
+  normalizePublicKey
+} from '../registry/signing.js';
+import { loadTrustedKeys } from '../registry/trust-store.js';
+import { createTrustVerdict } from '../registry/verdict.js';
 import { loadCatalog, loadCatalogFromSource, loadAllCatalogs } from '../catalog/loader.js';
 import { validatePluginManifest } from '../plugin/manifest.js';
 import { sourceRoot, version, loadTemplates, loadAdapters } from '../core/globals.js';
@@ -393,8 +407,30 @@ if (COMMAND === 'init') {
       console.error('\x1b[31mError: Please specify a cache subcommand: clear.\x1b[0m');
       process.exit(1);
     }
+  } else if (sub === 'keygen') {
+    handleRegistryKeygen(params);
+  } else if (sub === 'lock') {
+    handleRegistryLock(params);
+  } else if (sub === 'trust') {
+    const trustSub = positional[2];
+    if (trustSub === 'list') {
+      handleRegistryTrustList(params);
+    } else if (trustSub === 'show') {
+      const keyId = positional[3];
+      if (!keyId) {
+        console.error('\x1b[31mError: Please specify a key ID.\x1b[0m');
+        process.exit(1);
+      }
+      handleRegistryTrustShow(keyId, params);
+    } else if (trustSub === 'verify') {
+      handleRegistryTrustVerify(params);
+    } else {
+      console.error('\x1b[31mError: Please specify a trust subcommand: list, show, or verify.\x1b[0m');
+      console.log('Example: node bin/multimodel-dev-os.js registry trust list');
+      process.exit(1);
+    }
   } else {
-    console.error('\x1b[31mError: Please specify a registry subcommand: list, add, remove, sync, status, verify, show, or cache.\x1b[0m');
+    console.error('\x1b[31mError: Please specify a registry subcommand: list, add, remove, sync, status, verify, show, cache, keygen, lock, or trust.\x1b[0m');
     console.log('Example: node bin/multimodel-dev-os.js registry list');
     process.exit(1);
   }
@@ -5106,22 +5142,30 @@ function handleRegistryList(options) {
   console.log('==================================================');
   console.log(`Policy Status: allow_remote_registries = \x1b[${policy.allow_remote_registries ? '32mtrue' : '33mfalse'}\x1b[0m (Remote registries are disabled by default for safety)\n`);
+  const lockfile = loadRegistryLockfile(options.target || process.cwd());
   sources.forEach(s => {
     const status = s.enabled ? '\x1b[32m● enabled\x1b[0m' : '\x1b[90m○ disabled\x1b[0m';
     const label = s.name === 'bundled' ? 'bundled' : s.type === 'local' ? `local:${s.name}` : `remote:${s.name}`;
-    console.log(`  \x1b[32m${s.name}\x1b[0m [${label}]  ${status}`);
+    const lockEntry = lockfile.entries[s.name];
+    const lockBadge = lockEntry
+      ? (lockEntry.signature ? ' \x1b[32m[signed]\x1b[0m' : ' \x1b[33m[unsigned]\x1b[0m')
+      : ' \x1b[90m[no lockfile entry]\x1b[0m';
+    console.log(`  \x1b[32m${s.name}\x1b[0m [${label}]  ${status}${lockBadge}`);
     console.log(`    type:           ${s.type}`);
     console.log(`    url:            ${s.url}`);
     console.log(`    trust_level:    ${s.trust_level}`);
     console.log(`    safety_policy:  ${s.safety_policy}`);
     console.log(`    checksum:       ${s.checksum_required ? 'required (SHA-256 integrity)' : 'not required'}`);
-    console.log(`    signature:      ${s.signature_required ? 'required' : 'not required (v3.0.1)'}`);
+    console.log(`    signature:      ${s.signature_required ? 'required (HMAC-SHA256)' : 'not required'}`);
     if (s.last_synced_at) console.log(`    last_synced:    ${s.last_synced_at}`);
+    if (lockEntry) console.log(`    lockfile:       synced ${lockEntry.synced_at}, hash ${lockEntry.catalog_sha256.slice(0, 16)}...`);
   });
   console.log('\nUse \x1b[36mregistry show <name>\x1b[0m to view detailed source configuration.');
   console.log('Use \x1b[36mregistry status\x1b[0m to see policy states and cache health.');
-  console.log('Use \x1b[36mregistry verify <name>\x1b[0m to perform integrity checks.\n');
+  console.log('Use \x1b[36mregistry verify <name>\x1b[0m to perform integrity checks.');
+  console.log('Use \x1b[36mregistry lock\x1b[0m to inspect the provenance lockfile.\n');
 }
 function handleRegistryAdd(name, url, options) {
@@ -5286,7 +5330,6 @@ function handleRegistrySync(name, options) {
     process.exit(1);
   }
-  // Sync requires network - output sync initiation message
   const cacheDir = join(sourceRoot, '.ai', 'registry-cache', name);
   if (!existsSync(cacheDir)) {
     mkdirSync(cacheDir, { recursive: true });
@@ -5295,7 +5338,6 @@ function handleRegistrySync(name, options) {
   console.log(`\n🔄 \x1b[36mSyncing Registry: ${name}\x1b[0m`);
   console.log('==================================================');
-  // Attempt HTTPS download using Node built-in
   const url = source.url;
   const catalogUrl = url.endsWith('/') ? `${url}catalog.yaml` : url;
   const manifestUrl = catalogUrl.replace(/catalog\.yaml$/, 'manifest.json');
@@ -5304,7 +5346,6 @@ function handleRegistrySync(name, options) {
     const catalogDest = join(cacheDir, 'catalog.yaml');
     const manifestDest = join(cacheDir, 'manifest.json');
-    // Synchronous HTTP download using inline Node script via execFileSync
     const fetchUrlSync = (targetUrl) => {
       validateRegistryUrl(targetUrl, policy);
@@ -5345,7 +5386,6 @@ function handleRegistrySync(name, options) {
       console.log(`  → \x1b[33mNot found (optional)\x1b[0m`);
     }
-    // Compute checksums
     console.log('Computing checksums...');
     const checksums = {
       'catalog.yaml': `sha256:${computeSHA256(catalogData)}`
@@ -5364,7 +5404,6 @@ function handleRegistrySync(name, options) {
           for (const [file, hash] of Object.entries(manifestObj.files_hashes)) {
             if (file === 'catalog.yaml' || file === 'manifest.json') continue;
-            // Check path safety inside registry cache
             const fileDest = join(cacheDir, file);
             const relativeToCache = relative(cacheDir, fileDest);
             if (relativeToCache.includes('..') || isAbsolute(relativeToCache)) {
@@ -5411,7 +5450,6 @@ function handleRegistrySync(name, options) {
     writeFileSync(join(cacheDir, 'checksums.json'), checksumsJson, 'utf8');
     console.log(`  → .ai/registry-cache/${name}/checksums.json ... OK`);
-    // Verify checksum against manifest if available
     if (policy.require_checksum && manifestData) {
       try {
         const manifest = JSON.parse(manifestData);
@@ -5430,12 +5468,106 @@ function handleRegistrySync(name, options) {
       } catch (e) {}
     }
-    // Update last_synced_at
-    source.last_synced_at = new Date().toISOString();
+    const syncedAt = new Date().toISOString();
+    source.last_synced_at = syncedAt;
     source.pinned_commit_or_hash = computeSHA256(catalogData);
     saveRegistrySources(sources);
-    // Count plugins
+    // --- Provenance lockfile + signature verification ---
+    const catalogHash = computeSHA256(catalogData);
+    const manifestHash = manifestData ? computeSHA256(manifestData) : null;
+    const projectDir = options.target || process.cwd();
+    let signingKey = null;
+    let signature = null;
+    try {
+      signingKey = loadSigningKey(projectDir);
+    } catch (sigKeyErr) {
+      console.log(`  \x1b[33mWarning: Signing key error — ${sigKeyErr.message}\x1b[0m`);
+    }
+    if (signingKey) {
+      try {
+        signature = signPayload(signingKey, catalogHash);
+        console.log('  \x1b[32m✓ Catalog signed with project signing key (HMAC-SHA256)\x1b[0m');
+      } catch (signErr) {
+        console.log(`  \x1b[33mWarning: Signing failed — ${signErr.message}\x1b[0m`);
+      }
+    } else {
+      if (policy.require_signature) {
+        console.error(`\x1b[31mError: policy require_signature is true but no signing key found.\x1b[0m`);
+        console.error(`  Generate a key with: npx multimodel-dev-os registry keygen --approved`);
+        process.exit(1);
+      }
+      console.log('  \x1b[33m⚠ No signing key — provenance recorded without signature.\x1b[0m');
+      console.log('    Generate a key with: npx multimodel-dev-os registry keygen --approved');
+    }
+    // Signature Block Verification on synced data
+    const trustedKeys = loadTrustedKeys(projectDir, policy);
+    let verifyRes = { verified: true, status: 'unsigned' };
+    let parsedManifest = null;
+    if (manifestData) {
+      try {
+        parsedManifest = JSON.parse(manifestData);
+        verifyRes = verifySignatureBlock({
+          manifest: parsedManifest,
+          trustedKeys,
+          policy,
+          hmacKey: signingKey,
+          source
+        });
+      } catch (_e) {}
+    } else {
+      if (policy.require_signature || policy.allow_unsigned_remote === false) {
+        verifyRes = { verified: false, error: 'Manifest missing but signature is required by policy.' };
+      }
+    }
+    const firstSig = parsedManifest && (parsedManifest.signature || (Array.isArray(parsedManifest.signatures) && parsedManifest.signatures[0]));
+    const sigBlock = firstSig && typeof firstSig === 'object' ? firstSig : null;
+    let trustedPublisherStatus = 'unknown';
+    if (sigBlock && sigBlock.key_id) {
+      const tk = trustedKeys.find(k => k.key_id === sigBlock.key_id);
+      if (tk) {
+        trustedPublisherStatus = tk.status || 'inactive';
+      }
+    }
+    let trustVerdict = 'failed';
+    if (verifyRes.verified) {
+      if (verifyRes.status === 'verified') {
+        trustVerdict = 'verified';
+      } else {
+        trustVerdict = 'unsigned_allowed';
+      }
+    }
+    const verificationErrors = verifyRes.errors || (verifyRes.error ? [verifyRes.error] : []);
+    const verificationWarnings = verifyRes.warning ? [verifyRes.warning] : [];
+    const lockfile = loadRegistryLockfile(projectDir);
+    updateLockfileEntry(lockfile, name, {
+      url: source.url,
+      synced_at: options.synced_at || syncedAt, // Allow override for test determinism
+      catalog_sha256: catalogHash,
+      manifest_sha256: manifestHash,
+      signature,
+      signature_alg: 'hmac-sha256',
+      public_signature_status: verifyRes.status || 'unsigned',
+      public_signature_algorithm: sigBlock ? sigBlock.algorithm : null,
+      public_signature_key_id: sigBlock ? sigBlock.key_id : null,
+      trusted_publisher_status: trustedPublisherStatus,
+      trust_store_path: policy.trusted_keys_file || '.ai/registries/trusted-keys.yaml',
+      trust_verdict: trustVerdict,
+      lockfile_verdict: 'verified',
+      verification_errors: verificationErrors,
+      verification_warnings: verificationWarnings
+    });
+    saveRegistryLockfile(projectDir, lockfile);
+    console.log(`  \x1b[32m✓ Provenance lockfile updated: .ai/registry-lock.json\x1b[0m`);
     let pluginCount = 0;
     try {
       const catParsed = parseYaml(catalogData);
@@ -5446,10 +5578,12 @@ function handleRegistrySync(name, options) {
     console.log(`  Cache location:  .ai/registry-cache/${name}/`);
     console.log(`  Plugins cached:  ${pluginCount} entries`);
     console.log(`  Checksum status: VERIFIED (SHA256)`);
-    console.log(`  Last synced:     ${source.last_synced_at}`);
+    console.log(`  Provenance:      ${signature ? 'SIGNED (HMAC-SHA256)' : 'Unsigned (no signing key)'}`);
+    console.log(`  Last synced:     ${syncedAt}`);
     console.log(`\nNext steps:`);
     console.log(`  • Browse:  npx multimodel-dev-os catalog list --source remote:${name}`);
     console.log(`  • Verify:  npx multimodel-dev-os registry verify ${name}`);
+    console.log(`  • Lock:    npx multimodel-dev-os registry lock`);
     console.log(`  • Install: npx multimodel-dev-os catalog install <slug> --approved\n`);
   } catch (e) {
     console.error(`\n\x1b[31mSync failed: ${e.message}\x1b[0m`);
@@ -5466,20 +5600,53 @@ function handleRegistryStatus(options) {
   const policy = loadRegistryPolicy(options.target);
   if (options.json) {
-    console.log(JSON.stringify({ sources, policy: { allow_remote_registries: policy.allow_remote_registries, require_checksum: policy.require_checksum } }, null, 2));
+    console.log(JSON.stringify({ sources, policy }, null, 2));
     return;
   }
+  const projectDir = options.target || process.cwd();
+  let signingKeyStatus = '\x1b[90mnot configured\x1b[0m';
+  try {
+    const sk = loadSigningKey(projectDir);
+    signingKeyStatus = sk ? `\x1b[32mconfigured\x1b[0m (${getSigningKeyPath(projectDir)})` : '\x1b[90mnot configured\x1b[0m';
+  } catch (e) {
+    signingKeyStatus = `\x1b[31merror: ${e.message}\x1b[0m`;
+  }
+  const lockfile = loadRegistryLockfile(projectDir);
+  const lockfileEntryCount = Object.keys(lockfile.entries).length;
+  const lockfilePath = getLockfilePath(projectDir);
+  const lockfileStatus = existsSync(lockfilePath)
+    ? `\x1b[32mpresent\x1b[0m (${lockfileEntryCount} entr${lockfileEntryCount === 1 ? 'y' : 'ies'})`
+    : '\x1b[90mnot present\x1b[0m';
   console.log(`\n📊 \x1b[36mRegistry Status [v${version}]\x1b[0m`);
   console.log('==================================================');
   console.log(`\x1b[33mPolicy State:\x1b[0m`);
-  console.log(`  allow_remote_registries:  \x1b[${policy.allow_remote_registries ? '32mtrue' : '33mfalse'}\x1b[0m (Disabled by default)`);
-  console.log(`  require_checksum:         ${policy.require_checksum ? '\x1b[32mtrue\x1b[0m (SHA256 integrity enforced)' : '\x1b[33mfalse\x1b[0m'}`);
-  console.log(`  require_signature:        ${policy.require_signature ? '\x1b[32mtrue\x1b[0m' : '\x1b[90mfalse (not enforced in v3.0)\x1b[0m'}`);
-  console.log(`  allow_untrusted_install:  ${policy.allow_untrusted_install ? '\x1b[33mtrue\x1b[0m' : '\x1b[32mfalse\x1b[0m (secured)'}`);
-  console.log(`  max_plugin_files:         ${policy.max_plugin_files}`);
-  console.log(`  max_plugin_size_kb:       ${policy.max_plugin_size_kb}KB`);
-  console.log(`  max_registry_cache_size:  ${policy.max_registry_cache_size_kb}KB`);
+  console.log(`  allow_remote_registries:    \x1b[${policy.allow_remote_registries ? '32mtrue' : '33mfalse'}\x1b[0m (Disabled by default)`);
+  console.log(`  require_checksum:           ${policy.require_checksum ? '\x1b[32mtrue\x1b[0m (SHA256 integrity enforced)' : '\x1b[33mfalse\x1b[0m'}`);
+  console.log(`  require_signature:          ${policy.require_signature ? '\x1b[32mtrue\x1b[0m (HMAC-SHA256 enforced)' : '\x1b[90mfalse\x1b[0m'}`);
+  console.log(`  require_lockfile_on_verify: ${policy.require_lockfile_on_verify ? '\x1b[32mtrue\x1b[0m' : '\x1b[90mfalse\x1b[0m'}`);
+  console.log(`  allow_untrusted_install:    ${policy.allow_untrusted_install ? '\x1b[33mtrue\x1b[0m' : '\x1b[32mfalse\x1b[0m (secured)'}`);
+  console.log(`  allow_unsigned_local:       ${policy.allow_unsigned_local ? '\x1b[32mtrue\x1b[0m' : '\x1b[33mfalse\x1b[0m'}`);
+  console.log(`  allow_unsigned_bundled:     ${policy.allow_unsigned_bundled ? '\x1b[32mtrue\x1b[0m' : '\x1b[33mfalse\x1b[0m'}`);
+  console.log(`  allow_unsigned_remote:      ${policy.allow_unsigned_remote ? '\x1b[32mtrue\x1b[0m' : '\x1b[33mfalse\x1b[0m'}`);
+  console.log(`  require_trusted_publisher:  ${policy.require_trusted_publisher ? '\x1b[32mtrue\x1b[0m' : '\x1b[90mfalse\x1b[0m'}`);
+  console.log(`  provenance_required:        ${policy.provenance_required ? '\x1b[32mtrue\x1b[0m' : '\x1b[90mfalse\x1b[0m'}`);
+  console.log(`  trusted_keys_file:          \x1b[36m${policy.trusted_keys_file}\x1b[0m`);
+  console.log(`  allowed_signature_algs:     \x1b[36m${(policy.allowed_signature_algorithms || []).join(', ')}\x1b[0m`);
+  console.log(`  max_plugin_files:           ${policy.max_plugin_files}`);
+  console.log(`  max_plugin_size_kb:         ${policy.max_plugin_size_kb}KB`);
+  console.log(`  max_registry_cache_size:    ${policy.max_registry_cache_size_kb}KB`);
+  console.log(`\n\x1b[33mSigning & Provenance:\x1b[0m`);
+  console.log(`  Signing key:    ${signingKeyStatus}`);
+  console.log(`  Lockfile:       ${lockfileStatus}`);
+  if (lockfileEntryCount > 0) {
+    Object.entries(lockfile.entries).forEach(([rName, entry]) => {
+      const sigBadge = entry.signature ? '\x1b[32m[signed]\x1b[0m' : '\x1b[33m[unsigned]\x1b[0m';
+      console.log(`    ${rName}: ${sigBadge} synced ${entry.synced_at || 'unknown'}`);
+    });
+  }
   console.log(`\n\x1b[33mSources:\x1b[0m`);
   sources.forEach(s => {
@@ -5506,88 +5673,360 @@ function handleRegistryVerify(name, options) {
   console.log(`\n🔍 \x1b[36mVerifying Registry: ${name}\x1b[0m`);
   console.log('==================================================');
-  if (name === 'bundled') {
-    const catalogPath = join(sourceRoot, '.ai', 'plugins', 'catalog.yaml');
-    if (!existsSync(catalogPath)) {
-      console.error('\x1b[31mError: Bundled catalog.yaml not found.\x1b[0m');
-      process.exit(1);
-    }
-    const content = readFileSync(catalogPath, 'utf8');
-    const hash = computeSHA256(content);
-    console.log(`  Verification Type: Local verification (no network required)`);
-    console.log(`  File:              .ai/plugins/catalog.yaml`);
-    console.log(`  SHA256 Checksum:   ${hash}`);
-    console.log(`  Status:            \x1b[32m✓ Present and readable (Integrity Verified)\x1b[0m`);
+  const projectDir = options.target || process.cwd();
+  const policy = loadRegistryPolicy(projectDir);
+  const sources = loadRegistrySources();
+  const source = sources.find(s => s.name === name);
-    // Verify it parses
-    try {
-      const parsed = parseYaml(content);
-      const pluginCount = ((parsed.catalog || {}).plugins || []).length;
-      console.log(`  Plugins:           ${pluginCount} entries parsed successfully`);
-      console.log(`\n\x1b[32m✔ Bundled registry verification passed. (Offline & Secure)\x1b[0m\n`);
-    } catch (e) {
-      console.error(`\n\x1b[31m✗ Bundled registry verification failed: ${e.message}\x1b[0m\n`);
-      process.exit(1);
-    }
-    return;
+  let isBundled = name === 'bundled';
+  let isLocal = source ? source.type === 'local' : false;
+  let isRemote = source ? source.type === 'remote' : false;
+  let url = source ? source.url : (isBundled ? '.ai/plugins/catalog.yaml' : null);
+  if (!source && !isBundled) {
+    console.error(`\x1b[31mError: Registry '${name}' is not configured.\x1b[0m`);
+    process.exit(1);
   }
-  // Verify remote cache
-  const sources = loadRegistrySources();
-  const source = sources.find(s => s.name === name);
-  if (source && source.type !== 'local') {
-    const policy = loadRegistryPolicy(options.target || process.cwd());
+  let urlValidationStatus = 'N/A';
+  if (isRemote) {
     try {
-      validateRegistryUrl(source.url, policy);
+      validateRegistryUrl(url, policy);
+      urlValidationStatus = '\x1b[32m✓ Valid HTTPS\x1b[0m';
     } catch (err) {
-      console.error(`\x1b[31mError: Registry '${name}' has an invalid URL: ${err.message}\x1b[0m`);
-      process.exit(1);
+      urlValidationStatus = `\x1b[31m✗ Invalid: ${err.message}\x1b[0m`;
     }
+  } else {
+    urlValidationStatus = '\x1b[32m✓ Valid Local Path\x1b[0m';
   }
-  const cacheDir = join(sourceRoot, '.ai', 'registry-cache', name);
-  if (!existsSync(cacheDir)) {
+  let cacheDir;
+  if (isBundled) {
+    cacheDir = join(sourceRoot, '.ai', 'plugins');
+  } else {
+    cacheDir = join(sourceRoot, '.ai', 'registry-cache', name);
+  }
+  const catalogDest = join(cacheDir, 'catalog.yaml');
+  const manifestDest = join(cacheDir, 'manifest.json');
+  const checksumPath = join(cacheDir, 'checksums.json');
+  if (!isBundled && !existsSync(cacheDir)) {
     console.error(`\x1b[31mError: No cache found for registry '${name}'. Run registry sync first.\x1b[0m`);
     process.exit(1);
   }
-  const checksumPath = join(cacheDir, 'checksums.json');
-  if (!existsSync(checksumPath)) {
-    console.error(`\x1b[31mError: No checksums.json found in cache for '${name}'.\x1b[0m`);
+  if (isBundled && !existsSync(catalogDest)) {
+    console.error(`\x1b[31mError: Bundled catalog.yaml not found.\x1b[0m`);
     process.exit(1);
   }
-  try {
-    const checksums = JSON.parse(readFileSync(checksumPath, 'utf8'));
-    let allPassed = true;
-    Object.entries(checksums).forEach(([file, expectedHash]) => {
-      const filePath = join(cacheDir, file);
-      if (!existsSync(filePath)) {
-        console.log(`  \x1b[31m✗ ${file}: MISSING\x1b[0m`);
-        allPassed = false;
-        return;
+  let catalogContent = '';
+  let catalogHash = 'N/A';
+  if (existsSync(catalogDest)) {
+    catalogContent = readFileSync(catalogDest, 'utf8');
+    catalogHash = computeSHA256(catalogContent);
+  }
+  let manifestObj = null;
+  let manifestHash = 'N/A';
+  if (existsSync(manifestDest)) {
+    const manifestData = readFileSync(manifestDest, 'utf8');
+    manifestHash = computeSHA256(manifestData);
+    try {
+      manifestObj = JSON.parse(manifestData);
+    } catch (e) {
+      console.warn(`\x1b[33mWarning: Failed to parse manifest.json: ${e.message}\x1b[0m`);
+    }
+  }
+  let integrityVerified = true;
+  if (!isBundled) {
+    if (!existsSync(checksumPath)) {
+      console.log(`  \x1b[33m⚠ Checksums: Missing checksums.json in cache\x1b[0m`);
+      integrityVerified = false;
+    } else {
+      try {
+        const checksums = JSON.parse(readFileSync(checksumPath, 'utf8'));
+        Object.entries(checksums).forEach(([file, expectedHash]) => {
+          const filePath = join(cacheDir, file);
+          if (!existsSync(filePath)) {
+            console.log(`  \x1b[31m✗ File missing in cache: ${file}\x1b[0m`);
+            integrityVerified = false;
+            return;
+          }
+          const content = readFileSync(filePath, 'utf8');
+          const actualHash = `sha256:${computeSHA256(content)}`;
+          if (actualHash === expectedHash) {
+            console.log(`  \x1b[32m✓ ${file}: VERIFIED (Integrity check matched via SHA-256)\x1b[0m`);
+          } else {
+            console.log(`  \x1b[31m✗ ${file}: MISMATCH\x1b[0m`);
+            console.log(`    Expected: ${expectedHash}`);
+            console.log(`    Actual:   ${actualHash}`);
+            integrityVerified = false;
+          }
+        });
+      } catch (e) {
+        console.log(`  \x1b[31m✗ Integrity: Failed to verify checksums: ${e.message}\x1b[0m`);
+        integrityVerified = false;
       }
-      const content = readFileSync(filePath, 'utf8');
-      const actualHash = `sha256:${computeSHA256(content)}`;
-      if (actualHash === expectedHash) {
-        console.log(`  \x1b[32m✓ ${file}: VERIFIED (Integrity check matched via SHA-256)\x1b[0m`);
+    }
+  }
+  const lockfile = loadRegistryLockfile(projectDir);
+  const lockEntry = lockfile.entries[name];
+  let lockfileStatus = 'N/A';
+  let provenanceStatus = 'N/A';
+  let lockfileVerdict = 'N/A';
+  if (!isBundled) {
+    const lockfilePath = getLockfilePath(projectDir);
+    lockfileStatus = existsSync(lockfilePath) ? `\x1b[32mpresent\x1b[0m` : `\x1b[33mmissing\x1b[0m`;
+    if (!lockEntry) {
+      if (policy.require_lockfile_on_verify) {
+        provenanceStatus = `\x1b[31m✗ Failed (require_lockfile_on_verify is true but entry missing)\x1b[0m`;
+        lockfileVerdict = 'Failed';
+      } else {
+        provenanceStatus = `\x1b[33m⚠ Missing provenance entry (no sync lock)\x1b[0m`;
+        lockfileVerdict = 'Missing';
+      }
+    } else {
+      let isProvMatch = true;
+      if (catalogHash !== lockEntry.catalog_sha256) {
+        isProvMatch = false;
+        console.log(`  \x1b[31m✗ Lockfile catalog hash mismatch: Expected ${lockEntry.catalog_sha256}, got ${catalogHash}\x1b[0m`);
+      }
+      if (manifestHash !== 'N/A' && lockEntry.manifest_sha256 && manifestHash !== lockEntry.manifest_sha256) {
+        isProvMatch = false;
+        console.log(`  \x1b[31m✗ Lockfile manifest hash mismatch: Expected ${lockEntry.manifest_sha256}, got ${manifestHash}\x1b[0m`);
+      }
+      if (isProvMatch) {
+        provenanceStatus = `\x1b[32m✓ Matched lockfile entry\x1b[0m`;
+        lockfileVerdict = 'Verified';
       } else {
-        console.log(`  \x1b[31m✗ ${file}: MISMATCH\x1b[0m`);
-        console.log(`    Expected: ${expectedHash}`);
-        console.log(`    Actual:   ${actualHash}`);
-        allPassed = false;
+        provenanceStatus = `\x1b[31m✗ Tampering detected: hashes do not match lockfile\x1b[0m`;
+        lockfileVerdict = 'Tampered';
       }
+    }
+  } else {
+    lockfileStatus = 'N/A (Bundled)';
+    provenanceStatus = '\x1b[32m✓ Implicit Trust\x1b[0m';
+    lockfileVerdict = 'Verified';
+  }
+  const trustedKeys = loadTrustedKeys(projectDir, policy);
+  let hmacKey = null;
+  try {
+    hmacKey = loadSigningKey(projectDir);
+  } catch (_e) {}
+  let signatureAlgorithm = 'None';
+  let signatureKeyId = 'None';
+  let trustedPublisherStatus = 'N/A';
+  let signatureValidity = 'N/A';
+  let signatureResult = { verified: true, status: 'unsigned' };
+  if (manifestObj) {
+    signatureResult = verifySignatureBlock({
+      manifest: manifestObj,
+      trustedKeys,
+      policy,
+      hmacKey,
+      source: source || { name: 'bundled', type: 'local' }
     });
-    if (allPassed) {
-      console.log(`\n\x1b[32m✔ Registry '${name}' verification passed.\x1b[0m\n`);
+    const signatureBlocks = [];
+    if (manifestObj.signature && typeof manifestObj.signature === 'object') {
+      signatureBlocks.push(manifestObj.signature);
+    }
+    if (Array.isArray(manifestObj.signatures)) {
+      signatureBlocks.push(...manifestObj.signatures);
+    }
+    if (signatureBlocks.length > 0) {
+      const firstSig = signatureBlocks[0];
+      signatureAlgorithm = firstSig.algorithm || 'unknown';
+      signatureKeyId = firstSig.key_id || 'unknown';
+      const tk = trustedKeys.find(k => k.key_id === signatureKeyId);
+      if (tk) {
+        trustedPublisherStatus = tk.status === 'active' ? `\x1b[32m✓ Trusted (${tk.name})\x1b[0m` : `\x1b[31m✗ ${tk.status} (${tk.name})\x1b[0m`;
+      } else {
+        trustedPublisherStatus = `\x1b[33m⚠ Unknown key_id (Not in trust store)\x1b[0m`;
+      }
+      if (signatureResult.verified) {
+        signatureValidity = `\x1b[32m✓ Valid Signature\x1b[0m`;
+      } else {
+        const errorMsg = signatureResult.errors ? signatureResult.errors.join(', ') : (signatureResult.error || 'signature verification failed');
+        signatureValidity = `\x1b[31m✗ Invalid Signature (${errorMsg})\x1b[0m`;
+      }
     } else {
-      console.error(`\n\x1b[31m✗ Registry '${name}' verification failed. Re-sync recommended.\x1b[0m\n`);
-      process.exit(1);
+      if (policy.require_signature || (isRemote && policy.allow_unsigned_remote === false)) {
+        signatureValidity = `\x1b[31m✗ Missing Signature (Enforced by policy)\x1b[0m`;
+      } else {
+        signatureValidity = `\x1b[90mUnsigned\x1b[0m`;
+      }
+    }
+  } else {
+    if (!isBundled && (policy.require_signature || (isRemote && policy.allow_unsigned_remote === false))) {
+      signatureResult = { verified: false, error: 'Manifest missing but signature is required by policy.' };
+      signatureValidity = `\x1b[31m✗ Manifest missing (Enforced by policy)\x1b[0m`;
+    } else {
+      signatureValidity = `\x1b[90mUnsigned (No manifest)\x1b[0m`;
+    }
+  }
+  console.log(`  Source Type:        ${isBundled ? 'bundled' : source.type}`);
+  console.log(`  Source URL/Path:    ${url}`);
+  console.log(`  URL Validation:     ${urlValidationStatus}`);
+  console.log(`  Manifest SHA256:    ${manifestHash}`);
+  console.log(`  Catalog SHA256:     ${catalogHash}`);
+  console.log(`  Lockfile Status:    ${lockfileStatus}`);
+  console.log(`  Provenance Status:  ${provenanceStatus}`);
+  console.log(`  Signature Alg:      ${signatureAlgorithm}`);
+  console.log(`  Signature Key ID:   ${signatureKeyId}`);
+  console.log(`  Trusted Publisher:  ${trustedPublisherStatus}`);
+  console.log(`  Signature Validity: ${signatureValidity}`);
+  let finalVerdict = '✗ Failed';
+  let passed = true;
+  if (!integrityVerified) passed = false;
+  if (!isBundled && lockfileVerdict === 'Failed') passed = false;
+  if (!isBundled && lockfileVerdict === 'Tampered') passed = false;
+  if (!signatureResult.verified) passed = false;
+  if (passed) {
+    if (signatureResult.status === 'verified') {
+      finalVerdict = `\x1b[32m✓ Verified (Signature matches trusted key)\x1b[0m`;
+    } else if (isBundled || isLocal) {
+      finalVerdict = `\x1b[32m✓ Verified (Implicit local trust)\x1b[0m`;
+    } else {
+      finalVerdict = `\x1b[33m⚠ Unsigned (Allowed by policy)\x1b[0m`;
     }
+  } else {
+    const reason = !integrityVerified
+      ? 'Integrity check failed'
+      : (lockfileVerdict === 'Tampered'
+        ? 'Lockfile tampering detected'
+        : (signatureResult.error || (signatureResult.errors && signatureResult.errors.join(', ')) || 'Signature verification failed'));
+    finalVerdict = `\x1b[31m✗ Failed (${reason})\x1b[0m`;
+  }
+  console.log(`  Final Trust:        ${finalVerdict}`);
+  console.log('==================================================');
+  try {
+    const parsed = parseYaml(catalogContent);
+    const pluginCount = ((parsed.catalog || {}).plugins || []).length;
+    console.log(`  Plugins Parsed:     ${pluginCount} entries`);
   } catch (e) {
-    console.error(`\x1b[31mError: Failed to read checksums: ${e.message}\x1b[0m`);
+    console.error(`\x1b[31m✗ Catalog parsing failed: ${e.message}\x1b[0m`);
+    process.exit(1);
+  }
+  const verdict = createTrustVerdict({
+    source: name,
+    source_type: isBundled ? 'bundled' : (source ? source.type : 'remote'),
+    manifest_hash_status: manifestHash !== 'N/A' ? (lockEntry && manifestHash === lockEntry.manifest_sha256 ? 'verified' : (manifestObj ? 'unverified' : 'missing')) : 'N/A',
+    catalog_hash_status: catalogHash !== 'N/A' ? (lockEntry && catalogHash === lockEntry.catalog_sha256 ? 'verified' : 'unverified') : 'N/A',
+    lockfile_status: isBundled ? 'N/A' : (lockEntry ? 'present' : 'missing'),
+    provenance_status: isBundled ? 'N/A' : (lockEntry ? (lockfileVerdict === 'Verified' ? 'matched' : (lockfileVerdict === 'Tampered' ? 'mismatch' : 'missing')) : 'N/A'),
+    signature_status: signatureResult.status || 'unsigned',
+    trusted_publisher_status: signatureResult.status === 'verified' ? 'trusted' : 'N/A',
+    errors: signatureResult.errors || (signatureResult.error ? [signatureResult.error] : []),
+    warnings: signatureResult.warning ? [signatureResult.warning] : [],
+    final_status: passed ? (signatureResult.status === 'verified' ? 'trusted' : (isBundled || isLocal ? 'trusted' : 'warning')) : 'untrusted'
+  });
+  if (!isBundled && lockEntry) {
+    lockEntry.trust_verdict = passed ? (signatureResult.status === 'verified' ? 'verified' : 'unsigned_allowed') : 'failed';
+    lockEntry.lockfile_verdict = lockfileVerdict.toLowerCase();
+    lockEntry.verification_errors = verdict.errors;
+    lockEntry.verification_warnings = verdict.warnings;
+    lockEntry.verdict = verdict;
+    saveRegistryLockfile(projectDir, lockfile);
+  }
+  if (passed) {
+    console.log(`\n\x1b[32m✔ Registry '${name}' verification passed.\x1b[0m\n`);
+  } else {
+    console.error(`\n\x1b[31m✗ Registry '${name}' verification failed.\x1b[0m\n`);
+    process.exit(1);
+  }
+}
+function handleRegistryTrustList(options) {
+  const projectDir = options.target || process.cwd();
+  const policy = loadRegistryPolicy(projectDir);
+  const keys = loadTrustedKeys(projectDir, policy);
+  console.log(`\n🔑 \x1b[36mRegistry Trust Store — Trusted Keys\x1b[0m`);
+  console.log('==================================================');
+  console.log(`Trust Store Path: \x1b[36m${policy.trusted_keys_file || '.ai/registries/trusted-keys.yaml'}\x1b[0m`);
+  console.log(`Total Keys:       ${keys.length}\n`);
+  if (keys.length === 0) {
+    console.log('  No trusted keys configured.');
+  } else {
+    keys.forEach(k => {
+      const statusBadge = k.status === 'active' ? '\x1b[32m● active\x1b[0m' : `\x1b[31m○ ${k.status}\x1b[0m`;
+      console.log(`  * \x1b[33m${k.key_id}\x1b[0m  [${statusBadge}]`);
+      console.log(`    Publisher: ${k.name}`);
+      console.log(`    Algorithm: ${k.algorithm}`);
+      console.log(`    Scopes:    ${(k.scopes || []).join(', ')}`);
+    });
+  }
+  console.log('');
+}
+function handleRegistryTrustShow(keyId, options) {
+  const projectDir = options.target || process.cwd();
+  const policy = loadRegistryPolicy(projectDir);
+  const keys = loadTrustedKeys(projectDir, policy);
+  const k = keys.find(key => key.key_id === keyId);
+  if (!k) {
+    console.error(`\x1b[31mError: Trusted key '${keyId}' not found in the trust store.\x1b[0m`);
+    process.exit(1);
+  }
+  console.log(`\n🔑 \x1b[36mTrusted Key: ${keyId}\x1b[0m`);
+  console.log('==================================================');
+  console.log(`\x1b[33mKey ID:\x1b[0m         ${k.key_id}`);
+  console.log(`\x1b[33mPublisher:\x1b[0m      ${k.name}`);
+  console.log(`\x1b[33mAlgorithm:\x1b[0m      ${k.algorithm}`);
+  console.log(`\x1b[33mStatus:\x1b[0m         ${k.status === 'active' ? '\x1b[32mactive\x1b[0m' : `\x1b[31m${k.status}\x1b[0m`}`);
+  console.log(`\x1b[33mScopes:\x1b[0m         ${(k.scopes || []).join(', ')}`);
+  console.log(`\x1b[33mPublic Key:\x1b[0m\n${k.public_key.trim()}`);
+  console.log('');
+}
+function handleRegistryTrustVerify(options) {
+  const projectDir = options.target || process.cwd();
+  const policy = loadRegistryPolicy(projectDir);
+  const keys = loadTrustedKeys(projectDir, policy);
+  console.log(`\n🔑 \x1b[36mVerifying Trust Store Integrity...\x1b[0m`);
+  console.log('==================================================');
+  let passed = true;
+  keys.forEach(k => {
+    try {
+      normalizePublicKey(k.public_key);
+      console.log(`  \x1b[32m✓\x1b[0m Key '${k.key_id}' public key format is valid.`);
+    } catch (e) {
+      console.log(`  \x1b[31m✗\x1b[0m Key '${k.key_id}' public key format error: ${e.message}`);
+      passed = false;
+    }
+  });
+  if (passed) {
+    console.log(`\n\x1b[32m✔ Trust store verification passed.\x1b[0m\n`);
+  } else {
+    console.error(`\n\x1b[31m✗ Trust store verification failed.\x1b[0m\n`);
     process.exit(1);
   }
 }
@@ -5716,3 +6155,109 @@ function handleRegistryCacheClear(options) {
   console.log(`  Directories processed: ${cleared}`);
   console.log(`  Cache root: .ai/registry-cache/\n`);
 }
+// --- Registry Signing Handlers ---
+function handleRegistryKeygen(options) {
+  const projectDir = options.target || process.cwd();
+  const keyPath = getSigningKeyPath(projectDir);
+  console.log(`\n🔑 \x1b[36mRegistry Signing Key Generator\x1b[0m`);
+  console.log('==================================================');
+  if (!options.approved) {
+    console.error('\x1b[31mError: Signing key generation requires explicit approval. Pass the --approved flag.\x1b[0m');
+    console.log(`\n\x1b[33mPlanned Action:\x1b[0m Generate a 32-byte random HMAC-SHA256 signing key.`);
+    console.log(`  Destination: ${keyPath}`);
+    console.log(`  Mode:        0o600 (owner read/write only)`);
+    console.log(`\n\x1b[33mSecurity Notes:\x1b[0m`);
+    console.log(`  • Add .ai/registry-signing-key to your .gitignore`);
+    console.log(`  • Share the key securely with trusted team members for co-verification`);
+    console.log(`  • The key is used for HMAC-SHA256 signing of catalog checksums only`);
+    console.log(`\nTo generate, run:`);
+    console.log(`  \x1b[36mnpx multimodel-dev-os registry keygen --approved\x1b[0m\n`);
+    process.exit(1);
+  }
+  // Check existing key
+  let existingKey = null;
+  try {
+    existingKey = loadSigningKey(projectDir);
+  } catch (_e) {}
+  if (existingKey && !options.force) {
+    console.error(`\x1b[31mError: A signing key already exists at: ${keyPath}\x1b[0m`);
+    console.log(`\nTo overwrite, run with --force:`);
+    console.log(`  \x1b[36mnpx multimodel-dev-os registry keygen --approved --force\x1b[0m`);
+    console.log(`\n\x1b[33mWarning:\x1b[0m Overwriting will invalidate all existing signatures in the lockfile.\n`);
+    process.exit(1);
+  }
+  const newKey = generateSigningKey();
+  saveSigningKey(projectDir, newKey);
+  console.log(`\n\x1b[32m✔ Signing key generated successfully!\x1b[0m`);
+  console.log(`  Location: ${keyPath}`);
+  console.log(`  Mode:     0o600 (restricted permissions)`);
+  console.log(`\n\x1b[33mNext steps:\x1b[0m`);
+  console.log(`  1. Add to .gitignore: echo '.ai/registry-signing-key' >> .gitignore`);
+  console.log(`  2. Re-sync registries to generate signed lockfile entries:`);
+  console.log(`       npx multimodel-dev-os registry sync <name> --approved`);
+  console.log(`  3. Verify signed provenance:`);
+  console.log(`       npx multimodel-dev-os registry verify <name>\n`);
+}
+function handleRegistryLock(options) {
+  const projectDir = options.target || process.cwd();
+  const lockfilePath = getLockfilePath(projectDir);
+  console.log(`\n🔒 \x1b[36mRegistry Provenance Lockfile\x1b[0m`);
+  console.log('==================================================');
+  if (!existsSync(lockfilePath)) {
+    console.log(`  \x1b[90mNo lockfile found at: ${lockfilePath}\x1b[0m`);
+    console.log(`  Sync a remote registry to create it:`);
+    console.log(`    npx multimodel-dev-os registry sync <name> --approved\n`);
+    return;
+  }
+  const lockfile = loadRegistryLockfile(projectDir);
+  const entries = Object.entries(lockfile.entries);
+  if (options.json) {
+    console.log(JSON.stringify(lockfile, null, 2));
+    return;
+  }
+  console.log(`  Lockfile version: ${lockfile.lockfile_version}`);
+  console.log(`  Generated at:     ${lockfile.generated_at}`);
+  console.log(`  Path:             ${lockfilePath}`);
+  console.log(`  Entries:          ${entries.length}\n`);
+  if (entries.length === 0) {
+    console.log(`  \x1b[90mNo registry entries recorded yet.\x1b[0m`);
+    console.log(`  Sync a remote registry to populate:\n    npx multimodel-dev-os registry sync <name> --approved\n`);
+    return;
+  }
+  entries.forEach(([name, entry]) => {
+    const sigBadge = entry.signature
+      ? `\x1b[32m[SIGNED — HMAC-SHA256]\x1b[0m`
+      : `\x1b[33m[UNSIGNED]\x1b[0m`;
+    console.log(`  \x1b[32m${name}\x1b[0m  ${sigBadge}`);
+    console.log(`    URL:             ${entry.url}`);
+    console.log(`    Synced at:       ${entry.synced_at}`);
+    console.log(`    Catalog SHA-256: ${entry.catalog_sha256}`);
+    if (entry.manifest_sha256) {
+      console.log(`    Manifest SHA256: ${entry.manifest_sha256}`);
+    }
+    if (entry.signature) {
+      console.log(`    Signature:       ${entry.signature.slice(0, 24)}...`);
+      console.log(`    Sig algorithm:   ${entry.signature_alg}`);
+    }
+    console.log('');
+  });
+  console.log('Use \x1b[36mregistry verify <name>\x1b[0m to re-verify cached files against the lockfile.');
+  console.log('Use \x1b[36mregistry keygen --approved\x1b[0m to generate a signing key for HMAC signatures.\n');
+}