multimodel-dev-os 3.2.0 → 3.5.0

package/src/core/policy.js

@@ -10,13 +10,21 @@ export function loadRegistryPolicy(targetDir) {
     require_approval_for_remote_sync: true,
     require_checksum: true,
     require_signature: false,
+    require_lockfile_on_verify: false,
     allow_untrusted_install: false,
     allowed_write_roots: ['.ai/', 'adapters/'],
     blocked_paths: ['.env', '.npmrc', '.git/', 'node_modules/', 'package.json', 'package-lock.json', 'pnpm-lock.yaml', 'yarn.lock'],
     max_plugin_files: 20,
     max_plugin_size_kb: 100,
     max_registry_cache_size_kb: 512,
-    allowed_file_extensions: ['.md', '.yaml', '.yml', '.json']
+    allowed_file_extensions: ['.md', '.yaml', '.yml', '.json'],
+    allow_unsigned_local: true,
+    allow_unsigned_bundled: true,
+    allow_unsigned_remote: false,
+    trusted_keys_file: '.ai/registries/trusted-keys.yaml',
+    allowed_signature_algorithms: ['ed25519', 'hmac-sha256'],
+    require_trusted_publisher: false,
+    provenance_required: true
   };
   const paths = [];
   if (targetDir) {

package/src/registry/provenance.js

@@ -0,0 +1,114 @@
+/**
+ * Registry Provenance — Lockfile I/O
+ *
+ * Manages `.ai/registry-lock.json`, the tamper-evident record that captures
+ * deterministic provenance for every synced registry: URL, catalog/manifest
+ * hashes, sync timestamp, and optional HMAC-SHA256 signature.
+ *
+ * This module is pure I/O + structure. No signing logic lives here.
+ * See: src/registry/signing.js for HMAC operations.
+ */
+
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { join, dirname } from 'path';
+
+const LOCKFILE_VERSION = '1';
+const LOCKFILE_FILENAME = 'registry-lock.json';
+
+/**
+ * Return the absolute path to the registry lockfile for a given project dir.
+ * @param {string} targetDir  Absolute path to the project root.
+ * @returns {string}
+ */
+export function getLockfilePath(targetDir) {
+  return join(targetDir, '.ai', LOCKFILE_FILENAME);
+}
+
+/**
+ * Load the registry lockfile from disk.
+ * Returns a well-formed empty structure if the file does not exist or is invalid.
+ *
+ * @param {string} targetDir  Absolute path to the project root.
+ * @returns {{ lockfile_version: string, generated_at: string, entries: Object }}
+ */
+export function loadRegistryLockfile(targetDir) {
+  const lockfilePath = getLockfilePath(targetDir);
+  const empty = { lockfile_version: LOCKFILE_VERSION, generated_at: '', entries: {} };
+
+  if (!existsSync(lockfilePath)) {
+    return empty;
+  }
+
+  try {
+    const raw = readFileSync(lockfilePath, 'utf8');
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed !== 'object' || !parsed.entries) {
+      return empty;
+    }
+    // Ensure lockfile_version is present
+    parsed.lockfile_version = parsed.lockfile_version || LOCKFILE_VERSION;
+    return parsed;
+  } catch (_e) {
+    return empty;
+  }
+}
+
+/**
+ * Persist the lockfile to disk.
+ * Creates the `.ai/` directory if it does not exist.
+ *
+ * @param {string} targetDir  Absolute path to the project root.
+ * @param {{ lockfile_version: string, generated_at: string, entries: Object }} lockfile
+ */
+export function saveRegistryLockfile(targetDir, lockfile) {
+  const lockfilePath = getLockfilePath(targetDir);
+  const lockfileDir = dirname(lockfilePath);
+
+  if (!existsSync(lockfileDir)) {
+    mkdirSync(lockfileDir, { recursive: true });
+  }
+
+  lockfile.generated_at = new Date().toISOString();
+  lockfile.lockfile_version = LOCKFILE_VERSION;
+
+  writeFileSync(lockfilePath, JSON.stringify(lockfile, null, 2) + '\n', 'utf8');
+}
+
+/**
+ * Upsert a provenance entry for a registry into the lockfile object.
+ * Does NOT write to disk — call saveRegistryLockfile() after this.
+ *
+ * @param {{ entries: Object }} lockfile         The lockfile object to mutate.
+ * @param {string}              name             Registry name key.
+ * @param {ProvenanceEntry}     entry
+ *
+ * @typedef  {Object}      ProvenanceEntry
+ * @property {string}      url              Registry URL.
+ * @property {string}      synced_at        ISO 8601 timestamp of the sync.
+ * @property {string}      catalog_sha256   SHA-256 hex of the downloaded catalog.yaml.
+ * @property {string|null} manifest_sha256  SHA-256 hex of manifest.json (null if not downloaded).
+ * @property {string|null} signature        HMAC-SHA256 hex of catalog_sha256 (null if no key).
+ * @property {string}      signature_alg    Algorithm identifier (e.g. "hmac-sha256").
+ */
+export function updateLockfileEntry(lockfile, name, entry) {
+  if (!lockfile.entries || typeof lockfile.entries !== 'object') {
+    lockfile.entries = {};
+  }
+  lockfile.entries[name] = {
+    url: entry.url,
+    synced_at: entry.synced_at || new Date().toISOString(),
+    catalog_sha256: entry.catalog_sha256,
+    manifest_sha256: entry.manifest_sha256 ?? null,
+    signature: entry.signature ?? null,
+    signature_alg: entry.signature_alg || 'hmac-sha256',
+    public_signature_status: entry.public_signature_status ?? null,
+    public_signature_algorithm: entry.public_signature_algorithm ?? null,
+    public_signature_key_id: entry.public_signature_key_id ?? null,
+    trusted_publisher_status: entry.trusted_publisher_status ?? null,
+    trust_store_path: entry.trust_store_path ?? null,
+    trust_verdict: entry.trust_verdict ?? null,
+    lockfile_verdict: entry.lockfile_verdict ?? null,
+    verification_errors: entry.verification_errors ?? [],
+    verification_warnings: entry.verification_warnings ?? []
+  };
+}

package/src/registry/signing.js

@@ -0,0 +1,392 @@
+/**
+ * Registry Signing — HMAC-SHA256 and Ed25519 key management + verification
+ *
+ * Provides project-scoped HMAC signing and public-key Ed25519 signature verification
+ * for registry manifests.
+ *
+ * HMAC key is stored at `.ai/registry-signing-key` as a 64-char hex string
+ * (32 random bytes). The file should be gitignored.
+ *
+ * Uses only Node.js built-in `crypto` — zero runtime dependencies.
+ */
+
+import { generateKeyPairSync, sign, verify, createHmac, timingSafeEqual, randomBytes } from 'crypto';
+import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync } from 'fs';
+import { join, dirname } from 'path';
+
+const SIGNING_KEY_FILENAME = 'registry-signing-key';
+
+/**
+ * Return the absolute path to the signing key file for a given project dir.
+ * @param {string} targetDir  Absolute path to the project root.
+ * @returns {string}
+ */
+export function getSigningKeyPath(targetDir) {
+  return join(targetDir, '.ai', SIGNING_KEY_FILENAME);
+}
+
+/**
+ * Load the project-scoped signing key from `.ai/registry-signing-key`.
+ * Returns null (without throwing) if the file does not exist.
+ * Throws if the file exists but contains an invalid key format.
+ *
+ * @param {string} targetDir  Absolute path to the project root.
+ * @returns {string|null}     64-char hex key string, or null.
+ */
+export function loadSigningKey(targetDir) {
+  const keyPath = getSigningKeyPath(targetDir);
+  if (!existsSync(keyPath)) {
+    return null;
+  }
+
+  const raw = readFileSync(keyPath, 'utf8').trim();
+
+  if (!/^[0-9a-f]{64}$/.test(raw)) {
+    throw new Error(
+      `Signing key at '${keyPath}' is malformed. Expected a 64-character lowercase hex string (32 bytes). ` +
+      `Re-generate with: npx multimodel-dev-os registry keygen --approved`
+    );
+  }
+
+  return raw;
+}
+
+/**
+ * Generate a new random 32-byte signing key (64-char hex).
+ * @returns {string}  64-char hex string.
+ */
+export function generateSigningKey() {
+  return randomBytes(32).toString('hex');
+}
+
+/**
+ * Write a signing key to disk at the project-scoped location.
+ * Creates the `.ai/` directory if it does not exist.
+ * Sets file permissions to 0o600 (owner read/write only) where supported.
+ *
+ * @param {string} targetDir  Absolute path to the project root.
+ * @param {string} key        64-char hex key string.
+ */
+export function saveSigningKey(targetDir, key) {
+  const keyPath = getSigningKeyPath(targetDir);
+  const keyDir = dirname(keyPath);
+
+  if (!existsSync(keyDir)) {
+    mkdirSync(keyDir, { recursive: true });
+  }
+
+  writeFileSync(keyPath, key + '\n', { encoding: 'utf8', mode: 0o600 });
+
+  // Best-effort chmod on platforms that support it (no-op on Windows)
+  try {
+    chmodSync(keyPath, 0o600);
+  } catch (_e) {}
+}
+
+/**
+ * Compute HMAC-SHA256 of a payload using the provided hex key.
+ *
+ * @param {string} hexKey  64-char hex signing key.
+ * @param {string} payload Plaintext string to sign (typically the catalog_sha256 hex).
+ * @returns {string}       HMAC-SHA256 hex digest.
+ */
+export function signPayload(hexKey, payload) {
+  if (typeof hexKey !== 'string' || !/^[0-9a-f]{64}$/.test(hexKey)) {
+    throw new Error('Invalid signing key: must be a 64-character lowercase hex string.');
+  }
+  if (typeof payload !== 'string') {
+    throw new Error('Payload to sign must be a string.');
+  }
+
+  const keyBytes = Buffer.from(hexKey, 'hex');
+  return createHmac('sha256', keyBytes).update(payload, 'utf8').digest('hex');
+}
+
+/**
+ * Verify that a previously computed HMAC-SHA256 signature matches the payload.
+ * Uses `timingSafeEqual` to prevent timing-based side-channel attacks.
+ *
+ * @param {string} hexKey       64-char hex signing key.
+ * @param {string} payload      Plaintext string that was signed.
+ * @param {string} expectedSig  The stored HMAC-SHA256 hex digest to compare against.
+ * @returns {boolean}           true if valid, false if tampered or mismatched.
+ */
+export function verifySignature(hexKey, payload, expectedSig) {
+  if (typeof hexKey !== 'string' || typeof payload !== 'string' || typeof expectedSig !== 'string') {
+    return false;
+  }
+
+  let actualSig;
+  try {
+    actualSig = signPayload(hexKey, payload);
+  } catch (_e) {
+    return false;
+  }
+
+  if (actualSig.length !== expectedSig.length) {
+    return false;
+  }
+
+  try {
+    return timingSafeEqual(
+      Buffer.from(actualSig, 'hex'),
+      Buffer.from(expectedSig, 'hex')
+    );
+  } catch (_e) {
+    return false;
+  }
+}
+
+/**
+ * Generate a deterministic canonical payload string from an object based on specified fields.
+ * Recursively sorts keys of nested objects to ensure key order stability.
+ *
+ * @param {Object} data    The source object.
+ * @param {string[]} fields The fields to extract and canonicalize.
+ * @returns {string}       JSON-serialized canonical string.
+ */
+export function createCanonicalPayload(data, fields) {
+  if (!data || typeof data !== 'object') {
+    throw new Error('Data must be an object.');
+  }
+  if (!Array.isArray(fields)) {
+    throw new Error('Fields must be an array of strings.');
+  }
+  const sortedFields = [...fields].sort();
+  const obj = {};
+  for (const field of sortedFields) {
+    if (data[field] !== undefined) {
+      obj[field] = data[field];
+    }
+  }
+  return JSON.stringify(obj, (key, value) => {
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+      return Object.keys(value).sort().reduce((sorted, k) => {
+        sorted[k] = value[k];
+        return sorted;
+      }, {});
+    }
+    return value;
+  });
+}
+
+/**
+ * Generate an Ed25519 keypair in PEM SPKI/PKCS8 format.
+ *
+ * @returns {{ publicKey: string, privateKey: string }}
+ */
+export function generateEd25519KeyPair() {
+  const { publicKey, privateKey } = generateKeyPairSync('ed25519', {
+    publicKeyEncoding: {
+      type: 'spki',
+      format: 'pem'
+    },
+    privateKeyEncoding: {
+      type: 'pkcs8',
+      format: 'pem'
+    }
+  });
+  return { publicKey, privateKey };
+}
+
+/**
+ * Sign a payload using an Ed25519 private key PEM.
+ *
+ * @param {string} privateKey Ed25519 PEM private key string.
+ * @param {string} payload    Canonical payload string.
+ * @returns {string}          Base64-encoded signature.
+ */
+export function signEd25519Payload(privateKey, payload) {
+  if (typeof privateKey !== 'string') {
+    throw new Error('Private key must be a PEM string.');
+  }
+  if (typeof payload !== 'string') {
+    throw new Error('Payload to sign must be a string.');
+  }
+  const signatureBuffer = sign(null, Buffer.from(payload, 'utf8'), privateKey);
+  return signatureBuffer.toString('base64');
+}
+
+/**
+ * Normalize a public key to ensure it is in PEM SPKI format.
+ * Wraps bare base64 public keys in SPKI headers/footers if needed.
+ *
+ * @param {string} input  PEM public key or raw base64.
+ * @returns {string}      Normalized PEM public key string.
+ */
+export function normalizePublicKey(input) {
+  if (typeof input !== 'string') {
+    throw new Error('Public key must be a string.');
+  }
+  let trimmed = input.trim();
+  if (trimmed.startsWith('-----BEGIN PUBLIC KEY-----')) {
+    return trimmed;
+  }
+  if (trimmed.startsWith('-----BEGIN')) {
+    return trimmed;
+  }
+  const clean = trimmed.replace(/\s+/g, '');
+  const lines = [];
+  for (let i = 0; i < clean.length; i += 64) {
+    lines.push(clean.slice(i, i + 64));
+  }
+  return `-----BEGIN PUBLIC KEY-----\n${lines.join('\n')}\n-----END PUBLIC KEY-----`;
+}
+
+/**
+ * Verify an Ed25519 signature of a payload.
+ *
+ * @param {string} publicKey Public key in PEM or raw base64.
+ * @param {string} payload   Payload that was signed.
+ * @param {string} signature Base64 signature to verify.
+ * @returns {boolean}        true if signature is valid, false otherwise.
+ */
+export function verifyEd25519Payload(publicKey, payload, signature) {
+  if (typeof publicKey !== 'string' || typeof payload !== 'string' || typeof signature !== 'string') {
+    return false;
+  }
+  try {
+    const pubKey = normalizePublicKey(publicKey);
+    const sigBuffer = Buffer.from(signature, 'base64');
+    return verify(null, Buffer.from(payload, 'utf8'), pubKey, sigBuffer);
+  } catch (_e) {
+    return false;
+  }
+}
+
+/**
+ * Detect the signature algorithm from a signature block object.
+ *
+ * @param {Object} signatureBlock  The signature block.
+ * @returns {string|null}          Algorithm name or null.
+ */
+export function detectSignatureAlgorithm(signatureBlock) {
+  if (!signatureBlock || typeof signatureBlock !== 'object') {
+    return null;
+  }
+  return signatureBlock.algorithm || null;
+}
+
+/**
+ * Verify a manifest signature or signatures array block using trusted keys and policy.
+ *
+ * @param {Object} options
+ * @param {Object} options.manifest     Parsed registry manifest object.
+ * @param {Object[]} options.trustedKeys Array of trusted publishers from trust store.
+ * @param {Object} [options.policy]      Policy settings.
+ * @param {string|null} [options.hmacKey] Project HMAC key.
+ * @param {Object} [options.source]     Source configuration for the registry.
+ * @returns {{ verified: boolean, status: string, error?: string, errors?: string[], warning?: string, message?: string, verified_signatures?: Object[] }}
+ */
+export function verifySignatureBlock({ manifest, trustedKeys, policy = {}, hmacKey = null, source = {} }) {
+  const isBundled = source.name === 'bundled';
+  const isLocal = source.type === 'local';
+  const isRemote = source.type === 'remote' || (!isBundled && !isLocal);
+
+  const signatureBlocks = [];
+  if (manifest.signature && typeof manifest.signature === 'object') {
+    signatureBlocks.push(manifest.signature);
+  }
+  if (Array.isArray(manifest.signatures)) {
+    signatureBlocks.push(...manifest.signatures);
+  }
+
+  if (signatureBlocks.length === 0) {
+    if (policy.require_signature) {
+      return { verified: false, status: 'failed', error: 'Signature is required by policy but missing from manifest.' };
+    }
+    if (isRemote && policy.allow_unsigned_remote === false) {
+      return { verified: false, status: 'failed', error: 'Unsigned remote registries are not allowed by policy.' };
+    }
+    if (isBundled && policy.allow_unsigned_bundled === false) {
+      return { verified: false, status: 'failed', error: 'Unsigned bundled registries are not allowed by policy.' };
+    }
+    if (isLocal && !isBundled && policy.allow_unsigned_local === false) {
+      return { verified: false, status: 'failed', error: 'Unsigned local registries are not allowed by policy.' };
+    }
+    return { verified: true, status: 'unsigned', message: 'Registry is unsigned (allowed by policy).' };
+  }
+
+  let verifiedCount = 0;
+  const errors = [];
+  const allowedAlgs = policy.allowed_signature_algorithms || ['ed25519', 'hmac-sha256'];
+
+  for (const sigBlock of signatureBlocks) {
+    const alg = sigBlock.algorithm;
+    const keyId = sigBlock.key_id;
+    const signature = sigBlock.signature;
+    const signedFields = sigBlock.signed_fields;
+
+    if (!alg || !keyId || !signature || !Array.isArray(signedFields)) {
+      errors.push(`Malformed signature block for key_id '${keyId || 'unknown'}'.`);
+      continue;
+    }
+
+    if (!allowedAlgs.includes(alg)) {
+      errors.push(`Signature algorithm '${alg}' is not allowed by policy (allowed: ${allowedAlgs.join(', ')}).`);
+      continue;
+    }
+
+    if (alg === 'hmac-sha256') {
+      if (!hmacKey) {
+        errors.push(`HMAC key not configured locally for key_id '${keyId}'.`);
+        continue;
+      }
+      try {
+        const payload = createCanonicalPayload(manifest, signedFields);
+        const expected = createHmac('sha256', Buffer.from(hmacKey, 'hex')).update(payload, 'utf8').digest('hex');
+        if (timingSafeEqual(Buffer.from(signature, 'hex'), Buffer.from(expected, 'hex'))) {
+          verifiedCount++;
+        } else {
+          errors.push(`Invalid HMAC signature for key_id '${keyId}'.`);
+        }
+      } catch (err) {
+        errors.push(`HMAC signature verification failed: ${err.message}`);
+      }
+    } else if (alg === 'ed25519') {
+      const trustedKey = trustedKeys ? trustedKeys.find(k => k.key_id === keyId) : null;
+      if (!trustedKey) {
+        errors.push(`Key ID '${keyId}' not found in trust store.`);
+        continue;
+      }
+
+      if (trustedKey.status !== 'active') {
+        errors.push(`Key ID '${keyId}' is ${trustedKey.status} (must be active).`);
+        continue;
+      }
+
+      const scopes = trustedKey.scopes || [];
+      if (!scopes.includes('registry') && !scopes.includes('catalog')) {
+        errors.push(`Key ID '${keyId}' does not have required scope 'registry' or 'catalog' (scopes: ${scopes.join(', ')}).`);
+        continue;
+      }
+
+      try {
+        const payload = createCanonicalPayload(manifest, signedFields);
+        if (verifyEd25519Payload(trustedKey.public_key, payload, signature)) {
+          verifiedCount++;
+        } else {
+          errors.push(`Invalid Ed25519 signature for key_id '${keyId}'.`);
+        }
+      } catch (err) {
+        errors.push(`Ed25519 signature verification failed: ${err.message}`);
+      }
+    } else {
+      errors.push(`Unsupported signature algorithm '${alg}' for key_id '${keyId}'.`);
+    }
+  }
+
+  if (verifiedCount > 0) {
+    return {
+      verified: true,
+      status: 'verified',
+      verified_signatures: signatureBlocks.map(s => ({ key_id: s.key_id, algorithm: s.algorithm }))
+    };
+  }
+
+  return {
+    verified: false,
+    status: 'failed',
+    errors
+  };
+}

package/src/registry/trust-store.js

@@ -0,0 +1,41 @@
+/**
+ * Registry Trust Store
+ *
+ * Manages trusted publisher public keys stored in `.ai/registries/trusted-keys.yaml`
+ * (or as configured in registry-policy.yaml).
+ *
+ * Uses Node.js built-in fs and yaml parser from the codebase.
+ */
+
+import { existsSync, readFileSync } from 'fs';
+import { join, isAbsolute } from 'path';
+import { parseYaml } from '../core/yaml.js';
+import { loadRegistryPolicy } from '../core/policy.js';
+
+/**
+ * Load trusted publisher keys from disk.
+ *
+ * @param {string} targetDir  Absolute path to project root.
+ * @param {Object} [policy]   Preloaded policy (optional).
+ * @returns {Object[]}        Array of trusted publisher records.
+ */
+export function loadTrustedKeys(targetDir, policy) {
+  const pol = policy || loadRegistryPolicy(targetDir);
+  const keyFile = pol.trusted_keys_file || '.ai/registries/trusted-keys.yaml';
+  const filePath = isAbsolute(keyFile) ? keyFile : join(targetDir, keyFile);
+
+  if (!existsSync(filePath)) {
+    return [];
+  }
+
+  try {
+    const raw = readFileSync(filePath, 'utf8');
+    const parsed = parseYaml(raw);
+    if (!parsed || typeof parsed !== 'object' || !Array.isArray(parsed.trusted_publishers)) {
+      return [];
+    }
+    return parsed.trusted_publishers;
+  } catch (_e) {
+    return [];
+  }
+}

package/src/registry/verdict.js

@@ -0,0 +1,51 @@
+/**
+ * Registry Trust Verdict Helper
+ *
+ * Builds a deterministic, JSON-serializable structured trust verdict object.
+ * Used for both CLI display and provenance lockfile persistence.
+ */
+
+/**
+ * Creates a structured trust verdict object.
+ *
+ * @param {Object} options
+ * @param {string} options.source                   Registry name.
+ * @param {string} options.source_type              "bundled" | "local" | "remote".
+ * @param {string} [options.manifest_hash_status]   Manifest verification status.
+ * @param {string} [options.catalog_hash_status]    Catalog verification status.
+ * @param {string} [options.lockfile_status]       Lockfile existence status.
+ * @param {string} [options.provenance_status]     Provenance lock match status.
+ * @param {string} [options.signature_status]      Signature check status.
+ * @param {string} [options.trusted_publisher_status] Trust store lookup status.
+ * @param {string[]} [options.errors]               List of verification errors.
+ * @param {string[]} [options.warnings]             List of verification warnings.
+ * @param {"trusted"|"warning"|"untrusted"|"unknown"} [options.final_status] Overall trust state.
+ * @returns {Object}
+ */
+export function createTrustVerdict({
+  source,
+  source_type,
+  manifest_hash_status = 'N/A',
+  catalog_hash_status = 'N/A',
+  lockfile_status = 'N/A',
+  provenance_status = 'N/A',
+  signature_status = 'N/A',
+  trusted_publisher_status = 'N/A',
+  errors = [],
+  warnings = [],
+  final_status = 'unknown'
+}) {
+  return {
+    source,
+    source_type,
+    manifest_hash_status,
+    catalog_hash_status,
+    lockfile_status,
+    provenance_status,
+    signature_status,
+    trusted_publisher_status,
+    errors: Array.isArray(errors) ? errors : [],
+    warnings: Array.isArray(warnings) ? warnings : [],
+    final_status
+  };
+}

package/tests/fixtures/signed-registries/README.md

@@ -0,0 +1,4 @@
+# Mock Registry Signing Fixtures (Test-Only)
+
+WARNING: The keys, manifests, and signatures in this directory are generated automatically for MultiModel Dev OS unit and E2E tests.
+DO NOT use these private/public keys in production. All keys are mock keys.

package/tests/fixtures/signed-registries/revoked-key/catalog.yaml

@@ -0,0 +1,8 @@
+
+# Catalog fixture
+catalog:
+  plugins:
+    - slug: test-plugin
+      version: 1.0.0
+      name: Test Plugin
+      description: A mock plugin for testing

package/tests/fixtures/signed-registries/revoked-key/expected-verdict.json

@@ -0,0 +1,7 @@
+{
+  "final_status": "untrusted",
+  "signature_status": "failed",
+  "errors": [
+    "Key ID 'test-key-revoked' is revoked (must be active)."
+  ]
+}

package/tests/fixtures/signed-registries/revoked-key/registry-manifest.yaml

@@ -0,0 +1,14 @@
+registry_name: "test-fixture-registry"
+publisher: "Mock Valid Publisher"
+version: "1.0.0"
+generated_at: "2026-06-20T12:00:00Z"
+minimum_mmdo_version: "3.2.0"
+safety_policy_version: "1.0.0"
+catalog_hash: "sha256:289e7ff82e8037b27471990d4106f76e7f8e44e26aeb049787c185a30249420e"
+files_hashes:
+    catalog.yaml: "sha256:289e7ff82e8037b27471990d4106f76e7f8e44e26aeb049787c185a30249420e"
+signature:
+    algorithm: "ed25519"
+    key_id: "test-key-revoked"
+    signature: "LyuSIQ72kyOuNVqie1P/vZVi2PqFsCS//Q6/mAstTG1zDQvGPd5HwH8t1FPEOtP7Sbb31udJ7NJY3cdCWpACCg=="
+    signed_fields: ["registry_name", "publisher", "version", "generated_at", "catalog_hash", "minimum_mmdo_version", "safety_policy_version"]

package/tests/fixtures/signed-registries/tampered-manifest/catalog.yaml

@@ -0,0 +1,8 @@
+
+# Catalog fixture
+catalog:
+  plugins:
+    - slug: test-plugin
+      version: 1.0.0
+      name: Test Plugin
+      description: A mock plugin for testing

package/tests/fixtures/signed-registries/tampered-manifest/expected-verdict.json

@@ -0,0 +1,7 @@
+{
+  "final_status": "untrusted",
+  "signature_status": "failed",
+  "errors": [
+    "Invalid Ed25519 signature for key_id 'test-key-valid'."
+  ]
+}