proofseal 0.0.2 → 0.1.0

package/dist/manifest/schema.js

@@ -0,0 +1,102 @@
+/**
+ * proofseal/v1 manifest schema — types + zod validation (ADR-0001 §5.3).
+ */
+import { z } from 'zod';
+export const SCHEMA_ID = 'proofseal/v1';
+const Hex64 = z.string().regex(/^[0-9a-f]{64}$/, 'expected 64 lowercase hex chars');
+const Hex128 = z.string().regex(/^[0-9a-f]{128}$/, 'expected 128 lowercase hex chars');
+export const ToleranceSchema = z.object({
+    rtol: z.number().nonnegative(),
+    atol: z.number().nonnegative(),
+});
+const claimBase = {
+    id: z.string().min(1),
+    desc: z.string().optional(),
+};
+export const FileHashClaimSchema = z.object({
+    ...claimBase,
+    type: z.literal('file-hash'),
+    file: z.string().min(1),
+    /** Computed at seal time; optional in config. */
+    sha256: z.string().optional(),
+});
+export const MarkerClaimSchema = z.object({
+    ...claimBase,
+    type: z.literal('marker'),
+    file: z.string().min(1),
+    marker: z.string().min(1),
+    /** Computed at seal time; optional in config. */
+    sha256: z.string().optional(),
+    markerVerified: z.boolean().optional(),
+});
+export const HarnessClaimSchema = z.object({
+    ...claimBase,
+    type: z.literal('harness'),
+    /** Harness name (defaults to claim id when omitted in config). */
+    harness: z.string().min(1),
+    /** Command spawned with PROOFSEAL_SEED in env. */
+    cmd: z.string().min(1),
+    seed: z.number().int().optional(),
+    quantizeDecimals: z.number().int().min(0).max(15).optional(),
+    /** Named output blocks to exclude from hashing (pitfall 6: un-hashable features). */
+    exclude: z.array(z.string()).optional(),
+    /** Committed expectation — set by `proofseal harness run --update`. */
+    expectedSha256: z.string().optional(),
+    /** Path (relative to root) to a committed JSON array of reference numbers. */
+    referenceVector: z.string().optional(),
+    tolerance: ToleranceSchema.optional(),
+});
+export const ClaimSchema = z.discriminatedUnion('type', [
+    FileHashClaimSchema,
+    MarkerClaimSchema,
+    HarnessClaimSchema,
+]);
+export const SummarySchema = z.object({
+    totalClaims: z.number().int().nonnegative(),
+    verified: z.number().int().nonnegative(),
+    missing: z.number().int().nonnegative(),
+});
+/**
+ * Sealing environment (premortem #3: platform honesty). Recorded — and
+ * therefore signed — at seal time so verify can warn when the verifying OS
+ * differs (built/binary artifact hashes legitimately diverge across OSes).
+ */
+export const PlatformSchema = z.object({
+    os: z.string(),
+    arch: z.string(),
+    node: z.string(),
+});
+export const ManifestSchema = z.object({
+    schema: z.literal(SCHEMA_ID),
+    issuedAt: z.string(),
+    gitCommit: z.string().regex(/^[0-9a-f]{40}$/),
+    branch: z.string(),
+    salt: z.string(),
+    releases: z.record(z.string()),
+    summary: SummarySchema,
+    claims: z.array(ClaimSchema),
+    /** Optional for backward compat: pre-platform manifests still validate. */
+    platform: PlatformSchema.optional(),
+});
+export const IntegritySchema = z.object({
+    manifestHashAlgo: z.literal('sha256'),
+    manifestHash: Hex64,
+    signatureAlgo: z.literal('ed25519'),
+    publicKey: Hex64,
+    signature: Hex128,
+    seedDerivation: z.string(),
+});
+export const WitnessSchema = z.object({
+    manifest: ManifestSchema,
+    integrity: IntegritySchema,
+});
+/** proofseal.json config file shape. */
+export const ConfigSchema = z.object({
+    schema: z.literal(SCHEMA_ID),
+    salt: z.string().optional(),
+    manifest: z.string().optional(),
+    history: z.string().optional(),
+    releases: z.record(z.string()).optional(),
+    claims: z.array(ClaimSchema),
+});
+//# sourceMappingURL=schema.js.map

package/dist/manifest/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/manifest/schema.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,SAAS,GAAG,cAAc,CAAC;AAExC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,iCAAiC,CAAC,CAAC;AACpF,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,iBAAiB,EAAE,kCAAkC,CAAC,CAAC;AAEvF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;IAC9B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;CAC/B,CAAC,CAAC;AAGH,MAAM,SAAS,GAAG;IAChB,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,GAAG,SAAS;IACZ,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,iDAAiD;IACjD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,GAAG,SAAS;IACZ,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACzB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,iDAAiD;IACjD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,GAAG,SAAS;IACZ,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1B,kEAAkE;IAClE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,kDAAkD;IAClD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5D,qFAAqF;IACrF,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvC,uEAAuE;IACvE,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,8EAA8E;IAC9E,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,eAAe,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACtD,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;CACnB,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IAC3C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IACxC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;CACxC,CAAC,CAAC;AAGH;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC;IAC7C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9B,OAAO,EAAE,aAAa;IACtB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC;IAC5B,2EAA2E;IAC3E,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,gBAAgB,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACrC,YAAY,EAAE,KAAK;IACnB,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACnC,SAAS,EAAE,KAAK;IAChB,SAAS,EAAE,MAAM;IACjB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;CAC3B,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,eAAe;CAC3B,CAAC,CAAC;AAGH,wCAAwC;AACxC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC;CAC7B,CAAC,CAAC"}

package/dist/manifest/seal.d.ts

@@ -0,0 +1,41 @@
+import { type HistoryEntry } from '../history/jsonl.js';
+import { type Claim, type ClaimState, type Manifest, type Witness } from './schema.js';
+/** Refresh a single claim against the live tree (synchronous, seal-time). */
+export declare function refreshClaim(root: string, claim: Claim): ClaimState;
+/** Warn-worthy issues found while sealing (R5: marker fragility). */
+export interface SealWarning {
+    id: string;
+    message: string;
+}
+export interface SealOptions {
+    root?: string;
+    /** Override the git commit (40-hex). Defaults to `git rev-parse HEAD`. */
+    gitCommit?: string;
+    /** Override the branch. Defaults to `git rev-parse --abbrev-ref HEAD`. */
+    branch?: string;
+    /** Override issuedAt (ISO 8601). Defaults to now. */
+    issuedAt?: string;
+    /** Extra releases map merged over the config's. */
+    releases?: Record<string, string>;
+}
+export interface SealResult {
+    ok: boolean;
+    witness: Witness;
+    manifestPath: string;
+    historyPath: string;
+    historyEntry: HistoryEntry;
+    summary: Manifest['summary'];
+    warnings: SealWarning[];
+    /**
+     * Repo-relative (forward-slash) paths of every file `verify` needs
+     * committed: whatever this seal wrote (reference vectors, a rewritten
+     * proofseal.json, the manifest, the history log) PLUS any pre-existing
+     * verify-required file (proofseal.json, reference vectors) that git
+     * reports as untracked or dirty. CI footgun pack (premortem #5) +
+     * R4 quickstart finding: verify on a clean clone only works if ALL of
+     * these are committed — the CLI prints them as a checklist.
+     */
+    filesWritten: string[];
+}
+/** Seal the repo: manifest + integrity block + history snapshot. */
+export declare function seal(opts?: SealOptions): Promise<SealResult>;

package/dist/manifest/seal.js

@@ -0,0 +1,185 @@
+/**
+ * Seal — refresh claims against the live tree, build the proofseal/v1
+ * manifest, derive the commit-bound key, seal, write, append history.
+ * (Port of ruflo lib.mjs regenerate(), adapted to sorted-key
+ * canonicalization and the three-claim-type model.)
+ */
+import { existsSync, writeFileSync, mkdirSync, readFileSync } from 'node:fs';
+import { join, dirname, relative } from 'node:path';
+import { execSync, execFileSync } from 'node:child_process';
+import { canonicalize } from '../core/canonical.js';
+import { normalizeClaimPath } from '../core/paths.js';
+import { sha256Hex, fileSha256, markerPresent, markerOccurrences } from '../core/hash.js';
+import { deriveKey, signBytes, SEED_DERIVATION } from '../keys/derive.js';
+import { appendHistory, claimVerified } from '../history/jsonl.js';
+import { runHarness } from '../harness/run.js';
+import { DEFAULT_TOLERANCE } from '../harness/quantize.js';
+import { loadConfig, saveConfig, CONFIG_FILENAME } from '../config.js';
+import { SCHEMA_ID } from './schema.js';
+/** Refresh a single claim against the live tree (synchronous, seal-time). */
+export function refreshClaim(root, claim) {
+    if (claim.type === 'harness') {
+        // Existing expectations are carried through unchanged (regeneration only
+        // via reviewed `proofseal harness run --update`). First-seal minting of a
+        // brand-new expectation happens in seal() itself.
+        return {
+            ...claim,
+            harness: claim.harness || claim.id,
+            seed: claim.seed ?? 42,
+            quantizeDecimals: claim.quantizeDecimals ?? 6,
+            ...(claim.referenceVector
+                ? { referenceVector: normalizeClaimPath(claim.referenceVector) }
+                : {}),
+            missing: false,
+        };
+    }
+    // Windows insurance: claim paths are sealed with forward slashes so a
+    // claim authored on Windows matches on POSIX and vice versa.
+    const file = normalizeClaimPath(claim.file);
+    const abs = join(root, file);
+    if (!existsSync(abs)) {
+        if (claim.type === 'marker') {
+            return { ...claim, file, sha256: claim.sha256 ?? '', markerVerified: false, missing: true };
+        }
+        return { ...claim, file, sha256: claim.sha256 ?? '', missing: true };
+    }
+    const sha256 = fileSha256(abs);
+    if (claim.type === 'marker') {
+        // Whitespace-normalized check (premortem #7): a Prettier line-wrap or
+        // re-indent of the marker's surroundings must not break the claim.
+        const verified = markerPresent(readFileSync(abs, 'utf8'), claim.marker);
+        return { ...claim, file, sha256, markerVerified: verified, missing: false };
+    }
+    return { ...claim, file, sha256, missing: false };
+}
+function gitMeta(root, opts) {
+    const gitCommit = opts.gitCommit ?? execSync('git rev-parse HEAD', { cwd: root }).toString().trim();
+    const branch = opts.branch ?? execSync('git rev-parse --abbrev-ref HEAD', { cwd: root }).toString().trim();
+    return { gitCommit, branch };
+}
+/** Seal the repo: manifest + integrity block + history snapshot. */
+export async function seal(opts = {}) {
+    const { root, salt, manifestPath, historyPath, config } = loadConfig(opts.root ?? process.cwd());
+    const { gitCommit, branch } = gitMeta(root, opts);
+    const issuedAt = opts.issuedAt ?? new Date().toISOString();
+    const filesWritten = [];
+    // First-seal mint: a harness claim with no committed expectation gets one
+    // now (run once, record hash + full-precision reference vector, persist to
+    // proofseal.json). Regenerating an EXISTING expectation stays explicit via
+    // `proofseal harness run --update`.
+    let configDirty = false;
+    for (const c of config.claims) {
+        if (c.type !== 'harness' || c.expectedSha256)
+            continue;
+        const r = await runHarness({
+            name: c.harness || c.id,
+            cmd: c.cmd,
+            cwd: root,
+            seed: c.seed,
+            quantizeDecimals: c.quantizeDecimals,
+            exclude: c.exclude,
+        });
+        if (r.hash && r.values) {
+            const refRel = normalizeClaimPath(c.referenceVector ?? `proofs/${c.harness || c.id}.reference.json`);
+            const refAbs = join(root, refRel);
+            mkdirSync(dirname(refAbs), { recursive: true });
+            writeFileSync(refAbs, JSON.stringify(r.values) + '\n');
+            c.expectedSha256 = r.hash;
+            c.referenceVector = refRel;
+            c.tolerance = c.tolerance ?? { ...DEFAULT_TOLERANCE };
+            configDirty = true;
+            filesWritten.push(refRel);
+        }
+    }
+    if (configDirty) {
+        saveConfig(root, config);
+        filesWritten.push(CONFIG_FILENAME);
+    }
+    const refreshed = config.claims.map((c) => refreshClaim(root, c));
+    const warnings = [];
+    for (const c of refreshed) {
+        if (c.type === 'marker' && !c.missing) {
+            const text = readFileSync(join(root, c.file), 'utf8');
+            // Whitespace-normalized count, consistent with markerPresent matching.
+            const occurrences = markerOccurrences(text, c.marker);
+            if (occurrences > 1) {
+                warnings.push({ id: c.id, message: `marker appears ${occurrences} times in ${c.file} — choose a more distinctive substring` });
+            }
+        }
+    }
+    const claims = refreshed.map((c) => {
+        const { missing: _missing, ...clean } = c;
+        return clean;
+    });
+    const verified = claims.filter((c) => claimVerified(c)).length;
+    const missing = refreshed.filter((c) => c.missing).length;
+    const manifest = {
+        schema: SCHEMA_ID,
+        issuedAt,
+        gitCommit,
+        branch,
+        salt,
+        releases: { ...(config.releases ?? {}), ...(opts.releases ?? {}) },
+        summary: { totalClaims: claims.length, verified, missing },
+        claims,
+        // Sealing environment (premortem #3) — signed with the rest of the
+        // manifest so verify can warn about cross-OS hash drift honestly.
+        platform: { os: process.platform, arch: process.arch, node: process.versions.node },
+    };
+    const manifestHash = sha256Hex(canonicalize(manifest));
+    const key = deriveKey(gitCommit, salt);
+    const signature = signBytes(key.privateKey, Buffer.from(manifestHash, 'hex'));
+    const witness = {
+        manifest,
+        integrity: {
+            manifestHashAlgo: 'sha256',
+            manifestHash,
+            signatureAlgo: 'ed25519',
+            publicKey: key.publicKeyHex,
+            signature,
+            seedDerivation: SEED_DERIVATION,
+        },
+    };
+    mkdirSync(dirname(manifestPath), { recursive: true });
+    writeFileSync(manifestPath, JSON.stringify(witness, null, 2) + '\n');
+    filesWritten.push(normalizeClaimPath(relative(root, manifestPath)));
+    mkdirSync(dirname(historyPath), { recursive: true });
+    const historyEntry = appendHistory(historyPath, manifest, manifestHash);
+    filesWritten.push(normalizeClaimPath(relative(root, historyPath)));
+    // Premortem R4 (quickstart-verbatim): the checklist must list every file
+    // `verify` NEEDS, not just files written THIS run. proofseal.json usually
+    // pre-exists (written by init / claim add) yet is often still untracked —
+    // following the printed list verbatim then cloning gives verify exit 1
+    // MISSING. Check git status for the config + reference vectors; fail-open
+    // (no git / odd state → over-list rather than under-list).
+    const neededByVerify = new Set([CONFIG_FILENAME]);
+    for (const c of config.claims) {
+        if (c.type === 'harness' && c.referenceVector)
+            neededByVerify.add(normalizeClaimPath(c.referenceVector));
+    }
+    for (const rel of neededByVerify) {
+        if (filesWritten.includes(rel) || !existsSync(join(root, rel)))
+            continue;
+        try {
+            const status = execFileSync('git', ['status', '--porcelain', '--', rel], { cwd: root })
+                .toString()
+                .trim();
+            if (status !== '')
+                filesWritten.push(rel);
+        }
+        catch {
+            filesWritten.push(rel);
+        }
+    }
+    return {
+        ok: missing === 0 && verified === claims.length,
+        witness,
+        manifestPath,
+        historyPath,
+        historyEntry,
+        summary: manifest.summary,
+        warnings,
+        filesWritten,
+    };
+}
+//# sourceMappingURL=seal.js.map

package/dist/manifest/seal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal.js","sourceRoot":"","sources":["../../src/manifest/seal.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC1F,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,qBAAqB,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EAAE,SAAS,EAA4D,MAAM,aAAa,CAAC;AAElG,6EAA6E;AAC7E,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,KAAY;IACrD,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,yEAAyE;QACzE,0EAA0E;QAC1E,kDAAkD;QAClD,OAAO;YACL,GAAG,KAAK;YACR,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,EAAE;YAClC,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,EAAE;YACtB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,IAAI,CAAC;YAC7C,GAAG,CAAC,KAAK,CAAC,eAAe;gBACvB,CAAC,CAAC,EAAE,eAAe,EAAE,kBAAkB,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE;gBAChE,CAAC,CAAC,EAAE,CAAC;YACP,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;IACD,sEAAsE;IACtE,6DAA6D;IAC7D,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC9F,CAAC;QACD,OAAO,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACvE,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,sEAAsE;QACtE,mEAAmE;QACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACxE,OAAO,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC9E,CAAC;IACD,OAAO,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACpD,CAAC;AAwCD,SAAS,OAAO,CAAC,IAAY,EAAE,IAAiB;IAC9C,MAAM,SAAS,GACb,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IACpF,MAAM,MAAM,GACV,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAC,iCAAiC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IAC9F,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC/B,CAAC;AAED,oEAAoE;AACpE,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAoB,EAAE;IAC/C,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACjG,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3D,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,0EAA0E;IAC1E,2EAA2E;IAC3E,2EAA2E;IAC3E,oCAAoC;IACpC,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc;YAAE,SAAS;QACvD,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC;YACzB,IAAI,EAAE,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,EAAE;YACvB,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,GAAG,EAAE,IAAI;YACT,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC;QACH,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,eAAe,IAAI,UAAU,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC;YACrG,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAClC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAChD,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;YACvD,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,CAAC,CAAC,eAAe,GAAG,MAAM,CAAC;YAC3B,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,GAAG,iBAAiB,EAAE,CAAC;YACtD,WAAW,GAAG,IAAI,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,IAAI,WAAW,EAAE,CAAC;QAChB,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACzB,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;YACtD,uEAAuE;YACvE,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;YACtD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,kBAAkB,WAAW,aAAa,CAAC,CAAC,IAAI,wCAAwC,EAAE,CAAC,CAAC;YACjI,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAY,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC1C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,KAAc,CAAC;IACxB,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC/D,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAE1D,MAAM,QAAQ,GAAa;QACzB,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,SAAS;QACT,MAAM;QACN,IAAI;QACJ,QAAQ,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE;QAClE,OAAO,EAAE,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE;QAC1D,MAAM;QACN,mEAAmE;QACnE,kEAAkE;QAClE,QAAQ,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE;KACpF,CAAC;IAEF,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;IAE9E,MAAM,OAAO,GAAY;QACvB,QAAQ;QACR,SAAS,EAAE;YACT,gBAAgB,EAAE,QAAQ;YAC1B,YAAY;YACZ,aAAa,EAAE,SAAS;YACxB,SAAS,EAAE,GAAG,CAAC,YAAY;YAC3B,SAAS;YACT,cAAc,EAAE,eAAe;SAChC;KACF,CAAC;IAEF,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACrE,YAAY,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;IACpE,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IACxE,YAAY,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAEnE,yEAAyE;IACzE,0EAA0E;IAC1E,0EAA0E;IAC1E,uEAAuE;IACvE,0EAA0E;IAC1E,2DAA2D;IAC3D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAS,CAAC,eAAe,CAAC,CAAC,CAAC;IAC1D,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,eAAe;YAAE,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;IAC3G,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAAE,SAAS;QACzE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;iBACpF,QAAQ,EAAE;iBACV,IAAI,EAAE,CAAC;YACV,IAAI,MAAM,KAAK,EAAE;gBAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,OAAO,KAAK,CAAC,IAAI,QAAQ,KAAK,MAAM,CAAC,MAAM;QAC/C,OAAO;QACP,YAAY;QACZ,WAAW;QACX,YAAY;QACZ,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,QAAQ;QACR,YAAY;KACb,CAAC;AACJ,CAAC"}

package/dist/manifest/verify.d.ts

@@ -0,0 +1,102 @@
+import type { Claim, ClaimStatus, Witness } from './schema.js';
+export declare const THREAT_MODEL_NOTE = "commit-bound tamper-evidence, not third-party authentication";
+/** Detail attached to a regressed file-hash claim caused by git autocrlf. */
+export declare const CRLF_DETAIL = "content identical after line-ending normalization \u2014 likely git autocrlf; pin with .gitattributes (* text=auto eol=lf)";
+/** Named precondition hint for an uncommitted reference vector (premortem #5). */
+export declare const REFERENCE_VECTOR_HINT = "reference vector not found \u2014 did you commit the seal outputs? (run `proofseal seal` then commit the listed files)";
+export interface SignatureCheck {
+    manifestHashOk: boolean;
+    publicKeyReproducible: boolean;
+    signatureValid: boolean;
+    /** Hex public key from the witness ('' when no manifest is present). */
+    publicKey: string;
+}
+export interface ClaimResult {
+    id: string;
+    type: Claim['type'];
+    desc?: string;
+    file?: string;
+    status: ClaimStatus;
+    sha256Match?: boolean;
+    markerPresent?: boolean;
+    localSha256?: string;
+    hashMatch?: boolean;
+    toleranceMatch?: boolean;
+    detail?: string;
+    /**
+     * The failure looks like an unmet environment precondition (build output
+     * not built, harness command not installed) rather than a regression.
+     * When EVERY failing claim is precondition-suspect, verify exits 2.
+     */
+    preconditionSuspect?: boolean;
+    /** Harness claim whose committed reference vector file is absent. */
+    referenceVectorMissing?: boolean;
+}
+export interface VerifySummary {
+    pass: number;
+    drift: number;
+    regressed: number;
+    missing: number;
+}
+export interface VerifyResult {
+    ok: boolean;
+    /** 0 ok/drift · 1 regressed/missing/seal-mismatch · 2 precondition. API contract (D7). */
+    exitCode: 0 | 1 | 2;
+    precondition?: string;
+    /** Human hint when a precondition fails (e.g. "run npm ci && npm run build"). */
+    hint?: string;
+    signature: SignatureCheck;
+    summary: VerifySummary;
+    results: ClaimResult[];
+    note: string;
+    /**
+     * Set when the verifying OS differs from the sealing OS (premortem #3:
+     * platform honesty). Advisory only — never changes exit-code semantics.
+     */
+    platformWarning?: string;
+}
+/** Pinned `verify --json` schema, v1 (CONTRACT-RESOLUTIONS §4). */
+export interface VerifyJson {
+    ok: boolean;
+    signature: {
+        valid: boolean;
+        publicKey: string;
+        publicKeyReproducible: boolean;
+    };
+    summary: {
+        totalClaims: number;
+        pass: number;
+        drift: number;
+        regressed: number;
+        missing: number;
+    };
+    results: Array<{
+        id: string;
+        type: string;
+        status: ClaimStatus;
+        file: string;
+        detail: string;
+    }>;
+    precondition: {
+        reason: string;
+        hint: string;
+    } | null;
+    /** Additive (v1-compatible): present only on a sealing/verifying OS mismatch. */
+    platformWarning?: string;
+}
+/** Map a VerifyResult onto the pinned v1 JSON schema. */
+export declare function toVerifyJson(r: VerifyResult): VerifyJson;
+export interface VerifyOptions {
+    root?: string;
+    manifestPath?: string;
+    /** Execute harness claims (default true). */
+    runHarnesses?: boolean;
+    /** Current OS for platform-mismatch detection; injectable for tests. */
+    currentPlatform?: string;
+}
+/** Integrity-seal triple-check (ADR §5.4). */
+export declare function checkSignature(witness: Witness): SignatureCheck;
+/** Classify a file-backed (file-hash | marker) claim against the live tree. */
+export declare function classifyFileClaim(root: string, claim: Claim): ClaimResult;
+/** Verify a sealed manifest against the live tree. Never throws on bad repos. */
+export declare function verify(opts?: VerifyOptions): Promise<VerifyResult>;