proofseal 0.0.2 → 0.1.0

package/dist/manifest/verify.js

@@ -0,0 +1,246 @@
+/**
+ * Verify — the stranger command. Integrity-seal triple-check (recompute
+ * hash, re-derive pubkey from embedded commit+salt, verify the seal) plus
+ * per-claim pass/drift/regressed/missing classification and the 0/1/2
+ * exit-code contract (D7, ported from ruflo verify.mjs / issue #1880).
+ */
+import { existsSync } from 'node:fs';
+import { readFileSync } from 'node:fs';
+import { join, resolve } from 'node:path';
+import { canonicalize } from '../core/canonical.js';
+import { normalizeClaimPath } from '../core/paths.js';
+import { sha256Hex, fileSha256, fileSha256CrlfNormalized, markerPresent as markerPresentIn, } from '../core/hash.js';
+import { deriveKey, verifyBytes } from '../keys/derive.js';
+import { runHarness } from '../harness/run.js';
+import { loadConfig, DEFAULT_MANIFEST_PATH } from '../config.js';
+export const THREAT_MODEL_NOTE = 'commit-bound tamper-evidence, not third-party authentication';
+/** Detail attached to a regressed file-hash claim caused by git autocrlf. */
+export const CRLF_DETAIL = 'content identical after line-ending normalization — likely git autocrlf; pin with .gitattributes (* text=auto eol=lf)';
+/** Named precondition hint for an uncommitted reference vector (premortem #5). */
+export const REFERENCE_VECTOR_HINT = 'reference vector not found — did you commit the seal outputs? (run `proofseal seal` then commit the listed files)';
+/** Build-output path pattern: a missing file here usually means "not built". */
+const BUILD_OUTPUT_RE = /(^|\/)(dist|build|out)\//;
+/** Map a VerifyResult onto the pinned v1 JSON schema. */
+export function toVerifyJson(r) {
+    return {
+        ok: r.ok,
+        signature: {
+            valid: r.signature.manifestHashOk && r.signature.publicKeyReproducible && r.signature.signatureValid,
+            publicKey: r.signature.publicKey,
+            publicKeyReproducible: r.signature.publicKeyReproducible,
+        },
+        summary: { totalClaims: r.results.length, ...r.summary },
+        results: r.results.map((c) => ({
+            id: c.id,
+            type: c.type,
+            status: c.status,
+            file: c.file ?? '',
+            detail: c.detail ?? '',
+        })),
+        precondition: r.precondition ? { reason: r.precondition, hint: r.hint ?? '' } : null,
+        ...(r.platformWarning ? { platformWarning: r.platformWarning } : {}),
+    };
+}
+/** Integrity-seal triple-check (ADR §5.4). */
+export function checkSignature(witness) {
+    const recomputed = sha256Hex(canonicalize(witness.manifest));
+    const manifestHashOk = recomputed === witness.integrity.manifestHash;
+    const key = deriveKey(witness.manifest.gitCommit, witness.manifest.salt);
+    const publicKeyReproducible = key.publicKeyHex === witness.integrity.publicKey;
+    const signatureValid = verifyBytes(witness.integrity.publicKey, Buffer.from(witness.integrity.manifestHash, 'hex'), witness.integrity.signature);
+    return { manifestHashOk, publicKeyReproducible, signatureValid, publicKey: witness.integrity.publicKey };
+}
+/** Classify a file-backed (file-hash | marker) claim against the live tree. */
+export function classifyFileClaim(root, claim) {
+    if (claim.type === 'harness') {
+        throw new Error('classifyFileClaim called with a harness claim');
+    }
+    // Windows insurance: tolerate manifests sealed with backslash paths.
+    const file = normalizeClaimPath(claim.file);
+    const base = { id: claim.id, type: claim.type, desc: claim.desc, file };
+    const abs = join(root, file);
+    if (!existsSync(abs)) {
+        return { ...base, status: 'missing', sha256Match: false, markerPresent: false };
+    }
+    const localSha256 = fileSha256(abs);
+    const sha256Match = localSha256 === claim.sha256;
+    if (claim.type === 'file-hash') {
+        // The hash IS the expectation: mismatch = regressed (no drift slot).
+        if (sha256Match)
+            return { ...base, status: 'pass', sha256Match, localSha256 };
+        // CRLF-aware detail (premortem #7): bytes are the contract, so the
+        // classification STAYS regressed — but when the CRLF→LF-normalized
+        // content matches the sealed hash, the detail names git autocrlf.
+        const crlfDetail = fileSha256CrlfNormalized(abs) === claim.sha256 ? CRLF_DETAIL : undefined;
+        return { ...base, status: 'regressed', sha256Match, localSha256, ...(crlfDetail ? { detail: crlfDetail } : {}) };
+    }
+    // Whitespace-normalized (premortem #7): re-indents/line-wraps of the
+    // marker's surroundings are drift, not a false regression.
+    const markerPresent = markerPresentIn(readFileSync(abs, 'utf8'), claim.marker);
+    const status = sha256Match && markerPresent ? 'pass' : markerPresent ? 'drift' : 'regressed';
+    return { ...base, status, sha256Match, markerPresent, localSha256 };
+}
+async function classifyHarnessClaim(root, claim) {
+    if (claim.type !== 'harness')
+        throw new Error('expected harness claim');
+    const base = { id: claim.id, type: claim.type, desc: claim.desc };
+    const result = await runHarness({
+        name: claim.harness,
+        cmd: claim.cmd,
+        cwd: root,
+        seed: claim.seed,
+        quantizeDecimals: claim.quantizeDecimals,
+        exclude: claim.exclude,
+        expectedSha256: claim.expectedSha256,
+        referenceVector: claim.referenceVector ? normalizeClaimPath(claim.referenceVector) : undefined,
+        tolerance: claim.tolerance,
+    });
+    const status = result.status === 'error' || result.status === 'missing' ? 'missing' : result.status;
+    return {
+        ...base,
+        status,
+        hashMatch: result.hashMatch,
+        toleranceMatch: result.toleranceMatch,
+        detail: result.commandNotFound
+            ? `precondition-suspect: harness command not found (${claim.cmd}) — is the environment set up?`
+            : result.error,
+        ...(result.commandNotFound ? { preconditionSuspect: true } : {}),
+        ...(result.referenceVectorMissing ? { referenceVectorMissing: true } : {}),
+    };
+}
+function summarize(results) {
+    return {
+        pass: results.filter((r) => r.status === 'pass').length,
+        drift: results.filter((r) => r.status === 'drift').length,
+        regressed: results.filter((r) => r.status === 'regressed').length,
+        missing: results.filter((r) => r.status === 'missing').length,
+    };
+}
+const EMPTY_SIG = {
+    manifestHashOk: false,
+    publicKeyReproducible: false,
+    signatureValid: false,
+    publicKey: '',
+};
+function precondition(reason, hint, summary, signature, results) {
+    return {
+        ok: false,
+        exitCode: 2,
+        precondition: reason,
+        hint,
+        signature: signature ?? EMPTY_SIG,
+        summary: summary ?? { pass: 0, drift: 0, regressed: 0, missing: 0 },
+        results: results ?? [],
+        note: THREAT_MODEL_NOTE,
+    };
+}
+function resolveManifestPath(opts) {
+    const root = resolve(opts.root ?? process.cwd());
+    if (opts.manifestPath)
+        return { root, manifestPath: resolve(opts.manifestPath) };
+    try {
+        const cfg = loadConfig(root);
+        return { root, manifestPath: cfg.manifestPath };
+    }
+    catch {
+        return { root, manifestPath: join(root, DEFAULT_MANIFEST_PATH) };
+    }
+}
+/** Verify a sealed manifest against the live tree. Never throws on bad repos. */
+export async function verify(opts = {}) {
+    const { root, manifestPath } = resolveManifestPath(opts);
+    if (!existsSync(manifestPath)) {
+        return precondition('manifest-not-found', `no sealed manifest at ${manifestPath} — run \`proofseal seal\` first`);
+    }
+    let witness;
+    try {
+        witness = JSON.parse(readFileSync(manifestPath, 'utf8'));
+        if (!witness?.manifest || !witness?.integrity)
+            throw new Error('not a proofseal witness document');
+    }
+    catch (e) {
+        return precondition('manifest-unparseable', `could not parse ${manifestPath}: ${e.message}`);
+    }
+    const signature = checkSignature(witness);
+    // Platform honesty (premortem #3): warn — never fail — when the verifying
+    // OS differs from the (sealed) sealing OS. Manifests sealed before the
+    // platform field existed are tolerated silently.
+    const currentPlatform = opts.currentPlatform ?? process.platform;
+    const sealedOs = witness.manifest.platform?.os;
+    const platformWarning = sealedOs && sealedOs !== currentPlatform
+        ? `sealed on ${sealedOs}, verifying on ${currentPlatform} — file-hash mismatches on built/binary artifacts may be platform drift, not tampering`
+        : undefined;
+    const results = [];
+    for (const claim of witness.manifest.claims) {
+        if (claim.type === 'harness') {
+            if (opts.runHarnesses === false)
+                continue;
+            results.push(await classifyHarnessClaim(root, claim));
+        }
+        else {
+            results.push(classifyFileClaim(root, claim));
+        }
+    }
+    // Per-claim precondition awareness (premortem #5): a MISSING file claim
+    // whose path is a build output (dist/, build/, out/) looks like "you did
+    // not build" — but ONLY when the build-output directory itself is absent.
+    // If dist/ exists and one sealed file inside it is gone, that is a real
+    // MISSING (deleted artifact), not an unbuilt checkout (bench finding
+    // 2026-06-12: the directory-blind heuristic misclassified 3/45 deletions).
+    for (const r of results) {
+        if (r.status === 'missing' && r.file && !r.preconditionSuspect) {
+            const m = r.file.match(BUILD_OUTPUT_RE);
+            if (m) {
+                const buildDir = r.file.slice(0, r.file.indexOf(m[2]) + m[2].length);
+                if (!existsSync(join(root, buildDir))) {
+                    r.preconditionSuspect = true;
+                    r.detail = r.detail ?? `precondition-suspect: build output ${r.file} is absent — was the project built?`;
+                }
+            }
+        }
+    }
+    const summary = summarize(results);
+    // Named precondition (premortem #5): a harness hash mismatch cannot be
+    // classified as drift-vs-regressed without its committed reference vector.
+    // The overwhelmingly likely cause is seal outputs that were never
+    // committed — surface that by name instead of crying "regressed".
+    if (results.some((r) => r.referenceVectorMissing)) {
+        return {
+            ...precondition('reference-vector-not-found', REFERENCE_VECTOR_HINT, summary, signature, results),
+            ...(platformWarning ? { platformWarning } : {}),
+        };
+    }
+    // Exit-2 heuristics (issue #1880, relaxed per premortem round 2):
+    //  (a) EVERY failing claim is precondition-suspect (missing build output
+    //      and/or harness command not found) ⇒ environment, not regression;
+    //  (b) legacy net: every claim missing AND the manifest references a
+    //      build-output path ⇒ source-only checkout.
+    const failing = results.filter((r) => r.status === 'regressed' || r.status === 'missing');
+    const allFailingSuspect = failing.length > 0 && failing.every((r) => r.preconditionSuspect);
+    const fileClaims = witness.manifest.claims.filter((c) => c.type !== 'harness');
+    const allMissing = results.length > 0 && summary.missing === results.length;
+    const referencesBuildOutput = fileClaims.some((c) => BUILD_OUTPUT_RE.test(normalizeClaimPath(c.file)));
+    if (allFailingSuspect || (allMissing && referencesBuildOutput)) {
+        const onlyCommandsMissing = allFailingSuspect && failing.every((r) => r.detail?.includes('harness command not found'));
+        const reason = onlyCommandsMissing ? 'harness-command-not-found' : 'dist-not-built';
+        const hint = onlyCommandsMissing
+            ? 'install the harness command(s) listed in the claim details, then re-run verify'
+            : 'run npm ci && npm run build';
+        return {
+            ...precondition(reason, hint, summary, signature, results),
+            ...(platformWarning ? { platformWarning } : {}),
+        };
+    }
+    const sigOk = signature.manifestHashOk && signature.publicKeyReproducible && signature.signatureValid;
+    const ok = sigOk && summary.regressed === 0 && summary.missing === 0;
+    return {
+        ok,
+        exitCode: ok ? 0 : 1,
+        signature,
+        summary,
+        results,
+        note: THREAT_MODEL_NOTE,
+        ...(platformWarning ? { platformWarning } : {}),
+    };
+}
+//# sourceMappingURL=verify.js.map

package/dist/manifest/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/manifest/verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EACL,SAAS,EACT,UAAU,EACV,wBAAwB,EACxB,aAAa,IAAI,eAAe,GACjC,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAGjE,MAAM,CAAC,MAAM,iBAAiB,GAC5B,8DAA8D,CAAC;AAEjE,6EAA6E;AAC7E,MAAM,CAAC,MAAM,WAAW,GACtB,uHAAuH,CAAC;AAE1H,kFAAkF;AAClF,MAAM,CAAC,MAAM,qBAAqB,GAChC,mHAAmH,CAAC;AAEtH,gFAAgF;AAChF,MAAM,eAAe,GAAG,0BAA0B,CAAC;AAoEnD,yDAAyD;AACzD,MAAM,UAAU,YAAY,CAAC,CAAe;IAC1C,OAAO;QACL,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,CAAC,SAAS,CAAC,qBAAqB,IAAI,CAAC,CAAC,SAAS,CAAC,cAAc;YACpG,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,SAAS;YAChC,qBAAqB,EAAE,CAAC,CAAC,SAAS,CAAC,qBAAqB;SACzD;QACD,OAAO,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE;QACxD,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7B,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE;YAClB,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE;SACvB,CAAC,CAAC;QACH,YAAY,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI;QACpF,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACrE,CAAC;AACJ,CAAC;AAWD,8CAA8C;AAC9C,MAAM,UAAU,cAAc,CAAC,OAAgB;IAC7C,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,cAAc,GAAG,UAAU,KAAK,OAAO,CAAC,SAAS,CAAC,YAAY,CAAC;IACrE,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACzE,MAAM,qBAAqB,GAAG,GAAG,CAAC,YAAY,KAAK,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC;IAC/E,MAAM,cAAc,GAAG,WAAW,CAChC,OAAO,CAAC,SAAS,CAAC,SAAS,EAC3B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,EAClD,OAAO,CAAC,SAAS,CAAC,SAAS,CAC5B,CAAC;IACF,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,cAAc,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;AAC3G,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,KAAY;IAC1D,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,qEAAqE;IACrE,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;IACxE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;IAClF,CAAC;IACD,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,WAAW,GAAG,WAAW,KAAK,KAAK,CAAC,MAAM,CAAC;IACjD,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC/B,qEAAqE;QACrE,IAAI,WAAW;YAAE,OAAO,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;QAC9E,mEAAmE;QACnE,mEAAmE;QACnE,kEAAkE;QAClE,MAAM,UAAU,GAAG,wBAAwB,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5F,OAAO,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IACnH,CAAC;IACD,qEAAqE;IACrE,2DAA2D;IAC3D,MAAM,aAAa,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/E,MAAM,MAAM,GACV,WAAW,IAAI,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;IAChF,OAAO,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,IAAY,EAAE,KAAY;IAC5D,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACxE,MAAM,IAAI,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC;QAC9B,IAAI,EAAE,KAAK,CAAC,OAAO;QACnB,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,GAAG,EAAE,IAAI;QACT,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;QACxC,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,eAAe,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9F,SAAS,EAAE,KAAK,CAAC,SAAS;KAC3B,CAAC,CAAC;IACH,MAAM,MAAM,GACV,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;IACvF,OAAO;QACL,GAAG,IAAI;QACP,MAAM;QACN,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,MAAM,EAAE,MAAM,CAAC,eAAe;YAC5B,CAAC,CAAC,oDAAoD,KAAK,CAAC,GAAG,gCAAgC;YAC/F,CAAC,CAAC,MAAM,CAAC,KAAK;QAChB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC3E,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,OAAsB;IACvC,OAAO;QACL,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;QACvD,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM;QACzD,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM;QACjE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM;KAC9D,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAmB;IAChC,cAAc,EAAE,KAAK;IACrB,qBAAqB,EAAE,KAAK;IAC5B,cAAc,EAAE,KAAK;IACrB,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,SAAS,YAAY,CAAC,MAAc,EAAE,IAAY,EAAE,OAAuB,EAAE,SAA0B,EAAE,OAAuB;IAC9H,OAAO;QACL,EAAE,EAAE,KAAK;QACT,QAAQ,EAAE,CAAC;QACX,YAAY,EAAE,MAAM;QACpB,IAAI;QACJ,SAAS,EAAE,SAAS,IAAI,SAAS;QACjC,OAAO,EAAE,OAAO,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE;QACnE,OAAO,EAAE,OAAO,IAAI,EAAE;QACtB,IAAI,EAAE,iBAAiB;KACxB,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAmB;IAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACjD,IAAI,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;IACjF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QAC7B,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,EAAE,CAAC;IACnE,CAAC;AACH,CAAC;AAED,iFAAiF;AACjF,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,OAAsB,EAAE;IACnD,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO,YAAY,CACjB,oBAAoB,EACpB,yBAAyB,YAAY,iCAAiC,CACvE,CAAC;IACJ,CAAC;IACD,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAY,CAAC;QACpE,IAAI,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC,OAAO,EAAE,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACrG,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,YAAY,CAAC,sBAAsB,EAAE,mBAAmB,YAAY,KAAM,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAE1C,0EAA0E;IAC1E,uEAAuE;IACvE,iDAAiD;IACjD,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,QAAQ,CAAC;IACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC/C,MAAM,eAAe,GACnB,QAAQ,IAAI,QAAQ,KAAK,eAAe;QACtC,CAAC,CAAC,aAAa,QAAQ,kBAAkB,eAAe,wFAAwF;QAChJ,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC5C,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,YAAY,KAAK,KAAK;gBAAE,SAAS;YAC1C,OAAO,CAAC,IAAI,CAAC,MAAM,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,yEAAyE;IACzE,0EAA0E;IAC1E,wEAAwE;IACxE,qEAAqE;IACrE,2EAA2E;IAC3E,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,mBAAmB,EAAE,CAAC;YAC/D,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxC,IAAI,CAAC,EAAE,CAAC;gBACN,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC,CAAC;gBACvE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC;oBACtC,CAAC,CAAC,mBAAmB,GAAG,IAAI,CAAC;oBAC7B,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,sCAAsC,CAAC,CAAC,IAAI,qCAAqC,CAAC;gBAC3G,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAEnC,uEAAuE;IACvE,2EAA2E;IAC3E,kEAAkE;IAClE,kEAAkE;IAClE,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAClD,OAAO;YACL,GAAG,YAAY,CAAC,4BAA4B,EAAE,qBAAqB,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC;YACjG,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChD,CAAC;IACJ,CAAC;IAED,kEAAkE;IAClE,yEAAyE;IACzE,wEAAwE;IACxE,qEAAqE;IACrE,iDAAiD;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC1F,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;IAC5F,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAC/E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,MAAM,CAAC;IAC5E,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACvG,IAAI,iBAAiB,IAAI,CAAC,UAAU,IAAI,qBAAqB,CAAC,EAAE,CAAC;QAC/D,MAAM,mBAAmB,GACvB,iBAAiB,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,2BAA2B,CAAC,CAAC,CAAC;QAC7F,MAAM,MAAM,GAAG,mBAAmB,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,gBAAgB,CAAC;QACpF,MAAM,IAAI,GAAG,mBAAmB;YAC9B,CAAC,CAAC,gFAAgF;YAClF,CAAC,CAAC,6BAA6B,CAAC;QAClC,OAAO;YACL,GAAG,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC;YAC1D,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChD,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,cAAc,IAAI,SAAS,CAAC,qBAAqB,IAAI,SAAS,CAAC,cAAc,CAAC;IACtG,MAAM,EAAE,GAAG,KAAK,IAAI,OAAO,CAAC,SAAS,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,KAAK,CAAC,CAAC;IACrE,OAAO;QACL,EAAE;QACF,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpB,SAAS;QACT,OAAO;QACP,OAAO;QACP,IAAI,EAAE,iBAAiB;QACvB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChD,CAAC;AACJ,CAAC"}

package/dist/mcp/server.d.ts

@@ -0,0 +1 @@
+export declare function startMcpServer(): Promise<void>;

package/dist/mcp/server.js

@@ -0,0 +1,138 @@
+/**
+ * ProofSeal MCP stdio server (ADR-0001 §4.2) — thin wrappers over the
+ * library API. Every tool is fail-open: a broken repo returns
+ * {ok:false, warn:true, error, hint} instead of killing the agent session.
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+import { seal } from '../manifest/seal.js';
+import { verify, toVerifyJson, classifyFileClaim } from '../manifest/verify.js';
+import { loadHistory } from '../history/jsonl.js';
+import { fixTimeline, findRegressionIntroductions } from '../history/queries.js';
+import { enrichRegressionsWithGit } from '../history/gitinfo.js';
+import { runHarness } from '../harness/run.js';
+import { loadConfig } from '../config.js';
+import { readFileSync } from 'node:fs';
+/** Contract §6: structuredContent is primary; JSON mirrored into content[0].text. */
+function asText(data) {
+    return {
+        content: [{ type: 'text', text: JSON.stringify(data, null, 2) }],
+        structuredContent: data,
+    };
+}
+/** Fail-open wrapper (RuView rvagent convention). */
+async function failOpen(hint, fn) {
+    try {
+        return asText(await fn());
+    }
+    catch (e) {
+        return asText({ ok: false, warn: true, error: e.message, hint });
+    }
+}
+/**
+ * Client-disconnect hygiene: when the MCP client goes away mid-write, the
+ * stdio transport surfaces `write EPIPE` (and stdin sees EOF). A vanished
+ * client is a normal shutdown, not an error — exit 0 quietly. Anything that
+ * is NOT an EPIPE still crashes loudly (stack to stderr, exit 1) so real
+ * bugs are never swallowed.
+ */
+function installStdioShutdownHandlers() {
+    const isEpipe = (err) => err?.code === 'EPIPE';
+    process.stdout.on('error', (err) => {
+        if (isEpipe(err))
+            process.exit(0);
+        throw err; // escalates to the uncaughtException guard below
+    });
+    process.stdin.on('error', (err) => {
+        if (isEpipe(err) || err.code === 'EOF')
+            process.exit(0);
+        throw err;
+    });
+    // stdin EOF = client closed the session: drain queued stdout, then exit 0.
+    process.stdin.on('end', () => {
+        process.stdout.write('', () => process.exit(0));
+    });
+    // Narrow guard: ONLY EPIPE exits quietly. Every other uncaught error keeps
+    // the default fatal semantics (stack trace on stderr, nonzero exit).
+    process.on('uncaughtException', (err) => {
+        if (isEpipe(err))
+            process.exit(0);
+        console.error(err);
+        process.exit(1);
+    });
+}
+export async function startMcpServer() {
+    installStdioShutdownHandlers();
+    const server = new McpServer({ name: 'proofseal', version: '0.1.0' });
+    server.tool('verify_claims', 'Verify the sealed ProofSeal manifest against the live tree: integrity-seal triple-check plus per-claim pass/drift/regressed/missing classification. Use when raw Bash (sha256sum, grep) is wrong because it cannot detect manifest tampering or distinguish benign drift from a real regression.', { root: z.string().optional(), manifest: z.string().optional() }, async ({ root, manifest }) => failOpen('run `proofseal init` then `proofseal seal` in the repo', async () => {
+        const r = await verify({ root, manifestPath: manifest });
+        // verify() never throws on broken repos — surface preconditions in the
+        // fail-open shape so agent sessions get {ok:false, warn:true, error, hint}.
+        if (r.precondition) {
+            return { ok: false, warn: true, error: r.precondition, hint: r.hint ?? '', detail: toVerifyJson(r) };
+        }
+        return toVerifyJson(r);
+    }));
+    server.tool('seal_manifest', 'Refresh all claims against the tree, derive the commit-bound key, seal the manifest, and append a history snapshot. Use when manually editing proofs/manifest.json is wrong because hand-edited manifests always break the seal — resealing is the only legal mutation.', { root: z.string().optional() }, async ({ root }) => failOpen('ensure the repo has proofseal.json (run `proofseal init`) and is a git checkout', async () => {
+        const r = await seal({ root });
+        return { ok: r.ok, summary: r.summary, manifestPath: r.manifestPath, manifestHash: r.witness.integrity.manifestHash, warnings: r.warnings, filesWritten: r.filesWritten };
+    }));
+    server.tool('check_drift', 'Diff the live tree against the latest sealed manifest WITHOUT resealing: reports per-claim pass/drift/regressed/missing only. Use when seal_manifest is wrong because you only want to inspect drift, not mint a new sealed snapshot.', { root: z.string().optional(), manifest: z.string().optional() }, async ({ root, manifest }) => failOpen('seal a manifest first with `proofseal seal`', () => {
+        const cfg = loadConfig(root ?? process.cwd());
+        const path = manifest ?? cfg.manifestPath;
+        const witness = JSON.parse(readFileSync(path, 'utf8'));
+        const results = witness.manifest.claims
+            .filter((c) => c.type !== 'harness')
+            .map((c) => classifyFileClaim(cfg.root, c));
+        return {
+            ok: true,
+            summary: {
+                pass: results.filter((r) => r.status === 'pass').length,
+                drift: results.filter((r) => r.status === 'drift').length,
+                regressed: results.filter((r) => r.status === 'regressed').length,
+                missing: results.filter((r) => r.status === 'missing').length,
+            },
+            results,
+        };
+    }));
+    server.tool('claim_history', 'Status timeline (pass/regressed/absent) for one claim across every sealed snapshot. Use when `git log` is wrong because it shows commits, not whether a specific verified claim held at each seal point.', { id: z.string(), root: z.string().optional() }, async ({ id, root }) => failOpen('no history yet — run `proofseal seal` at least once', () => {
+        const cfg = loadConfig(root ?? process.cwd());
+        return { ok: true, id, timeline: fixTimeline(loadHistory(cfg.historyPath), id) };
+    }));
+    server.tool('find_regression', 'Bisect the JSONL history: for every currently-regressed claim, locate the last-pass snapshot and the snapshot where the regression appeared. Use when `git bisect` is wrong because it needs a runnable predicate per commit; this answers from already-recorded seal snapshots instantly.', { root: z.string().optional() }, async ({ root }) => failOpen('no history yet — run `proofseal seal` at least once', () => {
+        const cfg = loadConfig(root ?? process.cwd());
+        // Same query code as `proofseal history --bisect`: entries are ordered
+        // by issuedAt, and each regression carries reachability/range-width
+        // info when git can resolve the recorded SHAs (best-effort).
+        return {
+            ok: true,
+            regressions: enrichRegressionsWithGit(cfg.root, findRegressionIntroductions(loadHistory(cfg.historyPath))),
+        };
+    }));
+    server.tool('run_harness', 'Run a deterministic harness (seeded via PROOFSEAL_SEED), quantize numeric output (round-half-even), hash it, and compare against the committed expectation with an rtol/atol tolerance fallback. Use when plain Bash execution is wrong because raw float output hashes diverge across CPU microarchitectures.', { name: z.string(), root: z.string().optional() }, async ({ name, root }) => failOpen('declare the harness claim in proofseal.json and run `proofseal harness run --update` first', async () => {
+        const cfg = loadConfig(root ?? process.cwd());
+        const def = cfg.config.claims.find((c) => c.type === 'harness' && (c.harness === name || c.id === name));
+        if (!def)
+            throw new Error(`no harness claim named '${name}'`);
+        const result = await runHarness({
+            name,
+            cmd: def.cmd,
+            cwd: cfg.root,
+            seed: def.seed,
+            quantizeDecimals: def.quantizeDecimals,
+            exclude: def.exclude,
+            expectedSha256: def.expectedSha256,
+            referenceVector: def.referenceVector,
+            tolerance: def.tolerance,
+        });
+        const { values: _v, quantized: _q, ...compact } = result;
+        return { ok: result.status === 'pass' || result.status === 'drift', result: compact };
+    }));
+    server.tool('list_claims', 'List the claims declared in proofseal.json (id, type, target). Use when reading proofseal.json with a file tool is wrong because this validates the schema and resolves defaults.', { root: z.string().optional() }, async ({ root }) => failOpen('run `proofseal init` to create proofseal.json', () => {
+        const cfg = loadConfig(root ?? process.cwd());
+        return { ok: true, claims: cfg.config.claims };
+    }));
+    await server.connect(new StdioServerTransport());
+}
+//# sourceMappingURL=server.js.map

package/dist/mcp/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAoB,MAAM,uBAAuB,CAAC;AAClG,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAQvC,qFAAqF;AACrF,SAAS,MAAM,CAAC,IAAa;IAC3B,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAChE,iBAAiB,EAAE,IAA+B;KACnD,CAAC;AACJ,CAAC;AAED,qDAAqD;AACrD,KAAK,UAAU,QAAQ,CAAC,IAAY,EAAE,EAAoC;IACxE,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAG,CAAW,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAS,4BAA4B;IACnC,MAAM,OAAO,GAAG,CAAC,GAAY,EAAW,EAAE,CACvC,GAAyC,EAAE,IAAI,KAAK,OAAO,CAAC;IAE/D,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACxD,IAAI,OAAO,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,GAAG,CAAC,CAAC,iDAAiD;IAC9D,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QACvD,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxD,MAAM,GAAG,CAAC;IACZ,CAAC,CAAC,CAAC;IACH,2EAA2E;IAC3E,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IACH,2EAA2E;IAC3E,qEAAqE;IACrE,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,EAAE;QACtC,IAAI,OAAO,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,4BAA4B,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAEtE,MAAM,CAAC,IAAI,CACT,eAAe,EACf,kSAAkS,EAClS,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAChE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC3B,QAAQ,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzD,uEAAuE;QACvE,4EAA4E;QAC5E,IAAI,CAAC,CAAC,YAAY,EAAE,CAAC;YACnB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;QACvG,CAAC;QACD,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,eAAe,EACf,yQAAyQ,EACzQ,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC/B,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CACjB,QAAQ,CAAC,iFAAiF,EAAE,KAAK,IAAI,EAAE;QACrG,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC;IAC5K,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,aAAa,EACb,uOAAuO,EACvO,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAChE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC3B,QAAQ,CAAC,6CAA6C,EAAE,GAAG,EAAE;QAC3D,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,QAAQ,IAAI,GAAG,CAAC,YAAY,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAY,CAAC;QAClE,MAAM,OAAO,GAAkB,OAAO,CAAC,QAAQ,CAAC,MAAM;aACnD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC;aACnC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,IAAI;YACR,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;gBACvD,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM;gBACzD,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM;gBACjE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM;aAC9D;YACD,OAAO;SACR,CAAC;IACJ,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,eAAe,EACf,0MAA0M,EAC1M,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC/C,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CACrB,QAAQ,CAAC,qDAAqD,EAAE,GAAG,EAAE;QACnE,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACnF,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,4RAA4R,EAC5R,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC/B,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CACjB,QAAQ,CAAC,qDAAqD,EAAE,GAAG,EAAE;QACnE,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9C,uEAAuE;QACvE,oEAAoE;QACpE,6DAA6D;QAC7D,OAAO;YACL,EAAE,EAAE,IAAI;YACR,WAAW,EAAE,wBAAwB,CACnC,GAAG,CAAC,IAAI,EACR,2BAA2B,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAC1D;SACF,CAAC;IACJ,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,aAAa,EACb,gTAAgT,EAChT,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EACjD,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CACvB,QAAQ,CAAC,4FAA4F,EAAE,KAAK,IAAI,EAAE;QAChH,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAChC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,CACxF,CAAC;QACF,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,GAAG,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC;YAC9B,IAAI;YACJ,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,GAAG,CAAC,IAAI;YACb,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;YACtC,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,cAAc,EAAE,GAAG,CAAC,cAAc;YAClC,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC;QACzD,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxF,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,aAAa,EACb,mLAAmL,EACnL,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,EAC/B,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CACjB,QAAQ,CAAC,+CAA+C,EAAE,GAAG,EAAE;QAC7D,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;IACjD,CAAC,CAAC,CACL,CAAC;IAEF,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;AACnD,CAAC"}

package/package.json

@@ -1,29 +1,59 @@
 {
   "name": "proofseal",
-  "version": "0.0.2",
-  "description": "Seal your README claims and verify them in CI — v0.1.0 in private beta",
+  "version": "0.1.0",
+  "description": "Witness-chained, tamper-evident claim verification for any git repo — commit-bound integrity seals, zero key management.",
+  "type": "module",
   "license": "MIT",
   "author": "rudycelekli",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/rudycelekli/proofseal.git"
   },
-  "homepage": "https://github.com/rudycelekli/proofseal#readme",
   "bugs": {
     "url": "https://github.com/rudycelekli/proofseal/issues"
   },
+  "homepage": "https://github.com/rudycelekli/proofseal#readme",
+  "engines": {
+    "node": ">=20"
+  },
+  "bin": {
+    "proofseal": "dist/cli/index.js"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "NOTICE",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "pretest": "npm run build",
+    "test": "node --test \"tests/unit/**/*.test.mjs\"",
+    "test:integration": "node --test \"tests/integration/**/*.test.{mjs,js}\"",
+    "smoke:tarball": "node scripts/tarball-smoke.mjs"
+  },
   "keywords": [
-    "readme",
     "verification",
-    "drift",
-    "ci",
-    "claims"
+    "tamper-evidence",
+    "integrity-seal",
+    "witness",
+    "claims",
+    "provenance"
   ],
-  "bin": {
-    "proofseal": "./bin.js"
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "commander": "^12.1.0",
+    "zod": "^3.23.8"
   },
-  "files": [
-    "bin.js",
-    "README.md"
-  ]
+  "devDependencies": {
+    "@types/node": "^20.14.0",
+    "typescript": "^5.5.0"
+  }
 }

package/bin.js

@@ -1,19 +0,0 @@
-#!/usr/bin/env node
-"use strict";
-
-const lines = [
-  "",
-  "  ProofSeal",
-  "  ---------",
-  "  Seals the claims in your README (file hashes, markers, test harnesses)",
-  "  and verifies them in CI: pass / drift / regressed / missing.",
-  "",
-  "  Status: v0.1.0 is in private beta. This package is a placeholder.",
-  "",
-  "  Watch or star https://github.com/rudycelekli/proofseal and subscribe",
-  "  to the \"Notify me\" issue there to hear about the release.",
-  "",
-];
-
-process.stdout.write(lines.join("\n") + "\n");
-process.exit(0);