qa360 1.1.4 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/commands/doctor.js +2 -2
  2. package/dist/core/proof/verifier.js +2 -2
  3. package/dist/core/runner/phase3-runner.js +4 -4
  4. package/package.json +1 -1
package/dist/commands/doctor.js CHANGED
@@ -251,7 +251,7 @@ export class QA360Doctor {
251
251
  }
252
252
  async checkProofKeys() {
253
253
  try {
254
- const { ensureProofKeys } = await import('qa360-core');
254
+ const { ensureProofKeys } = await import('../core/index.js');
255
255
  const result = await ensureProofKeys(this.qa360Dir);
256
256
  // Validate result
257
257
  if (!result) {
@@ -328,7 +328,7 @@ export class QA360Doctor {
328
328
  }
329
329
  async checkProofRoundtrip() {
330
330
  try {
331
- const coreModule = await import('qa360-core');
331
+ const coreModule = await import('../core/index.js');
332
332
  const { generateKeys, createProofBundle, verifyProofBundle } = coreModule;
333
333
  // Guard: Verify exports are functions
334
334
  if (typeof generateKeys !== 'function') {
package/dist/core/proof/verifier.js CHANGED
@@ -263,9 +263,9 @@ export async function verifyPhase3Proof(filePath) {
263
263
  }
264
264
  // Decode public key from proof
265
265
  const publicKey = new Uint8Array(Buffer.from(signature.publicKey, 'base64'));
266
- // Canonicalize payload
266
+ // Canonicalize payload (same way it was signed)
267
267
  const { canonicalize } = await import('./canonicalize.js');
268
- const canonical = canonicalize(payload);
268
+ const canonical = canonicalize(payload) + '\n';
269
269
  // Verify signature
270
270
  const isValid = verify(canonical, signature.value, publicKey);
271
271
  if (!isValid) {
package/dist/core/runner/phase3-runner.js CHANGED
@@ -374,8 +374,8 @@ export class Phase3Runner {
374
374
  afterAll: result.hooks.afterAll.length
375
375
  }
376
376
  };
377
- // Canonicalize the payload for signing
378
- const canonicalPayload = canonicalize(proofPayload);
377
+ // Canonicalize the payload for signing (must match verification: canonical + newline)
378
+ const canonicalPayload = canonicalize(proofPayload) + '\n';
379
379
  // Sign with Ed25519
380
380
  let signatureValue;
381
381
  let algorithm;
@@ -429,7 +429,7 @@ export class Phase3Runner {
429
429
  });
430
430
  // Record gate executions
431
431
  for (const gate of result.gates) {
432
- await this.vault.recordGate(runId, {
432
+ await this.vault.recordGate(vaultRunId, {
433
433
  name: gate.gate,
434
434
  status: gate.success ? 'passed' : 'failed',
435
435
  duration_ms: gate.duration,
@@ -437,7 +437,7 @@ export class Phase3Runner {
437
437
  });
438
438
  // Record finding if gate has error
439
439
  if (gate.error) {
440
- await this.vault.recordFinding(runId, {
440
+ await this.vault.recordFinding(vaultRunId, {
441
441
  gate: gate.gate,
442
442
  severity: 'high',
443
443
  rule: 'gate-failure',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "qa360",
3
- "version": "1.1.4",
3
+ "version": "1.1.6",
4
4
  "description": "QA360 Proof CLI - Quality as Cryptographic Proof",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",