methodproof 0.3.0__tar.gz → 0.3.3__tar.gz

methodproof-0.3.3/CHANGELOG.md

@@ -0,0 +1,89 @@
+# Changelog
+
+## [0.3.3] — 2026-04-05
+
+### Fixed
+- macOS hook timestamp: `date +%s.%3N` produced invalid JSON (literal `.3N`), silently dropping all tool_call, tool_result, agent_launch, and agent_complete events
+- Stale session recovery: `mp start` now detects dead daemons and cleans up instead of blocking
+- Bridge events now route through `base.emit()` for consent gating, hash chain integrity, and live streaming
+
+### Changed
+- `mp view` replaced with terminal-based session audit (no HTTP server)
+- Recording threads start after fork (fixes silent 0-event sessions on macOS)
+- Hook errors logged to `~/.methodproof/hook_errors.log` for inspection
+- Consent-blocked events logged at debug level
+
+### Added
+- Watch Scope section in README documenting directory scope and exclusion patterns
+- `store.reset_connection()` for fork-safe SQLite WAL handling
+
+## [0.3.2] — 2026-04-04
+
+### Changed
+- `websocket-client` is now a default dependency (no longer requires `pip install methodproof[live]`)
+- `mp start --live` prints a clickable dashboard URL instead of the API host
+- `live.start()` returns the dashboard URL from the platform handshake
+
+## [0.3.1] — 2026-04-04
+
+### Added
+- `mp extension pair` — pair browser extension to active session
+- `mp extension status` — check extension connection
+- `mp extension install` — open Chrome Web Store listing
+- Bridge auto-discovery: extension auto-connects when CLI session starts
+- Bridge `/pair/auto` endpoint for extension auto-pairing
+- Bridge `/pair/register` + `/pair/ack` for manual pairing flow
+- `mp start` now runs in the background (daemon mode on Unix)
+- Extension status check on session start (connected/not detected)
+- `SO_REUSEADDR` on bridge socket for clean restarts
+
+### Changed
+- Bridge accepts API credentials for auto-discovery passthrough
+- `_shutdown` handler wrapped in try/except for robust daemon cleanup
+
+## [0.3.0] — 2026-04-03
+
+### Added
+- Prompt structural analysis: 35 metadata dimensions extracted from AI prompts
+- Environment profiling: structural scan of AI dev environment (instruction files, tool configs)
+- `environment_analysis` consent category (default on, structural metadata only)
+- Outcome metrics: correlation between prompt patterns and session results
+- Consent review prompt when new capture categories exist after update
+
+### Changed
+- README rebrand: OG dark banner, hero process graph, brand-colored badges
+
+### Fixed
+- Unused import, silent failures, operator precedence, magic numbers (code review)
+
+## [0.2.0] — 2026-03-30
+
+### Added
+- Browser login via device auth flow (`mp login` opens browser)
+- Three-section interactive consent (capture, research, redaction)
+- `mp uninstall` — remove all hooks, data, and config
+- Color-coded command reference (`mp help`)
+- Auto-refresh expired API tokens
+- `mp update` — self-update from PyPI
+- AI Agent Graph branding for prompt/response events
+- Code capture consent category (Pro only, encrypted, default off)
+- Windows compatibility (stop sentinel, icacls permissions)
+- `--live` flag streams events to platform in real-time over WebSocket
+- `live` optional dependency (`pip install methodproof[live]`)
+- Free-tier full-spectrum consent unlocks 30-day rolling live stream
+
+## [0.1.1] — 2026-03-28
+
+### Fixed
+- Added pytest dev dependency
+
+## [0.1.0] — 2026-03-27
+
+### Added
+- Initial release
+- `mp init/start/stop/view/log/push/publish/review/consent/tag/delete`
+- File watcher, terminal monitor, music agent
+- Local bridge for browser extension events
+- Hash-chained events + Ed25519 attestation
+- Full Spectrum messaging (all 10 categories)
+- `mp mcp-serve` — MCP server for Claude Code

methodproof-0.3.0/README.md → methodproof-0.3.3/PKG-INFO

@@ -1,3 +1,18 @@
+Metadata-Version: 2.4
+Name: methodproof
+Version: 0.3.3
+Summary: See how you code. Capture and visualize your engineering process.
+License-Expression: Apache-2.0
+License-File: LICENSE
+Requires-Python: >=3.11
+Requires-Dist: watchdog>=4.0
+Requires-Dist: websocket-client>=1.7
+Provides-Extra: e2e
+Requires-Dist: cryptography>=43.0; extra == 'e2e'
+Provides-Extra: signing
+Requires-Dist: cryptography>=43.0; extra == 'signing'
+Description-Content-Type: text/markdown
+
 <p align="center">
   <img src="https://cdn.methodproof.com/og/og-primary-dark.png" alt="MethodProof — Engineering Process Intelligence" width="720" />
 </p>
@@ -191,6 +206,24 @@ All sensitive metadata (prompts, completions, commands, output, diffs) is encryp
 - **AI CLIs** — codex, gemini, aider command wrappers
 - **MCP server** — registered with Claude Code for session/graph queries
 
+## Watch Scope
+
+`methodproof start` watches the **current directory recursively** (or the directory passed via `--dir`). Every file create, edit, and delete under that tree generates an event.
+
+**Start in the right directory.** If you start in a monorepo root, you'll capture events from every subdirectory. If you start in a subdirectory, parent-level changes won't be recorded.
+
+```bash
+cd my-project          # scope to this project
+methodproof start
+
+cd ~/code              # ⚠️ captures ALL projects under ~/code
+methodproof start
+```
+
+**Excluded patterns:** `__pycache__`, `.pyc`, `.git/`, `node_modules`, `.DS_Store`, `.swp`, temp files ending in `~`
+
+**Git commits** are detected by polling `.git/refs/heads/` every 2 seconds — only commits in a git repo rooted at (or above) the watch directory are captured.
+
 ## Data Directory
 
 `~/.methodproof/`

methodproof-0.3.0/PKG-INFO → methodproof-0.3.3/README.md

@@ -1,19 +1,3 @@
-Metadata-Version: 2.4
-Name: methodproof
-Version: 0.3.0
-Summary: See how you code. Capture and visualize your engineering process.
-License-Expression: Apache-2.0
-License-File: LICENSE
-Requires-Python: >=3.11
-Requires-Dist: watchdog>=4.0
-Provides-Extra: e2e
-Requires-Dist: cryptography>=43.0; extra == 'e2e'
-Provides-Extra: live
-Requires-Dist: websocket-client>=1.7; extra == 'live'
-Provides-Extra: signing
-Requires-Dist: cryptography>=43.0; extra == 'signing'
-Description-Content-Type: text/markdown
-
 <p align="center">
   <img src="https://cdn.methodproof.com/og/og-primary-dark.png" alt="MethodProof — Engineering Process Intelligence" width="720" />
 </p>
@@ -207,6 +191,24 @@ All sensitive metadata (prompts, completions, commands, output, diffs) is encryp
 - **AI CLIs** — codex, gemini, aider command wrappers
 - **MCP server** — registered with Claude Code for session/graph queries
 
+## Watch Scope
+
+`methodproof start` watches the **current directory recursively** (or the directory passed via `--dir`). Every file create, edit, and delete under that tree generates an event.
+
+**Start in the right directory.** If you start in a monorepo root, you'll capture events from every subdirectory. If you start in a subdirectory, parent-level changes won't be recorded.
+
+```bash
+cd my-project          # scope to this project
+methodproof start
+
+cd ~/code              # ⚠️ captures ALL projects under ~/code
+methodproof start
+```
+
+**Excluded patterns:** `__pycache__`, `.pyc`, `.git/`, `node_modules`, `.DS_Store`, `.swp`, temp files ending in `~`
+
+**Git commits** are detected by polling `.git/refs/heads/` every 2 seconds — only commits in a git repo rooted at (or above) the watch directory are captured.
+
 ## Data Directory
 
 `~/.methodproof/`

{methodproof-0.3.0 → methodproof-0.3.3}/methodproof/agents/base.py

@@ -83,6 +83,7 @@ def emit(event_type: str, metadata: dict[str, Any]) -> None:
     # Event-level consent gate
     gate = _EVENT_GATES.get(event_type)
     if gate and not _capture.get(gate, True):
+        log("debug", "emit.consent_blocked", type=event_type, gate=gate)
         return
     # Field-level consent gate — strip opted-out fields
     for category, pairs in _FIELD_GATES.items():

methodproof-0.3.3/methodproof/bridge.py

@@ -0,0 +1,200 @@
+"""Local HTTP bridge — accepts browser extension events into SQLite and handles pairing."""
+
+import json
+import secrets
+import threading
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from typing import Any
+
+from methodproof.agents import base
+
+_session_id = ""
+_api_token = ""
+_api_base = ""
+_e2e_key = ""
+_pairing: dict[str, Any] = {}  # {token: {session_id, api_token, api_base, e2e_key, paired}}
+_extension_paired = threading.Event()
+MAX_BODY = 10 * 1024 * 1024  # 10 MB
+
+PAIR_PAGE = """<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>MethodProof — Pair Extension</title>
+  <style>
+    body {{ font-family: Inter, system-ui, sans-serif; background: #faf9f7; color: #0a0a0a;
+           display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; }}
+    .card {{ text-align: center; padding: 48px; max-width: 400px; }}
+    h1 {{ font-size: 18px; margin: 0 0 8px; }}
+    h1 span {{ font-family: Laila, serif; font-weight: 400; }}
+    .status {{ font-size: 14px; color: #666; margin: 24px 0; }}
+    .paired {{ color: #2d7a42; font-weight: 600; }}
+    .session {{ font-family: 'IBM Plex Mono', monospace; font-size: 12px; color: #888;
+               background: #f0eeea; padding: 8px 12px; display: inline-block; }}
+    .spinner {{ display: inline-block; width: 16px; height: 16px; border: 2px solid #ddd;
+               border-top-color: #d93326; border-radius: 50%; animation: spin 0.8s linear infinite;
+               vertical-align: middle; margin-right: 8px; }}
+    @keyframes spin {{ to {{ transform: rotate(360deg); }} }}
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1><b>Method</b><span>Proof</span></h1>
+    <div class="session">{session_short}</div>
+    <div id="status" class="status"><span class="spinner"></span>Pairing extension...</div>
+    <div id="methodproof-pair-data"
+         data-session-id="{session_id}"
+         data-token="{api_token}"
+         data-api-base="{api_base}"
+         data-e2e-key="{e2e_key}"
+         style="display:none"></div>
+  </div>
+  <script>
+    window.addEventListener('methodproof-paired', function() {{
+      document.getElementById('status').className = 'status paired';
+      document.getElementById('status').innerHTML = '&#10003; Extension paired';
+      fetch('/pair/ack', {{method: 'POST', headers: {{'Content-Type': 'application/json'}},
+            body: JSON.stringify({{token: '{pair_token}'}}) }});
+      setTimeout(function() {{ window.close(); }}, 2000);
+    }});
+  </script>
+</body>
+</html>"""
+
+
+def generate_pair_token(session_id: str, api_token: str, api_base: str, e2e_key: str = "") -> str:
+    token = secrets.token_urlsafe(16)
+    _pairing[token] = {
+        "session_id": session_id, "api_token": api_token,
+        "api_base": api_base, "e2e_key": e2e_key, "paired": False,
+    }
+    return token
+
+
+class _Handler(BaseHTTPRequestHandler):
+    def log_message(self, fmt: str, *args: Any) -> None:
+        pass
+
+    def do_GET(self) -> None:
+        if self.path == "/session":
+            self._json({"session_id": _session_id, "active": bool(_session_id)})
+        elif self.path.startswith("/pair?token="):
+            token = self.path.split("token=", 1)[1].split("&")[0]
+            data = _pairing.get(token)
+            if not data:
+                self.send_error(403, "Invalid or expired pairing token")
+                return
+            html = PAIR_PAGE.format(
+                session_id=data["session_id"],
+                session_short=data["session_id"][:8],
+                api_token=data["api_token"],
+                api_base=data["api_base"],
+                e2e_key=data["e2e_key"],
+                pair_token=token,
+            ).encode()
+            self.send_response(200)
+            self.send_header("Content-Type", "text/html")
+            self._cors()
+            self.end_headers()
+            self.wfile.write(html)
+        elif self.path == "/pair/auto":
+            if not _session_id:
+                self._json({"active": False})
+            else:
+                self._json({
+                    "active": True,
+                    "session_id": _session_id,
+                    "token": _api_token,
+                    "api_base": _api_base,
+                    "e2e_key": _e2e_key,
+                })
+                _extension_paired.set()
+                base.log("info", "extension.auto_paired", session_id=_session_id)
+        elif self.path == "/extension-status":
+            self._json({"paired": _extension_paired.is_set()})
+        else:
+            self.send_error(404)
+
+    def do_POST(self) -> None:
+        length = int(self.headers.get("Content-Length", 0))
+        if length > MAX_BODY:
+            self.send_error(413, "Request too large")
+            return
+        try:
+            body = json.loads(self.rfile.read(length)) if length else {}
+        except (json.JSONDecodeError, ValueError):
+            self.send_error(400, "Invalid JSON")
+            return
+
+        if self.path == "/events":
+            events = body.get("events", [])
+            accepted = 0
+            for e in events:
+                etype = e.get("type", "unknown")
+                meta = e.get("metadata", {})
+                if "duration_ms" in e:
+                    meta["duration_ms"] = e["duration_ms"]
+                base.emit(etype, meta)
+                accepted += 1
+            self._json({"accepted": accepted})
+        elif self.path == "/pair/register":
+            token = body.get("token", "")
+            if not token or not body.get("session_id"):
+                self.send_error(400, "Missing token or session_id")
+                return
+            _pairing[token] = {
+                "session_id": body["session_id"],
+                "api_token": body.get("api_token", ""),
+                "api_base": body.get("api_base", ""),
+                "e2e_key": body.get("e2e_key", ""),
+                "paired": False,
+            }
+            self._json({"ok": True, "token": token})
+        elif self.path == "/pair/ack":
+            token = body.get("token", "")
+            data = _pairing.get(token)
+            if data:
+                data["paired"] = True
+                _extension_paired.set()
+                base.log("info", "extension.paired", session_id=data["session_id"])
+            self._json({"ok": bool(data)})
+        else:
+            self.send_error(404)
+
+    def do_OPTIONS(self) -> None:
+        self.send_response(204)
+        self._cors()
+        self.end_headers()
+
+    def _json(self, data: Any) -> None:
+        body = json.dumps(data).encode()
+        self.send_response(200)
+        self.send_header("Content-Type", "application/json")
+        self._cors()
+        self.end_headers()
+        self.wfile.write(body)
+
+    def _cors(self) -> None:
+        origin = self.headers.get("Origin", "")
+        allowed = origin.startswith("chrome-extension://") or origin.startswith("http://localhost")
+        self.send_header("Access-Control-Allow-Origin", origin if allowed else "http://localhost:9877")
+        self.send_header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+        self.send_header("Access-Control-Allow-Headers", "Content-Type")
+
+
+def start(session_id: str, stop: threading.Event, port: int = 9877,
+          api_token: str = "", api_base: str = "", e2e_key: str = "") -> None:
+    global _session_id, _api_token, _api_base, _e2e_key
+    _session_id = session_id
+    _api_token = api_token
+    _api_base = api_base
+    _e2e_key = e2e_key
+    _extension_paired.clear()
+    HTTPServer.allow_reuse_address = True
+    server = HTTPServer(("127.0.0.1", port), _Handler)
+    server.timeout = 1
+    base.log("info", "bridge.started", port=port)
+    while not stop.is_set():
+        server.handle_request()
+    server.server_close()
+    base.log("info", "bridge.stopped")