methodproof 0.5.3__tar.gz → 0.6.0__tar.gz

{methodproof-0.5.3 → methodproof-0.6.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: methodproof
-Version: 0.5.3
+Version: 0.6.0
 Summary: See how you code. Capture and visualize your engineering process.
 License-Expression: Apache-2.0
 License-File: LICENSE
@@ -67,6 +67,87 @@ methodproof view      # explore your session in the browser
 - **Auto-detection** — hooks for shell, Claude Code, OpenClaw, codex, gemini, aider installed automatically
 - **Platform sync** — `methodproof push` uploads sessions. `methodproof publish` makes them public and shareable
 
+## Security Architecture
+
+Every event passes through consent gating, encryption, and hash chaining before touching disk. The platform adds a server co-signature on push, creating two-party evidence.
+
+```mermaid
+flowchart TB
+    subgraph LOCAL["LOCAL MACHINE"]
+        direction TB
+        subgraph AGENTS["Capture Agents"]
+            direction LR
+            W["File Watcher"] & T["Terminal Hook"] & B["Browser Bridge"] & H["AI Tool Hooks"]
+        end
+        W & T & B & H -->|"raw event"| EMIT["emit(type, metadata)"]
+
+        subgraph CONSENT["Consent Layer"]
+            direction TB
+            EMIT --> EG{"Event Gate"}
+            EG -->|"category OFF"| DROP["Dropped"]
+            EG -->|"category ON"| FG["Field Gate: strip opted-out fields"]
+            FG --> JG{"Journal Mode?"}
+            JG -->|"OFF: structural only"| STRIP["Strip content fields"]
+            JG -->|"ON: full content"| KEEP["Keep all fields"]
+        end
+
+        subgraph CRYPTO["Encryption + Integrity"]
+            direction TB
+            STRIP & KEEP --> AES["AES-256-GCM: encrypt sensitive fields"]
+            AES --> LOCK["Thread Lock: atomic hash + buffer"]
+            LOCK --> CHAIN["SHA-256 Hash Chain"]
+            CHAIN --> BUF["Batched Flush"]
+        end
+
+        BUF --> DB[("SQLite WAL")]
+        BUF -.->|"--live"| WS["WebSocket Stream"]
+
+        subgraph KEYS["Key Vault"]
+            direction LR
+            ENT["Entropy"] --> KDF["Key Derivation"]
+            KDF --> DBK["Encryption Key"]
+            KDF --> BINDK["Binding Key"]
+            KDF --> ED25["Signing Key"]
+            ENT -.-> REC["Recovery Phrase"]
+            KDF -.-> KC["OS Keychain"]
+        end
+    end
+
+    subgraph PUSH["PUSH PROTOCOL"]
+        direction TB
+        DB --> BATCH["Batched Upload"]
+        BATCH --> BIND["Session Binding: HMAC over session metadata"]
+        BIND --> SIGN["Ed25519 Sign: session summary"]
+    end
+
+    subgraph PLATFORM["PLATFORM TRUST BOUNDARY"]
+        direction TB
+        SIGN --> VERIFY["Verify Ed25519 against registered public key"]
+        VERIFY --> COSIG["Server Co-Sign: HMAC over attestation receipt"]
+        COSIG --> NEO[("Graph Store")]
+        NEO --> SCORE["Integrity Score: chain + attestation + cosig + git xref + anomaly"]
+    end
+
+    style DROP fill:#d93326,stroke:#d93326,color:#fff
+    style AES fill:#803794,stroke:#803794,color:#fff
+    style CHAIN fill:#803794,stroke:#803794,color:#fff
+    style LOCK fill:#803794,stroke:#803794,color:#fff
+    style EG fill:#109446,stroke:#109446,color:#fff
+    style JG fill:#109446,stroke:#109446,color:#fff
+    style STRIP fill:#109446,stroke:#109446,color:#fff
+    style VERIFY fill:#c9a84c,stroke:#c9a84c,color:#fff
+    style COSIG fill:#c9a84c,stroke:#c9a84c,color:#fff
+    style SCORE fill:#c9a84c,stroke:#c9a84c,color:#fff
+    style SIGN fill:#192a56,stroke:#192a56,color:#fff
+    style BIND fill:#192a56,stroke:#192a56,color:#fff
+    style DB fill:#192a56,stroke:#192a56,color:#fff
+    style NEO fill:#192a56,stroke:#192a56,color:#fff
+    style KC fill:#803794,stroke:#803794,color:#fff
+    style REC fill:#803794,stroke:#803794,color:#fff
+```
+
+<sup>Green = consent gates · Purple = cryptographic operations · Navy = storage + binding · Gold = integrity verification</sup>
+
 ## Commands
 
 | Command | What it does |
@@ -167,13 +248,15 @@ At session end, outcome metrics are computed: first-shot apply rate, follow-up s
 <details>
 <summary>Integrity verification</summary>
 
-Three layers ensure session data hasn't been tampered with:
+Four layers ensure session data hasn't been tampered with (see [architecture diagram](#security-architecture) above):
+
+**Hash-chained events** — every event includes a SHA-256 hash linking to the previous event. Hash computation is thread-safe (atomic with buffer append). Any modification breaks the chain, detectable via `GET /sessions/{id}/chain/verify`.
 
-**Hash-chained events** — every event includes a SHA-256 hash linking to the previous event. Any modification breaks the chain, detectable via `GET /sessions/{id}/chain/verify`.
+**Ed25519 attestation** — on `methodproof push`, the CLI signs a session summary with your private key. Key generated during `methodproof init`, stored in `~/.methodproof/`.
 
-**Ed25519 attestation** — on `methodproof push`, the CLI signs a session summary with your private key. Install with `pip install methodproof[signing]`. Key generated during `methodproof init`, stored in `~/.methodproof/config.json`.
+**Server co-signature** — the platform independently signs the attestation receipt with its own key and timestamp, creating two-party evidence. Sessions pushed without server co-signature receive a lower integrity score.
 
-**Binary hash self-reporting** — the CLI reports its own binary hash on push. The platform compares against known release hashes to detect modified builds.
+**Binary hash self-reporting** — the CLI reports its own source hash on push. The platform compares against known release hashes to detect modified builds.
 
 </details>
 
@@ -222,7 +305,7 @@ methodproof start
 
 **Excluded patterns:** `__pycache__`, `.pyc`, `.git/`, `node_modules`, `.DS_Store`, `.swp`, temp files ending in `~`
 
-**Git commits** are detected by polling `.git/refs/heads/` every 2 seconds — only commits in a git repo rooted at (or above) the watch directory are captured.
+**Git commits** are detected automatically — only commits in a git repo rooted at (or above) the watch directory are captured.
 
 ## Data Directory
 

{methodproof-0.5.3 → methodproof-0.6.0}/README.md

@@ -52,6 +52,87 @@ methodproof view      # explore your session in the browser
 - **Auto-detection** — hooks for shell, Claude Code, OpenClaw, codex, gemini, aider installed automatically
 - **Platform sync** — `methodproof push` uploads sessions. `methodproof publish` makes them public and shareable
 
+## Security Architecture
+
+Every event passes through consent gating, encryption, and hash chaining before touching disk. The platform adds a server co-signature on push, creating two-party evidence.
+
+```mermaid
+flowchart TB
+    subgraph LOCAL["LOCAL MACHINE"]
+        direction TB
+        subgraph AGENTS["Capture Agents"]
+            direction LR
+            W["File Watcher"] & T["Terminal Hook"] & B["Browser Bridge"] & H["AI Tool Hooks"]
+        end
+        W & T & B & H -->|"raw event"| EMIT["emit(type, metadata)"]
+
+        subgraph CONSENT["Consent Layer"]
+            direction TB
+            EMIT --> EG{"Event Gate"}
+            EG -->|"category OFF"| DROP["Dropped"]
+            EG -->|"category ON"| FG["Field Gate: strip opted-out fields"]
+            FG --> JG{"Journal Mode?"}
+            JG -->|"OFF: structural only"| STRIP["Strip content fields"]
+            JG -->|"ON: full content"| KEEP["Keep all fields"]
+        end
+
+        subgraph CRYPTO["Encryption + Integrity"]
+            direction TB
+            STRIP & KEEP --> AES["AES-256-GCM: encrypt sensitive fields"]
+            AES --> LOCK["Thread Lock: atomic hash + buffer"]
+            LOCK --> CHAIN["SHA-256 Hash Chain"]
+            CHAIN --> BUF["Batched Flush"]
+        end
+
+        BUF --> DB[("SQLite WAL")]
+        BUF -.->|"--live"| WS["WebSocket Stream"]
+
+        subgraph KEYS["Key Vault"]
+            direction LR
+            ENT["Entropy"] --> KDF["Key Derivation"]
+            KDF --> DBK["Encryption Key"]
+            KDF --> BINDK["Binding Key"]
+            KDF --> ED25["Signing Key"]
+            ENT -.-> REC["Recovery Phrase"]
+            KDF -.-> KC["OS Keychain"]
+        end
+    end
+
+    subgraph PUSH["PUSH PROTOCOL"]
+        direction TB
+        DB --> BATCH["Batched Upload"]
+        BATCH --> BIND["Session Binding: HMAC over session metadata"]
+        BIND --> SIGN["Ed25519 Sign: session summary"]
+    end
+
+    subgraph PLATFORM["PLATFORM TRUST BOUNDARY"]
+        direction TB
+        SIGN --> VERIFY["Verify Ed25519 against registered public key"]
+        VERIFY --> COSIG["Server Co-Sign: HMAC over attestation receipt"]
+        COSIG --> NEO[("Graph Store")]
+        NEO --> SCORE["Integrity Score: chain + attestation + cosig + git xref + anomaly"]
+    end
+
+    style DROP fill:#d93326,stroke:#d93326,color:#fff
+    style AES fill:#803794,stroke:#803794,color:#fff
+    style CHAIN fill:#803794,stroke:#803794,color:#fff
+    style LOCK fill:#803794,stroke:#803794,color:#fff
+    style EG fill:#109446,stroke:#109446,color:#fff
+    style JG fill:#109446,stroke:#109446,color:#fff
+    style STRIP fill:#109446,stroke:#109446,color:#fff
+    style VERIFY fill:#c9a84c,stroke:#c9a84c,color:#fff
+    style COSIG fill:#c9a84c,stroke:#c9a84c,color:#fff
+    style SCORE fill:#c9a84c,stroke:#c9a84c,color:#fff
+    style SIGN fill:#192a56,stroke:#192a56,color:#fff
+    style BIND fill:#192a56,stroke:#192a56,color:#fff
+    style DB fill:#192a56,stroke:#192a56,color:#fff
+    style NEO fill:#192a56,stroke:#192a56,color:#fff
+    style KC fill:#803794,stroke:#803794,color:#fff
+    style REC fill:#803794,stroke:#803794,color:#fff
+```
+
+<sup>Green = consent gates · Purple = cryptographic operations · Navy = storage + binding · Gold = integrity verification</sup>
+
 ## Commands
 
 | Command | What it does |
@@ -152,13 +233,15 @@ At session end, outcome metrics are computed: first-shot apply rate, follow-up s
 <details>
 <summary>Integrity verification</summary>
 
-Three layers ensure session data hasn't been tampered with:
+Four layers ensure session data hasn't been tampered with (see [architecture diagram](#security-architecture) above):
+
+**Hash-chained events** — every event includes a SHA-256 hash linking to the previous event. Hash computation is thread-safe (atomic with buffer append). Any modification breaks the chain, detectable via `GET /sessions/{id}/chain/verify`.
 
-**Hash-chained events** — every event includes a SHA-256 hash linking to the previous event. Any modification breaks the chain, detectable via `GET /sessions/{id}/chain/verify`.
+**Ed25519 attestation** — on `methodproof push`, the CLI signs a session summary with your private key. Key generated during `methodproof init`, stored in `~/.methodproof/`.
 
-**Ed25519 attestation** — on `methodproof push`, the CLI signs a session summary with your private key. Install with `pip install methodproof[signing]`. Key generated during `methodproof init`, stored in `~/.methodproof/config.json`.
+**Server co-signature** — the platform independently signs the attestation receipt with its own key and timestamp, creating two-party evidence. Sessions pushed without server co-signature receive a lower integrity score.
 
-**Binary hash self-reporting** — the CLI reports its own binary hash on push. The platform compares against known release hashes to detect modified builds.
+**Binary hash self-reporting** — the CLI reports its own source hash on push. The platform compares against known release hashes to detect modified builds.
 
 </details>
 
@@ -207,7 +290,7 @@ methodproof start
 
 **Excluded patterns:** `__pycache__`, `.pyc`, `.git/`, `node_modules`, `.DS_Store`, `.swp`, temp files ending in `~`
 
-**Git commits** are detected by polling `.git/refs/heads/` every 2 seconds — only commits in a git repo rooted at (or above) the watch directory are captured.
+**Git commits** are detected automatically — only commits in a git repo rooted at (or above) the watch directory are captured.
 
 ## Data Directory
 

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/__init__.py

@@ -1,3 +1,3 @@
 """MethodProof — see how you code."""
 
-__version__ = "0.5.3"
+__version__ = "0.6.0"

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/_daemon.py

@@ -64,7 +64,8 @@ def main() -> None:
         threads.append(threading.Thread(
             target=bridge.start,
             args=(sid, stop_event, 9877,
-                  cfg.get("token", ""), cfg.get("api_url", ""), cfg.get("e2e_key", "")),
+                  cfg.get("token", ""), cfg.get("api_url", ""), cfg.get("e2e_key", ""),
+                  cfg.get("journal_mode", False)),
             daemon=True,
         ))
 

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/agents/base.py

@@ -145,17 +145,17 @@ def emit(event_type: str, metadata: dict[str, Any]) -> None:
     if _e2e_key:
         from methodproof.crypto import encrypt_metadata
         entry["metadata"] = encrypt_metadata(dict(entry["metadata"]), _e2e_key)
-    global _prev_hash
-    from methodproof.integrity import compute_event_hash
-    entry["_chain_hash"] = compute_event_hash(entry, _prev_hash, _account_id)
-    _prev_hash = entry["_chain_hash"]
-    if _live_mode:
-        from methodproof import live as live_mod
-        live_mod.send(entry)
     with _lock:
+        global _prev_hash
+        from methodproof.integrity import compute_event_hash
+        entry["_chain_hash"] = compute_event_hash(entry, _prev_hash, _account_id)
+        _prev_hash = entry["_chain_hash"]
         _buffer.append(entry)
         if len(_buffer) >= _FLUSH_SIZE:
             _flush_locked()
+    if _live_mode:
+        from methodproof import live as live_mod
+        live_mod.send(entry)
 
 
 def flush() -> None:

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/bridge.py

@@ -12,7 +12,8 @@ _session_id = ""
 _api_token = ""
 _api_base = ""
 _e2e_key = ""
-_pairing: dict[str, Any] = {}  # {token: {session_id, api_token, api_base, e2e_key, paired}}
+_journal = False
+_pairing: dict[str, Any] = {}  # {token: {session_id, api_token, api_base, e2e_key, journal, paired}}
 _extension_paired = threading.Event()
 MAX_BODY = 10 * 1024 * 1024  # 10 MB
 
@@ -47,6 +48,7 @@ PAIR_PAGE = """<!DOCTYPE html>
          data-token="{api_token}"
          data-api-base="{api_base}"
          data-e2e-key="{e2e_key}"
+         data-journal="{journal}"
          style="display:none"></div>
   </div>
   <script>
@@ -62,11 +64,12 @@ PAIR_PAGE = """<!DOCTYPE html>
 </html>"""
 
 
-def generate_pair_token(session_id: str, api_token: str, api_base: str, e2e_key: str = "") -> str:
+def generate_pair_token(session_id: str, api_token: str, api_base: str,
+                        e2e_key: str = "", journal: bool = False) -> str:
     token = secrets.token_urlsafe(16)
     _pairing[token] = {
         "session_id": session_id, "api_token": api_token,
-        "api_base": api_base, "e2e_key": e2e_key, "paired": False,
+        "api_base": api_base, "e2e_key": e2e_key, "journal": journal, "paired": False,
     }
     return token
 
@@ -92,6 +95,7 @@ class _Handler(BaseHTTPRequestHandler):
                 api_token=data["api_token"],
                 api_base=data["api_base"],
                 e2e_key=data["e2e_key"],
+                journal="true" if data.get("journal") else "false",
                 pair_token=token,
             ).encode()
             self.send_response(200)
@@ -109,6 +113,7 @@ class _Handler(BaseHTTPRequestHandler):
                     "token": _api_token,
                     "api_base": _api_base,
                     "e2e_key": _e2e_key,
+                    "journal": _journal,
                 })
                 _extension_paired.set()
                 base.log("info", "extension.auto_paired", session_id=_session_id)
@@ -149,6 +154,7 @@ class _Handler(BaseHTTPRequestHandler):
                 "api_token": body.get("api_token", ""),
                 "api_base": body.get("api_base", ""),
                 "e2e_key": body.get("e2e_key", ""),
+                "journal": body.get("journal", False),
                 "paired": False,
             }
             self._json({"ok": True, "token": token})
@@ -185,12 +191,14 @@ class _Handler(BaseHTTPRequestHandler):
 
 
 def start(session_id: str, stop: threading.Event, port: int = 9877,
-          api_token: str = "", api_base: str = "", e2e_key: str = "") -> None:
-    global _session_id, _api_token, _api_base, _e2e_key
+          api_token: str = "", api_base: str = "", e2e_key: str = "",
+          journal: bool = False) -> None:
+    global _session_id, _api_token, _api_base, _e2e_key, _journal
     _session_id = session_id
     _api_token = api_token
     _api_base = api_base
     _e2e_key = e2e_key
+    _journal = journal
     _extension_paired.clear()
     HTTPServer.allow_reuse_address = True
     server = HTTPServer(("127.0.0.1", port), _Handler)

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/cli.py

@@ -1028,6 +1028,7 @@ def cmd_start(args: argparse.Namespace) -> None:
         threads.append(threading.Thread(target=bridge.start, args=(
             sid, stop_event, 9877,
             cfg.get("token", ""), cfg.get("api_url", ""), cfg.get("e2e_key", ""),
+            cfg.get("journal_mode", False),
         ), daemon=True))
     if capture.get("music", True):
         from methodproof.agents import music

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/config.py

@@ -79,7 +79,6 @@ JOURNAL_CONTENT_FIELDS: list[tuple[str, str]] = [
     # AI prompts — full prompt text
     ("llm_prompt", "prompt_text"),
     ("agent_prompt", "prompt_preview"),
-    ("user_prompt", "prompt_preview"),
     # AI responses — full completion text
     ("llm_completion", "response_text"),
     ("agent_completion", "response_preview"),
@@ -105,8 +104,8 @@ JOURNAL_CONTENT_FIELDS: list[tuple[str, str]] = [
     ("browser_copy", "text_snippet"),
     ("browser_ai_chat", "detected_input"),
     ("browser_ai_chat", "url"),
-    # Inline completions — provider detail
-    ("inline_completion_accepted", "text_length"),
+    # Tasks — subject reveals intent
+    ("task_created", "subject"),
 ]
 
 

{methodproof-0.5.3 → methodproof-0.6.0}/methodproof/sync.py

@@ -102,9 +102,10 @@ def push(session_id: str, token: str, api_url: str) -> str:
     event_hashes = store.get_event_hashes(session_id)
     hash_lookup = {h["event_id"]: h["hash"] for h in event_hashes}
     total = len(events)
+    batch_size = 500
     try:
-        for i in range(0, total, 100):
-            batch = events[i:i + 100]
+        for i in range(0, total, batch_size):
+            batch = events[i:i + batch_size]
             payload = [{"id": e["id"], "type": e["type"],
                          "timestamp": _iso(e["timestamp"]),
                          "timestamp_raw": e["timestamp"],
@@ -112,9 +113,18 @@ def push(session_id: str, token: str, api_url: str) -> str:
                          "metadata": json.loads(e["metadata"]),
                          "hash": hash_lookup.get(e["id"], "")}
                         for e in batch]
-            _request("POST", f"/sessions/{remote_id}/events", api_url, token,
-                     {"events": payload})
-            done = min(i + 100, total)
+            for attempt in range(5):
+                try:
+                    _request("POST", f"/sessions/{remote_id}/events", api_url, token,
+                             {"events": payload})
+                    break
+                except SystemExit as exc:
+                    if "429" in str(exc) and attempt < 4:
+                        import time
+                        time.sleep(10 * (attempt + 1))
+                    else:
+                        raise
+            done = min(i + batch_size, total)
             print(f"\r  Uploading: {done}/{total} events", end="", flush=True)
         print()
     except SystemExit:

{methodproof-0.5.3 → methodproof-0.6.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "methodproof"
-version = "0.5.3"
+version = "0.6.0"
 description = "See how you code. Capture and visualize your engineering process."
 requires-python = ">=3.11"
 dependencies = ["watchdog>=4.0", "websocket-client>=1.7", "cryptography>=43.0", "keyring>=25.0"]

{methodproof-0.5.3 → methodproof-0.6.0}/uv.lock

@@ -649,7 +649,7 @@ name = "importlib-metadata"
 version = "9.0.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
-    { name = "zipp" },
+    { name = "zipp", marker = "python_full_version < '3.12'" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/a9/01/15bb152d77b21318514a96f43af312635eb2500c96b55398d020c93d86ea/importlib_metadata-9.0.0.tar.gz", hash = "sha256:a4f57ab599e6a2e3016d7595cfd72eb4661a5106e787a95bcc90c7105b831efc", size = 56405, upload-time = "2026-03-20T06:42:56.999Z" }
 wheels = [
@@ -862,7 +862,7 @@ wheels = [
 
 [[package]]
 name = "methodproof"
-version = "0.4.5"
+version = "0.5.5"
 source = { editable = "." }
 dependencies = [
     { name = "cryptography", version = "44.0.3", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.12'" },