PyPI - methodproof - Versions diffs - 0.7.4__tar.gz → 0.7.6__tar.gz - Mend

methodproof 0.7.4tar.gz → 0.7.6tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

{methodproof-0.7.4 → methodproof-0.7.6}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,11 @@
 # Changelog
+## [0.7.6] — 2026-04-08
+### Added
+- **Metadata compression** — event metadata stored as zlib-compressed BLOBs in SQLite (~80% storage reduction for journal-mode sessions). Existing uncompressed rows are silently migrated on next startup.
+- **Gzip transfer encoding** — `mp push` sends gzip-compressed request bodies to the platform. Reduces upload bandwidth ~70% for large batches.
 ## [0.7.1] — 2026-04-07
 ### Fixed

{methodproof-0.7.4 → methodproof-0.7.6}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: methodproof
-Version: 0.7.4
+Version: 0.7.6
 Summary: See how you code. Capture and visualize your engineering process.
 License-Expression: Apache-2.0
 License-File: LICENSE
@@ -60,7 +60,7 @@ methodproof view      # explore your session in the browser
 - **Environment profiling** — structural analysis of your AI dev environment (instruction files, tool counts, MCP servers) captured at session start
 - **Outcome metrics** — first-shot apply rate, follow-up sequences, phase transitions computed at session end
 - **Granular consent** — 10 standard capture categories + 1 premium, each independently toggled. Nothing records without your opt-in
-- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`. No network calls unless you choose
+- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`, zlib-compressed metadata. No network calls unless you choose
 - **Live streaming** — `methodproof start --live` streams events to the platform in real-time over WebSocket
 - **Integrity verification** — hash-chained events + Ed25519 attestation prove sessions haven't been tampered with
 - **E2E encryption** — optional company-held AES-256-GCM encryption the platform cannot decrypt
@@ -99,7 +99,7 @@ flowchart TB
             CHAIN --> BUF["Batched Flush"]
         end
-        BUF --> DB[("SQLite WAL")]
+        BUF -->|"zlib compress"| DB[("SQLite WAL")]
         BUF -.->|"--live"| WS["WebSocket Stream"]
         subgraph KEYS["Key Vault"]
@@ -115,7 +115,7 @@ flowchart TB
     subgraph PUSH["PUSH PROTOCOL"]
         direction TB
-        DB --> BATCH["Batched Upload"]
+        DB -->|"gzip"| BATCH["Batched Upload"]
         BATCH --> BIND["Session Binding: HMAC over session metadata"]
         BIND --> SIGN["Ed25519 Sign: session summary"]
     end
@@ -153,18 +153,24 @@ flowchart TB
 | Command | What it does |
 |---------|-------------|
 | `init` | Interactive consent selector, install hooks, create data directory |
-| `start [--dir .] [--tags t1,t2] [--public] [--live]` | Start recording |
+| `start [--dir .] [--tags t1,t2] [--public] [--live] [--journal] [--e2e]` | Start recording |
 | `stop` | Stop recording, build process graph |
 | `view [session_id]` | Open session graph in browser |
 | `log` | List sessions with sync status, visibility, tags |
-| `login` | Authenticate with the platform |
-| `push [session_id]` | Upload session |
-| `publish [session_id]` | Set public + push |
+| `login [--api-url URL]` | Authenticate with the platform |
+| `push [session_id] [--local]` | Upload session (`--local` targets localhost:8000) |
+| `publish [session_id] [--anonymous]` | Set public + push (redaction applied) |
 | `tag <session_id> <tags>` | Add tags |
 | `delete <session_id> [-f]` | Delete session and all its data |
-| `consent` | Change capture categories |
+| `consent` | Change capture, research, and redaction settings |
 | `review` | Inspect session data before pushing |
-| `update` | Check for and install CLI updates |
+| `journal on/off/status` | Toggle journal mode (full content capture) |
+| `e2e on/off/status/recover/release` | Manage personal E2E encryption keys |
+| `extension pair/status/install` | Browser extension pairing |
+| `proxy start/stop/status/cert` | Local AI API proxy (deep capture) |
+| `update [--auto/--no-auto]` | Check for and install CLI updates |
+| `lock [--purge]` | Destroy local encryption key (recoverable) |
+| `uninstall [--keep-sessions]` | Remove all hooks, data, and config |
 ## Privacy & Consent
@@ -307,6 +313,25 @@ methodproof start
 **Git commits** are detected automatically — only commits in a git repo rooted at (or above) the watch directory are captured.
+## Local Development
+Push sessions to a local API for testing:
+```bash
+# One-time: login to your local API
+mp login --api-url http://localhost:8000
+# Push with --local flag (overrides stored URL for this command)
+mp push --local
+# Or set the env var (works with any command)
+METHODPROOF_API_URL=http://localhost:8000 mp push
+```
+`--local` is a shorthand for `http://localhost:8000`. It does not clobber your production token — it only overrides the API URL for that invocation.
+You still need a valid JWT from the local API. Run `mp login --api-url http://localhost:8000` once to authenticate against your local platform.
 ## Data Directory
 `~/.methodproof/`

{methodproof-0.7.4 → methodproof-0.7.6}/README.md RENAMED Viewed

@@ -45,7 +45,7 @@ methodproof view      # explore your session in the browser
 - **Environment profiling** — structural analysis of your AI dev environment (instruction files, tool counts, MCP servers) captured at session start
 - **Outcome metrics** — first-shot apply rate, follow-up sequences, phase transitions computed at session end
 - **Granular consent** — 10 standard capture categories + 1 premium, each independently toggled. Nothing records without your opt-in
-- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`. No network calls unless you choose
+- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`, zlib-compressed metadata. No network calls unless you choose
 - **Live streaming** — `methodproof start --live` streams events to the platform in real-time over WebSocket
 - **Integrity verification** — hash-chained events + Ed25519 attestation prove sessions haven't been tampered with
 - **E2E encryption** — optional company-held AES-256-GCM encryption the platform cannot decrypt
@@ -84,7 +84,7 @@ flowchart TB
             CHAIN --> BUF["Batched Flush"]
         end
-        BUF --> DB[("SQLite WAL")]
+        BUF -->|"zlib compress"| DB[("SQLite WAL")]
         BUF -.->|"--live"| WS["WebSocket Stream"]
         subgraph KEYS["Key Vault"]
@@ -100,7 +100,7 @@ flowchart TB
     subgraph PUSH["PUSH PROTOCOL"]
         direction TB
-        DB --> BATCH["Batched Upload"]
+        DB -->|"gzip"| BATCH["Batched Upload"]
         BATCH --> BIND["Session Binding: HMAC over session metadata"]
         BIND --> SIGN["Ed25519 Sign: session summary"]
     end
@@ -138,18 +138,24 @@ flowchart TB
 | Command | What it does |
 |---------|-------------|
 | `init` | Interactive consent selector, install hooks, create data directory |
-| `start [--dir .] [--tags t1,t2] [--public] [--live]` | Start recording |
+| `start [--dir .] [--tags t1,t2] [--public] [--live] [--journal] [--e2e]` | Start recording |
 | `stop` | Stop recording, build process graph |
 | `view [session_id]` | Open session graph in browser |
 | `log` | List sessions with sync status, visibility, tags |
-| `login` | Authenticate with the platform |
-| `push [session_id]` | Upload session |
-| `publish [session_id]` | Set public + push |
+| `login [--api-url URL]` | Authenticate with the platform |
+| `push [session_id] [--local]` | Upload session (`--local` targets localhost:8000) |
+| `publish [session_id] [--anonymous]` | Set public + push (redaction applied) |
 | `tag <session_id> <tags>` | Add tags |
 | `delete <session_id> [-f]` | Delete session and all its data |
-| `consent` | Change capture categories |
+| `consent` | Change capture, research, and redaction settings |
 | `review` | Inspect session data before pushing |
-| `update` | Check for and install CLI updates |
+| `journal on/off/status` | Toggle journal mode (full content capture) |
+| `e2e on/off/status/recover/release` | Manage personal E2E encryption keys |
+| `extension pair/status/install` | Browser extension pairing |
+| `proxy start/stop/status/cert` | Local AI API proxy (deep capture) |
+| `update [--auto/--no-auto]` | Check for and install CLI updates |
+| `lock [--purge]` | Destroy local encryption key (recoverable) |
+| `uninstall [--keep-sessions]` | Remove all hooks, data, and config |
 ## Privacy & Consent
@@ -292,6 +298,25 @@ methodproof start
 **Git commits** are detected automatically — only commits in a git repo rooted at (or above) the watch directory are captured.
+## Local Development
+Push sessions to a local API for testing:
+```bash
+# One-time: login to your local API
+mp login --api-url http://localhost:8000
+# Push with --local flag (overrides stored URL for this command)
+mp push --local
+# Or set the env var (works with any command)
+METHODPROOF_API_URL=http://localhost:8000 mp push
+```
+`--local` is a shorthand for `http://localhost:8000`. It does not clobber your production token — it only overrides the API URL for that invocation.
+You still need a valid JWT from the local API. Run `mp login --api-url http://localhost:8000` once to authenticate against your local platform.
 ## Data Directory
 `~/.methodproof/`

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/__init__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """MethodProof — see how you code."""
-__version__ = "0.7.4"
+__version__ = "0.7.6"

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/analysis.py RENAMED Viewed

@@ -606,8 +606,9 @@ def compute_outcomes(session_id: str) -> dict[str, Any]:
         if e["type"] not in prompt_types:
             continue
         try:
-            meta = json.loads(e["metadata"])
-        except (json.JSONDecodeError, TypeError) as exc:
+            from methodproof.store import _decompress_meta
+            meta = _decompress_meta(e["metadata"])
+        except (json.JSONDecodeError, TypeError, Exception) as exc:
             _warn("analysis.metadata_parse_failed", event_id=e["id"] if hasattr(e, "__getitem__") else "?", error=str(exc))
             continue
         intent = meta.get("sa_intent")

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/cli.py RENAMED Viewed

@@ -466,6 +466,7 @@ def _print_commands() -> None:
     print(f"    {_G}mp start --live{R}        Stream your graph privately (only you can view)")
     print(f"    {_G}mp start --live-public{R} Stream your graph publicly (shareable link)")
     print(f"    {_G}mp start --journal{R}    Full content capture (2 free credits, then Pro)")
+    print(f"    {_G}mp start --e2e{R}         Encrypt session with your personal key {_D}(Pro){R}")
     print(f"    {_G}mp journal on{R}         Enable persistent journal mode")
     print(f"    {_G}mp journal status{R}     Check journal mode and remaining credits")
     print()
@@ -476,15 +477,29 @@ def _print_commands() -> None:
     print()
     print(f"  {_W}SHARE{R}")
     print(f"    {_Y}mp push{R}  {_D}[id]{R}          Upload privately to your account")
+    print(f"    {_Y}mp push --local{R}        Push to local dev API {_D}(localhost:8000){R}")
     print(f"    {_Y}mp publish{R} {_D}[id]{R}        Make session public (redaction applied)")
     print(f"    {_Y}mp publish --anonymous{R}  Public but identity hidden {_D}(Pro){R}")
     print(f"    {_Y}mp tag{R} {_D}<id> <tags>{R}     Tag a session")
     print()
+    print(f"  {_W}ENCRYPTION{R}")
+    print(f"    {_C}mp e2e on{R}              Enable E2E encryption (generates key on first use)")
+    print(f"    {_C}mp e2e off{R}             Disable E2E mode (key stays in keychain)")
+    print(f"    {_C}mp e2e status{R}          Show E2E mode and key status")
+    print(f"    {_C}mp e2e recover{R}         Recover key from recovery passphrase")
+    print(f"    {_C}mp e2e release{R} {_D}<id>{R}   Release a session from E2E encryption")
+    print()
     print(f"  {_W}EXTENSION{R}")
     print(f"    {_C}mp extension pair{R}      Pair browser extension to active session")
     print(f"    {_C}mp extension status{R}    Check extension connection")
     print(f"    {_C}mp extension install{R}   Open Chrome Web Store")
     print()
+    print(f"  {_W}PROXY{R}")
+    print(f"    {_C}mp proxy start{R}         Start local AI API proxy {_D}(deep capture){R}")
+    print(f"    {_C}mp proxy stop{R}          Stop proxy")
+    print(f"    {_C}mp proxy status{R}        Show proxy status")
+    print(f"    {_C}mp proxy cert{R}          CA certificate install instructions")
+    print()
     print(f"  {_W}ACCOUNT{R}")
     print(f"    {_M}mp login{R}              Connect to platform (opens browser)")
     print(f"    {_M}mp consent{R}            Change capture, research, and redaction settings")
@@ -497,6 +512,9 @@ def _print_commands() -> None:
     print(f"    {_M}mp update --no-auto{R}   Toggle auto-update off")
     print(f"    {_M}mp uninstall{R}           Remove all hooks, data, and config")
     print()
+    print(f"  {_W}ENVIRONMENT{R}")
+    print(f"    {_D}METHODPROOF_API_URL{R}    Override API endpoint {_D}(e.g. http://localhost:8000){R}")
+    print()
     print(f"  {_D}To view this at any time run: mp help{R}\n")
@@ -504,7 +522,12 @@ def _print_commands_plain() -> None:
     print("  RECORD")
     print("    mp start              Start recording a session")
     print("    mp stop               Stop recording, build process graph")
-    print("    mp start --live       Stream your graph in real time")
+    print("    mp start --live       Stream your graph privately")
+    print("    mp start --live-public  Stream your graph publicly (shareable link)")
+    print("    mp start --journal    Full content capture (2 free credits, then Pro)")
+    print("    mp start --e2e        Encrypt session with your personal key (Pro)")
+    print("    mp journal on         Enable persistent journal mode")
+    print("    mp journal status     Check journal mode and remaining credits")
     print()
     print("  REVIEW")
     print("    mp view  [id]         View session graph in browser")
@@ -513,15 +536,29 @@ def _print_commands_plain() -> None:
     print()
     print("  SHARE")
     print("    mp push  [id]         Upload privately to your account")
+    print("    mp push --local       Push to local dev API (localhost:8000)")
     print("    mp publish [id]       Make session public (redaction applied)")
     print("    mp publish --anonymous  Public but identity hidden (Pro)")
     print("    mp tag <id> <tags>    Tag a session")
     print()
+    print("  ENCRYPTION")
+    print("    mp e2e on             Enable E2E encryption (generates key on first use)")
+    print("    mp e2e off            Disable E2E mode (key stays in keychain)")
+    print("    mp e2e status         Show E2E mode and key status")
+    print("    mp e2e recover        Recover key from recovery passphrase")
+    print("    mp e2e release <id>   Release a session from E2E encryption")
+    print()
     print("  EXTENSION")
     print("    mp extension pair     Pair browser extension to active session")
     print("    mp extension status   Check extension connection")
     print("    mp extension install  Open Chrome Web Store")
     print()
+    print("  PROXY")
+    print("    mp proxy start        Start local AI API proxy (deep capture)")
+    print("    mp proxy stop         Stop proxy")
+    print("    mp proxy status       Show proxy status")
+    print("    mp proxy cert         CA certificate install instructions")
+    print()
     print("  ACCOUNT")
     print("    mp login              Connect to platform (opens browser)")
     print("    mp consent            Change capture, research, and redaction settings")
@@ -534,6 +571,9 @@ def _print_commands_plain() -> None:
     print("    mp update --no-auto   Toggle auto-update off")
     print("    mp uninstall          Remove all hooks, data, and config")
     print()
+    print("  ENVIRONMENT")
+    print("    METHODPROOF_API_URL   Override API endpoint (e.g. http://localhost:8000)")
+    print()
     print("  To view this at any time run: mp help\n")

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/graph.py RENAMED Viewed

@@ -5,7 +5,7 @@ import time
 import uuid
 from typing import Any
-from methodproof.store import _db
+from methodproof.store import _compress_meta, _db, _decompress_meta
 def build(session_id: str) -> dict[str, int]:
@@ -53,7 +53,7 @@ def build(session_id: str) -> dict[str, int]:
     # Resources
     for e in events:
-        meta = json.loads(e["metadata"])
+        meta = _decompress_meta(e["metadata"])
         if e["type"] in ("llm_prompt", "llm_completion") and "model" in meta:
             _ensure_resource(db, "llm_model", meta["model"])
             stats["resources"] += 1
@@ -63,7 +63,7 @@ def build(session_id: str) -> dict[str, int]:
     # Artifacts
     for e in events:
-        meta = json.loads(e["metadata"])
+        meta = _decompress_meta(e["metadata"])
         if e["type"] in ("file_create", "file_edit") and "path" in meta:
             _ensure_artifact(db, meta["path"], meta.get("size", 0))
             stats["artifacts"] += 1
@@ -84,7 +84,7 @@ def build(session_id: str) -> dict[str, int]:
                 "(id, session_id, type, timestamp, duration_ms, metadata) "
                 "VALUES (?, ?, ?, ?, ?, ?)",
                 (uuid.uuid4().hex, session_id, "prompt_outcomes",
-                 time.time(), 0, json.dumps(outcomes)),
+                 time.time(), 0, _compress_meta(outcomes)),
             )
             stats["outcomes"] = 1
     except Exception as exc:
@@ -100,7 +100,7 @@ def _link(
     rel: str, window_sec: int, match_model: bool = False,
 ) -> int:
     model_clause = (
-        "AND json_extract(s.metadata, '$.model') = json_extract(t.metadata, '$.model')"
+        "AND json_extract(mp_json(s.metadata), '$.model') = json_extract(mp_json(t.metadata), '$.model')"
         if match_model else ""
     )
     sql = f"""
@@ -123,9 +123,9 @@ def _link_pasted(db: object, sid: str) -> int:
     FROM events s JOIN events t ON t.session_id = s.session_id
     WHERE s.session_id = ? AND s.type = 'browser_copy' AND t.type = 'file_edit'
       AND t.timestamp > s.timestamp AND (t.timestamp - s.timestamp) <= 30
-      AND abs(json_extract(t.metadata, '$.lines_added') * 40.0
-            - json_extract(s.metadata, '$.text_length'))
-          < json_extract(s.metadata, '$.text_length') * 0.2
+      AND abs(json_extract(mp_json(t.metadata), '$.lines_added') * 40.0
+            - json_extract(mp_json(s.metadata), '$.text_length'))
+          < json_extract(mp_json(s.metadata), '$.text_length') * 0.2
     """
     return db.execute(sql, (sid,)).rowcount
@@ -135,20 +135,20 @@ def _link_action_resources(db: object, sid: str) -> None:
     db.execute("""
     INSERT OR IGNORE INTO action_resources (action_id, resource_id, relation_type, metadata)
     SELECT e.id, r.id, 'SENT_TO', '{}'
-    FROM events e JOIN resources r ON r.identifier = json_extract(e.metadata, '$.model')
+    FROM events e JOIN resources r ON r.identifier = json_extract(mp_json(e.metadata), '$.model')
     WHERE e.session_id = ? AND e.type = 'llm_prompt' AND r.type = 'llm_model'
     """, (sid,))
     db.execute("""
     INSERT OR IGNORE INTO action_resources (action_id, resource_id, relation_type, metadata)
     SELECT e.id, r.id, 'CONSUMED', '{}'
-    FROM events e JOIN resources r ON r.identifier = json_extract(e.metadata, '$.model')
+    FROM events e JOIN resources r ON r.identifier = json_extract(mp_json(e.metadata), '$.model')
     WHERE e.session_id = ? AND e.type = 'llm_completion' AND r.type = 'llm_model'
     """, (sid,))
     # Agent gateway links
     db.execute("""
     INSERT OR IGNORE INTO action_resources (action_id, resource_id, relation_type, metadata)
     SELECT e.id, r.id, 'SENT_TO', '{}'
-    FROM events e JOIN resources r ON r.identifier = json_extract(e.metadata, '$.gateway')
+    FROM events e JOIN resources r ON r.identifier = json_extract(mp_json(e.metadata), '$.gateway')
     WHERE e.session_id = ? AND e.type = 'agent_prompt' AND r.type = 'agent_gateway'
     """, (sid,))
@@ -158,13 +158,13 @@ def _link_action_artifacts(db: object, sid: str) -> None:
     db.execute("""
     INSERT OR IGNORE INTO action_artifacts (action_id, artifact_id, relation_type)
     SELECT e.id, a.id, 'PRODUCED'
-    FROM events e JOIN artifacts a ON a.path = json_extract(e.metadata, '$.path')
+    FROM events e JOIN artifacts a ON a.path = json_extract(mp_json(e.metadata), '$.path')
     WHERE e.session_id = ? AND e.type = 'file_create'
     """, (sid,))
     db.execute("""
     INSERT OR IGNORE INTO action_artifacts (action_id, artifact_id, relation_type)
     SELECT e.id, a.id, 'MODIFIED'
-    FROM events e JOIN artifacts a ON a.path = json_extract(e.metadata, '$.path')
+    FROM events e JOIN artifacts a ON a.path = json_extract(mp_json(e.metadata), '$.path')
     WHERE e.session_id = ? AND e.type = 'file_edit'
     """, (sid,))

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/migrate_db.py RENAMED Viewed

@@ -1,9 +1,8 @@
 """Encrypt existing plaintext events in local DB after key setup."""
-import json
 from methodproof import store
 from methodproof.crypto import SENSITIVE_FIELDS, encrypt_field
+from methodproof.store import _compress_meta, _decompress_meta
 def migrate_encrypt(db_key: bytes) -> int:
@@ -18,7 +17,7 @@ def migrate_encrypt(db_key: bytes) -> int:
     encrypted = 0
     batch = []
     for row in rows:
-        meta = json.loads(row["metadata"])
+        meta = _decompress_meta(row["metadata"])
         changed = False
         for field in SENSITIVE_FIELDS:
             val = meta.get(field)
@@ -26,7 +25,7 @@ def migrate_encrypt(db_key: bytes) -> int:
                 meta[field] = encrypt_field(val, db_key)
                 changed = True
         if changed:
-            batch.append((json.dumps(meta), row["id"]))
+            batch.append((_compress_meta(meta), row["id"]))
             encrypted += 1
         if len(batch) >= 500:
             _flush_batch(db, batch)

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/store.py RENAMED Viewed

@@ -4,6 +4,7 @@ import json
 import sqlite3
 import time
 import uuid
+import zlib
 from typing import Any
 from methodproof import config
@@ -62,12 +63,25 @@ CREATE TABLE IF NOT EXISTS action_artifacts (
 _conn: sqlite3.Connection | None = None
+def _sqlite_decompress(raw: bytes | str | None) -> str | None:
+    """SQLite UDF: decompress zlib BLOBs to JSON text for json_extract()."""
+    if raw is None:
+        return None
+    if isinstance(raw, bytes):
+        try:
+            return zlib.decompress(raw).decode()
+        except zlib.error:
+            return raw.decode() if raw else "{}"
+    return raw
 def _db() -> sqlite3.Connection:
     global _conn
     if _conn is None:
         _conn = sqlite3.connect(str(config.DB_PATH), check_same_thread=False, timeout=10)
         _conn.execute("PRAGMA journal_mode=WAL")
         _conn.row_factory = sqlite3.Row
+        _conn.create_function("mp_json", 1, _sqlite_decompress)
     return _conn
@@ -113,9 +127,30 @@ def _migrate() -> None:
         db.execute("DELETE FROM action_artifacts")
         db.execute("DELETE FROM artifacts WHERE rowid NOT IN (SELECT MIN(rowid) FROM artifacts GROUP BY path)")
         db.execute("CREATE UNIQUE INDEX IF NOT EXISTS idx_artifacts_path ON artifacts(path)")
+    # Compress legacy uncompressed metadata (TEXT → zlib BLOB)
+    _migrate_compress_metadata(db)
     db.commit()
+def _migrate_compress_metadata(db: sqlite3.Connection) -> None:
+    """Silently compress any uncompressed TEXT metadata rows to zlib BLOBs."""
+    rows = db.execute("SELECT id, metadata FROM events WHERE typeof(metadata) = 'text'").fetchall()
+    if not rows:
+        return
+    batch, skipped = [], 0
+    for r in rows:
+        try:
+            compressed = zlib.compress(r["metadata"].encode())
+            batch.append((compressed, r["id"]))
+        except Exception:
+            skipped += 1
+    if batch:
+        db.executemany("UPDATE events SET metadata = ? WHERE id = ?", batch)
+    if skipped:
+        import sys
+        sys.stderr.write(f"[methodproof] migration: compressed {len(batch)} events, skipped {skipped}\n")
 def create_session(
     session_id: str, watch_dir: str,
     repo_url: str | None = None, tags: str = "[]", visibility: str = "private",
@@ -142,14 +177,27 @@ def complete_session(session_id: str) -> None:
     db.commit()
+def _compress_meta(meta: dict[str, Any]) -> bytes:
+    return zlib.compress(json.dumps(meta, default=str).encode())
+def _decompress_meta(raw: bytes | str) -> dict[str, Any]:
+    if isinstance(raw, str):
+        return json.loads(raw)
+    try:
+        return json.loads(zlib.decompress(raw))
+    except zlib.error:
+        return json.loads(raw)
 def insert_events(session_id: str, events: list[dict[str, Any]]) -> None:
     db = _db()
     rows = []
     for e in events:
         try:
-            meta = json.dumps(e.get("metadata", {}), default=str)
+            meta = _compress_meta(e.get("metadata", {}))
         except (TypeError, ValueError):
-            meta = "{}"
+            meta = _compress_meta({})
         rows.append((
             e["id"], session_id, e["type"], e["timestamp"],
             e.get("duration_ms", 0), meta,
@@ -176,7 +224,12 @@ def get_events(session_id: str) -> list[dict[str, Any]]:
         "SELECT * FROM events WHERE session_id = ? ORDER BY timestamp",
         (session_id,),
     ).fetchall()
-    return [dict(r) for r in rows]
+    result = []
+    for r in rows:
+        d = dict(r)
+        d["metadata"] = json.dumps(_decompress_meta(d["metadata"]))
+        result.append(d)
+    return result
 def get_graph(session_id: str) -> dict[str, Any]:
@@ -184,7 +237,7 @@ def get_graph(session_id: str) -> dict[str, Any]:
     events = get_events(session_id)
     nodes = [{"id": e["id"], "type": "Action", "label": e["type"],
               "properties": {"timestamp": e["timestamp"], "duration_ms": e["duration_ms"],
-                             "metadata": json.loads(e["metadata"])}}
+                             "metadata": _decompress_meta(e["metadata"])}}
              for e in events]
     edges = []

{methodproof-0.7.4 → methodproof-0.7.6}/methodproof/sync.py RENAMED Viewed

@@ -1,5 +1,6 @@
 """Push local sessions to the MethodProof platform."""
+import gzip
 import json
 import urllib.error
 import urllib.request
@@ -30,8 +31,13 @@ def _raw_request(
     method: str, url: str, token: str,
     body: dict[str, Any] | None = None,
 ) -> dict[str, Any]:
-    data = json.dumps(body).encode() if body else None
+    if body is not None:
+        data = gzip.compress(json.dumps(body).encode())
+    else:
+        data = None
     headers = {"Content-Type": "application/json", "Authorization": f"Bearer {token}"}
+    if data is not None:
+        headers["Content-Encoding"] = "gzip"
     req = urllib.request.Request(url, data=data, headers=headers, method=method)
     with urllib.request.urlopen(req, timeout=15) as resp:
         return json.loads(resp.read())

{methodproof-0.7.4 → methodproof-0.7.6}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "methodproof"
-version = "0.7.4"
+version = "0.7.6"
 description = "See how you code. Capture and visualize your engineering process."
 requires-python = ">=3.11"
 dependencies = ["watchdog>=4.0", "websocket-client>=1.7", "cryptography>=43.0", "keyring>=25.0"]

{methodproof-0.7.4 → methodproof-0.7.6}/tests/test_security.py RENAMED Viewed

@@ -106,10 +106,12 @@ def test_bip39_known_vector():
 def test_bip39_bad_checksum():
-    phrase = entropy_to_phrase(os.urandom(16))
+    # Use fixed entropy so the checksum corruption is deterministic
+    phrase = entropy_to_phrase(b"\x00" * 16)
     words = phrase.split()
-    words[-1] = words[0]  # corrupt checksum
-    with pytest.raises(ValueError, match="checksum|Unknown"):
+    # Flip the last word to a word that changes the checksum bits
+    words[-1] = "zone"
+    with pytest.raises(ValueError, match="checksum"):
         phrase_to_entropy(" ".join(words))
@@ -257,7 +259,8 @@ def test_migrate_encrypts_plaintext():
     count = migrate_encrypt(key)
     assert count == 1
     row = store._db().execute("SELECT metadata FROM events WHERE id = 'e1'").fetchone()
-    assert "e2e:v1:" in json.loads(row["metadata"])["prompt_text"]
+    meta = store._decompress_meta(row["metadata"])
+    assert "e2e:v1:" in meta["prompt_text"]
 def test_migrate_idempotent():