methodproof 0.7.5__tar.gz → 0.7.7__tar.gz

{methodproof-0.7.5 → methodproof-0.7.7}/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [0.7.6] — 2026-04-08
+
+### Added
+- **Metadata compression** — event metadata stored as zlib-compressed BLOBs in SQLite (~80% storage reduction for journal-mode sessions). Existing uncompressed rows are silently migrated on next startup.
+- **Gzip transfer encoding** — `mp push` sends gzip-compressed request bodies to the platform. Reduces upload bandwidth ~70% for large batches.
+
 ## [0.7.1] — 2026-04-07
 
 ### Fixed

{methodproof-0.7.5 → methodproof-0.7.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: methodproof
-Version: 0.7.5
+Version: 0.7.7
 Summary: See how you code. Capture and visualize your engineering process.
 License-Expression: Apache-2.0
 License-File: LICENSE
@@ -60,7 +60,7 @@ methodproof view      # explore your session in the browser
 - **Environment profiling** — structural analysis of your AI dev environment (instruction files, tool counts, MCP servers) captured at session start
 - **Outcome metrics** — first-shot apply rate, follow-up sequences, phase transitions computed at session end
 - **Granular consent** — 10 standard capture categories + 1 premium, each independently toggled. Nothing records without your opt-in
-- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`. No network calls unless you choose
+- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`, zlib-compressed metadata. No network calls unless you choose
 - **Live streaming** — `methodproof start --live` streams events to the platform in real-time over WebSocket
 - **Integrity verification** — hash-chained events + Ed25519 attestation prove sessions haven't been tampered with
 - **E2E encryption** — optional company-held AES-256-GCM encryption the platform cannot decrypt
@@ -99,7 +99,7 @@ flowchart TB
             CHAIN --> BUF["Batched Flush"]
         end
 
-        BUF --> DB[("SQLite WAL")]
+        BUF -->|"zlib compress"| DB[("SQLite WAL")]
         BUF -.->|"--live"| WS["WebSocket Stream"]
 
         subgraph KEYS["Key Vault"]
@@ -115,7 +115,7 @@ flowchart TB
 
     subgraph PUSH["PUSH PROTOCOL"]
         direction TB
-        DB --> BATCH["Batched Upload"]
+        DB -->|"gzip"| BATCH["Batched Upload"]
         BATCH --> BIND["Session Binding: HMAC over session metadata"]
         BIND --> SIGN["Ed25519 Sign: session summary"]
     end

{methodproof-0.7.5 → methodproof-0.7.7}/README.md

@@ -45,7 +45,7 @@ methodproof view      # explore your session in the browser
 - **Environment profiling** — structural analysis of your AI dev environment (instruction files, tool counts, MCP servers) captured at session start
 - **Outcome metrics** — first-shot apply rate, follow-up sequences, phase transitions computed at session end
 - **Granular consent** — 10 standard capture categories + 1 premium, each independently toggled. Nothing records without your opt-in
-- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`. No network calls unless you choose
+- **Local-first** — SQLite database at `~/.methodproof/`, `chmod 600`, zlib-compressed metadata. No network calls unless you choose
 - **Live streaming** — `methodproof start --live` streams events to the platform in real-time over WebSocket
 - **Integrity verification** — hash-chained events + Ed25519 attestation prove sessions haven't been tampered with
 - **E2E encryption** — optional company-held AES-256-GCM encryption the platform cannot decrypt
@@ -84,7 +84,7 @@ flowchart TB
             CHAIN --> BUF["Batched Flush"]
         end
 
-        BUF --> DB[("SQLite WAL")]
+        BUF -->|"zlib compress"| DB[("SQLite WAL")]
         BUF -.->|"--live"| WS["WebSocket Stream"]
 
         subgraph KEYS["Key Vault"]
@@ -100,7 +100,7 @@ flowchart TB
 
     subgraph PUSH["PUSH PROTOCOL"]
         direction TB
-        DB --> BATCH["Batched Upload"]
+        DB -->|"gzip"| BATCH["Batched Upload"]
         BATCH --> BIND["Session Binding: HMAC over session metadata"]
         BIND --> SIGN["Ed25519 Sign: session summary"]
     end

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/__init__.py

@@ -1,3 +1,3 @@
 """MethodProof — see how you code."""
 
-__version__ = "0.7.5"
+__version__ = "0.7.7"

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/analysis.py

@@ -606,8 +606,9 @@ def compute_outcomes(session_id: str) -> dict[str, Any]:
         if e["type"] not in prompt_types:
             continue
         try:
-            meta = json.loads(e["metadata"])
-        except (json.JSONDecodeError, TypeError) as exc:
+            from methodproof.store import _decompress_meta
+            meta = _decompress_meta(e["metadata"])
+        except (json.JSONDecodeError, TypeError, Exception) as exc:
             _warn("analysis.metadata_parse_failed", event_id=e["id"] if hasattr(e, "__getitem__") else "?", error=str(exc))
             continue
         intent = meta.get("sa_intent")

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/cli.py

@@ -1293,6 +1293,89 @@ def cmd_log(args: argparse.Namespace) -> None:
         print(f"  {s['id'][:8]}  {dt}  {dur}  {s['total_events']} events{suffix}")
 
 
+def cmd_status(args: argparse.Namespace) -> None:
+    """Show auth, session, and config status at a glance."""
+    from methodproof import __version__
+    cfg = config.load()
+    token = cfg.get("token", "")
+    claims = _decode_jwt_claims(token) if token else {}
+    sessions = store.list_sessions()
+    active = cfg.get("active_session")
+    capture = cfg.get("capture", {})
+    enabled = [k for k, v in capture.items() if v]
+
+    print(f"\n  methodproof v{__version__}")
+    print(f"  api: {cfg.get('api_url', '—')}\n")
+
+    # Auth
+    if not token:
+        print("  auth: not signed in")
+    else:
+        account_id = claims.get("user_id", "—")
+        role = claims.get("role", "—")
+        acct_type = claims.get("account_type", "—")
+        exp = claims.get("exp", 0)
+        if exp and time.time() > exp:
+            expiry = "expired"
+        elif exp:
+            remaining = int(exp - time.time())
+            hours = remaining // 3600
+            mins = (remaining % 3600) // 60
+            expiry = f"{hours}h {mins}m remaining"
+        else:
+            expiry = "unknown"
+        print(f"  auth: signed in")
+        print(f"  account: {account_id[:8]}...{account_id[-4:]}")
+        print(f"  role: {role}  |  type: {acct_type}  |  token: {expiry}")
+        if claims.get("is_superadmin"):
+            print("  superadmin: yes")
+
+    # Session
+    print()
+    if active:
+        sess = store.get_session(active)
+        if sess:
+            dt = datetime.fromtimestamp(sess["created_at"], tz=UTC).strftime("%H:%M")
+            print(f"  session: RECORDING  {active[:8]}  started {dt}  ({sess['total_events']} events)")
+        else:
+            print(f"  session: RECORDING  {active[:8]}")
+    else:
+        print("  session: idle")
+
+    # Local sessions
+    total = len(sessions)
+    unsynced = len([s for s in sessions if not s["synced"] and s.get("completed_at") and s["total_events"] > 0])
+    print(f"  local: {total} session{'s' if total != 1 else ''}", end="")
+    if unsynced:
+        print(f"  ({unsynced} unsynced)")
+    else:
+        print()
+
+    # Capture config
+    print(f"\n  consent: {len(enabled)}/11 categories")
+    full_spectrum = len(enabled) >= 10
+    if full_spectrum:
+        print("  spectrum: FULL")
+
+    # Modes
+    modes = []
+    if cfg.get("journal_mode"):
+        credits = cfg.get("journal_credits", 0)
+        modes.append(f"journal ({credits} credits)")
+    if cfg.get("e2e_mode"):
+        fp = cfg.get("e2e_fingerprint", "")
+        modes.append(f"e2e ({fp[:8]})" if fp else "e2e")
+    if modes:
+        print(f"  modes: {' | '.join(modes)}")
+
+    # Research
+    if cfg.get("research_consent"):
+        level = cfg.get("contribution_level", "structural")
+        print(f"  research: opted in ({level})")
+
+    print()
+
+
 def cmd_logout(args: argparse.Namespace) -> None:
     """Clear login credentials only. Keeps consent, sessions, and hooks."""
     cfg = config.load()
@@ -1779,6 +1862,7 @@ def main() -> None:
     v = sub.add_parser("view", help="Inspect captured session data")
     v.add_argument("session_id", nargs="?")
     sub.add_parser("log", help="List sessions")
+    sub.add_parser("status", help="Auth, session, and config status")
     l = sub.add_parser("login", help="Connect to platform")
     l.add_argument("--api-url")
     l.add_argument("--force", "-f", action="store_true", help="Skip switch-account prompt")
@@ -1843,7 +1927,8 @@ def main() -> None:
     args = p.parse_args()
     cmds = {
         "init": cmd_init, "start": cmd_start, "stop": cmd_stop,
-        "view": cmd_view, "log": cmd_log, "login": cmd_login, "logout": cmd_logout,
+        "view": cmd_view, "log": cmd_log, "status": cmd_status,
+        "login": cmd_login, "logout": cmd_logout,
         "push": cmd_push, "tag": cmd_tag, "publish": cmd_publish,
         "delete": cmd_delete, "review": cmd_review, "consent": cmd_consent,
         "update": cmd_update, "lock": cmd_lock, "reset": cmd_reset, "uninstall": cmd_uninstall,

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/graph.py

@@ -5,7 +5,7 @@ import time
 import uuid
 from typing import Any
 
-from methodproof.store import _db
+from methodproof.store import _compress_meta, _db, _decompress_meta
 
 
 def build(session_id: str) -> dict[str, int]:
@@ -53,7 +53,7 @@ def build(session_id: str) -> dict[str, int]:
 
     # Resources
     for e in events:
-        meta = json.loads(e["metadata"])
+        meta = _decompress_meta(e["metadata"])
         if e["type"] in ("llm_prompt", "llm_completion") and "model" in meta:
             _ensure_resource(db, "llm_model", meta["model"])
             stats["resources"] += 1
@@ -63,7 +63,7 @@ def build(session_id: str) -> dict[str, int]:
 
     # Artifacts
     for e in events:
-        meta = json.loads(e["metadata"])
+        meta = _decompress_meta(e["metadata"])
         if e["type"] in ("file_create", "file_edit") and "path" in meta:
             _ensure_artifact(db, meta["path"], meta.get("size", 0))
             stats["artifacts"] += 1
@@ -84,7 +84,7 @@ def build(session_id: str) -> dict[str, int]:
                 "(id, session_id, type, timestamp, duration_ms, metadata) "
                 "VALUES (?, ?, ?, ?, ?, ?)",
                 (uuid.uuid4().hex, session_id, "prompt_outcomes",
-                 time.time(), 0, json.dumps(outcomes)),
+                 time.time(), 0, _compress_meta(outcomes)),
             )
             stats["outcomes"] = 1
     except Exception as exc:
@@ -100,7 +100,7 @@ def _link(
     rel: str, window_sec: int, match_model: bool = False,
 ) -> int:
     model_clause = (
-        "AND json_extract(s.metadata, '$.model') = json_extract(t.metadata, '$.model')"
+        "AND json_extract(mp_json(s.metadata), '$.model') = json_extract(mp_json(t.metadata), '$.model')"
         if match_model else ""
     )
     sql = f"""
@@ -123,9 +123,9 @@ def _link_pasted(db: object, sid: str) -> int:
     FROM events s JOIN events t ON t.session_id = s.session_id
     WHERE s.session_id = ? AND s.type = 'browser_copy' AND t.type = 'file_edit'
       AND t.timestamp > s.timestamp AND (t.timestamp - s.timestamp) <= 30
-      AND abs(json_extract(t.metadata, '$.lines_added') * 40.0
-            - json_extract(s.metadata, '$.text_length'))
-          < json_extract(s.metadata, '$.text_length') * 0.2
+      AND abs(json_extract(mp_json(t.metadata), '$.lines_added') * 40.0
+            - json_extract(mp_json(s.metadata), '$.text_length'))
+          < json_extract(mp_json(s.metadata), '$.text_length') * 0.2
     """
     return db.execute(sql, (sid,)).rowcount
 
@@ -135,20 +135,20 @@ def _link_action_resources(db: object, sid: str) -> None:
     db.execute("""
     INSERT OR IGNORE INTO action_resources (action_id, resource_id, relation_type, metadata)
     SELECT e.id, r.id, 'SENT_TO', '{}'
-    FROM events e JOIN resources r ON r.identifier = json_extract(e.metadata, '$.model')
+    FROM events e JOIN resources r ON r.identifier = json_extract(mp_json(e.metadata), '$.model')
     WHERE e.session_id = ? AND e.type = 'llm_prompt' AND r.type = 'llm_model'
     """, (sid,))
     db.execute("""
     INSERT OR IGNORE INTO action_resources (action_id, resource_id, relation_type, metadata)
     SELECT e.id, r.id, 'CONSUMED', '{}'
-    FROM events e JOIN resources r ON r.identifier = json_extract(e.metadata, '$.model')
+    FROM events e JOIN resources r ON r.identifier = json_extract(mp_json(e.metadata), '$.model')
     WHERE e.session_id = ? AND e.type = 'llm_completion' AND r.type = 'llm_model'
     """, (sid,))
     # Agent gateway links
     db.execute("""
     INSERT OR IGNORE INTO action_resources (action_id, resource_id, relation_type, metadata)
     SELECT e.id, r.id, 'SENT_TO', '{}'
-    FROM events e JOIN resources r ON r.identifier = json_extract(e.metadata, '$.gateway')
+    FROM events e JOIN resources r ON r.identifier = json_extract(mp_json(e.metadata), '$.gateway')
     WHERE e.session_id = ? AND e.type = 'agent_prompt' AND r.type = 'agent_gateway'
     """, (sid,))
 
@@ -158,13 +158,13 @@ def _link_action_artifacts(db: object, sid: str) -> None:
     db.execute("""
     INSERT OR IGNORE INTO action_artifacts (action_id, artifact_id, relation_type)
     SELECT e.id, a.id, 'PRODUCED'
-    FROM events e JOIN artifacts a ON a.path = json_extract(e.metadata, '$.path')
+    FROM events e JOIN artifacts a ON a.path = json_extract(mp_json(e.metadata), '$.path')
     WHERE e.session_id = ? AND e.type = 'file_create'
     """, (sid,))
     db.execute("""
     INSERT OR IGNORE INTO action_artifacts (action_id, artifact_id, relation_type)
     SELECT e.id, a.id, 'MODIFIED'
-    FROM events e JOIN artifacts a ON a.path = json_extract(e.metadata, '$.path')
+    FROM events e JOIN artifacts a ON a.path = json_extract(mp_json(e.metadata), '$.path')
     WHERE e.session_id = ? AND e.type = 'file_edit'
     """, (sid,))
 

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/migrate_db.py

@@ -1,9 +1,8 @@
 """Encrypt existing plaintext events in local DB after key setup."""
 
-import json
-
 from methodproof import store
 from methodproof.crypto import SENSITIVE_FIELDS, encrypt_field
+from methodproof.store import _compress_meta, _decompress_meta
 
 
 def migrate_encrypt(db_key: bytes) -> int:
@@ -18,7 +17,7 @@ def migrate_encrypt(db_key: bytes) -> int:
     encrypted = 0
     batch = []
     for row in rows:
-        meta = json.loads(row["metadata"])
+        meta = _decompress_meta(row["metadata"])
         changed = False
         for field in SENSITIVE_FIELDS:
             val = meta.get(field)
@@ -26,7 +25,7 @@ def migrate_encrypt(db_key: bytes) -> int:
                 meta[field] = encrypt_field(val, db_key)
                 changed = True
         if changed:
-            batch.append((json.dumps(meta), row["id"]))
+            batch.append((_compress_meta(meta), row["id"]))
             encrypted += 1
         if len(batch) >= 500:
             _flush_batch(db, batch)

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/store.py

@@ -4,6 +4,7 @@ import json
 import sqlite3
 import time
 import uuid
+import zlib
 from typing import Any
 
 from methodproof import config
@@ -62,12 +63,25 @@ CREATE TABLE IF NOT EXISTS action_artifacts (
 _conn: sqlite3.Connection | None = None
 
 
+def _sqlite_decompress(raw: bytes | str | None) -> str | None:
+    """SQLite UDF: decompress zlib BLOBs to JSON text for json_extract()."""
+    if raw is None:
+        return None
+    if isinstance(raw, bytes):
+        try:
+            return zlib.decompress(raw).decode()
+        except zlib.error:
+            return raw.decode() if raw else "{}"
+    return raw
+
+
 def _db() -> sqlite3.Connection:
     global _conn
     if _conn is None:
         _conn = sqlite3.connect(str(config.DB_PATH), check_same_thread=False, timeout=10)
         _conn.execute("PRAGMA journal_mode=WAL")
         _conn.row_factory = sqlite3.Row
+        _conn.create_function("mp_json", 1, _sqlite_decompress)
     return _conn
 
 
@@ -113,9 +127,30 @@ def _migrate() -> None:
         db.execute("DELETE FROM action_artifacts")
         db.execute("DELETE FROM artifacts WHERE rowid NOT IN (SELECT MIN(rowid) FROM artifacts GROUP BY path)")
         db.execute("CREATE UNIQUE INDEX IF NOT EXISTS idx_artifacts_path ON artifacts(path)")
+    # Compress legacy uncompressed metadata (TEXT → zlib BLOB)
+    _migrate_compress_metadata(db)
     db.commit()
 
 
+def _migrate_compress_metadata(db: sqlite3.Connection) -> None:
+    """Silently compress any uncompressed TEXT metadata rows to zlib BLOBs."""
+    rows = db.execute("SELECT id, metadata FROM events WHERE typeof(metadata) = 'text'").fetchall()
+    if not rows:
+        return
+    batch, skipped = [], 0
+    for r in rows:
+        try:
+            compressed = zlib.compress(r["metadata"].encode())
+            batch.append((compressed, r["id"]))
+        except Exception:
+            skipped += 1
+    if batch:
+        db.executemany("UPDATE events SET metadata = ? WHERE id = ?", batch)
+    if skipped:
+        import sys
+        sys.stderr.write(f"[methodproof] migration: compressed {len(batch)} events, skipped {skipped}\n")
+
+
 def create_session(
     session_id: str, watch_dir: str,
     repo_url: str | None = None, tags: str = "[]", visibility: str = "private",
@@ -142,14 +177,27 @@ def complete_session(session_id: str) -> None:
     db.commit()
 
 
+def _compress_meta(meta: dict[str, Any]) -> bytes:
+    return zlib.compress(json.dumps(meta, default=str).encode())
+
+
+def _decompress_meta(raw: bytes | str) -> dict[str, Any]:
+    if isinstance(raw, str):
+        return json.loads(raw)
+    try:
+        return json.loads(zlib.decompress(raw))
+    except zlib.error:
+        return json.loads(raw)
+
+
 def insert_events(session_id: str, events: list[dict[str, Any]]) -> None:
     db = _db()
     rows = []
     for e in events:
         try:
-            meta = json.dumps(e.get("metadata", {}), default=str)
+            meta = _compress_meta(e.get("metadata", {}))
         except (TypeError, ValueError):
-            meta = "{}"
+            meta = _compress_meta({})
         rows.append((
             e["id"], session_id, e["type"], e["timestamp"],
             e.get("duration_ms", 0), meta,
@@ -176,7 +224,12 @@ def get_events(session_id: str) -> list[dict[str, Any]]:
         "SELECT * FROM events WHERE session_id = ? ORDER BY timestamp",
         (session_id,),
     ).fetchall()
-    return [dict(r) for r in rows]
+    result = []
+    for r in rows:
+        d = dict(r)
+        d["metadata"] = json.dumps(_decompress_meta(d["metadata"]))
+        result.append(d)
+    return result
 
 
 def get_graph(session_id: str) -> dict[str, Any]:
@@ -184,7 +237,7 @@ def get_graph(session_id: str) -> dict[str, Any]:
     events = get_events(session_id)
     nodes = [{"id": e["id"], "type": "Action", "label": e["type"],
               "properties": {"timestamp": e["timestamp"], "duration_ms": e["duration_ms"],
-                             "metadata": json.loads(e["metadata"])}}
+                             "metadata": _decompress_meta(e["metadata"])}}
              for e in events]
 
     edges = []

{methodproof-0.7.5 → methodproof-0.7.7}/methodproof/sync.py

@@ -1,5 +1,6 @@
 """Push local sessions to the MethodProof platform."""
 
+import gzip
 import json
 import urllib.error
 import urllib.request
@@ -30,8 +31,13 @@ def _raw_request(
     method: str, url: str, token: str,
     body: dict[str, Any] | None = None,
 ) -> dict[str, Any]:
-    data = json.dumps(body).encode() if body else None
+    if body is not None:
+        data = gzip.compress(json.dumps(body).encode())
+    else:
+        data = None
     headers = {"Content-Type": "application/json", "Authorization": f"Bearer {token}"}
+    if data is not None:
+        headers["Content-Encoding"] = "gzip"
     req = urllib.request.Request(url, data=data, headers=headers, method=method)
     with urllib.request.urlopen(req, timeout=15) as resp:
         return json.loads(resp.read())

{methodproof-0.7.5 → methodproof-0.7.7}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "methodproof"
-version = "0.7.5"
+version = "0.7.7"
 description = "See how you code. Capture and visualize your engineering process."
 requires-python = ">=3.11"
 dependencies = ["watchdog>=4.0", "websocket-client>=1.7", "cryptography>=43.0", "keyring>=25.0"]

{methodproof-0.7.5 → methodproof-0.7.7}/tests/test_security.py

@@ -106,10 +106,12 @@ def test_bip39_known_vector():
 
 
 def test_bip39_bad_checksum():
-    phrase = entropy_to_phrase(os.urandom(16))
+    # Use fixed entropy so the checksum corruption is deterministic
+    phrase = entropy_to_phrase(b"\x00" * 16)
     words = phrase.split()
-    words[-1] = words[0]  # corrupt checksum
-    with pytest.raises(ValueError, match="checksum|Unknown"):
+    # Flip the last word to a word that changes the checksum bits
+    words[-1] = "zone"
+    with pytest.raises(ValueError, match="checksum"):
         phrase_to_entropy(" ".join(words))
 
 
@@ -257,7 +259,8 @@ def test_migrate_encrypts_plaintext():
     count = migrate_encrypt(key)
     assert count == 1
     row = store._db().execute("SELECT metadata FROM events WHERE id = 'e1'").fetchone()
-    assert "e2e:v1:" in json.loads(row["metadata"])["prompt_text"]
+    meta = store._decompress_meta(row["metadata"])
+    assert "e2e:v1:" in meta["prompt_text"]
 
 
 def test_migrate_idempotent():