Like everyone, I've been reviewing AI-generated code that compiles, passes its own tests, and doesn't run. So I built the thing I wanted: when an agent (or a human) claims work is done, the claim arrives as a receipt, the app was actually booted, supervised, and observed answering HTTP, and the evidence is written into an ed25519-signed attestation you can verify independently on any machine with npx bootproof verify. No account, no platform, no dashboard.
The problem
Every developer knows this loop:
git clone some/reponpm installnpm run dev
Then reality appears. Wrong Node version. Wrong pnpm version. Missing Java. Docker is running but the service is not healthy. The app starts but nothing responds. An AI agent confidently says "done" because a process started.
That is not proof.
A README can be useful, but it is not proof. A terminal command can be useful, but it is not proof. A model response can be useful, but it is not proof.
What BootProof does
BootProof separates activity from evidence.
Weak signal
What BootProof wants instead
command exited observed health
process started reachable endpoint
container running service actually responds
README says it works repo evidence + runtime proof
AI says it is done signed attestation
A failed run is still useful if it tells the truth:
✗ NOT VERIFIED — package_manager_version_mismatch
What happened:
The repository requires pnpm 10.24.0, but this environment has pnpm 9.15.4.
Why BootProof refused:
The dependency install cannot be trusted with the wrong package manager version.
Safe next step:
Run corepack enable && corepack prepare pnpm@10.24.0 --activate, then rerun BootProof.
Evidence:
.bootproof/attestation.json
Try the Living Receipt
The Living Receipt is the same evidence as the JSON attestation, rendered as a single self-contained HTML file that re-verifies its own ed25519 signature in your browser with zero network calls.
Download it, open it locally, then click Tamper with signature to watch the verdict collapse:
curl -sL https://github.com/bootproof/bootproof/raw/main/assets/living-receipt.html -o proof.bootproof.html
open proof.bootproof.html
If a single byte of the signed message is altered, the verdict collapses with the signature. That is the whole point: a green check that survives tampering would defeat the entire premise.
Receipt Gate: block AI PRs that don't run
Receipt Gate is a GitHub Action that blocks PR merges unless BootProof observes a real boot. No proof, no merge.
- uses: bootproof/receipt-gate@v1 with: path: . require-health: 'true'
Gate your AI agent directly — in .claude/settings.json, make the agent hand you a receipt every time it claims done:
json
{
"hooks": {
"Stop": [{
"hooks": [{
"type": "command",
"command": "npx -y bootproof@0.4.1 up . --provider local --unsafe-local --json --timeout 60000 > .bootproof-last.json; node -e \"const r=require('./.bootproof-last.json'); console.log(r.booted && r.healthVerified ? '✅ RECEIPT: work boots and answers' : '❌ NO RECEIPT: ' + (r.failureClass||'boot not observed'));\""
}]
}]
}
}
The agent finishes; the receipt (or its absence) prints before you review a single line.
The composed trust story
The tool that signs runtime proofs is itself published with signed build provenance. Build provenance from Sigstore covers how it was built; runtime proof from BootProof covers that it runs. Verify both ends.
npm view bootproof@0.4.1 dist.attestations
What it refuses to claim
The part I care most about is what it refuses to claim. No observed signal → no green check. A local receipt proves integrity-since-signing, not that the signing machine was honest — that's stated in the artifact itself, with a documented trust ladder (local_developer_signed → ci_oidc_signed → neutral_runner_signed → transparency_logged) as the upgrade path. A trust tool that overclaims is worse than no tool, so this one is deliberately conservative.
It's open source (Apache-2.0), and I'd genuinely value having it broken by this crowd.
Links:
GitHub: https://github.com/bootproof/bootproof
Receipt Gate on the GitHub Actions Marketplace: https://github.com/marketplace/actions/receipt-gate
npm: https://www.npmjs.com/package/bootproof
Top comments (0)