feat(enrichment): SBOM provenance & integrity-attestation analyzer (#…

[dale053]

Summary

• Adds a provenance analyzer to the review-enrichment service (REES) that detects two classes of supply-chain integrity risk the no-checkout reviewer cannot verify on their own:
  1. Attestation checks — newly-added npm and PyPI packages are queried for published SLSA/sigstore provenance via the npm registry attestations API and the PyPI simple repository JSON API (PEP 740). A package with no attestation was not built through a verifiable CI pipeline.
  2. Binary and vendored file detection — files added by the PR with binary extensions (.exe, .dll, .so, .jar, .wasm, etc.), vendored paths (vendor/, node_modules/, third-party/), or minified bundles (.min.js, .min.css) are flagged as artifacts without auditable source.

Both categories are rendered in the promptSection under distinct headings and appear in the structured findings.provenance array. The analyzer runs in parallel with the existing seven analyzers under the shared time budget, degrades safely on network errors (fail-safe: never flags when the check cannot be completed), and is bounded to 20 attestation round-trips and 30 total findings per brief.

Closes #1518

Scope

• The PR title follows type(scope): short summary Conventional Commit format, for example fix(api): restore profile access checks.
• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Validation

• git diff --check
• npm run actionlint
• npm run typecheck
• npm run test:coverage locally; codecov/patch requires ≥97% coverage of the lines AND branches you changed (aim for 98%+ on your diff so CI variance does not fail near the threshold). Global coverage is a non-blocking trend with a loose 90% backstop, not the gate.
• npm run test:workers
• npm run build:mcp
• npm run test:mcp-pack
• npm run ui:openapi:check
• npm run ui:lint
• npm run ui:typecheck
• npm run ui:build
• npm audit --audit-level=moderate
• New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

• npm run typecheck and npm run ui:typecheck report 28 and 5 pre-existing errors respectively (missing optional self-host packages: pg, ioredis, @sentry/node, @cloudflare/puppeteer, @testing-library/react). These errors are identical on main before this PR and are unrelated to the changes here. Zero new type errors introduced.
• All changes are confined to review-enrichment/ which is outside the main vitest coverage scope (src/**) and the Codecov include path. The enrichment test suite (node --test in review-enrichment/) runs 77 tests, all passing, with provenance.js at 98.31% branch coverage.

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
• Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests. — N/A: no auth/CORS/session changes.
• API/OpenAPI/MCP behavior is updated and tested where needed. — N/A: no API schema changes; the enrichment service is an internal analysis layer, not a public endpoint change.
• UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks. — N/A: no UI changes.
• Visible UI changes include a UI Evidence section below with JPG/JPEG or PNG screenshots. — N/A: no visible UI changes.
• Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

UI Evidence

N/A — no visible UI, frontend, docs, or extension changes.

Notes

• The analyzer never flags when a check cannot be completed (fail-safe by design): network errors, non-200 registry responses, or an abort signal all return true (attested / safe) so the enrichment brief never generates false positives from infrastructure noise.
• The npm attestations endpoint is https://registry.npmjs.org/-/npm/v1/attestations/<name>@<version>. A 404 is the unambiguous "no attestation" signal; any other non-ok response is treated as a failed check and suppressed.
• PyPI provenance uses Accept: application/vnd.pypi.simple.v1+json against the simple repository API (PEP 740). Only the specific version's distribution files are examined; if no file for that version is found, the check is suppressed (not flagged).
• Go and other ecosystems are skipped — no comparable public attestation API to query yet.

[gittensory-orb]

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review — held for maintainer review

5 files · 1 AI reviewers · no blockers · readiness 55/100 · CI green · unknown

⏸️ Held for maintainer review — Large change — held for manual review

Signal	Result	Evidence
Code review	✅ No blockers	1 reviewers, synthesized
Linked issue	✅ Linked	#1518
Related work	⚠️ 3 scoped overlaps	Top overlaps are listed below; lower-confidence bulk is hidden.
Review load	❌ 8/20	Readiness component derived from cached public PR metadata and labels; size label size:L.
Validation evidence	❌ 5/25	Cached preflight status is hold.
Open PR queue	❌ 3/10	21 open PR(s), 13 likely reviewable, 8 unlinked.
Contributor context	✅ Confirmed Gittensor contributor	dale053; Gittensor profile; 43 PR(s), 20 issue(s).
Gate result	⚠️ Not blocking	Advisory; not blocking this PR.

Nits — 2 non-blocking

• Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.
• Large change — held for manual review — Split this into smaller, focused PRs, or a maintainer reviews and merges it manually.

Review context

• Author: dale053
• Role context: outside_contributor
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: not available
• Official Gittensor activity: 43 PR(s), 20 issue(s).
• Related work: Titles/paths share 6 meaningful terms. (PR #1635)
• Related work: Items reference the same linked issue feat(enrichment): Image/binary asset weight delta #1506. (issue #1506, PR #1621)
• Related work: Items reference the same linked issue feat(enrichment): Revert-recurrence detector #1514. (issue #1514, PR #1687)
• Additional title-only matches omitted; title-only overlap does not block.

Contributor next steps

• Review top overlaps.
• Add scope summary.
• Fix blocker.
• Expect slower review.
• Refresh registry data or choose a registered active repo.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Review load = cached public PR metadata such as size labels, changed paths, and preflight status.
• Open PR queue = repo-wide review pressure; it is not a PR quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review

[superagent-security]

Superagent found 1 security concern(s).