fix(resolver): require structured trust evidence

[jdx]

Summary

• require npm trusted-publisher evidence to include a structured non-empty id
• require provenance evidence to include an SLSA predicateType
• update trust policy docs and regenerated settings docs

Why

The trust downgrade policy previously treated arbitrary truthy registry values as trust evidence. That matched pnpm-style boolean checks, but it meant malformed or hostile packument metadata such as {} or "oidc" could satisfy aube's trust policy. This keeps the existing metadata-based policy but narrows the accepted shapes to the structured metadata npm emits after registry-side checks.

Validation

• cargo run -p aube-settings --bin generate-settings-docs
• cargo fmt --check
• cargo test -p aube-resolver trust::tests
• cargo test -p aube-registry provenance
• cargo clippy -p aube-resolver -p aube-registry --all-targets -- -D warnings

This pull request was generated by Codex.

---

Note

Medium Risk
Changes security enforcement logic for installs, which could newly reject packages with malformed/nonstandard registry metadata or alter downgrade decisions; behavior is well-covered by updated tests and docs.

Overview
Tightens trust-policy evidence detection so _npmUser.trustedPublisher only counts when it is an object with a non-empty id, and dist.attestations.provenance only counts when it is an object whose predicateType matches an SLSA provenance URI (e.g. https://slsa.dev/provenance/v1).

Updates resolver/unit tests and documentation/settings text to reflect the new structured-shape requirements and clarify that this is metadata validation (not cryptographic attestation verification).

^{Reviewed by Cursor Bugbot for commit e4a5bb0. Bugbot is set up for automated code reviews on this repo. Configure here.}

[greptile-apps]

Greptile Summary

This PR tightens trust-evidence validation in the no-downgrade trust policy by replacing JS-style truthiness checks with strict structural validation: _npmUser.trustedPublisher must be an object with a non-empty id string, and dist.attestations.provenance must be an object whose predicateType starts with https://slsa.dev/provenance/v followed by a digit. Documentation across lib.rs, settings.toml, security.md, and settings/index.md is updated consistently, including re-adding the "does not cryptographically verify the attestation bundle" caveat that was previously flagged as missing.

Confidence Score: 5/5

Safe to merge — logic is localized, well-tested, and previously-raised review concerns have been addressed.

No P0 or P1 findings. The is_provenance fix correctly closes the bare-prefix bypass raised in the prior thread (requires a digit after /v). The attestation-bundle caveat is re-added to all relevant docs. Tests cover all malformed shapes and the new structured happy-paths.

No files require special attention.

Important Files Changed

Filename	Overview
crates/aube-resolver/src/trust.rs	Core logic change: replaces JS-style is_truthy with is_trusted_publisher (requires object with non-empty id) and is_provenance (requires object with predicateType starting with https://slsa.dev/provenance/v[digit]); the is_provenance guard correctly closes the bare-prefix bypass flagged in a prior review thread.
crates/aube-resolver/src/tests.rs	Updates integration test provenance fixture from invalid "slsa" string to well-formed SLSA URI; consistent with new is_provenance shape requirement.
crates/aube-registry/src/lib.rs	Doc-comment updates for NpmUser and Dist structs; re-adds the "does not cryptographically verify" caveat that was flagged missing in a previous review thread.
crates/aube-settings/settings.toml	Settings docs updated to reference .id and .predicateType sub-fields and add the metadata-shape-only caveat.
docs/security.md	Security docs updated to reflect stricter field-level checks; adds explicit "does not cryptographically verify" disclaimer, addressing the concern raised in the prior review thread.
docs/settings/index.md	Regenerated settings reference page; mirrors settings.toml doc changes, no logic impact.

_{Reviews (2): Last reviewed commit: "test(resolver): use structured provenanc..." | Re-trigger Greptile}