Show HN: BootProof – Cryptographically prove any GitHub repo boots locally
BootProof is a tool that verifies whether a GitHub repository can successfully boot by executing only justified steps and generating a signed attestation of the outcome. It inspects repository requirements, runs dependency installation when appropriate, and confirms health by observing reachable endpoints rather than relying on command exit codes or Docker status. The tool can be used locally or in CI pipelines, supports remote repository inspection, and provides explanations for verification failures such as version mismatches or blocked remote code execution.
- ▪BootProof separates activity from evidence, executing only actions it can justify and recording health observations in a signed attestation file.
- ▪The tool refuses to run when environment constraints, such as a mismatched package manager version, are detected, prompting the user to correct the setup before retrying.
- ▪Remote repositories are treated as untrusted code; BootProof requires explicit consent before executing any code from them and will block execution by default.
- ▪A successful boot is marked only after BootProof observes an HTTP 200 response from the application’s health endpoint, not merely after a process starts or dependencies install.
- ▪Users can run BootProof via npx commands, obtain human‑readable diagnostics, and verify or explain attestation files using provided CLI options.
Opening excerpt (first ~120 words) tap to expand
BootProof The honest run button for GitHub repos. Proof, not vibes. BootProof answers one question: Did this repository actually boot? Not “did a command run?” Not “did Docker say containers are up?” Not “did an AI agent say it worked?” Not “did the README look plausible?” BootProof inspects a repo, builds an evidence-based run plan, executes only what it can justify, observes real health, and writes a signed attestation for success or failure. No proof, no green check. Why BootProof exists Every developer knows this loop: git clone some/repo npm install npm run dev Then reality appears. Wrong Node version. Wrong pnpm version. Missing Java. Missing Clojure. Docker is running but the service is not healthy. Postgres exists but the role does not. Redis is missing. A migration fails.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.