Built by Maven

Plugin Details

This report describes goals, parameters details, requirements and sample usage of this plugin.

Goals

Goals available for this plugin:

Goal Description
ai-build-integrity:clean-hashes Removes companion hash sidecar files generated by the generate-hashes goal.

This mojo walks a base directory using NIO Files.walkFileTree, finds files matching the configured hash output extension, and deletes them. It binds by default to the clean phase, allowing easy cleanup of generated artifacts that live alongside source code (outside the traditional target directory).

ai-build-integrity:generate-hashes Generates companion hash files for AI instruction resources (e.g. AGENTS.md, SKILL.md).

This mojo walks a base directory using NIO Files.walkFileTree, finds files matching the configured include globs, and writes a companion hash sidecar file alongside each matched file. The hash captures the file content at build time so that the verify mojo can later detect any unauthorized modifications.

Security rationale: AI agent instructions must not change after the build begins or after the artifact is shipped. Generating hashes at build time creates a tamper-evident seal on all instruction files.

Performance: Uses Files.walkFileTree for a single-pass directory traversal with directory pruning, a 64 KiB streaming hash buffer, and a lookup-table hex encoder. Handles both single-module projects and large multi-module projects efficiently.

ai-build-integrity:verify-hashes Verifies that AI instruction resource files have not been modified since their hashes were generated.

This mojo finds all companion hash sidecar files under the base directory using NIO Files.walkFileTree, recomputes the hash of the corresponding source file, and compares the two. If any mismatch is detected, the build fails with a org.apache.maven.plugin.MojoExecutionException.

Security rationale: AI agent instructions must not change once a build has begun or after the artifact is shipped. This verification step ensures that no instruction file has been tampered with between the generate phase and the verification phase.

Performance: Uses Files.walkFileTree for a single-pass directory traversal with directory pruning. Handles both single-module projects and large multi-module projects efficiently.

System Requirements

The following specifies the minimum requirements to run this Maven plugin:

Maven 3.9.0
JDK 11

System Requirements History

The following specifies the minimum requirements to run this Maven plugin for historical versions:

Plugin Version Maven JDK
0.9.0 3.9.0 11

Usage

You should specify the version in your project's plugin configuration:

<project>
  ...
  <build>
    <!-- To define the plugin version in your parent POM -->
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>com.intsof</groupId>
          <artifactId>ai-build-integrity-maven-plugin</artifactId>
          <version>0.9.1-SNAPSHOT</version>
        </plugin>
        ...
      </plugins>
    </pluginManagement>
    <!-- To use the plugin goals in your POM or parent POM -->
    <plugins>
      <plugin>
        <groupId>com.intsof</groupId>
        <artifactId>ai-build-integrity-maven-plugin</artifactId>
      </plugin>
      ...
    </plugins>
  </build>
  ...
</project>

For more information, see "Guide to Configuring Plug-ins"