Content integrity hashing in lockfile (SHA-256)

[danielmeppiel]

Summary

Add content integrity verification by storing SHA-256 checksums of downloaded package content in apm.lock.yaml. Verify checksums on subsequent installs to detect tampering or MITM modifications.

Background

Identified during the security assessment for #313 (content security scanner). APM currently stores resolved_commit (git SHA) in the lockfile but does not verify that the downloaded file content matches any expected hash. A network-level attacker, compromised proxy, or force-pushed commit could serve different content for the same SHA.

For comparison, npm stores integrity hashes (SHA-512) in package-lock.json and verifies every download against them.

Proposed behavior

1. During apm install, after downloading a package, compute SHA-256 of the package's file tree (deterministic hash of all file contents)
2. Store the hash in apm.lock.yaml alongside resolved_commit:

   dependencies:
     - repo_url: "https://github.com/owner/repo"
       resolved_commit: "abc123..."
       content_hash: "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

3. On subsequent installs from cache, verify the hash matches. On mismatch, warn and re-download.

Considerations

• Hash should be computed over file contents (not metadata like timestamps) for reproducibility
• Performance: SHA-256 is fast — even large packages (10MB) hash in ~10ms
• Backward compatibility: missing content_hash (older lockfiles) should not block install

Priority

P0 — highest impact security improvement available per the security panel assessment.

Related

• feat: add content security scanning and apm audit command #313 — Content security scanner (PR)
• Content security scanning for prompt files (hidden Unicode detection) #312 — Content security scanner (issue)