npm - @dcyfr/ai - Versions diffs - 2.1.3 → 3.0.1 - Mend

@dcyfr/ai 2.1.3 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (468) hide show

package/dist/ai/src/plugins/security/trust-score.js ADDED Viewed

@@ -0,0 +1,173 @@
+/**
+ * Trust Score Calculation Engine
+ *
+ * Computes a 4-dimension weighted trust score (0–100) for a plugin based on
+ * security scan results, community data, maintenance activity, and transparency.
+ *
+ * Weights:
+ *   - Security posture  40%
+ *   - Community trust   30%
+ *   - Maintenance       20%
+ *   - Transparency      10%
+ *
+ * @module plugins/security/trust-score
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+// ---------------------------------------------------------------------------
+// Weight constants
+// ---------------------------------------------------------------------------
+const WEIGHT_SECURITY = 0.4;
+const WEIGHT_COMMUNITY = 0.3;
+const WEIGHT_MAINTENANCE = 0.2;
+const WEIGHT_TRANSPARENCY = 0.1;
+// ---------------------------------------------------------------------------
+// Security score (0–100)
+// ---------------------------------------------------------------------------
+/** Penalty per vulnerability by severity */
+const VULN_PENALTIES = {
+    critical: 40,
+    high: 20,
+    medium: 10,
+    low: 5,
+    negligible: 1,
+    unknown: 3,
+};
+function calcSecurityScore(vulns, secrets, malware, codeQuality) {
+    let score = 100;
+    // Deduct for vulnerabilities
+    const v = vulns.vulnerabilities;
+    score -= Math.min(v.critical * VULN_PENALTIES.critical, 80);
+    score -= Math.min(v.high * VULN_PENALTIES.high, 40);
+    score -= Math.min(v.medium * VULN_PENALTIES.medium, 20);
+    score -= Math.min(v.low * VULN_PENALTIES.low, 10);
+    score -= Math.min(v.negligible * VULN_PENALTIES.negligible, 5);
+    // Secrets: blocking secrets in production code are severe
+    const productionSecrets = secrets.locations.filter((l) => !l.inTestFixture);
+    score -= productionSecrets.length * 25;
+    // Malware: immediate severe penalty
+    if (malware.detected)
+        score -= 80;
+    score -= malware.suspiciousPatterns.length * 5;
+    // Code quality
+    if (codeQuality.metrics) {
+        const { bugs, vulnerabilities: cqVulns, securityHotspots } = codeQuality.metrics;
+        score -= bugs * 2;
+        score -= cqVulns * 5;
+        score -= securityHotspots * 3;
+    }
+    return Math.max(0, Math.min(100, score));
+}
+// ---------------------------------------------------------------------------
+// Transparency score (0–100)
+// ---------------------------------------------------------------------------
+function calcTransparencyScore(sbom, signature, license) {
+    let score = 0;
+    // SBOM present: +40
+    if (sbom.success && sbom.components.length > 0)
+        score += 40;
+    else if (sbom.usedFallback && sbom.components.length > 0)
+        score += 20;
+    // Valid signature: +20 bonus / -20 penalty for absence
+    if (signature.verified)
+        score += 40;
+    else
+        score += 0; // neutral; allow rejection elsewhere
+    // License declared and compliant: +20
+    if (license.compliant)
+        score += 20;
+    else if (license.detected.length > 0)
+        score += 10;
+    return Math.max(0, Math.min(100, score));
+}
+function calcMaintenanceScore(input) {
+    if (input.isArchived)
+        return 0;
+    let score;
+    if (input.daysSinceLastCommit === undefined) {
+        score = 60; // unknown → neutral
+    }
+    else {
+        const d = input.daysSinceLastCommit;
+        if (d < 30)
+            score = 100;
+        else if (d < 90)
+            score = 80;
+        else if (d < 180)
+            score = 60;
+        else if (d < 365)
+            score = 40;
+        else
+            score = 10;
+    }
+    if (input.hasCiCd)
+        score = Math.min(100, score + 10);
+    return score;
+}
+function calcCommunityScore(input) {
+    if (input.activeIncidents && input.activeIncidents > 0) {
+        return Math.max(0, 40 - input.activeIncidents * 20);
+    }
+    if (input.starRating === undefined || input.ratingCount === undefined) {
+        return 50; // neutral: no community data yet
+    }
+    // Normalise star rating (0–5 → 0–100)
+    const base = (input.starRating / 5) * 100;
+    // Low rating count reduces confidence → nudge toward neutral
+    const confidence = Math.min(1, input.ratingCount / 100);
+    return Math.round(base * confidence + 50 * (1 - confidence));
+}
+// ---------------------------------------------------------------------------
+// Recommendation thresholds
+// ---------------------------------------------------------------------------
+function deriveRecommendation(overall) {
+    if (overall >= 80)
+        return 'approve';
+    if (overall >= 60)
+        return 'approve-with-warnings';
+    if (overall >= 40)
+        return 'require-review';
+    return 'reject';
+}
+function buildRationale(overall, dims, rec) {
+    const parts = [`Overall trust score: ${overall}/100.`];
+    parts.push(`Security ${dims.security}/100 (40%), Community ${dims.community}/100 (30%), ` +
+        `Maintenance ${dims.maintenance}/100 (20%), Transparency ${dims.transparency}/100 (10%).`);
+    if (rec === 'approve')
+        parts.push('Plugin meets all security requirements.');
+    else if (rec === 'approve-with-warnings')
+        parts.push('Plugin has minor issues — review warnings before installing.');
+    else if (rec === 'require-review')
+        parts.push('Plugin requires manual security team review before approval.');
+    else
+        parts.push('Plugin fails minimum security requirements and cannot be approved.');
+    return parts.join(' ');
+}
+/**
+ * Calculate the overall trust score for a plugin.
+ */
+export function calculateTrustScore(input) {
+    const security = calcSecurityScore(input.vulns, input.secrets, input.malware, input.codeQuality);
+    const transparency = calcTransparencyScore(input.sbom, input.signature, input.license);
+    const maintenance = calcMaintenanceScore(input.maintenance ?? {});
+    const community = calcCommunityScore(input.community ?? {});
+    const overall = Math.round(security * WEIGHT_SECURITY +
+        community * WEIGHT_COMMUNITY +
+        maintenance * WEIGHT_MAINTENANCE +
+        transparency * WEIGHT_TRANSPARENCY);
+    const dimensions = {
+        security,
+        community,
+        maintenance,
+        transparency,
+    };
+    const recommendation = deriveRecommendation(overall);
+    return {
+        overall,
+        dimensions,
+        recommendation,
+        rationale: buildRationale(overall, dimensions, recommendation),
+    };
+}
+//# sourceMappingURL=trust-score.js.map

package/dist/ai/src/plugins/security/trust-score.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trust-score.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/trust-score.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAcH,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAC/B,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,4CAA4C;AAC5C,MAAM,cAAc,GAAG;IACrB,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,CAAC;IACN,UAAU,EAAE,CAAC;IACb,OAAO,EAAE,CAAC;CACF,CAAC;AAEX,SAAS,iBAAiB,CACxB,KAA8B,EAC9B,OAA8B,EAC9B,OAA0B,EAC1B,WAA8B;IAE9B,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,6BAA6B;IAC7B,MAAM,CAAC,GAAG,KAAK,CAAC,eAAe,CAAC;IAChC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,GAAG,cAAc,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC5D,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACpD,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACxD,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,cAAc,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAClD,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,cAAc,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAE/D,0DAA0D;IAC1D,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IAC5E,KAAK,IAAI,iBAAiB,CAAC,MAAM,GAAG,EAAE,CAAC;IAEvC,oCAAoC;IACpC,IAAI,OAAO,CAAC,QAAQ;QAAE,KAAK,IAAI,EAAE,CAAC;IAClC,KAAK,IAAI,OAAO,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC;IAE/C,eAAe;IACf,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC;QACjF,KAAK,IAAI,IAAI,GAAG,CAAC,CAAC;QAClB,KAAK,IAAI,OAAO,GAAG,CAAC,CAAC;QACrB,KAAK,IAAI,gBAAgB,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E,SAAS,qBAAqB,CAC5B,IAAgB,EAChB,SAAsC,EACtC,OAAgC;IAEhC,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,oBAAoB;IACpB,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SACvD,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAEtE,uDAAuD;IACvD,IAAI,SAAS,CAAC,QAAQ;QAAE,KAAK,IAAI,EAAE,CAAC;;QAC/B,KAAK,IAAI,CAAC,CAAC,CAAC,qCAAqC;IAEtD,sCAAsC;IACtC,IAAI,OAAO,CAAC,SAAS;QAAE,KAAK,IAAI,EAAE,CAAC;SAC9B,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAElD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC3C,CAAC;AAmBD,SAAS,oBAAoB,CAAC,KAAuB;IACnD,IAAI,KAAK,CAAC,UAAU;QAAE,OAAO,CAAC,CAAC;IAE/B,IAAI,KAAa,CAAC;IAElB,IAAI,KAAK,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;QAC5C,KAAK,GAAG,EAAE,CAAC,CAAC,oBAAoB;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,KAAK,CAAC,mBAAmB,CAAC;QACpC,IAAI,CAAC,GAAG,EAAE;YAAE,KAAK,GAAG,GAAG,CAAC;aACnB,IAAI,CAAC,GAAG,EAAE;YAAE,KAAK,GAAG,EAAE,CAAC;aACvB,IAAI,CAAC,GAAG,GAAG;YAAE,KAAK,GAAG,EAAE,CAAC;aACxB,IAAI,CAAC,GAAG,GAAG;YAAE,KAAK,GAAG,EAAE,CAAC;;YACxB,KAAK,GAAG,EAAE,CAAC;IAClB,CAAC;IAED,IAAI,KAAK,CAAC,OAAO;QAAE,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC;IAErD,OAAO,KAAK,CAAC;AACf,CAAC;AAmBD,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,IAAI,KAAK,CAAC,eAAe,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;QACvD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,KAAK,CAAC,eAAe,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QACtE,OAAO,EAAE,CAAC,CAAC,iCAAiC;IAC9C,CAAC;IAED,sCAAsC;IACtC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;IAC1C,6DAA6D;IAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,SAAS,oBAAoB,CAAC,OAAe;IAC3C,IAAI,OAAO,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IACpC,IAAI,OAAO,IAAI,EAAE;QAAE,OAAO,uBAAuB,CAAC;IAClD,IAAI,OAAO,IAAI,EAAE;QAAE,OAAO,gBAAgB,CAAC;IAC3C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CACrB,OAAe,EACf,IAA0B,EAC1B,GAAiC;IAEjC,MAAM,KAAK,GAAa,CAAC,wBAAwB,OAAO,OAAO,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CACR,YAAY,IAAI,CAAC,QAAQ,yBAAyB,IAAI,CAAC,SAAS,cAAc;QAC9E,eAAe,IAAI,CAAC,WAAW,4BAA4B,IAAI,CAAC,YAAY,aAAa,CAC1F,CAAC;IACF,IAAI,GAAG,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;SACxE,IAAI,GAAG,KAAK,uBAAuB;QAAE,KAAK,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;SAChH,IAAI,GAAG,KAAK,gBAAgB;QAAE,KAAK,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;;QACzG,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAkBD;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAsB;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAChC,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,WAAW,CAClB,CAAC;IACF,MAAM,YAAY,GAAG,qBAAqB,CACxC,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,OAAO,CACd,CAAC;IACF,MAAM,WAAW,GAAG,oBAAoB,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,kBAAkB,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAE5D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,QAAQ,GAAG,eAAe;QAC1B,SAAS,GAAG,gBAAgB;QAC5B,WAAW,GAAG,kBAAkB;QAChC,YAAY,GAAG,mBAAmB,CACnC,CAAC;IAEF,MAAM,UAAU,GAAyB;QACvC,QAAQ;QACR,SAAS;QACT,WAAW;QACX,YAAY;KACb,CAAC;IAEF,MAAM,cAAc,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAErD,OAAO;QACL,OAAO;QACP,UAAU;QACV,cAAc;QACd,SAAS,EAAE,cAAc,CAAC,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC;KAC/D,CAAC;AACJ,CAAC"}

package/dist/ai/src/plugins/security/types.d.ts ADDED Viewed

@@ -0,0 +1,220 @@
+/**
+ * Plugin Security Types
+ *
+ * Shared type definitions for the plugin marketplace security scanning pipeline.
+ *
+ * @module plugins/security/types
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+/** A single dependency entry in a Software Bill of Materials */
+export interface SBOMComponent {
+    /** Package name */
+    name: string;
+    /** Package version */
+    version: string;
+    /** SPDX license identifier */
+    license?: string;
+    /** Common Platform Enumeration identifier */
+    cpe?: string;
+    /** Package URL */
+    purl?: string;
+    /** Ecosystem (npm, pypi, etc.) */
+    ecosystem?: string;
+}
+/** Result of SBOM generation */
+export interface SBOMResult {
+    /** Whether generation succeeded */
+    success: boolean;
+    /** Whether fallback (npm ls) was used instead of Syft */
+    usedFallback: boolean;
+    /** CycloneDX or SPDX format */
+    format: 'cyclonedx' | 'spdx' | 'npm-ls';
+    /** All discovered components */
+    components: SBOMComponent[];
+    /** Path where the SBOM was written */
+    storagePath?: string;
+    /** Error message if generation failed */
+    error?: string;
+}
+/** CVE severity level */
+export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'negligible' | 'unknown';
+/** A single vulnerability finding */
+export interface VulnerabilityFinding {
+    /** CVE identifier */
+    cveId: string;
+    /** Numeric CVSS score */
+    cvssScore: number;
+    /** Severity level */
+    severity: Severity;
+    /** Affected package */
+    packageName: string;
+    /** Installed version */
+    installedVersion: string;
+    /** Fix version, if available */
+    fixedVersion?: string;
+    /** Summary description */
+    description?: string;
+    /** Whether this finding was marked as a false positive */
+    suppressed?: boolean;
+}
+/** Aggregated vulnerability counts */
+export interface VulnerabilityCounts {
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    negligible: number;
+    unknown: number;
+}
+/** Result of vulnerability scanning */
+export interface VulnerabilityScanResult {
+    success: boolean;
+    vulnerabilities: VulnerabilityCounts;
+    findings: VulnerabilityFinding[];
+    /** Overall recommendation based on findings */
+    recommendation: 'approve' | 'approve-with-warnings' | 'reject';
+    error?: string;
+}
+/** Location of a detected secret */
+export interface SecretLocation {
+    file: string;
+    line: number;
+    /** Gitleaks rule ID */
+    ruleId: string;
+    /** Redacted match for audit log */
+    redactedMatch: string;
+    /** Whether this is in a test fixture (lower severity) */
+    inTestFixture: boolean;
+}
+/** Result of secret detection */
+export interface SecretDetectionResult {
+    success: boolean;
+    found: boolean;
+    locations: SecretLocation[];
+    error?: string;
+}
+/** SonarCloud code quality metrics */
+export interface CodeQualityMetrics {
+    bugs: number;
+    vulnerabilities: number;
+    securityHotspots: number;
+    /** Code smell count */
+    codeSmells: number;
+    /** Maintainability rating (A-E) */
+    maintainabilityRating: 'A' | 'B' | 'C' | 'D' | 'E' | 'unknown';
+    /** Test coverage percentage */
+    coverage?: number;
+}
+/** Result of SonarCloud analysis */
+export interface CodeQualityResult {
+    success: boolean;
+    metrics?: CodeQualityMetrics;
+    /** Whether this requires mandatory security review */
+    requiresManualReview: boolean;
+    /** Quality gate status */
+    qualityGate: 'OK' | 'WARN' | 'ERROR' | 'NONE';
+    error?: string;
+}
+/** A malware signature finding */
+export interface MalwareSignature {
+    file: string;
+    signatureName: string;
+    /** Detection category */
+    category: 'virus' | 'trojan' | 'suspicious' | 'unknown';
+}
+/** Result of malware scanning */
+export interface MalwareScanResult {
+    success: boolean;
+    detected: boolean;
+    signatures: MalwareSignature[];
+    /** Files with suspicious script patterns (e.g. curl|bash) */
+    suspiciousPatterns: string[];
+    error?: string;
+}
+/** Result of cryptographic signature verification */
+export interface SignatureVerificationResult {
+    success: boolean;
+    verified: boolean;
+    /** Public key fingerprint used for verification */
+    publicKeyFingerprint?: string;
+    /** Timestamp of the signature */
+    signedAt?: string;
+    /** Whether verification timed out */
+    timedOut?: boolean;
+    error?: string;
+}
+/** License compliance analysis */
+export interface LicenseComplianceResult {
+    success: boolean;
+    compliant: boolean;
+    detected: string[];
+    incompatible: string[];
+    /** SPDX identifiers that were unknown / not recognised */
+    unknown: string[];
+    error?: string;
+}
+/** Dimension scores feeding into the overall trust score */
+export interface TrustScoreDimensions {
+    /** Security posture (40% weight) — based on scan results */
+    security: number;
+    /** Community trust (30% weight) — based on reputation/ratings */
+    community: number;
+    /** Maintenance quality (20% weight) — activity, update frequency */
+    maintenance: number;
+    /** Transparency (10% weight) — signature, SBOM, open source */
+    transparency: number;
+}
+/** Overall plugin trust score (0–100) */
+export interface TrustScore {
+    overall: number;
+    dimensions: TrustScoreDimensions;
+    /** Recommended action based on score */
+    recommendation: 'approve' | 'approve-with-warnings' | 'reject' | 'require-review';
+    /** Human-readable explanation */
+    rationale: string;
+}
+/** Input to the security scanner */
+export interface PluginScanInput {
+    /** Unique plugin identifier */
+    pluginId: string;
+    /** Semver version string */
+    version: string;
+    /** Absolute path to extracted plugin directory */
+    pluginPath: string;
+    /** Absolute path to main plugin archive/artifact */
+    artifactPath?: string;
+    /**
+     * Whether to skip individual scanners (useful in testing or air-gapped
+     * environments where CLI tools may not be available)
+     */
+    skip?: {
+        sbom?: boolean;
+        vulnerabilities?: boolean;
+        secrets?: boolean;
+        codeQuality?: boolean;
+        malware?: boolean;
+        signature?: boolean;
+        license?: boolean;
+    };
+}
+/** Aggregated security scan report for a plugin */
+export interface PluginSecurityReport {
+    pluginId: string;
+    version: string;
+    scannedAt: string;
+    sbom: SBOMResult;
+    vulnerabilities: VulnerabilityScanResult;
+    secrets: SecretDetectionResult;
+    codeQuality: CodeQualityResult;
+    malware: MalwareScanResult;
+    signature: SignatureVerificationResult;
+    license: LicenseComplianceResult;
+    trustScore: TrustScore;
+    /** Overall recommendation (most restrictive across all scanners) */
+    overallRecommendation: 'approve' | 'approve-with-warnings' | 'reject' | 'require-review';
+    /** Duration in milliseconds */
+    durationMs: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/ai/src/plugins/security/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,gEAAgE;AAChE,MAAM,WAAW,aAAa;IAC5B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,gCAAgC;AAChC,MAAM,WAAW,UAAU;IACzB,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,yDAAyD;IACzD,YAAY,EAAE,OAAO,CAAC;IACtB,+BAA+B;IAC/B,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG,QAAQ,CAAC;IACxC,gCAAgC;IAChC,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,yBAAyB;AACzB,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,YAAY,GAAG,SAAS,CAAC;AAEzF,qCAAqC;AACrC,MAAM,WAAW,oBAAoB;IACnC,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gCAAgC;IAChC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0DAA0D;IAC1D,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,sCAAsC;AACtC,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,uCAAuC;AACvC,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,mBAAmB,CAAC;IACrC,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IACjC,+CAA+C;IAC/C,cAAc,EAAE,SAAS,GAAG,uBAAuB,GAAG,QAAQ,CAAC;IAC/D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,oCAAoC;AACpC,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,aAAa,EAAE,MAAM,CAAC;IACtB,yDAAyD;IACzD,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,iCAAiC;AACjC,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,sCAAsC;AACtC,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,qBAAqB,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,SAAS,CAAC;IAC/D,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,sDAAsD;IACtD,oBAAoB,EAAE,OAAO,CAAC;IAC9B,0BAA0B;IAC1B,WAAW,EAAE,IAAI,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,kCAAkC;AAClC,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,yBAAyB;IACzB,QAAQ,EAAE,OAAO,GAAG,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC;CACzD;AAED,iCAAiC;AACjC,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,gBAAgB,EAAE,CAAC;IAC/B,6DAA6D;IAC7D,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,qDAAqD;AACrD,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,mDAAmD;IACnD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iCAAiC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,kCAAkC;AAClC,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,0DAA0D;IAC1D,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,4DAA4D;AAC5D,MAAM,WAAW,oBAAoB;IACnC,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,iEAAiE;IACjE,SAAS,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,WAAW,EAAE,MAAM,CAAC;IACpB,+DAA+D;IAC/D,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,yCAAyC;AACzC,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,oBAAoB,CAAC;IACjC,wCAAwC;IACxC,cAAc,EAAE,SAAS,GAAG,uBAAuB,GAAG,QAAQ,GAAG,gBAAgB,CAAC;IAClF,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;CACnB;AAMD,oCAAoC;AACpC,MAAM,WAAW,eAAe;IAC9B,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,IAAI,CAAC,EAAE;QACL,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AAED,mDAAmD;AACnD,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,EAAE,uBAAuB,CAAC;IACzC,OAAO,EAAE,qBAAqB,CAAC;IAC/B,WAAW,EAAE,iBAAiB,CAAC;IAC/B,OAAO,EAAE,iBAAiB,CAAC;IAC3B,SAAS,EAAE,2BAA2B,CAAC;IACvC,OAAO,EAAE,uBAAuB,CAAC;IACjC,UAAU,EAAE,UAAU,CAAC;IACvB,oEAAoE;IACpE,qBAAqB,EAAE,SAAS,GAAG,uBAAuB,GAAG,QAAQ,GAAG,gBAAgB,CAAC;IACzF,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/ai/src/plugins/security/types.js ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Plugin Security Types
+ *
+ * Shared type definitions for the plugin marketplace security scanning pipeline.
+ *
+ * @module plugins/security/types
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/ai/src/plugins/security/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG"}

package/dist/ai/src/plugins/security/vulnerability-scanner.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Vulnerability Scanner
+ *
+ * Scans plugin SBOMs for known CVEs using Grype CLI.
+ * Supports severity thresholds, false-positive suppression via .grype-ignore.json,
+ * and structured recommendations.
+ *
+ * @module plugins/security/vulnerability-scanner
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import type { VulnerabilityScanResult } from './types.js';
+/**
+ * Scan a plugin (via its SBOM or directory) for known CVEs using Grype.
+ *
+ * @param pluginPath   Absolute path to the extracted plugin directory
+ * @param sbomPath     Optional: path to a pre-generated SBOM JSON file. If provided,
+ *                     Grype will scan the SBOM rather than the raw directory.
+ */
+export declare function scanVulnerabilities(pluginPath: string, sbomPath?: string): Promise<VulnerabilityScanResult>;
+//# sourceMappingURL=vulnerability-scanner.d.ts.map

package/dist/ai/src/plugins/security/vulnerability-scanner.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"vulnerability-scanner.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/vulnerability-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,KAAK,EACV,uBAAuB,EAIxB,MAAM,YAAY,CAAC;AAyEpB;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,uBAAuB,CAAC,CAkDlC"}

package/dist/ai/src/plugins/security/vulnerability-scanner.js ADDED Viewed

@@ -0,0 +1,109 @@
+/**
+ * Vulnerability Scanner
+ *
+ * Scans plugin SBOMs for known CVEs using Grype CLI.
+ * Supports severity thresholds, false-positive suppression via .grype-ignore.json,
+ * and structured recommendations.
+ *
+ * @module plugins/security/vulnerability-scanner
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+const execFileAsync = promisify(execFile);
+function loadIgnoredCVEs(pluginPath) {
+    const ignorePath = join(pluginPath, '.grype-ignore.json');
+    if (!existsSync(ignorePath))
+        return new Set();
+    try {
+        const entries = JSON.parse(readFileSync(ignorePath, 'utf8'));
+        return new Set(entries.filter((e) => e.cve).map((e) => e.cve));
+    }
+    catch {
+        return new Set();
+    }
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function normaliseSeverity(raw) {
+    const map = {
+        critical: 'critical',
+        high: 'high',
+        medium: 'medium',
+        low: 'low',
+        negligible: 'negligible',
+    };
+    return map[(raw ?? '').toLowerCase()] ?? 'unknown';
+}
+function emptyCounts() {
+    return { critical: 0, high: 0, medium: 0, low: 0, negligible: 0, unknown: 0 };
+}
+function deriveRecommendation(counts) {
+    if (counts.critical > 0)
+        return 'reject';
+    if (counts.high > 0)
+        return 'approve-with-warnings';
+    return 'approve';
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Scan a plugin (via its SBOM or directory) for known CVEs using Grype.
+ *
+ * @param pluginPath   Absolute path to the extracted plugin directory
+ * @param sbomPath     Optional: path to a pre-generated SBOM JSON file. If provided,
+ *                     Grype will scan the SBOM rather than the raw directory.
+ */
+export async function scanVulnerabilities(pluginPath, sbomPath) {
+    const ignored = loadIgnoredCVEs(pluginPath);
+    const target = sbomPath ?? pluginPath;
+    let grypeOutput;
+    try {
+        const { stdout } = await execFileAsync('grype', [target, '--output', 'json']);
+        grypeOutput = JSON.parse(stdout);
+    }
+    catch (err) {
+        return {
+            success: false,
+            vulnerabilities: emptyCounts(),
+            findings: [],
+            recommendation: 'approve',
+            error: String(err),
+        };
+    }
+    const findings = [];
+    const counts = emptyCounts();
+    for (const match of grypeOutput.matches ?? []) {
+        const vuln = match.vulnerability ?? {};
+        const cveId = vuln.id ?? 'UNKNOWN';
+        const suppressed = ignored.has(cveId);
+        const severity = normaliseSeverity(vuln.severity);
+        const cvssScore = vuln.cvss?.[0]?.metrics?.baseScore ?? 0;
+        findings.push({
+            cveId,
+            cvssScore,
+            severity,
+            packageName: match.artifact?.name ?? 'unknown',
+            installedVersion: match.artifact?.version ?? 'unknown',
+            fixedVersion: vuln.fix?.versions?.[0],
+            description: vuln.description,
+            suppressed,
+        });
+        if (!suppressed) {
+            counts[severity] += 1;
+        }
+    }
+    return {
+        success: true,
+        vulnerabilities: counts,
+        findings,
+        recommendation: deriveRecommendation(counts),
+    };
+}
+//# sourceMappingURL=vulnerability-scanner.js.map

package/dist/ai/src/plugins/security/vulnerability-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vulnerability-scanner.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/security/vulnerability-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAQjC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAQ1C,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;IAC1D,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,OAAO,GAAkB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC5E,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAa,CAAC,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,GAAG,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAuBD,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,iBAAiB,CAAC,GAAuB;IAChD,MAAM,GAAG,GAA6B;QACpC,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,QAAQ;QAChB,GAAG,EAAE,KAAK;QACV,UAAU,EAAE,YAAY;KACzB,CAAC;IACF,OAAO,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,SAAS,CAAC;AACrD,CAAC;AAED,SAAS,WAAW;IAClB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAA2B;IAE3B,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACzC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,uBAAuB,CAAC;IACpD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,QAAiB;IAEjB,MAAM,OAAO,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,QAAQ,IAAI,UAAU,CAAC;IAEtC,IAAI,WAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9E,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAgB,CAAC;IAClD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,eAAe,EAAE,WAAW,EAAE;YAC9B,QAAQ,EAAE,EAAE;YACZ,cAAc,EAAE,SAAS;YACzB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;SACnB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC;IAE7B,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,IAAI,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,EAAE,IAAI,SAAS,CAAC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,IAAI,CAAC,CAAC;QAE1D,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK;YACL,SAAS;YACT,QAAQ;YACR,WAAW,EAAE,KAAK,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS;YAC9C,gBAAgB,EAAE,KAAK,CAAC,QAAQ,EAAE,OAAO,IAAI,SAAS;YACtD,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;YACrC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,UAAU;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,eAAe,EAAE,MAAM;QACvB,QAAQ;QACR,cAAc,EAAE,oBAAoB,CAAC,MAAM,CAAC;KAC7C,CAAC;AACJ,CAAC"}

package/dist/ai/src/plugins/tlp/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * TLP Classification System for Plugin Marketplace
+ *
+ * Re-exports all public types, classifier, and validator for the
+ * plugin TLP classification subsystem.
+ *
+ * @module plugins/tlp
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+export type { TlpLevel, TlpBadge, TlpClassificationReason, TlpClassificationResult, TlpClearanceProfile, TlpClearanceCheckResult, PluginTlpInput, } from './types.js';
+export { TLP_RANK } from './types.js';
+export { classifyPlugin, getTlpBadge, getAllTlpBadges, TLP_BADGES, } from './tlp-classifier.js';
+export { checkClearance, validatePluginInstall, batchValidate, isCleared, requiredClearance, accessibleLevels, } from './tlp-validator.js';
+export type { BatchValidationEntry } from './tlp-validator.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/src/plugins/tlp/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/tlp/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,uBAAuB,EACvB,cAAc,GACf,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAGtC,OAAO,EACL,cAAc,EACd,WAAW,EACX,eAAe,EACf,UAAU,GACX,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAE5B,YAAY,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/ai/src/plugins/tlp/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * TLP Classification System for Plugin Marketplace
+ *
+ * Re-exports all public types, classifier, and validator for the
+ * plugin TLP classification subsystem.
+ *
+ * @module plugins/tlp
+ * @version 1.0.0
+ * @date 2026-02-28
+ * @license MIT
+ */
+export { TLP_RANK } from './types.js';
+// Classifier
+export { classifyPlugin, getTlpBadge, getAllTlpBadges, TLP_BADGES, } from './tlp-classifier.js';
+// Validator
+export { checkClearance, validatePluginInstall, batchValidate, isCleared, requiredClearance, accessibleLevels, } from './tlp-validator.js';
+//# sourceMappingURL=index.js.map

package/dist/ai/src/plugins/tlp/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/ai/src/plugins/tlp/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAaH,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,aAAa;AACb,OAAO,EACL,cAAc,EACd,WAAW,EACX,eAAe,EACf,UAAU,GACX,MAAM,qBAAqB,CAAC;AAE7B,YAAY;AACZ,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC"}