multimodel-dev-os 2.8.1 → 3.0.0

package/docs/public/sitemap.xml

@@ -1,203 +1,248 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/</loc>
-    <changefreq>daily</changefreq>
-    <priority>1.0</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/quickstart</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/templates/</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/protocol</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/stable-protocol</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.9</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/compatibility</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/migration-guide</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/cost-optimization</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/5-day-roadmap</loc>
-    <changefreq>monthly</changefreq>
-    <priority>0.6</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/case-studies/</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demo</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/faq</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.6</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/v2-release-checklist</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.6</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/model-routing</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/local-models</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/provider-strategy</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/agent-compatibility</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/adapter-authoring</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/template-authoring</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/skill-authoring</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/v2-migration</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/package-safety</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/registry-contribution</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/future-proof-architecture</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/self-improving-codebase</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/hash-compressed-memory</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/feedback-learning</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/capability-registry</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/tool-registry</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demos/</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demos/existing-repo-onboarding</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demos/multi-agent-handoff</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demos/safe-improvement-loop</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demos/adapter-sync</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/demos/release-check</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/distribution</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.8</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/dashboard</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/plugin-hooks</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/plugin-authoring</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-  <url>
-    <loc>https://rizvee.github.io/multimodel-dev-os/tui-safety</loc>
-    <changefreq>weekly</changefreq>
-    <priority>0.7</priority>
-  </url>
-</urlset>
+<?xml version="1.0" encoding="UTF-8"?>
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/</loc>
+    <changefreq>daily</changefreq>
+    <priority>1.0</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/quickstart</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/templates/</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/protocol</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/stable-protocol</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.9</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/compatibility</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/migration-guide</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/cost-optimization</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/5-day-roadmap</loc>
+    <changefreq>monthly</changefreq>
+    <priority>0.6</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/case-studies/</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demo</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/faq</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.6</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/v2-release-checklist</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.6</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/model-routing</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/local-models</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/provider-strategy</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/agent-compatibility</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/adapter-authoring</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/template-authoring</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/skill-authoring</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/v2-migration</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/package-safety</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/registry-contribution</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/future-proof-architecture</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/self-improving-codebase</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/hash-compressed-memory</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/feedback-learning</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/capability-registry</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/tool-registry</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demos/</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demos/existing-repo-onboarding</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demos/multi-agent-handoff</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demos/safe-improvement-loop</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demos/adapter-sync</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/demos/release-check</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/distribution</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.8</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/dashboard</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/plugin-hooks</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/plugin-authoring</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/tui-safety</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/catalog</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/plugin-catalog</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/workflow-marketplace</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/catalog-authoring</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/registry-sync</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/trusted-registries</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/registry-policy</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/registry-security</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+  <url>
+    <loc>https://rizvee.github.io/multimodel-dev-os/remote-catalog-authoring</loc>
+    <changefreq>weekly</changefreq>
+    <priority>0.7</priority>
+  </url>
+</urlset>

package/docs/quickstart.md

@@ -94,6 +94,23 @@ npx multimodel-dev-os@latest dashboard
 
 ---
 
+## Option G: Local Workflow Marketplace & Plugin Catalog
+
+Discover and install safe, curated first-party plugin packs to extend your workflows:
+
+```bash
+# Get recommendations for your workspace
+npx multimodel-dev-os@latest catalog recommend
+
+# List all catalog plugins
+npx multimodel-dev-os@latest catalog list
+
+# Install a plugin
+npx multimodel-dev-os@latest catalog install git-workflows --approved
+```
+
+---
+
 ## After Install
 
 1. **Edit `AGENTS.md`** — fill in your project name, stack, and build commands.

package/docs/registry-policy.md

@@ -0,0 +1,93 @@
+# Registry Policy Engine
+
+The Policy Engine governs how remote registries are synchronized and how plugins are installed in the workspace. It enforces strict directory boundaries, file limitations, and network controls to prevent unauthorized access and malicious file writes.
+
+## Configuration File
+
+Registry policies are configured in `.ai/policies/registry-policy.yaml`. If this file does not exist, the engine falls back to strict default settings.
+
+> [!NOTE]
+> The policy file is read dynamically from the target workspace. If none is found there, it falls back to the bundled defaults in the package root.
+
+---
+
+## Policy Options Reference
+
+Here is a list of all fields supported in `.ai/policies/registry-policy.yaml`:
+
+### `allow_remote_registries` (Boolean)
+* **Default:** `false`
+* **Description:** Master switch to enable remote registry operations. If set to `false`, `registry add` and `registry sync` commands will fail.
+
+### `require_approval_for_remote_sync` (Boolean)
+* **Default:** `true`
+* **Description:** Requires the `--approved` flag on the command line to synchronize a remote registry.
+
+### `require_checksum` (Boolean)
+* **Default:** `true`
+* **Description:** Requires SHA256 checksum validation for all remote assets fetched during a sync.
+
+### `require_signature` (Boolean)
+* **Default:** `false`
+* **Description:** Reserved for future cryptographic signature validation.
+
+### `allow_untrusted_install` (Boolean)
+* **Default:** `false`
+* **Description:** When `false`, blocks installation of plugins originating from registries with `trust_level` set to `community` or `untrusted`.
+
+### `allowed_write_roots` (Array of Strings)
+* **Default:** `['.ai/', 'adapters/']`
+* **Description:** A whitelist of directory paths relative to the project root. Plugins are only permitted to write files into these directories.
+
+### `blocked_paths` (Array of Strings)
+* **Default:** `['.env', '.npmrc', '.git/', 'node_modules/', 'package.json', 'package-lock.json', 'pnpm-lock.yaml', 'yarn.lock']`
+* **Description:** A blacklist of specific paths or filenames. Plugins are strictly blocked from writing to or modifying these files, even if they reside within an allowed directory.
+
+### `max_plugin_files` (Integer)
+* **Default:** `20`
+* **Description:** The maximum number of files that a single plugin is allowed to write to the workspace.
+
+### `max_plugin_size_kb` (Integer)
+* **Default:** `100`
+* **Description:** The maximum combined file size (in KB) that a single plugin's assets can occupy.
+
+### `max_registry_cache_size_kb` (Integer)
+* **Default:** `512`
+* **Description:** The maximum cache size (in KB) permitted per remote registry in `.ai/registry-cache/`.
+
+### `allowed_file_extensions` (Array of Strings)
+* **Default:** `['.md', '.yaml', '.yml', '.json']`
+* **Description:** Whitelisted extensions for plugin assets. Any attempt to write files with different extensions (e.g. `.js`, `.sh`, `.exe`) is rejected.
+
+---
+
+## Example Policy Configuration
+
+Below is a typical policy file enabling secure remote synchronization while enforcing strict safety gates:
+
+```yaml
+# .ai/policies/registry-policy.yaml
+allow_remote_registries: true
+require_approval_for_remote_sync: true
+require_checksum: true
+allow_untrusted_install: false
+
+allowed_write_roots:
+  - ".ai/"
+  - "adapters/"
+
+blocked_paths:
+  - ".env"
+  - ".npmrc"
+  - ".git/"
+  - "package.json"
+
+max_plugin_files: 10
+max_plugin_size_kb: 50
+max_registry_cache_size_kb: 256
+
+allowed_file_extensions:
+  - ".md"
+  - ".yaml"
+  - ".json"
+```

package/docs/registry-security.md

@@ -0,0 +1,67 @@
+# Registry Security Model
+
+MultiModel Dev OS is designed with a **zero-trust architecture** for remote registries and plugins. Because plugins configure coding guidelines, workflows, and prompts for AI coding agents, securing the distribution channel is critical.
+
+This document describes the threat model, safety boundaries, and mitigation strategies implemented in `v3.0.0`.
+
+---
+
+## Threat Model & Mitigations
+
+```
+Threat: Malicious Remote Registry
+   |--> Arbitrary Code Execution (Mitigated: Declarative-only YAML)
+   |--> Path Traversal / Overwrite (Mitigated: Resolve path bounds + Blacklist)
+   |--> Dependency Poisoning (Mitigated: No automated package installation)
+```
+
+### 1. Arbitrary Code Execution
+* **Threat:** A remote registry delivers a plugin containing malicious scripts (`shell`, `javascript`, etc.) that execute on the developer's machine.
+* **Mitigation:**
+  * **Declarative-only manifests:** Plugins are purely declarative YAML manifests defining workflows, skills, and checks.
+  * **No runtime scripts:** Plugins cannot contain JavaScript files, shell scripts, or binary assets.
+  * **No eval/exec:** The CLI parser reads manifests using a custom regex-based parser, strictly avoiding `eval` or dynamic JS execution.
+
+### 2. Path Traversal & Unauthorized Overwrites
+* **Threat:** A plugin manifest contains destination paths like `../../.ssh/authorized_keys` or `/etc/hosts` to write files outside the workspace.
+* **Mitigation:**
+  * **Allowed Write Roots:** The policy engine enforces that all destination paths must resolve within whitelisted directories (defaulting to `.ai/` and `adapters/`).
+  * **Path Resolution Checks:** The installer uses `path.resolve` and `path.relative` to ensure destinations do not escape the target root or cache root.
+  * **Blocked Paths Blacklist:** Sensitive files (e.g. `.env`, `.npmrc`, `.git/`, `package.json`) are blacklisted and cannot be overwritten under any circumstances.
+
+### 3. Dependency Poisoning
+* **Threat:** A synced plugin runs `npm install` to inject malicious dependencies into the project.
+* **Mitigation:**
+  * **Zero dependency installer:** The installation process does not interact with the npm registry, execute package managers, or modify `node_modules`.
+  * **Ignored package files:** The blacklist blocks writes to `package.json`, `package-lock.json`, `pnpm-lock.yaml`, and `yarn.lock`.
+
+### 4. Cache Poisoning / Tampering
+* **Threat:** An attacker modifies cached remote files on disk to bypass verification.
+* **Mitigation:**
+  * **In-process verification:** The `registry verify` command performs SHA256 checksum checks against the manifest.
+  * **ReadOnly Dashboard:** The interactive TUI Dashboard is completely read-only for registry and plugin operations, preventing UI-driven privilege escalation.
+
+---
+
+## Safety Boundaries Matrix
+
+The following table summarizes the enforcement gates for different registry types:
+
+| Capability | Local Bundled | Verified Remote | Community Remote |
+|---|---|---|---|
+| **Requires Approved Flag** | Yes | Yes | Yes |
+| **Integrity Check** | Yes (Built-in) | Yes (SHA256 Manifest) | Yes (SHA256 Manifest) |
+| **Write Directory Restricted** | Yes (`.ai/`, `adapters/`) | Yes (`.ai/`, `adapters/`) | Yes (`.ai/`, `adapters/`) |
+| **Size Limit Enforced** | No | Yes (max 100KB) | Yes (max 100KB) |
+| **File Limit Enforced** | No | Yes (max 20 files) | Yes (max 20 files) |
+| **Allowed Extensions Only** | Yes | Yes | Yes |
+| **Automatic Activation** | No | No | No |
+
+---
+
+## Best Practices for Enterprise
+
+For teams deploying MultiModel Dev OS in sensitive environments, we recommend:
+1. Keeping `allow_remote_registries: false` (the default) if no third-party plugins are needed.
+2. If remote plugins are required, set `allow_untrusted_install: false` to only permit plugins from official, signed corporate registries.
+3. Commit `.ai/policies/registry-policy.yaml` to version control to enforce uniform governance across all developer machines.