plugin-scanner 2.0.101__tar.gz → 2.0.103__tar.gz

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.101
+Version: 2.0.103
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/dashboard/src/approval-center-layout.tsx

@@ -35,7 +35,9 @@ import {
   buildTechnicalSummary,
   humanizeChangedFields,
   harnessDisplayName,
-  resolveEnvelopeDisplayText
+  resolveDecisionV2Title,
+  resolveDecisionV2Detail,
+  resolveStoppedCommandText
 } from "./approval-center-utils";
 import type {
   GuardApprovalRequest,
@@ -782,6 +784,7 @@ function CopyCommandButton(props: { command: string }) {
 
 function BlockedActionCard(props: { item: GuardApprovalRequest }) {
   const launchText = actionLaunchText(props.item);
+  const decisionDetail = resolveDecisionV2Detail(props.item);
   const isBlocked = props.item.policy_action === "block";
   const bannerBg = isBlocked
     ? "bg-gradient-to-r from-brand-purple/90 to-brand-purple/75"
@@ -820,6 +823,11 @@ function BlockedActionCard(props: { item: GuardApprovalRequest }) {
         <p className="mt-2 text-sm leading-6 text-brand-dark/70">
           {harnessDisplayName(props.item.harness)} paused this because {buildQueueSummary(props.item).toLowerCase()}.
         </p>
+        {decisionDetail !== null ? (
+          <p className="mt-2 text-sm leading-6 text-brand-dark/80">
+            {decisionDetail}
+          </p>
+        ) : null}
         <div className="mt-4 rounded-[1.25rem] bg-[#090d1a] p-1 shadow-[0_14px_35px_rgba(9,13,26,0.18)]">
           <div className="flex items-center gap-1.5 border-b border-white/10 px-3 py-2">
             <span className="h-2.5 w-2.5 rounded-full bg-brand-purple" />
@@ -849,6 +857,10 @@ function BlockedActionCard(props: { item: GuardApprovalRequest }) {
 }
 
 function actionDisplayTitle(item: GuardApprovalRequest): string {
+  const v2Title = resolveDecisionV2Title(item);
+  if (v2Title !== null) {
+    return v2Title;
+  }
   const artifactName = displayArtifactName(item);
   if (item.artifact_type === "tool_action_request") {
     return `${harnessDisplayName(item.harness)} wants to run a tool`;
@@ -866,23 +878,7 @@ function actionDisplayTitle(item: GuardApprovalRequest): string {
 }
 
 function actionLaunchText(item: GuardApprovalRequest): string {
-  if (item.action_envelope_json) {
-    const envelopeText = resolveEnvelopeDisplayText(item.action_envelope_json);
-    if (envelopeText !== null) {
-      return envelopeText;
-    }
-  }
-  if (item.launch_target?.trim()) {
-    return item.launch_target;
-  }
-  if (item.launch_summary?.trim()) {
-    const commandMatch = item.launch_summary.match(/`([^`]+)`/);
-    if (commandMatch?.[1]) {
-      return commandMatch[1];
-    }
-    return item.launch_summary;
-  }
-  return displayArtifactName(item);
+  return resolveStoppedCommandText(item);
 }
 
 function getRulePreviewText(

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/dashboard/src/approval-center-utils.ts

@@ -209,6 +209,36 @@ function capitalizeHarness(harness: string): string {
   return `${harness.charAt(0).toUpperCase()}${harness.slice(1)}`;
 }
 
+export function resolveDecisionV2Title(item: GuardApprovalRequest): string | null {
+  const title = item.decision_v2_json?.user_title;
+  return title !== undefined && title.trim().length > 0 ? title : null;
+}
+
+export function resolveDecisionV2Detail(item: GuardApprovalRequest): string | null {
+  const detail = item.decision_v2_json?.dashboard_primary_detail;
+  return detail !== undefined && detail.trim().length > 0 ? detail : null;
+}
+
+export function resolveStoppedCommandText(item: GuardApprovalRequest): string {
+  if (item.action_envelope_json) {
+    const envelopeText = resolveEnvelopeDisplayText(item.action_envelope_json);
+    if (envelopeText !== null) {
+      return envelopeText;
+    }
+  }
+  if (item.launch_target?.trim()) {
+    return item.launch_target;
+  }
+  if (item.launch_summary?.trim()) {
+    const commandMatch = item.launch_summary.match(/`([^`]+)`/);
+    if (commandMatch?.[1]) {
+      return commandMatch[1];
+    }
+    return item.launch_summary;
+  }
+  return item.artifact_name.trim() || item.artifact_id;
+}
+
 export function harnessDisplayName(harness: string): string {
   switch (harness) {
     case "claude-code":

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/dashboard/src/guard-api.test.ts

@@ -1,6 +1,16 @@
-import { buildDemoRuntimeSnapshot, normalizeApprovalRequest, parseActionEnvelope } from "./guard-api";
-import { resolveEnvelopeDisplayText } from "./approval-center-utils";
-import type { GuardActionEnvelope, GuardApprovalRequest } from "./guard-types";
+import {
+  buildDemoRuntimeSnapshot,
+  normalizeApprovalRequest,
+  parseActionEnvelope,
+  parseDecisionV2
+} from "./guard-api";
+import {
+  resolveDecisionV2Detail,
+  resolveDecisionV2Title,
+  resolveEnvelopeDisplayText,
+  resolveStoppedCommandText
+} from "./approval-center-utils";
+import type { GuardActionEnvelope, GuardApprovalRequest, GuardDecisionV2 } from "./guard-types";
 
 function assert(condition: boolean, message: string): void {
   if (!condition) {
@@ -146,3 +156,131 @@ assert(
   normalizedMalformedRequest.action_envelope_json === null,
   "T071: detail-route approval payloads normalize malformed envelopes before rendering"
 );
+
+const BASE_DECISION_V2: GuardDecisionV2 = {
+  action: "block",
+  reason: "Credential file access detected",
+  user_title: "Wants to read a credential file",
+  user_body: "The agent is attempting to read a file that may contain secrets.",
+  harness_message: "BLOCKED: credential file read",
+  dashboard_primary_detail: "cat ~/.aws/credentials",
+  approval_scopes: ["artifact", "workspace"],
+  retry_instruction: null,
+  signals: [
+    {
+      signal_id: "secret:filesystem:env",
+      category: "secret",
+      severity: "high",
+      confidence: "strong",
+      detector: "guard-risk-v2",
+      title: "Secret file read",
+      plain_reason: "The action can read a credential file.",
+      technical_detail: null,
+      evidence_ref: "metadata.path_class",
+      redaction_level: "summary",
+      false_positive_hint: null,
+      advisory_id: null
+    }
+  ],
+  confidence: "strong"
+};
+
+assert(parseDecisionV2(undefined) === null, "T080: missing decision_v2_json falls back to null");
+assert(parseDecisionV2(null) === null, "T080: null decision_v2_json falls back to null");
+assert(parseDecisionV2({}) === null, "T080: empty object falls back to null");
+assert(parseDecisionV2("block") === null, "T080: string decision_v2_json falls back to null");
+assert(
+  parseDecisionV2({ ...BASE_DECISION_V2, action: "unknown_action" }) === null,
+  "T080: invalid action value falls back to null"
+);
+assert(
+  parseDecisionV2({ ...BASE_DECISION_V2, confidence: "unsure" }) === null,
+  "T080: invalid confidence value falls back to null"
+);
+assert(
+  parseDecisionV2({ ...BASE_DECISION_V2, approval_scopes: [42] }) === null,
+  "T080: non-string approval_scopes element falls back to null"
+);
+assert(
+  parseDecisionV2({ ...BASE_DECISION_V2, signals: [{ ...BASE_DECISION_V2.signals[0], signal_id: 1 }] }) === null,
+  "T080: invalid signal_id type falls back to null"
+);
+assert(
+  parseDecisionV2({ ...BASE_DECISION_V2, signals: [{ ...BASE_DECISION_V2.signals[0], severity: "extreme" }] }) === null,
+  "T080: invalid signal severity falls back to null"
+);
+assert(
+  parseDecisionV2({ ...BASE_DECISION_V2, signals: [{ ...BASE_DECISION_V2.signals[0], redaction_level: "full" }] }) ===
+    null,
+  "T080: invalid signal redaction level falls back to null"
+);
+
+const parsedDecisionV2 = parseDecisionV2(BASE_DECISION_V2);
+assert(parsedDecisionV2 !== null, "T080: valid decision_v2 object parses correctly");
+assert(parsedDecisionV2?.action === "block", "T080: parsed action matches source");
+assert(parsedDecisionV2?.user_title === "Wants to read a credential file", "T080: parsed user_title matches source");
+assert(parsedDecisionV2?.dashboard_primary_detail === "cat ~/.aws/credentials", "T080: parsed dashboard_primary_detail matches source");
+assert(parsedDecisionV2?.confidence === "strong", "T080: parsed confidence matches source");
+assert(parsedDecisionV2?.retry_instruction === null, "T080: null retry_instruction preserved");
+assert(parsedDecisionV2?.signals.length === 1, "T080: signals array length preserved");
+assert(parsedDecisionV2?.signals[0].signal_id === "secret:filesystem:env", "T080: signal_id preserved");
+
+const normalizedWithV2 = normalizeApprovalRequest({ ...BASE_REQUEST, decision_v2_json: BASE_DECISION_V2 });
+assert(normalizedWithV2.decision_v2_json !== null, "T081: valid decision_v2_json normalizes to non-null");
+assert(
+  normalizedWithV2.decision_v2_json?.user_title === "Wants to read a credential file",
+  "T081: normalized user_title preserved"
+);
+
+const normalizedMalformedV2 = normalizeApprovalRequest({
+  ...BASE_REQUEST,
+  decision_v2_json: { action: "not-a-real-action" }
+});
+assert(normalizedMalformedV2.decision_v2_json === null, "T081: malformed decision_v2_json normalizes to null");
+
+const normalizedMissingV2 = normalizeApprovalRequest({ ...BASE_REQUEST });
+assert(normalizedMissingV2.decision_v2_json === null, "T081: absent decision_v2_json normalizes to null");
+
+const requestWithV2: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  decision_v2_json: BASE_DECISION_V2
+};
+
+assert(
+  resolveDecisionV2Title(requestWithV2) === "Wants to read a credential file",
+  "T082: resolveDecisionV2Title returns user_title when decision_v2_json present"
+);
+assert(
+  resolveDecisionV2Detail(requestWithV2) === "cat ~/.aws/credentials",
+  "T082: resolveDecisionV2Detail returns dashboard_primary_detail when decision_v2_json present"
+);
+assert(
+  resolveStoppedCommandText(requestWithV2) === "git status",
+  "T082: stopped command remains launch target when decision detail is present"
+);
+assert(
+  resolveDecisionV2Title(BASE_REQUEST) === null,
+  "T082: resolveDecisionV2Title returns null when decision_v2_json absent"
+);
+assert(
+  resolveDecisionV2Detail(BASE_REQUEST) === null,
+  "T082: resolveDecisionV2Detail returns null when decision_v2_json absent"
+);
+
+const requestWithWhitespaceV2Title: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  decision_v2_json: { ...BASE_DECISION_V2, user_title: "   " }
+};
+assert(
+  resolveDecisionV2Title(requestWithWhitespaceV2Title) === null,
+  "T082: resolveDecisionV2Title returns null for whitespace-only user_title"
+);
+
+const requestWithEmptyV2Detail: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  decision_v2_json: { ...BASE_DECISION_V2, dashboard_primary_detail: "" }
+};
+assert(
+  resolveDecisionV2Detail(requestWithEmptyV2Detail) === null,
+  "T082: resolveDecisionV2Detail returns null for empty dashboard_primary_detail"
+);

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/dashboard/src/guard-api.ts

@@ -1,15 +1,27 @@
-import { GUARD_ACTION_TYPES } from "./guard-types";
+import {
+  GUARD_ACTION_TYPES,
+  GUARD_DECISION_V2_ACTIONS,
+  GUARD_DECISION_V2_CONFIDENCES,
+  GUARD_RISK_SIGNAL_V2_CATEGORIES,
+  GUARD_RISK_SIGNAL_V2_REDACTION_LEVELS,
+  GUARD_RISK_SIGNAL_V2_SEVERITIES
+} from "./guard-types";
 import type {
   GuardActionEnvelope,
   GuardActionType,
   GuardApprovalRequest,
   GuardArtifactDiff,
+  GuardDecisionV2,
   GuardInventoryItem,
   GuardPolicyDecision,
   GuardReceipt,
   GuardRuntimeSnapshot,
   GuardSettingsPayload,
-  GuardSettings
+  GuardSettings,
+  RiskSignalV2,
+  RiskSignalV2Category,
+  RiskSignalV2RedactionLevel,
+  RiskSignalV2Severity
 } from "./guard-types";
 import {
   getDemoDiff,
@@ -23,8 +35,9 @@ import {
 const GUARD_TOKEN_PARAM = "guard-token";
 const GUARD_DAEMON_PARAM = "guardDaemon";
 
-type RawGuardApprovalRequest = Omit<GuardApprovalRequest, "action_envelope_json"> & {
+type RawGuardApprovalRequest = Omit<GuardApprovalRequest, "action_envelope_json" | "decision_v2_json"> & {
   action_envelope_json?: unknown;
+  decision_v2_json?: unknown;
 };
 
 type ApprovalRequestListPayload = {
@@ -158,6 +171,10 @@ function isStringArray(value: unknown): value is string[] {
   return Array.isArray(value) && value.every((item): item is string => typeof item === "string");
 }
 
+function isNonEmptyString(value: unknown): value is string {
+  return typeof value === "string" && value.trim().length > 0;
+}
+
 export function parseActionEnvelope(raw: unknown): GuardActionEnvelope | null {
   if (!isRecord(raw)) {
     return null;
@@ -231,8 +248,99 @@ export function parseActionEnvelope(raw: unknown): GuardActionEnvelope | null {
   };
 }
 
+function isDecisionV2Action(value: unknown): value is GuardDecisionV2["action"] {
+  return typeof value === "string" && GUARD_DECISION_V2_ACTIONS.some((a) => a === value);
+}
+
+function isDecisionV2Confidence(value: unknown): value is GuardDecisionV2["confidence"] {
+  return typeof value === "string" && GUARD_DECISION_V2_CONFIDENCES.some((c) => c === value);
+}
+
+function isRiskSignalV2Category(value: unknown): value is RiskSignalV2Category {
+  return typeof value === "string" && GUARD_RISK_SIGNAL_V2_CATEGORIES.some((category) => category === value);
+}
+
+function isRiskSignalV2Severity(value: unknown): value is RiskSignalV2Severity {
+  return typeof value === "string" && GUARD_RISK_SIGNAL_V2_SEVERITIES.some((s) => s === value);
+}
+
+function isRiskSignalV2RedactionLevel(value: unknown): value is RiskSignalV2RedactionLevel {
+  return typeof value === "string" && GUARD_RISK_SIGNAL_V2_REDACTION_LEVELS.some((level) => level === value);
+}
+
+function isRiskSignalV2Array(value: unknown): value is RiskSignalV2[] {
+  if (!Array.isArray(value)) {
+    return false;
+  }
+  return value.every((item) => {
+    if (!isRecord(item)) {
+      return false;
+    }
+    return (
+      isNonEmptyString(item["signal_id"]) &&
+      isRiskSignalV2Category(item["category"]) &&
+      isRiskSignalV2Severity(item["severity"]) &&
+      isDecisionV2Confidence(item["confidence"]) &&
+      isNonEmptyString(item["detector"]) &&
+      isNonEmptyString(item["title"]) &&
+      isNonEmptyString(item["plain_reason"]) &&
+      isStringOrNull(item["technical_detail"]) &&
+      isStringOrNull(item["evidence_ref"]) &&
+      isRiskSignalV2RedactionLevel(item["redaction_level"]) &&
+      isStringOrNull(item["false_positive_hint"]) &&
+      isStringOrNull(item["advisory_id"])
+    );
+  });
+}
+
+export function parseDecisionV2(raw: unknown): GuardDecisionV2 | null {
+  if (!isRecord(raw)) {
+    return null;
+  }
+  const action = raw["action"];
+  const reason = raw["reason"];
+  const userTitle = raw["user_title"];
+  const userBody = raw["user_body"];
+  const harnessMessage = raw["harness_message"];
+  const dashboardPrimaryDetail = raw["dashboard_primary_detail"];
+  const approvalScopes = raw["approval_scopes"];
+  const retryInstruction = raw["retry_instruction"];
+  const signals = raw["signals"];
+  const confidence = raw["confidence"];
+  if (
+    !isDecisionV2Action(action) ||
+    !isNonEmptyString(reason) ||
+    !isNonEmptyString(userTitle) ||
+    !isNonEmptyString(userBody) ||
+    !isNonEmptyString(harnessMessage) ||
+    !isNonEmptyString(dashboardPrimaryDetail) ||
+    !isStringArray(approvalScopes) ||
+    !isStringOrNull(retryInstruction) ||
+    !isRiskSignalV2Array(signals) ||
+    !isDecisionV2Confidence(confidence)
+  ) {
+    return null;
+  }
+  return {
+    action,
+    reason,
+    user_title: userTitle,
+    user_body: userBody,
+    harness_message: harnessMessage,
+    dashboard_primary_detail: dashboardPrimaryDetail,
+    approval_scopes: approvalScopes,
+    retry_instruction: retryInstruction,
+    signals,
+    confidence
+  };
+}
+
 export function normalizeApprovalRequest(item: RawGuardApprovalRequest): GuardApprovalRequest {
-  return { ...item, action_envelope_json: parseActionEnvelope(item.action_envelope_json) };
+  return {
+    ...item,
+    action_envelope_json: parseActionEnvelope(item.action_envelope_json),
+    decision_v2_json: parseDecisionV2(item.decision_v2_json)
+  };
 }
 
 function normalizeApprovalRequests(items: RawGuardApprovalRequest[] | null | undefined): GuardApprovalRequest[] {

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/dashboard/src/guard-types.ts

@@ -15,6 +15,62 @@ export const GUARD_ACTION_TYPES = [
 
 export type GuardActionType = (typeof GUARD_ACTION_TYPES)[number];
 
+export const GUARD_DECISION_V2_ACTIONS = ["allow", "warn", "ask", "block"] as const;
+export const GUARD_DECISION_V2_CONFIDENCES = ["weak", "likely", "strong"] as const;
+export const GUARD_RISK_SIGNAL_V2_CATEGORIES = [
+  "secret",
+  "network",
+  "prompt",
+  "mcp",
+  "skill",
+  "supply_chain",
+  "encoded",
+  "persistence",
+  "bypass",
+  "false_positive",
+  "filesystem",
+  "execution",
+  "publisher",
+  "policy",
+  "provenance"
+] as const;
+export const GUARD_RISK_SIGNAL_V2_SEVERITIES = ["info", "low", "medium", "high", "critical"] as const;
+export const GUARD_RISK_SIGNAL_V2_REDACTION_LEVELS = ["none", "summary", "redacted"] as const;
+
+export type GuardDecisionV2Action = (typeof GUARD_DECISION_V2_ACTIONS)[number];
+export type GuardDecisionV2Confidence = (typeof GUARD_DECISION_V2_CONFIDENCES)[number];
+export type RiskSignalV2Category = (typeof GUARD_RISK_SIGNAL_V2_CATEGORIES)[number];
+export type RiskSignalV2Severity = (typeof GUARD_RISK_SIGNAL_V2_SEVERITIES)[number];
+export type RiskSignalV2RedactionLevel = (typeof GUARD_RISK_SIGNAL_V2_REDACTION_LEVELS)[number];
+
+export type RiskSignalV2 = {
+  signal_id: string;
+  category: RiskSignalV2Category;
+  severity: RiskSignalV2Severity;
+  confidence: GuardDecisionV2Confidence;
+  detector: string;
+  title: string;
+  plain_reason: string;
+  technical_detail: string | null;
+  evidence_ref: string | null;
+  redaction_level: RiskSignalV2RedactionLevel;
+  false_positive_hint: string | null;
+  advisory_id: string | null;
+};
+
+export type GuardDecisionV2 = {
+  action: GuardDecisionV2Action;
+  reason: string;
+  user_title: string;
+  user_body: string;
+  harness_message: string;
+  dashboard_primary_detail: string;
+  approval_scopes: string[];
+  retry_instruction: string | null;
+  signals: RiskSignalV2[];
+  confidence: GuardDecisionV2Confidence;
+};
+
 export type GuardActionEnvelope = {
   schema_version: number;
   action_id: string;
@@ -74,6 +130,7 @@ export type GuardApprovalRequest = {
   created_at: string;
   resolved_at: string | null;
   action_envelope_json?: GuardActionEnvelope | null;
+  decision_v2_json?: GuardDecisionV2 | null;
 };
 
 export type GuardRuntimeState = {

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "plugin-scanner"
-version = "2.0.101"
+version = "2.0.103"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/pyproject.toml.bak

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "hol-guard"
-version = "2.0.101"
+version = "2.0.103"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

plugin_scanner-2.0.103/src/codex_plugin_scanner/guard/adapters/cloud_identity.py

@@ -0,0 +1,88 @@
+"""Guard Cloud agent identity hints for local harness adapters."""
+
+from __future__ import annotations
+
+import json
+import sqlite3
+from pathlib import Path
+
+from .base import HarnessContext
+
+_SERVICE_RUNTIME_PROFILE_STATE_KEY = "service_runtime_profile"
+_PROFILE_FIELDS = (
+    "runtime",
+    "label",
+    "workspace",
+    "surface",
+    "client_name",
+    "client_title",
+    "client_version",
+    "agent_id",
+    "principal_id",
+)
+_ENV_FIELDS = {
+    "runtime": "RUNTIME",
+    "label": "LABEL",
+    "workspace": "WORKSPACE",
+    "agent_id": "AGENT_ID",
+    "principal_id": "PRINCIPAL_ID",
+}
+
+
+def cloud_agent_identity_hints(
+    context: HarnessContext,
+    *,
+    runtime: str,
+) -> dict[str, str] | None:
+    payload = _read_service_runtime_profile(context.guard_home / "guard.db")
+    if payload is None or _string_field(payload, "runtime") != runtime:
+        return None
+    hints = {field: value for field in _PROFILE_FIELDS if (value := _string_field(payload, field)) is not None}
+    return hints if hints else None
+
+
+def cloud_agent_identity_environment(
+    identity: object,
+    *,
+    prefix: str,
+) -> dict[str, str]:
+    if not isinstance(identity, dict):
+        return {}
+    env: dict[str, str] = {}
+    for field, suffix in _ENV_FIELDS.items():
+        value = identity.get(field)
+        if isinstance(value, str) and value:
+            env[f"{prefix}_GUARD_CLOUD_{suffix}"] = value
+    return env
+
+
+def _read_service_runtime_profile(db_path: Path) -> dict[str, object] | None:
+    if not db_path.exists():
+        return None
+    try:
+        db_uri = f"{db_path.resolve().as_uri()}?mode=ro"
+        connection = sqlite3.connect(db_uri, uri=True)
+        try:
+            row = connection.execute(
+                "select payload_json from sync_state where state_key = ?",
+                (_SERVICE_RUNTIME_PROFILE_STATE_KEY,),
+            ).fetchone()
+        finally:
+            connection.close()
+    except (OSError, sqlite3.Error):
+        return None
+    if row is None:
+        return None
+    try:
+        payload = json.loads(str(row[0]))
+    except json.JSONDecodeError:
+        return None
+    return payload if isinstance(payload, dict) else None
+
+
+def _string_field(payload: dict[str, object], field: str) -> str | None:
+    value = payload.get(field)
+    if not isinstance(value, str):
+        return None
+    stripped = value.strip()
+    return stripped or None

{plugin_scanner-2.0.101 → plugin_scanner-2.0.103}/src/codex_plugin_scanner/guard/adapters/hermes.py

@@ -16,6 +16,7 @@ from pathlib import Path
 from ..models import GuardArtifact, HarnessDetection
 from ..shims import install_guard_shim, remove_guard_shim
 from .base import HarnessAdapter, HarnessContext, _command_available, _json_payload, _run_command_probe
+from .cloud_identity import cloud_agent_identity_environment, cloud_agent_identity_hints
 
 # Optional: PyYAML is preferred when available for robust YAML parsing.
 # The adapter works without it via a line-based fallback parser.
@@ -83,6 +84,7 @@ class HermesHarnessAdapter(HarnessAdapter):
         )
         source_configs = _load_mcp_server_sources(context.home_dir / ".hermes")
         overlay_servers = _overlay_servers(context=context, source_configs=source_configs)
+        cloud_identity = cloud_agent_identity_hints(context, runtime=self.harness)
         overlay_path.write_text(json.dumps(overlay_servers, indent=2) + "\n", encoding="utf-8")
         pretool_path.write_text(
             json.dumps(_pretool_payload(context=context), indent=2) + "\n",
@@ -109,6 +111,8 @@ class HermesHarnessAdapter(HarnessAdapter):
                 *[str(note) for note in shim_manifest.get("notes", [])],
             ],
         }
+        if cloud_identity is not None:
+            manifest["cloud_agent_identity"] = cloud_identity
         manifest_path.write_text(json.dumps(manifest, indent=2) + "\n", encoding="utf-8")
         return manifest
 
@@ -147,10 +151,17 @@ class HermesHarnessAdapter(HarnessAdapter):
         pretool_path = manifest.get("pretool_hook_path")
         if not isinstance(overlay_path, str) or not isinstance(pretool_path, str):
             return {}
-        return {
+        environment = {
             "HERMES_GUARD_MCP_OVERLAY_PATH": overlay_path,
             "HERMES_GUARD_PRETOOL_PATH": pretool_path,
         }
+        environment.update(
+            cloud_agent_identity_environment(
+                cloud_agent_identity_hints(context, runtime=self.harness),
+                prefix="HERMES",
+            )
+        )
+        return environment
 
     def runtime_probe(self, context: HarnessContext) -> dict[str, object] | None:
         manifest = _json_payload(_managed_root(context) / "manifest.json")
@@ -165,6 +176,7 @@ class HermesHarnessAdapter(HarnessAdapter):
                 and isinstance(pretool_path, str)
                 and Path(pretool_path).exists()
             ),
+            "cloud_agent_identity_configured": bool(cloud_agent_identity_hints(context, runtime=self.harness)),
         }
 
     def approval_flow(self, *, managed_install: dict[str, object] | None = None) -> dict[str, object]: