plugin-scanner 2.0.104__tar.gz → 2.0.106__tar.gz

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.104
+Version: 2.0.106
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "plugin-scanner"
-version = "2.0.104"
+version = "2.0.106"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/pyproject.toml.bak

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "hol-guard"
-version = "2.0.104"
+version = "2.0.106"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/cli/commands.py

@@ -1043,10 +1043,12 @@ def run_guard_command(
         if args.harness:
             adapter = get_adapter(args.harness)
             payload = adapter.diagnostics(context)
+            payload["runtime_detector_registry"] = _runtime_detector_registry_payload(config)
         else:
             payload = {
                 "tables": store.list_table_names(),
                 "adapters": [detection.to_dict() for detection in detect_all(context)],
+                "runtime_detector_registry": _runtime_detector_registry_payload(config),
             }
         _emit("doctor", payload, getattr(args, "json", False))
         return 0
@@ -3049,6 +3051,15 @@ def _guard_cli_settings_payload(config: GuardConfig) -> dict[str, object]:
     }
 
 
+def _runtime_detector_registry_payload(config: GuardConfig) -> dict[str, object]:
+    return {
+        "enabled": config.runtime_detector_registry,
+        "debug_trace": config.runtime_detector_debug_trace,
+        "timeout_ms": config.runtime_detector_timeout_ms,
+        "disabled_detector_ids": list(config.runtime_detector_disabled_ids),
+    }
+
+
 def _update_guard_cli_settings(*, args: argparse.Namespace, config: GuardConfig, guard_home: Path) -> GuardConfig:
     settings_command = getattr(args, "settings_set_command", None)
     if settings_command == "security-level":

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/cli/render.py

@@ -293,6 +293,11 @@ def _render_doctor(console: Console, payload: dict[str, object]) -> None:
     summary.add_row("Installed", _bool_label(bool(payload.get("installed"))))
     summary.add_row("Command", _bool_label(bool(payload.get("command_available"))))
     summary.add_row("Artifacts", str(len(_coerce_dict_list(payload.get("artifacts")))))
+    registry = payload.get("runtime_detector_registry")
+    if isinstance(registry, dict):
+        registry_state = "enabled" if bool(registry.get("enabled")) else "disabled"
+        timeout_ms = registry.get("timeout_ms")
+        summary.add_row("Detector registry", f"{registry_state}, {timeout_ms} ms")
     summary.add_row("Warnings", str(len(warnings)))
     console.print(Panel(summary, title="Guard doctor", border_style="cyan"))
     if warnings:

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/config.py

@@ -178,6 +178,7 @@ class GuardConfig:
     billing: bool = False
     runtime_detector_registry: bool = False
     runtime_detector_timeout_ms: int = 50
+    runtime_detector_debug_trace: bool = False
     runtime_detector_disabled_ids: tuple[str, ...] = ()
     risk_actions: dict[str, GuardAction] | None = None
     harness_risk_actions: dict[str, dict[str, GuardAction]] | None = None
@@ -257,6 +258,7 @@ def load_guard_config(guard_home: Path, workspace: Path | None = None) -> GuardC
         billing=bool(merged.get("billing", False)),
         runtime_detector_registry=_coerce_loaded_bool(merged.get("runtime_detector_registry", False)),
         runtime_detector_timeout_ms=_coerce_loaded_positive_int(merged.get("runtime_detector_timeout_ms", 50), 50),
+        runtime_detector_debug_trace=_coerce_loaded_bool(merged.get("runtime_detector_debug_trace", False)),
         runtime_detector_disabled_ids=_coerce_loaded_string_tuple(merged.get("runtime_detector_disabled_ids")),
         harness_actions=_coerce_action_map(merged.get("harnesses")),
         publisher_actions=_coerce_action_map(merged.get("publishers")),

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/risk.py

@@ -8,6 +8,7 @@ from pathlib import PurePath
 from urllib.parse import urlsplit
 
 from .models import GuardArtifact
+from .runtime.secret_sensitivity import classify_legacy_secret_path_families
 from .runtime.signals import RiskSignalV2
 from .types import GuardSignal
 
@@ -305,12 +306,7 @@ def extract_network_hosts(text: str) -> set[str]:
 def classify_secret_paths(text: str) -> set[str]:
     """Classify secret-bearing file families referenced in text."""
 
-    lowered = text.lower()
-    classes: set[str] = set()
-    for pattern, label in _SECRET_PATH_LABELS:
-        if pattern in lowered:
-            classes.add(label)
-    return classes
+    return classify_legacy_secret_path_families(text)
 
 
 def detect_encoded_command(text: str) -> list[GuardSignal]:

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/runtime/actions.py

@@ -11,6 +11,7 @@ from pathlib import Path, PureWindowsPath
 from typing import Literal
 
 from ..redaction import redact_text
+from .secret_sensitivity import redacted_secret_path_context
 
 GuardActionType = Literal[
     "prompt",
@@ -43,7 +44,23 @@ _SCHEMA_VERSION = 1
 _SHELL_TOOL_NAMES = frozenset({"bash", "shell", "sh", "zsh", "terminal", "run_command", "run_terminal_command"})
 _FILE_READ_TOOL_NAMES = frozenset({"read", "read_file", "open_file", "view", "view_file", "cat_file"})
 _FILE_WRITE_TOOL_NAMES = frozenset({"write", "edit", "multiedit", "write_file", "edit_file"})
-_PATH_KEYS = ("path", "file_path", "filePath", "filepath", "file", "filename", "target_path", "targetPath")
+_PATH_KEYS = (
+    "path",
+    "paths",
+    "file_path",
+    "file_paths",
+    "filePath",
+    "filePaths",
+    "filepath",
+    "file",
+    "files",
+    "filename",
+    "filenames",
+    "target_path",
+    "target_paths",
+    "targetPath",
+    "targetPaths",
+)
 _COMMAND_KEYS = ("command", "cmd", "shell_command", "shellCommand")
 _SENSITIVE_RAW_KEYS = frozenset(
     {
@@ -652,6 +669,8 @@ def _target_paths(
         value = tool_input.get(key)
         if isinstance(value, str) and value.strip():
             paths.append(value.strip())
+        elif isinstance(value, list):
+            paths.extend(item.strip() for item in value if isinstance(item, str) and item.strip())
     for text in (command, prompt_text):
         if text is not None:
             paths.extend(match.group("path") for match in _PROMPT_PATH_PATTERN.finditer(text))
@@ -687,14 +706,25 @@ def _redacted_target_path(path: str, *, home_dir: Path | str | None) -> str | No
     if stripped == "~" or stripped.startswith("~/"):
         return redact_text(stripped).text
     if stripped.startswith("~"):
+        secret_context = redacted_secret_path_context(stripped)
+        if secret_context is not None:
+            return secret_context
         target_name = Path(stripped).name or "path"
         return f".../{target_name}"
     windows_path = PureWindowsPath(stripped)
     if windows_path.is_absolute():
+        secret_context = redacted_secret_path_context(stripped)
+        if secret_context is not None:
+            return secret_context
         target_name = windows_path.name or "path"
         return f".../{target_name}"
     if _is_absolute_target_path(stripped):
-        return redacted_workspace_label(stripped, home_dir=home_dir)
+        redacted_path = redacted_workspace_label(stripped, home_dir=home_dir)
+        if redacted_path.startswith(".../"):
+            secret_context = redacted_secret_path_context(stripped)
+            if secret_context is not None:
+                return secret_context
+        return redacted_path
     return redact_text(stripped).text
 
 

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/runtime/detectors.py

@@ -10,6 +10,7 @@ from typing import Literal, Protocol
 
 from codex_plugin_scanner.guard.config import GuardConfig
 from codex_plugin_scanner.guard.runtime.actions import GuardActionEnvelope
+from codex_plugin_scanner.guard.runtime.secret_sensitivity import SecretPathMatch, classify_secret_path
 from codex_plugin_scanner.guard.runtime.signals import RiskSignalCategory, RiskSignalV2
 
 DETECTOR_CATEGORY_TAGS: tuple[RiskSignalCategory, ...] = (
@@ -124,14 +125,55 @@ class DetectorRegistry:
         return DetectorRunResult(signals=tuple(signals), telemetry=tuple(telemetry))
 
 
+class SecretPathDetector:
+    detector_id = "secret.path"
+    categories: tuple[RiskSignalCategory, ...] = ("secret",)
+
+    def detect(self, action: GuardActionEnvelope, context: DetectorContext) -> tuple[RiskSignalV2, ...]:
+        if action.action_type != "file_read":
+            return ()
+        matches = tuple(_secret_path_matches(action.target_paths, workspace=context.workspace))
+        return tuple(_secret_path_signal(match, index=index) for index, match in enumerate(matches))
+
+
 def register_default_detectors() -> tuple[GuardDetector, ...]:
-    return ()
+    return (SecretPathDetector(),)
+
+
+def _secret_path_signal(match: SecretPathMatch, *, index: int) -> RiskSignalV2:
+    return RiskSignalV2(
+        signal_id=f"secret:path:{_slug(match.family)}:{index}",
+        category="secret",
+        severity="high",
+        confidence="strong",
+        detector="secret.path",
+        title=f"Direct access to {match.family}",
+        plain_reason=f"Requested direct access to {match.family}.",
+        technical_detail=f"matched secret path family: {match.family}",
+        evidence_ref="target_paths",
+        redaction_level="summary",
+        false_positive_hint="Allow only if this tool needs the exact local secret file for the current task.",
+        advisory_id=None,
+    )
+
+
+def _secret_path_matches(paths: Sequence[str], *, workspace: Path | None) -> tuple[SecretPathMatch, ...]:
+    matches: list[SecretPathMatch] = []
+    for path in paths:
+        match = classify_secret_path(path, cwd=workspace)
+        if match is not None:
+            matches.append(match)
+    return tuple(matches)
 
 
 def _elapsed_ms(started_at: float, finished_at: float) -> int:
     return max(0, round((finished_at - started_at) * 1000))
 
 
+def _slug(value: str) -> str:
+    return "-".join(part for part in value.lower().replace(".", " ").replace("/", " ").split() if part)
+
+
 def _telemetry(
     detector: GuardDetector,
     status: DetectorRunStatus,

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/runtime/runner.py

@@ -26,7 +26,7 @@ from ..models import GuardArtifact, HarnessDetection, PolicyDecision
 from ..store import GuardStore
 from ..types import PromptRequest, RemediationAction
 from .actions import GuardActionEnvelope, redacted_workspace_label
-from .detectors import DetectorContext, DetectorRegistry, register_default_detectors
+from .detectors import DetectorContext, DetectorRegistry, DetectorRunResult, register_default_detectors
 
 _APPROVAL_METADATA_KEYS = (
     "approval_center_url",
@@ -365,13 +365,63 @@ def _evaluation_with_detector_registry(
         timeout_ms=config.runtime_detector_timeout_ms,
         disabled_detector_ids=config.runtime_detector_disabled_ids,
     )
+    trace_error = (
+        _write_detector_debug_trace(config, action_envelope, result) if config.runtime_detector_debug_trace else None
+    )
     if not result.signals and not result.telemetry:
-        return evaluation
-    return {
+        if trace_error is None:
+            return evaluation
+        return {**evaluation, "runtime_detector_trace_error": trace_error}
+    next_evaluation = {
         **evaluation,
         "runtime_detector_signals_v2": [signal.to_dict() for signal in result.signals],
         "runtime_detector_telemetry": [item.to_dict() for item in result.telemetry],
     }
+    if trace_error is not None:
+        next_evaluation["runtime_detector_trace_error"] = trace_error
+    return next_evaluation
+
+
+def _write_detector_debug_trace(
+    config: GuardConfig,
+    action_envelope: GuardActionEnvelope,
+    result: DetectorRunResult,
+) -> dict[str, object] | None:
+    created_at = datetime.now(timezone.utc)
+    action_payload = action_envelope.to_dict()
+    trace_payload = {
+        "schema_version": 1,
+        "created_at": created_at.isoformat(),
+        "action": _redact_detector_debug_payload(action_payload),
+        "signals": [signal.to_dict() for signal in result.signals],
+        "telemetry": [item.to_dict() for item in result.telemetry],
+    }
+    trace_dir = config.guard_home / "debug" / "detectors"
+    action_digest = hashlib.sha256(
+        json.dumps(action_payload, sort_keys=True, default=str).encode("utf-8"),
+    ).hexdigest()[:12]
+    trace_path = trace_dir / f"{created_at.strftime('%Y%m%dT%H%M%S%fZ')}-{action_digest}.json"
+    try:
+        trace_dir.mkdir(parents=True, exist_ok=True)
+        trace_path.write_text(json.dumps(trace_payload, indent=2, sort_keys=True) + "\n", encoding="utf-8")
+    except OSError as error:
+        return {"error_type": type(error).__name__, "message": str(error)}
+    return None
+
+
+def _redact_detector_debug_payload(value: object) -> object:
+    if isinstance(value, dict):
+        redacted: dict[str, object] = {}
+        for key, item in value.items():
+            key_text = str(key)
+            if "prompt" in key_text.lower():
+                redacted[key_text] = "[redacted]"
+            else:
+                redacted[key_text] = _redact_detector_debug_payload(item)
+        return redacted
+    if isinstance(value, (tuple, list)):
+        return [_redact_detector_debug_payload(item) for item in value]
+    return value
 
 
 def _guard_run_config_paths(

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py

@@ -16,6 +16,8 @@ from dataclasses import dataclass
 from pathlib import Path
 
 from ..models import GuardArtifact
+from .secret_sensitivity import SecretPathMatch as SensitivePathMatch
+from .secret_sensitivity import classify_secret_path
 
 _FILE_READ_TOOL_NAMES = frozenset(
     {
@@ -359,16 +361,6 @@ _SENSITIVE_PATH_REASONS = {
 }
 
 
-@dataclass(frozen=True, slots=True)
-class SensitivePathMatch:
-    """A normalized sensitive path classification."""
-
-    requested_path: str
-    normalized_path: str
-    path_class: str
-    reason: str
-
-
 @dataclass(frozen=True, slots=True)
 class FileReadRequestMatch:
     """A sensitive file-read tool call."""
@@ -405,41 +397,7 @@ def classify_sensitive_path(
 ) -> SensitivePathMatch | None:
     """Classify a path if it points at a high-confidence sensitive local file."""
 
-    if not isinstance(path, str):
-        return None
-    requested_path = path.strip().strip("'").strip('"')
-    if not requested_path:
-        return None
-    expanded_home = _expand_home(requested_path, home_dir)
-    normalized_path = _normalize_path(expanded_home, cwd)
-    lowered_segments = tuple(segment for segment in normalized_path.replace("\\", "/").lower().split("/") if segment)
-    if not lowered_segments:
-        return None
-    basename = lowered_segments[-1]
-    if basename == ".env" or basename.startswith(".env."):
-        return SensitivePathMatch(
-            requested_path=requested_path,
-            normalized_path=normalized_path,
-            path_class="local .env file",
-            reason=_SENSITIVE_PATH_REASONS["local .env file"],
-        )
-    if basename in _SENSITIVE_BASENAME_LABELS:
-        path_class = _SENSITIVE_BASENAME_LABELS[basename]
-        return SensitivePathMatch(
-            requested_path=requested_path,
-            normalized_path=normalized_path,
-            path_class=path_class,
-            reason=_SENSITIVE_PATH_REASONS[path_class],
-        )
-    for suffix, path_class in _SENSITIVE_SUFFIX_LABELS.items():
-        if lowered_segments[-len(suffix) :] == suffix:
-            return SensitivePathMatch(
-                requested_path=requested_path,
-                normalized_path=normalized_path,
-                path_class=path_class,
-                reason=_SENSITIVE_PATH_REASONS[path_class],
-            )
-    return None
+    return classify_secret_path(path, cwd=cwd, home_dir=home_dir)
 
 
 def extract_sensitive_file_read_request(

plugin_scanner-2.0.106/src/codex_plugin_scanner/guard/runtime/secret_sensitivity.py

@@ -0,0 +1,217 @@
+"""Shared secret path family classification for Guard runtime surfaces."""
+
+from __future__ import annotations
+
+import os
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Literal
+
+SecretSensitivity = Literal["high", "critical"]
+
+_AWS_CREDENTIALS_MARKER = "/".join((".aws", "credentials"))
+_DOCKER_CONFIG_MARKER = "/".join((".docker", "config.json"))
+_KUBE_CONFIG_MARKER = "/".join((".kube", "config"))
+
+SECRET_PATH_TEXT_MARKERS: tuple[tuple[str, str], ...] = (
+    (".env", "local .env file"),
+    (".npmrc", "npm registry credentials"),
+    (".pypirc", "Python package credentials"),
+    (_AWS_CREDENTIALS_MARKER, "AWS shared credentials file"),
+    (".ssh/", "SSH private key"),
+    (".gnupg/", "GnuPG key material"),
+    (_DOCKER_CONFIG_MARKER, "Docker client config"),
+    (_KUBE_CONFIG_MARKER, "Kubernetes config"),
+    ("terraform.tfvars", "Terraform variable secrets"),
+    (".git-credentials", "Git credential store"),
+)
+LEGACY_SECRET_PATH_TEXT_MARKERS: tuple[tuple[str, str], ...] = (
+    (".env", "local .env file"),
+    (".npmrc", "npm registry credentials"),
+    (".pypirc", "python package credentials"),
+    (".aws/" + "credentials", "aws shared credentials"),
+    (".ssh/", "ssh material"),
+    (".gnupg/", "gpg material"),
+    (".docker/" + "config.json", "docker credentials"),
+    (".kube/config", "kubeconfig"),
+    (".git-credentials", "git credential store"),
+)
+_SENSITIVE_BASENAME_LABELS = {
+    ".npmrc": "npm registry credentials",
+    ".pypirc": "Python package credentials",
+    ".netrc": "netrc credentials",
+    ".git-credentials": "Git credential store",
+    ".terraform.tfvars": "Terraform variable secrets",
+    "terraform.tfvars": "Terraform variable secrets",
+}
+_REDACTED_BASENAME_LABELS = {
+    "id_rsa": "SSH private key",
+    "id_ed25519": "SSH private key",
+    "id_ecdsa": "SSH private key",
+}
+_SENSITIVE_SUFFIX_LABELS = {
+    (".aws", "credentials"): "AWS shared credentials file",
+    (".aws", "config"): "AWS shared config file",
+    (".docker", "config.json"): "Docker client config",
+    (".kube", "config"): "Kubernetes config",
+    (".ssh", "id_rsa"): "SSH private key",
+    (".ssh", "id_ed25519"): "SSH private key",
+    (".ssh", "id_ecdsa"): "SSH private key",
+    (".ssh", "config"): "SSH client config",
+}
+_SENSITIVE_DIRECTORY_LABELS = {
+    ".gnupg": "GnuPG key material",
+}
+_SENSITIVE_PATH_REASONS = {
+    "local .env file": "Guard treats .env files as sensitive because they commonly store local secrets.",
+    "npm registry credentials": "Guard treats .npmrc as sensitive because it may contain registry tokens.",
+    "Python package credentials": "Guard treats .pypirc as sensitive because it may contain package credentials.",
+    "netrc credentials": "Guard treats .netrc as sensitive because it may contain login secrets.",
+    "Git credential store": "Guard treats .git-credentials as sensitive because it may contain repository credentials.",
+    "AWS shared credentials file": (
+        "Guard treats AWS shared credentials as sensitive because they contain cloud access keys."
+    ),
+    "AWS shared config file": "Guard treats AWS shared config as sensitive because it may contain credential profiles.",
+    "Docker client config": "Guard treats Docker client config as sensitive because it may contain registry auth.",
+    "Kubernetes config": "Guard treats Kubernetes config as sensitive because it may include cluster credentials.",
+    "SSH private key": "Guard treats SSH private keys as sensitive because they provide direct host access.",
+    "SSH client config": "Guard treats SSH config as sensitive because it may reveal or shape host credentials.",
+    "GnuPG key material": "Guard treats GnuPG key material as sensitive because it can unlock encrypted assets.",
+    "Terraform variable secrets": (
+        "Guard treats Terraform variable files as sensitive because they often contain secrets."
+    ),
+}
+
+
+@dataclass(frozen=True, slots=True)
+class SecretPathMatch:
+    family: str
+    path: str
+    sensitivity: SecretSensitivity
+    reason: str
+    requested_path: str = ""
+
+    @property
+    def normalized_path(self) -> str:
+        return self.path
+
+    @property
+    def path_class(self) -> str:
+        return self.family
+
+
+def classify_secret_path(
+    path: str | None,
+    *,
+    cwd: Path | None = None,
+    home_dir: Path | None = None,
+) -> SecretPathMatch | None:
+    if not isinstance(path, str):
+        return None
+    requested_path = path.strip().strip("'").strip('"')
+    if not requested_path:
+        return None
+    expanded_home = _expand_home(requested_path, home_dir)
+    normalized_path = _normalize_path(expanded_home, cwd)
+    lowered_segments = tuple(segment for segment in normalized_path.replace("\\", "/").lower().split("/") if segment)
+    if not lowered_segments:
+        return None
+    basename = lowered_segments[-1]
+    if basename == ".env" or basename.startswith(".env."):
+        return _match(
+            requested_path=requested_path,
+            normalized_path=normalized_path,
+            family="local .env file",
+            sensitivity="critical",
+        )
+    if basename in _SENSITIVE_BASENAME_LABELS:
+        return _match(
+            requested_path=requested_path,
+            normalized_path=normalized_path,
+            family=_SENSITIVE_BASENAME_LABELS[basename],
+            sensitivity="high",
+        )
+    if "..." in lowered_segments and basename in _REDACTED_BASENAME_LABELS:
+        family = _REDACTED_BASENAME_LABELS[basename]
+        sensitivity: SecretSensitivity = "critical" if family == "SSH private key" else "high"
+        return _match(
+            requested_path=requested_path,
+            normalized_path=normalized_path,
+            family=family,
+            sensitivity=sensitivity,
+        )
+    for directory, family in _SENSITIVE_DIRECTORY_LABELS.items():
+        if directory in lowered_segments:
+            return _match(
+                requested_path=requested_path,
+                normalized_path=normalized_path,
+                family=family,
+                sensitivity="high",
+            )
+    for suffix, family in _SENSITIVE_SUFFIX_LABELS.items():
+        if lowered_segments[-len(suffix) :] == suffix:
+            sensitivity: SecretSensitivity = "critical" if family == "SSH private key" else "high"
+            return _match(
+                requested_path=requested_path,
+                normalized_path=normalized_path,
+                family=family,
+                sensitivity=sensitivity,
+            )
+    return None
+
+
+def classify_secret_path_families(text: str) -> set[str]:
+    lowered = text.lower()
+    return {family for marker, family in SECRET_PATH_TEXT_MARKERS if marker in lowered}
+
+
+def classify_legacy_secret_path_families(text: str) -> set[str]:
+    lowered = text.lower()
+    return {family for marker, family in LEGACY_SECRET_PATH_TEXT_MARKERS if marker in lowered}
+
+
+def redacted_secret_path_context(path: str) -> str | None:
+    segments = tuple(segment for segment in path.replace("\\", "/").split("/") if segment)
+    lowered_segments = tuple(segment.lower() for segment in segments)
+    if not lowered_segments:
+        return None
+    for suffix in _SENSITIVE_SUFFIX_LABELS:
+        if lowered_segments[-len(suffix) :] == suffix:
+            return ".../" + "/".join(suffix)
+    for directory in _SENSITIVE_DIRECTORY_LABELS:
+        if directory in lowered_segments and len(segments) > 1:
+            return f".../{directory}/{segments[-1]}"
+    return None
+
+
+def _match(
+    *,
+    requested_path: str,
+    normalized_path: str,
+    family: str,
+    sensitivity: SecretSensitivity,
+) -> SecretPathMatch:
+    return SecretPathMatch(
+        family=family,
+        path=normalized_path,
+        sensitivity=sensitivity,
+        reason=_SENSITIVE_PATH_REASONS[family],
+        requested_path=requested_path,
+    )
+
+
+def _expand_home(value: str, home_dir: Path | None) -> str:
+    if value == "~":
+        return str(home_dir or Path.home())
+    if value.startswith("~/") or value.startswith("~\\"):
+        base = home_dir or Path.home()
+        return str(base / value[2:])
+    return value
+
+
+def _normalize_path(value: str, cwd: Path | None) -> str:
+    if os.path.isabs(value):
+        return os.path.normpath(value)
+    if cwd is not None:
+        return os.path.normpath(os.path.join(str(cwd), value))
+    return os.path.normpath(value)

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/src/codex_plugin_scanner/version.py

@@ -1,3 +1,3 @@
 """Single source of truth for tool version."""
 
-__version__ = "2.0.104"
+__version__ = "2.0.106"

{plugin_scanner-2.0.104 → plugin_scanner-2.0.106}/tests/test_guard_cli.py

@@ -3962,6 +3962,46 @@ args = ["-lc", "echo hi"]
         assert any("native hooks are disabled" in warning for warning in output["warnings"])
         assert any("managed Codex hooks are missing" in warning for warning in output["warnings"])
 
+    def test_guard_doctor_reports_runtime_detector_registry_state(self, tmp_path, monkeypatch, capsys):
+        home_dir = tmp_path / "home"
+        guard_home = tmp_path / "guard-home"
+        _write_text(
+            guard_home / "config.toml",
+            "\n".join(
+                [
+                    "runtime_detector_registry = true",
+                    "runtime_detector_timeout_ms = 75",
+                    'runtime_detector_disabled_ids = ["secret.local"]',
+                ]
+            )
+            + "\n",
+        )
+        monkeypatch.setattr("codex_plugin_scanner.guard.adapters.codex._command_available", lambda command: True)
+
+        rc = main(["guard", "doctor", "codex", "--home", str(home_dir), "--guard-home", str(guard_home), "--json"])
+        output = json.loads(capsys.readouterr().out)
+
+        assert rc == 0
+        assert output["runtime_detector_registry"] == {
+            "enabled": True,
+            "debug_trace": False,
+            "timeout_ms": 75,
+            "disabled_detector_ids": ["secret.local"],
+        }
+
+    def test_guard_doctor_human_output_includes_detector_registry_line(self, tmp_path, monkeypatch, capsys):
+        home_dir = tmp_path / "home"
+        guard_home = tmp_path / "guard-home"
+        _write_text(guard_home / "config.toml", "runtime_detector_registry = true\n")
+        monkeypatch.setattr("codex_plugin_scanner.guard.adapters.codex._command_available", lambda command: True)
+
+        rc = main(["guard", "doctor", "codex", "--home", str(home_dir), "--guard-home", str(guard_home)])
+        output = capsys.readouterr().out
+
+        assert rc == 0
+        assert "Detector registry" in output
+        assert "enabled" in output
+
     def test_guard_codex_hook_blocks_shell_file_upload_script(self, tmp_path, capsys):
         home_dir = tmp_path / "home"
         workspace_dir = tmp_path / "workspace"