plugin-scanner 2.0.119__tar.gz → 2.0.120__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/PKG-INFO +1 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/pyproject.toml +1 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/pyproject.toml.bak +1 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/mcp_tool_calls.py +301 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/version.py +1 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_access_graph.py +2 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_codex_proxy.py +40 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_mcp_protection.py +258 -1
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.clusterfuzzlite/Dockerfile +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.clusterfuzzlite/build.sh +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.clusterfuzzlite/project.yaml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.clusterfuzzlite/requirements-atheris.txt +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.dockerignore +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/CODEOWNERS +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/ISSUE_TEMPLATE/bug-report.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/ISSUE_TEMPLATE/config.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/ISSUE_TEMPLATE/feature-request.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/dependabot.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/ci.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/codeql.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/dependabot-uv-lock.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/fuzz.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/harness-smoke.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/publish.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.github/workflows/scorecard.yml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.gitignore +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/.pre-commit-hooks.yaml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/CONTRIBUTING.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/Dockerfile +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/index.html +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/package.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/pnpm-lock.yaml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/public/apple-touch-icon.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/public/brand/Logo_Icon_Dark.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/public/brand/Logo_Whole.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/public/favicon-16x16.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/public/favicon-32x32.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/public/favicon.ico +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/app.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/approval-center-layout.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/approval-center-primitives.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/approval-center-utils.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/data-flow-evidence-card.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/fleet-workspace.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/guard-api.test.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/guard-api.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/guard-demo.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/guard-types.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/main.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/receipts-workspace.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/runtime-overview.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/settings-workspace.tsx +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/styles.css +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/src/vite-env.d.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/tsconfig.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/dashboard/vite.config.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docker-requirements.txt +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/guard/approval-audit.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/guard/architecture.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/guard/get-started.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/guard/harness-support.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/guard/local-vs-cloud.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/guard/testing-matrix.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/trust/mcp-trust-draft.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/trust/plugin-trust-draft.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/docs/trust/skill-trust-local.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/fuzzers/manifest_fuzzer.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/requirements.txt +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/schemas/plugin-quality.v1.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/schemas/scan-result.v1.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/schemas/verify-result.v1.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/action_runner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/argparse_utils.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/best_practices.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/claude.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/code_quality.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/ecosystem_common.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/gemini.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/manifest.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/manifest_support.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/marketplace.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/mcp_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/opencode.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/operational_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/checks/skill_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/cli.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/cli_ui.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/config.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/base.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/claude.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/codex.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/detect.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/gemini.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/opencode.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/registry.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/ecosystems/types.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/github_reporting.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/access_graph_events.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/antigravity.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/base.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/claude_code.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/cloud_identity.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/codex.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/copilot.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/cursor.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/gemini.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/hermes.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/mcp_servers.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/openclaw.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/openclaw_config.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/openclaw_support.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/opencode.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/adapters/opencode_artifacts.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/advisory_model.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/approvals.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/bridge/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/capabilities.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/approval_commands.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/bootstrap.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/commands.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/connect_flow.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/install_commands.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/product.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/prompt.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/render.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/cli/update_commands.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/codex_config.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/config.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/consumer/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/consumer/service.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/client.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/manager.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/server.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/apple-touch-icon.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/assets/guard-dashboard.js +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/assets/index.css +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Icon_Dark.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Whole.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/favicon-16x16.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/favicon-32x32.png +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/favicon.ico +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/daemon/static/index.html +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/edge_events.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/incident.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/launcher.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/models.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/policy/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/policy/engine.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/protect.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/proxy/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/proxy/remote.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/proxy/runtime_mcp.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/proxy/stdio.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/receipts/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/receipts/manager.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/redaction.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/risk.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/actions.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/data_flow.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/data_flow_rules.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/data_flow_variables.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/decisions.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/detectors.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/mcp_protection.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/prompt_injection.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/runner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/secret_sensitivity.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/secret_sources.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/shell_commands.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/signals.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/surface_server.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/runtime/temp_files.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/schemas/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/schemas/consumer_mode.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/schemas/guard_event_v1.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/schemas/surface_server.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/shims.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/store.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/store_approvals.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/store_connect.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/types.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/integrations/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/integrations/cisco_mcp_scanner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/integrations/cisco_skill_scanner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/lint_fixes.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/marketplace_support.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/models.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/path_support.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/policy.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/quality_artifact.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/repo_detect.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/reporting.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/rules/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/rules/registry.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/rules/specs.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/scanner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/submission.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/suppressions.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_domain_scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_helpers.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_mcp_scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_models.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_plugin_scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_skill_scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/trust_specs.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/verification.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/conftest.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/__init__.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/bad-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/bad-plugin/.mcp.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/bad-plugin/secrets.js +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/claude-plugin-good/.claude-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/claude-plugin-good/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/claude-plugin-good/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/claude-plugin-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/claude-plugin-good/hooks/hooks.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/claude-plugin-good/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/code-quality-bad/evil.js +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/code-quality-bad/inject.js +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/gemini-extension-good/GEMINI.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/gemini-extension-good/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/gemini-extension-good/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/gemini-extension-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/gemini-extension-good/commands/hello.toml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/gemini-extension-good/gemini-extension.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/assets/icon.svg +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/assets/logo.svg +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/assets/screenshot.svg +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/good-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/guard-codex-malicious-mcp/.codex/config.toml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/config.yaml +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/mcp_servers.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/skills/security/malicious/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/references/api-setup.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/scripts/deploy.sh +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/hermes-plugin-evil/skills/utils/benign/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malformed-json/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malicious-skill-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malicious-skill-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malicious-skill-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malicious-skill-plugin/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malicious-skill-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/malicious-skill-plugin/skills/leaky-skill/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/mcp-canary-server.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/minimal-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/missing-fields/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/mit-license/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-ecosystem-repo/codex-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-ecosystem-repo/codex-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-ecosystem-repo/codex-plugin/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-ecosystem-repo/codex-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-ecosystem-repo/gemini-ext/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-ecosystem-repo/gemini-ext/gemini-extension.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/.agents/plugins/marketplace.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/no-version/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/opencode-good/.opencode/commands/hello.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/opencode-good/.opencode/plugins/example.ts +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/opencode-good/LICENSE +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/opencode-good/README.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/opencode-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/opencode-good/opencode.jsonc +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/skills-missing-dir/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/skills-no-frontmatter/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/skills-no-frontmatter/skills/bad-skill/SKILL.md +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/with-marketplace/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/with-marketplace/marketplace-broken.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/fixtures/with-marketplace/marketplace.json +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test-trust-scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test-trust-specs.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_action_runner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_best_practices.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_cisco_install_surfaces.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_cli.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_code_quality.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_config.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_coverage_remaining.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_ecosystems.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_edge_cases.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_final_coverage.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_approvals.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_bootstrap.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_capabilities.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_claude_adapter.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_cli.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_cloud_local_sync.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_codex_e2e.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_codex_install.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_config_paths.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_connect_flow.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_consumer_mode.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_copilot_adapter.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_copilot_proxy.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_daemon_manager.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_data_flow.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_event_schema_v1.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_events.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_launch_env.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_opencode_proxy.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_product_flow.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_prompt_injection.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_protect.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_render.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_risk.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_runtime.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_runtime_action_harnesses.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_runtime_actions.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_runtime_decisions.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_runtime_detectors.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_runtime_signals.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_store_migrations.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_surface_server.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_guard_verdicts.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_hermes_adapter.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_integration.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_lint_fixes.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_live_cisco_smoke.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_manifest.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_marketplace.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_mcp_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_openclaw_adapter.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_operational_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_policy.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_quality_artifact.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_rule_registry.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_scanner.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_schema_contracts.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_security_ops.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_skill_security.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_submission.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_trust_scoring.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_trust_specs.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_verification.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/tests/test_versioning.py +0 -0
- {plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: plugin-scanner
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.120
|
|
4
4
|
Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
|
|
5
5
|
Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
|
|
6
6
|
Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "plugin-scanner"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.120"
|
|
8
8
|
description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = "Apache-2.0"
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "hol-guard"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.120"
|
|
8
8
|
description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = "Apache-2.0"
|
{plugin_scanner-2.0.119 → plugin_scanner-2.0.120}/src/codex_plugin_scanner/guard/mcp_tool_calls.py
RENAMED
|
@@ -4,6 +4,7 @@ from __future__ import annotations
|
|
|
4
4
|
|
|
5
5
|
import json
|
|
6
6
|
import re
|
|
7
|
+
from collections.abc import Mapping
|
|
7
8
|
from dataclasses import dataclass
|
|
8
9
|
from hashlib import sha256
|
|
9
10
|
from pathlib import PurePath
|
|
@@ -65,6 +66,10 @@ def build_tool_call_artifact(
|
|
|
65
66
|
description=tool_description,
|
|
66
67
|
)
|
|
67
68
|
metadata["mcp_tool_identity"] = mcp_tool_identity_metadata(tool_identity)
|
|
69
|
+
if tool_schema is not None:
|
|
70
|
+
metadata["tool_schema"] = tool_schema
|
|
71
|
+
if isinstance(tool_description, str) and tool_description.strip():
|
|
72
|
+
metadata["tool_description"] = tool_description.strip()
|
|
68
73
|
return GuardArtifact(
|
|
69
74
|
artifact_id=f"{harness}:runtime:{source_scope}:{server_name}:{tool_name}",
|
|
70
75
|
name=f"{server_name}:{tool_name}",
|
|
@@ -90,7 +95,7 @@ def build_tool_call_hash(artifact: GuardArtifact, arguments: object) -> str:
|
|
|
90
95
|
},
|
|
91
96
|
sort_keys=True,
|
|
92
97
|
)
|
|
93
|
-
return sha256(payload.encode(
|
|
98
|
+
return sha256(payload.encode()).hexdigest()
|
|
94
99
|
|
|
95
100
|
|
|
96
101
|
def evaluate_tool_call(
|
|
@@ -149,11 +154,13 @@ def evaluate_tool_call(
|
|
|
149
154
|
|
|
150
155
|
def tool_call_risk_signals(artifact: GuardArtifact, arguments: object) -> tuple[str, ...]:
|
|
151
156
|
signals_by_category = {
|
|
157
|
+
"filesystem_access": "call shape implies filesystem path access",
|
|
152
158
|
"destructive_mutation": "tool name implies destructive file or system changes",
|
|
153
159
|
"command_execution": "tool name implies shell or command execution",
|
|
154
160
|
"outbound_network": "call arguments imply outbound network activity",
|
|
155
161
|
"secret_access": "call arguments mention sensitive local files or secrets",
|
|
156
162
|
"privileged_system_mutation": "call arguments imply privileged system mutation",
|
|
163
|
+
"tool_schema_mismatch": "tool name understates dangerous schema capabilities",
|
|
157
164
|
}
|
|
158
165
|
return tuple(signals_by_category[category] for category in tool_call_risk_categories(artifact, arguments))
|
|
159
166
|
|
|
@@ -163,11 +170,13 @@ def tool_call_risk_categories(artifact: GuardArtifact, arguments: object) -> tup
|
|
|
163
170
|
|
|
164
171
|
categories = _tool_call_risk_category_set(artifact, arguments)
|
|
165
172
|
order = (
|
|
173
|
+
"filesystem_access",
|
|
166
174
|
"command_execution",
|
|
167
175
|
"destructive_mutation",
|
|
168
176
|
"outbound_network",
|
|
169
177
|
"privileged_system_mutation",
|
|
170
178
|
"secret_access",
|
|
179
|
+
"tool_schema_mismatch",
|
|
171
180
|
)
|
|
172
181
|
return tuple(category for category in order if category in categories)
|
|
173
182
|
|
|
@@ -178,6 +187,9 @@ def _tool_call_risk_category_set(artifact: GuardArtifact, arguments: object) ->
|
|
|
178
187
|
combined = _risk_match_text(f"{artifact.name} {serialized_arguments}")
|
|
179
188
|
tool_name_tokens = set(_tool_name_tokens(tool_name))
|
|
180
189
|
categories: set[str] = set()
|
|
190
|
+
argument_categories = _argument_key_risk_categories(arguments)
|
|
191
|
+
schema_categories = _schema_risk_categories(artifact.metadata.get("tool_schema"))
|
|
192
|
+
description_categories = _description_risk_categories(artifact.metadata.get("tool_description"))
|
|
181
193
|
|
|
182
194
|
if len(tool_name_tokens.intersection({"delete", "remove", "rm", "destroy", "erase"})) > 0:
|
|
183
195
|
categories.add("destructive_mutation")
|
|
@@ -206,6 +218,11 @@ def _tool_call_risk_category_set(artifact: GuardArtifact, arguments: object) ->
|
|
|
206
218
|
(_token_pattern("sudo", "chmod", "chown", "launchctl", "systemctl"),),
|
|
207
219
|
):
|
|
208
220
|
categories.add("privileged_system_mutation")
|
|
221
|
+
categories.update(argument_categories)
|
|
222
|
+
categories.update(schema_categories)
|
|
223
|
+
categories.update(description_categories)
|
|
224
|
+
if _tool_schema_understates_name(tool_name_tokens, schema_categories):
|
|
225
|
+
categories.add("tool_schema_mismatch")
|
|
209
226
|
return categories
|
|
210
227
|
|
|
211
228
|
|
|
@@ -227,6 +244,289 @@ def _token_pattern(*tokens: str) -> str:
|
|
|
227
244
|
return rf"(?<![a-z0-9])({alternatives})(?![a-z0-9])"
|
|
228
245
|
|
|
229
246
|
|
|
247
|
+
def _argument_key_risk_categories(arguments: object) -> set[str]:
|
|
248
|
+
if not isinstance(arguments, Mapping):
|
|
249
|
+
return set()
|
|
250
|
+
categories: set[str] = set()
|
|
251
|
+
keys = _argument_key_names(arguments)
|
|
252
|
+
if keys.intersection(
|
|
253
|
+
{
|
|
254
|
+
"file",
|
|
255
|
+
"filepath",
|
|
256
|
+
"filepaths",
|
|
257
|
+
"files",
|
|
258
|
+
"path",
|
|
259
|
+
"paths",
|
|
260
|
+
"source",
|
|
261
|
+
"sourcepath",
|
|
262
|
+
"sourcepaths",
|
|
263
|
+
"sources",
|
|
264
|
+
"target",
|
|
265
|
+
"targetpath",
|
|
266
|
+
"targetpaths",
|
|
267
|
+
"targets",
|
|
268
|
+
}
|
|
269
|
+
):
|
|
270
|
+
categories.add("filesystem_access")
|
|
271
|
+
if keys.intersection({"command", "cmd", "script", "shell"}):
|
|
272
|
+
categories.add("command_execution")
|
|
273
|
+
if keys.intersection({"callback", "endpoint", "uri", "url", "urls", "webhook"}):
|
|
274
|
+
categories.add("outbound_network")
|
|
275
|
+
return categories
|
|
276
|
+
|
|
277
|
+
|
|
278
|
+
def _argument_key_names(value: object) -> set[str]:
|
|
279
|
+
names: set[str] = set()
|
|
280
|
+
pending: list[object] = [value]
|
|
281
|
+
visited_ids: set[int] = set()
|
|
282
|
+
while pending:
|
|
283
|
+
current = pending.pop()
|
|
284
|
+
if isinstance(current, Mapping):
|
|
285
|
+
current_id = id(current)
|
|
286
|
+
if current_id in visited_ids:
|
|
287
|
+
continue
|
|
288
|
+
visited_ids.add(current_id)
|
|
289
|
+
for key, item in current.items():
|
|
290
|
+
names.add(_normalized_argument_key(str(key)))
|
|
291
|
+
pending.append(item)
|
|
292
|
+
elif isinstance(current, list | tuple):
|
|
293
|
+
current_id = id(current)
|
|
294
|
+
if current_id in visited_ids:
|
|
295
|
+
continue
|
|
296
|
+
visited_ids.add(current_id)
|
|
297
|
+
pending.extend(current)
|
|
298
|
+
return names
|
|
299
|
+
|
|
300
|
+
|
|
301
|
+
def _schema_risk_categories(schema: object) -> set[str]:
|
|
302
|
+
keys = _schema_property_key_names(schema)
|
|
303
|
+
categories: set[str] = set()
|
|
304
|
+
if keys.intersection(
|
|
305
|
+
{
|
|
306
|
+
"file",
|
|
307
|
+
"filepath",
|
|
308
|
+
"filepaths",
|
|
309
|
+
"files",
|
|
310
|
+
"path",
|
|
311
|
+
"paths",
|
|
312
|
+
"source",
|
|
313
|
+
"sourcepath",
|
|
314
|
+
"sourcepaths",
|
|
315
|
+
"sources",
|
|
316
|
+
"target",
|
|
317
|
+
"targetpath",
|
|
318
|
+
"targetpaths",
|
|
319
|
+
"targets",
|
|
320
|
+
}
|
|
321
|
+
):
|
|
322
|
+
categories.add("filesystem_access")
|
|
323
|
+
if keys.intersection({"command", "cmd", "script", "shell"}):
|
|
324
|
+
categories.add("command_execution")
|
|
325
|
+
if keys.intersection({"callback", "endpoint", "uri", "url", "urls", "webhook"}):
|
|
326
|
+
categories.add("outbound_network")
|
|
327
|
+
return categories
|
|
328
|
+
|
|
329
|
+
|
|
330
|
+
def _schema_property_key_names(
|
|
331
|
+
value: object,
|
|
332
|
+
*,
|
|
333
|
+
_root_schema: Mapping[str, object] | None = None,
|
|
334
|
+
_visited_refs: set[str] | None = None,
|
|
335
|
+
_visited_ids: set[int] | None = None,
|
|
336
|
+
) -> set[str]:
|
|
337
|
+
names: set[str] = set()
|
|
338
|
+
if isinstance(value, Mapping):
|
|
339
|
+
root_schema = value if _root_schema is None else _root_schema
|
|
340
|
+
visited_refs = set() if _visited_refs is None else _visited_refs
|
|
341
|
+
visited_ids = set() if _visited_ids is None else _visited_ids
|
|
342
|
+
val_id = id(value)
|
|
343
|
+
if val_id in visited_ids:
|
|
344
|
+
return names
|
|
345
|
+
visited_ids.add(val_id)
|
|
346
|
+
ref_value = value.get("$ref")
|
|
347
|
+
if isinstance(ref_value, str) and ref_value not in visited_refs:
|
|
348
|
+
visited_refs.add(ref_value)
|
|
349
|
+
resolved = _resolve_local_schema_ref(root_schema, ref_value)
|
|
350
|
+
if resolved is not None:
|
|
351
|
+
names.update(
|
|
352
|
+
_schema_property_key_names(
|
|
353
|
+
resolved,
|
|
354
|
+
_root_schema=root_schema,
|
|
355
|
+
_visited_refs=visited_refs,
|
|
356
|
+
_visited_ids=visited_ids,
|
|
357
|
+
)
|
|
358
|
+
)
|
|
359
|
+
properties = value.get("properties")
|
|
360
|
+
if isinstance(properties, Mapping):
|
|
361
|
+
for key, item in properties.items():
|
|
362
|
+
names.add(_normalized_argument_key(str(key)))
|
|
363
|
+
names.update(
|
|
364
|
+
_schema_property_key_names(
|
|
365
|
+
item,
|
|
366
|
+
_root_schema=root_schema,
|
|
367
|
+
_visited_refs=visited_refs,
|
|
368
|
+
_visited_ids=visited_ids,
|
|
369
|
+
)
|
|
370
|
+
)
|
|
371
|
+
for collection_key in (
|
|
372
|
+
"additionalProperties",
|
|
373
|
+
"allOf",
|
|
374
|
+
"anyOf",
|
|
375
|
+
"contains",
|
|
376
|
+
"else",
|
|
377
|
+
"if",
|
|
378
|
+
"items",
|
|
379
|
+
"oneOf",
|
|
380
|
+
"prefixItems",
|
|
381
|
+
"propertyNames",
|
|
382
|
+
"then",
|
|
383
|
+
"unevaluatedItems",
|
|
384
|
+
"unevaluatedProperties",
|
|
385
|
+
):
|
|
386
|
+
child = value.get(collection_key)
|
|
387
|
+
names.update(
|
|
388
|
+
_schema_property_key_names(
|
|
389
|
+
child,
|
|
390
|
+
_root_schema=root_schema,
|
|
391
|
+
_visited_refs=visited_refs,
|
|
392
|
+
_visited_ids=visited_ids,
|
|
393
|
+
)
|
|
394
|
+
)
|
|
395
|
+
dependent_schemas = value.get("dependentSchemas")
|
|
396
|
+
if isinstance(dependent_schemas, Mapping):
|
|
397
|
+
for child in dependent_schemas.values():
|
|
398
|
+
names.update(
|
|
399
|
+
_schema_property_key_names(
|
|
400
|
+
child,
|
|
401
|
+
_root_schema=root_schema,
|
|
402
|
+
_visited_refs=visited_refs,
|
|
403
|
+
_visited_ids=visited_ids,
|
|
404
|
+
)
|
|
405
|
+
)
|
|
406
|
+
pattern_properties = value.get("patternProperties")
|
|
407
|
+
if isinstance(pattern_properties, Mapping):
|
|
408
|
+
for child in pattern_properties.values():
|
|
409
|
+
names.update(
|
|
410
|
+
_schema_property_key_names(
|
|
411
|
+
child,
|
|
412
|
+
_root_schema=root_schema,
|
|
413
|
+
_visited_refs=visited_refs,
|
|
414
|
+
_visited_ids=visited_ids,
|
|
415
|
+
)
|
|
416
|
+
)
|
|
417
|
+
return names
|
|
418
|
+
if isinstance(value, list | tuple):
|
|
419
|
+
root_schema = _root_schema
|
|
420
|
+
visited_refs = set() if _visited_refs is None else _visited_refs
|
|
421
|
+
visited_ids = set() if _visited_ids is None else _visited_ids
|
|
422
|
+
for item in value:
|
|
423
|
+
names.update(
|
|
424
|
+
_schema_property_key_names(
|
|
425
|
+
item,
|
|
426
|
+
_root_schema=root_schema,
|
|
427
|
+
_visited_refs=visited_refs,
|
|
428
|
+
_visited_ids=visited_ids,
|
|
429
|
+
)
|
|
430
|
+
)
|
|
431
|
+
return names
|
|
432
|
+
|
|
433
|
+
|
|
434
|
+
def _resolve_local_schema_ref(root_schema: Mapping[str, object], reference: str) -> object | None:
|
|
435
|
+
if reference.startswith("#/"):
|
|
436
|
+
current: object = root_schema
|
|
437
|
+
for part in reference[2:].split("/"):
|
|
438
|
+
token = part.replace("~1", "/").replace("~0", "~")
|
|
439
|
+
if isinstance(current, Mapping):
|
|
440
|
+
if token not in current:
|
|
441
|
+
return None
|
|
442
|
+
current = current[token]
|
|
443
|
+
elif isinstance(current, list | tuple):
|
|
444
|
+
if not token.isdigit():
|
|
445
|
+
return None
|
|
446
|
+
index = int(token)
|
|
447
|
+
if index >= len(current):
|
|
448
|
+
return None
|
|
449
|
+
current = current[index]
|
|
450
|
+
else:
|
|
451
|
+
return None
|
|
452
|
+
return current
|
|
453
|
+
if not reference.startswith("#"):
|
|
454
|
+
return None
|
|
455
|
+
anchor_name = reference[1:]
|
|
456
|
+
if not anchor_name:
|
|
457
|
+
return root_schema
|
|
458
|
+
return _resolve_local_schema_anchor(root_schema, anchor_name)
|
|
459
|
+
|
|
460
|
+
|
|
461
|
+
def _resolve_local_schema_anchor(root_schema: object, anchor_name: str) -> object | None:
|
|
462
|
+
pending: list[object] = [root_schema]
|
|
463
|
+
visited_ids: set[int] = set()
|
|
464
|
+
while pending:
|
|
465
|
+
current = pending.pop()
|
|
466
|
+
current_id = id(current)
|
|
467
|
+
if current_id in visited_ids:
|
|
468
|
+
continue
|
|
469
|
+
visited_ids.add(current_id)
|
|
470
|
+
if not isinstance(current, Mapping):
|
|
471
|
+
if isinstance(current, list | tuple):
|
|
472
|
+
pending.extend(item for item in current if isinstance(item, (Mapping, list, tuple)))
|
|
473
|
+
continue
|
|
474
|
+
anchor = current.get("$anchor")
|
|
475
|
+
dynamic_anchor = current.get("$dynamicAnchor")
|
|
476
|
+
if anchor == anchor_name or dynamic_anchor == anchor_name:
|
|
477
|
+
return current
|
|
478
|
+
pending.extend(item for item in current.values() if isinstance(item, (Mapping, list, tuple)))
|
|
479
|
+
return None
|
|
480
|
+
|
|
481
|
+
|
|
482
|
+
def _description_risk_categories(description: object) -> set[str]:
|
|
483
|
+
if not isinstance(description, str):
|
|
484
|
+
return set()
|
|
485
|
+
normalized = _risk_match_text(description)
|
|
486
|
+
categories: set[str] = set()
|
|
487
|
+
if _matches_any(normalized, (r"\bread files?\b", r"\bopen files?\b", r"\bview files?\b")):
|
|
488
|
+
categories.add("filesystem_access")
|
|
489
|
+
if _matches_any(normalized, (_token_pattern("delete", "remove", "write"),)):
|
|
490
|
+
categories.add("destructive_mutation")
|
|
491
|
+
if _matches_any(normalized, (r"\brun command", _token_pattern("execute", "shell"))):
|
|
492
|
+
categories.add("command_execution")
|
|
493
|
+
return categories
|
|
494
|
+
|
|
495
|
+
|
|
496
|
+
def _tool_schema_understates_name(tool_name_tokens: set[str], schema_categories: set[str]) -> bool:
|
|
497
|
+
dangerous_categories = {"command_execution", "destructive_mutation", "outbound_network"}
|
|
498
|
+
if len(schema_categories.intersection(dangerous_categories)) == 0:
|
|
499
|
+
return False
|
|
500
|
+
name_sounds_dangerous = (
|
|
501
|
+
len(
|
|
502
|
+
tool_name_tokens.intersection(
|
|
503
|
+
{
|
|
504
|
+
"bash",
|
|
505
|
+
"cmd",
|
|
506
|
+
"command",
|
|
507
|
+
"delete",
|
|
508
|
+
"destroy",
|
|
509
|
+
"exec",
|
|
510
|
+
"execute",
|
|
511
|
+
"patch",
|
|
512
|
+
"remove",
|
|
513
|
+
"rm",
|
|
514
|
+
"run",
|
|
515
|
+
"script",
|
|
516
|
+
"shell",
|
|
517
|
+
"write",
|
|
518
|
+
}
|
|
519
|
+
)
|
|
520
|
+
)
|
|
521
|
+
> 0
|
|
522
|
+
)
|
|
523
|
+
return not name_sounds_dangerous
|
|
524
|
+
|
|
525
|
+
|
|
526
|
+
def _normalized_argument_key(value: str) -> str:
|
|
527
|
+
return re.sub(r"[^a-z0-9]", "", _risk_match_text(value))
|
|
528
|
+
|
|
529
|
+
|
|
230
530
|
def tool_call_risk_summary(artifact: GuardArtifact, arguments: object) -> str:
|
|
231
531
|
signals = tool_call_risk_signals(artifact, arguments)
|
|
232
532
|
if len(signals) == 0:
|
|
@@ -288,6 +288,7 @@ def test_tool_call_risk_categories_are_emitted_from_runtime_arguments() -> None:
|
|
|
288
288
|
)
|
|
289
289
|
|
|
290
290
|
assert categories == (
|
|
291
|
+
"filesystem_access",
|
|
291
292
|
"command_execution",
|
|
292
293
|
"destructive_mutation",
|
|
293
294
|
"outbound_network",
|
|
@@ -308,7 +309,7 @@ def test_tool_call_risk_categories_tolerate_non_json_arguments() -> None:
|
|
|
308
309
|
|
|
309
310
|
categories = tool_call_risk_categories(artifact, {"paths": {".env"}})
|
|
310
311
|
|
|
311
|
-
assert categories == ("secret_access"
|
|
312
|
+
assert categories == ("filesystem_access", "secret_access")
|
|
312
313
|
|
|
313
314
|
|
|
314
315
|
def test_tool_call_risk_categories_avoid_broad_substring_matches() -> None:
|
|
@@ -56,7 +56,12 @@ def _child_command(marker_path: Path) -> list[str]:
|
|
|
56
56
|
" 'description': 'Dangerous delete',",
|
|
57
57
|
" 'inputSchema': {'type': 'object', 'properties': {'target': {'type': 'string'}}},",
|
|
58
58
|
" }",
|
|
59
|
-
"
|
|
59
|
+
" understated_tool = {",
|
|
60
|
+
" 'name': 'summarize',",
|
|
61
|
+
" 'description': 'Summarize a workspace task.',",
|
|
62
|
+
" 'inputSchema': {'type': 'object', 'properties': {'command': {'type': 'string'}}},",
|
|
63
|
+
" }",
|
|
64
|
+
" result = {'tools': [safe_tool, dangerous_tool, understated_tool]}",
|
|
60
65
|
" print(json.dumps({'jsonrpc': '2.0', 'id': message_id, 'result': result}))",
|
|
61
66
|
" sys.stdout.flush()",
|
|
62
67
|
" continue",
|
|
@@ -254,6 +259,40 @@ def test_codex_guard_proxy_allows_safe_tool_calls_without_prompt(tmp_path):
|
|
|
254
259
|
assert store.count_approval_requests() == 0
|
|
255
260
|
|
|
256
261
|
|
|
262
|
+
def test_codex_guard_proxy_uses_tools_list_schema_for_risk(tmp_path):
|
|
263
|
+
context = _context(tmp_path)
|
|
264
|
+
store = GuardStore(context.guard_home)
|
|
265
|
+
config = GuardConfig(guard_home=context.guard_home, workspace=context.workspace_dir)
|
|
266
|
+
marker_path = tmp_path / "dangerous-call.json"
|
|
267
|
+
proxy = CodexMcpGuardProxy(
|
|
268
|
+
server_name="workspace_skill",
|
|
269
|
+
command=_child_command(marker_path),
|
|
270
|
+
context=context,
|
|
271
|
+
store=store,
|
|
272
|
+
config=config,
|
|
273
|
+
source_scope="project",
|
|
274
|
+
config_path=str(context.workspace_dir / ".codex" / "config.toml"),
|
|
275
|
+
)
|
|
276
|
+
|
|
277
|
+
result = proxy.run_session(
|
|
278
|
+
[
|
|
279
|
+
{"jsonrpc": "2.0", "id": 1, "method": "initialize", "params": {"capabilities": {}}},
|
|
280
|
+
{"jsonrpc": "2.0", "id": 2, "method": "tools/list", "params": {}},
|
|
281
|
+
{
|
|
282
|
+
"jsonrpc": "2.0",
|
|
283
|
+
"id": 3,
|
|
284
|
+
"method": "tools/call",
|
|
285
|
+
"params": {"name": "summarize", "arguments": {"value": "hello"}},
|
|
286
|
+
},
|
|
287
|
+
]
|
|
288
|
+
)
|
|
289
|
+
pending = store.list_approval_requests()
|
|
290
|
+
|
|
291
|
+
assert result["responses"][2]["error"]["code"] == -32001
|
|
292
|
+
assert len(pending) == 1
|
|
293
|
+
assert "tool name understates dangerous schema capabilities" in pending[0]["risk_signals"]
|
|
294
|
+
|
|
295
|
+
|
|
257
296
|
def test_codex_guard_proxy_requires_inline_approval_for_risky_tool_calls(tmp_path):
|
|
258
297
|
context = _context(tmp_path)
|
|
259
298
|
store = GuardStore(context.guard_home)
|