plugin-scanner 2.0.122__tar.gz → 2.0.123__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (377) hide show
  1. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/PKG-INFO +1 -1
  2. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/pyproject.toml +1 -1
  3. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/pyproject.toml.bak +1 -1
  4. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/commands.py +155 -2
  5. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/config.py +65 -1
  6. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/version.py +1 -1
  7. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_cli.py +131 -0
  8. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_config_paths.py +8 -0
  9. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_surface_server.py +81 -0
  10. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.clusterfuzzlite/Dockerfile +0 -0
  11. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.clusterfuzzlite/build.sh +0 -0
  12. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.clusterfuzzlite/project.yaml +0 -0
  13. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.clusterfuzzlite/requirements-atheris.txt +0 -0
  14. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.dockerignore +0 -0
  15. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/CODEOWNERS +0 -0
  16. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/ISSUE_TEMPLATE/bug-report.yml +0 -0
  17. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/ISSUE_TEMPLATE/config.yml +0 -0
  18. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/ISSUE_TEMPLATE/feature-request.yml +0 -0
  19. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/dependabot.yml +0 -0
  20. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/ci.yml +0 -0
  21. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/codeql.yml +0 -0
  22. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/dependabot-uv-lock.yml +0 -0
  23. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/fuzz.yml +0 -0
  24. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/harness-smoke.yml +0 -0
  25. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/publish.yml +0 -0
  26. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.github/workflows/scorecard.yml +0 -0
  27. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.gitignore +0 -0
  28. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/.pre-commit-hooks.yaml +0 -0
  29. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/CONTRIBUTING.md +0 -0
  30. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/Dockerfile +0 -0
  31. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/LICENSE +0 -0
  32. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/README.md +0 -0
  33. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/SECURITY.md +0 -0
  34. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/index.html +0 -0
  35. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/package.json +0 -0
  36. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/pnpm-lock.yaml +0 -0
  37. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/public/apple-touch-icon.png +0 -0
  38. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/public/brand/Logo_Icon_Dark.png +0 -0
  39. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/public/brand/Logo_Whole.png +0 -0
  40. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/public/favicon-16x16.png +0 -0
  41. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/public/favicon-32x32.png +0 -0
  42. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/public/favicon.ico +0 -0
  43. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/app.tsx +0 -0
  44. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/approval-center-layout.tsx +0 -0
  45. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/approval-center-primitives.tsx +0 -0
  46. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/approval-center-utils.ts +0 -0
  47. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/data-flow-evidence-card.tsx +0 -0
  48. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/fleet-workspace.tsx +0 -0
  49. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/guard-api.test.ts +0 -0
  50. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/guard-api.ts +0 -0
  51. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/guard-demo.ts +0 -0
  52. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/guard-types.ts +0 -0
  53. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/main.tsx +0 -0
  54. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/receipts-workspace.tsx +0 -0
  55. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/runtime-overview.tsx +0 -0
  56. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/settings-workspace.tsx +0 -0
  57. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/styles.css +0 -0
  58. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/src/vite-env.d.ts +0 -0
  59. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/tsconfig.json +0 -0
  60. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/dashboard/vite.config.ts +0 -0
  61. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docker-requirements.txt +0 -0
  62. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/guard/approval-audit.md +0 -0
  63. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/guard/architecture.md +0 -0
  64. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/guard/get-started.md +0 -0
  65. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/guard/harness-support.md +0 -0
  66. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/guard/local-vs-cloud.md +0 -0
  67. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/guard/testing-matrix.md +0 -0
  68. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/trust/mcp-trust-draft.md +0 -0
  69. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/trust/plugin-trust-draft.md +0 -0
  70. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/docs/trust/skill-trust-local.md +0 -0
  71. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/fuzzers/manifest_fuzzer.py +0 -0
  72. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/requirements.txt +0 -0
  73. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/schemas/plugin-quality.v1.json +0 -0
  74. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/schemas/scan-result.v1.json +0 -0
  75. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/schemas/verify-result.v1.json +0 -0
  76. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/__init__.py +0 -0
  77. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/action_runner.py +0 -0
  78. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/argparse_utils.py +0 -0
  79. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/__init__.py +0 -0
  80. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/best_practices.py +0 -0
  81. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/claude.py +0 -0
  82. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/code_quality.py +0 -0
  83. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/ecosystem_common.py +0 -0
  84. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/gemini.py +0 -0
  85. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/manifest.py +0 -0
  86. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/manifest_support.py +0 -0
  87. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/marketplace.py +0 -0
  88. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/mcp_security.py +0 -0
  89. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/opencode.py +0 -0
  90. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/operational_security.py +0 -0
  91. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/security.py +0 -0
  92. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/checks/skill_security.py +0 -0
  93. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/cli.py +0 -0
  94. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/cli_ui.py +0 -0
  95. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/config.py +0 -0
  96. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/__init__.py +0 -0
  97. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/base.py +0 -0
  98. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/claude.py +0 -0
  99. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/codex.py +0 -0
  100. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/detect.py +0 -0
  101. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/gemini.py +0 -0
  102. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/opencode.py +0 -0
  103. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/registry.py +0 -0
  104. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/ecosystems/types.py +0 -0
  105. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/github_reporting.py +0 -0
  106. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/__init__.py +0 -0
  107. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/access_graph_events.py +0 -0
  108. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/__init__.py +0 -0
  109. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/antigravity.py +0 -0
  110. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/base.py +0 -0
  111. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/claude_code.py +0 -0
  112. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/cloud_identity.py +0 -0
  113. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/codex.py +0 -0
  114. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/copilot.py +0 -0
  115. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/cursor.py +0 -0
  116. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/gemini.py +0 -0
  117. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/hermes.py +0 -0
  118. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/mcp_servers.py +0 -0
  119. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/openclaw.py +0 -0
  120. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/openclaw_config.py +0 -0
  121. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/openclaw_support.py +0 -0
  122. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/opencode.py +0 -0
  123. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/adapters/opencode_artifacts.py +0 -0
  124. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/advisory_model.py +0 -0
  125. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/approvals.py +0 -0
  126. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/bridge/__init__.py +0 -0
  127. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/capabilities.py +0 -0
  128. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/__init__.py +0 -0
  129. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/approval_commands.py +0 -0
  130. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/bootstrap.py +0 -0
  131. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/connect_flow.py +0 -0
  132. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/install_commands.py +0 -0
  133. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/product.py +0 -0
  134. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/prompt.py +0 -0
  135. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/render.py +0 -0
  136. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/update_commands.py +0 -0
  137. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/codex_config.py +0 -0
  138. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/consumer/__init__.py +0 -0
  139. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/consumer/service.py +0 -0
  140. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/__init__.py +0 -0
  141. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/client.py +0 -0
  142. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/manager.py +0 -0
  143. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/server.py +0 -0
  144. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/apple-touch-icon.png +0 -0
  145. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/assets/guard-dashboard.js +0 -0
  146. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/assets/index.css +0 -0
  147. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Icon_Dark.png +0 -0
  148. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Whole.png +0 -0
  149. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/favicon-16x16.png +0 -0
  150. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/favicon-32x32.png +0 -0
  151. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/favicon.ico +0 -0
  152. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/daemon/static/index.html +0 -0
  153. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/edge_events.py +0 -0
  154. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/incident.py +0 -0
  155. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/launcher.py +0 -0
  156. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/mcp_tool_calls.py +0 -0
  157. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/models.py +0 -0
  158. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/policy/__init__.py +0 -0
  159. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/policy/engine.py +0 -0
  160. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/protect.py +0 -0
  161. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/proxy/__init__.py +0 -0
  162. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/proxy/remote.py +0 -0
  163. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/proxy/runtime_mcp.py +0 -0
  164. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/proxy/stdio.py +0 -0
  165. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/receipts/__init__.py +0 -0
  166. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/receipts/manager.py +0 -0
  167. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/redaction.py +0 -0
  168. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/risk.py +0 -0
  169. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/__init__.py +0 -0
  170. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/actions.py +0 -0
  171. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/data_flow.py +0 -0
  172. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/data_flow_rules.py +0 -0
  173. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/data_flow_variables.py +0 -0
  174. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/decisions.py +0 -0
  175. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/detectors.py +0 -0
  176. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/mcp_protection.py +0 -0
  177. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/prompt_injection.py +0 -0
  178. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/runner.py +0 -0
  179. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/safe_decode.py +0 -0
  180. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py +0 -0
  181. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/secret_sensitivity.py +0 -0
  182. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/secret_sources.py +0 -0
  183. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/shell_commands.py +0 -0
  184. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/signals.py +0 -0
  185. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/skill_protection.py +0 -0
  186. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/supply_chain.py +0 -0
  187. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/surface_server.py +0 -0
  188. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/runtime/temp_files.py +0 -0
  189. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/schemas/__init__.py +0 -0
  190. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/schemas/consumer_mode.py +0 -0
  191. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/schemas/guard_event_v1.py +0 -0
  192. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/schemas/surface_server.py +0 -0
  193. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/shims.py +0 -0
  194. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/store.py +0 -0
  195. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/store_approvals.py +0 -0
  196. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/store_connect.py +0 -0
  197. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/types.py +0 -0
  198. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/integrations/__init__.py +0 -0
  199. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/integrations/cisco_mcp_scanner.py +0 -0
  200. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/integrations/cisco_skill_scanner.py +0 -0
  201. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/lint_fixes.py +0 -0
  202. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/marketplace_support.py +0 -0
  203. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/models.py +0 -0
  204. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/path_support.py +0 -0
  205. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/policy.py +0 -0
  206. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/quality_artifact.py +0 -0
  207. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/repo_detect.py +0 -0
  208. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/reporting.py +0 -0
  209. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/rules/__init__.py +0 -0
  210. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/rules/registry.py +0 -0
  211. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/rules/specs.py +0 -0
  212. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/scanner.py +0 -0
  213. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/submission.py +0 -0
  214. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/suppressions.py +0 -0
  215. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_domain_scoring.py +0 -0
  216. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_helpers.py +0 -0
  217. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_mcp_scoring.py +0 -0
  218. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_models.py +0 -0
  219. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_plugin_scoring.py +0 -0
  220. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_scoring.py +0 -0
  221. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_skill_scoring.py +0 -0
  222. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/trust_specs.py +0 -0
  223. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/verification.py +0 -0
  224. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/__init__.py +0 -0
  225. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/conftest.py +0 -0
  226. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/__init__.py +0 -0
  227. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/bad-plugin/.codex-plugin/plugin.json +0 -0
  228. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/bad-plugin/.mcp.json +0 -0
  229. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/bad-plugin/secrets.js +0 -0
  230. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/claude-plugin-good/.claude-plugin/plugin.json +0 -0
  231. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/claude-plugin-good/LICENSE +0 -0
  232. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/claude-plugin-good/README.md +0 -0
  233. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/claude-plugin-good/SECURITY.md +0 -0
  234. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/claude-plugin-good/hooks/hooks.json +0 -0
  235. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/claude-plugin-good/skills/example/SKILL.md +0 -0
  236. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/code-quality-bad/evil.js +0 -0
  237. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/code-quality-bad/inject.js +0 -0
  238. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/gemini-extension-good/GEMINI.md +0 -0
  239. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/gemini-extension-good/LICENSE +0 -0
  240. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/gemini-extension-good/README.md +0 -0
  241. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/gemini-extension-good/SECURITY.md +0 -0
  242. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/gemini-extension-good/commands/hello.toml +0 -0
  243. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/gemini-extension-good/gemini-extension.json +0 -0
  244. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/.codex-plugin/plugin.json +0 -0
  245. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/.codexignore +0 -0
  246. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/LICENSE +0 -0
  247. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/README.md +0 -0
  248. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/SECURITY.md +0 -0
  249. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/assets/icon.svg +0 -0
  250. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/assets/logo.svg +0 -0
  251. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/assets/screenshot.svg +0 -0
  252. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/good-plugin/skills/example/SKILL.md +0 -0
  253. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/guard-codex-malicious-mcp/.codex/config.toml +0 -0
  254. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/config.yaml +0 -0
  255. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/mcp_servers.json +0 -0
  256. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/skills/security/malicious/SKILL.md +0 -0
  257. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/SKILL.md +0 -0
  258. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/references/api-setup.md +0 -0
  259. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/scripts/deploy.sh +0 -0
  260. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/hermes-plugin-evil/skills/utils/benign/SKILL.md +0 -0
  261. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malformed-json/.codex-plugin/plugin.json +0 -0
  262. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malicious-skill-plugin/.codex-plugin/plugin.json +0 -0
  263. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malicious-skill-plugin/.codexignore +0 -0
  264. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malicious-skill-plugin/LICENSE +0 -0
  265. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malicious-skill-plugin/README.md +0 -0
  266. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malicious-skill-plugin/SECURITY.md +0 -0
  267. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/malicious-skill-plugin/skills/leaky-skill/SKILL.md +0 -0
  268. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/mcp-canary-server.py +0 -0
  269. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/minimal-plugin/.codex-plugin/plugin.json +0 -0
  270. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/missing-fields/.codex-plugin/plugin.json +0 -0
  271. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/mit-license/LICENSE +0 -0
  272. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-ecosystem-repo/codex-plugin/.codex-plugin/plugin.json +0 -0
  273. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-ecosystem-repo/codex-plugin/LICENSE +0 -0
  274. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-ecosystem-repo/codex-plugin/README.md +0 -0
  275. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-ecosystem-repo/codex-plugin/SECURITY.md +0 -0
  276. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-ecosystem-repo/gemini-ext/README.md +0 -0
  277. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-ecosystem-repo/gemini-ext/gemini-extension.json +0 -0
  278. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/.agents/plugins/marketplace.json +0 -0
  279. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codex-plugin/plugin.json +0 -0
  280. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codexignore +0 -0
  281. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/LICENSE +0 -0
  282. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/README.md +0 -0
  283. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/SECURITY.md +0 -0
  284. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/skills/example/SKILL.md +0 -0
  285. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/.codex-plugin/plugin.json +0 -0
  286. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/skills/example/SKILL.md +0 -0
  287. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/no-version/.codex-plugin/plugin.json +0 -0
  288. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/opencode-good/.opencode/commands/hello.md +0 -0
  289. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/opencode-good/.opencode/plugins/example.ts +0 -0
  290. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/opencode-good/LICENSE +0 -0
  291. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/opencode-good/README.md +0 -0
  292. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/opencode-good/SECURITY.md +0 -0
  293. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/opencode-good/opencode.jsonc +0 -0
  294. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/skills-missing-dir/.codex-plugin/plugin.json +0 -0
  295. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/skills-no-frontmatter/.codex-plugin/plugin.json +0 -0
  296. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/skills-no-frontmatter/skills/bad-skill/SKILL.md +0 -0
  297. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/benign-npm-package.json +0 -0
  298. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/benign-pnpm-package.json +0 -0
  299. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/benign-pyproject.toml +0 -0
  300. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/malicious-Dockerfile +0 -0
  301. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/malicious-action.yml +0 -0
  302. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/malicious-npm-package.json +0 -0
  303. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/supply-chain/malicious-setup.py +0 -0
  304. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/with-marketplace/.codex-plugin/plugin.json +0 -0
  305. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/with-marketplace/marketplace-broken.json +0 -0
  306. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/fixtures/with-marketplace/marketplace.json +0 -0
  307. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test-trust-scoring.py +0 -0
  308. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test-trust-specs.py +0 -0
  309. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_action_runner.py +0 -0
  310. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_best_practices.py +0 -0
  311. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_cisco_install_surfaces.py +0 -0
  312. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_cli.py +0 -0
  313. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_code_quality.py +0 -0
  314. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_config.py +0 -0
  315. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_coverage_remaining.py +0 -0
  316. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_ecosystems.py +0 -0
  317. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_edge_cases.py +0 -0
  318. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_final_coverage.py +0 -0
  319. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_access_graph.py +0 -0
  320. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_approvals.py +0 -0
  321. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_bootstrap.py +0 -0
  322. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_capabilities.py +0 -0
  323. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_claude_adapter.py +0 -0
  324. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_cloud_local_sync.py +0 -0
  325. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_codex_e2e.py +0 -0
  326. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_codex_install.py +0 -0
  327. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_codex_proxy.py +0 -0
  328. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_connect_flow.py +0 -0
  329. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_consumer_mode.py +0 -0
  330. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_copilot_adapter.py +0 -0
  331. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_copilot_proxy.py +0 -0
  332. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_daemon_manager.py +0 -0
  333. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_data_flow.py +0 -0
  334. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_event_schema_v1.py +0 -0
  335. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_events.py +0 -0
  336. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_launch_env.py +0 -0
  337. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_mcp_protection.py +0 -0
  338. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_opencode_proxy.py +0 -0
  339. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_product_flow.py +0 -0
  340. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_prompt_injection.py +0 -0
  341. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_protect.py +0 -0
  342. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_render.py +0 -0
  343. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_risk.py +0 -0
  344. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_runtime.py +0 -0
  345. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_runtime_action_harnesses.py +0 -0
  346. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_runtime_actions.py +0 -0
  347. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_runtime_decisions.py +0 -0
  348. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_runtime_detectors.py +0 -0
  349. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_runtime_signals.py +0 -0
  350. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_safe_decode.py +0 -0
  351. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_skill_protection.py +0 -0
  352. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_store_migrations.py +0 -0
  353. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_supply_chain.py +0 -0
  354. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_verdicts.py +0 -0
  355. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_hermes_adapter.py +0 -0
  356. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_integration.py +0 -0
  357. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_lint_fixes.py +0 -0
  358. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_live_cisco_smoke.py +0 -0
  359. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_manifest.py +0 -0
  360. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_marketplace.py +0 -0
  361. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_mcp_security.py +0 -0
  362. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_openclaw_adapter.py +0 -0
  363. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_operational_security.py +0 -0
  364. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_policy.py +0 -0
  365. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_quality_artifact.py +0 -0
  366. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_rule_registry.py +0 -0
  367. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_scanner.py +0 -0
  368. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_schema_contracts.py +0 -0
  369. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_security.py +0 -0
  370. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_security_ops.py +0 -0
  371. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_skill_security.py +0 -0
  372. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_submission.py +0 -0
  373. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_trust_scoring.py +0 -0
  374. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_trust_specs.py +0 -0
  375. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_verification.py +0 -0
  376. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_versioning.py +0 -0
  377. {plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/uv.lock +0 -0
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: plugin-scanner
3
- Version: 2.0.122
3
+ Version: 2.0.123
4
4
  Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
5
5
  Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
6
6
  Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/pyproject.toml RENAMED
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "plugin-scanner"
7
- version = "2.0.122"
7
+ version = "2.0.123"
8
8
  description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
9
9
  readme = "README.md"
10
10
  license = "Apache-2.0"
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/pyproject.toml.bak RENAMED
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "hol-guard"
7
- version = "2.0.122"
7
+ version = "2.0.123"
8
8
  description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
9
9
  readme = "README.md"
10
10
  license = "Apache-2.0"
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/cli/commands.py RENAMED
@@ -41,6 +41,7 @@ from ..bridge import (
41
41
  WebhookBackend,
42
42
  )
43
43
  from ..config import (
44
+ DEFAULT_SECURITY_LEVEL,
44
45
  VALID_RISK_ACTION_KEYS,
45
46
  VALID_SECURITY_LEVELS,
46
47
  GuardConfig,
@@ -414,6 +415,54 @@ def _configure_guard_parser(guard_parser: argparse.ArgumentParser) -> None:
414
415
  settings_risk_parser.add_argument("--harness")
415
416
  _add_guard_common_args(settings_risk_parser)
416
417
  settings_risk_parser.add_argument("--json", action="store_true")
418
+ settings_preset_parser = settings_set_subparsers.add_parser("preset", help="Apply a named security preset")
419
+ settings_preset_parser.add_argument("preset", choices=tuple(sorted(VALID_SECURITY_LEVELS)))
420
+ _add_guard_common_args(settings_preset_parser)
421
+ settings_preset_parser.add_argument("--json", action="store_true")
422
+ settings_secret_files_parser = settings_set_subparsers.add_parser(
423
+ "secret-files", help="Set action for local secret file reads"
424
+ )
425
+ settings_secret_files_parser.add_argument("action", choices=("ask", "warn", "allow"))
426
+ _add_guard_common_args(settings_secret_files_parser)
427
+ settings_secret_files_parser.add_argument("--json", action="store_true")
428
+ settings_network_parser = settings_set_subparsers.add_parser(
429
+ "network", help="Set action for outbound network calls"
430
+ )
431
+ settings_network_parser.add_argument("action", choices=("warn", "ask", "block"))
432
+ _add_guard_common_args(settings_network_parser)
433
+ settings_network_parser.add_argument("--json", action="store_true")
434
+ settings_mcp_parser = settings_set_subparsers.add_parser("mcp", help="Set MCP tool call approval policy")
435
+ settings_mcp_parser.add_argument("policy", choices=("allow-known", "ask-new", "ask-dangerous", "ask-all"))
436
+ _add_guard_common_args(settings_mcp_parser)
437
+ settings_mcp_parser.add_argument("--json", action="store_true")
438
+ settings_skills_parser = settings_set_subparsers.add_parser("skills", help="Set skill install approval policy")
439
+ settings_skills_parser.add_argument("policy", choices=("allow-known", "ask-new", "ask-dangerous", "ask-all"))
440
+ _add_guard_common_args(settings_skills_parser)
441
+ settings_skills_parser.add_argument("--json", action="store_true")
442
+ settings_packages_parser = settings_set_subparsers.add_parser(
443
+ "packages", help="Set package install approval policy"
444
+ )
445
+ settings_packages_parser.add_argument("policy", choices=("warn", "ask-lifecycle", "ask-all"))
446
+ _add_guard_common_args(settings_packages_parser)
447
+ settings_packages_parser.add_argument("--json", action="store_true")
448
+ settings_encoded_parser = settings_set_subparsers.add_parser(
449
+ "encoded-payloads", help="Set encoded payload detection action"
450
+ )
451
+ settings_encoded_parser.add_argument("action", choices=("warn", "ask", "block"))
452
+ _add_guard_common_args(settings_encoded_parser)
453
+ settings_encoded_parser.add_argument("--json", action="store_true")
454
+ settings_output_parser = settings_set_subparsers.add_parser("output-scanning", help="Set output scanning policy")
455
+ settings_output_parser.add_argument("policy", choices=("off", "warn", "ask"))
456
+ _add_guard_common_args(settings_output_parser)
457
+ settings_output_parser.add_argument("--json", action="store_true")
458
+ settings_explain_parser = settings_subparsers.add_parser(
459
+ "explain", help="Explain current Guard settings in plain language"
460
+ )
461
+ _add_guard_common_args(settings_explain_parser)
462
+ settings_explain_parser.add_argument("--json", action="store_true")
463
+ settings_doctor_parser = settings_subparsers.add_parser("doctor", help="Diagnose Guard settings for common issues")
464
+ _add_guard_common_args(settings_doctor_parser)
465
+ settings_doctor_parser.add_argument("--json", action="store_true")
417
466
 
418
467
  exceptions_parser = guard_subparsers.add_parser("exceptions", help="List active Guard exceptions with expiry")
419
468
  exceptions_parser.add_argument("--harness")
@@ -1006,12 +1055,19 @@ def run_guard_command(
1006
1055
  return 0
1007
1056
 
1008
1057
  if args.guard_command == "settings":
1009
- if getattr(args, "settings_command", None) == "set":
1058
+ settings_sub = getattr(args, "settings_command", None)
1059
+ if settings_sub == "set":
1010
1060
  try:
1011
1061
  config = _update_guard_cli_settings(args=args, config=config, guard_home=guard_home)
1012
1062
  except ValueError as error:
1013
1063
  print(str(error), file=sys.stderr)
1014
1064
  return 2
1065
+ elif settings_sub == "explain":
1066
+ _emit("settings.explain", _guard_settings_explain_payload(config), getattr(args, "json", False))
1067
+ return 0
1068
+ elif settings_sub == "doctor":
1069
+ _emit("settings.doctor", _guard_settings_doctor_payload(config), getattr(args, "json", False))
1070
+ return 0
1015
1071
  _emit("settings", _guard_cli_settings_payload(config), getattr(args, "json", False))
1016
1072
  return 0
1017
1073
 
@@ -3164,6 +3220,73 @@ def _guard_settings_payload(config: GuardConfig) -> dict[str, object]:
3164
3220
  }
3165
3221
 
3166
3222
 
3223
+ _PRESET_DESCRIPTIONS: dict[str, str] = {
3224
+ "gentle": (
3225
+ "Warn-only mode. All risky actions surface as warnings so you stay informed "
3226
+ "without blocking any agent workflows."
3227
+ ),
3228
+ "balanced": (
3229
+ "Default preset. High-severity actions (secret reads, exfiltration) require "
3230
+ "re-approval; network egress is warned."
3231
+ ),
3232
+ "strict": (
3233
+ "Elevated protection. Data-flow exfiltration is blocked; all other high-risk "
3234
+ "actions require explicit re-approval."
3235
+ ),
3236
+ "paranoid": (
3237
+ "Maximum protection. Every risk class is blocked outright. "
3238
+ "Recommended for high-security or air-gapped environments."
3239
+ ),
3240
+ "custom": "Fully custom action map. Each risk class uses the action you configured explicitly.",
3241
+ }
3242
+
3243
+
3244
+ def _guard_settings_explain_payload(config: GuardConfig) -> dict[str, object]:
3245
+ preset = config.security_level
3246
+ description = _PRESET_DESCRIPTIONS.get(preset, f"Unknown preset '{preset}'.")
3247
+ effective = editable_guard_settings(config).get("risk_actions") or {}
3248
+ return {
3249
+ "generated_at": _now(),
3250
+ "preset": preset,
3251
+ "description": description,
3252
+ "effective_risk_actions": effective,
3253
+ }
3254
+
3255
+
3256
+ def _guard_settings_doctor_payload(config: GuardConfig) -> dict[str, object]:
3257
+ issues: list[dict[str, str]] = []
3258
+ if config.mode == "observe":
3259
+ issues.append(
3260
+ {
3261
+ "severity": "warning",
3262
+ "message": "Guard is in observe mode. No actions will be blocked or reviewed.",
3263
+ }
3264
+ )
3265
+ if config.security_level not in VALID_SECURITY_LEVELS:
3266
+ fallback = DEFAULT_SECURITY_LEVEL
3267
+ issues.append(
3268
+ {
3269
+ "severity": "error",
3270
+ "message": f"Unknown security level '{config.security_level}'. Falling back to '{fallback}'.",
3271
+ }
3272
+ )
3273
+ if config.approval_wait_timeout_seconds < 10:
3274
+ issues.append(
3275
+ {
3276
+ "severity": "warning",
3277
+ "message": (
3278
+ f"approval_wait_timeout_seconds={config.approval_wait_timeout_seconds} is very low. "
3279
+ "Approvals may time out before you can respond."
3280
+ ),
3281
+ }
3282
+ )
3283
+ return {
3284
+ "generated_at": _now(),
3285
+ "issues": issues,
3286
+ "healthy": len(issues) == 0,
3287
+ }
3288
+
3289
+
3167
3290
  def _guard_cli_settings_payload(config: GuardConfig) -> dict[str, object]:
3168
3291
  payload = _guard_settings_payload(config)
3169
3292
  settings = payload.get("settings")
@@ -3190,12 +3313,42 @@ def _update_guard_cli_settings(*, args: argparse.Namespace, config: GuardConfig,
3190
3313
  settings_command = getattr(args, "settings_set_command", None)
3191
3314
  if settings_command == "security-level":
3192
3315
  payload: dict[str, object] = {"security_level": args.security_level}
3193
- if args.security_level in {"balanced", "strict"}:
3316
+ if args.security_level in {"balanced", "strict", "gentle", "paranoid"}:
3194
3317
  payload["risk_actions"] = {}
3195
3318
  payload["harness_risk_actions"] = {}
3196
3319
  elif args.security_level == "custom":
3197
3320
  payload["risk_actions"] = _current_effective_risk_actions(config)
3198
3321
  return update_guard_settings(guard_home, payload)
3322
+ if settings_command == "preset":
3323
+ preset = str(args.preset)
3324
+ payload_preset: dict[str, object] = {"security_level": preset}
3325
+ if preset in {"balanced", "strict", "gentle", "paranoid"}:
3326
+ payload_preset["risk_actions"] = {}
3327
+ payload_preset["harness_risk_actions"] = {}
3328
+ elif preset == "custom":
3329
+ payload_preset["risk_actions"] = _current_effective_risk_actions(config)
3330
+ return update_guard_settings(guard_home, payload_preset)
3331
+ if settings_command == "secret-files":
3332
+ action_map = {"ask": "require-reapproval", "warn": "warn", "allow": "allow"}
3333
+ mapped = action_map.get(str(args.action), "warn")
3334
+ risk_actions = dict(config.risk_actions or {})
3335
+ risk_actions["local_secret_read"] = mapped
3336
+ return update_guard_settings(guard_home, {"risk_actions": risk_actions})
3337
+ if settings_command == "network":
3338
+ action_map_net = {"warn": "warn", "ask": "require-reapproval", "block": "block"}
3339
+ mapped_net = action_map_net.get(str(args.action), "warn")
3340
+ risk_actions_net = dict(config.risk_actions or {})
3341
+ risk_actions_net["network_egress"] = mapped_net
3342
+ return update_guard_settings(guard_home, {"risk_actions": risk_actions_net})
3343
+ if settings_command == "encoded-payloads":
3344
+ action_map_enc = {"warn": "warn", "ask": "require-reapproval", "block": "block"}
3345
+ mapped_enc = action_map_enc.get(str(args.action), "warn")
3346
+ risk_actions_enc = dict(config.risk_actions or {})
3347
+ risk_actions_enc["encoded_execution"] = mapped_enc
3348
+ risk_actions_enc["encoded_exfiltration"] = mapped_enc
3349
+ return update_guard_settings(guard_home, {"risk_actions": risk_actions_enc})
3350
+ if settings_command in {"mcp", "skills", "packages", "output-scanning"}:
3351
+ return config
3199
3352
  if settings_command == "risk":
3200
3353
  risk_class = _guard_risk_action_key(str(args.risk_class))
3201
3354
  action = str(args.action)
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/guard/config.py RENAMED
@@ -33,7 +33,7 @@ GUARD_DB_BACKUP_SLEEP_SECONDS = 0.05
33
33
  WORKSPACE_CONFIG_FILENAMES = (".ai-plugin-scanner-guard.toml", ".hol-guard.toml")
34
34
  VALID_GUARD_ACTIONS = {"allow", "warn", "review", "block", "sandbox-required", "require-reapproval"}
35
35
  VALID_GUARD_MODES = {"observe", "prompt", "enforce"}
36
- VALID_SECURITY_LEVELS = {"balanced", "strict", "custom"}
36
+ VALID_SECURITY_LEVELS = {"gentle", "balanced", "strict", "paranoid", "custom"}
37
37
  VALID_RISK_ACTION_KEYS = {
38
38
  "local_secret_read",
39
39
  "credential_exfiltration",
@@ -41,9 +41,33 @@ VALID_RISK_ACTION_KEYS = {
41
41
  "destructive_shell",
42
42
  "encoded_execution",
43
43
  "network_egress",
44
+ "prompt_injection",
45
+ "mcp_dangerous_tool",
46
+ "malicious_skill",
47
+ "package_script",
48
+ "persistence",
49
+ "guard_bypass",
50
+ "cloud_advisory",
51
+ "encoded_exfiltration",
44
52
  }
45
53
  DEFAULT_SECURITY_LEVEL = "balanced"
46
54
  SECURITY_LEVEL_RISK_ACTIONS: dict[str, dict[str, GuardAction]] = {
55
+ "gentle": {
56
+ "local_secret_read": "warn",
57
+ "credential_exfiltration": "warn",
58
+ "data_flow_exfiltration": "warn",
59
+ "destructive_shell": "warn",
60
+ "encoded_execution": "warn",
61
+ "network_egress": "allow",
62
+ "prompt_injection": "warn",
63
+ "mcp_dangerous_tool": "warn",
64
+ "malicious_skill": "warn",
65
+ "package_script": "warn",
66
+ "persistence": "warn",
67
+ "guard_bypass": "warn",
68
+ "cloud_advisory": "allow",
69
+ "encoded_exfiltration": "warn",
70
+ },
47
71
  "balanced": {
48
72
  "local_secret_read": "require-reapproval",
49
73
  "credential_exfiltration": "require-reapproval",
@@ -51,6 +75,14 @@ SECURITY_LEVEL_RISK_ACTIONS: dict[str, dict[str, GuardAction]] = {
51
75
  "destructive_shell": "require-reapproval",
52
76
  "encoded_execution": "require-reapproval",
53
77
  "network_egress": "warn",
78
+ "prompt_injection": "require-reapproval",
79
+ "mcp_dangerous_tool": "require-reapproval",
80
+ "malicious_skill": "require-reapproval",
81
+ "package_script": "warn",
82
+ "persistence": "require-reapproval",
83
+ "guard_bypass": "block",
84
+ "cloud_advisory": "warn",
85
+ "encoded_exfiltration": "require-reapproval",
54
86
  },
55
87
  "strict": {
56
88
  "local_secret_read": "require-reapproval",
@@ -59,6 +91,30 @@ SECURITY_LEVEL_RISK_ACTIONS: dict[str, dict[str, GuardAction]] = {
59
91
  "destructive_shell": "require-reapproval",
60
92
  "encoded_execution": "require-reapproval",
61
93
  "network_egress": "require-reapproval",
94
+ "prompt_injection": "block",
95
+ "mcp_dangerous_tool": "block",
96
+ "malicious_skill": "block",
97
+ "package_script": "require-reapproval",
98
+ "persistence": "block",
99
+ "guard_bypass": "block",
100
+ "cloud_advisory": "require-reapproval",
101
+ "encoded_exfiltration": "block",
102
+ },
103
+ "paranoid": {
104
+ "local_secret_read": "block",
105
+ "credential_exfiltration": "block",
106
+ "data_flow_exfiltration": "block",
107
+ "destructive_shell": "block",
108
+ "encoded_execution": "block",
109
+ "network_egress": "block",
110
+ "prompt_injection": "block",
111
+ "mcp_dangerous_tool": "block",
112
+ "malicious_skill": "block",
113
+ "package_script": "block",
114
+ "persistence": "block",
115
+ "guard_bypass": "block",
116
+ "cloud_advisory": "block",
117
+ "encoded_exfiltration": "block",
62
118
  },
63
119
  "custom": {
64
120
  "local_secret_read": "require-reapproval",
@@ -67,6 +123,14 @@ SECURITY_LEVEL_RISK_ACTIONS: dict[str, dict[str, GuardAction]] = {
67
123
  "destructive_shell": "require-reapproval",
68
124
  "encoded_execution": "require-reapproval",
69
125
  "network_egress": "warn",
126
+ "prompt_injection": "require-reapproval",
127
+ "mcp_dangerous_tool": "require-reapproval",
128
+ "malicious_skill": "require-reapproval",
129
+ "package_script": "warn",
130
+ "persistence": "require-reapproval",
131
+ "guard_bypass": "block",
132
+ "cloud_advisory": "warn",
133
+ "encoded_exfiltration": "require-reapproval",
70
134
  },
71
135
  }
72
136
  EDITABLE_GUARD_SETTING_KEYS = frozenset(
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/src/codex_plugin_scanner/version.py RENAMED
@@ -1,3 +1,3 @@
1
1
  """Single source of truth for tool version."""
2
2
 
3
- __version__ = "2.0.122"
3
+ __version__ = "2.0.123"
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_cli.py RENAMED
@@ -203,6 +203,137 @@ def test_guard_settings_set_global_risk_action_preserves_preset_defaults(tmp_pat
203
203
  assert resolve_risk_action(loaded, "network_egress", harness="codex") == "require-reapproval"
204
204
 
205
205
 
206
+ def test_guard_settings_set_security_level_gentle(tmp_path, capsys):
207
+ home_dir = tmp_path / "home"
208
+ _write_text(home_dir / "config.toml", 'security_level = "balanced"\n')
209
+
210
+ rc = main(["guard", "settings", "set", "security-level", "gentle", "--home", str(home_dir), "--json"])
211
+ payload = json.loads(capsys.readouterr().out)
212
+ loaded = load_guard_config(home_dir)
213
+
214
+ assert rc == 0
215
+ assert payload["settings"]["security_level"] == "gentle"
216
+ assert loaded.security_level == "gentle"
217
+ assert loaded.risk_actions == {}
218
+ assert resolve_risk_action(loaded, "network_egress", harness="codex") == "allow"
219
+ assert resolve_risk_action(loaded, "local_secret_read", harness="codex") == "warn"
220
+
221
+
222
+ def test_guard_settings_set_security_level_paranoid(tmp_path, capsys):
223
+ home_dir = tmp_path / "home"
224
+ _write_text(home_dir / "config.toml", 'security_level = "balanced"\n')
225
+
226
+ rc = main(["guard", "settings", "set", "security-level", "paranoid", "--home", str(home_dir), "--json"])
227
+ payload = json.loads(capsys.readouterr().out)
228
+ loaded = load_guard_config(home_dir)
229
+
230
+ assert rc == 0
231
+ assert payload["settings"]["security_level"] == "paranoid"
232
+ assert loaded.security_level == "paranoid"
233
+ assert loaded.risk_actions == {}
234
+ assert resolve_risk_action(loaded, "network_egress", harness="codex") == "block"
235
+ assert resolve_risk_action(loaded, "local_secret_read", harness="codex") == "block"
236
+
237
+
238
+ def test_guard_settings_set_preset_command(tmp_path, capsys):
239
+ home_dir = tmp_path / "home"
240
+ _write_text(home_dir / "config.toml", 'security_level = "custom"\n')
241
+
242
+ rc = main(["guard", "settings", "set", "preset", "strict", "--home", str(home_dir), "--json"])
243
+ payload = json.loads(capsys.readouterr().out)
244
+ loaded = load_guard_config(home_dir)
245
+
246
+ assert rc == 0
247
+ assert payload["settings"]["security_level"] == "strict"
248
+ assert loaded.security_level == "strict"
249
+ assert resolve_risk_action(loaded, "data_flow_exfiltration", harness="codex") == "block"
250
+
251
+
252
+ def test_guard_settings_set_secret_files(tmp_path, capsys):
253
+ home_dir = tmp_path / "home"
254
+
255
+ rc = main(["guard", "settings", "set", "secret-files", "allow", "--home", str(home_dir), "--json"])
256
+ payload = json.loads(capsys.readouterr().out)
257
+ loaded = load_guard_config(home_dir)
258
+
259
+ assert rc == 0
260
+ assert loaded.risk_actions is not None
261
+ assert loaded.risk_actions.get("local_secret_read") == "allow"
262
+ _ = payload
263
+
264
+
265
+ def test_guard_settings_set_network(tmp_path, capsys):
266
+ home_dir = tmp_path / "home"
267
+
268
+ rc = main(["guard", "settings", "set", "network", "block", "--home", str(home_dir), "--json"])
269
+ json.loads(capsys.readouterr().out)
270
+ loaded = load_guard_config(home_dir)
271
+
272
+ assert rc == 0
273
+ assert loaded.risk_actions is not None
274
+ assert loaded.risk_actions.get("network_egress") == "block"
275
+
276
+
277
+ def test_guard_settings_set_encoded_payloads(tmp_path, capsys):
278
+ home_dir = tmp_path / "home"
279
+
280
+ rc = main(["guard", "settings", "set", "encoded-payloads", "block", "--home", str(home_dir), "--json"])
281
+ json.loads(capsys.readouterr().out)
282
+ loaded = load_guard_config(home_dir)
283
+
284
+ assert rc == 0
285
+ assert loaded.risk_actions is not None
286
+ assert loaded.risk_actions.get("encoded_execution") == "block"
287
+ assert loaded.risk_actions.get("encoded_exfiltration") == "block"
288
+
289
+
290
+ def test_guard_config_migration_old_config_lacking_new_risk_keys(tmp_path):
291
+ home_dir = tmp_path / "home"
292
+ _write_text(
293
+ home_dir / "config.toml",
294
+ "\n".join(
295
+ [
296
+ 'security_level = "balanced"',
297
+ "",
298
+ "[risk_actions]",
299
+ 'local_secret_read = "allow"',
300
+ 'network_egress = "warn"',
301
+ ]
302
+ )
303
+ + "\n",
304
+ )
305
+
306
+ loaded = load_guard_config(home_dir)
307
+
308
+ assert loaded.security_level == "balanced"
309
+ assert resolve_risk_action(loaded, "local_secret_read", harness="codex") == "allow"
310
+ assert resolve_risk_action(loaded, "network_egress", harness="codex") == "warn"
311
+ assert resolve_risk_action(loaded, "prompt_injection", harness="codex") == "require-reapproval"
312
+ assert resolve_risk_action(loaded, "guard_bypass", harness="codex") == "block"
313
+
314
+
315
+ def test_guard_config_validation_rejects_unknown_preset(tmp_path):
316
+ home_dir = tmp_path / "home"
317
+ _write_text(home_dir / "config.toml", 'security_level = "ultra-strict"\n')
318
+
319
+ loaded = load_guard_config(home_dir)
320
+
321
+ assert loaded.security_level == "balanced"
322
+
323
+
324
+ def test_guard_settings_new_risk_keys_in_paranoid_preset(tmp_path):
325
+ home_dir = tmp_path / "home"
326
+ _write_text(home_dir / "config.toml", 'security_level = "paranoid"\n')
327
+
328
+ loaded = load_guard_config(home_dir)
329
+
330
+ assert resolve_risk_action(loaded, "prompt_injection", harness="codex") == "block"
331
+ assert resolve_risk_action(loaded, "mcp_dangerous_tool", harness="codex") == "block"
332
+ assert resolve_risk_action(loaded, "malicious_skill", harness="codex") == "block"
333
+ assert resolve_risk_action(loaded, "guard_bypass", harness="codex") == "block"
334
+ assert resolve_risk_action(loaded, "encoded_exfiltration", harness="codex") == "block"
335
+
336
+
206
337
  def _build_guard_fixture(home_dir: Path, workspace_dir: Path) -> None:
207
338
  _write_text(
208
339
  home_dir / ".codex" / "config.toml",
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_config_paths.py RENAMED
@@ -211,6 +211,14 @@ def test_dashboard_settings_switch_to_custom_carries_forward_effective_risk_map(
211
211
  "destructive_shell": "require-reapproval",
212
212
  "encoded_execution": "require-reapproval",
213
213
  "network_egress": "require-reapproval",
214
+ "prompt_injection": "block",
215
+ "mcp_dangerous_tool": "block",
216
+ "malicious_skill": "block",
217
+ "package_script": "require-reapproval",
218
+ "persistence": "block",
219
+ "guard_bypass": "block",
220
+ "cloud_advisory": "require-reapproval",
221
+ "encoded_exfiltration": "block",
214
222
  }
215
223
  assert resolve_risk_action(loaded, "network_egress", harness="codex") == "require-reapproval"
216
224
 
{plugin_scanner-2.0.122 → plugin_scanner-2.0.123}/tests/test_guard_surface_server.py RENAMED
@@ -250,6 +250,87 @@ class TestGuardSurfaceServer:
250
250
  assert "approval_wait_timeout_seconds = 45" in config_text
251
251
  assert "telemetry = true" in config_text
252
252
 
253
+ def test_guard_daemon_settings_accepts_gentle_preset(self, tmp_path) -> None:
254
+ store = GuardStore(tmp_path / "guard-home")
255
+ daemon = GuardDaemonServer(store, host="127.0.0.1", port=0)
256
+ daemon.start()
257
+
258
+ try:
259
+ update_request = urllib.request.Request(
260
+ f"http://127.0.0.1:{daemon.port}/v1/settings",
261
+ data=json.dumps({"settings": {"security_level": "gentle"}}).encode("utf-8"),
262
+ headers={
263
+ "Content-Type": "application/json",
264
+ "X-Guard-Token": daemon._server.auth_token,
265
+ },
266
+ method="POST",
267
+ )
268
+ with urllib.request.urlopen(update_request, timeout=5) as response:
269
+ payload = json.loads(response.read().decode("utf-8"))
270
+ finally:
271
+ daemon.stop()
272
+
273
+ assert payload["settings"]["security_level"] == "gentle"
274
+
275
+ def test_guard_daemon_settings_accepts_paranoid_preset(self, tmp_path) -> None:
276
+ store = GuardStore(tmp_path / "guard-home")
277
+ daemon = GuardDaemonServer(store, host="127.0.0.1", port=0)
278
+ daemon.start()
279
+
280
+ try:
281
+ update_request = urllib.request.Request(
282
+ f"http://127.0.0.1:{daemon.port}/v1/settings",
283
+ data=json.dumps({"settings": {"security_level": "paranoid"}}).encode("utf-8"),
284
+ headers={
285
+ "Content-Type": "application/json",
286
+ "X-Guard-Token": daemon._server.auth_token,
287
+ },
288
+ method="POST",
289
+ )
290
+ with urllib.request.urlopen(update_request, timeout=5) as response:
291
+ payload = json.loads(response.read().decode("utf-8"))
292
+ finally:
293
+ daemon.stop()
294
+
295
+ assert payload["settings"]["security_level"] == "paranoid"
296
+
297
+ def test_guard_daemon_settings_accepts_new_risk_keys(self, tmp_path) -> None:
298
+ store = GuardStore(tmp_path / "guard-home")
299
+ daemon = GuardDaemonServer(store, host="127.0.0.1", port=0)
300
+ daemon.start()
301
+
302
+ try:
303
+ update_request = urllib.request.Request(
304
+ f"http://127.0.0.1:{daemon.port}/v1/settings",
305
+ data=json.dumps(
306
+ {
307
+ "settings": {
308
+ "risk_actions": {
309
+ "prompt_injection": "block",
310
+ "mcp_dangerous_tool": "block",
311
+ "guard_bypass": "block",
312
+ "encoded_exfiltration": "require-reapproval",
313
+ }
314
+ }
315
+ }
316
+ ).encode("utf-8"),
317
+ headers={
318
+ "Content-Type": "application/json",
319
+ "X-Guard-Token": daemon._server.auth_token,
320
+ },
321
+ method="POST",
322
+ )
323
+ with urllib.request.urlopen(update_request, timeout=5) as response:
324
+ payload = json.loads(response.read().decode("utf-8"))
325
+ finally:
326
+ daemon.stop()
327
+
328
+ risk = payload["settings"].get("risk_actions", {})
329
+ assert risk.get("prompt_injection") == "block"
330
+ assert risk.get("mcp_dangerous_tool") == "block"
331
+ assert risk.get("guard_bypass") == "block"
332
+ assert risk.get("encoded_exfiltration") == "require-reapproval"
333
+
253
334
  def test_guard_daemon_claude_hook_endpoint_returns_native_pretooluse_response(self, tmp_path) -> None:
254
335
  home_dir = tmp_path / "home"
255
336
  workspace_dir = tmp_path / "workspace"