PyPI - plugin-scanner - Versions diffs - 2.0.124__tar.gz → 2.0.126__tar.gz - Mend

plugin-scanner 2.0.124tar.gz → 2.0.126tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (382) hide show

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.124
+Version: 2.0.126
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "plugin-scanner"
-version = "2.0.124"
+version = "2.0.126"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/pyproject.toml.bak RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "hol-guard"
-version = "2.0.124"
+version = "2.0.126"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/src/codex_plugin_scanner/guard/config.py RENAMED Viewed

@@ -254,6 +254,7 @@ class GuardConfig:
     harness_actions: dict[str, GuardAction] | None = None
     publisher_actions: dict[str, GuardAction] | None = None
     artifact_actions: dict[str, GuardAction] | None = None
+    evidence_retain_days: int = 90
     def resolve_action_override(
         self,

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/src/codex_plugin_scanner/guard/daemon/server.py RENAMED Viewed

@@ -23,6 +23,11 @@ from ..config import editable_guard_settings, load_guard_config, update_guard_se
 from ..models import DECISION_SCOPE_VALUES, GUARD_ACTION_VALUES
 from ..runtime.surface_server import GuardSurfaceRuntime
 from ..store import GuardStore
+from ..store_evidence import (
+    count_evidence,
+    export_evidence_json,
+    list_evidence,
+)
 from .manager import (
     GUARD_DAEMON_COMPATIBILITY_VERSION,
     clear_guard_daemon_state,
@@ -182,6 +187,40 @@ class _GuardDaemonHandler(BaseHTTPRequestHandler):
                 {"items": store.list_policy_decisions(harness=harness if isinstance(harness, str) else None)}
             )
             return
+        if parsed.path == "/v1/evidence":
+            query = parse_qs(parsed.query)
+            harness_q = query.get("harness", [None])[-1]
+            category_q = query.get("category", [None])[-1]
+            severity_q = query.get("severity", [None])[-1]
+            before_q = query.get("before", [None])[-1]
+            limit_q = query.get("limit", ["100"])[-1]
+            try:
+                limit_v = min(int(limit_q), 500)
+            except (ValueError, TypeError):
+                limit_v = 100
+            with store._connect() as conn:
+                records = list_evidence(
+                    conn,
+                    harness=harness_q if isinstance(harness_q, str) else None,
+                    category=category_q if isinstance(category_q, str) else None,
+                    severity=severity_q if isinstance(severity_q, str) else None,
+                    before_cursor=before_q if isinstance(before_q, str) else None,
+                    limit=limit_v,
+                )
+                total = count_evidence(conn)
+            self._write_json({
+                "items": [vars(r) for r in records],
+                "total": total,
+            })
+            return
+        if parsed.path == "/v1/evidence/export":
+            with store._connect() as conn:
+                payload = export_evidence_json(conn, limit=10_000)
+            self.send_response(200)
+            self.send_header("Content-Type", "application/json")
+            self.end_headers()
+            self.wfile.write(payload.encode("utf-8"))
+            return
         if len(path_parts) == 4 and path_parts[:3] == ["v1", "artifacts", path_parts[2]] and path_parts[3] == "diff":
             query = parse_qs(parsed.query)
             harness = query.get("harness", [None])[-1]

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/src/codex_plugin_scanner/guard/store.py RENAMED Viewed

@@ -71,6 +71,10 @@ from .store_connect import (
 from .store_connect import (
     mark_connect_result as persist_connect_result,
 )
+from .store_evidence import (
+    evidence_index_statements,
+    evidence_schema_statement,
+)
 from .types import CapabilitySet
 _SYNC_TOKEN_REF = "guard-cloud-token"
@@ -646,10 +650,13 @@ class GuardStore:
             connect_request_schema_statement(),
             connect_state_schema_statement(),
             approval_schema_statement(),
+            evidence_schema_statement(),
         )
         with self._connect() as connection:
             for statement in statements:
                 connection.execute(statement)
+            for idx_stmt in evidence_index_statements():
+                connection.execute(idx_stmt)
             self._ensure_policy_column(connection, "publisher", "text")
             self._ensure_policy_column(connection, "artifact_hash", "text")
             self._ensure_policy_column(connection, "owner", "text")

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/src/codex_plugin_scanner/guard/store_approvals.py RENAMED Viewed

@@ -175,6 +175,10 @@ def list_approval_requests(
     status: str | None = "pending",
     harness: str | None = None,
     limit: int | None = 50,
+    before_cursor: str | None = None,
+    search: str | None = None,
+    created_after: str | None = None,
+    created_before: str | None = None,
 ) -> list[dict[str, object]]:
     clauses = []
     params: list[object] = []
@@ -184,6 +188,24 @@ def list_approval_requests(
     if harness is not None:
         clauses.append("harness = ?")
         params.append(harness)
+    if before_cursor is not None:
+        clauses.append("created_at < ?")
+        params.append(before_cursor)
+    if created_after is not None:
+        clauses.append("created_at > ?")
+        params.append(created_after)
+    if created_before is not None:
+        clauses.append("created_at < ?")
+        params.append(created_before)
+    if search is not None:
+        search_clause = (
+            "(lower(artifact_name) like lower(?)"
+            " or lower(artifact_id) like lower(?)"
+            " or lower(coalesce(risk_summary, '')) like lower(?))"
+        )
+        clauses.append(search_clause)
+        pattern = f"%{search}%"
+        params.extend([pattern, pattern, pattern])
     where_clause = f"where {' and '.join(clauses)}" if clauses else ""
     query = f"""
         select request_id, harness, artifact_id, artifact_name, artifact_type, artifact_hash, publisher, policy_action,
@@ -243,14 +265,22 @@ def resolve_approval_request(
     )
-def count_approval_requests(connection: sqlite3.Connection, *, status: str | None = "pending") -> int:
-    if status is None:
-        row = connection.execute("select count(*) as total from approval_requests").fetchone()
-    else:
-        row = connection.execute(
-            "select count(*) as total from approval_requests where status = ?",
-            (status,),
-        ).fetchone()
+def count_approval_requests(
+    connection: sqlite3.Connection,
+    *,
+    status: str | None = "pending",
+    harness: str | None = None,
+) -> int:
+    clauses = []
+    params: list[object] = []
+    if status is not None:
+        clauses.append("status = ?")
+        params.append(status)
+    if harness is not None:
+        clauses.append("harness = ?")
+        params.append(harness)
+    where_clause = f"where {' and '.join(clauses)}" if clauses else ""
+    row = connection.execute(f"select count(*) as total from approval_requests {where_clause}", params).fetchone()
     return int(row["total"]) if row is not None else 0
@@ -265,14 +295,14 @@ def _row_to_payload(row: sqlite3.Row) -> dict[str, object]:
         "publisher": row["publisher"],
         "policy_action": str(row["policy_action"]),
         "recommended_scope": str(row["recommended_scope"]),
-        "changed_fields": json.loads(str(row["changed_fields_json"])),
+        "changed_fields": _safe_json_list(row["changed_fields_json"]),
         "source_scope": str(row["source_scope"]),
         "config_path": str(row["config_path"]),
         "workspace": row["workspace"],
         "launch_target": row["launch_target"],
         "transport": row["transport"],
         "risk_summary": row["risk_summary"],
-        "risk_signals": json.loads(str(row["risk_signals_json"])),
+        "risk_signals": _safe_json_list(row["risk_signals_json"]),
         "artifact_label": row["artifact_label"],
         "source_label": row["source_label"],
         "trigger_summary": row["trigger_summary"],
@@ -292,6 +322,111 @@ def _row_to_payload(row: sqlite3.Row) -> dict[str, object]:
     }
+def _safe_json_list(value: object) -> list[object]:
+    if value is None:
+        return []
+    try:
+        parsed = json.loads(str(value))
+    except (json.JSONDecodeError, TypeError, ValueError):
+        return []
+    return list(parsed) if isinstance(parsed, list) else []
+def approval_index_statements() -> list[str]:
+    return [
+        "create index if not exists idx_approval_status_created on approval_requests(status, created_at desc)",
+        "create index if not exists idx_approval_harness_status on approval_requests(harness, status)",
+        "create index if not exists idx_approval_artifact_hash on approval_requests(artifact_hash)",
+        "create index if not exists idx_approval_workspace_status on approval_requests(workspace, status)",
+        "create index if not exists idx_approval_policy_action on approval_requests(policy_action)",
+        "create index if not exists idx_approval_resolution on approval_requests(resolution_action, resolved_at)",
+    ]
+def bulk_resolve_approval_requests(
+    connection: sqlite3.Connection,
+    request_ids: list[str],
+    *,
+    resolution_action: str,
+    resolution_scope: str,
+    reason: str | None,
+    resolved_at: str,
+) -> None:
+    if not request_ids:
+        return
+    placeholders = ",".join("?" for _ in request_ids)
+    connection.execute(
+        f"""
+        update approval_requests
+        set status = 'resolved',
+            resolution_action = ?,
+            resolution_scope = ?,
+            reason = ?,
+            resolved_at = ?
+        where request_id in ({placeholders})
+          and status = 'pending'
+        """,
+        [resolution_action, resolution_scope, reason, resolved_at, *request_ids],
+    )
+def clear_approval_requests_by_harness(connection: sqlite3.Connection, harness: str) -> int:
+    cursor = connection.execute(
+        "delete from approval_requests where harness = ? and status = 'resolved'",
+        (harness,),
+    )
+    return cursor.rowcount
+def clear_approval_requests_by_workspace(connection: sqlite3.Connection, workspace: str) -> int:
+    cursor = connection.execute(
+        "delete from approval_requests where workspace = ? and status = 'resolved'",
+        (workspace,),
+    )
+    return cursor.rowcount
+def clear_approval_requests_by_scope(connection: sqlite3.Connection, source_scope: str) -> int:
+    cursor = connection.execute(
+        "delete from approval_requests where source_scope = ? and status = 'resolved'",
+        (source_scope,),
+    )
+    return cursor.rowcount
+def clear_resolved_approval_requests_before(connection: sqlite3.Connection, before_timestamp: str) -> int:
+    cursor = connection.execute(
+        "delete from approval_requests where status = 'resolved' and resolved_at < ?",
+        (before_timestamp,),
+    )
+    return cursor.rowcount
+def compact_approval_requests(connection: sqlite3.Connection) -> int:
+    rows = connection.execute(
+        """
+        select artifact_id, max(created_at) as latest_created
+        from approval_requests
+        where status = 'resolved'
+        group by artifact_id
+        having count(*) > 1
+        """
+    ).fetchall()
+    total_removed = 0
+    for row in rows:
+        cursor = connection.execute(
+            """
+            delete from approval_requests
+            where artifact_id = ?
+              and status = 'resolved'
+              and created_at < ?
+            """,
+            (row["artifact_id"], row["latest_created"]),
+        )
+        total_removed += cursor.rowcount
+    return total_removed
 def _optional_json_object(value: object) -> dict[str, object] | None:
     if value is None:
         return None

plugin_scanner-2.0.126/src/codex_plugin_scanner/guard/store_evidence.py ADDED Viewed

@@ -0,0 +1,217 @@
+"""Phase 15: Evidence store — table, indexes, CRUD, search, export, compaction."""
+from __future__ import annotations
+import json
+import sqlite3
+from dataclasses import dataclass, field
+from datetime import datetime, timedelta, timezone
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat(timespec="microseconds").replace("+00:00", "Z")
+@dataclass(frozen=True, slots=True)
+class EvidenceRecord:
+    evidence_id: str
+    action_id: str
+    request_id: str
+    harness: str
+    workspace: str
+    signal_id: str
+    category: str
+    severity: str
+    confidence: float
+    summary: str
+    details: dict[str, object] = field(default_factory=dict)
+    created_at: str = field(default_factory=_now_iso)
+def evidence_schema_statement() -> str:
+    return """
+    create table if not exists guard_evidence (
+      evidence_id text not null primary key,
+      action_id   text not null default '',
+      request_id  text not null default '',
+      harness     text not null default '',
+      workspace   text not null default '',
+      signal_id   text not null default '',
+      category    text not null default '',
+      severity    text not null default '',
+      confidence  real not null default 0.0,
+      summary     text not null default '',
+      details_json text not null default '{}',
+      created_at  text not null
+    )
+    """
+def evidence_index_statements() -> list[str]:
+    return [
+        "create index if not exists idx_evidence_created on guard_evidence(created_at desc)",
+        "create index if not exists idx_evidence_request on guard_evidence(request_id)",
+        "create index if not exists idx_evidence_action on guard_evidence(action_id)",
+        "create index if not exists idx_evidence_category_severity on guard_evidence(category, severity)",
+        "create index if not exists idx_evidence_harness_workspace on guard_evidence(harness, workspace)",
+    ]
+def _row_to_record(row: sqlite3.Row) -> EvidenceRecord:
+    try:
+        details: dict[str, object] = json.loads(row["details_json"])
+    except (json.JSONDecodeError, TypeError):
+        details = {}
+    return EvidenceRecord(
+        evidence_id=row["evidence_id"],
+        action_id=row["action_id"],
+        request_id=row["request_id"],
+        harness=row["harness"],
+        workspace=row["workspace"],
+        signal_id=row["signal_id"],
+        category=row["category"],
+        severity=row["severity"],
+        confidence=row["confidence"],
+        summary=row["summary"],
+        details=details,
+        created_at=row["created_at"],
+    )
+def store_evidence(conn: sqlite3.Connection, record: EvidenceRecord) -> EvidenceRecord:
+    conn.execute(
+        """
+        insert or replace into guard_evidence
+          (evidence_id, action_id, request_id, harness, workspace, signal_id,
+           category, severity, confidence, summary, details_json, created_at)
+        values (?,?,?,?,?,?,?,?,?,?,?,?)
+        """,
+        (
+            record.evidence_id,
+            record.action_id,
+            record.request_id,
+            record.harness,
+            record.workspace,
+            record.signal_id,
+            record.category,
+            record.severity,
+            record.confidence,
+            record.summary,
+            json.dumps(record.details),
+            record.created_at,
+        ),
+    )
+    conn.commit()
+    return record
+def list_evidence(
+    conn: sqlite3.Connection,
+    *,
+    harness: str | None = None,
+    category: str | None = None,
+    severity: str | None = None,
+    request_id: str | None = None,
+    before_cursor: str | None = None,
+    limit: int = 100,
+) -> list[EvidenceRecord]:
+    clauses: list[str] = []
+    params: list[object] = []
+    if harness is not None:
+        clauses.append("harness = ?")
+        params.append(harness)
+    if category is not None:
+        clauses.append("category = ?")
+        params.append(category)
+    if severity is not None:
+        clauses.append("severity = ?")
+        params.append(severity)
+    if request_id is not None:
+        clauses.append("request_id = ?")
+        params.append(request_id)
+    if before_cursor is not None:
+        clauses.append("created_at < ?")
+        params.append(before_cursor)
+    where = f"where {' and '.join(clauses)}" if clauses else ""
+    params.append(limit)
+    rows = conn.execute(
+        f"select * from guard_evidence {where} order by created_at desc limit ?",
+        params,
+    ).fetchall()
+    return [_row_to_record(r) for r in rows]
+def search_evidence(
+    conn: sqlite3.Connection,
+    query: str,
+    *,
+    limit: int = 100,
+) -> list[EvidenceRecord]:
+    pattern = f"%{query}%"
+    rows = conn.execute(
+        "select * from guard_evidence where lower(summary) like lower(?) order by created_at desc limit ?",
+        (pattern, limit),
+    ).fetchall()
+    return [_row_to_record(r) for r in rows]
+def count_evidence(
+    conn: sqlite3.Connection,
+    *,
+    harness: str | None = None,
+    category: str | None = None,
+) -> int:
+    clauses: list[str] = []
+    params: list[object] = []
+    if harness is not None:
+        clauses.append("harness = ?")
+        params.append(harness)
+    if category is not None:
+        clauses.append("category = ?")
+        params.append(category)
+    where = f"where {' and '.join(clauses)}" if clauses else ""
+    row = conn.execute(f"select count(*) from guard_evidence {where}", params).fetchone()
+    return int(row[0])
+def export_evidence_json(
+    conn: sqlite3.Connection,
+    *,
+    limit: int = 10_000,
+) -> str:
+    records = list_evidence(conn, limit=limit)
+    return json.dumps(
+        [
+            {
+                "evidence_id": r.evidence_id,
+                "action_id": r.action_id,
+                "request_id": r.request_id,
+                "harness": r.harness,
+                "workspace": r.workspace,
+                "signal_id": r.signal_id,
+                "category": r.category,
+                "severity": r.severity,
+                "confidence": r.confidence,
+                "summary": r.summary,
+                "created_at": r.created_at,
+            }
+            for r in records
+        ],
+        indent=2,
+    )
+def compact_evidence(conn: sqlite3.Connection, *, retain_days: int = 90) -> int:
+    cutoff = (
+        (datetime.now(timezone.utc) - timedelta(days=retain_days))
+        .isoformat(timespec="microseconds")
+        .replace("+00:00", "Z")
+    )
+    cursor = conn.execute(
+        "delete from guard_evidence where created_at < ?",
+        (cutoff,),
+    )
+    conn.commit()
+    return cursor.rowcount

{plugin_scanner-2.0.124 → plugin_scanner-2.0.126}/src/codex_plugin_scanner/version.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Single source of truth for tool version."""
-__version__ = "2.0.124"
+__version__ = "2.0.126"

plugin-scanner 2.0.124__tar.gz → 2.0.126__tar.gz

plugin-scanner 2.0.124tar.gz → 2.0.126tar.gz