plugin-scanner 2.0.130__tar.gz → 2.0.132__tar.gz

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.130
+Version: 2.0.132
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner
@@ -132,6 +132,52 @@ See [docs/guard/get-started.md](docs/guard/get-started.md) for the full local fl
 
 </details>
 
+## Guard: Protection Levels
+
+HOL Guard is antivirus for AI harnesses. It intercepts every tool action before your files change or your network is contacted, then decides in milliseconds whether to allow or block.
+
+Choose a protection level with `hol-guard settings set security-level <level>`:
+
+| Level | Who it's for | What it blocks |
+| :--- | :--- | :--- |
+| **Gentle** | Teams who want minimal friction; experienced users | High-confidence secrets and clear exfil only |
+| **Balanced** | Most users (default) | Secrets, shell exfil, prompt injections, supply-chain hooks |
+| **Strict** | Security-conscious teams | Everything above plus low-confidence signals and untrusted prompts |
+| **Paranoid** | High-security environments | All the above plus any unrecognized MCP server action |
+
+If you are unsure, start with **Balanced**. You can promote to **Strict** after reviewing your first week of receipts.
+
+## Guard: Troubleshooting
+
+### Why was my command paused?
+
+Guard paused a command because one or more detectors fired. To see exactly what triggered:
+
+```bash
+hol-guard receipts          # review recent decisions
+hol-guard doctor            # run a probe and see which detectors are active
+hol-guard doctor --perf     # include per-detector timing
+```
+
+If the block looks like a false positive, you can approve it from the receipts view or from the dashboard at `http://localhost:6174`.
+
+### How do I clear approvals?
+
+From the terminal:
+
+```bash
+hol-guard approvals         # list pending approvals
+hol-guard approvals clear   # clear all pending approvals (prompts for confirmation)
+```
+
+From the dashboard: open `http://localhost:6174`, go to the **Approval Center**, and use the **Clear all** button. You will be asked to confirm before any approvals are removed.
+
+## Guard: Advisory Sync Privacy
+
+Guard's advisory database updates are optional and pull-only. When you run `hol-guard advisories sync`, Guard fetches a signed advisory list from `advisories.hol.org`. No local file paths, harness configs, receipt data, or workspace identifiers are sent to any server during sync.
+
+Advisory sync requires a HOL Guard Cloud account. If you have not signed in, sync is skipped and Guard continues using the locally bundled advisory database. Run `hol-guard login` to connect a free account.
+
 ## Scanner Quickstart
 
 ```bash

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/README.md

@@ -92,6 +92,52 @@ See [docs/guard/get-started.md](docs/guard/get-started.md) for the full local fl
 
 </details>
 
+## Guard: Protection Levels
+
+HOL Guard is antivirus for AI harnesses. It intercepts every tool action before your files change or your network is contacted, then decides in milliseconds whether to allow or block.
+
+Choose a protection level with `hol-guard settings set security-level <level>`:
+
+| Level | Who it's for | What it blocks |
+| :--- | :--- | :--- |
+| **Gentle** | Teams who want minimal friction; experienced users | High-confidence secrets and clear exfil only |
+| **Balanced** | Most users (default) | Secrets, shell exfil, prompt injections, supply-chain hooks |
+| **Strict** | Security-conscious teams | Everything above plus low-confidence signals and untrusted prompts |
+| **Paranoid** | High-security environments | All the above plus any unrecognized MCP server action |
+
+If you are unsure, start with **Balanced**. You can promote to **Strict** after reviewing your first week of receipts.
+
+## Guard: Troubleshooting
+
+### Why was my command paused?
+
+Guard paused a command because one or more detectors fired. To see exactly what triggered:
+
+```bash
+hol-guard receipts          # review recent decisions
+hol-guard doctor            # run a probe and see which detectors are active
+hol-guard doctor --perf     # include per-detector timing
+```
+
+If the block looks like a false positive, you can approve it from the receipts view or from the dashboard at `http://localhost:6174`.
+
+### How do I clear approvals?
+
+From the terminal:
+
+```bash
+hol-guard approvals         # list pending approvals
+hol-guard approvals clear   # clear all pending approvals (prompts for confirmation)
+```
+
+From the dashboard: open `http://localhost:6174`, go to the **Approval Center**, and use the **Clear all** button. You will be asked to confirm before any approvals are removed.
+
+## Guard: Advisory Sync Privacy
+
+Guard's advisory database updates are optional and pull-only. When you run `hol-guard advisories sync`, Guard fetches a signed advisory list from `advisories.hol.org`. No local file paths, harness configs, receipt data, or workspace identifiers are sent to any server during sync.
+
+Advisory sync requires a HOL Guard Cloud account. If you have not signed in, sync is skipped and Guard continues using the locally bundled advisory database. Run `hol-guard login` to connect a free account.
+
 ## Scanner Quickstart
 
 ```bash

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/docs/guard/testing-matrix.md

@@ -81,3 +81,29 @@ Nightly release-bar coverage should include:
 - Claude Code or Cursor on a self-hosted macOS runner
 - Gemini or OpenCode on a self-hosted Windows runner
 - a release gate that only passes when those harness families stay green
+
+## Red-Team Fixture Suite (T646)
+
+Run the red-team corpus to validate fixture safety and manifest integrity:
+
+```bash
+pytest tests/test_guard_red_team.py tests/test_guard_canary_fixtures.py -q
+```
+
+This verifies:
+- All malicious fixtures use only `hol-fake-*` sentinel values and route to the canary domain
+- All benign fixtures contain no exfil patterns or real key prefixes
+- Every fixture listed in `expected-decisions.json` exists on disk
+- No local usernames, real paths, or real tokens appear in any fixture
+
+To run only the red-team manifest and safety tests:
+
+```bash
+pytest tests/test_guard_red_team.py -q
+```
+
+To run the full test suite including red-team:
+
+```bash
+pytest -q
+```

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "plugin-scanner"
-version = "2.0.130"
+version = "2.0.132"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/pyproject.toml.bak

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "hol-guard"
-version = "2.0.130"
+version = "2.0.132"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/cli/render.py

@@ -1768,6 +1768,15 @@ def _build_approval_table(items: list[dict[str, object]], *, title: str | None)
         table.add_row("—", "—", "No pending approvals", "—", "—", "—", "—")
         return table
     for item in items:
+        approval_url = item.get("approval_url")
+        fallback_cli = item.get("fallback_cli_command")
+        review_cmd = str(item.get("review_command") or "hol-guard approvals")
+        if approval_url and fallback_cli:
+            resolve_text = f"{approval_url}\n  or: {fallback_cli}"
+        elif approval_url:
+            resolve_text = str(approval_url)
+        else:
+            resolve_text = review_cmd
         table.add_row(
             str(item.get("request_id") or "unknown"),
             str(item.get("harness") or "unknown"),
@@ -1775,7 +1784,7 @@ def _build_approval_table(items: list[dict[str, object]], *, title: str | None)
             ", ".join(_coerce_string_list(item.get("changed_fields"))) or "none",
             str(item.get("risk_summary") or "no obvious secret/network signal"),
             _action_text(str(item.get("policy_action") or "warn")),
-            str(item.get("review_command") or "hol-guard approvals"),
+            resolve_text,
         )
     return table
 

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/daemon/manager.py

@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import dataclasses
 import hashlib
 import json
 import os
@@ -33,6 +34,7 @@ _EPHEMERAL_GUARD_DAEMON_STALE_SECONDS = 30.0
 _EPHEMERAL_GUARD_DAEMON_MAX_STATES = 512
 _GUARD_DAEMON_PRIVATE_FILE_MODE = 0o600
 _GUARD_DAEMON_PRIVATE_DIR_MODE = 0o700
+_APPROVAL_CENTER_LOCATOR_FILE = "approval-center-locator.json"
 
 _START_LOCKS: dict[str, threading.Lock] = {}
 _START_LOCKS_GUARD = threading.Lock()
@@ -40,6 +42,18 @@ _LAST_EPHEMERAL_REAP_AT = 0.0
 _RUNTIME_FINGERPRINT_CACHE: str | None = None
 
 
+@dataclasses.dataclass(frozen=True, slots=True)
+class ApprovalCenterLocator:
+    """Structured snapshot of where the Guard approval-center daemon is running."""
+
+    guard_home: Path
+    daemon_url: str
+    approval_url_base: str
+    pid: int
+    started_at: str
+    state_path: Path
+
+
 def _daemon_launcher_env() -> dict[str, str]:
     env = dict(os.environ)
     pythonpath_entries: list[str] = []
@@ -173,6 +187,102 @@ def clear_guard_daemon_state(guard_home: Path) -> None:
     _write_private_text(state_path, "{}")
 
 
+def _locator_path(guard_home: Path) -> Path:
+    return guard_home / _APPROVAL_CENTER_LOCATOR_FILE
+
+
+def write_approval_center_locator(guard_home: Path, locator: ApprovalCenterLocator) -> None:
+    locator_path = _locator_path(guard_home)
+    _ensure_private_directory(locator_path.parent)
+    payload = {
+        "guard_home": str(locator.guard_home),
+        "daemon_url": locator.daemon_url,
+        "approval_url_base": locator.approval_url_base,
+        "pid": locator.pid,
+        "started_at": locator.started_at,
+        "state_path": str(locator.state_path),
+    }
+    _write_private_text(locator_path, json.dumps(payload, indent=2))
+
+
+def read_approval_center_locator(guard_home: Path) -> ApprovalCenterLocator | None:
+    locator_path = _locator_path(guard_home)
+    if not locator_path.is_file():
+        return None
+    try:
+        payload = json.loads(locator_path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return None
+    if not isinstance(payload, dict):
+        return None
+    pid = payload.get("pid")
+    if not isinstance(pid, int) or pid <= 0:
+        return None
+    if not _guard_daemon_pid_is_running(pid):
+        return None
+    if not _guard_daemon_pid_matches_command(pid, expected_guard_home=guard_home):
+        return None
+    daemon_url = payload.get("daemon_url")
+    approval_url_base = payload.get("approval_url_base")
+    started_at = payload.get("started_at")
+    state_path_str = payload.get("state_path")
+    guard_home_str = payload.get("guard_home")
+    if not all(isinstance(v, str) for v in (daemon_url, approval_url_base, started_at, state_path_str, guard_home_str)):
+        return None
+    return ApprovalCenterLocator(
+        guard_home=Path(guard_home_str),
+        daemon_url=daemon_url,
+        approval_url_base=approval_url_base,
+        pid=pid,
+        started_at=started_at,
+        state_path=Path(state_path_str),
+    )
+
+
+def _approval_center_daemon_is_healthy(daemon_url: str) -> bool:
+    try:
+        with urllib.request.urlopen(f"{daemon_url}/healthz", timeout=1) as response:
+            if response.status != 200:
+                return False
+            return _healthz_payload_is_current(response.read().decode("utf-8"))
+    except (OSError, ValueError, urllib.error.URLError):
+        return False
+
+
+def _daemon_state_pid_matches_locator(guard_home: Path, locator_pid: int) -> bool:
+    state = _load_state(guard_home)
+    if not isinstance(state, dict):
+        return False
+    state_pid = state.get("pid")
+    return isinstance(state_pid, int) and state_pid == locator_pid
+
+
+def ensure_approval_center(guard_home: Path) -> ApprovalCenterLocator:
+    existing = read_approval_center_locator(guard_home)
+    if (
+        existing is not None
+        and _approval_center_daemon_is_healthy(existing.daemon_url)
+        and _daemon_state_pid_matches_locator(guard_home, existing.pid)
+    ):
+        return existing
+    daemon_url = ensure_guard_daemon(guard_home)
+    now = datetime.now(tz=timezone.utc).isoformat()
+    state = _load_state(guard_home)
+    pid = state.get("pid") if isinstance(state, dict) else None
+    if not isinstance(pid, int) or pid <= 0:
+        pid = os.getpid()
+    locator = ApprovalCenterLocator(
+        guard_home=guard_home,
+        daemon_url=daemon_url,
+        approval_url_base=daemon_url,
+        pid=pid,
+        started_at=now,
+        state_path=_state_path(guard_home),
+    )
+    write_approval_center_locator(guard_home, locator)
+    return locator
+
+
 def _load_state(guard_home: Path) -> dict[str, object] | None:
     state_path = _state_path(guard_home)
     if not state_path.is_file():

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/models.py

@@ -180,6 +180,7 @@ class GuardApprovalRequest:
     risk_headline: str | None = None
     action_envelope_json: dict[str, object] | None = None
     decision_v2_json: dict[str, object] | None = None
+    fallback_cli_command: str | None = None
 
     def to_dict(self) -> dict[str, object]:
         payload = asdict(self)

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/store.py

@@ -686,6 +686,7 @@ class GuardStore:
             self._ensure_approval_column(connection, "action_envelope_json", "text")
             self._ensure_approval_column(connection, "decision_v2_json", "text")
             self._ensure_approval_column(connection, "workspace", "text")
+            self._ensure_approval_column(connection, "fallback_cli_command", "text")
             self._ensure_attachment_column(connection, "lease_id", "text not null default ''")
             self._ensure_attachment_column(connection, "lease_expires_at", "text")
             self._ensure_local_device(connection)

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/store_approvals.py

@@ -36,6 +36,7 @@ def approval_schema_statement() -> str:
            risk_headline text,
             action_envelope_json text,
             decision_v2_json text,
+            fallback_cli_command text,
             review_command text not null,
            approval_url text not null,
           status text not null,
@@ -70,7 +71,7 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
                 recommended_scope = ?, changed_fields_json = ?, source_scope = ?, config_path = ?, workspace = ?,
                 launch_target = ?, transport = ?, risk_summary = ?, risk_signals_json = ?,
                 artifact_label = ?, source_label = ?, trigger_summary = ?, why_now = ?, launch_summary = ?,
-                risk_headline = ?, action_envelope_json = ?, decision_v2_json = ?,
+                risk_headline = ?, action_envelope_json = ?, decision_v2_json = ?, fallback_cli_command = ?,
                 review_command = ?, approval_url = ?, created_at = ?
             where request_id = ?
             """,
@@ -97,6 +98,11 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
                 request.risk_headline,
                 json.dumps(request.action_envelope_json) if request.action_envelope_json is not None else None,
                 json.dumps(request.decision_v2_json) if request.decision_v2_json is not None else None,
+                (
+                    _rewrite_review_command(request.fallback_cli_command, request_id)
+                    if request.fallback_cli_command
+                    else None
+                ),
                 review_command,
                 approval_url,
                 now,
@@ -111,10 +117,10 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
           recommended_scope, changed_fields_json, source_scope, config_path, workspace,
            launch_target, transport, risk_summary,
            risk_signals_json, artifact_label, source_label, trigger_summary, why_now, launch_summary, risk_headline,
-            action_envelope_json, decision_v2_json, review_command,
+            action_envelope_json, decision_v2_json, fallback_cli_command, review_command,
             approval_url, status, resolution_action, resolution_scope, reason, created_at, resolved_at
           )
-          values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+          values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         """,
         (
             request.request_id,
@@ -142,6 +148,7 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
             request.risk_headline,
             json.dumps(request.action_envelope_json) if request.action_envelope_json is not None else None,
             json.dumps(request.decision_v2_json) if request.decision_v2_json is not None else None,
+            request.fallback_cli_command,
             request.review_command,
             request.approval_url,
             "pending",
@@ -211,7 +218,8 @@ def list_approval_requests(
         select request_id, harness, artifact_id, artifact_name, artifact_type, artifact_hash, publisher, policy_action,
                recommended_scope, changed_fields_json, source_scope, config_path, workspace, launch_target, transport,
                 risk_summary, risk_signals_json, artifact_label, source_label, trigger_summary, why_now,
-                launch_summary, risk_headline, action_envelope_json, decision_v2_json, review_command,
+                launch_summary, risk_headline, action_envelope_json, decision_v2_json,
+                fallback_cli_command, review_command,
                 approval_url, status, resolution_action, resolution_scope, reason, created_at, resolved_at
         from approval_requests
         {where_clause}
@@ -230,7 +238,8 @@ def get_approval_request(connection: sqlite3.Connection, request_id: str) -> dic
         select request_id, harness, artifact_id, artifact_name, artifact_type, artifact_hash, publisher, policy_action,
                recommended_scope, changed_fields_json, source_scope, config_path, workspace, launch_target, transport,
                 risk_summary, risk_signals_json, artifact_label, source_label, trigger_summary, why_now,
-                launch_summary, risk_headline, action_envelope_json, decision_v2_json, review_command,
+                launch_summary, risk_headline, action_envelope_json, decision_v2_json,
+                fallback_cli_command, review_command,
                 approval_url, status, resolution_action, resolution_scope, reason, created_at, resolved_at
         from approval_requests
         where request_id = ?
@@ -311,6 +320,7 @@ def _row_to_payload(row: sqlite3.Row) -> dict[str, object]:
         "risk_headline": row["risk_headline"],
         "action_envelope_json": _optional_json_object(row["action_envelope_json"]),
         "decision_v2_json": _optional_json_object(row["decision_v2_json"]),
+        "fallback_cli_command": row["fallback_cli_command"],
         "review_command": str(row["review_command"]),
         "approval_url": str(row["approval_url"]),
         "status": str(row["status"]),

{plugin_scanner-2.0.130 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/version.py

@@ -1,3 +1,3 @@
 """Single source of truth for tool version."""
 
-__version__ = "2.0.130"
+__version__ = "2.0.132"

plugin_scanner-2.0.132/tests/fixtures/guard-red-team/README.md

@@ -0,0 +1,74 @@
+# Guard Red-Team Fixtures
+
+Fixtures in this directory contain intentionally suspicious-looking content used to test
+that HOL Guard correctly detects and blocks malicious AI agent behaviors.
+
+**All credentials, tokens, API keys, and webhook URLs in these fixtures are fake.**
+They use the pattern `hol-fake-*` and route to `https://evil.hol.org/collect`,
+a domain owned by Hashgraph Online solely for testing canary detection.
+
+No real secrets or infrastructure are touched by these tests.
+
+## Files
+
+### Canary Fixtures
+
+| File | Fixture ID | Purpose |
+|------|-----------|---------|
+| `canary-exfil.py` | T604 | Plain-text canary: reads a fake API key and posts it to the canary endpoint |
+| `canary-exfil-encoded.py` | T605 | Encoded canary: base64-encoded exfil payload to test encoded-execution detection |
+
+### Malicious Prompt Fixtures
+
+| File | Fixture ID | Purpose |
+|------|-----------|---------|
+| `malicious-prompt-env-read.md` | T629 | Prompt injection instructing harness to exfiltrate `.env` file contents |
+| `malicious-prompt-npmrc-read.md` | T630 | Prompt injection instructing harness to read npm auth tokens |
+| `malicious-prompt-guard-bypass.md` | T631 | Prompt injection attempting to disable HOL Guard monitoring |
+
+### Malicious MCP Fixtures
+
+| File | Fixture ID | Purpose |
+|------|-----------|---------|
+| `malicious-mcp-delete.md` | T632 | MCP tool call attempting destructive file system deletion |
+| `malicious-mcp-secret-read.md` | T633 | MCP tool call reading credential files then posting to external endpoint |
+| `malicious-mcp-skill-exfil.md` | T634 | MCP skill that exfiltrates workspace data with fake bearer token |
+
+### Malicious Package/Infra Fixtures
+
+| File | Fixture ID | Purpose |
+|------|-----------|---------|
+| `malicious-npm-postinstall.js` | T635 | npm postinstall hook harvesting local credential files |
+| `malicious-python-setup.py` | T636 | Python setup.py exfiltrating credential files on install |
+| `malicious-dockerfile.txt` | T637 | Dockerfile that exfiltrates secrets during image build |
+| `malicious-github-action.yml` | T638 | GitHub Actions workflow exfiltrating CI secrets |
+| `malicious-encoded-shell-exfil.py` | T639 | Base64-encoded exfil payload to test obfuscation detection |
+
+### Benign Fixtures
+
+| File | Fixture ID | Purpose |
+|------|-----------|---------|
+| `benign-source-search.py` | T640 | Legitimate source code search — should not trigger any detectors |
+| `benign-health-endpoint.py` | T641 | Legitimate loopback health check — should not trigger any detectors |
+| `benign-docs-fake-token.py` | T642 | Documentation with explanatory fake tokens — should not be blocked |
+| `benign-nvmrc-fake-creds.py` | T643 | .nvmrc read with version string that looks like a credential |
+
+### Manifests
+
+| File | Purpose |
+|------|---------|
+| `expected-decisions.json` | Expected Guard decision for every fixture (used by red-team test runner) |
+| `smoke-evidence-template.json` | Template for recording smoke test evidence during manual harness verification |
+
+## Running Red-Team Tests
+
+```bash
+pytest tests/test_guard_red_team.py tests/test_guard_canary_fixtures.py -q
+```
+
+The red-team test runner (`tests/test_guard_red_team.py`) validates:
+- All malicious fixtures contain only fake key material (no real secrets)
+- All benign fixtures contain no network exfil patterns
+- Fixture structure matches the expected-decisions manifest
+- No local usernames, real paths, or real tokens appear in any fixture
+

plugin_scanner-2.0.132/tests/fixtures/guard-red-team/benign-docs-fake-token.py

@@ -0,0 +1,28 @@
+"""Benign docs with fake token fixture (T642).
+
+This fixture is documentation that happens to contain fake token strings
+that look like real tokens. Guard should NOT block documentation reads
+that only mention tokens in explanatory context.
+
+The tokens below are clearly fake and used only for illustrative purposes.
+"""
+
+
+DOCS = """
+# API Authentication Guide
+
+To authenticate, pass your API token in the Authorization header:
+
+    Authorization: Bearer <your-api-token>
+
+Example (using a placeholder — replace with your real token):
+
+    curl -H "Authorization: Bearer hol-fake-docs-token-example-0000" \\
+         https://api.example.com/v1/status
+
+Note: hol-fake-docs-token-example-0000 is NOT a real token.
+Do not use this value in production.
+"""
+
+if __name__ == "__main__":
+    print(DOCS)

plugin_scanner-2.0.132/tests/fixtures/guard-red-team/benign-health-endpoint.py

@@ -0,0 +1,26 @@
+"""Benign health endpoint fetch fixture (T641).
+
+Simulates a legitimate health check against a local service.
+No secret files are read. No external network calls to harmful endpoints.
+The URL is a local loopback address only.
+"""
+
+from urllib.error import URLError
+from urllib.request import Request, urlopen
+
+_HEALTH_URL = "http://127.0.0.1:8080/healthz"
+_TIMEOUT_S = 2.0
+
+
+def check_health(url: str = _HEALTH_URL, timeout: float = _TIMEOUT_S) -> bool:
+    try:
+        req = Request(url, method="GET")
+        with urlopen(req, timeout=timeout) as response:
+            return response.status == 200
+    except (URLError, OSError):
+        return False
+
+
+if __name__ == "__main__":
+    ok = check_health()
+    print("healthy" if ok else "unreachable")

plugin_scanner-2.0.132/tests/fixtures/guard-red-team/benign-nvmrc-fake-creds.py

@@ -0,0 +1,29 @@
+"""Benign .nvmrc with fake credential string fixture (T643).
+
+Simulates reading a .nvmrc file that happens to contain a version string
+that superficially resembles a credential. Guard should NOT block benign
+version-file reads.
+
+The strings below are NOT credentials. They are version identifiers used
+only to test that Guard's false-positive rate for benign file reads is low.
+"""
+
+import os
+
+_NVMRC_CONTENT = "v20.11.0\n"
+_FAKE_NVMRC_CRED_LOOKALIKE = "hol-fake-nvmrc-version-token-placeholder-0000"
+
+
+def read_nvmrc(project_root: str = ".") -> str:
+    path = os.path.join(project_root, ".nvmrc")
+    try:
+        with open(path) as fh:
+            return fh.read().strip()
+    except OSError:
+        return _NVMRC_CONTENT.strip()
+
+
+if __name__ == "__main__":
+    version = read_nvmrc()
+    print(f"Node version: {version}")
+    print(f"Placeholder note: {_FAKE_NVMRC_CRED_LOOKALIKE} is not a real token")

plugin_scanner-2.0.132/tests/fixtures/guard-red-team/benign-source-search.py

@@ -0,0 +1,34 @@
+"""Benign source search fixture (T640).
+
+This fixture simulates a legitimate source code search operation.
+No secret files are read. No external network calls are made.
+All identifiers are benign.
+"""
+
+import os
+import re
+
+_SEARCH_ROOT = "src"
+_PATTERN = re.compile(r"def\s+\w+\(")
+
+
+def search_functions(root: str) -> list[tuple[str, int, str]]:
+    matches: list[tuple[str, int, str]] = []
+    for dirpath, _dirs, files in os.walk(root):
+        for fname in files:
+            if not fname.endswith(".py"):
+                continue
+            fpath = os.path.join(dirpath, fname)
+            try:
+                with open(fpath) as fh:
+                    for lineno, line in enumerate(fh, start=1):
+                        if _PATTERN.search(line):
+                            matches.append((fpath, lineno, line.rstrip()))
+            except OSError:
+                pass
+    return matches
+
+
+if __name__ == "__main__":
+    for path, line, text in search_functions(_SEARCH_ROOT):
+        print(f"{path}:{line}: {text}")