PyPI - plugin-scanner - Versions diffs - 2.0.131__tar.gz → 2.0.132__tar.gz - Mend

plugin-scanner 2.0.131tar.gz → 2.0.132tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (421) hide show

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.131
+Version: 2.0.132
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "plugin-scanner"
-version = "2.0.131"
+version = "2.0.132"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/pyproject.toml.bak RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "hol-guard"
-version = "2.0.131"
+version = "2.0.132"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/cli/render.py RENAMED Viewed

@@ -1768,6 +1768,15 @@ def _build_approval_table(items: list[dict[str, object]], *, title: str | None)
         table.add_row("—", "—", "No pending approvals", "—", "—", "—", "—")
         return table
     for item in items:
+        approval_url = item.get("approval_url")
+        fallback_cli = item.get("fallback_cli_command")
+        review_cmd = str(item.get("review_command") or "hol-guard approvals")
+        if approval_url and fallback_cli:
+            resolve_text = f"{approval_url}\n  or: {fallback_cli}"
+        elif approval_url:
+            resolve_text = str(approval_url)
+        else:
+            resolve_text = review_cmd
         table.add_row(
             str(item.get("request_id") or "unknown"),
             str(item.get("harness") or "unknown"),
@@ -1775,7 +1784,7 @@ def _build_approval_table(items: list[dict[str, object]], *, title: str | None)
             ", ".join(_coerce_string_list(item.get("changed_fields"))) or "none",
             str(item.get("risk_summary") or "no obvious secret/network signal"),
             _action_text(str(item.get("policy_action") or "warn")),
-            str(item.get("review_command") or "hol-guard approvals"),
+            resolve_text,
         )
     return table

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/daemon/manager.py RENAMED Viewed

@@ -2,6 +2,7 @@
 from __future__ import annotations
+import dataclasses
 import hashlib
 import json
 import os
@@ -33,6 +34,7 @@ _EPHEMERAL_GUARD_DAEMON_STALE_SECONDS = 30.0
 _EPHEMERAL_GUARD_DAEMON_MAX_STATES = 512
 _GUARD_DAEMON_PRIVATE_FILE_MODE = 0o600
 _GUARD_DAEMON_PRIVATE_DIR_MODE = 0o700
+_APPROVAL_CENTER_LOCATOR_FILE = "approval-center-locator.json"
 _START_LOCKS: dict[str, threading.Lock] = {}
 _START_LOCKS_GUARD = threading.Lock()
@@ -40,6 +42,18 @@ _LAST_EPHEMERAL_REAP_AT = 0.0
 _RUNTIME_FINGERPRINT_CACHE: str | None = None
+@dataclasses.dataclass(frozen=True, slots=True)
+class ApprovalCenterLocator:
+    """Structured snapshot of where the Guard approval-center daemon is running."""
+    guard_home: Path
+    daemon_url: str
+    approval_url_base: str
+    pid: int
+    started_at: str
+    state_path: Path
 def _daemon_launcher_env() -> dict[str, str]:
     env = dict(os.environ)
     pythonpath_entries: list[str] = []
@@ -173,6 +187,102 @@ def clear_guard_daemon_state(guard_home: Path) -> None:
     _write_private_text(state_path, "{}")
+def _locator_path(guard_home: Path) -> Path:
+    return guard_home / _APPROVAL_CENTER_LOCATOR_FILE
+def write_approval_center_locator(guard_home: Path, locator: ApprovalCenterLocator) -> None:
+    locator_path = _locator_path(guard_home)
+    _ensure_private_directory(locator_path.parent)
+    payload = {
+        "guard_home": str(locator.guard_home),
+        "daemon_url": locator.daemon_url,
+        "approval_url_base": locator.approval_url_base,
+        "pid": locator.pid,
+        "started_at": locator.started_at,
+        "state_path": str(locator.state_path),
+    }
+    _write_private_text(locator_path, json.dumps(payload, indent=2))
+def read_approval_center_locator(guard_home: Path) -> ApprovalCenterLocator | None:
+    locator_path = _locator_path(guard_home)
+    if not locator_path.is_file():
+        return None
+    try:
+        payload = json.loads(locator_path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return None
+    if not isinstance(payload, dict):
+        return None
+    pid = payload.get("pid")
+    if not isinstance(pid, int) or pid <= 0:
+        return None
+    if not _guard_daemon_pid_is_running(pid):
+        return None
+    if not _guard_daemon_pid_matches_command(pid, expected_guard_home=guard_home):
+        return None
+    daemon_url = payload.get("daemon_url")
+    approval_url_base = payload.get("approval_url_base")
+    started_at = payload.get("started_at")
+    state_path_str = payload.get("state_path")
+    guard_home_str = payload.get("guard_home")
+    if not all(isinstance(v, str) for v in (daemon_url, approval_url_base, started_at, state_path_str, guard_home_str)):
+        return None
+    return ApprovalCenterLocator(
+        guard_home=Path(guard_home_str),
+        daemon_url=daemon_url,
+        approval_url_base=approval_url_base,
+        pid=pid,
+        started_at=started_at,
+        state_path=Path(state_path_str),
+    )
+def _approval_center_daemon_is_healthy(daemon_url: str) -> bool:
+    try:
+        with urllib.request.urlopen(f"{daemon_url}/healthz", timeout=1) as response:
+            if response.status != 200:
+                return False
+            return _healthz_payload_is_current(response.read().decode("utf-8"))
+    except (OSError, ValueError, urllib.error.URLError):
+        return False
+def _daemon_state_pid_matches_locator(guard_home: Path, locator_pid: int) -> bool:
+    state = _load_state(guard_home)
+    if not isinstance(state, dict):
+        return False
+    state_pid = state.get("pid")
+    return isinstance(state_pid, int) and state_pid == locator_pid
+def ensure_approval_center(guard_home: Path) -> ApprovalCenterLocator:
+    existing = read_approval_center_locator(guard_home)
+    if (
+        existing is not None
+        and _approval_center_daemon_is_healthy(existing.daemon_url)
+        and _daemon_state_pid_matches_locator(guard_home, existing.pid)
+    ):
+        return existing
+    daemon_url = ensure_guard_daemon(guard_home)
+    now = datetime.now(tz=timezone.utc).isoformat()
+    state = _load_state(guard_home)
+    pid = state.get("pid") if isinstance(state, dict) else None
+    if not isinstance(pid, int) or pid <= 0:
+        pid = os.getpid()
+    locator = ApprovalCenterLocator(
+        guard_home=guard_home,
+        daemon_url=daemon_url,
+        approval_url_base=daemon_url,
+        pid=pid,
+        started_at=now,
+        state_path=_state_path(guard_home),
+    )
+    write_approval_center_locator(guard_home, locator)
+    return locator
 def _load_state(guard_home: Path) -> dict[str, object] | None:
     state_path = _state_path(guard_home)
     if not state_path.is_file():

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/models.py RENAMED Viewed

@@ -180,6 +180,7 @@ class GuardApprovalRequest:
     risk_headline: str | None = None
     action_envelope_json: dict[str, object] | None = None
     decision_v2_json: dict[str, object] | None = None
+    fallback_cli_command: str | None = None
     def to_dict(self) -> dict[str, object]:
         payload = asdict(self)

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/store.py RENAMED Viewed

@@ -686,6 +686,7 @@ class GuardStore:
             self._ensure_approval_column(connection, "action_envelope_json", "text")
             self._ensure_approval_column(connection, "decision_v2_json", "text")
             self._ensure_approval_column(connection, "workspace", "text")
+            self._ensure_approval_column(connection, "fallback_cli_command", "text")
             self._ensure_attachment_column(connection, "lease_id", "text not null default ''")
             self._ensure_attachment_column(connection, "lease_expires_at", "text")
             self._ensure_local_device(connection)

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/guard/store_approvals.py RENAMED Viewed

@@ -36,6 +36,7 @@ def approval_schema_statement() -> str:
            risk_headline text,
             action_envelope_json text,
             decision_v2_json text,
+            fallback_cli_command text,
             review_command text not null,
            approval_url text not null,
           status text not null,
@@ -70,7 +71,7 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
                 recommended_scope = ?, changed_fields_json = ?, source_scope = ?, config_path = ?, workspace = ?,
                 launch_target = ?, transport = ?, risk_summary = ?, risk_signals_json = ?,
                 artifact_label = ?, source_label = ?, trigger_summary = ?, why_now = ?, launch_summary = ?,
-                risk_headline = ?, action_envelope_json = ?, decision_v2_json = ?,
+                risk_headline = ?, action_envelope_json = ?, decision_v2_json = ?, fallback_cli_command = ?,
                 review_command = ?, approval_url = ?, created_at = ?
             where request_id = ?
             """,
@@ -97,6 +98,11 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
                 request.risk_headline,
                 json.dumps(request.action_envelope_json) if request.action_envelope_json is not None else None,
                 json.dumps(request.decision_v2_json) if request.decision_v2_json is not None else None,
+                (
+                    _rewrite_review_command(request.fallback_cli_command, request_id)
+                    if request.fallback_cli_command
+                    else None
+                ),
                 review_command,
                 approval_url,
                 now,
@@ -111,10 +117,10 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
           recommended_scope, changed_fields_json, source_scope, config_path, workspace,
            launch_target, transport, risk_summary,
            risk_signals_json, artifact_label, source_label, trigger_summary, why_now, launch_summary, risk_headline,
-            action_envelope_json, decision_v2_json, review_command,
+            action_envelope_json, decision_v2_json, fallback_cli_command, review_command,
             approval_url, status, resolution_action, resolution_scope, reason, created_at, resolved_at
           )
-          values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+          values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         """,
         (
             request.request_id,
@@ -142,6 +148,7 @@ def add_approval_request(connection: sqlite3.Connection, request: GuardApprovalR
             request.risk_headline,
             json.dumps(request.action_envelope_json) if request.action_envelope_json is not None else None,
             json.dumps(request.decision_v2_json) if request.decision_v2_json is not None else None,
+            request.fallback_cli_command,
             request.review_command,
             request.approval_url,
             "pending",
@@ -211,7 +218,8 @@ def list_approval_requests(
         select request_id, harness, artifact_id, artifact_name, artifact_type, artifact_hash, publisher, policy_action,
                recommended_scope, changed_fields_json, source_scope, config_path, workspace, launch_target, transport,
                 risk_summary, risk_signals_json, artifact_label, source_label, trigger_summary, why_now,
-                launch_summary, risk_headline, action_envelope_json, decision_v2_json, review_command,
+                launch_summary, risk_headline, action_envelope_json, decision_v2_json,
+                fallback_cli_command, review_command,
                 approval_url, status, resolution_action, resolution_scope, reason, created_at, resolved_at
         from approval_requests
         {where_clause}
@@ -230,7 +238,8 @@ def get_approval_request(connection: sqlite3.Connection, request_id: str) -> dic
         select request_id, harness, artifact_id, artifact_name, artifact_type, artifact_hash, publisher, policy_action,
                recommended_scope, changed_fields_json, source_scope, config_path, workspace, launch_target, transport,
                 risk_summary, risk_signals_json, artifact_label, source_label, trigger_summary, why_now,
-                launch_summary, risk_headline, action_envelope_json, decision_v2_json, review_command,
+                launch_summary, risk_headline, action_envelope_json, decision_v2_json,
+                fallback_cli_command, review_command,
                 approval_url, status, resolution_action, resolution_scope, reason, created_at, resolved_at
         from approval_requests
         where request_id = ?
@@ -311,6 +320,7 @@ def _row_to_payload(row: sqlite3.Row) -> dict[str, object]:
         "risk_headline": row["risk_headline"],
         "action_envelope_json": _optional_json_object(row["action_envelope_json"]),
         "decision_v2_json": _optional_json_object(row["decision_v2_json"]),
+        "fallback_cli_command": row["fallback_cli_command"],
         "review_command": str(row["review_command"]),
         "approval_url": str(row["approval_url"]),
         "status": str(row["status"]),

{plugin_scanner-2.0.131 → plugin_scanner-2.0.132}/src/codex_plugin_scanner/version.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Single source of truth for tool version."""
-__version__ = "2.0.131"
+__version__ = "2.0.132"

plugin-scanner 2.0.131__tar.gz → 2.0.132__tar.gz

plugin-scanner 2.0.131tar.gz → 2.0.132tar.gz