PyPI - plugin-scanner - Versions diffs - 2.0.139__tar.gz → 2.0.141__tar.gz - Mend

plugin-scanner 2.0.139tar.gz → 2.0.141tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (435) hide show

{plugin_scanner-2.0.139 → plugin_scanner-2.0.141}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.139
+Version: 2.0.141
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.139 → plugin_scanner-2.0.141}/dashboard/src/approval-center-layout.tsx RENAMED Viewed

@@ -22,6 +22,7 @@ import {
   PaginationControls
 } from "./approval-center-primitives";
 import { DataFlowEvidenceCard } from "./data-flow-evidence-card";
+import { SkillRiskCard, SupplyChainRiskCard, DecodedLayerCard } from "./risk-signal-cards";
 import { ReceiptsWorkspace } from "./receipts-workspace";
 import { RuntimeOverview } from "./runtime-overview";
 import {
@@ -662,6 +663,9 @@ function WhatChanged(props: { item: GuardApprovalRequest; diff: GuardArtifactDif
         <p className="text-sm leading-relaxed text-brand-dark/70">{buildStoppedReason(item, receipt)}</p>
         <WhyGuardCares item={item} />
         <DataFlowEvidenceCard item={item} />
+        <SkillRiskCard item={item} />
+        <SupplyChainRiskCard item={item} />
+        <DecodedLayerCard item={item} />
         {policy.length > 0 ? (
           <p className="text-sm leading-relaxed text-brand-dark/70">
             HOL Guard checked {policy.length} saved {policy.length === 1 ? "decision" : "decisions"} before asking you.

{plugin_scanner-2.0.139 → plugin_scanner-2.0.141}/dashboard/src/approval-center-utils.ts RENAMED Viewed

@@ -32,6 +32,20 @@ export function deriveDataFlowEvidence(item: GuardApprovalRequest): DataFlowEvid
   };
 }
+export function deriveSkillRiskSignals(item: GuardApprovalRequest): RiskSignalV2[] {
+  return (item.decision_v2_json?.signals ?? []).filter((s) => s.detector === "skill.content");
+}
+export function deriveSupplyChainRiskSignals(item: GuardApprovalRequest): RiskSignalV2[] {
+  return (item.decision_v2_json?.signals ?? []).filter((s) => s.detector === "supply-chain.content");
+}
+export function deriveEncodedLayerSignals(item: GuardApprovalRequest): RiskSignalV2[] {
+  return (item.decision_v2_json?.signals ?? []).filter(
+    (s) => s.detector === "safe-decode.content" || s.signal_id.startsWith("encoded.")
+  );
+}
 function resolveDataFlowSinkLabel(signal: RiskSignalV2): string {
   if (signal.category === "network") {
     return "Network host";

plugin_scanner-2.0.141/dashboard/src/risk-signal-cards.test.ts ADDED Viewed

@@ -0,0 +1,158 @@
+import {
+  deriveSkillRiskSignals,
+  deriveSupplyChainRiskSignals,
+  deriveEncodedLayerSignals,
+} from "./approval-center-utils";
+import type { GuardApprovalRequest, GuardDecisionV2, RiskSignalV2 } from "./guard-types";
+function assert(condition: boolean, message: string): void {
+  if (!condition) {
+    throw new Error(message);
+  }
+}
+function makeSignal(overrides: Partial<RiskSignalV2>): RiskSignalV2 {
+  return {
+    signal_id: "test-signal",
+    category: "skill",
+    severity: "medium",
+    confidence: "likely",
+    detector: "skill.detector",
+    title: "Test signal",
+    plain_reason: "Test reason",
+    technical_detail: null,
+    evidence_ref: null,
+    redaction_level: "none",
+    false_positive_hint: null,
+    advisory_id: null,
+    ...overrides,
+  };
+}
+function makeDecisionV2(signals: RiskSignalV2[]): GuardDecisionV2 {
+  return {
+    action: "ask",
+    reason: "test",
+    user_title: "Test",
+    user_body: "Body",
+    harness_message: "msg",
+    dashboard_primary_detail: "detail",
+    approval_scopes: ["artifact"],
+    retry_instruction: null,
+    signals,
+    confidence: "likely",
+  };
+}
+const BASE_REQUEST: GuardApprovalRequest = {
+  request_id: "req-risk-test",
+  harness: "claude-code",
+  artifact_id: "claude-code:project:bash",
+  artifact_name: "bash",
+  artifact_type: "command",
+  artifact_hash: "sha256-risk",
+  publisher: null,
+  policy_action: "require-reapproval",
+  recommended_scope: "artifact",
+  changed_fields: [],
+  source_scope: "project",
+  config_path: "./claude.json",
+  launch_target: null,
+  transport: null,
+  review_command: "hol-guard approvals approve req-risk-test",
+  approval_url: "http://127.0.0.1:4781/approvals/req-risk-test",
+  status: "pending",
+  resolution_action: null,
+  resolution_scope: null,
+  reason: null,
+  created_at: "2026-04-11T12:00:00Z",
+  resolved_at: null,
+  action_envelope_json: null,
+};
+const skillSignal = makeSignal({ signal_id: "skill-001", category: "execution", detector: "skill.content", title: "Skill risk" });
+const scSignal = makeSignal({ signal_id: "sc-001", category: "secret", detector: "supply-chain.content", title: "SC risk" });
+const encodedSignal = makeSignal({ signal_id: "encoded.code-execution", category: "execution", detector: "safe-decode.content", title: "Encoded payload" });
+const networkSignal = makeSignal({ signal_id: "net-001", category: "network", title: "Network risk" });
+const requestWithAll: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  decision_v2_json: makeDecisionV2([skillSignal, scSignal, encodedSignal, networkSignal]),
+};
+const requestEmpty: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  decision_v2_json: makeDecisionV2([networkSignal]),
+};
+const requestNoDecision: GuardApprovalRequest = { ...BASE_REQUEST };
+assert(
+  deriveSkillRiskSignals(requestWithAll).length === 1,
+  "T282: deriveSkillRiskSignals returns exactly skill-detector signals"
+);
+assert(
+  deriveSkillRiskSignals(requestWithAll)[0].signal_id === "skill-001",
+  "T282: deriveSkillRiskSignals returns the correct signal"
+);
+assert(
+  deriveSkillRiskSignals(requestEmpty).length === 0,
+  "T282: deriveSkillRiskSignals returns empty array when no skill signals"
+);
+assert(
+  deriveSkillRiskSignals(requestNoDecision).length === 0,
+  "T282: deriveSkillRiskSignals returns empty array when decision_v2_json absent"
+);
+assert(
+  deriveSupplyChainRiskSignals(requestWithAll).length === 1,
+  "T317: deriveSupplyChainRiskSignals returns exactly supply-chain-detector signals"
+);
+assert(
+  deriveSupplyChainRiskSignals(requestWithAll)[0].signal_id === "sc-001",
+  "T317: deriveSupplyChainRiskSignals returns the correct signal"
+);
+assert(
+  deriveSupplyChainRiskSignals(requestEmpty).length === 0,
+  "T317: deriveSupplyChainRiskSignals returns empty array when no supply-chain signals"
+);
+assert(
+  deriveSupplyChainRiskSignals(requestNoDecision).length === 0,
+  "T317: deriveSupplyChainRiskSignals returns empty array when decision_v2_json absent"
+);
+assert(
+  deriveEncodedLayerSignals(requestWithAll).length === 1,
+  "T349: deriveEncodedLayerSignals returns exactly safe-decode-detector signals"
+);
+assert(
+  deriveEncodedLayerSignals(requestWithAll)[0].signal_id === "encoded.code-execution",
+  "T349: deriveEncodedLayerSignals returns the correct signal"
+);
+assert(
+  deriveEncodedLayerSignals(requestEmpty).length === 0,
+  "T349: deriveEncodedLayerSignals returns empty array when no encoded signals"
+);
+assert(
+  deriveEncodedLayerSignals(requestNoDecision).length === 0,
+  "T349: deriveEncodedLayerSignals returns empty array when decision_v2_json absent"
+);
+const multiSkillRequest: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  decision_v2_json: makeDecisionV2([
+    makeSignal({ signal_id: "skill-a", category: "execution", detector: "skill.content" }),
+    makeSignal({ signal_id: "skill-b", category: "secret", detector: "skill.content" }),
+    networkSignal,
+  ]),
+};
+assert(
+  deriveSkillRiskSignals(multiSkillRequest).length === 2,
+  "T282: deriveSkillRiskSignals returns all skill signals when multiple exist"
+);
+assert(
+  deriveSkillRiskSignals(multiSkillRequest).every((s) => s.detector === "skill.content"),
+  "T282: deriveSkillRiskSignals never returns non-skill-detector signals"
+);
+console.log("risk-signal-cards: all assertions passed");

plugin_scanner-2.0.141/dashboard/src/risk-signal-cards.tsx ADDED Viewed

@@ -0,0 +1,139 @@
+import { deriveSkillRiskSignals, deriveSupplyChainRiskSignals, deriveEncodedLayerSignals } from "./approval-center-utils";
+import { SectionLabel } from "./approval-center-primitives";
+import type { GuardApprovalRequest, RiskSignalV2 } from "./guard-types";
+type SkillRiskCardProps = {
+  item: GuardApprovalRequest;
+};
+export function SkillRiskCard(props: SkillRiskCardProps) {
+  const skillSignals = deriveSkillRiskSignals(props.item);
+  if (skillSignals.length === 0) return null;
+  return (
+    <div
+      className="rounded-xl border border-amber-200/60 bg-amber-50/60 p-4"
+      aria-label="Skill risk details"
+    >
+      <SectionLabel>Skill risk</SectionLabel>
+      <ul className="mt-3 space-y-3">
+        {skillSignals.map((signal) => (
+          <SkillSignalRow key={signal.signal_id} signal={signal} />
+        ))}
+      </ul>
+    </div>
+  );
+}
+type SkillSignalRowProps = {
+  signal: RiskSignalV2;
+};
+function SkillSignalRow(props: SkillSignalRowProps) {
+  const { signal } = props;
+  return (
+    <li className="space-y-1">
+      <p className="text-sm font-semibold text-brand-dark">{signal.title}</p>
+      <p className="text-sm leading-relaxed text-brand-dark/70">{signal.plain_reason}</p>
+      {signal.technical_detail !== null ? (
+        <p className="font-mono text-[11px] text-muted-foreground break-all">{signal.technical_detail}</p>
+      ) : null}
+      {signal.false_positive_hint !== null ? (
+        <p className="text-xs leading-5 text-amber-700/80">
+          <span className="font-semibold">Might be safe if: </span>
+          {signal.false_positive_hint}
+        </p>
+      ) : null}
+    </li>
+  );
+}
+type SupplyChainRiskCardProps = {
+  item: GuardApprovalRequest;
+};
+export function SupplyChainRiskCard(props: SupplyChainRiskCardProps) {
+  const scSignals = deriveSupplyChainRiskSignals(props.item);
+  const isSupplyChainArtifact =
+    props.item.artifact_type === "supply_chain" ||
+    props.item.artifact_type === "package_request" ||
+    (typeof props.item.artifact_type === "string" && props.item.artifact_type.endsWith("_package"));
+  if (scSignals.length === 0 && !isSupplyChainArtifact) return null;
+  return (
+    <div
+      className="rounded-xl border border-orange-200/60 bg-orange-50/60 p-4"
+      aria-label="Supply-chain risk"
+    >
+      <SectionLabel>Supply-chain risk</SectionLabel>
+      {scSignals.length > 0 ? (
+        <ul className="mt-3 space-y-3">
+          {scSignals.map((signal) => (
+            <SupplyChainSignalRow key={signal.signal_id} signal={signal} />
+          ))}
+        </ul>
+      ) : (
+        <p className="mt-2 text-sm leading-relaxed text-brand-dark/70">
+          This action originates from a supply-chain artifact. Verify the publisher and version before approving.
+        </p>
+      )}
+    </div>
+  );
+}
+type SupplyChainSignalRowProps = {
+  signal: RiskSignalV2;
+};
+function SupplyChainSignalRow(props: SupplyChainSignalRowProps) {
+  const { signal } = props;
+  return (
+    <li className="space-y-1">
+      <p className="text-sm font-semibold text-brand-dark">{signal.title}</p>
+      <p className="text-sm leading-relaxed text-brand-dark/70">{signal.plain_reason}</p>
+      {signal.advisory_id !== null ? (
+        <p className="font-mono text-[11px] text-brand-purple">{signal.advisory_id}</p>
+      ) : null}
+      {signal.false_positive_hint !== null ? (
+        <p className="text-xs leading-5 text-orange-700/80">
+          <span className="font-semibold">Might be safe if: </span>
+          {signal.false_positive_hint}
+        </p>
+      ) : null}
+    </li>
+  );
+}
+type DecodedLayerCardProps = {
+  item: GuardApprovalRequest;
+};
+export function DecodedLayerCard(props: DecodedLayerCardProps) {
+  const encodedSignals = deriveEncodedLayerSignals(props.item);
+  if (encodedSignals.length === 0) return null;
+  const primary = encodedSignals[0];
+  const extraCount = Math.max(0, (() => {
+    const m = /Decoded (\d+) encoding layer/i.exec(primary.plain_reason ?? "");
+    return m != null ? parseInt(m[1], 10) - 1 : encodedSignals.length - 1;
+  })());
+  return (
+    <div
+      className="rounded-xl border border-rose-200/60 bg-rose-50/60 p-4"
+      aria-label="Decoded-layer evidence"
+    >
+      <SectionLabel>Encoded payload detected</SectionLabel>
+      <p className="mt-2 text-sm leading-relaxed text-brand-dark/80">{primary.plain_reason}</p>
+      {primary.technical_detail !== null ? (
+        <p className="mt-1 font-mono text-[11px] text-muted-foreground break-all">
+          {primary.technical_detail}
+        </p>
+      ) : null}
+      {primary.evidence_ref !== null ? (
+        <p className="mt-2 font-mono text-[11px] text-rose-700/70 break-all">{primary.evidence_ref}</p>
+      ) : null}
+      {extraCount > 0 ? (
+        <p className="mt-1 text-xs text-muted-foreground">
+          {`and ${extraCount} more encoded ${extraCount === 1 ? "layer" : "layers"}`}
+        </p>
+      ) : null}
+    </div>
+  );
+}

plugin_scanner-2.0.141/docs/guard/release-notes.md ADDED Viewed

@@ -0,0 +1,37 @@
+# HOL Guard Release Notes
+Release notes document user-visible changes, false-positive improvements, and paid-feature additions.
+Update this file for every release that touches a Guard integration path.
+---
+## Unreleased
+### False-positive improvements (T647)
+- **Supply-chain artifact fallback** — `SupplyChainRiskCard` now matches `package_request`
+  and any `*_package` artifact type in addition to the original `supply_chain` value,
+  eliminating spurious "no risk signals" cards for npm/PyPI requests.
+- **Encoded-layer count** — `DecodedLayerCard` now reads the true layer count from the
+  detector `plain_reason` field (e.g., "Decoded 3 encoding layer(s)") instead of counting
+  signal list length, so multi-layer exfil is accurately reported rather than shown as
+  "0 additional layers".
+- **Detector registry cached across hook calls** — The default detector registry is now
+  lazily initialised once per process and reused, reducing per-hook construction overhead.
+### Cloud advisory paid sync (T648)
+Advisory bundles are signed by the HOL advisory service and verified locally before use.
+The free plan receives a graceful 403 fallback with a local-only warning; no advisory data
+is sent to the server during sync. Run `hol-guard advisories sync` to pull the latest bundle.
+### Settings presets (T649)
+Four one-click security presets — **Gentle**, **Balanced**, **Strict**, and **Paranoid** —
+are available from the Settings page. Choosing a preset applies a curated `risk_actions`
+profile. Custom overrides survive a preset switch unless explicitly cleared.
+### Dashboard scale (T650)
+The approval center and evidence log now paginate at 50 items per page. Large workspaces
+with thousands of receipts will no longer cause the dashboard to stall on load.

{plugin_scanner-2.0.139 → plugin_scanner-2.0.141}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "plugin-scanner"
-version = "2.0.139"
+version = "2.0.141"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.139 → plugin_scanner-2.0.141}/pyproject.toml.bak RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "hol-guard"
-version = "2.0.139"
+version = "2.0.141"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

plugin-scanner 2.0.139__tar.gz → 2.0.141__tar.gz

plugin-scanner 2.0.139tar.gz → 2.0.141tar.gz