plugin-scanner 2.0.143__tar.gz → 2.0.145__tar.gz

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.143
+Version: 2.0.145
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/src/approval-center-layout.tsx

@@ -139,7 +139,7 @@ export function ApprovalCenterLayout(props: LayoutProps) {
           <div className="mx-auto max-w-6xl">
             {props.view === "home" ? (
               <>
-                <RuntimeBanner runtime={props.runtime} />
+                <RuntimeBanner runtime={props.runtime} inventory={props.inventory} />
                 {props.homeContent}
               </>
             ) : props.view === "evidence" ? (
@@ -168,7 +168,7 @@ export function ApprovalCenterLayout(props: LayoutProps) {
   );
 }
 
-function RuntimeBanner(props: { runtime: RuntimeState }) {
+function RuntimeBanner(props: { runtime: RuntimeState; inventory: GuardInventoryItem[] }) {
   if (props.runtime.kind === "loading") {
     return <div className="mb-6 guard-skeleton h-20 w-full" />;
   }

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/src/guard-api.test.ts

@@ -1,8 +1,11 @@
 import {
   buildDemoRuntimeSnapshot,
+  fetchApprovalPage,
+  fetchQueueSummary,
   normalizeApprovalRequest,
   parseActionEnvelope,
-  parseDecisionV2
+  parseDecisionV2,
+  resolveRequestWithQueueResult
 } from "./guard-api";
 import { resolveCloudSyncHealthCopy } from "./runtime-overview";
 import {
@@ -403,3 +406,175 @@ const requestWithMixedSignals: GuardApprovalRequest = {
 };
 const mixedEvidence = deriveDataFlowEvidence(requestWithMixedSignals);
 assert(mixedEvidence !== null && mixedEvidence.count === 2, "T094: count reflects only data-flow signals, not unrelated ones");
+
+type RecordedFetch = {
+  url: string;
+  init?: RequestInit;
+};
+
+type StorageShape = {
+  getItem(key: string): string | null;
+  setItem(key: string, value: string): void;
+  removeItem(key: string): void;
+  clear(): void;
+  key(index: number): string | null;
+  readonly length: number;
+};
+
+function installGuardWindow(search: string): void {
+  const storage = new Map<string, string>();
+  const sessionStorage: StorageShape = {
+    getItem(key: string): string | null {
+      return storage.get(key) ?? null;
+    },
+    setItem(key: string, value: string): void {
+      storage.set(key, value);
+    },
+    removeItem(key: string): void {
+      storage.delete(key);
+    },
+    clear(): void {
+      storage.clear();
+    },
+    key(index: number): string | null {
+      return Array.from(storage.keys())[index] ?? null;
+    },
+    get length(): number {
+      return storage.size;
+    }
+  };
+  Object.defineProperty(globalThis, "window", {
+    configurable: true,
+    value: {
+      location: {
+        origin: "http://127.0.0.1:4174",
+        pathname: "/",
+        search,
+        hash: ""
+      },
+      sessionStorage
+    }
+  });
+}
+
+function installFetchStub(payloads: Record<string, object>): RecordedFetch[] {
+  const calls: RecordedFetch[] = [];
+  globalThis.fetch = async (input: RequestInfo | URL, init?: RequestInit): Promise<Response> => {
+    const url = input instanceof Request ? input.url : String(input);
+    calls.push({ url, init });
+    const parsed = new URL(url, "http://127.0.0.1:4174");
+    const payload = payloads[parsed.pathname] ?? payloads[`${parsed.pathname}${parsed.search}`];
+    if (!payload) {
+      return new Response(JSON.stringify({ error: "not_found" }), { status: 404 });
+    }
+    return new Response(JSON.stringify(payload), {
+      status: 200,
+      headers: { "Content-Type": "application/json" }
+    });
+  };
+  return calls;
+}
+
+function headerValue(init: RequestInit | undefined, key: string): string | null {
+  return new Headers(init?.headers).get(key);
+}
+
+const pageItem: GuardApprovalRequest = {
+  ...BASE_REQUEST,
+  request_id: "req-page",
+  harness: "copilot",
+  action_envelope_json: BASE_ENVELOPE,
+  decision_v2_json: BASE_DECISION_V2
+};
+
+installGuardWindow("?guard-token=token-queue&guardDaemon=http%3A%2F%2F127.0.0.1%3A4781");
+const fetchApprovalCalls = installFetchStub({
+  "/v1/requests": {
+    items: [pageItem],
+    next_cursor: "cursor-two",
+    total_pending_count: 3,
+    total_count: 7,
+    status: "all"
+  }
+});
+
+const approvalPage = await fetchApprovalPage({
+  status: "all",
+  harness: "copilot",
+  search: "plugin secret",
+  cursor: "cursor-one",
+  limit: 25
+});
+const approvalUrl = new URL(fetchApprovalCalls[0].url);
+
+assert(approvalUrl.origin === "http://127.0.0.1:4781", "L078: fetchApprovalPage targets local Guard daemon origin");
+assert(approvalUrl.searchParams.get("status") === "all", "L078: fetchApprovalPage forwards status filter");
+assert(approvalUrl.searchParams.get("harness") === "copilot", "L078: fetchApprovalPage forwards harness filter");
+assert(approvalUrl.searchParams.get("search") === "plugin secret", "L078: fetchApprovalPage forwards search filter");
+assert(approvalUrl.searchParams.get("cursor") === "cursor-one", "L078: fetchApprovalPage forwards cursor");
+assert(approvalUrl.searchParams.get("limit") === "25", "L078: fetchApprovalPage forwards limit");
+assert(headerValue(fetchApprovalCalls[0].init, "X-Guard-Token") === "token-queue", "L078: fetchApprovalPage sends Guard token");
+assert(approvalPage.items[0].action_envelope_json?.action_id === "act-abc123", "L078: fetchApprovalPage normalizes action envelope");
+assert(approvalPage.items[0].decision_v2_json?.user_title === "Wants to read a credential file", "L078: fetchApprovalPage normalizes decision v2");
+assert(approvalPage.next_cursor === "cursor-two", "L078: fetchApprovalPage returns next cursor");
+assert(approvalPage.total_pending_count === 3, "L078: fetchApprovalPage returns pending total");
+assert(approvalPage.total_count === 7, "L078: fetchApprovalPage returns filtered total");
+
+installGuardWindow("?guard-token=token-runtime&guardDaemon=http%3A%2F%2F127.0.0.1%3A4781");
+const fetchQueueCalls = installFetchStub({
+  "/v1/runtime": {
+    ...snapshot,
+    queue_summary: {
+      active_request_id: "req-active",
+      next_request_id: "req-next",
+      remaining_pending_count: 2,
+      next_selectable_request_id: "req-next"
+    }
+  }
+});
+
+const queueSummary = await fetchQueueSummary({ activeRequestId: "req-active" });
+const runtimeUrl = new URL(fetchQueueCalls[0].url);
+
+assert(runtimeUrl.searchParams.get("active_request_id") === "req-active", "L079: fetchQueueSummary forwards active request id");
+assert(queueSummary.remaining_pending_count === 2, "L079: fetchQueueSummary returns queue count");
+assert(queueSummary.next_selectable_request_id === "req-next", "L079: fetchQueueSummary returns next selectable id");
+
+installGuardWindow("?guard-token=token-resolve&guardDaemon=http%3A%2F%2F127.0.0.1%3A4781");
+const fetchResolveCalls = installFetchStub({
+  "/v1/requests/req-active/approve": {
+    resolved: true,
+    item: { ...pageItem, request_id: "req-active", status: "resolved" },
+    resolved_request: { ...pageItem, request_id: "req-active", status: "resolved" },
+    remaining_pending_count: 1,
+    next_selectable_request_id: "req-next",
+    remaining_pending_summaries: [{ ...pageItem, request_id: "req-next" }],
+    resolved_duplicate_ids: ["req-dupe"],
+    resolution_summary: "Decision saved. 1 blocked action remains.",
+    retry_hint: "Retry the action in your AI assistant if you approved it.",
+    copy: {
+      title: "Approved. Retry in chat.",
+      body: "Return to Copilot and retry."
+    }
+  }
+});
+
+const resolution = await resolveRequestWithQueueResult({
+  requestId: "req-active",
+  action: "allow",
+  scope: "artifact",
+  workspace: "/workspace",
+  reason: "reviewed"
+});
+const resolveBody = JSON.parse(String(fetchResolveCalls[0].init?.body)) as Record<string, unknown>;
+
+assert(fetchResolveCalls[0].url === "http://127.0.0.1:4781/v1/requests/req-active/approve", "L077: resolveRequestWithQueueResult posts to approve route");
+assert(headerValue(fetchResolveCalls[0].init, "X-Guard-Token") === "token-resolve", "L077: resolveRequestWithQueueResult sends Guard token");
+assert(resolveBody["scope"] === "artifact", "L077: resolveRequestWithQueueResult sends scope");
+assert(resolveBody["workspace"] === "/workspace", "L077: resolveRequestWithQueueResult sends workspace");
+assert(resolveBody["reason"] === "reviewed", "L077: resolveRequestWithQueueResult sends reason");
+assert(resolution.remaining_pending_count === 1, "L077: resolveRequestWithQueueResult returns remaining count");
+assert(resolution.next_selectable_request_id === "req-next", "L077: resolveRequestWithQueueResult returns next selectable id");
+assert(resolution.remaining_pending_summaries[0].request_id === "req-next", "L077: resolveRequestWithQueueResult normalizes remaining summaries");
+assert(resolution.resolved_request?.status === "resolved", "L077: resolveRequestWithQueueResult normalizes resolved request");
+assert(resolution.resolved_duplicate_ids[0] === "req-dupe", "L077: resolveRequestWithQueueResult returns duplicate ids");

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/src/guard-api.ts

@@ -9,11 +9,17 @@ import {
 import type {
   GuardActionEnvelope,
   GuardActionType,
+  GuardApprovalPage,
+  GuardApprovalPageFilters,
+  GuardApprovalPageStatus,
   GuardApprovalRequest,
   GuardArtifactDiff,
   GuardDecisionV2,
   GuardInventoryItem,
   GuardPolicyDecision,
+  GuardQueueResolutionCopy,
+  GuardQueueResolutionResult,
+  GuardQueueSummary,
   GuardReceipt,
   GuardRuntimeSnapshot,
   GuardSettingsPayload,
@@ -42,10 +48,27 @@ type RawGuardApprovalRequest = Omit<GuardApprovalRequest, "action_envelope_json"
 
 type ApprovalRequestListPayload = {
   items?: RawGuardApprovalRequest[] | null;
+  next_cursor?: unknown;
+  total_pending_count?: unknown;
+  total_count?: unknown;
+  status?: unknown;
 };
 
 type RuntimeSnapshotPayload = Omit<GuardRuntimeSnapshot, "items"> & {
   items?: RawGuardApprovalRequest[] | null;
+  queue_summary?: unknown;
+};
+
+type QueueResolutionPayload = Omit<
+  GuardQueueResolutionResult,
+  "item" | "resolved_request" | "remaining_pending_summaries" | "resolved_duplicate_ids" | "resolved_scope_ids" | "copy"
+> & {
+  item?: RawGuardApprovalRequest | null;
+  resolved_request?: RawGuardApprovalRequest | null;
+  remaining_pending_summaries?: RawGuardApprovalRequest[] | null;
+  resolved_duplicate_ids?: unknown;
+  resolved_scope_ids?: unknown;
+  copy?: unknown;
 };
 
 async function readJson<T>(input: RequestInfo, init?: RequestInit): Promise<T> {
@@ -171,10 +194,18 @@ function isStringArray(value: unknown): value is string[] {
   return Array.isArray(value) && value.every((item): item is string => typeof item === "string");
 }
 
+function isNonNegativeNumber(value: unknown): value is number {
+  return typeof value === "number" && Number.isFinite(value) && value >= 0;
+}
+
 function isNonEmptyString(value: unknown): value is string {
   return typeof value === "string" && value.trim().length > 0;
 }
 
+function isApprovalPageStatus(value: unknown): value is GuardApprovalPageStatus {
+  return value === "pending" || value === "resolved" || value === "all";
+}
+
 export function parseActionEnvelope(raw: unknown): GuardActionEnvelope | null {
   if (!isRecord(raw)) {
     return null;
@@ -350,12 +381,117 @@ function normalizeApprovalRequests(items: RawGuardApprovalRequest[] | null | und
   return items.map(normalizeApprovalRequest);
 }
 
+function normalizeOptionalApprovalRequest(item: RawGuardApprovalRequest | null | undefined): GuardApprovalRequest | null {
+  return isRecord(item) ? normalizeApprovalRequest(item) : null;
+}
+
+function normalizeApprovalPage(
+  payload: ApprovalRequestListPayload,
+  statusFallback: GuardApprovalPageStatus = "pending"
+): GuardApprovalPage {
+  return {
+    items: normalizeApprovalRequests(payload.items),
+    next_cursor: isStringOrNull(payload.next_cursor) ? payload.next_cursor : null,
+    total_pending_count: isNonNegativeNumber(payload.total_pending_count) ? payload.total_pending_count : 0,
+    total_count: isNonNegativeNumber(payload.total_count) ? payload.total_count : 0,
+    status: isApprovalPageStatus(payload.status) ? payload.status : statusFallback
+  };
+}
+
+function normalizeQueueSummary(raw: unknown, pendingCount: number): GuardQueueSummary {
+  if (!isRecord(raw)) {
+    return {
+      active_request_id: null,
+      next_request_id: null,
+      remaining_pending_count: pendingCount,
+      next_selectable_request_id: null
+    };
+  }
+  const remainingPendingCount = raw["remaining_pending_count"];
+  return {
+    active_request_id: isStringOrNull(raw["active_request_id"]) ? raw["active_request_id"] : null,
+    next_request_id: isStringOrNull(raw["next_request_id"]) ? raw["next_request_id"] : null,
+    remaining_pending_count: isNonNegativeNumber(remainingPendingCount) ? remainingPendingCount : pendingCount,
+    next_selectable_request_id: isStringOrNull(raw["next_selectable_request_id"]) ? raw["next_selectable_request_id"] : null
+  };
+}
+
+function normalizeQueueCopy(raw: unknown): GuardQueueResolutionCopy | null {
+  if (!isRecord(raw)) {
+    return null;
+  }
+  const title = raw["title"];
+  const body = raw["body"];
+  if (typeof title !== "string" || typeof body !== "string") {
+    return null;
+  }
+  return { title, body };
+}
+
+function normalizeQueueResolution(payload: QueueResolutionPayload): GuardQueueResolutionResult {
+  return {
+    resolved: payload.resolved === true,
+    item: normalizeOptionalApprovalRequest(payload.item),
+    resolved_request: normalizeOptionalApprovalRequest(payload.resolved_request),
+    remaining_pending_count: isNonNegativeNumber(payload.remaining_pending_count) ? payload.remaining_pending_count : 0,
+    next_selectable_request_id: isStringOrNull(payload.next_selectable_request_id)
+      ? payload.next_selectable_request_id
+      : null,
+    remaining_pending_summaries: normalizeApprovalRequests(payload.remaining_pending_summaries),
+    resolved_duplicate_ids: isStringArray(payload.resolved_duplicate_ids) ? payload.resolved_duplicate_ids : [],
+    resolved_scope_ids: isStringArray(payload.resolved_scope_ids) ? payload.resolved_scope_ids : undefined,
+    resolution_summary: typeof payload.resolution_summary === "string" ? payload.resolution_summary : "",
+    retry_hint: isStringOrNull(payload.retry_hint) ? payload.retry_hint : null,
+    copy: normalizeQueueCopy(payload.copy)
+  };
+}
+
+function queueSearchParams(input: GuardApprovalPageFilters): URLSearchParams {
+  const params = new URLSearchParams();
+  if (input.status) {
+    params.set("status", input.status);
+  }
+  if (input.harness) {
+    params.set("harness", input.harness);
+  }
+  if (input.search) {
+    params.set("search", input.search);
+  }
+  if (input.cursor) {
+    params.set("cursor", input.cursor);
+  }
+  if (typeof input.limit === "number") {
+    params.set("limit", String(input.limit));
+  }
+  return params;
+}
+
+function queuePath(basePath: string, params: URLSearchParams): string {
+  const query = params.toString();
+  return query ? `${basePath}?${query}` : basePath;
+}
+
 export async function fetchRequests(): Promise<GuardApprovalRequest[]> {
   if (isGuardDemoMode()) {
     return getDemoRequests();
   }
-  const payload = await readJson<ApprovalRequestListPayload>("/v1/requests");
-  return normalizeApprovalRequests(payload.items);
+  const page = await fetchApprovalPage();
+  return page.items;
+}
+
+export async function fetchApprovalPage(input: GuardApprovalPageFilters = {}): Promise<GuardApprovalPage> {
+  if (isGuardDemoMode()) {
+    const items = getDemoRequests();
+    return {
+      items,
+      next_cursor: null,
+      total_pending_count: items.filter((item) => item.status === "pending").length,
+      total_count: items.length,
+      status: input.status ?? "pending"
+    };
+  }
+  const payload = await readJson<ApprovalRequestListPayload>(queuePath("/v1/requests", queueSearchParams(input)));
+  return normalizeApprovalPage(payload, input.status ?? "pending");
 }
 
 export async function fetchRuntimeSnapshot(): Promise<GuardRuntimeSnapshot> {
@@ -363,7 +499,23 @@ export async function fetchRuntimeSnapshot(): Promise<GuardRuntimeSnapshot> {
     return buildDemoRuntimeSnapshot();
   }
   const snapshot = await readJson<RuntimeSnapshotPayload>("/v1/runtime");
-  return { ...snapshot, items: normalizeApprovalRequests(snapshot.items) };
+  return {
+    ...snapshot,
+    items: normalizeApprovalRequests(snapshot.items),
+    queue_summary: normalizeQueueSummary(snapshot.queue_summary, snapshot.pending_count)
+  };
+}
+
+export async function fetchQueueSummary(input: { activeRequestId?: string } = {}): Promise<GuardQueueSummary> {
+  if (isGuardDemoMode()) {
+    return buildDemoRuntimeSnapshot().queue_summary ?? normalizeQueueSummary(null, getDemoRequests().length);
+  }
+  const params = new URLSearchParams();
+  if (input.activeRequestId) {
+    params.set("active_request_id", input.activeRequestId);
+  }
+  const snapshot = await readJson<RuntimeSnapshotPayload>(queuePath("/v1/runtime", params));
+  return normalizeQueueSummary(snapshot.queue_summary, snapshot.pending_count);
 }
 
 export function buildDemoRuntimeSnapshot(): GuardRuntimeSnapshot {
@@ -424,6 +576,12 @@ export function buildDemoRuntimeSnapshot(): GuardRuntimeSnapshot {
     fleet_url: fleetUrl,
     connect_url: connectUrl,
     items: demoRequests,
+    queue_summary: {
+      active_request_id: null,
+      next_request_id: demoRequests[0]?.request_id ?? null,
+      remaining_pending_count: demoRequests.length,
+      next_selectable_request_id: demoRequests[0]?.request_id ?? null
+    },
     latest_receipts: demoReceipts.slice(0, 10)
   };
 }
@@ -592,11 +750,32 @@ export async function resolveRequest(input: {
   workspace?: string;
   reason: string;
 }): Promise<void> {
+  await resolveRequestWithQueueResult(input);
+}
+
+export async function resolveRequestWithQueueResult(input: {
+  requestId: string;
+  action: "allow" | "block";
+  scope: string;
+  workspace?: string;
+  reason: string;
+}): Promise<GuardQueueResolutionResult> {
   if (isGuardDemoMode()) {
-    return;
+    return {
+      resolved: true,
+      item: null,
+      resolved_request: null,
+      remaining_pending_count: 0,
+      next_selectable_request_id: null,
+      remaining_pending_summaries: [],
+      resolved_duplicate_ids: [],
+      resolution_summary: "Decision saved.",
+      retry_hint: null,
+      copy: null
+    };
   }
   const actionPath = input.action === "allow" ? "approve" : "block";
-  await readJson(`/v1/requests/${encodeURIComponent(input.requestId)}/${actionPath}`, {
+  const payload = await readJson<QueueResolutionPayload>(`/v1/requests/${encodeURIComponent(input.requestId)}/${actionPath}`, {
     method: "POST",
     headers: {
       "Content-Type": "application/json",
@@ -609,6 +788,7 @@ export async function resolveRequest(input: {
       reason: input.reason || undefined
     })
   });
+  return normalizeQueueResolution(payload);
 }
 
 export async function clearEvidence(): Promise<void> {
@@ -642,4 +822,3 @@ export async function repairApprovalCenter(): Promise<{ repaired: boolean; clear
   }
   return response.json() as Promise<{ repaired: boolean; cleared: string[] }>;
 }
-

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/src/guard-demo.ts

@@ -112,7 +112,8 @@ const demoDiff: GuardArtifactDiff = {
 };
 
 export function isGuardDemoMode(): boolean {
-  if (!import.meta.env.DEV) {
+  const meta = import.meta as ImportMeta & { env?: { DEV?: boolean } };
+  if (meta.env?.DEV !== true) {
     return false;
   }
   return new URLSearchParams(window.location.search).get("demo") === "1";

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/src/guard-types.ts

@@ -131,6 +131,55 @@ export type GuardApprovalRequest = {
   resolved_at: string | null;
   action_envelope_json?: GuardActionEnvelope | null;
   decision_v2_json?: GuardDecisionV2 | null;
+  action_identity?: string | null;
+  queue_group_id?: string | null;
+  dedupe_count?: number;
+  last_seen_at?: string | null;
+  display_status?: string;
+};
+
+export type GuardApprovalPageStatus = "pending" | "resolved" | "all";
+
+export type GuardApprovalPageFilters = {
+  status?: GuardApprovalPageStatus;
+  harness?: string;
+  search?: string;
+  cursor?: string;
+  limit?: number;
+};
+
+export type GuardApprovalPage = {
+  items: GuardApprovalRequest[];
+  next_cursor: string | null;
+  total_pending_count: number;
+  total_count: number;
+  status: GuardApprovalPageStatus;
+};
+
+export type GuardQueueSummary = {
+  active_request_id: string | null;
+  next_request_id: string | null;
+  remaining_pending_count: number;
+  next_selectable_request_id: string | null;
+};
+
+export type GuardQueueResolutionCopy = {
+  title: string;
+  body: string;
+};
+
+export type GuardQueueResolutionResult = {
+  resolved: boolean;
+  item: GuardApprovalRequest | null;
+  resolved_request: GuardApprovalRequest | null;
+  remaining_pending_count: number;
+  next_selectable_request_id: string | null;
+  remaining_pending_summaries: GuardApprovalRequest[];
+  resolved_duplicate_ids: string[];
+  resolved_scope_ids?: string[];
+  resolution_summary: string;
+  retry_hint: string | null;
+  copy: GuardQueueResolutionCopy | null;
 };
 
 export type GuardRuntimeState = {
@@ -183,6 +232,7 @@ export type GuardRuntimeSnapshot = {
   fleet_url: string;
   connect_url: string;
   items: GuardApprovalRequest[];
+  queue_summary?: GuardQueueSummary;
   latest_receipts: GuardReceipt[];
   managed_installs?: GuardManagedInstall[];
   inventory?: GuardInventoryItem[];

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/src/runtime-overview.test.ts

@@ -74,7 +74,16 @@ const baseSnapshot: GuardRuntimeSnapshot = {
   cloud_state: "local_only",
   cloud_state_label: "Offline",
   cloud_state_detail: "Running locally.",
-  cloud_pairing_state: { state: "local_only", label: "Offline", detail: "No cloud." },
+  cloud_pairing_state: {
+    state: "local_only",
+    label: "Offline",
+    detail: "No cloud.",
+    sync_configured: false,
+    dashboard_url: "http://localhost:7392",
+    inbox_url: "http://localhost:7392/inbox",
+    fleet_url: "http://localhost:7392/fleet",
+    connect_url: "http://localhost:7392/connect",
+  },
   cloud_sync_health: healthDisabled,
   dashboard_url: "http://localhost:7392",
   inbox_url: "http://localhost:7392/inbox",
@@ -104,4 +113,3 @@ const repairApproval = resolveApprovalCenterHealth(noUrlSnapshot);
 assert(repairApproval.state === "repair_needed", "T738: null approval_center_url should need repair");
 assert(repairApproval.label.toLowerCase().includes("unreachable"), "T738: repair label should mention unreachable");
 assert(repairApproval.detail.toLowerCase().includes("repair"), "T738: repair detail should suggest repair action");
-

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/dashboard/vite.config.ts

@@ -24,6 +24,7 @@ export default defineConfig(({ mode }) => {
       emptyOutDir: true,
       manifest: false,
       sourcemap: false,
+      minify: false,
       rollupOptions: {
         output: {
           entryFileNames: "assets/guard-dashboard.js",

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/docs/guard/approval-audit.md

@@ -66,3 +66,85 @@ The next scanner-side UX upgrades should focus on:
 - richer approval-center presentation
 - live update transport
 - cleaner pause or resume semantics for harnesses that cannot prompt inline
+
+## Queue API contract
+
+`GET /v1/requests` returns a paginated queue page:
+
+```json
+{
+  "items": [
+    {
+      "request_id": "req_123",
+      "harness": "codex",
+      "artifact_id": "codex:project:tool",
+      "artifact_name": "tool",
+      "artifact_type": "mcp_server",
+      "policy_action": "require-reapproval",
+      "source_scope": "project",
+      "config_path": "/workspace/.codex/config.toml",
+      "workspace": "/workspace",
+      "launch_target": "cat ~/.npmrc",
+      "risk_summary": "Shell command can read a local secret file.",
+      "risk_headline": "Secret file access",
+      "action_identity": "{\"version\":\"v1\"}",
+      "queue_group_id": "approval-group:v1:...",
+      "dedupe_count": 1,
+      "created_at": "2026-05-08T10:00:00+00:00",
+      "last_seen_at": "2026-05-08T10:00:00+00:00",
+      "display_status": "pending"
+    }
+  ],
+  "next_cursor": null,
+  "total_pending_count": 1,
+  "total_count": 1,
+  "status": "pending"
+}
+```
+
+Supported query parameters:
+
+- `status`: `pending`, `resolved`, or `all`
+- `harness`: exact harness name
+- `search`: command, prompt excerpt, MCP server/tool, path, or evidence text
+- `cursor`: cursor returned by the previous page
+- `limit`: page size, capped at 200
+
+`POST /v1/requests/<request_id>/approve` and `POST /v1/requests/<request_id>/block` return a queue-aware resolution envelope:
+
+```json
+{
+  "resolved": true,
+  "item": {
+    "request_id": "req_123",
+    "status": "resolved",
+    "resolution_action": "allow",
+    "resolution_scope": "artifact"
+  },
+  "resolved_request": {
+    "request_id": "req_123",
+    "status": "resolved"
+  },
+  "remaining_pending_count": 2,
+  "next_selectable_request_id": "req_456",
+  "remaining_pending_summaries": [],
+  "resolved_duplicate_ids": [],
+  "resolution_summary": "Decision saved. 2 blocked actions remain.",
+  "retry_hint": "Retry the action in your AI assistant if you approved it.",
+  "copy": {
+    "title": "Approved. Retry in chat.",
+    "body": "Return to Codex and retry"
+  }
+}
+```
+
+`GET /v1/runtime` includes `queue_summary` with:
+
+```json
+{
+  "active_request_id": "req_123",
+  "next_request_id": "req_123",
+  "remaining_pending_count": 3,
+  "next_selectable_request_id": "req_123"
+}
+```

{plugin_scanner-2.0.143 → plugin_scanner-2.0.145}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "plugin-scanner"
-version = "2.0.143"
+version = "2.0.145"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"