plugin-scanner 2.0.148__tar.gz → 2.0.149__tar.gz

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plugin-scanner
-Version: 2.0.148
+Version: 2.0.149
 Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
 Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
 Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "plugin-scanner"
-version = "2.0.148"
+version = "2.0.149"
 description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/pyproject.toml.bak

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "hol-guard"
-version = "2.0.148"
+version = "2.0.149"
 description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
 readme = "README.md"
 license = "Apache-2.0"

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/src/codex_plugin_scanner/guard/approvals.py

@@ -98,6 +98,7 @@ def queue_blocked_approvals(
             risk_headline=incident["risk_headline"],
             action_envelope_json=_item_action_envelope_json(item),
             decision_v2_json=_item_decision_v2_json(item),
+            scanner_evidence=_item_scanner_evidence(item),
         )
         persisted_request_id = store.add_approval_request(request, timestamp)
         if persisted_request_id != request.request_id:
@@ -433,6 +434,13 @@ def _item_decision_v2_json(item: dict[str, object]) -> dict[str, object] | None:
     return {str(key): item_value for key, item_value in value.items() if isinstance(key, str)}
 
 
+def _item_scanner_evidence(item: dict[str, object]) -> tuple[dict[str, object], ...]:
+    value = item.get("scanner_evidence")
+    if not isinstance(value, list | tuple):
+        return ()
+    return tuple(dict(entry) for entry in value if isinstance(entry, Mapping))
+
+
 def _string_list(value: object) -> list[str]:
     if not isinstance(value, list):
         return []

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/src/codex_plugin_scanner/guard/cli/commands.py

@@ -83,6 +83,12 @@ from ..proxy import (
 from ..receipts import build_receipt
 from ..risk import artifact_risk_signals, artifact_risk_signals_v2, artifact_risk_summary
 from ..runtime.actions import GuardActionEnvelope, normalize_harness_payload
+from ..runtime.cisco_preflight import (
+    build_cisco_deep_scan_payload,
+    cisco_risk_signal_v3_to_v2,
+    policy_action_for_cisco_signals,
+    scan_action_for_cisco_evidence,
+)
 from ..runtime.data_flow_rules import detect_data_flow_exfiltration
 from ..runtime.runner import (
     GuardSyncNotConfiguredError,
@@ -359,6 +365,8 @@ def _configure_guard_parser(guard_parser: argparse.ArgumentParser) -> None:
     scan_parser.add_argument("target", nargs="?", default=".")
     scan_parser.add_argument("--consumer-mode", action="store_true")
     scan_parser.add_argument("--json", action="store_true")
+    scan_parser.add_argument("--deep", action="store_true", help="Run first-class local Cisco scanner evidence.")
+    _add_guard_common_args(scan_parser)
     _add_guard_cisco_mode_arg(scan_parser)
 
     diff_parser = guard_subparsers.add_parser("diff", help="Compare current harness artifacts to stored snapshots")
@@ -840,6 +848,24 @@ def run_guard_command(
     """Execute a Guard subcommand."""
 
     if args.guard_command == "scan":
+        if getattr(args, "deep", False):
+            scan_type = str(args.target)
+            if scan_type not in {"skills", "mcp"}:
+                print("guard scan --deep supports 'skills' or 'mcp'.", file=sys.stderr)
+                return 2
+            home_override = getattr(args, "home", None)
+            guard_home = resolve_guard_home(getattr(args, "guard_home", None) or home_override)
+            workspace = Path(args.workspace).resolve() if getattr(args, "workspace", None) else Path.cwd().resolve()
+            config = load_guard_config(guard_home, workspace=workspace)
+            payload = build_cisco_deep_scan_payload(
+                scan_type=scan_type,
+                target=workspace,
+                mode=args.cisco_mode,
+                config=config,
+            )
+            payload["generated_at"] = _now()
+            _emit("deep-scan", payload, getattr(args, "json", False))
+            return 0
         payload = _run_consumer_scan_with_mode(Path(args.target).resolve(), cisco_mode=args.cisco_mode)
         _emit("scan", payload, args.json or args.consumer_mode)
         return 0
@@ -1850,6 +1876,12 @@ def run_guard_command(
                 return 0
             changed_capabilities = [runtime_artifact.artifact_type]
             data_flow_signals = _runtime_action_data_flow_signals(action_envelope, workspace=runtime_workspace)
+            scanner_evidence = (
+                scan_action_for_cisco_evidence(action_envelope, workspace=runtime_workspace)
+                if action_envelope is not None
+                else ()
+            )
+            scanner_evidence_payload = [signal.to_dict() for signal in scanner_evidence]
             if data_flow_signals and requested_policy_action not in VALID_GUARD_ACTIONS:
                 data_flow_action = resolve_risk_action(
                     config,
@@ -1858,17 +1890,32 @@ def run_guard_command(
                 )
                 if _guard_action_severity(data_flow_action) > _guard_action_severity(policy_action):
                     policy_action = data_flow_action
-            decision_signals = data_flow_signals or artifact_risk_signals_v2(runtime_artifact)
-            risk_signals = (
-                [signal.plain_reason for signal in data_flow_signals]
-                if data_flow_signals
-                else list(artifact_risk_signals(runtime_artifact))
-            )
-            risk_summary = (
-                _runtime_data_flow_summary(data_flow_signals)
-                if data_flow_signals
-                else artifact_risk_summary(runtime_artifact)
+            _pre_scanner_policy_action = policy_action
+            if scanner_evidence and requested_policy_action not in VALID_GUARD_ACTIONS:
+                scanner_action = policy_action_for_cisco_signals(
+                    scanner_evidence,
+                    config=config,
+                    harness=policy_harness,
+                )
+                if _guard_action_severity(scanner_action) > _guard_action_severity(policy_action):
+                    policy_action = scanner_action
+            scanner_raised_to_block = (
+                policy_action == "block" and _pre_scanner_policy_action != "block" and bool(scanner_evidence)
             )
+            base_decision_signals = data_flow_signals or artifact_risk_signals_v2(runtime_artifact)
+            scanner_decision_signals = tuple(cisco_risk_signal_v3_to_v2(signal) for signal in scanner_evidence)
+            decision_signals = (*base_decision_signals, *scanner_decision_signals)
+            scanner_risk_signals = [signal.plain_language_summary for signal in scanner_evidence]
+            if data_flow_signals:
+                risk_signals = [signal.plain_reason for signal in data_flow_signals]
+                risk_summary = _runtime_data_flow_summary(data_flow_signals)
+            else:
+                risk_signals = list(artifact_risk_signals(runtime_artifact))
+                risk_summary = artifact_risk_summary(runtime_artifact)
+            if scanner_risk_signals:
+                risk_signals.extend(scanner_risk_signals)
+                if scanner_raised_to_block:
+                    risk_summary = scanner_risk_signals[0]
             decision_v2 = build_decision_v2(policy_action, reason=policy_action, signals=decision_signals)
             incident = build_incident_context(
                 harness=args.harness,
@@ -1894,6 +1941,7 @@ def run_guard_command(
                 artifact_name=artifact_name,
                 source_scope=runtime_artifact.source_scope,
                 user_override=_optional_string(payload.get("user_override")),
+                scanner_evidence=scanner_evidence_payload,
             )
             store.add_receipt(receipt)
             response_payload = {
@@ -1905,6 +1953,7 @@ def run_guard_command(
                 "policy_action": policy_action,
                 "risk_signals": risk_signals,
                 "risk_summary": risk_summary,
+                "scanner_evidence": scanner_evidence_payload,
                 "decision_v2_json": decision_v2.to_dict(),
                 "artifact_label": incident["artifact_label"],
                 "source_label": incident["source_label"],
@@ -1991,6 +2040,7 @@ def run_guard_command(
                                 "launch_target": _runtime_request_summary(runtime_artifact),
                                 "action_envelope_json": _action_envelope_json(action_envelope),
                                 "decision_v2_json": decision_v2.to_dict(),
+                                "scanner_evidence": scanner_evidence_payload,
                             }
                         ]
                     }

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/src/codex_plugin_scanner/guard/cli/render.py

@@ -1253,6 +1253,37 @@ def _render_scan(console: Console, payload: dict[str, object]) -> None:
     _render_cisco_evidence(console, payload)
 
 
+def _render_deep_scan(console: Console, payload: dict[str, object]) -> None:
+    scan_type = str(payload.get("scan_type") or "unknown")
+    status = str(payload.get("status") or "unknown")
+    body = Table.grid(padding=(0, 1))
+    body.add_row("Type", scan_type)
+    body.add_row("Status", _cisco_status_text(status))
+    body.add_row("Mode", str(payload.get("mode") or "auto"))
+    body.add_row("Findings", str(payload.get("finding_count") or 0))
+    body.add_row("Targets", str(payload.get("targets_scanned") or 0))
+    body.add_row("Analyzers", str(payload.get("analyzers_used") or 0))
+    if payload.get("message"):
+        body.add_row("Message", str(payload["message"]))
+    console.print(Panel(body, title=f"Deep scan — {scan_type}", border_style="cyan"))
+    findings = _coerce_dict_list(payload.get("scanner_evidence") or payload.get("findings"))
+    if findings:
+        table = Table(box=box.SIMPLE_HEAVY, show_header=True)
+        table.add_column("Severity", style="bold")
+        table.add_column("Title")
+        table.add_column("Category")
+        for finding in findings[:50]:
+            sev = str(finding.get("severity") or "info")
+            table.add_row(
+                sev,
+                str(finding.get("title") or finding.get("rule_id") or "unknown"),
+                str(finding.get("category") or ""),
+            )
+        if len(findings) > 50:
+            table.add_row("…", f"and {len(findings) - 50} more", "")
+        console.print(table)
+
+
 def _render_explain(console: Console, payload: dict[str, object]) -> None:
     advisories = _coerce_dict_list(payload.get("advisories"))
     if "artifact_snapshot" in payload:
@@ -1996,5 +2027,6 @@ _RENDERERS: dict[str, Any] = {
     "protect": _render_protect,
     "preflight": _render_preflight,
     "scan": _render_scan,
+    "deep-scan": _render_deep_scan,
     "explain": _render_explain,
 }

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/src/codex_plugin_scanner/guard/models.py

@@ -142,10 +142,12 @@ class GuardReceipt:
     artifact_name: str | None = None
     source_scope: str | None = None
     action_envelope_json: dict[str, object] | None = None
+    scanner_evidence: tuple[dict[str, object], ...] = ()
 
     def to_dict(self) -> dict[str, object]:
         payload = asdict(self)
         payload["changed_capabilities"] = list(self.changed_capabilities)
+        payload["scanner_evidence"] = [dict(item) for item in self.scanner_evidence]
         return payload
 
 
@@ -185,11 +187,13 @@ class GuardApprovalRequest:
     queue_group_id: str | None = None
     dedupe_count: int = 1
     last_seen_at: str | None = None
+    scanner_evidence: tuple[dict[str, object], ...] = ()
 
     def to_dict(self) -> dict[str, object]:
         payload = asdict(self)
         payload["changed_fields"] = list(self.changed_fields)
         payload["risk_signals"] = list(self.risk_signals)
+        payload["scanner_evidence"] = [dict(item) for item in self.scanner_evidence]
         return payload
 
 

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/src/codex_plugin_scanner/guard/receipts/manager.py

@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+from collections.abc import Mapping, Sequence
 from datetime import datetime, timezone
 from uuid import uuid4
 
@@ -19,6 +20,7 @@ def build_receipt(
     artifact_name: str | None,
     source_scope: str | None,
     user_override: str | None = None,
+    scanner_evidence: Sequence[Mapping[str, object]] = (),
 ) -> GuardReceipt:
     """Create a runtime receipt."""
 
@@ -35,4 +37,5 @@ def build_receipt(
         user_override=user_override,
         artifact_name=artifact_name,
         source_scope=source_scope,
+        scanner_evidence=tuple(dict(item) for item in scanner_evidence),
     )

plugin_scanner-2.0.149/src/codex_plugin_scanner/guard/runtime/cisco_preflight.py

@@ -0,0 +1,318 @@
+"""Cisco scanner preflight helpers for local Guard runtime actions."""
+
+from __future__ import annotations
+
+from collections.abc import Iterable
+from pathlib import Path
+
+from codex_plugin_scanner.guard.config import GuardConfig, resolve_risk_action
+from codex_plugin_scanner.guard.models import GuardAction
+from codex_plugin_scanner.guard.runtime.actions import GuardActionEnvelope
+from codex_plugin_scanner.guard.runtime.cisco_evidence import cisco_finding_to_risk_signal
+from codex_plugin_scanner.guard.runtime.signals import GuardRiskSignalV3, RiskSignalV2
+from codex_plugin_scanner.integrations import cisco_mcp_scanner, cisco_skill_scanner
+from codex_plugin_scanner.integrations.cisco_skill_scanner import CiscoIntegrationStatus
+from codex_plugin_scanner.models import Finding
+
+_DEFAULT_SCANNER_TIMEOUT_SECONDS = 5.0
+_ACTION_RANK: dict[GuardAction, int] = {
+    "allow": 0,
+    "warn": 1,
+    "review": 2,
+    "require-reapproval": 3,
+    "sandbox-required": 4,
+    "block": 5,
+}
+_SEVERITY_RANK: dict[str, int] = {"info": 0, "low": 1, "medium": 2, "high": 3, "critical": 4}
+_SOURCE_RISK_CLASS: dict[str, str] = {
+    "cisco_skill": "malicious_skill",
+    "cisco_mcp": "mcp_dangerous_tool",
+    "native": "mcp_dangerous_tool",
+    "threat_intel": "mcp_dangerous_tool",
+    "runtime_detector": "mcp_dangerous_tool",
+}
+
+
+_CISCO_DETECTOR_MIN_BUDGET_SECONDS = 0.5
+
+
+class CiscoSkillPreflightDetector:
+    """Detector wrapper for changed local skill files."""
+
+    detector_id = "cisco.skill"
+    categories = ("skill",)
+
+    def detect(self, action: GuardActionEnvelope, context: object) -> tuple[RiskSignalV2, ...]:
+        workspace = getattr(context, "workspace", None)
+        config = getattr(context, "config", None)
+        timeout_ms: int = getattr(config, "runtime_detector_timeout_ms", 5000) if config is not None else 5000
+        budget_seconds = timeout_ms / 1000.0
+        if budget_seconds < _CISCO_DETECTOR_MIN_BUDGET_SECONDS:
+            return ()
+        signals = scan_action_for_cisco_evidence(
+            action, workspace=workspace, sources=("skill",), timeout_seconds=budget_seconds
+        )
+        return tuple(cisco_risk_signal_v3_to_v2(signal) for signal in signals)
+
+
+class CiscoMcpPreflightDetector:
+    """Detector wrapper for changed local MCP config."""
+
+    detector_id = "cisco.mcp"
+    categories = ("mcp",)
+
+    def detect(self, action: GuardActionEnvelope, context: object) -> tuple[RiskSignalV2, ...]:
+        workspace = getattr(context, "workspace", None)
+        config = getattr(context, "config", None)
+        timeout_ms: int = getattr(config, "runtime_detector_timeout_ms", 5000) if config is not None else 5000
+        budget_seconds = timeout_ms / 1000.0
+        if budget_seconds < _CISCO_DETECTOR_MIN_BUDGET_SECONDS:
+            return ()
+        signals = scan_action_for_cisco_evidence(
+            action, workspace=workspace, sources=("mcp",), timeout_seconds=budget_seconds
+        )
+        return tuple(cisco_risk_signal_v3_to_v2(signal) for signal in signals)
+
+
+def _is_redacted_path(path_str: str) -> bool:
+    """Return True when a target path is a redacted placeholder (starts with .../)."""
+    return path_str.startswith(".../")
+
+
+def scan_action_for_cisco_evidence(
+    action: GuardActionEnvelope,
+    *,
+    workspace: Path | str | None,
+    mode: str = "auto",
+    sources: Iterable[str] = ("skill", "mcp"),
+    timeout_seconds: float = _DEFAULT_SCANNER_TIMEOUT_SECONDS,
+) -> tuple[GuardRiskSignalV3, ...]:
+    """Run Cisco preflight scans for changed skill or MCP files referenced by an action."""
+
+    if action.action_type not in {"file_write", "config_change"}:
+        return ()
+    workspace_path = Path(workspace).expanduser().resolve() if workspace is not None else Path.cwd().resolve()
+    requested_sources = frozenset(sources)
+    signals: list[GuardRiskSignalV3] = []
+    scanned_skill_roots: set[Path] = set()
+    scanned_mcp_roots: set[Path] = set()
+    skill_via_path = False
+    mcp_via_path = False
+    for target_str, target_path in zip(action.target_paths, _resolve_target_paths(action, workspace_path), strict=True):
+        if "skill" in requested_sources and _is_skill_file(target_path):
+            if _is_redacted_path(target_str):
+                skill_via_path = True
+            else:
+                skill_via_path = True
+                skill_root = _skill_scan_root_for_file(target_path, workspace_path)
+                if skill_root not in scanned_skill_roots:
+                    scanned_skill_roots.add(skill_root)
+                    signals.extend(
+                        _skill_findings_to_signals(
+                            cisco_skill_scanner.run_cisco_skill_scan(
+                                skill_root,
+                                mode=mode,
+                                timeout_seconds=timeout_seconds,
+                            )
+                        )
+                    )
+        if "mcp" in requested_sources and target_path.name == ".mcp.json":
+            if _is_redacted_path(target_str):
+                mcp_via_path = True
+            else:
+                mcp_via_path = True
+                mcp_root = target_path.parent
+                if mcp_root not in scanned_mcp_roots:
+                    scanned_mcp_roots.add(mcp_root)
+                    signals.extend(
+                        _mcp_findings_to_signals(
+                            cisco_mcp_scanner.run_cisco_mcp_scan(
+                                mcp_root,
+                                mode=mode,
+                                timeout_seconds=timeout_seconds,
+                            )
+                        )
+                    )
+    if "skill" in requested_sources and skill_via_path and not scanned_skill_roots:
+        skill_root = _skill_scan_root_for_workspace(workspace_path)
+        scanned_skill_roots.add(skill_root)
+        signals.extend(
+            _skill_findings_to_signals(
+                cisco_skill_scanner.run_cisco_skill_scan(skill_root, mode=mode, timeout_seconds=timeout_seconds)
+            )
+        )
+    if "mcp" in requested_sources and mcp_via_path and not scanned_mcp_roots:
+        scanned_mcp_roots.add(workspace_path)
+        signals.extend(
+            _mcp_findings_to_signals(
+                cisco_mcp_scanner.run_cisco_mcp_scan(workspace_path, mode=mode, timeout_seconds=timeout_seconds)
+            )
+        )
+    return tuple(signals)
+
+
+def build_cisco_deep_scan_payload(
+    *,
+    scan_type: str,
+    target: Path,
+    mode: str,
+    config: GuardConfig,
+    harness: str | None = None,
+    timeout_seconds: float = _DEFAULT_SCANNER_TIMEOUT_SECONDS,
+) -> dict[str, object]:
+    """Build a stable CLI payload for deep Cisco scanner evidence."""
+
+    if scan_type == "skills":
+        scan_root = _skill_scan_root_for_workspace(target)
+        summary = cisco_skill_scanner.run_cisco_skill_scan(
+            scan_root,
+            mode=mode,
+            timeout_seconds=timeout_seconds,
+        )
+        signals = tuple(_skill_findings_to_signals(summary))
+        return {
+            "scan_type": "skills",
+            "scanner": "cisco-skill-scanner",
+            "target": str(scan_root),
+            "mode": mode,
+            "status": summary.status.value,
+            "message": summary.message,
+            "finding_count": len(signals),
+            "targets_scanned": summary.skills_scanned,
+            "analyzers_used": list(summary.analyzers_used),
+            "scanner_evidence": [signal.to_dict() for signal in signals],
+            "policy_action": policy_action_for_cisco_signals(signals, config=config, harness=harness),
+        }
+    if scan_type == "mcp":
+        summary = cisco_mcp_scanner.run_cisco_mcp_scan(
+            target,
+            mode=mode,
+            timeout_seconds=timeout_seconds,
+        )
+        signals = tuple(_mcp_findings_to_signals(summary))
+        return {
+            "scan_type": "mcp",
+            "scanner": "cisco-mcp-scanner",
+            "target": str(target),
+            "mode": mode,
+            "status": summary.status.value,
+            "message": summary.message,
+            "finding_count": len(signals),
+            "targets_scanned": summary.targets_scanned,
+            "analyzers_used": list(summary.analyzers_used),
+            "scanner_evidence": [signal.to_dict() for signal in signals],
+            "policy_action": policy_action_for_cisco_signals(signals, config=config, harness=harness),
+        }
+    raise ValueError(f"Unsupported deep scan type: {scan_type}")
+
+
+def cisco_risk_signal_v3_to_v2(signal: GuardRiskSignalV3) -> RiskSignalV2:
+    """Adapt scanner-aware evidence into the existing decision signal contract."""
+
+    return RiskSignalV2(
+        signal_id=signal.signal_id,
+        category=signal.category,
+        severity=signal.severity,
+        confidence=signal.confidence,
+        detector=signal.source,
+        title=signal.title,
+        plain_reason=signal.plain_language_summary,
+        technical_detail=signal.technical_detail,
+        evidence_ref=signal.evidence_ref,
+        redaction_level=signal.redaction_level,
+        false_positive_hint=signal.recommended_action,
+        advisory_id=None,
+    )
+
+
+def policy_action_for_cisco_signals(
+    signals: tuple[GuardRiskSignalV3, ...],
+    *,
+    config: GuardConfig,
+    harness: str | None,
+) -> GuardAction:
+    """Resolve the policy effect of Cisco scanner evidence using configured security level."""
+
+    if not signals:
+        return "allow"
+    action: GuardAction = "allow"
+    for signal in signals:
+        risk_class = _SOURCE_RISK_CLASS.get(signal.source, "mcp_dangerous_tool")
+        resolved = resolve_risk_action(config, risk_class, harness=harness)
+        if resolved is not None and _ACTION_RANK[resolved] > _ACTION_RANK[action]:
+            action = resolved
+    return action
+
+
+def _resolve_target_paths(action: GuardActionEnvelope, workspace: Path) -> tuple[Path, ...]:
+    paths: list[Path] = []
+    for target in action.target_paths:
+        candidate = Path(target).expanduser()
+        if not candidate.is_absolute():
+            candidate = workspace / candidate
+        paths.append(candidate.resolve())
+    return tuple(paths)
+
+
+def _is_skill_file(path: Path) -> bool:
+    return path.name == "SKILL.md"
+
+
+def _skill_scan_root_for_file(path: Path, workspace: Path) -> Path:
+    parent = path.parent
+    if parent.parent.name == "skills":
+        return parent.parent
+    if parent.name == "skills":
+        return parent
+    if parent == workspace:
+        return parent
+    # Default: scan from the containing directory; callers should verify the result is meaningful.
+    return parent
+
+
+def _skill_scan_root_for_workspace(target: Path) -> Path:
+    skills_dir = target / "skills"
+    if skills_dir.is_dir():
+        return skills_dir
+    return target
+
+
+def _skill_findings_to_signals(summary: object) -> tuple[GuardRiskSignalV3, ...]:
+    status = getattr(summary, "status", CiscoIntegrationStatus.FAILED)
+    findings = getattr(summary, "findings", ())
+    return _findings_to_signals(
+        findings,
+        scanner_status=status,
+        scanner_name="Cisco skill scanner",
+    )
+
+
+def _mcp_findings_to_signals(summary: object) -> tuple[GuardRiskSignalV3, ...]:
+    status = getattr(summary, "status", CiscoIntegrationStatus.FAILED)
+    findings = getattr(summary, "findings", ())
+    return _findings_to_signals(
+        findings,
+        scanner_status=status,
+        scanner_name="Cisco MCP scanner",
+    )
+
+
+def _findings_to_signals(
+    findings: object,
+    *,
+    scanner_status: CiscoIntegrationStatus,
+    scanner_name: str,
+) -> tuple[GuardRiskSignalV3, ...]:
+    if not isinstance(findings, tuple | list):
+        return ()
+    signals: list[GuardRiskSignalV3] = []
+    for finding in findings:
+        if isinstance(finding, Finding):
+            signals.append(
+                cisco_finding_to_risk_signal(
+                    finding,
+                    scanner_status=scanner_status,
+                    scanner_name=scanner_name,
+                )
+            )
+    return tuple(signals)

{plugin_scanner-2.0.148 → plugin_scanner-2.0.149}/src/codex_plugin_scanner/guard/runtime/detectors.py

@@ -10,6 +10,7 @@ from typing import Literal, Protocol
 
 from codex_plugin_scanner.guard.config import GuardConfig
 from codex_plugin_scanner.guard.runtime.actions import GuardActionEnvelope
+from codex_plugin_scanner.guard.runtime.cisco_preflight import CiscoMcpPreflightDetector, CiscoSkillPreflightDetector
 from codex_plugin_scanner.guard.runtime.data_flow_rules import detect_data_flow_exfiltration
 from codex_plugin_scanner.guard.runtime.prompt_injection import detect_prompt_injection_requests
 from codex_plugin_scanner.guard.runtime.safe_decode import decode_layers
@@ -286,7 +287,16 @@ class SafeDecodeDetector:
 
 
 def register_default_detectors() -> tuple[GuardDetector, ...]:
+    """Return the default ordered detector list.
+
+    Cisco scanner detectors run first so their preflight signals are available
+    before native data-flow and prompt detectors evaluate the same action.
+    This ordering is intentional: scanner evidence can influence policy before
+    runtime detectors produce additional signals.
+    """
     return (
+        CiscoMcpPreflightDetector(),
+        CiscoSkillPreflightDetector(),
         DataFlowExfiltrationDetector(),
         PromptInjectionDetector(),
         SafeDecodeDetector(),