plugin-scanner 2.0.153__tar.gz → 2.0.155__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/PKG-INFO +1 -1
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/pyproject.toml +1 -1
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/pyproject.toml.bak +1 -1
- plugin_scanner-2.0.155/src/codex_plugin_scanner/guard/insights.py +223 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/detectors.py +106 -3
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/version.py +1 -1
- plugin_scanner-2.0.155/tests/test_guard_insights.py +362 -0
- plugin_scanner-2.0.155/tests/test_guard_mcp_detectors.py +376 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.clusterfuzzlite/Dockerfile +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.clusterfuzzlite/build.sh +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.clusterfuzzlite/project.yaml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.clusterfuzzlite/requirements-atheris.txt +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.dockerignore +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/CODEOWNERS +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/ISSUE_TEMPLATE/bug-report.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/ISSUE_TEMPLATE/config.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/ISSUE_TEMPLATE/feature-request.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/dependabot.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/ci.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/codeql.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/dependabot-uv-lock.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/fuzz.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/harness-smoke.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/publish.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.github/workflows/scorecard.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.gitignore +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/.pre-commit-hooks.yaml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/CONTRIBUTING.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/Dockerfile +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/index.html +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/package.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/pnpm-lock.yaml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/public/apple-touch-icon.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/public/brand/Logo_Icon_Dark.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/public/brand/Logo_Whole.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/public/favicon-16x16.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/public/favicon-32x32.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/public/favicon.ico +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/app.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/approval-center-layout.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/approval-center-layout.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/approval-center-primitives.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/approval-center-review-cards.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/approval-center-utils.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/data-flow-evidence-card.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/fleet-workspace.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/guard-api.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/guard-api.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/guard-demo.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/guard-types.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/home-dashboard.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/main.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/queue-chip-filter.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/queue-state.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/queue-state.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/receipts-workspace.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/receipts-workspace.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/risk-signal-cards.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/risk-signal-cards.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/runtime-overview.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/runtime-overview.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/scanner-evidence-badge.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/settings-workspace.test.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/settings-workspace.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/styles.css +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/vite-env.d.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/src/watched-app-card.tsx +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/tsconfig.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/dashboard/vite.config.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docker-requirements.txt +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/approval-audit.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/architecture.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/get-started.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/harness-support.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/local-vs-cloud.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/release-checklist.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/release-notes.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/smoke-tests.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/guard/testing-matrix.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/trust/mcp-trust-draft.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/trust/plugin-trust-draft.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/docs/trust/skill-trust-local.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/fuzzers/manifest_fuzzer.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/requirements.txt +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/schemas/plugin-quality.v1.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/schemas/scan-result.v1.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/schemas/verify-result.v1.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/action_runner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/argparse_utils.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/best_practices.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/claude.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/code_quality.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/ecosystem_common.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/gemini.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/manifest.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/manifest_support.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/marketplace.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/mcp_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/opencode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/operational_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/checks/skill_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/cli.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/cli_ui.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/config.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/base.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/claude.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/codex.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/detect.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/gemini.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/opencode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/registry.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/ecosystems/types.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/github_reporting.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/access_graph_events.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/antigravity.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/base.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/claude_code.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/cloud_identity.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/codex.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/contracts.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/copilot.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/cursor.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/gemini.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/hermes.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/mcp_servers.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/openclaw.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/openclaw_config.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/openclaw_support.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/opencode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/adapters/opencode_artifacts.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/advisory_model.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/approvals.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/bridge/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/capabilities.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/approval_commands.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/bootstrap.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/commands.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/connect_flow.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/install_commands.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/product.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/prompt.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/render.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/cli/update_commands.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/codex_config.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/config.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/consumer/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/consumer/service.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/client.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/manager.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/server.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/apple-touch-icon.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/assets/guard-dashboard.js +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/assets/index.css +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Icon_Dark.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Whole.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/favicon-16x16.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/favicon-32x32.png +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/favicon.ico +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/daemon/static/index.html +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/edge_events.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/incident.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/launcher.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/mcp_tool_calls.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/models.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/policy/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/policy/engine.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/protect.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/proxy/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/proxy/remote.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/proxy/runtime_mcp.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/proxy/stdio.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/receipts/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/receipts/manager.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/redaction.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/risk.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/action_identity.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/actions.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/advisory_escalation.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/advisory_matchers.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/cisco_evidence.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/cisco_preflight.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/composition_rules.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/data_flow.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/data_flow_rules.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/data_flow_variables.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/decisions.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/false_positive_rules.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/mcp_protection.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/persistence_rules.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/prompt_injection.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/runner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/safe_decode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/sandbox.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/scanner_cache.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/secret_sensitivity.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/secret_sources.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/shell_commands.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/signals.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/skill_protection.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/supply_chain.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/surface_server.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/temp_files.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/runtime/threat_intel.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/schemas/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/schemas/consumer_mode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/schemas/guard_event_v1.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/schemas/surface_server.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/shims.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/store.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/store_approvals.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/store_connect.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/store_evidence.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/store_threat_intel.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/guard/types.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/integrations/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/integrations/cisco_mcp_scanner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/integrations/cisco_skill_scanner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/lint_fixes.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/marketplace_support.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/models.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/path_support.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/policy.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/quality_artifact.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/repo_detect.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/reporting.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/rules/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/rules/registry.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/rules/specs.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/scanner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/submission.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/suppressions.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_domain_scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_helpers.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_mcp_scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_models.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_plugin_scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_skill_scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/trust_specs.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/src/codex_plugin_scanner/verification.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/conftest.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/__init__.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/bad-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/bad-plugin/.mcp.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/bad-plugin/secrets.js +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/claude-plugin-good/.claude-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/claude-plugin-good/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/claude-plugin-good/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/claude-plugin-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/claude-plugin-good/hooks/hooks.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/claude-plugin-good/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/code-quality-bad/evil.js +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/code-quality-bad/inject.js +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/gemini-extension-good/GEMINI.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/gemini-extension-good/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/gemini-extension-good/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/gemini-extension-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/gemini-extension-good/commands/hello.toml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/gemini-extension-good/gemini-extension.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/assets/icon.svg +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/assets/logo.svg +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/assets/screenshot.svg +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/good-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-codex-malicious-mcp/.codex/config.toml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/benign-docs-fake-token.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/benign-health-endpoint.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/benign-nvmrc-fake-creds.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/benign-source-search.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/canary-exfil-encoded.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/canary-exfil.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/expected-decisions.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-dockerfile.txt +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-encoded-shell-exfil.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-github-action.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-mcp-delete.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-mcp-secret-read.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-mcp-skill-exfil.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-npm-postinstall.js +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-prompt-env-read.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-prompt-guard-bypass.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-prompt-npmrc-read.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/malicious-python-setup.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/guard-red-team/smoke-evidence-template.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/config.yaml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/mcp_servers.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/skills/security/malicious/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/references/api-setup.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/scripts/deploy.sh +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/hermes-plugin-evil/skills/utils/benign/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malformed-json/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malicious-skill-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malicious-skill-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malicious-skill-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malicious-skill-plugin/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malicious-skill-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/malicious-skill-plugin/skills/leaky-skill/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/mcp-canary-server.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/minimal-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/missing-fields/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/mit-license/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-ecosystem-repo/codex-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-ecosystem-repo/codex-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-ecosystem-repo/codex-plugin/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-ecosystem-repo/codex-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-ecosystem-repo/gemini-ext/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-ecosystem-repo/gemini-ext/gemini-extension.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/.agents/plugins/marketplace.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/no-version/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/opencode-good/.opencode/commands/hello.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/opencode-good/.opencode/plugins/example.ts +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/opencode-good/LICENSE +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/opencode-good/README.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/opencode-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/opencode-good/opencode.jsonc +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/skills-missing-dir/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/skills-no-frontmatter/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/skills-no-frontmatter/skills/bad-skill/SKILL.md +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/benign-npm-package.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/benign-pnpm-package.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/benign-pyproject.toml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/malicious-Dockerfile +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/malicious-action.yml +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/malicious-npm-package.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/supply-chain/malicious-setup.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/with-marketplace/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/with-marketplace/marketplace-broken.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/fixtures/with-marketplace/marketplace.json +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test-trust-scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test-trust-specs.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_action_runner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_best_practices.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_cisco_install_surfaces.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_cli.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_code_quality.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_config.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_coverage_remaining.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_ecosystems.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_edge_cases.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_final_coverage.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_access_graph.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_action_identity.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_advisory_escalation.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_approval_continuity.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_approval_copy_commands.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_approval_store_dedup.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_approval_store_scale.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_approvals.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_bootstrap.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_bypass_detector.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_canary_fixtures.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_capabilities.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_cisco_evidence.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_cisco_runtime_cli.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_claude_adapter.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_cli.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_cloud_local_sync.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_codex_e2e.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_codex_install.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_codex_proxy.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_config_paths.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_connect_flow.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_consumer_mode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_copilot_adapter.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_copilot_proxy.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_daemon_cli.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_daemon_manager.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_daemon_perf.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_daemon_repair_perf.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_data_flow.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_decision_propagation.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_detector_fp.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_event_schema_v1.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_events.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_evidence_store.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_harness_contracts.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_harness_setup.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_harness_smoke.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_launch_env.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_mcp_protection.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_opencode_proxy.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_policy_dedup.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_product_flow.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_prompt_injection.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_protect.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_queue_api_contract.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_queue_contract.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_red_team.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_render.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_resolution_copy.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_risk.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_runtime.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_runtime_action_harnesses.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_runtime_actions.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_runtime_decisions.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_runtime_detectors.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_runtime_signals.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_safe_decode.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_sandbox.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_skill_protection.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_store_migrations.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_supply_chain.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_surface_server.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_threat_intel.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_verdicts.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_guard_web_recovery.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_hermes_adapter.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_integration.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_lint_fixes.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_live_cisco_smoke.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_manifest.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_marketplace.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_mcp_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_openclaw_adapter.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_operational_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_policy.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_quality_artifact.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_rule_registry.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_scanner.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_schema_contracts.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_security_ops.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_skill_security.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_submission.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_trust_scoring.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_trust_specs.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_verification.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/tests/test_versioning.py +0 -0
- {plugin_scanner-2.0.153 → plugin_scanner-2.0.155}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: plugin-scanner
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.155
|
|
4
4
|
Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
|
|
5
5
|
Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
|
|
6
6
|
Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "plugin-scanner"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.155"
|
|
8
8
|
description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = "Apache-2.0"
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "hol-guard"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.155"
|
|
8
8
|
description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = "Apache-2.0"
|
|
@@ -0,0 +1,223 @@
|
|
|
1
|
+
"""GuardInsight model and action-type-specific generators (L246-L252)."""
|
|
2
|
+
|
|
3
|
+
from __future__ import annotations
|
|
4
|
+
|
|
5
|
+
import uuid
|
|
6
|
+
from dataclasses import dataclass, field
|
|
7
|
+
from datetime import datetime, timezone
|
|
8
|
+
|
|
9
|
+
from .runtime.actions import GuardActionEnvelope
|
|
10
|
+
from .runtime.signals import RiskSignalV2
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
def _now_iso() -> str:
|
|
14
|
+
return datetime.now(timezone.utc).isoformat(timespec="microseconds").replace("+00:00", "Z")
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
def _max_severity(signals: tuple[RiskSignalV2, ...]) -> str:
|
|
18
|
+
order = {"critical": 4, "high": 3, "medium": 2, "low": 1, "info": 0}
|
|
19
|
+
best = "info"
|
|
20
|
+
for sig in signals:
|
|
21
|
+
if order.get(sig.severity, 0) > order.get(best, 0):
|
|
22
|
+
best = sig.severity
|
|
23
|
+
return best
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
def _detector_ids(signals: tuple[RiskSignalV2, ...]) -> tuple[str, ...]:
|
|
27
|
+
return tuple(sig.detector for sig in signals if sig.detector)
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
def _first_reason(signals: tuple[RiskSignalV2, ...]) -> str:
|
|
31
|
+
for sig in signals:
|
|
32
|
+
if sig.plain_reason:
|
|
33
|
+
return sig.plain_reason
|
|
34
|
+
return "Risk signals detected."
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
@dataclass(frozen=True, slots=True)
|
|
38
|
+
class GuardInsight:
|
|
39
|
+
"""Human-readable insight generated from a detected risk event.
|
|
40
|
+
|
|
41
|
+
Captures what happened, why it was risky, the source/sink/app context,
|
|
42
|
+
which detectors fired, and a user-facing recommendation.
|
|
43
|
+
"""
|
|
44
|
+
|
|
45
|
+
insight_id: str
|
|
46
|
+
action_id: str
|
|
47
|
+
action_type: str
|
|
48
|
+
harness: str
|
|
49
|
+
what_happened: str
|
|
50
|
+
why_risky: str
|
|
51
|
+
source: str | None
|
|
52
|
+
sink: str | None
|
|
53
|
+
app: str
|
|
54
|
+
scanner_evidence: tuple[str, ...] = field(default_factory=tuple)
|
|
55
|
+
recommendation: str = ""
|
|
56
|
+
severity: str = "low"
|
|
57
|
+
created_at: str = field(default_factory=_now_iso)
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
def insight_from_prompt_block(
|
|
61
|
+
action: GuardActionEnvelope,
|
|
62
|
+
signals: tuple[RiskSignalV2, ...],
|
|
63
|
+
) -> GuardInsight | None:
|
|
64
|
+
"""L247: Generate a GuardInsight for a blocked prompt action."""
|
|
65
|
+
if not signals:
|
|
66
|
+
return None
|
|
67
|
+
excerpt = action.prompt_excerpt or (action.prompt_text or "")[:80]
|
|
68
|
+
return GuardInsight(
|
|
69
|
+
insight_id=str(uuid.uuid4()),
|
|
70
|
+
action_id=action.action_id,
|
|
71
|
+
action_type="prompt",
|
|
72
|
+
harness=action.harness,
|
|
73
|
+
what_happened=f"AI submitted a prompt that triggered a risk signal. Excerpt: {excerpt!r}",
|
|
74
|
+
why_risky=_first_reason(signals),
|
|
75
|
+
source=action.harness,
|
|
76
|
+
sink=None,
|
|
77
|
+
app=action.harness,
|
|
78
|
+
scanner_evidence=_detector_ids(signals),
|
|
79
|
+
recommendation=(
|
|
80
|
+
"Review the prompt text for injection attempts or data exfiltration patterns. "
|
|
81
|
+
"Allow only if you trust the source and intent."
|
|
82
|
+
),
|
|
83
|
+
severity=_max_severity(signals),
|
|
84
|
+
)
|
|
85
|
+
|
|
86
|
+
|
|
87
|
+
def insight_from_bash_command(
|
|
88
|
+
action: GuardActionEnvelope,
|
|
89
|
+
signals: tuple[RiskSignalV2, ...],
|
|
90
|
+
) -> GuardInsight | None:
|
|
91
|
+
"""L248: Generate a GuardInsight for a blocked bash/shell command."""
|
|
92
|
+
if not signals:
|
|
93
|
+
return None
|
|
94
|
+
cmd = (action.command or "")[:120]
|
|
95
|
+
return GuardInsight(
|
|
96
|
+
insight_id=str(uuid.uuid4()),
|
|
97
|
+
action_id=action.action_id,
|
|
98
|
+
action_type="shell_command",
|
|
99
|
+
harness=action.harness,
|
|
100
|
+
what_happened=f"AI attempted to run a shell command: {cmd!r}",
|
|
101
|
+
why_risky=_first_reason(signals),
|
|
102
|
+
source=action.tool_name or "bash",
|
|
103
|
+
sink=None,
|
|
104
|
+
app=action.harness,
|
|
105
|
+
scanner_evidence=_detector_ids(signals),
|
|
106
|
+
recommendation=(
|
|
107
|
+
"Inspect the full command before allowing. Pipe-to-shell and network-fetch patterns "
|
|
108
|
+
"are common supply-chain attack vectors."
|
|
109
|
+
),
|
|
110
|
+
severity=_max_severity(signals),
|
|
111
|
+
)
|
|
112
|
+
|
|
113
|
+
|
|
114
|
+
def insight_from_mcp_tool_call(
|
|
115
|
+
action: GuardActionEnvelope,
|
|
116
|
+
signals: tuple[RiskSignalV2, ...],
|
|
117
|
+
) -> GuardInsight | None:
|
|
118
|
+
"""L249: Generate a GuardInsight for a blocked MCP tool call."""
|
|
119
|
+
if not signals:
|
|
120
|
+
return None
|
|
121
|
+
tool = action.mcp_tool or action.tool_name or "unknown"
|
|
122
|
+
server = action.mcp_server or "unknown"
|
|
123
|
+
return GuardInsight(
|
|
124
|
+
insight_id=str(uuid.uuid4()),
|
|
125
|
+
action_id=action.action_id,
|
|
126
|
+
action_type="mcp_tool",
|
|
127
|
+
harness=action.harness,
|
|
128
|
+
what_happened=f"AI invoked MCP tool {tool!r} on server {server!r}",
|
|
129
|
+
why_risky=_first_reason(signals),
|
|
130
|
+
source=server,
|
|
131
|
+
sink=None,
|
|
132
|
+
app=action.harness,
|
|
133
|
+
scanner_evidence=_detector_ids(signals),
|
|
134
|
+
recommendation=(
|
|
135
|
+
f"Verify that the MCP tool {tool!r} is from a trusted source and that "
|
|
136
|
+
"the server configuration has not been tampered with."
|
|
137
|
+
),
|
|
138
|
+
severity=_max_severity(signals),
|
|
139
|
+
)
|
|
140
|
+
|
|
141
|
+
|
|
142
|
+
def insight_from_skill_scan(
|
|
143
|
+
*,
|
|
144
|
+
action_id: str,
|
|
145
|
+
harness: str,
|
|
146
|
+
skill_name: str,
|
|
147
|
+
signals: tuple[RiskSignalV2, ...],
|
|
148
|
+
) -> GuardInsight | None:
|
|
149
|
+
"""L250: Generate a GuardInsight for a flagged skill scan result."""
|
|
150
|
+
if not signals:
|
|
151
|
+
return None
|
|
152
|
+
return GuardInsight(
|
|
153
|
+
insight_id=str(uuid.uuid4()),
|
|
154
|
+
action_id=action_id,
|
|
155
|
+
action_type="skill_scan",
|
|
156
|
+
harness=harness,
|
|
157
|
+
what_happened=f"Skill scan flagged {skill_name!r} as potentially dangerous",
|
|
158
|
+
why_risky=_first_reason(signals),
|
|
159
|
+
source=skill_name,
|
|
160
|
+
sink=None,
|
|
161
|
+
app=harness,
|
|
162
|
+
scanner_evidence=_detector_ids(signals),
|
|
163
|
+
recommendation=(
|
|
164
|
+
f"Review the skill definition for {skill_name!r}. "
|
|
165
|
+
"Remove or isolate the skill if you did not install it intentionally."
|
|
166
|
+
),
|
|
167
|
+
severity=_max_severity(signals),
|
|
168
|
+
)
|
|
169
|
+
|
|
170
|
+
|
|
171
|
+
def insight_from_package_script(
|
|
172
|
+
action: GuardActionEnvelope,
|
|
173
|
+
signals: tuple[RiskSignalV2, ...],
|
|
174
|
+
) -> GuardInsight | None:
|
|
175
|
+
"""L251: Generate a GuardInsight for a blocked package/script action."""
|
|
176
|
+
if not signals:
|
|
177
|
+
return None
|
|
178
|
+
pkg = action.package_name or action.script_name or (action.command or "")[:60]
|
|
179
|
+
mgr = action.package_manager or "unknown"
|
|
180
|
+
return GuardInsight(
|
|
181
|
+
insight_id=str(uuid.uuid4()),
|
|
182
|
+
action_id=action.action_id,
|
|
183
|
+
action_type=action.action_type,
|
|
184
|
+
harness=action.harness,
|
|
185
|
+
what_happened=f"AI tried to run a {mgr} package or script: {pkg!r}",
|
|
186
|
+
why_risky=_first_reason(signals),
|
|
187
|
+
source=mgr,
|
|
188
|
+
sink=pkg,
|
|
189
|
+
app=action.harness,
|
|
190
|
+
scanner_evidence=_detector_ids(signals),
|
|
191
|
+
recommendation=(
|
|
192
|
+
f"Verify that {pkg!r} is a legitimate package and that it does not "
|
|
193
|
+
"run post-install scripts that modify system state or phone home."
|
|
194
|
+
),
|
|
195
|
+
severity=_max_severity(signals),
|
|
196
|
+
)
|
|
197
|
+
|
|
198
|
+
|
|
199
|
+
def insight_from_encoded_payload(
|
|
200
|
+
action: GuardActionEnvelope,
|
|
201
|
+
signals: tuple[RiskSignalV2, ...],
|
|
202
|
+
) -> GuardInsight | None:
|
|
203
|
+
"""L252: Generate a GuardInsight for an encoded/obfuscated payload."""
|
|
204
|
+
if not signals:
|
|
205
|
+
return None
|
|
206
|
+
cmd = (action.command or action.prompt_text or "")[:80]
|
|
207
|
+
return GuardInsight(
|
|
208
|
+
insight_id=str(uuid.uuid4()),
|
|
209
|
+
action_id=action.action_id,
|
|
210
|
+
action_type=action.action_type,
|
|
211
|
+
harness=action.harness,
|
|
212
|
+
what_happened=f"AI submitted a payload containing encoded or obfuscated content: {cmd!r}",
|
|
213
|
+
why_risky="Encoded payloads can hide malicious commands from static analysis and bypass security controls.",
|
|
214
|
+
source=action.tool_name or action.harness,
|
|
215
|
+
sink=None,
|
|
216
|
+
app=action.harness,
|
|
217
|
+
scanner_evidence=_detector_ids(signals),
|
|
218
|
+
recommendation=(
|
|
219
|
+
"Decode the payload manually and inspect the plaintext before allowing. "
|
|
220
|
+
"Legitimate commands do not need encoding."
|
|
221
|
+
),
|
|
222
|
+
severity=_max_severity(signals),
|
|
223
|
+
)
|
|
@@ -219,9 +219,10 @@ class SupplyChainDetector:
|
|
|
219
219
|
|
|
220
220
|
def detect(self, action: GuardActionEnvelope, context: DetectorContext) -> tuple[RiskSignalV2, ...]:
|
|
221
221
|
del context
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
222
|
+
signals: list[RiskSignalV2] = []
|
|
223
|
+
for content in filter(None, (action.prompt_text, action.command)):
|
|
224
|
+
signals.extend(detect_supply_chain_risk(content))
|
|
225
|
+
return tuple(signals)
|
|
225
226
|
|
|
226
227
|
|
|
227
228
|
class SafeDecodeDetector:
|
|
@@ -551,6 +552,106 @@ class GuardBypassDetector:
|
|
|
551
552
|
return tuple(signals)
|
|
552
553
|
|
|
553
554
|
|
|
555
|
+
_MCP_RISKY_TOOL_PATTERN = re.compile(
|
|
556
|
+
r"(?:exec(?:ute)?|run|shell|spawn|eval|invoke|dispatch|launch)"
|
|
557
|
+
r"|(?:write|send|upload|post|exfil|steal|dump|leak).*(?:cred|secret|token|key|password)"
|
|
558
|
+
r"|(?:arbitrary|remote|unsafe|untruste[d])",
|
|
559
|
+
re.IGNORECASE,
|
|
560
|
+
)
|
|
561
|
+
|
|
562
|
+
|
|
563
|
+
class McpToolSchemaRiskDetector:
|
|
564
|
+
"""Detects MCP tool names that suggest dangerous execution or exfiltration capability."""
|
|
565
|
+
|
|
566
|
+
detector_id = "mcp.schema-risk"
|
|
567
|
+
categories: tuple[RiskSignalCategory, ...] = ("mcp",)
|
|
568
|
+
|
|
569
|
+
def detect(self, action: GuardActionEnvelope, context: DetectorContext) -> tuple[RiskSignalV2, ...]:
|
|
570
|
+
del context
|
|
571
|
+
if action.action_type != "mcp_tool" or action.mcp_tool is None:
|
|
572
|
+
return ()
|
|
573
|
+
tool_name = action.mcp_tool
|
|
574
|
+
if not _MCP_RISKY_TOOL_PATTERN.search(tool_name):
|
|
575
|
+
return ()
|
|
576
|
+
return (
|
|
577
|
+
RiskSignalV2(
|
|
578
|
+
signal_id=f"mcp:schema-risk:{tool_name[:40]}",
|
|
579
|
+
category="mcp",
|
|
580
|
+
severity="high",
|
|
581
|
+
confidence="moderate",
|
|
582
|
+
detector=self.detector_id,
|
|
583
|
+
title="MCP tool name suggests dangerous capability",
|
|
584
|
+
plain_reason=(
|
|
585
|
+
f"The MCP tool '{tool_name}' has a name that suggests it can execute code,"
|
|
586
|
+
" run shell commands, or exfiltrate credentials. Review the tool's actual"
|
|
587
|
+
" implementation before approving."
|
|
588
|
+
),
|
|
589
|
+
technical_detail=f"tool name matched risky-capability pattern: {tool_name!r}",
|
|
590
|
+
evidence_ref="mcp_tool",
|
|
591
|
+
redaction_level="summary",
|
|
592
|
+
false_positive_hint=(
|
|
593
|
+
"Allow if this tool is from a trusted server and its implementation"
|
|
594
|
+
" is audited and does not perform unauthorized actions."
|
|
595
|
+
),
|
|
596
|
+
advisory_id=None,
|
|
597
|
+
),
|
|
598
|
+
)
|
|
599
|
+
|
|
600
|
+
|
|
601
|
+
_MCP_INJECTION_PATTERNS: tuple[re.Pattern[str], ...] = (
|
|
602
|
+
re.compile(r"ignore\s+(?:all\s+)?(?:previous|prior|above)\s+instruction", re.IGNORECASE),
|
|
603
|
+
re.compile(r"you\s+(?:are\s+now|have\s+no\s+restriction|must\s+obey)", re.IGNORECASE),
|
|
604
|
+
re.compile(r"(?:disregard|forget|override)\s+(?:your\s+)?(?:instruction|system\s+prompt|training)", re.IGNORECASE),
|
|
605
|
+
re.compile(r"(?:send|post|upload|exfil(?:trate)?)\s+.*\bto\s+https?://(?!localhost|127\.0\.0\.1)", re.IGNORECASE),
|
|
606
|
+
re.compile(
|
|
607
|
+
r"when\s+you\s+(?:read|access|open|process)\s+.{0,60}(?:also|then|and)\s+(?:send|post|upload)",
|
|
608
|
+
re.IGNORECASE,
|
|
609
|
+
),
|
|
610
|
+
)
|
|
611
|
+
|
|
612
|
+
|
|
613
|
+
class McpDescriptionDeceptionDetector:
|
|
614
|
+
"""Detects prompt injection and deception patterns in MCP tool descriptions or prompts."""
|
|
615
|
+
|
|
616
|
+
detector_id = "mcp.description-deception"
|
|
617
|
+
categories: tuple[RiskSignalCategory, ...] = ("prompt",)
|
|
618
|
+
|
|
619
|
+
def detect(self, action: GuardActionEnvelope, context: DetectorContext) -> tuple[RiskSignalV2, ...]:
|
|
620
|
+
del context
|
|
621
|
+
if action.action_type not in ("mcp_tool", "mcp_tool_call") or action.prompt_excerpt is None:
|
|
622
|
+
return ()
|
|
623
|
+
excerpt = action.prompt_excerpt
|
|
624
|
+
signals: list[RiskSignalV2] = []
|
|
625
|
+
for i, pattern in enumerate(_MCP_INJECTION_PATTERNS):
|
|
626
|
+
m = pattern.search(excerpt)
|
|
627
|
+
if m:
|
|
628
|
+
signals.append(
|
|
629
|
+
RiskSignalV2(
|
|
630
|
+
signal_id=f"mcp:desc-deception:p{i}",
|
|
631
|
+
category="prompt",
|
|
632
|
+
severity="critical",
|
|
633
|
+
confidence="strong",
|
|
634
|
+
detector=self.detector_id,
|
|
635
|
+
title="MCP description contains prompt injection or jailbreak attempt",
|
|
636
|
+
plain_reason=(
|
|
637
|
+
"The tool description or prompt contains language designed to override"
|
|
638
|
+
" your AI assistant's instructions or cause it to exfiltrate data."
|
|
639
|
+
" This is a common technique used by malicious MCP servers."
|
|
640
|
+
),
|
|
641
|
+
technical_detail=f"matched deception pattern {i}: {m.group(0)[:60]!r}",
|
|
642
|
+
evidence_ref="prompt_excerpt",
|
|
643
|
+
redaction_level="summary",
|
|
644
|
+
false_positive_hint=(
|
|
645
|
+
"Allow only if you authored this tool description yourself"
|
|
646
|
+
" and verified it does not cause unintended behavior."
|
|
647
|
+
),
|
|
648
|
+
advisory_id=None,
|
|
649
|
+
)
|
|
650
|
+
)
|
|
651
|
+
break
|
|
652
|
+
return tuple(signals)
|
|
653
|
+
|
|
654
|
+
|
|
554
655
|
def register_default_detectors() -> tuple[GuardDetector, ...]:
|
|
555
656
|
"""Return the default ordered detector list.
|
|
556
657
|
|
|
@@ -569,6 +670,8 @@ def register_default_detectors() -> tuple[GuardDetector, ...]:
|
|
|
569
670
|
FalsePositiveSuppressorDetector(),
|
|
570
671
|
DataFlowExfiltrationDetector(),
|
|
571
672
|
GuardBypassDetector(),
|
|
673
|
+
McpDescriptionDeceptionDetector(),
|
|
674
|
+
McpToolSchemaRiskDetector(),
|
|
572
675
|
PersistenceDetector(),
|
|
573
676
|
PromptInjectionDetector(),
|
|
574
677
|
SafeDecodeDetector(),
|