plugin-scanner 2.0.160__tar.gz → 2.0.162__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/PKG-INFO +1 -1
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/pyproject.toml +1 -1
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/pyproject.toml.bak +1 -1
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/commands.py +37 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/store.py +66 -1
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/store_evidence.py +51 -33
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/version.py +1 -1
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_evidence_store.py +87 -0
- plugin_scanner-2.0.162/tests/test_guard_red_team_e2e.py +383 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.clusterfuzzlite/Dockerfile +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.clusterfuzzlite/build.sh +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.clusterfuzzlite/project.yaml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.clusterfuzzlite/requirements-atheris.txt +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.dockerignore +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/CODEOWNERS +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/ISSUE_TEMPLATE/bug-report.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/ISSUE_TEMPLATE/config.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/ISSUE_TEMPLATE/feature-request.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/dependabot.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/ci.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/codeql.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/dependabot-uv-lock.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/fuzz.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/harness-smoke.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/publish.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.github/workflows/scorecard.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.gitignore +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/.pre-commit-hooks.yaml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/CONTRIBUTING.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/Dockerfile +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/index.html +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/package.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/pnpm-lock.yaml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/public/apple-touch-icon.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/public/brand/Logo_Icon_Dark.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/public/brand/Logo_Whole.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/public/favicon-16x16.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/public/favicon-32x32.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/public/favicon.ico +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/app.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/approval-center-layout.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/approval-center-layout.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/approval-center-mobile.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/approval-center-primitives.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/approval-center-review-cards.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/approval-center-utils.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/data-flow-evidence-card.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/fleet-workspace.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/guard-api.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/guard-api.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/guard-demo.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/guard-types.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/home-dashboard.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/home-dashboard.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/main.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/queue-chip-filter.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/queue-state.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/queue-state.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/receipts-workspace.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/receipts-workspace.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/risk-signal-cards.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/risk-signal-cards.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/runtime-overview.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/runtime-overview.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/scanner-evidence-badge.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/settings-workspace.test.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/settings-workspace.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/styles.css +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/vite-env.d.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/src/watched-app-card.tsx +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/tsconfig.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/dashboard/vite.config.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docker-requirements.txt +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/approval-audit.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/architecture.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/get-started.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/harness-support.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/local-vs-cloud.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/release-checklist.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/release-notes.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/smoke-tests.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/guard/testing-matrix.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/trust/mcp-trust-draft.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/trust/plugin-trust-draft.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/docs/trust/skill-trust-local.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/fuzzers/manifest_fuzzer.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/requirements.txt +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/schemas/plugin-quality.v1.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/schemas/scan-result.v1.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/schemas/verify-result.v1.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/action_runner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/argparse_utils.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/best_practices.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/claude.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/code_quality.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/ecosystem_common.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/gemini.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/manifest.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/manifest_support.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/marketplace.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/mcp_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/opencode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/operational_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/checks/skill_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/cli.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/cli_ui.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/config.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/base.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/claude.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/codex.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/detect.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/gemini.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/opencode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/registry.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/ecosystems/types.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/github_reporting.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/access_graph_events.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/antigravity.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/base.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/claude_code.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/cloud_identity.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/codex.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/contracts.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/copilot.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/cursor.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/gemini.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/hermes.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/mcp_servers.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/openclaw.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/openclaw_config.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/openclaw_support.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/opencode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/adapters/opencode_artifacts.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/advisory_model.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/approvals.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/bridge/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/capabilities.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/approval_commands.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/bootstrap.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/connect_flow.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/install_commands.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/product.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/prompt.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/render.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/update_commands.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/codex_config.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/config.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/consumer/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/consumer/service.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/client.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/manager.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/server.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/apple-touch-icon.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/assets/guard-dashboard.js +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/assets/index.css +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Icon_Dark.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Whole.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/favicon-16x16.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/favicon-32x32.png +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/favicon.ico +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/daemon/static/index.html +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/edge_events.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/incident.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/insights.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/launcher.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/mcp_tool_calls.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/models.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/policy/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/policy/engine.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/protect.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/proxy/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/proxy/remote.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/proxy/runtime_mcp.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/proxy/stdio.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/receipts/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/receipts/manager.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/redaction.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/risk.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/action_identity.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/actions.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/advisory_escalation.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/advisory_matchers.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/cisco_evidence.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/cisco_preflight.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/composition_rules.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/data_flow.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/data_flow_rules.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/data_flow_variables.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/decisions.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/detectors.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/false_positive_rules.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/mcp_protection.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/persistence_rules.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/prompt_injection.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/runner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/safe_decode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/sandbox.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/scanner_cache.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/secret_sensitivity.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/secret_sources.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/shell_commands.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/signals.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/skill_protection.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/supply_chain.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/surface_server.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/temp_files.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/runtime/threat_intel.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/schemas/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/schemas/consumer_mode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/schemas/guard_event_v1.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/schemas/surface_server.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/shims.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/store_approvals.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/store_connect.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/store_threat_intel.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/types.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/integrations/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/integrations/cisco_mcp_scanner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/integrations/cisco_skill_scanner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/lint_fixes.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/marketplace_support.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/models.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/path_support.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/policy.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/quality_artifact.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/repo_detect.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/reporting.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/rules/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/rules/registry.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/rules/specs.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/scanner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/submission.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/suppressions.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_domain_scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_helpers.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_mcp_scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_models.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_plugin_scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_skill_scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/trust_specs.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/verification.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/conftest.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/__init__.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/bad-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/bad-plugin/.mcp.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/bad-plugin/secrets.js +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/claude-plugin-good/.claude-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/claude-plugin-good/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/claude-plugin-good/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/claude-plugin-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/claude-plugin-good/hooks/hooks.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/claude-plugin-good/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/code-quality-bad/evil.js +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/code-quality-bad/inject.js +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/gemini-extension-good/GEMINI.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/gemini-extension-good/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/gemini-extension-good/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/gemini-extension-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/gemini-extension-good/commands/hello.toml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/gemini-extension-good/gemini-extension.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/assets/icon.svg +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/assets/logo.svg +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/assets/screenshot.svg +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/good-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-codex-malicious-mcp/.codex/config.toml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/benign-docs-fake-token.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/benign-health-endpoint.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/benign-nvmrc-fake-creds.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/benign-source-search.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/canary-exfil-encoded.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/canary-exfil.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/expected-decisions.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-dockerfile.txt +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-encoded-shell-exfil.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-github-action.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-mcp-delete.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-mcp-secret-read.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-mcp-skill-exfil.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-npm-postinstall.js +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-prompt-env-read.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-prompt-guard-bypass.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-prompt-npmrc-read.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/malicious-python-setup.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/guard-red-team/smoke-evidence-template.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/config.yaml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/mcp_servers.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/skills/security/malicious/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/references/api-setup.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/scripts/deploy.sh +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/hermes-plugin-evil/skills/utils/benign/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malformed-json/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malicious-skill-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malicious-skill-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malicious-skill-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malicious-skill-plugin/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malicious-skill-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/malicious-skill-plugin/skills/leaky-skill/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/mcp-canary-server.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/minimal-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/missing-fields/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/mit-license/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-ecosystem-repo/codex-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-ecosystem-repo/codex-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-ecosystem-repo/codex-plugin/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-ecosystem-repo/codex-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-ecosystem-repo/gemini-ext/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-ecosystem-repo/gemini-ext/gemini-extension.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/.agents/plugins/marketplace.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codexignore +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/skills/example/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/no-version/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/opencode-good/.opencode/commands/hello.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/opencode-good/.opencode/plugins/example.ts +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/opencode-good/LICENSE +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/opencode-good/README.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/opencode-good/SECURITY.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/opencode-good/opencode.jsonc +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/skills-missing-dir/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/skills-no-frontmatter/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/skills-no-frontmatter/skills/bad-skill/SKILL.md +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/benign-npm-package.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/benign-pnpm-package.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/benign-pyproject.toml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/malicious-Dockerfile +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/malicious-action.yml +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/malicious-npm-package.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/supply-chain/malicious-setup.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/with-marketplace/.codex-plugin/plugin.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/with-marketplace/marketplace-broken.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/fixtures/with-marketplace/marketplace.json +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test-trust-scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test-trust-specs.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_action_runner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_best_practices.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_cisco_install_surfaces.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_cli.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_code_quality.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_config.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_coverage_remaining.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_ecosystems.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_edge_cases.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_final_coverage.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_access_graph.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_action_identity.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_advisory_escalation.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_approval_continuity.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_approval_copy_commands.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_approval_store_dedup.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_approval_store_scale.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_approvals.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_bootstrap.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_bypass_detector.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_canary_fixtures.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_capabilities.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_cisco_evidence.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_cisco_runtime_cli.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_claude_adapter.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_cli.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_cloud_local_sync.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_codex_e2e.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_codex_install.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_codex_proxy.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_config_paths.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_connect_flow.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_consumer_mode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_copilot_adapter.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_copilot_proxy.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_daemon_cli.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_daemon_manager.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_daemon_perf.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_daemon_registry.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_daemon_repair_perf.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_daemon_wake.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_data_flow.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_decision_propagation.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_detector_fp.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_event_schema_v1.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_events.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_harness_contracts.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_harness_setup.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_harness_smoke.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_insights.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_launch_env.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_mcp_detectors.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_mcp_protection.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_opencode_proxy.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_policy_dedup.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_product_flow.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_prompt_injection.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_protect.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_queue_api_contract.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_queue_contract.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_red_team.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_redaction.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_render.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_resolution_copy.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_risk.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_runtime.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_runtime_action_harnesses.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_runtime_actions.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_runtime_decisions.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_runtime_detectors.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_runtime_signals.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_safe_decode.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_sandbox.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_skill_protection.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_store_migrations.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_supply_chain.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_surface_server.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_threat_intel.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_verdicts.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_guard_web_recovery.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_hermes_adapter.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_integration.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_lint_fixes.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_live_cisco_smoke.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_manifest.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_marketplace.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_mcp_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_openclaw_adapter.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_operational_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_policy.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_quality_artifact.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_rule_registry.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_scanner.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_schema_contracts.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_security_ops.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_skill_security.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_submission.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_trust_scoring.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_trust_specs.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_verification.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/tests/test_versioning.py +0 -0
- {plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/uv.lock +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: plugin-scanner
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.162
|
|
4
4
|
Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
|
|
5
5
|
Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
|
|
6
6
|
Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "plugin-scanner"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.162"
|
|
8
8
|
description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = "Apache-2.0"
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "hol-guard"
|
|
7
|
-
version = "2.0.
|
|
7
|
+
version = "2.0.162"
|
|
8
8
|
description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = "Apache-2.0"
|
{plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/cli/commands.py
RENAMED
|
@@ -388,6 +388,13 @@ def _configure_guard_parser(guard_parser: argparse.ArgumentParser) -> None:
|
|
|
388
388
|
_add_guard_common_args(receipts_parser)
|
|
389
389
|
receipts_parser.add_argument("--json", action="store_true")
|
|
390
390
|
|
|
391
|
+
history_parser = guard_subparsers.add_parser("history", help="Inspect Guard decision history")
|
|
392
|
+
_add_guard_common_args(history_parser)
|
|
393
|
+
history_sub = history_parser.add_subparsers(dest="history_command", metavar="COMMAND")
|
|
394
|
+
history_explain_parser = history_sub.add_parser("explain", help="Show insight and evidence for a receipt ID")
|
|
395
|
+
history_explain_parser.add_argument("receipt_id", help="Receipt ID to explain")
|
|
396
|
+
history_explain_parser.add_argument("--json", action="store_true")
|
|
397
|
+
|
|
391
398
|
inventory_parser = guard_subparsers.add_parser("inventory", help="List the local Guard artifact inventory")
|
|
392
399
|
_add_guard_common_args(inventory_parser)
|
|
393
400
|
inventory_parser.add_argument("--json", action="store_true")
|
|
@@ -1178,6 +1185,36 @@ def run_guard_command(
|
|
|
1178
1185
|
_emit("receipts", {"generated_at": _now(), "items": store.list_receipts()}, getattr(args, "json", False))
|
|
1179
1186
|
return 0
|
|
1180
1187
|
|
|
1188
|
+
if args.guard_command == "history":
|
|
1189
|
+
history_cmd = getattr(args, "history_command", None)
|
|
1190
|
+
if history_cmd == "explain":
|
|
1191
|
+
receipt_id: str = args.receipt_id
|
|
1192
|
+
match = store.get_receipt(receipt_id)
|
|
1193
|
+
if match is None:
|
|
1194
|
+
msg = f"No receipt found for ID {receipt_id!r}"
|
|
1195
|
+
_emit("history.explain", {"error": msg}, getattr(args, "json", False))
|
|
1196
|
+
return 1
|
|
1197
|
+
evidence = store.list_evidence(request_id=receipt_id, limit=10_000)
|
|
1198
|
+
payload: dict[str, object] = {
|
|
1199
|
+
"receipt_id": receipt_id,
|
|
1200
|
+
"receipt": match,
|
|
1201
|
+
"evidence": [
|
|
1202
|
+
{
|
|
1203
|
+
"evidence_id": e.get("evidence_id", ""),
|
|
1204
|
+
"category": e.get("category", ""),
|
|
1205
|
+
"severity": e.get("severity", ""),
|
|
1206
|
+
"summary": e.get("summary", ""),
|
|
1207
|
+
"action_identity": e.get("action_identity"),
|
|
1208
|
+
"created_at": e.get("created_at", ""),
|
|
1209
|
+
}
|
|
1210
|
+
for e in evidence
|
|
1211
|
+
],
|
|
1212
|
+
}
|
|
1213
|
+
_emit("history.explain", payload, getattr(args, "json", False))
|
|
1214
|
+
return 0
|
|
1215
|
+
_emit("history", {"error": "Use: hol-guard history explain <receipt_id>"}, getattr(args, "json", False))
|
|
1216
|
+
return 1
|
|
1217
|
+
|
|
1181
1218
|
if args.guard_command == "inventory":
|
|
1182
1219
|
_emit("inventory", {"generated_at": _now(), "items": store.list_inventory()}, getattr(args, "json", False))
|
|
1183
1220
|
return 0
|
|
@@ -99,6 +99,9 @@ from .store_evidence import (
|
|
|
99
99
|
evidence_index_statements,
|
|
100
100
|
evidence_schema_statement,
|
|
101
101
|
)
|
|
102
|
+
from .store_evidence import (
|
|
103
|
+
list_evidence as _list_evidence_impl,
|
|
104
|
+
)
|
|
102
105
|
from .store_threat_intel import (
|
|
103
106
|
threat_intel_bundle_schema_statement,
|
|
104
107
|
threat_intel_index_statements,
|
|
@@ -716,6 +719,9 @@ class GuardStore:
|
|
|
716
719
|
with self._connect() as connection:
|
|
717
720
|
for statement in statements:
|
|
718
721
|
connection.execute(statement)
|
|
722
|
+
if not self._schema_version_applied(connection, version=4):
|
|
723
|
+
self._ensure_column(connection, "guard_evidence", "action_identity", "text")
|
|
724
|
+
self._record_schema_version(connection, version=4)
|
|
719
725
|
for idx_stmt in evidence_index_statements():
|
|
720
726
|
connection.execute(idx_stmt)
|
|
721
727
|
for idx_stmt in threat_intel_index_statements():
|
|
@@ -756,7 +762,8 @@ class GuardStore:
|
|
|
756
762
|
self._ensure_attachment_column(connection, "lease_id", "text not null default ''")
|
|
757
763
|
self._ensure_attachment_column(connection, "lease_expires_at", "text")
|
|
758
764
|
self._ensure_local_device(connection)
|
|
759
|
-
self.
|
|
765
|
+
if not self._schema_version_applied(connection, version=2):
|
|
766
|
+
self._record_schema_version(connection, version=2)
|
|
760
767
|
|
|
761
768
|
@staticmethod
|
|
762
769
|
def _ensure_policy_column(connection: sqlite3.Connection, column_name: str, column_type: str) -> None:
|
|
@@ -782,6 +789,16 @@ class GuardStore:
|
|
|
782
789
|
return
|
|
783
790
|
connection.execute(f"alter table approval_requests add column {column_name} {column_type}")
|
|
784
791
|
|
|
792
|
+
@staticmethod
|
|
793
|
+
def _ensure_column(
|
|
794
|
+
connection: sqlite3.Connection, table_name: str, column_name: str, column_type: str
|
|
795
|
+
) -> None:
|
|
796
|
+
rows = connection.execute(f"pragma table_info({table_name})").fetchall()
|
|
797
|
+
existing = {str(row["name"]) for row in rows}
|
|
798
|
+
if column_name in existing:
|
|
799
|
+
return
|
|
800
|
+
connection.execute(f"alter table {table_name} add column {column_name} {column_type}")
|
|
801
|
+
|
|
785
802
|
@staticmethod
|
|
786
803
|
def _ensure_attachment_column(connection: sqlite3.Connection, column_name: str, column_type: str) -> None:
|
|
787
804
|
rows = connection.execute("pragma table_info(guard_client_attachments)").fetchall()
|
|
@@ -790,6 +807,14 @@ class GuardStore:
|
|
|
790
807
|
return
|
|
791
808
|
connection.execute(f"alter table guard_client_attachments add column {column_name} {column_type}")
|
|
792
809
|
|
|
810
|
+
@staticmethod
|
|
811
|
+
def _ensure_evidence_column(connection: sqlite3.Connection, column_name: str, column_type: str) -> None:
|
|
812
|
+
rows = connection.execute("pragma table_info(guard_evidence)").fetchall()
|
|
813
|
+
existing = {str(row["name"]) for row in rows}
|
|
814
|
+
if column_name in existing:
|
|
815
|
+
return
|
|
816
|
+
connection.execute(f"alter table guard_evidence add column {column_name} {column_type}")
|
|
817
|
+
|
|
793
818
|
@staticmethod
|
|
794
819
|
def _record_schema_version(connection: sqlite3.Connection, *, version: int) -> None:
|
|
795
820
|
connection.execute(
|
|
@@ -3080,6 +3105,46 @@ class GuardStore:
|
|
|
3080
3105
|
).fetchone()
|
|
3081
3106
|
return row is not None
|
|
3082
3107
|
|
|
3108
|
+
def list_evidence(
|
|
3109
|
+
self,
|
|
3110
|
+
*,
|
|
3111
|
+
harness: str | None = None,
|
|
3112
|
+
category: str | None = None,
|
|
3113
|
+
severity: str | None = None,
|
|
3114
|
+
request_id: str | None = None,
|
|
3115
|
+
action_identity: str | None = None,
|
|
3116
|
+
before_cursor: str | None = None,
|
|
3117
|
+
limit: int = 100,
|
|
3118
|
+
) -> list[dict[str, object]]:
|
|
3119
|
+
with self._connect() as connection:
|
|
3120
|
+
records = _list_evidence_impl(
|
|
3121
|
+
connection,
|
|
3122
|
+
harness=harness,
|
|
3123
|
+
category=category,
|
|
3124
|
+
severity=severity,
|
|
3125
|
+
request_id=request_id,
|
|
3126
|
+
action_identity=action_identity,
|
|
3127
|
+
before_cursor=before_cursor,
|
|
3128
|
+
limit=limit,
|
|
3129
|
+
)
|
|
3130
|
+
return [
|
|
3131
|
+
{
|
|
3132
|
+
"evidence_id": r.evidence_id,
|
|
3133
|
+
"action_id": r.action_id,
|
|
3134
|
+
"request_id": r.request_id,
|
|
3135
|
+
"harness": r.harness,
|
|
3136
|
+
"workspace": r.workspace,
|
|
3137
|
+
"signal_id": r.signal_id,
|
|
3138
|
+
"category": r.category,
|
|
3139
|
+
"severity": r.severity,
|
|
3140
|
+
"confidence": r.confidence,
|
|
3141
|
+
"summary": r.summary,
|
|
3142
|
+
"action_identity": r.action_identity,
|
|
3143
|
+
"created_at": r.created_at,
|
|
3144
|
+
}
|
|
3145
|
+
for r in records
|
|
3146
|
+
]
|
|
3147
|
+
|
|
3083
3148
|
@staticmethod
|
|
3084
3149
|
def _advisory_cache_key(advisory: dict[str, object]) -> str:
|
|
3085
3150
|
advisory_id = advisory.get("id")
|
{plugin_scanner-2.0.160 → plugin_scanner-2.0.162}/src/codex_plugin_scanner/guard/store_evidence.py
RENAMED
|
@@ -25,24 +25,26 @@ class EvidenceRecord:
|
|
|
25
25
|
confidence: float
|
|
26
26
|
summary: str
|
|
27
27
|
details: dict[str, object] = field(default_factory=dict)
|
|
28
|
+
action_identity: str | None = None
|
|
28
29
|
created_at: str = field(default_factory=_now_iso)
|
|
29
30
|
|
|
30
31
|
|
|
31
32
|
def evidence_schema_statement() -> str:
|
|
32
33
|
return """
|
|
33
34
|
create table if not exists guard_evidence (
|
|
34
|
-
evidence_id
|
|
35
|
-
action_id
|
|
36
|
-
request_id
|
|
37
|
-
harness
|
|
38
|
-
workspace
|
|
39
|
-
signal_id
|
|
40
|
-
category
|
|
41
|
-
severity
|
|
42
|
-
confidence
|
|
43
|
-
summary
|
|
44
|
-
details_json
|
|
45
|
-
|
|
35
|
+
evidence_id text not null primary key,
|
|
36
|
+
action_id text not null default '',
|
|
37
|
+
request_id text not null default '',
|
|
38
|
+
harness text not null default '',
|
|
39
|
+
workspace text not null default '',
|
|
40
|
+
signal_id text not null default '',
|
|
41
|
+
category text not null default '',
|
|
42
|
+
severity text not null default '',
|
|
43
|
+
confidence real not null default 0.0,
|
|
44
|
+
summary text not null default '',
|
|
45
|
+
details_json text not null default '{}',
|
|
46
|
+
action_identity text,
|
|
47
|
+
created_at text not null
|
|
46
48
|
)
|
|
47
49
|
"""
|
|
48
50
|
|
|
@@ -54,6 +56,7 @@ def evidence_index_statements() -> list[str]:
|
|
|
54
56
|
"create index if not exists idx_evidence_action on guard_evidence(action_id)",
|
|
55
57
|
"create index if not exists idx_evidence_category_severity on guard_evidence(category, severity)",
|
|
56
58
|
"create index if not exists idx_evidence_harness_workspace on guard_evidence(harness, workspace)",
|
|
59
|
+
"create index if not exists idx_evidence_identity on guard_evidence(action_identity)",
|
|
57
60
|
]
|
|
58
61
|
|
|
59
62
|
|
|
@@ -62,6 +65,7 @@ def _row_to_record(row: sqlite3.Row) -> EvidenceRecord:
|
|
|
62
65
|
details: dict[str, object] = json.loads(row["details_json"])
|
|
63
66
|
except (json.JSONDecodeError, TypeError):
|
|
64
67
|
details = {}
|
|
68
|
+
columns = set(row.keys())
|
|
65
69
|
return EvidenceRecord(
|
|
66
70
|
evidence_id=row["evidence_id"],
|
|
67
71
|
action_id=row["action_id"],
|
|
@@ -74,6 +78,7 @@ def _row_to_record(row: sqlite3.Row) -> EvidenceRecord:
|
|
|
74
78
|
confidence=row["confidence"],
|
|
75
79
|
summary=row["summary"],
|
|
76
80
|
details=details,
|
|
81
|
+
action_identity=row["action_identity"] if "action_identity" in columns else None,
|
|
77
82
|
created_at=row["created_at"],
|
|
78
83
|
)
|
|
79
84
|
|
|
@@ -83,8 +88,8 @@ def store_evidence(conn: sqlite3.Connection, record: EvidenceRecord) -> Evidence
|
|
|
83
88
|
"""
|
|
84
89
|
insert or replace into guard_evidence
|
|
85
90
|
(evidence_id, action_id, request_id, harness, workspace, signal_id,
|
|
86
|
-
category, severity, confidence, summary, details_json, created_at)
|
|
87
|
-
values (
|
|
91
|
+
category, severity, confidence, summary, details_json, action_identity, created_at)
|
|
92
|
+
values (?,?,?,?,?,?,?,?,?,?,?,?,?)
|
|
88
93
|
""",
|
|
89
94
|
(
|
|
90
95
|
record.evidence_id,
|
|
@@ -98,6 +103,7 @@ def store_evidence(conn: sqlite3.Connection, record: EvidenceRecord) -> Evidence
|
|
|
98
103
|
record.confidence,
|
|
99
104
|
record.summary,
|
|
100
105
|
json.dumps(record.details),
|
|
106
|
+
record.action_identity,
|
|
101
107
|
record.created_at,
|
|
102
108
|
),
|
|
103
109
|
)
|
|
@@ -112,6 +118,7 @@ def list_evidence(
|
|
|
112
118
|
category: str | None = None,
|
|
113
119
|
severity: str | None = None,
|
|
114
120
|
request_id: str | None = None,
|
|
121
|
+
action_identity: str | None = None,
|
|
115
122
|
before_cursor: str | None = None,
|
|
116
123
|
limit: int = 100,
|
|
117
124
|
) -> list[EvidenceRecord]:
|
|
@@ -130,6 +137,9 @@ def list_evidence(
|
|
|
130
137
|
if request_id is not None:
|
|
131
138
|
clauses.append("request_id = ?")
|
|
132
139
|
params.append(request_id)
|
|
140
|
+
if action_identity is not None:
|
|
141
|
+
clauses.append("action_identity = ?")
|
|
142
|
+
params.append(action_identity)
|
|
133
143
|
if before_cursor is not None:
|
|
134
144
|
clauses.append("created_at < ?")
|
|
135
145
|
params.append(before_cursor)
|
|
@@ -180,27 +190,35 @@ def export_evidence_json(
|
|
|
180
190
|
conn: sqlite3.Connection,
|
|
181
191
|
*,
|
|
182
192
|
limit: int = 10_000,
|
|
193
|
+
redact_fields: tuple[str, ...] | None = None,
|
|
183
194
|
) -> str:
|
|
195
|
+
"""Export evidence records as JSON, omitting sensitive fields by default.
|
|
196
|
+
|
|
197
|
+
Pass ``redact_fields=()`` to include all fields including ``details``.
|
|
198
|
+
By default ``details`` is redacted (excluded from export).
|
|
199
|
+
"""
|
|
200
|
+
_redact = {"details"} if redact_fields is None else set(redact_fields)
|
|
184
201
|
records = list_evidence(conn, limit=limit)
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
202
|
+
rows: list[dict[str, object]] = []
|
|
203
|
+
for r in records:
|
|
204
|
+
row: dict[str, object] = {
|
|
205
|
+
"evidence_id": r.evidence_id,
|
|
206
|
+
"action_id": r.action_id,
|
|
207
|
+
"request_id": r.request_id,
|
|
208
|
+
"harness": r.harness,
|
|
209
|
+
"workspace": r.workspace,
|
|
210
|
+
"signal_id": r.signal_id,
|
|
211
|
+
"category": r.category,
|
|
212
|
+
"severity": r.severity,
|
|
213
|
+
"confidence": r.confidence,
|
|
214
|
+
"summary": r.summary,
|
|
215
|
+
"action_identity": r.action_identity,
|
|
216
|
+
"created_at": r.created_at,
|
|
217
|
+
}
|
|
218
|
+
if "details" not in _redact:
|
|
219
|
+
row["details"] = r.details
|
|
220
|
+
rows.append(row)
|
|
221
|
+
return json.dumps(rows, indent=2)
|
|
204
222
|
|
|
205
223
|
|
|
206
224
|
def clear_evidence(conn: sqlite3.Connection) -> int:
|
|
@@ -69,6 +69,7 @@ class TestSchema:
|
|
|
69
69
|
assert "idx_evidence_action" in names
|
|
70
70
|
assert "idx_evidence_category_severity" in names
|
|
71
71
|
assert "idx_evidence_harness_workspace" in names
|
|
72
|
+
assert "idx_evidence_identity" in names
|
|
72
73
|
|
|
73
74
|
def test_indexes_idempotent(self, tmp_path: Path) -> None:
|
|
74
75
|
conn = _db(tmp_path)
|
|
@@ -284,3 +285,89 @@ class TestCompactEvidence:
|
|
|
284
285
|
compact_evidence(conn, retain_days=30)
|
|
285
286
|
removed2 = compact_evidence(conn, retain_days=30)
|
|
286
287
|
assert removed2 == 0
|
|
288
|
+
|
|
289
|
+
|
|
290
|
+
class TestActionIdentityField:
|
|
291
|
+
def test_store_and_retrieve_action_identity(self, tmp_path: Path) -> None:
|
|
292
|
+
conn = _db(tmp_path)
|
|
293
|
+
rec = _rec(evidence_id="e-ai-1", action_identity="codex:tool:bash")
|
|
294
|
+
store_evidence(conn, rec)
|
|
295
|
+
results = list_evidence(conn, action_identity="codex:tool:bash")
|
|
296
|
+
assert len(results) == 1
|
|
297
|
+
assert results[0].action_identity == "codex:tool:bash"
|
|
298
|
+
|
|
299
|
+
def test_action_identity_none_by_default(self, tmp_path: Path) -> None:
|
|
300
|
+
conn = _db(tmp_path)
|
|
301
|
+
store_evidence(conn, _rec(evidence_id="e-ai-2"))
|
|
302
|
+
results = list_evidence(conn)
|
|
303
|
+
assert results[0].action_identity is None
|
|
304
|
+
|
|
305
|
+
def test_filter_by_action_identity_excludes_others(self, tmp_path: Path) -> None:
|
|
306
|
+
conn = _db(tmp_path)
|
|
307
|
+
store_evidence(conn, _rec(evidence_id="e-ai-3", action_identity="tool:a"))
|
|
308
|
+
store_evidence(conn, _rec(evidence_id="e-ai-4", action_identity="tool:b"))
|
|
309
|
+
results = list_evidence(conn, action_identity="tool:a")
|
|
310
|
+
assert len(results) == 1
|
|
311
|
+
assert results[0].evidence_id == "e-ai-3"
|
|
312
|
+
|
|
313
|
+
|
|
314
|
+
class TestLargeScalePagination:
|
|
315
|
+
def test_cursor_pagination_covers_all_records(self, tmp_path: Path) -> None:
|
|
316
|
+
conn = _db(tmp_path)
|
|
317
|
+
total = 250
|
|
318
|
+
for i in range(total):
|
|
319
|
+
ts = f"2024-01-{(i // 28) + 1:02d}T{(i % 24):02d}:00:{(i % 60):02d}Z"
|
|
320
|
+
store_evidence(conn, _rec(evidence_id=f"bulk-{i:04d}", created_at=ts))
|
|
321
|
+
|
|
322
|
+
page_size = 50
|
|
323
|
+
seen: list[str] = []
|
|
324
|
+
cursor: str | None = None
|
|
325
|
+
|
|
326
|
+
for _ in range(total // page_size + 2):
|
|
327
|
+
page = list_evidence(conn, before_cursor=cursor, limit=page_size)
|
|
328
|
+
if not page:
|
|
329
|
+
break
|
|
330
|
+
seen.extend(r.evidence_id for r in page)
|
|
331
|
+
cursor = page[-1].created_at
|
|
332
|
+
|
|
333
|
+
assert len(seen) == total
|
|
334
|
+
|
|
335
|
+
def test_first_page_returns_most_recent(self, tmp_path: Path) -> None:
|
|
336
|
+
conn = _db(tmp_path)
|
|
337
|
+
for i in range(10):
|
|
338
|
+
store_evidence(conn, _rec(evidence_id=f"p-{i}", created_at=f"2024-01-01T{i:02d}:00:00Z"))
|
|
339
|
+
page = list_evidence(conn, limit=3)
|
|
340
|
+
assert page[0].evidence_id == "p-9"
|
|
341
|
+
assert page[1].evidence_id == "p-8"
|
|
342
|
+
assert page[2].evidence_id == "p-7"
|
|
343
|
+
|
|
344
|
+
|
|
345
|
+
class TestExportRedaction:
|
|
346
|
+
def test_export_omits_details_by_default(self, tmp_path: Path) -> None:
|
|
347
|
+
conn = _db(tmp_path)
|
|
348
|
+
store_evidence(conn, _rec(evidence_id="ex-1", details={"secret": "password123"}))
|
|
349
|
+
exported = json.loads(export_evidence_json(conn))
|
|
350
|
+
assert len(exported) == 1
|
|
351
|
+
assert "details" not in exported[0]
|
|
352
|
+
assert "password123" not in json.dumps(exported)
|
|
353
|
+
|
|
354
|
+
def test_export_includes_details_when_redact_empty(self, tmp_path: Path) -> None:
|
|
355
|
+
conn = _db(tmp_path)
|
|
356
|
+
store_evidence(conn, _rec(evidence_id="ex-2", details={"key": "val"}))
|
|
357
|
+
exported = json.loads(export_evidence_json(conn, redact_fields=()))
|
|
358
|
+
assert len(exported) == 1
|
|
359
|
+
assert exported[0]["details"] == {"key": "val"}
|
|
360
|
+
|
|
361
|
+
def test_export_includes_action_identity(self, tmp_path: Path) -> None:
|
|
362
|
+
conn = _db(tmp_path)
|
|
363
|
+
store_evidence(conn, _rec(evidence_id="ex-3", action_identity="tool:bash"))
|
|
364
|
+
exported = json.loads(export_evidence_json(conn))
|
|
365
|
+
assert exported[0]["action_identity"] == "tool:bash"
|
|
366
|
+
|
|
367
|
+
def test_export_fields_include_required_keys(self, tmp_path: Path) -> None:
|
|
368
|
+
conn = _db(tmp_path)
|
|
369
|
+
store_evidence(conn, _rec(evidence_id="ex-4"))
|
|
370
|
+
exported = json.loads(export_evidence_json(conn))
|
|
371
|
+
row = exported[0]
|
|
372
|
+
for key in ("evidence_id", "action_id", "request_id", "harness", "category", "severity", "summary"):
|
|
373
|
+
assert key in row, f"missing key: {key}"
|