plugin-scanner 2.0.172__tar.gz → 2.0.174__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (468) hide show
  1. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/PKG-INFO +1 -1
  2. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-layout.tsx +36 -10
  3. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/guard-api.ts +2 -2
  4. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/pyproject.toml +1 -1
  5. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/pyproject.toml.bak +1 -1
  6. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/commands.py +50 -0
  7. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/assets/guard-dashboard.js +43 -15
  8. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py +111 -0
  9. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/version.py +1 -1
  10. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_risk.py +347 -0
  11. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_runtime.py +82 -0
  12. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.clusterfuzzlite/Dockerfile +0 -0
  13. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.clusterfuzzlite/build.sh +0 -0
  14. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.clusterfuzzlite/project.yaml +0 -0
  15. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.clusterfuzzlite/requirements-atheris.txt +0 -0
  16. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.dockerignore +0 -0
  17. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/CODEOWNERS +0 -0
  18. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/ISSUE_TEMPLATE/bug-report.yml +0 -0
  19. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/ISSUE_TEMPLATE/config.yml +0 -0
  20. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/ISSUE_TEMPLATE/feature-request.yml +0 -0
  21. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/dependabot.yml +0 -0
  22. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/ci.yml +0 -0
  23. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/codeql.yml +0 -0
  24. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/dependabot-uv-lock.yml +0 -0
  25. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/fuzz.yml +0 -0
  26. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/harness-smoke.yml +0 -0
  27. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/publish.yml +0 -0
  28. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.github/workflows/scorecard.yml +0 -0
  29. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.gitignore +0 -0
  30. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/.pre-commit-hooks.yaml +0 -0
  31. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/CONTRIBUTING.md +0 -0
  32. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/Dockerfile +0 -0
  33. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/LICENSE +0 -0
  34. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/README.md +0 -0
  35. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/SECURITY.md +0 -0
  36. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/index.html +0 -0
  37. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/package.json +0 -0
  38. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/pnpm-lock.yaml +0 -0
  39. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/public/apple-touch-icon.png +0 -0
  40. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/public/brand/Logo_Icon_Dark.png +0 -0
  41. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/public/brand/Logo_Whole.png +0 -0
  42. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/public/favicon-16x16.png +0 -0
  43. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/public/favicon-32x32.png +0 -0
  44. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/public/favicon.ico +0 -0
  45. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/app.tsx +0 -0
  46. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-layout.test.ts +0 -0
  47. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-mobile.test.ts +0 -0
  48. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-primitives.tsx +0 -0
  49. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-review-cards.tsx +0 -0
  50. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-utils.ts +0 -0
  51. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/data-flow-evidence-card.tsx +0 -0
  52. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/fleet-workspace.tsx +0 -0
  53. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/guard-api.test.ts +0 -0
  54. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/guard-demo.ts +0 -0
  55. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/guard-types.ts +0 -0
  56. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/home-dashboard.test.ts +0 -0
  57. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/home-dashboard.tsx +0 -0
  58. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/main.tsx +0 -0
  59. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/queue-chip-filter.tsx +0 -0
  60. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/queue-state.test.ts +0 -0
  61. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/queue-state.ts +0 -0
  62. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/receipts-workspace.test.ts +0 -0
  63. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/receipts-workspace.tsx +0 -0
  64. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/risk-signal-cards.test.ts +0 -0
  65. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/risk-signal-cards.tsx +0 -0
  66. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/runtime-overview.test.ts +0 -0
  67. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/runtime-overview.tsx +0 -0
  68. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/scanner-evidence-badge.tsx +0 -0
  69. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/settings-workspace.test.ts +0 -0
  70. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/settings-workspace.tsx +0 -0
  71. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/styles.css +0 -0
  72. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/vite-env.d.ts +0 -0
  73. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/watched-app-card.tsx +0 -0
  74. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/tsconfig.json +0 -0
  75. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/vite.config.ts +0 -0
  76. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docker-requirements.txt +0 -0
  77. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/approval-audit.md +0 -0
  78. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/architecture.md +0 -0
  79. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/get-started.md +0 -0
  80. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/harness-support.md +0 -0
  81. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/local-vs-cloud.md +0 -0
  82. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/release-checklist.md +0 -0
  83. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/release-notes.md +0 -0
  84. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/smoke-tests.md +0 -0
  85. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/guard/testing-matrix.md +0 -0
  86. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/trust/mcp-trust-draft.md +0 -0
  87. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/trust/plugin-trust-draft.md +0 -0
  88. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/docs/trust/skill-trust-local.md +0 -0
  89. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/fuzzers/manifest_fuzzer.py +0 -0
  90. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/requirements.txt +0 -0
  91. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/schemas/plugin-quality.v1.json +0 -0
  92. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/schemas/scan-result.v1.json +0 -0
  93. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/schemas/verify-result.v1.json +0 -0
  94. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/__init__.py +0 -0
  95. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/action_runner.py +0 -0
  96. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/argparse_utils.py +0 -0
  97. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/__init__.py +0 -0
  98. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/best_practices.py +0 -0
  99. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/claude.py +0 -0
  100. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/code_quality.py +0 -0
  101. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/ecosystem_common.py +0 -0
  102. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/gemini.py +0 -0
  103. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/manifest.py +0 -0
  104. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/manifest_support.py +0 -0
  105. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/marketplace.py +0 -0
  106. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/mcp_security.py +0 -0
  107. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/opencode.py +0 -0
  108. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/operational_security.py +0 -0
  109. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/security.py +0 -0
  110. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/checks/skill_security.py +0 -0
  111. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/cli.py +0 -0
  112. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/cli_ui.py +0 -0
  113. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/config.py +0 -0
  114. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/__init__.py +0 -0
  115. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/base.py +0 -0
  116. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/claude.py +0 -0
  117. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/codex.py +0 -0
  118. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/detect.py +0 -0
  119. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/gemini.py +0 -0
  120. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/opencode.py +0 -0
  121. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/registry.py +0 -0
  122. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/ecosystems/types.py +0 -0
  123. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/github_reporting.py +0 -0
  124. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/__init__.py +0 -0
  125. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/access_graph_events.py +0 -0
  126. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/__init__.py +0 -0
  127. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/antigravity.py +0 -0
  128. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/base.py +0 -0
  129. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/claude_code.py +0 -0
  130. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/cloud_identity.py +0 -0
  131. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/codex.py +0 -0
  132. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/contracts.py +0 -0
  133. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/copilot.py +0 -0
  134. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/cursor.py +0 -0
  135. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/gemini.py +0 -0
  136. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/hermes.py +0 -0
  137. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/mcp_servers.py +0 -0
  138. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/openclaw.py +0 -0
  139. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/openclaw_config.py +0 -0
  140. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/openclaw_support.py +0 -0
  141. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/opencode.py +0 -0
  142. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/adapters/opencode_artifacts.py +0 -0
  143. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/advisory_model.py +0 -0
  144. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/approvals.py +0 -0
  145. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/bridge/__init__.py +0 -0
  146. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/capabilities.py +0 -0
  147. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/__init__.py +0 -0
  148. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/approval_commands.py +0 -0
  149. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/bootstrap.py +0 -0
  150. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/connect_flow.py +0 -0
  151. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/install_commands.py +0 -0
  152. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/product.py +0 -0
  153. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/prompt.py +0 -0
  154. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/render.py +0 -0
  155. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/update_commands.py +0 -0
  156. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/codex_config.py +0 -0
  157. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/config.py +0 -0
  158. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/consumer/__init__.py +0 -0
  159. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/consumer/service.py +0 -0
  160. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/__init__.py +0 -0
  161. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/client.py +0 -0
  162. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/manager.py +0 -0
  163. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/server.py +0 -0
  164. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/apple-touch-icon.png +0 -0
  165. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/assets/index.css +0 -0
  166. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Icon_Dark.png +0 -0
  167. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/brand/Logo_Whole.png +0 -0
  168. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/favicon-16x16.png +0 -0
  169. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/favicon-32x32.png +0 -0
  170. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/favicon.ico +0 -0
  171. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/index.html +0 -0
  172. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/edge_events.py +0 -0
  173. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/incident.py +0 -0
  174. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/insights.py +0 -0
  175. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/inventory_cisco.py +0 -0
  176. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/inventory_contract.py +0 -0
  177. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/launcher.py +0 -0
  178. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/mcp_tool_calls.py +0 -0
  179. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/models.py +0 -0
  180. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/policy/__init__.py +0 -0
  181. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/policy/engine.py +0 -0
  182. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/protect.py +0 -0
  183. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/proxy/__init__.py +0 -0
  184. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/proxy/remote.py +0 -0
  185. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/proxy/runtime_mcp.py +0 -0
  186. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/proxy/stdio.py +0 -0
  187. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/receipts/__init__.py +0 -0
  188. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/receipts/manager.py +0 -0
  189. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/redaction.py +0 -0
  190. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/risk.py +0 -0
  191. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/__init__.py +0 -0
  192. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/action_identity.py +0 -0
  193. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/actions.py +0 -0
  194. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/advisory_escalation.py +0 -0
  195. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/advisory_matchers.py +0 -0
  196. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/cisco_evidence.py +0 -0
  197. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/cisco_preflight.py +0 -0
  198. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/composition_rules.py +0 -0
  199. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/data_flow.py +0 -0
  200. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/data_flow_rules.py +0 -0
  201. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/data_flow_variables.py +0 -0
  202. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/decisions.py +0 -0
  203. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/detectors.py +0 -0
  204. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/false_positive_rules.py +0 -0
  205. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/mcp_protection.py +0 -0
  206. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/persistence_rules.py +0 -0
  207. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/prompt_injection.py +0 -0
  208. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/runner.py +0 -0
  209. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/safe_decode.py +0 -0
  210. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/sandbox.py +0 -0
  211. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/scanner_cache.py +0 -0
  212. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/secret_sensitivity.py +0 -0
  213. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/secret_sources.py +0 -0
  214. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/shell_commands.py +0 -0
  215. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/signals.py +0 -0
  216. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/skill_protection.py +0 -0
  217. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/supply_chain.py +0 -0
  218. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/surface_server.py +0 -0
  219. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/temp_files.py +0 -0
  220. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/threat_intel.py +0 -0
  221. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/schemas/__init__.py +0 -0
  222. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/schemas/consumer_mode.py +0 -0
  223. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/schemas/guard_event_v1.py +0 -0
  224. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/schemas/surface_server.py +0 -0
  225. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/shims.py +0 -0
  226. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/store.py +0 -0
  227. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/store_approvals.py +0 -0
  228. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/store_connect.py +0 -0
  229. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/store_evidence.py +0 -0
  230. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/store_threat_intel.py +0 -0
  231. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/types.py +0 -0
  232. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/integrations/__init__.py +0 -0
  233. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/integrations/cisco_mcp_scanner.py +0 -0
  234. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/integrations/cisco_skill_scanner.py +0 -0
  235. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/lint_fixes.py +0 -0
  236. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/marketplace_support.py +0 -0
  237. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/models.py +0 -0
  238. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/path_support.py +0 -0
  239. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/policy.py +0 -0
  240. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/quality_artifact.py +0 -0
  241. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/repo_detect.py +0 -0
  242. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/reporting.py +0 -0
  243. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/rules/__init__.py +0 -0
  244. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/rules/registry.py +0 -0
  245. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/rules/specs.py +0 -0
  246. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/scanner.py +0 -0
  247. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/submission.py +0 -0
  248. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/suppressions.py +0 -0
  249. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_domain_scoring.py +0 -0
  250. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_helpers.py +0 -0
  251. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_mcp_scoring.py +0 -0
  252. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_models.py +0 -0
  253. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_plugin_scoring.py +0 -0
  254. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_scoring.py +0 -0
  255. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_skill_scoring.py +0 -0
  256. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/trust_specs.py +0 -0
  257. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/verification.py +0 -0
  258. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/__init__.py +0 -0
  259. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/conftest.py +0 -0
  260. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/__init__.py +0 -0
  261. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/bad-plugin/.codex-plugin/plugin.json +0 -0
  262. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/bad-plugin/.mcp.json +0 -0
  263. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/bad-plugin/secrets.js +0 -0
  264. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/claude-plugin-good/.claude-plugin/plugin.json +0 -0
  265. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/claude-plugin-good/LICENSE +0 -0
  266. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/claude-plugin-good/README.md +0 -0
  267. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/claude-plugin-good/SECURITY.md +0 -0
  268. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/claude-plugin-good/hooks/hooks.json +0 -0
  269. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/claude-plugin-good/skills/example/SKILL.md +0 -0
  270. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/code-quality-bad/evil.js +0 -0
  271. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/code-quality-bad/inject.js +0 -0
  272. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/gemini-extension-good/GEMINI.md +0 -0
  273. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/gemini-extension-good/LICENSE +0 -0
  274. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/gemini-extension-good/README.md +0 -0
  275. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/gemini-extension-good/SECURITY.md +0 -0
  276. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/gemini-extension-good/commands/hello.toml +0 -0
  277. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/gemini-extension-good/gemini-extension.json +0 -0
  278. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/.codex-plugin/plugin.json +0 -0
  279. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/.codexignore +0 -0
  280. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/LICENSE +0 -0
  281. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/README.md +0 -0
  282. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/SECURITY.md +0 -0
  283. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/assets/icon.svg +0 -0
  284. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/assets/logo.svg +0 -0
  285. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/assets/screenshot.svg +0 -0
  286. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/good-plugin/skills/example/SKILL.md +0 -0
  287. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-codex-malicious-mcp/.codex/config.toml +0 -0
  288. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/README.md +0 -0
  289. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/benign-docs-fake-token.py +0 -0
  290. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/benign-health-endpoint.py +0 -0
  291. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/benign-nvmrc-fake-creds.py +0 -0
  292. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/benign-source-search.py +0 -0
  293. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/canary-exfil-encoded.py +0 -0
  294. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/canary-exfil.py +0 -0
  295. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/expected-decisions.json +0 -0
  296. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-dockerfile.txt +0 -0
  297. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-encoded-shell-exfil.py +0 -0
  298. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-github-action.yml +0 -0
  299. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-mcp-delete.md +0 -0
  300. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-mcp-secret-read.md +0 -0
  301. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-mcp-skill-exfil.md +0 -0
  302. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-npm-postinstall.js +0 -0
  303. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-prompt-env-read.md +0 -0
  304. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-prompt-guard-bypass.md +0 -0
  305. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-prompt-npmrc-read.md +0 -0
  306. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/malicious-python-setup.py +0 -0
  307. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/guard-red-team/smoke-evidence-template.json +0 -0
  308. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/config.yaml +0 -0
  309. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/mcp_servers.json +0 -0
  310. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/skills/security/malicious/SKILL.md +0 -0
  311. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/SKILL.md +0 -0
  312. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/references/api-setup.md +0 -0
  313. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/skills/stealth/sneaky/scripts/deploy.sh +0 -0
  314. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/hermes-plugin-evil/skills/utils/benign/SKILL.md +0 -0
  315. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malformed-json/.codex-plugin/plugin.json +0 -0
  316. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malicious-skill-plugin/.codex-plugin/plugin.json +0 -0
  317. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malicious-skill-plugin/.codexignore +0 -0
  318. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malicious-skill-plugin/LICENSE +0 -0
  319. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malicious-skill-plugin/README.md +0 -0
  320. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malicious-skill-plugin/SECURITY.md +0 -0
  321. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/malicious-skill-plugin/skills/leaky-skill/SKILL.md +0 -0
  322. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/mcp-canary-server.py +0 -0
  323. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/minimal-plugin/.codex-plugin/plugin.json +0 -0
  324. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/missing-fields/.codex-plugin/plugin.json +0 -0
  325. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/mit-license/LICENSE +0 -0
  326. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-ecosystem-repo/codex-plugin/.codex-plugin/plugin.json +0 -0
  327. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-ecosystem-repo/codex-plugin/LICENSE +0 -0
  328. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-ecosystem-repo/codex-plugin/README.md +0 -0
  329. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-ecosystem-repo/codex-plugin/SECURITY.md +0 -0
  330. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-ecosystem-repo/gemini-ext/README.md +0 -0
  331. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-ecosystem-repo/gemini-ext/gemini-extension.json +0 -0
  332. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/.agents/plugins/marketplace.json +0 -0
  333. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codex-plugin/plugin.json +0 -0
  334. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/.codexignore +0 -0
  335. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/LICENSE +0 -0
  336. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/README.md +0 -0
  337. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/SECURITY.md +0 -0
  338. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/alpha-plugin/skills/example/SKILL.md +0 -0
  339. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/.codex-plugin/plugin.json +0 -0
  340. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/multi-plugin-repo/plugins/beta-plugin/skills/example/SKILL.md +0 -0
  341. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/no-version/.codex-plugin/plugin.json +0 -0
  342. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/opencode-good/.opencode/commands/hello.md +0 -0
  343. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/opencode-good/.opencode/plugins/example.ts +0 -0
  344. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/opencode-good/LICENSE +0 -0
  345. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/opencode-good/README.md +0 -0
  346. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/opencode-good/SECURITY.md +0 -0
  347. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/opencode-good/opencode.jsonc +0 -0
  348. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/skills-missing-dir/.codex-plugin/plugin.json +0 -0
  349. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/skills-no-frontmatter/.codex-plugin/plugin.json +0 -0
  350. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/skills-no-frontmatter/skills/bad-skill/SKILL.md +0 -0
  351. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/benign-npm-package.json +0 -0
  352. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/benign-pnpm-package.json +0 -0
  353. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/benign-pyproject.toml +0 -0
  354. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/malicious-Dockerfile +0 -0
  355. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/malicious-action.yml +0 -0
  356. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/malicious-npm-package.json +0 -0
  357. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/supply-chain/malicious-setup.py +0 -0
  358. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/with-marketplace/.codex-plugin/plugin.json +0 -0
  359. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/with-marketplace/marketplace-broken.json +0 -0
  360. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/fixtures/with-marketplace/marketplace.json +0 -0
  361. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test-trust-scoring.py +0 -0
  362. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test-trust-specs.py +0 -0
  363. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_action_runner.py +0 -0
  364. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_best_practices.py +0 -0
  365. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_cisco_install_surfaces.py +0 -0
  366. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_cli.py +0 -0
  367. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_code_quality.py +0 -0
  368. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_config.py +0 -0
  369. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_coverage_remaining.py +0 -0
  370. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_ecosystems.py +0 -0
  371. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_edge_cases.py +0 -0
  372. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_final_coverage.py +0 -0
  373. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_access_graph.py +0 -0
  374. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_action_identity.py +0 -0
  375. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_advisory_escalation.py +0 -0
  376. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_approval_continuity.py +0 -0
  377. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_approval_copy_commands.py +0 -0
  378. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_approval_store_dedup.py +0 -0
  379. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_approval_store_scale.py +0 -0
  380. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_approvals.py +0 -0
  381. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_bootstrap.py +0 -0
  382. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_bypass_detector.py +0 -0
  383. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_canary_fixtures.py +0 -0
  384. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_capabilities.py +0 -0
  385. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_cisco_evidence.py +0 -0
  386. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_cisco_runtime_cli.py +0 -0
  387. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_claude_adapter.py +0 -0
  388. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_cli.py +0 -0
  389. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_cloud_local_sync.py +0 -0
  390. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_codex_e2e.py +0 -0
  391. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_codex_install.py +0 -0
  392. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_codex_proxy.py +0 -0
  393. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_config_paths.py +0 -0
  394. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_connect_flow.py +0 -0
  395. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_consumer_mode.py +0 -0
  396. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_copilot_adapter.py +0 -0
  397. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_copilot_proxy.py +0 -0
  398. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_daemon_cli.py +0 -0
  399. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_daemon_manager.py +0 -0
  400. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_daemon_perf.py +0 -0
  401. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_daemon_registry.py +0 -0
  402. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_daemon_repair_perf.py +0 -0
  403. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_daemon_wake.py +0 -0
  404. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_data_flow.py +0 -0
  405. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_decision_propagation.py +0 -0
  406. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_detector_fp.py +0 -0
  407. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_event_schema_v1.py +0 -0
  408. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_events.py +0 -0
  409. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_evidence_store.py +0 -0
  410. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_harness_contracts.py +0 -0
  411. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_harness_setup.py +0 -0
  412. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_harness_smoke.py +0 -0
  413. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_insights.py +0 -0
  414. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_inventory_cisco.py +0 -0
  415. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_inventory_contract.py +0 -0
  416. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_launch_env.py +0 -0
  417. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_mcp_detectors.py +0 -0
  418. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_mcp_protection.py +0 -0
  419. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_opencode_proxy.py +0 -0
  420. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_policy_dedup.py +0 -0
  421. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_product_flow.py +0 -0
  422. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_prompt_injection.py +0 -0
  423. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_protect.py +0 -0
  424. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_queue_api_contract.py +0 -0
  425. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_queue_contract.py +0 -0
  426. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_red_team.py +0 -0
  427. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_red_team_e2e.py +0 -0
  428. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_redaction.py +0 -0
  429. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_render.py +0 -0
  430. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_resolution_copy.py +0 -0
  431. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_runtime_action_harnesses.py +0 -0
  432. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_runtime_actions.py +0 -0
  433. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_runtime_decisions.py +0 -0
  434. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_runtime_detectors.py +0 -0
  435. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_runtime_signals.py +0 -0
  436. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_safe_decode.py +0 -0
  437. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_sandbox.py +0 -0
  438. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_settings_presets.py +0 -0
  439. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_skill_protection.py +0 -0
  440. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_store_migrations.py +0 -0
  441. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_supply_chain.py +0 -0
  442. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_surface_server.py +0 -0
  443. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_threat_intel.py +0 -0
  444. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_verdicts.py +0 -0
  445. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_guard_web_recovery.py +0 -0
  446. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_hermes_adapter.py +0 -0
  447. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_integration.py +0 -0
  448. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_lint_fixes.py +0 -0
  449. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_live_cisco_smoke.py +0 -0
  450. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_manifest.py +0 -0
  451. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_marketplace.py +0 -0
  452. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_mcp_security.py +0 -0
  453. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_openclaw_adapter.py +0 -0
  454. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_operational_security.py +0 -0
  455. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_policy.py +0 -0
  456. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_quality_artifact.py +0 -0
  457. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_rule_registry.py +0 -0
  458. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_scanner.py +0 -0
  459. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_schema_contracts.py +0 -0
  460. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_security.py +0 -0
  461. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_security_ops.py +0 -0
  462. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_skill_security.py +0 -0
  463. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_submission.py +0 -0
  464. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_trust_scoring.py +0 -0
  465. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_trust_specs.py +0 -0
  466. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_verification.py +0 -0
  467. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/tests/test_versioning.py +0 -0
  468. {plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/uv.lock +0 -0
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: plugin-scanner
3
- Version: 2.0.172
3
+ Version: 2.0.174
4
4
  Summary: Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows.
5
5
  Project-URL: Homepage, https://github.com/hashgraph-online/ai-plugin-scanner
6
6
  Project-URL: Repository, https://github.com/hashgraph-online/ai-plugin-scanner
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/approval-center-layout.tsx RENAMED
@@ -77,6 +77,7 @@ import type {
77
77
  GuardRuntimeSnapshot,
78
78
  DecisionScope
79
79
  } from "./guard-types";
80
+ import { guardAwareHref } from "./guard-api";
80
81
 
81
82
  type RequestState =
82
83
  | { kind: "loading" }
@@ -1295,6 +1296,7 @@ function resolveMcpInputSummary(payload: Record<string, unknown>): string | null
1295
1296
  function BlockedActionCard(props: { item: GuardApprovalRequest }) {
1296
1297
  const launchText = actionLaunchText(props.item);
1297
1298
  const decisionDetail = resolveDecisionV2Detail(props.item);
1299
+ const [shareState, setShareState] = useState<"idle" | "copied" | "failed">("idle");
1298
1300
  const isBlocked = props.item.policy_action === "block";
1299
1301
  const bannerBg = isBlocked
1300
1302
  ? "bg-gradient-to-r from-brand-purple/90 to-brand-purple/75"
@@ -1310,6 +1312,19 @@ function BlockedActionCard(props: { item: GuardApprovalRequest }) {
1310
1312
  isMcpTool && envelope !== null
1311
1313
  ? resolveMcpInputSummary(envelope.raw_payload_redacted)
1312
1314
  : null;
1315
+ const approvalUrl = props.item.approval_url ? guardAwareHref(props.item.approval_url) : null;
1316
+
1317
+ const handleCopyApprovalUrl = useCallback(async () => {
1318
+ if (approvalUrl === null) return;
1319
+ try {
1320
+ await navigator.clipboard.writeText(approvalUrl);
1321
+ setShareState("copied");
1322
+ window.setTimeout(() => setShareState("idle"), 1800);
1323
+ } catch {
1324
+ setShareState("failed");
1325
+ window.setTimeout(() => setShareState("idle"), 2400);
1326
+ }
1327
+ }, [approvalUrl]);
1313
1328
 
1314
1329
  return (
1315
1330
  <div className="overflow-hidden rounded-[1.65rem] border border-brand-blue/15 bg-white/70 shadow-[inset_0_1px_0_rgba(255,255,255,0.85)]">
@@ -1318,16 +1333,27 @@ function BlockedActionCard(props: { item: GuardApprovalRequest }) {
1318
1333
  <span className="font-mono text-[11px] font-semibold uppercase tracking-[0.2em] text-white">
1319
1334
  {bannerLabel}
1320
1335
  </span>
1321
- {props.item.approval_url ? (
1322
- <a
1323
- href={props.item.approval_url}
1324
- target="_blank"
1325
- rel="noreferrer"
1326
- className="ml-auto inline-flex items-center gap-1 font-mono text-[10px] font-semibold uppercase tracking-[0.18em] text-white/80 transition-colors hover:text-white"
1327
- >
1328
- Approval link
1329
- <HiMiniArrowTopRightOnSquare className="h-3 w-3" aria-hidden="true" />
1330
- </a>
1336
+ {approvalUrl ? (
1337
+ <div className="ml-auto flex items-center gap-2">
1338
+ <button
1339
+ type="button"
1340
+ onClick={handleCopyApprovalUrl}
1341
+ className="inline-flex items-center gap-1 font-mono text-[10px] font-semibold uppercase tracking-[0.18em] text-white/80 transition-colors hover:text-white"
1342
+ aria-label="Copy local review link"
1343
+ >
1344
+ <HiMiniClipboard className="h-3 w-3" aria-hidden="true" />
1345
+ {shareState === "copied" ? "Copied" : shareState === "failed" ? "Copy failed" : "Copy link"}
1346
+ </button>
1347
+ <a
1348
+ href={approvalUrl}
1349
+ target="_blank"
1350
+ rel="noreferrer"
1351
+ className="inline-flex items-center gap-1 font-mono text-[10px] font-semibold uppercase tracking-[0.18em] text-white/80 transition-colors hover:text-white"
1352
+ >
1353
+ Open
1354
+ <HiMiniArrowTopRightOnSquare className="h-3 w-3" aria-hidden="true" />
1355
+ </a>
1356
+ </div>
1331
1357
  ) : null}
1332
1358
  </div>
1333
1359
  <div className="p-4">
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/dashboard/src/guard-api.ts RENAMED
@@ -163,12 +163,12 @@ export function guardAwareHref(href: string): string {
163
163
  }
164
164
 
165
165
  const url = new URL(href, window.location.origin);
166
- if (url.origin !== window.location.origin) {
166
+ const daemonOrigin = readGuardDaemonOrigin();
167
+ if (url.origin !== window.location.origin && url.origin !== daemonOrigin) {
167
168
  return href;
168
169
  }
169
170
 
170
171
  const fragmentPairs = [[GUARD_TOKEN_PARAM, guardToken]];
171
- const daemonOrigin = readGuardDaemonOrigin();
172
172
  if (daemonOrigin) {
173
173
  fragmentPairs.push([GUARD_DAEMON_PARAM, daemonOrigin]);
174
174
  }
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/pyproject.toml RENAMED
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "plugin-scanner"
7
- version = "2.0.172"
7
+ version = "2.0.174"
8
8
  description = "Lint, verify, and gate plugin ecosystems for maintainers, CI, and publish workflows."
9
9
  readme = "README.md"
10
10
  license = "Apache-2.0"
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/pyproject.toml.bak RENAMED
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
4
4
 
5
5
  [project]
6
6
  name = "hol-guard"
7
- version = "2.0.172"
7
+ version = "2.0.174"
8
8
  description = "Protect local AI harnesses with HOL Guard and run scanner checks for Codex, Claude, Cursor, Gemini, and OpenCode."
9
9
  readme = "README.md"
10
10
  license = "Apache-2.0"
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/cli/commands.py RENAMED
@@ -5170,6 +5170,9 @@ def _codex_command_is_read_only_source_inspection(command_text: str, *, cwd: Pat
5170
5170
  return False
5171
5171
  if _codex_command_has_unquoted_glob_metachar(command):
5172
5172
  return False
5173
+ chained_segments = _split_codex_safe_read_only_chain(command)
5174
+ if chained_segments is not None:
5175
+ return all(_codex_command_is_read_only_source_inspection(segment, cwd=cwd) for segment in chained_segments)
5173
5176
  segments = _split_codex_safe_read_only_pipeline(command)
5174
5177
  if segments is None:
5175
5178
  return _codex_command_is_read_only_source_search(command, cwd=cwd) or _codex_command_is_read_only_source_view(
@@ -5186,6 +5189,53 @@ def _codex_command_is_read_only_source_inspection(command_text: str, *, cwd: Pat
5186
5189
  return all(_codex_command_is_bounded_read_only_filter(segment) for segment in filter_segments)
5187
5190
 
5188
5191
 
5192
+ def _split_codex_safe_read_only_chain(command: str) -> list[str] | None:
5193
+ segments: list[str] = []
5194
+ start = 0
5195
+ quote: str | None = None
5196
+ escaped = False
5197
+ found_chain = False
5198
+ index = 0
5199
+ while index < len(command):
5200
+ char = command[index]
5201
+ if escaped:
5202
+ escaped = False
5203
+ index += 1
5204
+ continue
5205
+ if char == "\\":
5206
+ escaped = True
5207
+ index += 1
5208
+ continue
5209
+ if quote is not None:
5210
+ if char == quote:
5211
+ quote = None
5212
+ index += 1
5213
+ continue
5214
+ if char in {"'", '"'}:
5215
+ quote = char
5216
+ index += 1
5217
+ continue
5218
+ if command.startswith("&&", index):
5219
+ segment = command[start:index].strip()
5220
+ if not segment:
5221
+ return None
5222
+ segments.append(segment)
5223
+ found_chain = True
5224
+ index += 2
5225
+ start = index
5226
+ continue
5227
+ if command.startswith("||", index) or char in {";", "&"}:
5228
+ return None
5229
+ index += 1
5230
+ if quote is not None or escaped or not found_chain:
5231
+ return None
5232
+ segment = command[start:].strip()
5233
+ if not segment:
5234
+ return None
5235
+ segments.append(segment)
5236
+ return segments if len(segments) > 1 else None
5237
+
5238
+
5189
5239
  def _codex_command_has_unquoted_glob_metachar(command: str) -> bool:
5190
5240
  quote: str | None = None
5191
5241
  escaped = False
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/daemon/static/assets/guard-dashboard.js RENAMED
@@ -12728,11 +12728,11 @@ function guardAwareHref(href) {
12728
12728
  return href;
12729
12729
  }
12730
12730
  const url = new URL(href, window.location.origin);
12731
- if (url.origin !== window.location.origin) {
12731
+ const daemonOrigin = readGuardDaemonOrigin();
12732
+ if (url.origin !== window.location.origin && url.origin !== daemonOrigin) {
12732
12733
  return href;
12733
12734
  }
12734
12735
  const fragmentPairs = [[GUARD_TOKEN_PARAM, guardToken]];
12735
- const daemonOrigin = readGuardDaemonOrigin();
12736
12736
  if (daemonOrigin) {
12737
12737
  fragmentPairs.push([GUARD_DAEMON_PARAM, daemonOrigin]);
12738
12738
  }
@@ -15561,6 +15561,7 @@ function resolveMcpInputSummary(payload) {
15561
15561
  function BlockedActionCard(props) {
15562
15562
  const launchText = actionLaunchText(props.item);
15563
15563
  const decisionDetail = resolveDecisionV2Detail(props.item);
15564
+ const [shareState, setShareState] = reactExports.useState("idle");
15564
15565
  const isBlocked = props.item.policy_action === "block";
15565
15566
  const bannerBg = isBlocked ? "bg-gradient-to-r from-brand-purple/90 to-brand-purple/75" : "bg-gradient-to-r from-brand-blue/85 to-brand-dark/80";
15566
15567
  const bannerLabel = isBlocked ? "Blocked" : "Paused for review";
@@ -15571,23 +15572,50 @@ function BlockedActionCard(props) {
15571
15572
  const mcpServer = isMcpTool ? envelope?.mcp_server ?? null : null;
15572
15573
  const mcpTool = isMcpTool ? envelope?.mcp_tool ?? null : null;
15573
15574
  const mcpInputSummary = isMcpTool && envelope !== null ? resolveMcpInputSummary(envelope.raw_payload_redacted) : null;
15575
+ const approvalUrl = props.item.approval_url ? guardAwareHref(props.item.approval_url) : null;
15576
+ const handleCopyApprovalUrl = reactExports.useCallback(async () => {
15577
+ if (approvalUrl === null) return;
15578
+ try {
15579
+ await navigator.clipboard.writeText(approvalUrl);
15580
+ setShareState("copied");
15581
+ window.setTimeout(() => setShareState("idle"), 1800);
15582
+ } catch {
15583
+ setShareState("failed");
15584
+ window.setTimeout(() => setShareState("idle"), 2400);
15585
+ }
15586
+ }, [approvalUrl]);
15574
15587
  return /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "overflow-hidden rounded-[1.65rem] border border-brand-blue/15 bg-white/70 shadow-[inset_0_1px_0_rgba(255,255,255,0.85)]", children: [
15575
15588
  /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: `flex items-center gap-2 px-4 py-2.5 ${bannerBg}`, children: [
15576
15589
  /* @__PURE__ */ jsxRuntimeExports.jsx(BannerIcon, { className: "h-3.5 w-3.5 shrink-0 text-white", "aria-hidden": "true" }),
15577
15590
  /* @__PURE__ */ jsxRuntimeExports.jsx("span", { className: "font-mono text-[11px] font-semibold uppercase tracking-[0.2em] text-white", children: bannerLabel }),
15578
- props.item.approval_url ? /* @__PURE__ */ jsxRuntimeExports.jsxs(
15579
- "a",
15580
- {
15581
- href: props.item.approval_url,
15582
- target: "_blank",
15583
- rel: "noreferrer",
15584
- className: "ml-auto inline-flex items-center gap-1 font-mono text-[10px] font-semibold uppercase tracking-[0.18em] text-white/80 transition-colors hover:text-white",
15585
- children: [
15586
- "Approval link",
15587
- /* @__PURE__ */ jsxRuntimeExports.jsx(HiMiniArrowTopRightOnSquare, { className: "h-3 w-3", "aria-hidden": "true" })
15588
- ]
15589
- }
15590
- ) : null
15591
+ approvalUrl ? /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "ml-auto flex items-center gap-2", children: [
15592
+ /* @__PURE__ */ jsxRuntimeExports.jsxs(
15593
+ "button",
15594
+ {
15595
+ type: "button",
15596
+ onClick: handleCopyApprovalUrl,
15597
+ className: "inline-flex items-center gap-1 font-mono text-[10px] font-semibold uppercase tracking-[0.18em] text-white/80 transition-colors hover:text-white",
15598
+ "aria-label": "Copy local review link",
15599
+ children: [
15600
+ /* @__PURE__ */ jsxRuntimeExports.jsx(HiMiniClipboard, { className: "h-3 w-3", "aria-hidden": "true" }),
15601
+ shareState === "copied" ? "Copied" : shareState === "failed" ? "Copy failed" : "Copy link"
15602
+ ]
15603
+ }
15604
+ ),
15605
+ /* @__PURE__ */ jsxRuntimeExports.jsxs(
15606
+ "a",
15607
+ {
15608
+ href: approvalUrl,
15609
+ target: "_blank",
15610
+ rel: "noreferrer",
15611
+ className: "inline-flex items-center gap-1 font-mono text-[10px] font-semibold uppercase tracking-[0.18em] text-white/80 transition-colors hover:text-white",
15612
+ children: [
15613
+ "Open",
15614
+ /* @__PURE__ */ jsxRuntimeExports.jsx(HiMiniArrowTopRightOnSquare, { className: "h-3 w-3", "aria-hidden": "true" })
15615
+ ]
15616
+ }
15617
+ )
15618
+ ] }) : null
15591
15619
  ] }),
15592
15620
  /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "p-4", children: [
15593
15621
  isMcpTool && mcpServer !== null && mcpTool !== null && /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "mb-3 space-y-2 rounded-xl border border-brand-blue/20 bg-brand-blue/[0.04] px-3 py-2", children: [
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/guard/runtime/secret_file_requests.py RENAMED
@@ -2628,6 +2628,8 @@ def _looks_destructive_shell_command(command_text: str) -> bool:
2628
2628
  normalized = command_text.strip()
2629
2629
  if not normalized:
2630
2630
  return False
2631
+ if _looks_like_safe_graphql_query_file_workflow(normalized):
2632
+ return False
2631
2633
  parts = _split_shell_parts(normalized)
2632
2634
  if not parts:
2633
2635
  return False
@@ -2665,6 +2667,115 @@ def _looks_destructive_shell_command(command_text: str) -> bool:
2665
2667
  )
2666
2668
 
2667
2669
 
2670
+ _SAFE_GRAPHQL_QUERY_FILE_WORKFLOW_PATTERN = re.compile(
2671
+ r"\A\s*cat\s*>\s*(?P<path>'[^']+'|\"[^\"]+\"|[^\s]+)\s*<<(?P<quote>['\"])(?P<label>[A-Za-z_][A-Za-z0-9_]*)(?P=quote)"
2672
+ r"\s*\n(?P<body>.*?)\n(?P=label)\s*(?:\n|&&|;)\s*(?P<rest>.+)\Z",
2673
+ re.DOTALL,
2674
+ )
2675
+
2676
+
2677
+ def _looks_like_safe_graphql_query_file_workflow(command_text: str) -> bool:
2678
+ match = _SAFE_GRAPHQL_QUERY_FILE_WORKFLOW_PATTERN.match(command_text)
2679
+ if match is None:
2680
+ return False
2681
+ target_path = _strip_shell_quotes(match.group("path").strip())
2682
+ if (
2683
+ not target_path.endswith(".graphql")
2684
+ or _path_text_looks_sensitive(target_path)
2685
+ or _contains_shell_expansion(target_path)
2686
+ or not _looks_like_temporary_pr_threads_query_path(target_path)
2687
+ ):
2688
+ return False
2689
+ body = match.group("body").strip()
2690
+ if not re.search(r"\bquery\b", body) or re.search(r"\bmutation\b|\bsubscription\b", body):
2691
+ return False
2692
+ rest = match.group("rest").strip()
2693
+ if not rest.startswith("gh api graphql "):
2694
+ return False
2695
+ if re.search(r"(?:;|&|\|\||\||>|<|\n)", rest):
2696
+ return False
2697
+ rest_without_allowed_query_refs = rest
2698
+ for ref in _graphql_query_file_substitution_refs(target_path):
2699
+ rest_without_allowed_query_refs = rest_without_allowed_query_refs.replace(ref, "")
2700
+ if "$(" in rest_without_allowed_query_refs or "`" in rest_without_allowed_query_refs:
2701
+ return False
2702
+ return _rest_has_exact_graphql_query_file_arg(rest, target_path)
2703
+
2704
+
2705
+ def _strip_shell_quotes(value: str) -> str:
2706
+ if len(value) >= 2 and value[0] == value[-1] and value[0] in {"'", '"'}:
2707
+ return value[1:-1]
2708
+ return value
2709
+
2710
+
2711
+ def _contains_shell_expansion(value: str) -> bool:
2712
+ return (
2713
+ "$(" in value
2714
+ or "`" in value
2715
+ or "${" in value
2716
+ or "$'" in value
2717
+ or '$"' in value
2718
+ or re.search(r"\$[A-Za-z_][A-Za-z0-9_]*", value) is not None
2719
+ or re.search(r"[*?\[\]{}]", value) is not None
2720
+ )
2721
+
2722
+
2723
+ def _graphql_query_file_substitution_refs(target_path: str) -> set[str]:
2724
+ return {
2725
+ f"$(cat {target_path})",
2726
+ f'$(cat "{target_path}")',
2727
+ f"$(cat '{target_path}')",
2728
+ }
2729
+
2730
+
2731
+ def _rest_has_exact_graphql_query_file_arg(rest: str, target_path: str) -> bool:
2732
+ escaped_path = re.escape(target_path)
2733
+ path_value = rf"(?:(?:\"|'){escaped_path}(?:\"|')|{escaped_path})"
2734
+ substitution_pattern = rf"(?:^|\s)(?:-f|--field)\s+query=(?:\"|')?\$\(cat {path_value}\)(?:\"|')?(?:\s|$)"
2735
+ field_pattern = rf"(?:^|\s)(?:-f|--field)\s+query=@{path_value}(?:\s|$)"
2736
+ return re.search(substitution_pattern, rest) is not None or re.search(field_pattern, rest) is not None
2737
+
2738
+
2739
+ def _looks_like_temporary_pr_threads_query_path(path_text: str) -> bool:
2740
+ normalized = os.path.normpath(path_text.replace("\\", "/")).replace("\\", "/")
2741
+ basename = os.path.basename(normalized)
2742
+ if basename != "pr-threads-query.graphql":
2743
+ return False
2744
+ if not normalized.startswith("/"):
2745
+ return False
2746
+ if os.path.exists(normalized):
2747
+ return False
2748
+ lowered = os.path.realpath(normalized).replace("\\", "/").lower()
2749
+ return lowered.startswith(
2750
+ (
2751
+ "/tmp/",
2752
+ "/var/tmp/",
2753
+ "/private/tmp/",
2754
+ "/var/folders/",
2755
+ "/private/var/folders/",
2756
+ )
2757
+ )
2758
+
2759
+
2760
+ def _path_text_looks_sensitive(path_text: str) -> bool:
2761
+ lowered = path_text.lower()
2762
+ return any(
2763
+ marker in lowered
2764
+ for marker in (
2765
+ ".aws/",
2766
+ ".docker/",
2767
+ ".kube/",
2768
+ ".ssh/",
2769
+ ".env",
2770
+ ".git-credentials",
2771
+ ".netrc",
2772
+ ".npmrc",
2773
+ ".pypirc",
2774
+ "id_rsa",
2775
+ )
2776
+ )
2777
+
2778
+
2668
2779
  def _contains_destructive_node_inline_eval(parts: list[str]) -> bool:
2669
2780
  for segment in _iter_shell_command_segments(parts):
2670
2781
  command_name, command_index = _shell_segment_primary_command(segment)
{plugin_scanner-2.0.172 → plugin_scanner-2.0.174}/src/codex_plugin_scanner/version.py RENAMED
@@ -1,3 +1,3 @@
1
1
  """Single source of truth for tool version."""
2
2
 
3
- __version__ = "2.0.172"
3
+ __version__ = "2.0.174"