• v1.6.7-dev 3069760490

    FTMahringer released this 2026-05-09 14:55:35 +02:00 | 227 commits to main since this release

    Plugin Safety Rules

    Community and unverified plugins blocked at install without explicit operator confirmation.

    Features:

    • PluginTrustLevel enum — VERIFIED, COMMUNITY, UNVERIFIED
    • PluginSafetyPolicy record — trustLevel, requiresConfirmation, warnings list; verified()/community()/unverified() factories
    • PluginSafetyService — assess() maps source to trust level, safeInstall() blocks unconfirmed community installs
    • Verified sources: official, acp — no confirmation needed
    • Community sources: community, skills_sh — require confirmed=true
    • Unknown/blank sources — UNVERIFIED, require confirmed=true
    • POST /api/plugins/install now takes ?confirmed=false by default
    • POST /api/plugins/install/assess — returns SafetyPolicy without installing
    • PLUGIN_SAFETY_ASSESSED event logged on every install attempt

    Next: Docker Compose test, then v1.7.0 release

    Downloads