-
released this
2026-05-09 14:55:35 +02:00 | 227 commits to main since this releasePlugin Safety Rules
Community and unverified plugins blocked at install without explicit operator confirmation.
Features:
- PluginTrustLevel enum — VERIFIED, COMMUNITY, UNVERIFIED
- PluginSafetyPolicy record — trustLevel, requiresConfirmation, warnings list; verified()/community()/unverified() factories
- PluginSafetyService — assess() maps source to trust level, safeInstall() blocks unconfirmed community installs
- Verified sources: official, acp — no confirmation needed
- Community sources: community, skills_sh — require confirmed=true
- Unknown/blank sources — UNVERIFIED, require confirmed=true
- POST /api/plugins/install now takes ?confirmed=false by default
- POST /api/plugins/install/assess — returns SafetyPolicy without installing
- PLUGIN_SAFETY_ASSESSED event logged on every install attempt
Next: Docker Compose test, then v1.7.0 release
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads