Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · GAP-SEC-002: Trust Classes for Plugins
page:docs-harness-features-backlog-gaps-security-gap-sec-002a5c.ai
II.
Page JSON

page:docs-harness-features-backlog-gaps-security-gap-sec-002

Structured · live

GAP-SEC-002: Trust Classes for Plugins json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · wiki/docs/harness-features-backlog/gaps/security/gap-sec-002.mdCluster · wiki
Record JSON
{
  "id": "page:docs-harness-features-backlog-gaps-security-gap-sec-002",
  "_kind": "Page",
  "_file": "wiki/docs/harness-features-backlog/gaps/security/gap-sec-002.md",
  "_cluster": "wiki",
  "attributes": {
    "nodeKind": "Page",
    "sourcePath": "docs/harness-features-backlog/gaps/security/GAP-SEC-002.md",
    "sourceKind": "repo-docs",
    "title": "GAP-SEC-002: Trust Classes for Plugins",
    "displayName": "GAP-SEC-002: Trust Classes for Plugins",
    "slug": "docs/harness-features-backlog/gaps/security/gap-sec-002",
    "articlePath": "wiki/docs/harness-features-backlog/gaps/security/GAP-SEC-002.md",
    "article": "\n# GAP-SEC-002: Trust Classes for Plugins\n\n| Field | Value |\n|-------|-------|\n| Category | security |\n| Priority | High |\n| Effort | L |\n| Status | Missing |\n\n## Description\nClassify plugins by trust level (verified, community, local, untrusted) and enforce trust-based capability restrictions. Plugins running at different trust levels get different permissions.\n\n## Current State\nPlugins have installation, versioning, and migration support but no trust classification. No sandbox isolation for plugin execution. Plugin hooks run with full harness permissions.\n\n## Target State\nTrustLevel field in plugin registry. Trust levels enforced in hook dispatch and skill execution. Security review command for auditing plugin capabilities.\n\n## Dependencies\n- [GAP-SEC-001](../security/GAP-SEC-001.md) -- governance policy for trust enforcement\n- [GAP-ECO-002](../ecosystem/GAP-ECO-002.md) -- extension provenance for trust basis (optional enhancement, M6)\n\n## Key Files\n| Component | Path |\n|-----------|------|\n| Plugin types | `packages/sdk/src/plugins/types.ts` |\n| Plugin registry | `packages/sdk/src/plugins/registry.ts` |\n| Hook dispatcher | `packages/sdk/src/hooks/dispatcher.ts` |\n\n## Recommendation\nPhase 2 implementation. Add TrustLevel to PluginRegistryEntry. Enforce trust levels in hook dispatch. Add plugin:security-review command.\n",
    "documents": []
  },
  "outgoingEdges": [],
  "incomingEdges": [
    {
      "from": "page:docs-harness-features-backlog",
      "to": "page:docs-harness-features-backlog-gaps-security-gap-sec-002",
      "kind": "contains_page"
    }
  ]
}