Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · GAP-SEC-002: Trust Classes for Plugins
page:docs-harness-features-backlog-gaps-security-gap-sec-002a5c.ai
II.
Page overview

page:docs-harness-features-backlog-gaps-security-gap-sec-002

Reference · live

GAP-SEC-002: Trust Classes for Plugins overview

Inspect the raw attributes, linked wiki pages, and inbound or outbound graph edges for page:docs-harness-features-backlog-gaps-security-gap-sec-002.

PageOutgoing · 0Incoming · 1

Attributes

nodeKind
Page
sourcePath
docs/harness-features-backlog/gaps/security/GAP-SEC-002.md
sourceKind
repo-docs
title
GAP-SEC-002: Trust Classes for Plugins
displayName
GAP-SEC-002: Trust Classes for Plugins
slug
docs/harness-features-backlog/gaps/security/gap-sec-002
articlePath
wiki/docs/harness-features-backlog/gaps/security/GAP-SEC-002.md
article
# GAP-SEC-002: Trust Classes for Plugins | Field | Value | |-------|-------| | Category | security | | Priority | High | | Effort | L | | Status | Missing | ## Description Classify plugins by trust level (verified, community, local, untrusted) and enforce trust-based capability restrictions. Plugins running at different trust levels get different permissions. ## Current State Plugins have installation, versioning, and migration support but no trust classification. No sandbox isolation for plugin execution. Plugin hooks run with full harness permissions. ## Target State TrustLevel field in plugin registry. Trust levels enforced in hook dispatch and skill execution. Security review command for auditing plugin capabilities. ## Dependencies - [GAP-SEC-001](../security/GAP-SEC-001.md) -- governance policy for trust enforcement - [GAP-ECO-002](../ecosystem/GAP-ECO-002.md) -- extension provenance for trust basis (optional enhancement, M6) ## Key Files | Component | Path | |-----------|------| | Plugin types | `packages/sdk/src/plugins/types.ts` | | Plugin registry | `packages/sdk/src/plugins/registry.ts` | | Hook dispatcher | `packages/sdk/src/hooks/dispatcher.ts` | ## Recommendation Phase 2 implementation. Add TrustLevel to PluginRegistryEntry. Enforce trust levels in hook dispatch. Add plugin:security-review command.
documents
[]

Outgoing edges

None.

Incoming edges

contains_page1