Skip to content

Add --trust-bin / --no-trust-bin CLI flag for plugin bin/ consent (#1620)#2045

Open
sergio-sisternes-epam wants to merge 1 commit into
mainfrom
sergio-sisternes-epam-feat-plugin-bin-trust-posture
Open

Add --trust-bin / --no-trust-bin CLI flag for plugin bin/ consent (#1620)#2045
sergio-sisternes-epam wants to merge 1 commit into
mainfrom
sergio-sisternes-epam-feat-plugin-bin-trust-posture

Conversation

@sergio-sisternes-epam

Copy link
Copy Markdown
Collaborator

TL;DR

Adds --trust-bin / --no-trust-bin flags to apm install for per-invocation consent over marketplace-plugin bin/ executable deployment.

Problem (WHY)

Issue #1620 tracks deferred follow-ups from the advisory review panel on PR #1591. Items 2--5 were already folded into that PR. The remaining work is:

  1. Item 1 (trust posture): The bin/ deployment path deploys executables to Claude Code's PATH without explicit user consent. While this mirrors npm's trust model, the review panel recommended a consent mechanism.
  2. Item 6 (TargetProfile): Forward-looking design issue for multi-harness bin/ deployment abstraction.

Approach (WHAT)

Tri-state consent flag

Flag Behaviour
--trust-bin Explicit consent -- deploy silently (no warning)
--no-trust-bin Explicit deny -- skip bin/ even if policy allows
(default) Deploy with a prominent trust-posture warning

The flag is orthogonal to the allowExecutables gate: the project policy controls whether bin/ can deploy; --trust-bin controls whether the user consents for this invocation.

Gate evaluation order

  1. allowExecutables not approved -> skip, reason "not_approved"
  2. --no-trust-bin -> skip, reason "not_trusted"
  3. Otherwise -> deploy (with warning if no --trust-bin)

TargetProfile design issue

Opened #2044 as a status/needs-design issue for the TargetProfile plugin-bin-contract abstraction (item 6).

Implementation (HOW)

  • commands/install.py: Added --trust-bin/--no-trust-bin Click option + trust_bin field on InstallContext
  • install/services.py: Extracted _resolve_bin_skip() helper to combine allowExecutables gate with trust-bin flag; threads trust_bin to integrate_package_skill
  • integration/skill_integrator.py: Added trust_bin + bin_skip_reason_override params; emits trust-posture warning in _deploy_plugin_bin when trust_bin is None
  • install/exec_gate.py: Added not_trusted case in log_bin_status
  • install/template.py: Passes trust_bin from context to integrate_package_primitives

Validation

  • 10 new tests in tests/integration/test_plugin_bin_trust_posture.py covering all three modes + _resolve_bin_skip matrix + log_bin_status rendering
  • Existing test_plugin_bin_deploy_hardening.py passes (no regressions)
  • Full lint chain green (ruff check, ruff format, pylint R0801, auth-signals)

Documentation

Updated: policy-schema.md, commands.md, governance.md, repo-shapes.md

Closes #1620

Introduce a tri-state --trust-bin / --no-trust-bin flag on apm install
that gives per-invocation consent for marketplace-plugin bin/ deployment:

- --trust-bin: explicitly consent (suppresses trust-posture warning)
- --no-trust-bin: explicitly deny (skips bin/ even if policy allows)
- Default (no flag): deploy with a prominent trust-posture warning

The flag is orthogonal to the allowExecutables gate: the project policy
controls whether bin/ CAN deploy, while --trust-bin controls whether
the user CONSENTS to it for this invocation.

Thread trust_bin through install pipeline:
  commands/install.py -> InstallContext -> services.py ->
  skill_integrator.py -> _deploy_plugin_bin

Add _resolve_bin_skip() helper in services.py to combine the
allowExecutables gate with the trust-bin flag cleanly.

Add 'not_trusted' bin_skipped_reason in log_bin_status for the
--no-trust-bin case.

Update docs: policy-schema, commands, governance, repo-shapes.
Open design issue #2044 for TargetProfile abstraction (item 6).

Closes #1620

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 5, 2026 23:51

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a tri-state, per-invocation consent control for deploying marketplace-plugin bin/ executables during apm install, layering user consent on top of the existing allowExecutables policy gate.

Changes:

  • Introduces --trust-bin/--no-trust-bin and threads trust_bin through the install context into the skill integrator.
  • Centralizes the bin-deploy gating decision in _resolve_bin_skip() (policy approval first, then explicit no-trust).
  • Adds integration tests and updates user-facing docs/guide content for the new consent model.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
tests/integration/test_plugin_bin_trust_posture.py Adds integration coverage for the three trust-bin modes plus _resolve_bin_skip() and log_bin_status() behavior.
src/apm_cli/integration/skill_integrator.py Threads trust_bin into plugin bin deployment and emits a trust-posture warning when consent is implicit.
src/apm_cli/install/template.py Passes trust_bin from install context into primitive integration.
src/apm_cli/install/services.py Adds _resolve_bin_skip() and threads trust_bin into integrate_package_skill() with skip-reason override support.
src/apm_cli/install/exec_gate.py Adds not_trusted rendering in log_bin_status().
src/apm_cli/commands/install.py Adds the Click CLI option and stores trust_bin on InstallContext.
packages/apm-guide/.apm/skills/apm-usage/governance.md Documents per-invocation consent flags alongside policy-level controls.
packages/apm-guide/.apm/skills/apm-usage/commands.md Updates the apm install reference row to include --trust-bin/--no-trust-bin.
docs/src/content/docs/reference/policy-schema.md Updates the executables security note to mention the consent flags and default warning behavior.
docs/src/content/docs/producer/repo-shapes.md Notes the consumer consent flags for marketplace plugins that ship bin/.

Comment on lines +1552 to +1557
logger.progress(
f"[!] Plugin '{canonical}' deploys executables to Claude Code's PATH "
"(invoked without confirmation). "
"Pass --trust-bin to acknowledge, or --no-trust-bin to skip bin/ deployment.",
symbol="warning",
)
Comment on lines +245 to +248
When *trust_bin* is ``False`` (``--no-trust-bin``), bin/ deployment
is skipped with reason ``"not_trusted"``. When ``True``
(``--trust-bin``), the trust-posture warning is suppressed. When
``None`` (default), bin/ deploys but a prominent warning is emitted.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Plugin bin/ deploy: trust-posture, producer docs, and hardening follow-ups (from #1591 review panel)

2 participants