Add --trust-bin / --no-trust-bin CLI flag for plugin bin/ consent (#1620)#2045
Open
sergio-sisternes-epam wants to merge 1 commit into
Open
Add --trust-bin / --no-trust-bin CLI flag for plugin bin/ consent (#1620)#2045sergio-sisternes-epam wants to merge 1 commit into
sergio-sisternes-epam wants to merge 1 commit into
Conversation
Introduce a tri-state --trust-bin / --no-trust-bin flag on apm install that gives per-invocation consent for marketplace-plugin bin/ deployment: - --trust-bin: explicitly consent (suppresses trust-posture warning) - --no-trust-bin: explicitly deny (skips bin/ even if policy allows) - Default (no flag): deploy with a prominent trust-posture warning The flag is orthogonal to the allowExecutables gate: the project policy controls whether bin/ CAN deploy, while --trust-bin controls whether the user CONSENTS to it for this invocation. Thread trust_bin through install pipeline: commands/install.py -> InstallContext -> services.py -> skill_integrator.py -> _deploy_plugin_bin Add _resolve_bin_skip() helper in services.py to combine the allowExecutables gate with the trust-bin flag cleanly. Add 'not_trusted' bin_skipped_reason in log_bin_status for the --no-trust-bin case. Update docs: policy-schema, commands, governance, repo-shapes. Open design issue #2044 for TargetProfile abstraction (item 6). Closes #1620 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a tri-state, per-invocation consent control for deploying marketplace-plugin bin/ executables during apm install, layering user consent on top of the existing allowExecutables policy gate.
Changes:
- Introduces
--trust-bin/--no-trust-binand threadstrust_binthrough the install context into the skill integrator. - Centralizes the bin-deploy gating decision in
_resolve_bin_skip()(policy approval first, then explicit no-trust). - Adds integration tests and updates user-facing docs/guide content for the new consent model.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/integration/test_plugin_bin_trust_posture.py | Adds integration coverage for the three trust-bin modes plus _resolve_bin_skip() and log_bin_status() behavior. |
| src/apm_cli/integration/skill_integrator.py | Threads trust_bin into plugin bin deployment and emits a trust-posture warning when consent is implicit. |
| src/apm_cli/install/template.py | Passes trust_bin from install context into primitive integration. |
| src/apm_cli/install/services.py | Adds _resolve_bin_skip() and threads trust_bin into integrate_package_skill() with skip-reason override support. |
| src/apm_cli/install/exec_gate.py | Adds not_trusted rendering in log_bin_status(). |
| src/apm_cli/commands/install.py | Adds the Click CLI option and stores trust_bin on InstallContext. |
| packages/apm-guide/.apm/skills/apm-usage/governance.md | Documents per-invocation consent flags alongside policy-level controls. |
| packages/apm-guide/.apm/skills/apm-usage/commands.md | Updates the apm install reference row to include --trust-bin/--no-trust-bin. |
| docs/src/content/docs/reference/policy-schema.md | Updates the executables security note to mention the consent flags and default warning behavior. |
| docs/src/content/docs/producer/repo-shapes.md | Notes the consumer consent flags for marketplace plugins that ship bin/. |
Comment on lines
+1552
to
+1557
| logger.progress( | ||
| f"[!] Plugin '{canonical}' deploys executables to Claude Code's PATH " | ||
| "(invoked without confirmation). " | ||
| "Pass --trust-bin to acknowledge, or --no-trust-bin to skip bin/ deployment.", | ||
| symbol="warning", | ||
| ) |
Comment on lines
+245
to
+248
| When *trust_bin* is ``False`` (``--no-trust-bin``), bin/ deployment | ||
| is skipped with reason ``"not_trusted"``. When ``True`` | ||
| (``--trust-bin``), the trust-posture warning is suppressed. When | ||
| ``None`` (default), bin/ deploys but a prominent warning is emitted. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TL;DR
Adds
--trust-bin/--no-trust-binflags toapm installfor per-invocation consent over marketplace-pluginbin/executable deployment.Problem (WHY)
Issue #1620 tracks deferred follow-ups from the advisory review panel on PR #1591. Items 2--5 were already folded into that PR. The remaining work is:
Approach (WHAT)
Tri-state consent flag
--trust-bin--no-trust-binThe flag is orthogonal to the
allowExecutablesgate: the project policy controls whether bin/ can deploy;--trust-bincontrols whether the user consents for this invocation.Gate evaluation order
allowExecutablesnot approved -> skip, reason"not_approved"--no-trust-bin-> skip, reason"not_trusted"--trust-bin)TargetProfile design issue
Opened #2044 as a
status/needs-designissue for the TargetProfile plugin-bin-contract abstraction (item 6).Implementation (HOW)
commands/install.py: Added--trust-bin/--no-trust-binClick option +trust_binfield onInstallContextinstall/services.py: Extracted_resolve_bin_skip()helper to combineallowExecutablesgate with trust-bin flag; threadstrust_bintointegrate_package_skillintegration/skill_integrator.py: Addedtrust_bin+bin_skip_reason_overrideparams; emits trust-posture warning in_deploy_plugin_binwhentrust_bin is Noneinstall/exec_gate.py: Addednot_trustedcase inlog_bin_statusinstall/template.py: Passestrust_binfrom context tointegrate_package_primitivesValidation
tests/integration/test_plugin_bin_trust_posture.pycovering all three modes +_resolve_bin_skipmatrix +log_bin_statusrenderingtest_plugin_bin_deploy_hardening.pypasses (no regressions)Documentation
Updated:
policy-schema.md,commands.md,governance.md,repo-shapes.mdCloses #1620