hashgraph-online
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 16 additions & 0 deletions b/‎README.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎docs/trust/mcp-trust-draft.md‎
Lines changed: 45 additions & 0 deletions b/‎docs/trust/mcp-trust-draft.md‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎docs/trust/plugin-trust-draft.md‎
Lines changed: 54 additions & 0 deletions b/‎docs/trust/plugin-trust-draft.md‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎docs/trust/skill-trust-local.md‎
Lines changed: 59 additions & 0 deletions b/‎docs/trust/skill-trust-local.md‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 2 additions & 0 deletions b/‎pyproject.toml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎schemas/plugin-quality.v1.json‎
Lines changed: 17 additions & 1 deletion b/‎schemas/plugin-quality.v1.json‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎schemas/scan-result.v1.json‎
Lines changed: 75 additions & 1 deletion b/‎schemas/scan-result.v1.json‎
Lines changed: 75 additions & 1 deletion
diff --git a/‎src/codex_plugin_scanner/cli.py‎
Lines changed: 16 additions & 2 deletions b/‎src/codex_plugin_scanner/cli.py‎
Lines changed: 16 additions & 2 deletions
@@ -23,8 +23,8 @@ jobs:
         with:
           enable-cache: true
       - run: uv sync --frozen --extra dev --python ${{ matrix.python-version }}
-      - run: uv run --no-sync ruff check src/
-      - run: uv run --no-sync ruff format --check src/
+      - run: uv run --no-sync python -m ruff check src/
+      - run: uv run --no-sync python -m ruff format --check src/
       - run: uv run --no-sync pytest --tb=short
 
   cross-platform:
 
@@ -45,6 +45,22 @@ If your repository uses a Codex marketplace root like `.agents/plugins/marketpla
 
 The score remains available as a trust and triage signal, but the primary workflow is **preflight + CI gating + publish readiness**.
 
+## Trust Score Provenance
+
+The scanner now emits explicit trust provenance alongside the quality grade:
+
+- bundled skills inherit the live HOL broker adapter model from HCS-28 and HCS-26 alignment work
+- MCP configuration trust is documented in a local draft spec
+- top-level Codex plugin trust is documented in a local draft spec
+
+Current local specs:
+
+- [Skill Trust Local Draft](docs/trust/skill-trust-local.md)
+- [MCP Trust Draft](docs/trust/mcp-trust-draft.md)
+- [Codex Plugin Trust Draft](docs/trust/plugin-trust-draft.md)
+
+This keeps the quality grade and the trust score separate. Signals like `SECURITY.md` are still visible, but their trust weight is now explicit instead of being inferred from raw category points.
+
 ## Quick Start For Contributors
 
 ```bash
 
@@ -0,0 +1,45 @@
+# HOL-HCS-MCP-TRUST-DRAFT
+
+## Scope
+
+This local draft defines trust attribution for Codex plugin `.mcp.json` configuration.
+
+## Goals
+
+- explain how MCP trust is derived
+- separate MCP trust from the broader plugin quality grade
+- make transport and execution risk explicit instead of burying it in category points
+
+## Adapters
+
+### `verification` weight `1.0`
+
+Internal component weights:
+
+- `configIntegrity`: `40`
+- `executionSafety`: `35`
+- `transportSecurity`: `25`
+
+Signal mapping:
+
+- `configIntegrity`: `.mcp.json` parses and exposes expected top-level containers
+- `executionSafety`: local MCP commands avoid dangerous execution patterns
+- `transportSecurity`: remote MCP endpoints remain on HTTPS
+
+### `metadata` weight `0.75`
+
+Internal component weights:
+
+- `serverNaming`: `25`
+- `commandOrEndpoint`: `45`
+- `configShape`: `30`
+
+Signal mapping:
+
+- `serverNaming`: MCP surfaces are explicitly named
+- `commandOrEndpoint`: every MCP surface declares a concrete command or endpoint
+- `configShape`: local arguments and remote entries follow the expected shape
+
+## Normalization
+
+The scanner emits a weighted adapter `score` plus component-level evidence, then normalizes the adapter total as the average of declared components. The final MCP trust score is the weighted average of adapter totals.
@@ -0,0 +1,54 @@
+# HOL-HCS-CODEX-PLUGIN-TRUST-DRAFT
+
+## Scope
+
+This local draft defines trust attribution for top-level Codex plugins.
+
+## Why this exists
+
+The scanner’s quality grade remains useful for gating, but it is not a trust specification. This draft explains how the scanner computes a separate plugin trust score with explicit weights and named evidence so contributors can see exactly how signals such as `SECURITY.md` affect the outcome.
+
+## Adapters
+
+### `verification` weight `1.0`
+
+Internal component weights:
+
+- `manifestIntegrity`: `35`
+- `interfaceIntegrity`: `25`
+- `pathSafety`: `20`
+- `marketplaceAlignment`: `20`
+
+### `security` weight `1.0`
+
+Internal component weights:
+
+- `disclosure`: `15`
+- `license`: `10`
+- `secretHygiene`: `35`
+- `mcpSafety`: `20`
+- `approvalHygiene`: `20`
+
+`SECURITY.md` is deliberately only one small part of the security adapter. It is not intended to dominate trust on its own.
+
+### `metadata` weight `0.75`
+
+Internal component weights:
+
+- `documentation`: `20`
+- `manifestMetadata`: `35`
+- `discoverability`: `20`
+- `provenance`: `25`
+
+### `operations` weight `0.75`
+
+Internal component weights:
+
+- `actionPinning`: `35`
+- `permissionScope`: `20`
+- `untrustedCheckout`: `25`
+- `updateAutomation`: `20`
+
+## Normalization
+
+The scanner emits a weighted adapter `score` plus component-level evidence, then normalizes the adapter total as the average of declared components. The final plugin trust score is the weighted average of adapter totals.
@@ -0,0 +1,59 @@
+# HOL-HCS-28-SKILL-TRUST-LOCAL-DRAFT
+
+## Scope
+
+This local draft defines how `codex-plugin-scanner` attributes trust to bundled Codex skills before those skills are published into the HOL skill registry.
+
+## Provenance
+
+This model inherits its adapter shape and weights from the live HOL broker implementation that scores published HCS-26 skills:
+
+- `verified` adapter weight: `1.0`
+- `safety` adapter weight: `1.0`
+- `metadata` adapter weight: `0.75`
+
+The scanner keeps those adapter weights and component names so local scores can be compared to registry scores later. It does not use registry cohort normalization locally because a single plugin checkout has no comparable cohort.
+
+## Adapter definitions
+
+### `verified`
+
+Internal component weights:
+
+- `publisherBound`: `20`
+- `repoCommitIntegrity`: `40`
+- `manifestIntegrity`: `30`
+- `domainProof`: `10`
+
+Local mapping:
+
+- `publisherBound`: plugin author metadata exists for the bundled skill package
+- `repoCommitIntegrity`: repository metadata plus semver version exists locally
+- `manifestIntegrity`: every bundled `SKILL.md` parses frontmatter with required fields
+- `domainProof`: homepage and repository hosts align
+
+### `safety`
+
+- single `score` component
+- backed by Cisco skill scanning when available
+- falls back to a neutral local score when the optional Cisco dependency is unavailable
+
+### `metadata`
+
+Internal component weights:
+
+- `links`: `30`
+- `description`: `25`
+- `taxonomy`: `20`
+- `provenance`: `25`
+
+Local mapping:
+
+- `links`: homepage and repository metadata for the bundled skill package
+- `description`: average bundled skill description quality
+- `taxonomy`: category and tag coverage
+- `provenance`: repository and version provenance present locally
+
+## Normalization
+
+Each adapter emits a weighted `score` plus component-level signals. The scanner normalizes the adapter the same way the broker does today: it averages the declared adapter components, then computes the final trust total as the weighted average of adapter totals.
@@ -58,9 +58,11 @@ Issues = "https://github.com/hashgraph-online/codex-plugin-scanner/issues"
 [tool.ruff]
 target-version = "py310"
 line-length = 120
+extend-exclude = ["tests/test-trust-scoring.py", "tests/test-trust-specs.py"]
 
 [tool.ruff.lint]
 select = ["E", "F", "W", "I", "N", "UP", "B", "A", "SIM", "RUF"]
 
 [tool.pytest.ini_options]
 testpaths = ["tests"]
+python_files = ["test_*.py"]
@@ -46,7 +46,7 @@
     "scan": {
       "type": "object",
       "additionalProperties": false,
-      "required": ["score", "raw_score", "effective_score", "grade", "findings_total", "severity_counts"],
+      "required": ["score", "raw_score", "effective_score", "grade", "findings_total", "severity_counts", "trust"],
       "properties": {
         "score": {"type": "integer", "minimum": 0, "maximum": 100},
         "raw_score": {"type": "integer", "minimum": 0, "maximum": 100},
@@ -64,6 +64,22 @@
             "low": {"type": "integer", "minimum": 0},
             "info": {"type": "integer", "minimum": 0}
           }
+        },
+        "trust": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["total", "domains"],
+          "properties": {
+            "total": {"type": "number", "minimum": 0, "maximum": 100},
+            "domains": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": ["domain", "label", "score", "spec", "adapters"],
+                "additionalProperties": true
+              }
+            }
+          }
         }
       }
     },
 
@@ -15,6 +15,7 @@
     "effective_score",
     "grade",
     "summary",
+    "trust",
     "categories",
     "findings",
     "timestamp",
@@ -81,6 +82,9 @@
         }
       }
     },
+    "trust": {
+      "$ref": "#/$defs/trustReport"
+    },
     "categories": {
       "type": "array",
       "items": {
@@ -224,12 +228,13 @@
     "pluginSummary": {
       "type": "object",
       "additionalProperties": false,
-      "required": ["name", "pluginDir", "score", "grade", "summary"],
+      "required": ["name", "pluginDir", "score", "grade", "trust", "summary"],
       "properties": {
         "name": {"type": "string", "minLength": 1},
         "pluginDir": {"type": "string", "minLength": 1},
         "score": {"type": "integer", "minimum": 0, "maximum": 100},
         "grade": {"type": "string", "enum": ["A", "B", "C", "D", "F"]},
+        "trust": {"$ref": "#/$defs/trustReport"},
         "summary": {
           "type": "object",
           "additionalProperties": false,
@@ -244,6 +249,75 @@
         }
       }
     },
+    "trustComponent": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["key", "score", "rationale", "evidence"],
+      "properties": {
+        "key": {"type": "string", "minLength": 1},
+        "score": {"type": "number", "minimum": 0, "maximum": 100},
+        "rationale": {"type": "string", "minLength": 1},
+        "evidence": {
+          "type": "array",
+          "items": {"type": "string"}
+        }
+      }
+    },
+    "trustAdapter": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["id", "label", "weight", "score", "components"],
+      "properties": {
+        "id": {"type": "string", "minLength": 1},
+        "label": {"type": "string", "minLength": 1},
+        "weight": {"type": "number", "minimum": 0},
+        "score": {"type": "number", "minimum": 0, "maximum": 100},
+        "components": {
+          "type": "array",
+          "items": {"$ref": "#/$defs/trustComponent"}
+        }
+      }
+    },
+    "trustDomain": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["domain", "label", "score", "spec", "adapters"],
+      "properties": {
+        "domain": {"type": "string", "minLength": 1},
+        "label": {"type": "string", "minLength": 1},
+        "score": {"type": "number", "minimum": 0, "maximum": 100},
+        "spec": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["id", "version", "path", "derivedFrom"],
+          "properties": {
+            "id": {"type": "string", "minLength": 1},
+            "version": {"type": "string", "minLength": 1},
+            "path": {"type": "string", "minLength": 1},
+            "derivedFrom": {
+              "type": "array",
+              "items": {"type": "string", "minLength": 1}
+            }
+          }
+        },
+        "adapters": {
+          "type": "array",
+          "items": {"$ref": "#/$defs/trustAdapter"}
+        }
+      }
+    },
+    "trustReport": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["total", "domains"],
+      "properties": {
+        "total": {"type": "number", "minimum": 0, "maximum": 100},
+        "domains": {
+          "type": "array",
+          "items": {"$ref": "#/$defs/trustDomain"}
+        }
+      }
+    },
     "skippedTarget": {
       "type": "object",
       "additionalProperties": false,
 
@@ -26,26 +26,35 @@
 
 def _build_plain_text(result) -> str:
     if getattr(result, "scope", "plugin") == "repository":
+        trust_total = result.trust_report.total if getattr(result, "trust_report", None) else 0.0
         lines = [
             f"🔗 Codex Plugin Scanner v{__version__}",
             f"Scanning repository: {result.plugin_dir}",
             f"Marketplace: {result.marketplace_file or 'not found'}",
             f"Local plugins scanned: {len(result.plugin_results)}",
             f"Skipped marketplace entries: {len(result.skipped_targets)}",
+            f"Trust: {trust_total}/100",
             "",
             "Per-plugin scores:",
         ]
         for plugin in result.plugin_results:
             plugin_name = plugin.plugin_name or Path(plugin.plugin_dir).name
-            lines.append(f"  - {plugin_name}: {plugin.score}/100 ({plugin.grade})")
+            plugin_trust = plugin.trust_report.total if getattr(plugin, "trust_report", None) else 0.0
+            lines.append(f"  - {plugin_name}: {plugin.score}/100 ({plugin.grade}), trust {plugin_trust}/100")
         if result.skipped_targets:
             lines += ["", "Skipped entries:"]
             for skipped in result.skipped_targets:
                 source_path = f" [{skipped.source_path}]" if skipped.source_path else ""
                 lines.append(f"  - {skipped.name}{source_path}: {skipped.reason}")
         lines.append("")
     else:
-        lines = [f"🔗 Codex Plugin Scanner v{__version__}", f"Scanning: {result.plugin_dir}", ""]
+        trust_total = result.trust_report.total if getattr(result, "trust_report", None) else 0.0
+        lines = [
+            f"🔗 Codex Plugin Scanner v{__version__}",
+            f"Scanning: {result.plugin_dir}",
+            f"Trust: {trust_total}/100",
+            "",
+        ]
     for category in result.categories:
         cat_score = sum(c.points for c in category.checks)
         cat_max = sum(c.max_points for c in category.checks)
@@ -57,6 +66,11 @@ def _build_plain_text(result) -> str:
         lines.append("")
     counts = ", ".join(f"{severity.value}:{result.severity_counts.get(severity.value, 0)}" for severity in Severity)
     lines += [f"Findings: {counts}", ""]
+    if getattr(result, "trust_report", None) and result.trust_report.domains:
+        lines.append("Trust Provenance:")
+        for domain in result.trust_report.domains:
+            lines.append(f"  - {domain.label}: {domain.score}/100 ({domain.spec_id})")
+        lines.append("")
     separator = "━" * 37
     label = GRADE_LABELS.get(result.grade, "Unknown")
     lines += [separator, f"Final Score: {result.score}/100 ({result.grade} - {label})", separator]