fix: remove trailing whitespace in agent-os (#739)

ruff --fix --unsafe-fixes for W293 across 7 files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

packages/agent-marketplace/src/agent_marketplace/__init__.py

@@ -20,9 +20,17 @@
     ComplianceResult,
     MCPServerPolicy,
     MarketplacePolicy,
+    OrgMarketplacePolicy,
     evaluate_plugin_compliance,
     load_marketplace_policy,
 )
+from agent_marketplace.quality_scoring import (
+    PluginQualityProfile,
+    QualityBadge,
+    QualityDimension,
+    QualityScore,
+    QualityStore,
+)
 from agent_marketplace.registry import PluginRegistry
 from agent_marketplace.schema_adapters import (
     ClaudePluginManifest,
@@ -53,13 +61,19 @@
     "MCPServerPolicy",
     "MarketplaceError",
     "MarketplacePolicy",
+    "OrgMarketplacePolicy",
     "PluginInstaller",
     "PluginManifest",
+    "PluginQualityProfile",
     "PluginRegistry",
     "PluginSigner",
     "PluginTrustConfig",
     "PluginTrustStore",
     "PluginType",
+    "QualityBadge",
+    "QualityDimension",
+    "QualityScore",
+    "QualityStore",
     "TRUST_TIERS",
     "adapt_to_canonical",
     "compute_initial_score",

packages/agent-marketplace/src/agent_marketplace/manifest.py

@@ -62,6 +62,10 @@ class PluginManifest(BaseModel):
         None, description="Minimum AgentMesh version required"
     )
     signature: Optional[str] = Field(None, description="Base64-encoded Ed25519 signature")
+    organization: Optional[str] = Field(
+        None,
+        description="Owning organization (None = global/shared plugin)",
+    )
 
     @field_validator("name")
     @classmethod

packages/agent-marketplace/src/agent_marketplace/marketplace_policy.py

@@ -6,11 +6,13 @@
 Defines marketplace-level policies for MCP server allowlist/blocklist
 enforcement, plugin type restrictions, and signature requirements.
 Operators can declare which MCP servers are permitted for plugins.
+Supports organization-scoped policy overrides (Issues #733, #737).
 """
 
 from __future__ import annotations
 
 import logging
+from dataclasses import dataclass, field
 from pathlib import Path
 from typing import Optional
 
@@ -58,6 +60,16 @@ def validate_mode(cls, v: str) -> str:
         return v
 
 
+@dataclass
+class OrgMarketplacePolicy:
+    """Organization-scoped marketplace policy that inherits from enterprise base."""
+
+    organization: str
+    additional_allowed_plugin_types: list[str] = field(default_factory=list)
+    additional_blocked_plugins: list[str] = field(default_factory=list)
+    mcp_server_overrides: MCPServerPolicy | None = None
+
+
 class MarketplacePolicy(BaseModel):
     """Top-level marketplace policy controlling plugin admission."""
 
@@ -73,6 +85,73 @@ class MarketplacePolicy(BaseModel):
         False,
         description="Require Ed25519 signatures on all plugins",
     )
+    org_policies: dict[str, OrgMarketplacePolicy] = Field(
+        default_factory=dict,
+        description="Organization-scoped policy overrides keyed by org name",
+    )
+    org_mcp_policies: dict[str, MCPServerPolicy] = Field(
+        default_factory=dict,
+        description="Per-organization MCP server policy overrides",
+    )
+
+    def get_effective_policy(self, organization: str | None = None) -> MarketplacePolicy:
+        """Resolve effective policy for an organization (base + org overrides).
+
+        When *organization* is ``None`` or the org has no overrides, the base
+        enterprise policy is returned unchanged.  Otherwise the base policy is
+        merged with the org-specific additions.
+        """
+        if organization is None or organization not in self.org_policies:
+            return self
+
+        org = self.org_policies[organization]
+
+        # Merge allowed plugin types: base + org additions
+        merged_types = self.allowed_plugin_types
+        if merged_types is not None and org.additional_allowed_plugin_types:
+            merged_types = list(set(merged_types + org.additional_allowed_plugin_types))
+
+        # Merge MCP server policy if org has overrides
+        merged_mcp = org.mcp_server_overrides if org.mcp_server_overrides else self.mcp_servers
+
+        return MarketplacePolicy(
+            mcp_servers=merged_mcp,
+            allowed_plugin_types=merged_types,
+            require_signature=self.require_signature,
+        )
+
+    def get_effective_mcp_policy(self, organization: str | None = None) -> MCPServerPolicy:
+        """Get effective MCP server policy for an organization.
+
+        Org policies inherit from the base (enterprise) MCP policy.
+        Org can add to allowlist but cannot remove base restrictions.
+        """
+        base = self.mcp_servers
+        if organization is None or organization not in self.org_mcp_policies:
+            return base
+        org = self.org_mcp_policies[organization]
+        # Merge: org inherits base restrictions, can add more allowed servers
+        if base.mode == "blocklist":
+            # Org cannot un-block servers blocked at enterprise level
+            merged_blocked = list(set(base.blocked + org.blocked))
+            merged_allowed = [s for s in org.allowed if s not in base.blocked]
+            return MCPServerPolicy(
+                mode=base.mode,
+                blocked=merged_blocked,
+                allowed=merged_allowed,
+                require_declaration=base.require_declaration or org.require_declaration,
+            )
+        else:  # allowlist
+            # Org can only allow servers already in the enterprise allowlist
+            merged_allowed = (
+                [s for s in org.allowed if s in base.allowed] if base.allowed else org.allowed
+            )
+            return MCPServerPolicy(
+                mode=base.mode,
+                allowed=merged_allowed or base.allowed,
+                blocked=list(set(base.blocked + org.blocked)),
+                require_declaration=base.require_declaration or org.require_declaration,
+            )
 
 
 class ComplianceResult(BaseModel):
@@ -125,6 +204,7 @@ def evaluate_plugin_compliance(
     manifest: PluginManifest,
     policy: MarketplacePolicy,
     mcp_servers: list[str] | None = None,
+    organization: str | None = None,
 ) -> ComplianceResult:
     """Check whether a plugin manifest complies with a marketplace policy.
 
@@ -134,6 +214,9 @@ def evaluate_plugin_compliance(
         mcp_servers: Optional list of MCP server names declared by the plugin.
             When ``None``, MCP declaration checks that require a server list
             will flag a violation if ``require_declaration`` is enabled.
+        organization: Optional organization name.  When provided the
+            effective MCP policy is resolved via
+            :meth:`MarketplacePolicy.get_effective_mcp_policy`.
 
     Returns:
         A :class:`ComplianceResult` indicating compliance status and any
@@ -155,8 +238,8 @@ def evaluate_plugin_compliance(
                 f"(allowed: {', '.join(policy.allowed_plugin_types)})"
             )
 
-    # -- MCP server policy ----------------------------------------------------
-    mcp_policy = policy.mcp_servers
+    # -- MCP server policy (org-aware) ----------------------------------------
+    mcp_policy = policy.get_effective_mcp_policy(organization)
 
     if mcp_policy.require_declaration and mcp_servers is None:
         violations.append(

packages/agent-marketplace/src/agent_marketplace/quality_scoring.py

@@ -0,0 +1,118 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""Plugin quality scoring model — separate from trust/compliance scoring.
+
+Trust tiers answer 'is this plugin safe?'
+Quality scoring answers 'is this plugin good?'
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from enum import Enum
+
+
+class QualityDimension(str, Enum):
+    """Dimensions along which plugin quality is assessed."""
+
+    DOCUMENTATION = "documentation"
+    TEST_COVERAGE = "test_coverage"
+    OUTPUT_ACCURACY = "output_accuracy"
+    RELIABILITY = "reliability"
+    PERFORMANCE = "performance"
+    USER_SATISFACTION = "user_satisfaction"
+
+
+class QualityBadge(str, Enum):
+    """Badge tiers awarded based on overall quality score."""
+
+    UNRATED = "unrated"
+    BRONZE = "bronze"
+    SILVER = "silver"
+    GOLD = "gold"
+    PLATINUM = "platinum"
+
+
+@dataclass
+class QualityScore:
+    """Quality assessment for a single dimension."""
+
+    dimension: QualityDimension
+    score: float  # 0.0 to 1.0
+    evidence: str = ""
+    assessed_at: str = ""
+
+
+@dataclass
+class PluginQualityProfile:
+    """Aggregated quality profile for a plugin."""
+
+    plugin_name: str
+    plugin_version: str
+    scores: list[QualityScore] = field(default_factory=list)
+
+    @property
+    def overall_score(self) -> float:
+        """Return the mean score across all assessed dimensions."""
+        if not self.scores:
+            return 0.0
+        return sum(s.score for s in self.scores) / len(self.scores)
+
+    @property
+    def badge(self) -> QualityBadge:
+        """Derive a badge from the overall score."""
+        score = self.overall_score
+        if score >= 0.9:
+            return QualityBadge.PLATINUM
+        elif score >= 0.75:
+            return QualityBadge.GOLD
+        elif score >= 0.6:
+            return QualityBadge.SILVER
+        elif score >= 0.4:
+            return QualityBadge.BRONZE
+        return QualityBadge.UNRATED
+
+    def get_score(self, dimension: QualityDimension) -> float | None:
+        """Return the score for a specific dimension, or ``None`` if unrated."""
+        for s in self.scores:
+            if s.dimension == dimension:
+                return s.score
+        return None
+
+
+@dataclass
+class QualityStore:
+    """In-memory store for plugin quality profiles."""
+
+    _profiles: dict[str, PluginQualityProfile] = field(default_factory=dict)
+
+    def _key(self, name: str, version: str) -> str:
+        return f"{name}@{version}"
+
+    def record_score(
+        self,
+        plugin_name: str,
+        plugin_version: str,
+        score: QualityScore,
+    ) -> None:
+        """Record (or update) a quality score for a plugin dimension."""
+        key = self._key(plugin_name, plugin_version)
+        if key not in self._profiles:
+            self._profiles[key] = PluginQualityProfile(
+                plugin_name=plugin_name, plugin_version=plugin_version
+            )
+        profile = self._profiles[key]
+        # Update existing dimension or add new
+        profile.scores = [s for s in profile.scores if s.dimension != score.dimension]
+        profile.scores.append(score)
+
+    def get_profile(
+        self, plugin_name: str, plugin_version: str
+    ) -> PluginQualityProfile | None:
+        """Retrieve the quality profile for a specific plugin version."""
+        return self._profiles.get(self._key(plugin_name, plugin_version))
+
+    def get_badge(self, plugin_name: str, plugin_version: str) -> QualityBadge:
+        """Return the quality badge for a plugin, defaulting to UNRATED."""
+        profile = self.get_profile(plugin_name, plugin_version)
+        return profile.badge if profile else QualityBadge.UNRATED

packages/agent-marketplace/src/agent_marketplace/registry.py

@@ -17,6 +17,7 @@
 from agent_marketplace.manifest import MarketplaceError, PluginManifest, PluginType
 from agent_marketplace.marketplace_policy import (
     MarketplacePolicy,
+    OrgMarketplacePolicy,
     evaluate_plugin_compliance,
 )
 
@@ -57,20 +58,23 @@ def register(
         self,
         manifest: PluginManifest,
         mcp_servers: list[str] | None = None,
+        organization: str | None = None,
     ) -> None:
         """Register a plugin manifest.
 
         Args:
             manifest: The manifest to register.
             mcp_servers: Optional list of MCP server names declared by the plugin.
+            organization: Optional organization context for org-scoped policy checks.
 
         Raises:
             MarketplaceError: If the exact name+version already exists or the
                 plugin does not comply with the marketplace policy.
         """
         if self._marketplace_policy is not None:
             result = evaluate_plugin_compliance(
-                manifest, self._marketplace_policy, mcp_servers
+                manifest, self._marketplace_policy, mcp_servers,
+                organization=organization,
             )
             if not result.compliant:
                 raise MarketplaceError(
@@ -173,6 +177,26 @@ def list_plugins(self, type_filter: Optional[PluginType] = None) -> list[PluginM
                 results.append(latest)
         return results
 
+    def list_for_organization(self, organization: str) -> list[PluginManifest]:
+        """List plugins visible to an organization (org-specific + global).
+
+        A plugin is visible to an organization when its ``organization``
+        field is ``None`` (global) or matches the given *organization*.
+
+        Args:
+            organization: Organization name to filter by.
+
+        Returns:
+            List of matching manifests (all versions).
+        """
+        results: list[PluginManifest] = []
+        for name in self._plugins:
+            for version in self._plugins[name]:
+                manifest = self._plugins[name][version]
+                if manifest.organization is None or manifest.organization == organization:
+                    results.append(manifest)
+        return results
+
     # ------------------------------------------------------------------
     # Persistence
     # ------------------------------------------------------------------