Toolkit enforces a trust-first model with policy gates, whitelist verification, and quarantine controls.
- Never commit secrets; keep credentials in
.env.localor GitHub Actions secrets. - Use
config/security-policy.jsonfor risk thresholds and gate behavior. - Keep daily whitelist verification reports in
data/security-reports/. - Treat quarantine state as authoritative for blocking recommendations/installs.
- Review and rotate signing/integrity controls quarterly.
| Tier | Score | Default install policy |
|---|---|---|
| low | 0-24 | allow |
| medium | 25-49 | allow with warning |
| high | 50-74 | block |
| critical | 75-100 | block |
Use --override-risk only for explicit risk acceptance.
Toolkit attaches source-confidence metadata and penalties during ranking:
official: vendor/public-index feeds (no extra source penalty).vetted-curated: curated community manifests (small trust penalty).scraped: connector scrape-derived entries (extra trust penalty + stricter review expectations).
Additional safeguards for scrape-enabled plugin ingestion:
- Host allowlist for plugin/MCP remotes.
- HTTPS URL enforcement.
- Input sanitization and duplicate ID rejection.
- Fallback to local/last-good data when remote fetch/parsing fails.
Copilot app-type extension deprecation context:
- GitHub announced app-type Copilot extensions deprecation on September 4, 2025.
- Toolkit currently ingests marketplace manifests and marks provenance so teams can govern migration risk explicitly.
- Scoring details:
scoring.md - Threat model:
threat-model.md - Daily quarantine automation:
../ci/daily-quarantine.md