392 lines
12 KiB
JSON
392 lines
12 KiB
JSON
{
|
|
"schema_version": "1.0",
|
|
"ok": true,
|
|
"skill_dir": ".",
|
|
"package_dir": "tests/tmp_review_studio/dist",
|
|
"expected_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"summary": {
|
|
"target_count": 4,
|
|
"pass_count": 4,
|
|
"fail_count": 0,
|
|
"native_enforcement_count": 0,
|
|
"metadata_fallback_count": 4,
|
|
"residual_risk_count": 4,
|
|
"required_capability_count": 3,
|
|
"failure_count": 0,
|
|
"installer_enforcement_source_status": "present",
|
|
"installer_enforcement_target_count": 4,
|
|
"installer_enforcement_pass_count": 4,
|
|
"installer_permission_enforced_count": 12,
|
|
"installer_permission_failure_count": 0,
|
|
"installer_permission_capability_count": 3,
|
|
"world_class_native_evidence_ready": false,
|
|
"installer_enforcement_ready": true
|
|
},
|
|
"installer_enforcement": {
|
|
"source": "reports/install_simulation.json",
|
|
"source_status": "present",
|
|
"package_dir_matches": true,
|
|
"summary": {
|
|
"installer_permission_enforced_count": 12,
|
|
"installer_permission_failure_count": 0,
|
|
"permission_target_count": 4,
|
|
"permission_capability_count": 3,
|
|
"failure_count": 0
|
|
}
|
|
},
|
|
"targets": [
|
|
{
|
|
"target": "openai",
|
|
"status": "pass",
|
|
"adapter": "tests/tmp_review_studio/dist/targets/openai/adapter.json",
|
|
"permission_model": "metadata-only",
|
|
"native_enforcement": false,
|
|
"metadata_fallback_explicit": true,
|
|
"installer_enforcement": {
|
|
"target": "openai",
|
|
"source_status": "present",
|
|
"enforced": true,
|
|
"enforced_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"missing_capabilities": [],
|
|
"failure_details": []
|
|
},
|
|
"assurance": "metadata-fallback-explicit",
|
|
"declared_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"checks": [
|
|
{
|
|
"key": "adapter-present",
|
|
"passed": true,
|
|
"detail": "openai adapter.json is readable"
|
|
},
|
|
{
|
|
"key": "permission-contract-present",
|
|
"passed": true,
|
|
"detail": "openai adapter includes permission_contract"
|
|
},
|
|
{
|
|
"key": "target-contract-present",
|
|
"passed": true,
|
|
"detail": "openai adapter includes target_permission_contract"
|
|
},
|
|
{
|
|
"key": "source-available",
|
|
"passed": true,
|
|
"detail": "openai permission_contract links to an available trust report"
|
|
},
|
|
{
|
|
"key": "declared-capabilities-match",
|
|
"passed": true,
|
|
"detail": "openai target_permission_contract mirrors expected capabilities"
|
|
},
|
|
{
|
|
"key": "capability-counts-present",
|
|
"passed": true,
|
|
"detail": "openai target_permission_contract includes capability_counts"
|
|
},
|
|
{
|
|
"key": "native-enforcement-boolean",
|
|
"passed": true,
|
|
"detail": "openai target_permission_contract declares native_enforcement as a boolean"
|
|
},
|
|
{
|
|
"key": "representation-present",
|
|
"passed": true,
|
|
"detail": "openai target_permission_contract declares where permission metadata is represented"
|
|
},
|
|
{
|
|
"key": "operator-note-present",
|
|
"passed": true,
|
|
"detail": "openai target_permission_contract includes an operator_note"
|
|
},
|
|
{
|
|
"key": "review-required-matches",
|
|
"passed": true,
|
|
"detail": "openai review_required matches whether capabilities are required"
|
|
},
|
|
{
|
|
"key": "openai-yaml-present",
|
|
"passed": true,
|
|
"detail": "OpenAI permission metadata YAML is readable"
|
|
},
|
|
{
|
|
"key": "openai-yaml-permissions",
|
|
"passed": true,
|
|
"detail": "OpenAI YAML permission contract mirrors expected capabilities"
|
|
},
|
|
{
|
|
"key": "openai-yaml-native-flag",
|
|
"passed": true,
|
|
"detail": "OpenAI YAML declares native_enforcement as a boolean"
|
|
}
|
|
],
|
|
"failures": [],
|
|
"residual_risks": [
|
|
"Client-native permission enforcement is not provided by this target; installer or operator must honor metadata."
|
|
]
|
|
},
|
|
{
|
|
"target": "claude",
|
|
"status": "pass",
|
|
"adapter": "tests/tmp_review_studio/dist/targets/claude/adapter.json",
|
|
"permission_model": "neutral-source-plus-adapter",
|
|
"native_enforcement": false,
|
|
"metadata_fallback_explicit": true,
|
|
"installer_enforcement": {
|
|
"target": "claude",
|
|
"source_status": "present",
|
|
"enforced": true,
|
|
"enforced_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"missing_capabilities": [],
|
|
"failure_details": []
|
|
},
|
|
"assurance": "metadata-fallback-explicit",
|
|
"declared_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"checks": [
|
|
{
|
|
"key": "adapter-present",
|
|
"passed": true,
|
|
"detail": "claude adapter.json is readable"
|
|
},
|
|
{
|
|
"key": "permission-contract-present",
|
|
"passed": true,
|
|
"detail": "claude adapter includes permission_contract"
|
|
},
|
|
{
|
|
"key": "target-contract-present",
|
|
"passed": true,
|
|
"detail": "claude adapter includes target_permission_contract"
|
|
},
|
|
{
|
|
"key": "source-available",
|
|
"passed": true,
|
|
"detail": "claude permission_contract links to an available trust report"
|
|
},
|
|
{
|
|
"key": "declared-capabilities-match",
|
|
"passed": true,
|
|
"detail": "claude target_permission_contract mirrors expected capabilities"
|
|
},
|
|
{
|
|
"key": "capability-counts-present",
|
|
"passed": true,
|
|
"detail": "claude target_permission_contract includes capability_counts"
|
|
},
|
|
{
|
|
"key": "native-enforcement-boolean",
|
|
"passed": true,
|
|
"detail": "claude target_permission_contract declares native_enforcement as a boolean"
|
|
},
|
|
{
|
|
"key": "representation-present",
|
|
"passed": true,
|
|
"detail": "claude target_permission_contract declares where permission metadata is represented"
|
|
},
|
|
{
|
|
"key": "operator-note-present",
|
|
"passed": true,
|
|
"detail": "claude target_permission_contract includes an operator_note"
|
|
},
|
|
{
|
|
"key": "review-required-matches",
|
|
"passed": true,
|
|
"detail": "claude review_required matches whether capabilities are required"
|
|
}
|
|
],
|
|
"failures": [],
|
|
"residual_risks": [
|
|
"Client-native permission enforcement is not provided by this target; installer or operator must honor metadata."
|
|
]
|
|
},
|
|
{
|
|
"target": "generic",
|
|
"status": "pass",
|
|
"adapter": "tests/tmp_review_studio/dist/targets/generic/adapter.json",
|
|
"permission_model": "agent-skills-compatible-metadata",
|
|
"native_enforcement": false,
|
|
"metadata_fallback_explicit": true,
|
|
"installer_enforcement": {
|
|
"target": "generic",
|
|
"source_status": "present",
|
|
"enforced": true,
|
|
"enforced_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"missing_capabilities": [],
|
|
"failure_details": []
|
|
},
|
|
"assurance": "metadata-fallback-explicit",
|
|
"declared_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"checks": [
|
|
{
|
|
"key": "adapter-present",
|
|
"passed": true,
|
|
"detail": "generic adapter.json is readable"
|
|
},
|
|
{
|
|
"key": "permission-contract-present",
|
|
"passed": true,
|
|
"detail": "generic adapter includes permission_contract"
|
|
},
|
|
{
|
|
"key": "target-contract-present",
|
|
"passed": true,
|
|
"detail": "generic adapter includes target_permission_contract"
|
|
},
|
|
{
|
|
"key": "source-available",
|
|
"passed": true,
|
|
"detail": "generic permission_contract links to an available trust report"
|
|
},
|
|
{
|
|
"key": "declared-capabilities-match",
|
|
"passed": true,
|
|
"detail": "generic target_permission_contract mirrors expected capabilities"
|
|
},
|
|
{
|
|
"key": "capability-counts-present",
|
|
"passed": true,
|
|
"detail": "generic target_permission_contract includes capability_counts"
|
|
},
|
|
{
|
|
"key": "native-enforcement-boolean",
|
|
"passed": true,
|
|
"detail": "generic target_permission_contract declares native_enforcement as a boolean"
|
|
},
|
|
{
|
|
"key": "representation-present",
|
|
"passed": true,
|
|
"detail": "generic target_permission_contract declares where permission metadata is represented"
|
|
},
|
|
{
|
|
"key": "operator-note-present",
|
|
"passed": true,
|
|
"detail": "generic target_permission_contract includes an operator_note"
|
|
},
|
|
{
|
|
"key": "review-required-matches",
|
|
"passed": true,
|
|
"detail": "generic review_required matches whether capabilities are required"
|
|
}
|
|
],
|
|
"failures": [],
|
|
"residual_risks": [
|
|
"Client-native permission enforcement is not provided by this target; installer or operator must honor metadata."
|
|
]
|
|
},
|
|
{
|
|
"target": "vscode",
|
|
"status": "pass",
|
|
"adapter": "tests/tmp_review_studio/dist/targets/vscode/adapter.json",
|
|
"permission_model": "vscode-workspace-trust-plus-metadata",
|
|
"native_enforcement": false,
|
|
"metadata_fallback_explicit": true,
|
|
"installer_enforcement": {
|
|
"target": "vscode",
|
|
"source_status": "present",
|
|
"enforced": true,
|
|
"enforced_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"missing_capabilities": [],
|
|
"failure_details": []
|
|
},
|
|
"assurance": "metadata-fallback-explicit",
|
|
"declared_capabilities": [
|
|
"file_write",
|
|
"network",
|
|
"subprocess"
|
|
],
|
|
"checks": [
|
|
{
|
|
"key": "adapter-present",
|
|
"passed": true,
|
|
"detail": "vscode adapter.json is readable"
|
|
},
|
|
{
|
|
"key": "permission-contract-present",
|
|
"passed": true,
|
|
"detail": "vscode adapter includes permission_contract"
|
|
},
|
|
{
|
|
"key": "target-contract-present",
|
|
"passed": true,
|
|
"detail": "vscode adapter includes target_permission_contract"
|
|
},
|
|
{
|
|
"key": "source-available",
|
|
"passed": true,
|
|
"detail": "vscode permission_contract links to an available trust report"
|
|
},
|
|
{
|
|
"key": "declared-capabilities-match",
|
|
"passed": true,
|
|
"detail": "vscode target_permission_contract mirrors expected capabilities"
|
|
},
|
|
{
|
|
"key": "capability-counts-present",
|
|
"passed": true,
|
|
"detail": "vscode target_permission_contract includes capability_counts"
|
|
},
|
|
{
|
|
"key": "native-enforcement-boolean",
|
|
"passed": true,
|
|
"detail": "vscode target_permission_contract declares native_enforcement as a boolean"
|
|
},
|
|
{
|
|
"key": "representation-present",
|
|
"passed": true,
|
|
"detail": "vscode target_permission_contract declares where permission metadata is represented"
|
|
},
|
|
{
|
|
"key": "operator-note-present",
|
|
"passed": true,
|
|
"detail": "vscode target_permission_contract includes an operator_note"
|
|
},
|
|
{
|
|
"key": "review-required-matches",
|
|
"passed": true,
|
|
"detail": "vscode review_required matches whether capabilities are required"
|
|
}
|
|
],
|
|
"failures": [],
|
|
"residual_risks": [
|
|
"Client-native permission enforcement is not provided by this target; installer or operator must honor metadata."
|
|
]
|
|
}
|
|
],
|
|
"failures": [],
|
|
"artifacts": {
|
|
"json": "reports/runtime_permission_probes.json",
|
|
"markdown": "reports/runtime_permission_probes.md"
|
|
}
|
|
}
|