-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmissing-implementations.json
More file actions
119 lines (119 loc) · 5.85 KB
/
missing-implementations.json
File metadata and controls
119 lines (119 loc) · 5.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
{
"meta": {
"generated_at": "2026-03-09T18:41:00Z",
"updated_at": "2026-03-10T00:00:00Z",
"module": "plugins",
"source_paths": [
"src/plugins/",
"include/plugins/"
],
"validated_branch": "develop",
"audit_note": "Reality-check performed during PR copilot/update-documentation-sync-again (2026-03-09). Items 3 and 6 resolved in follow-up audit (2026-03-10)."
},
"missing_implementations": [
{
"id": "PLUGINS-MISSING-001",
"title": "README listed non-existent source files",
"status": "fixed_in_pr",
"fix_note": "README updated to list actual source files",
"criticality": "low"
},
{
"id": "PLUGINS-MISSING-002",
"title": "ROADMAP marked hot-reload as [ ] but implementation is complete",
"status": "fixed_in_pr",
"fix_note": "ROADMAP Phase 2 updated from [ ] to [x] with evidence reference",
"criticality": "low"
},
{
"id": "PLUGINS-MISSING-003",
"title": "Ed25519 manifest signing with key-rotation — manifest_signer.cpp not implemented",
"claim_source": "src/plugins/ROADMAP.md",
"claim_section": "Phase 2: [?] Ed25519 manifest signing workflow",
"expected": "manifest_signer.cpp with key-rotation support",
"observed": "manifest_signer.cpp did not exist; feature was implemented directly in signed_plugin_repository.cpp.",
"status": "resolved",
"resolved_date": "2026-03-10",
"resolution": "signed_plugin_repository.cpp contains full Ed25519 signing via verifyEd25519Signature() (OpenSSL EVP_PKEY). ROADMAP Phase 2 marks [x]. Stubs: 0 in file header confirmed.",
"evidence": {
"files_present": ["src/plugins/signed_plugin_repository.cpp"],
"implementation_note": "verifyEd25519Signature() at line ~304; addPinnedKey/removePinnedKey for key management at lines 99-130"
},
"roadmap_status": "resolved",
"roadmap_marker": "[x]",
"criticality": "high",
"suggested_issue_title": "[plugins] Implement manifest_signer.cpp with Ed25519 key-rotation support",
"suggested_labels": ["type:feature", "priority:high", "plugins", "security", "status:resolved"]
},
{
"id": "PLUGINS-MISSING-004",
"title": "Runtime capability enforcement — post-activation capability escalation not prevented",
"claim_source": "src/plugins/ROADMAP.md",
"claim_section": "Phase 2: [?] Capability-based permission model",
"expected": "Fine-grained capability model: plugins can only use declared capabilities; runtime enforcement prevents post-activation capability escalation",
"observed": "PluginCapabilityNegotiator in plugin_interface.h is implemented; capability negotiation works at load time (plugin_manager.cpp:1288); but no runtime gate on the hot call path prevents plugins from using undeclared capabilities after activation",
"status": "open",
"evidence": {
"files_present": [
"src/plugins/plugin_manager.cpp",
"include/plugins/plugin_interface.h"
],
"implementation_note": "Negotiation at load time; runtime enforcement on call path absent"
},
"roadmap_status": "partial",
"roadmap_marker": "[?]",
"target_date": "Q3 2026",
"criticality": "high",
"suggested_issue_title": "[plugins] Implement runtime capability enforcement to prevent post-activation capability escalation",
"suggested_labels": ["type:security", "priority:high", "plugins", "status:planned"]
},
{
"id": "PLUGINS-MISSING-005",
"title": "WASM sandbox isolation — not implemented",
"claim_source": "src/plugins/ROADMAP.md",
"claim_section": "Phase 3: [?] WebAssembly (WASM) plugin runtime",
"expected": "WASM runtime (Wasmtime or WasmEdge) as alternative to dlopen; memory-safe isolation",
"observed": "No WASM code in src/plugins/; test scaffold exists at tests/test_wasm_plugin_sandbox.cpp",
"status": "open",
"evidence": {
"files_absent": ["src/plugins/wasm_plugin_loader.cpp"],
"test_scaffold": "tests/test_wasm_plugin_sandbox.cpp"
},
"roadmap_status": "planned",
"roadmap_marker": "[?]",
"target_date": "Q3 2027",
"criticality": "medium",
"suggested_issue_title": "[plugins] Implement WASM sandbox runtime via Wasmtime for plugin isolation",
"suggested_labels": ["type:feature", "priority:medium", "plugins", "status:planned"]
},
{
"id": "PLUGINS-MISSING-006",
"title": "Plugin metrics dashboard and health_score gauge",
"claim_source": "src/plugins/FUTURE_ENHANCEMENTS.md",
"claim_section": "Plugin Metrics Dashboard Integration",
"expected": "plugin_health_monitor emits plugin_health_score gauge; Grafana dashboard",
"observed": "plugin_health_monitor.cpp did not emit plugin_health_score gauge; no Grafana dashboard.",
"status": "resolved",
"resolved_date": "2026-03-10",
"resolution": "plugin_health_monitor.cpp line 661 emits setGauge('plugin_health_score', score, {{'plugin', plugin.name}}) via optional IMetrics sink. Grafana dashboard at grafana/dashboards/plugins.json. ROADMAP Phase 3 [x]. Stubs: 0 confirmed.",
"evidence": {
"files_present": [
"src/plugins/plugin_health_monitor.cpp",
"grafana/dashboards/plugins.json"
],
"implementation_line": "plugin_health_monitor.cpp:661"
},
"roadmap_status": "resolved",
"roadmap_marker": "[x]",
"criticality": "medium",
"suggested_issue_title": "[plugins] Wire PluginMetrics to Prometheus scrape endpoint and add plugin_health_score gauge",
"suggested_labels": ["type:feature", "priority:medium", "plugins", "observability", "status:resolved"]
}
],
"summary": {
"total_findings": 6,
"resolved": 4,
"open": 2,
"open_items": ["PLUGINS-MISSING-004 (capability enforcement)", "PLUGINS-MISSING-005 (WASM sandbox)"]
}
}