Module extension_preflight

Structs§

ConfidenceScore: Compatibility confidence score (0..=100).
ExtensionTrustTracker: Mutable trust lifecycle tracker for a single extension.
InstallTimeRiskReport: Composite install-time risk classification report that synthesizes signals from both the compatibility preflight and the security scanner into a single deterministic verdict.
PreflightAnalyzer: Analyzes an extension for compatibility before loading.
PreflightFinding: A single finding from preflight analysis.
PreflightReport: Complete preflight analysis report for an extension.
PreflightSummary: Counts by severity.
PreflightSummaryBrief: Abbreviated preflight summary for embedding in the composite report.
SecurityEvidenceLedgerEntry: A single evidence entry for the security ledger. Designed for JSONL serialization so it can be correlated with runtime hostcall telemetry.
SecurityFinding: A single security finding from static analysis.
SecurityScanReport: Aggregate risk classification for an extension.
SecurityScanner: Scans extension source for security-sensitive patterns and produces a deterministic risk classification report.
SecuritySummaryBrief: Abbreviated security summary for embedding in the composite report.
SecurityTierCounts: Counts by risk tier.
TrustTransitionEvent: A recorded trust state transition event for the audit trail.

ExtensionTrustState: Extension trust lifecycle states.
FindingCategory: Category of a preflight finding.
FindingSeverity: Severity level for a preflight finding.
InstallRecommendation: Install-time recommendation.
ModuleSupport: How well the Pi JS runtime supports a given module.
PreflightVerdict: Overall verdict from preflight analysis.
RiskTier: Risk tier for security findings. Ordered from most to least severe so the Ord derive gives the correct comparison direction.
SecurityRuleId: Stable rule identifiers. Each variant is a versioned detection rule whose semantics are frozen once shipped. Add new variants; never rename or redefine existing ones.
TrustTransitionError: Errors that can occur during trust state transitions.
TrustTransitionKind: Direction of a trust state transition.

INSTALL_TIME_RISK_SCHEMA: Schema version for the install-time risk classification report.
PREFLIGHT_SCHEMA
SECURITY_EVIDENCE_LEDGER_SCHEMA: Schema version for the security evidence ledger.
SECURITY_RULEBOOK_VERSION: Current rulebook version. Bump when rules are added or changed.
SECURITY_SCAN_SCHEMA: Schema version for security scan reports. Bump minor on new rules, major on breaking structural changes.
TRUST_LIFECYCLE_SCHEMA: Schema version for trust lifecycle transition events.

classify_extension_path: Run both the preflight analyzer and security scanner on extension files at a given path and produce a composite install-time risk report.
classify_extension_source: Convenience function: run both the preflight analyzer and security scanner on raw source text and produce a composite install-time risk report.
initial_trust_state: Determine the initial trust state for a newly installed extension based on its install-time risk report.
is_hostcall_allowed_for_trust: Check whether a hostcall category is allowed for the given trust state.
known_module_support: Returns the known support level for a module specifier, or None if the module is not in our registry (likely a relative import or external npm).
module_remediation: Remediation suggestion for a module at a given support level.
security_evidence_ledger_jsonl: Produce a JSONL evidence ledger from a security scan report.