MCPcopy
hub / github.com/cursor/community-plugins / applyVerdict

Function applyVerdict

apps/cursor/src/lib/plugins/scan.ts:659–717  ·  view source on GitHub ↗
(
  pluginId: string,
  prevActive: boolean,
  verdict: AgentVerdict,
)

Source from the content-addressed store, hash-verified

657}
658
659async function applyVerdict(
660 pluginId: string,
661 prevActive: boolean,
662 verdict: AgentVerdict,
663) {
664 const supabase = await createClient();
665
666 const now = new Date().toISOString();
667 const baseUpdate = {
668 last_scanned_at: now,
669 scan_run_id: verdict.runId,
670 scan_verdict: {
671 verdict: verdict.verdict,
672 severity: verdict.severity,
673 categories: verdict.categories,
674 reasons: verdict.reasons,
675 summary: verdict.summary,
676 } satisfies ScanVerdict,
677 };
678
679 if (verdict.verdict === "safe") {
680 await supabase
681 .from("plugins")
682 .update({
683 ...baseUpdate,
684 active: true,
685 scan_status: "safe",
686 flag_summary: null,
687 flag_reasons: [],
688 flag_severity: null,
689 flagged_at: null,
690 })
691 .eq("id", pluginId);
692 return;
693 }
694
695 // Severity policy: only delist a previously-live plugin if the new verdict
696 // is malicious or high severity. Lower-severity flags surface in the admin
697 // queue without yanking the plugin.
698 const shouldHide =
699 !prevActive ||
700 verdict.verdict === "malicious" ||
701 verdict.severity === "high";
702
703 await supabase
704 .from("plugins")
705 .update({
706 ...baseUpdate,
707 active: !shouldHide,
708 scan_status: "flagged",
709 flag_summary: verdict.summary,
710 flag_reasons: verdict.reasons.length
711 ? verdict.reasons
712 : verdict.categories,
713 flag_severity: verdict.severity,
714 flagged_at: now,
715 })
716 .eq("id", pluginId);

Callers 1

runPluginScanFunction · 0.85

Calls 1

createClientFunction · 0.90

Tested by

no test coverage detected