( pluginId: string, prevActive: boolean, verdict: AgentVerdict, )
| 657 | } |
| 658 | |
| 659 | async function applyVerdict( |
| 660 | pluginId: string, |
| 661 | prevActive: boolean, |
| 662 | verdict: AgentVerdict, |
| 663 | ) { |
| 664 | const supabase = await createClient(); |
| 665 | |
| 666 | const now = new Date().toISOString(); |
| 667 | const baseUpdate = { |
| 668 | last_scanned_at: now, |
| 669 | scan_run_id: verdict.runId, |
| 670 | scan_verdict: { |
| 671 | verdict: verdict.verdict, |
| 672 | severity: verdict.severity, |
| 673 | categories: verdict.categories, |
| 674 | reasons: verdict.reasons, |
| 675 | summary: verdict.summary, |
| 676 | } satisfies ScanVerdict, |
| 677 | }; |
| 678 | |
| 679 | if (verdict.verdict === "safe") { |
| 680 | await supabase |
| 681 | .from("plugins") |
| 682 | .update({ |
| 683 | ...baseUpdate, |
| 684 | active: true, |
| 685 | scan_status: "safe", |
| 686 | flag_summary: null, |
| 687 | flag_reasons: [], |
| 688 | flag_severity: null, |
| 689 | flagged_at: null, |
| 690 | }) |
| 691 | .eq("id", pluginId); |
| 692 | return; |
| 693 | } |
| 694 | |
| 695 | // Severity policy: only delist a previously-live plugin if the new verdict |
| 696 | // is malicious or high severity. Lower-severity flags surface in the admin |
| 697 | // queue without yanking the plugin. |
| 698 | const shouldHide = |
| 699 | !prevActive || |
| 700 | verdict.verdict === "malicious" || |
| 701 | verdict.severity === "high"; |
| 702 | |
| 703 | await supabase |
| 704 | .from("plugins") |
| 705 | .update({ |
| 706 | ...baseUpdate, |
| 707 | active: !shouldHide, |
| 708 | scan_status: "flagged", |
| 709 | flag_summary: verdict.summary, |
| 710 | flag_reasons: verdict.reasons.length |
| 711 | ? verdict.reasons |
| 712 | : verdict.categories, |
| 713 | flag_severity: verdict.severity, |
| 714 | flagged_at: now, |
| 715 | }) |
| 716 | .eq("id", pluginId); |
no test coverage detected