agent-supply-chain

tarafından github

Yapay zeka aracı eklentileri ve araçları için bütünlük bildirimleri oluşturur ve doğrular. Kurcalamayı tespit eder, sürüm sabitlemeyi zorunlu kılar ve tedarik zinciri kaynağını belirler.

npx skills add https://github.com/github/awesome-copilot --skill agent-supply-chain

Agent Supply Chain Integrity

Generate and verify integrity manifests for AI agent plugins and tools. Detect tampering, enforce version pinning, and establish supply chain provenance.

Overview

Agent plugins and MCP servers have the same supply chain risks as npm packages or container images — except the ecosystem has no equivalent of npm provenance, Sigstore, or SLSA. This skill fills that gap.

Plugin Directory → Hash All Files (SHA-256) → Generate INTEGRITY.json
                                                    ↓
Later: Plugin Directory → Re-Hash Files → Compare Against INTEGRITY.json
                                                    ↓
                                          Match? VERIFIED : TAMPERED

When to Use

  • Before promoting a plugin from development to production
  • During code review of plugin PRs
  • As a CI step to verify no files were modified after review
  • When auditing third-party agent tools or MCP servers
  • Building a plugin marketplace with integrity requirements

Pattern 1: Generate Integrity Manifest

Create a deterministic INTEGRITY.json with SHA-256 hashes of all plugin files.

import hashlib
import json
from datetime import datetime, timezone
from pathlib import Path

EXCLUDE_DIRS = {".git", "__pycache__", "node_modules", ".venv", ".pytest_cache"}
EXCLUDE_FILES = {".DS_Store", "Thumbs.db", "INTEGRITY.json"}

def hash_file(path: Path) -> str:
    """Compute SHA-256 hex digest of a file."""
    h = hashlib.sha256()
    with open(path, "rb") as f:
        for chunk in iter(lambda: f.read(8192), b""):
            h.update(chunk)
    return h.hexdigest()

def generate_manifest(plugin_dir: str) -> dict:
    """Generate an integrity manifest for a plugin directory."""
    root = Path(plugin_dir)
    files = {}

    for path in sorted(root.rglob("*")):
        if not path.is_file():
            continue
        if path.name in EXCLUDE_FILES:
            continue
        if any(part in EXCLUDE_DIRS for part in path.relative_to(root).parts):
            continue
        rel = path.relative_to(root).as_posix()
        files[rel] = hash_file(path)

    # Chain hash: SHA-256 of all file hashes concatenated in sorted order
    chain = hashlib.sha256()
    for key in sorted(files.keys()):
        chain.update(files[key].encode("ascii"))

    manifest = {
        "plugin_name": root.name,
        "generated_at": datetime.now(timezone.utc).isoformat(),
        "algorithm": "sha256",
        "file_count": len(files),
        "files": files,
        "manifest_hash": chain.hexdigest(),
    }
    return manifest

# Generate and save
manifest = generate_manifest("my-plugin/")
Path("my-plugin/INTEGRITY.json").write_text(
    json.dumps(manifest, indent=2) + "\n"
)
print(f"Generated manifest: {manifest['file_count']} files, "
      f"hash: {manifest['manifest_hash'][:16]}...")

Output (INTEGRITY.json):

{
  "plugin_name": "my-plugin",
  "generated_at": "2026-04-01T03:00:00+00:00",
  "algorithm": "sha256",
  "file_count": 12,
  "files": {
    ".claude-plugin/plugin.json": "a1b2c3d4...",
    "README.md": "e5f6a7b8...",
    "skills/search/SKILL.md": "c9d0e1f2...",
    "agency.json": "3a4b5c6d..."
  },
  "manifest_hash": "7e8f9a0b1c2d3e4f..."
}

Pattern 2: Verify Integrity

Check that current files match the manifest.

# Requires: hash_file() and generate_manifest() from Pattern 1 above
import json
from pathlib import Path

def verify_manifest(plugin_dir: str) -> tuple[bool, list[str]]:
    """Verify plugin files against INTEGRITY.json."""
    root = Path(plugin_dir)
    manifest_path = root / "INTEGRITY.json"

    if not manifest_path.exists():
        return False, ["INTEGRITY.json not found"]

    manifest = json.loads(manifest_path.read_text())
    recorded = manifest.get("files", {})
    errors = []

    # Check recorded files
    for rel_path, expected_hash in recorded.items():
        full = root / rel_path
        if not full.exists():
            errors.append(f"MISSING: {rel_path}")
            continue
        actual = hash_file(full)
        if actual != expected_hash:
            errors.append(f"MODIFIED: {rel_path}")

    # Check for new untracked files
    current = generate_manifest(plugin_dir)
    for rel_path in current["files"]:
        if rel_path not in recorded:
            errors.append(f"UNTRACKED: {rel_path}")

    return len(errors) == 0, errors

# Verify
passed, errors = verify_manifest("my-plugin/")
if passed:
    print("VERIFIED: All files match manifest")
else:
    print(f"FAILED: {len(errors)} issue(s)")
    for e in errors:
        print(f"  {e}")

Output on tampered plugin:

FAILED: 3 issue(s)
  MODIFIED: skills/search/SKILL.md
  MISSING: agency.json
  UNTRACKED: backdoor.py

Pattern 3: Dependency Version Audit

Check that agent dependencies use pinned versions.

import re

def audit_versions(config_path: str) -> list[dict]:
    """Audit dependency version pinning in a config file."""
    findings = []
    path = Path(config_path)
    content = path.read_text()

    if path.name == "package.json":
        data = json.loads(content)
        for section in ("dependencies", "devDependencies"):
            for pkg, ver in data.get(section, {}).items():
                if ver.startswith("^") or ver.startswith("~") or ver == "*" or ver == "latest":
                    findings.append({
                        "package": pkg,
                        "version": ver,
                        "severity": "HIGH" if ver in ("*", "latest") else "MEDIUM",
                        "fix": f'Pin to exact: "{pkg}": "{ver.lstrip("^~")}"'
                    })

    elif path.name in ("requirements.txt", "pyproject.toml"):
        for line in content.splitlines():
            line = line.strip()
            if ">=" in line and "<" not in line:
                findings.append({
                    "package": line.split(">=")[0].strip(),
                    "version": line,
                    "severity": "MEDIUM",
                    "fix": f"Add upper bound: {line},<next_major"
                })

    return findings

Pattern 4: Promotion Gate

Use integrity verification as a gate before promoting plugins.

def promotion_check(plugin_dir: str) -> dict:
    """Check if a plugin is ready for production promotion."""
    checks = {}

    # 1. Integrity manifest exists and verifies
    passed, errors = verify_manifest(plugin_dir)
    checks["integrity"] = {
        "passed": passed,
        "errors": errors
    }

    # 2. Required files exist
    root = Path(plugin_dir)
    required = ["README.md"]
    missing = [f for f in required if not (root / f).exists()]

    # Require at least one plugin manifest (supports both layouts)
    manifest_paths = [
        root / ".github/plugin/plugin.json",
        root / ".claude-plugin/plugin.json",
    ]
    if not any(p.exists() for p in manifest_paths):
        missing.append(".github/plugin/plugin.json (or .claude-plugin/plugin.json)")

    checks["required_files"] = {
        "passed": len(missing) == 0,
        "missing": missing
    }

    # 3. No unpinned dependencies
    mcp_path = root / ".mcp.json"
    if mcp_path.exists():
        config = json.loads(mcp_path.read_text())
        unpinned = []
        for server in config.get("mcpServers", {}).values():
            if isinstance(server, dict):
                for arg in server.get("args", []):
                    if isinstance(arg, str) and "@latest" in arg:
                        unpinned.append(arg)
        checks["pinned_deps"] = {
            "passed": len(unpinned) == 0,
            "unpinned": unpinned
        }

    # Overall
    all_passed = all(c["passed"] for c in checks.values())
    return {"ready": all_passed, "checks": checks}

result = promotion_check("my-plugin/")
if result["ready"]:
    print("Plugin is ready for production promotion")
else:
    print("Plugin NOT ready:")
    for name, check in result["checks"].items():
        if not check["passed"]:
            print(f"  FAILED: {name}")

CI Integration

Add to your GitHub Actions workflow:

- name: Verify plugin integrity
  run: |
    PLUGIN_DIR="${{ matrix.plugin || '.' }}"
    cd "$PLUGIN_DIR"
    python -c "
    from pathlib import Path
    import json, hashlib, sys

    def hash_file(p):
        h = hashlib.sha256()
        with open(p, 'rb') as f:
            for c in iter(lambda: f.read(8192), b''):
                h.update(c)
        return h.hexdigest()

    manifest = json.loads(Path('INTEGRITY.json').read_text())
    errors = []
    for rel, expected in manifest['files'].items():
        p = Path(rel)
        if not p.exists():
            errors.append(f'MISSING: {rel}')
        elif hash_file(p) != expected:
            errors.append(f'MODIFIED: {rel}')
    if errors:
        for e in errors:
            print(f'::error::{e}')
        sys.exit(1)
    print(f'Verified {len(manifest[\"files\"])} files')
    "

Best Practices

PracticeRationale
Generate manifest after code reviewEnsures reviewed code matches production code
Include manifest in the PRReviewers can verify what was hashed
Verify in CI before deployCatches post-review modifications
Chain hash for tamper evidenceSingle hash represents entire plugin state
Exclude build artifactsOnly hash source files — .git, pycache, node_modules excluded
Pin all dependency versionsUnpinned deps = different code on every install

Related Resources

github tarafından daha fazla skill

console-rendering
github
Go'da struct etiketi tabanlı konsol renderlama sistemini kullanma talimatları
official
acquire-codebase-knowledge
github
Bu beceriyi, kullanıcı açıkça mevcut bir kod tabanını haritalamayı, belgelemeyi veya bu kod tabanına dahil olmayı istediğinde kullanın. "Bu kod tabanını haritala", "belgele…" gibi ifadeler için tetikleyin.
official
acreadiness-assess
github
Run the AgentRC readiness assessment on the current repository and produce a static HTML dashboard at reports/index.html. Wraps `npx github:microsoft/agentrc…
official
acreadiness-generate-instructions
github
AgentRC talimatları komutu aracılığıyla özelleştirilmiş AI ajan talimat dosyaları oluşturur. .github/copilot-instructions.md dosyasını üretir (varsayılan, VS'de Copilot için önerilir…
official
acreadiness-policy
github
Kullanıcının bir AgentRC politikası seçmesine, yazmasına veya uygulamasına yardımcı olun. Politikalar, ilgisiz kontrolleri devre dışı bırakarak, etki/seviyeyi geçersiz kılarak, ayarlayarak…
official
add-educational-comments
github
We need to translate the given English text into Turkish, preserving the name "add-educational-comments" if it appears. The text is a description of an agent skill. We must not add any extra commentary, labels, or formatting. The translation should be accurate and natural in Turkish. The text: "Add educational comments to code files to transform them into effective learning resources. Adapts explanation depth and tone to three configurable knowledge levels: beginner, intermediate, and advanced Automatically requests a file if none is provided, with numbered list matching for quick selection Expands files by up to 125% using educational comments only (hard limit: 400 new lines; 300 for files over 1,000 lines) Preserves file encoding, indentation style, syntax correctness, and..." It seems cut off at the end. The original might have more, but we only have this. We'll translate what's given. Note: The name "add-educational-comments" does not appear in the text, so we don't include it. Translation: "Kod dosyalarına
official
adobe-illustrator-scripting
github
ExtendScript (JavaScript/JSX) kullanarak Adobe Illustrator otomasyon betiklerini yazın, hata ayıklayın ve optimize edin. Oluştururken veya değiştirirken kullanın…
official
agent-governance
github
Yapay zeka aracı erişimi ve davranışını kontrol etmek için bildirimsel politikalar, niyet sınıflandırması ve denetim izleri. Birleştirilebilir yönetişim politikaları, izin verilen/engellenen araçları, içerik filtrelerini, hız sınırlarını ve onay gereksinimlerini tanımlar — kod değil yapılandırma olarak saklanır. Anlamsal niyet sınıflandırması, araç yürütülmeden önce desen tabanlı sinyaller kullanarak tehlikeli istemleri (veri sızdırma, ayrıcalık yükseltme, istem enjeksiyonu) tespit eder. Araç düzeyinde yönetişim dekoratörü, politikaları işlevde u
official