fix: trust-gate manifest auth evidence

src/secrets/provider-env-vars.dynamic.test.ts

@@ -36,7 +36,7 @@ type MockManifestRegistry = {
 };
 
 const pluginRegistryMocks = vi.hoisted(() => {
-  const loadManifestRegistry = vi.fn<() => MockManifestRegistry>(() => ({
+  const loadManifestRegistry = vi.fn<(...args: unknown[]) => MockManifestRegistry>(() => ({
     plugins: [],
     diagnostics: [],
   }));
@@ -153,6 +153,81 @@ describe("provider env vars dynamic manifest metadata", () => {
         source: "external cloud credentials",
       },
     ]);
+    expect(
+      pluginRegistryMocks.loadPluginManifestRegistryForPluginRegistry.mock.calls.at(-1)?.[0],
+    ).toMatchObject({ includeDisabled: false });
+  });
+
+  it("excludes untrusted workspace plugin auth evidence by default", async () => {
+    pluginRegistryMocks.loadPluginManifestRegistryForPluginRegistry.mockReturnValue({
+      plugins: [
+        {
+          id: "workspace-cloud",
+          origin: "workspace",
+          setup: {
+            providers: [
+              {
+                id: "workspace-cloud",
+                authEvidence: [
+                  {
+                    type: "local-file-with-env",
+                    fileEnvVar: "WORKSPACE_CLOUD_CREDENTIALS",
+                    credentialMarker: "workspace-cloud-local-credentials",
+                  },
+                ],
+              },
+            ],
+          },
+        },
+      ],
+      diagnostics: [],
+    });
+
+    expect(
+      resolveProviderAuthEvidence({ config: { plugins: {} } })["workspace-cloud"],
+    ).toBeUndefined();
+  });
+
+  it("keeps explicitly trusted workspace plugin auth evidence", async () => {
+    pluginRegistryMocks.loadPluginManifestRegistryForPluginRegistry.mockReturnValue({
+      plugins: [
+        {
+          id: "workspace-cloud",
+          origin: "workspace",
+          setup: {
+            providers: [
+              {
+                id: "workspace-cloud",
+                authEvidence: [
+                  {
+                    type: "local-file-with-env",
+                    fileEnvVar: "WORKSPACE_CLOUD_CREDENTIALS",
+                    credentialMarker: "workspace-cloud-local-credentials",
+                  },
+                ],
+              },
+            ],
+          },
+        },
+      ],
+      diagnostics: [],
+    });
+
+    expect(
+      resolveProviderAuthEvidence({
+        config: {
+          plugins: {
+            allow: ["workspace-cloud"],
+          },
+        },
+      })["workspace-cloud"],
+    ).toEqual([
+      {
+        type: "local-file-with-env",
+        fileEnvVar: "WORKSPACE_CLOUD_CREDENTIALS",
+        credentialMarker: "workspace-cloud-local-credentials",
+      },
+    ]);
   });
 
   it("appends setup provider env vars after explicit provider auth env vars", async () => {

src/secrets/provider-env-vars.ts

@@ -62,6 +62,16 @@ function shouldUsePluginProviderEnvVars(
   return isWorkspacePluginTrustedForProviderEnvVars(plugin, params?.config);
 }
 
+function shouldUsePluginProviderAuthEvidence(
+  plugin: PluginManifestRecord,
+  params: ProviderEnvVarLookupParams | undefined,
+): boolean {
+  if (plugin.origin !== "workspace") {
+    return true;
+  }
+  return isWorkspacePluginTrustedForProviderEnvVars(plugin, params?.config);
+}
+
 function appendUniqueEnvVarCandidates(
   target: Record<string, string[]>,
   providerId: string,
@@ -150,11 +160,11 @@ function resolveManifestProviderAuthEvidence(
     workspaceDir: params?.workspaceDir,
     env: params?.env,
     preferPersisted: false,
-    includeDisabled: true,
+    includeDisabled: false,
   });
   const evidenceByProvider: Record<string, ProviderAuthEvidence[]> = {};
   for (const plugin of registry.plugins) {
-    if (!shouldUsePluginProviderEnvVars(plugin, params)) {
+    if (!shouldUsePluginProviderAuthEvidence(plugin, params)) {
       continue;
     }
     for (const provider of plugin.setup?.providers ?? []) {