fix: keep plugin audit check ids stable

2026-05-06 11:00:42 +00:00 · 2026-04-25 23:18:38 +01:00
parent c79399dc68
commit 56f4264f1b
3 changed files with 11 additions and 11 deletions
--- a/docs/gateway/security/audit-checks.md
+++ b/docs/gateway/security/audit-checks.md
@@ -97,9 +97,9 @@ exhaustive):
 | `tools.exec.safe_bin_trusted_dirs_risky`                      | warn          | `safeBinTrustedDirs` includes mutable or risky directories                           | `tools.exec.safeBinTrustedDirs`, `agents.list[].tools.exec.safeBinTrustedDirs`                       | no       |
 | `skills.workspace.symlink_escape`                             | warn          | Workspace `skills/**/SKILL.md` resolves outside workspace root (symlink-chain drift) | workspace `skills/**` filesystem state                                                               | no       |
 | `plugins.extensions_no_allowlist`                             | warn          | Plugins are installed without an explicit plugin allowlist                           | `plugins.allowlist`                                                                                  | no       |
-| `plugins.index_unpinned_npm_specs`                            | warn          | Plugin install records are not pinned to immutable npm specs                         | plugin install metadata                                                                              | no       |
-| `plugins.index_missing_integrity`                             | warn          | Plugin install records lack integrity metadata                                       | plugin install metadata                                                                              | no       |
-| `plugins.index_version_drift`                                 | warn          | Plugin install records drift from installed packages                                 | plugin install metadata                                                                              | no       |
+| `plugins.installs_unpinned_npm_specs`                         | warn          | Plugin index records are not pinned to immutable npm specs                           | plugin install metadata                                                                              | no       |
+| `plugins.installs_missing_integrity`                          | warn          | Plugin index records lack integrity metadata                                         | plugin install metadata                                                                              | no       |
+| `plugins.installs_version_drift`                              | warn          | Plugin index records drift from installed packages                                   | plugin install metadata                                                                              | no       |
 | `plugins.code_safety`                                         | warn/critical | Plugin code scan found suspicious or dangerous patterns                              | plugin code / install source                                                                         | no       |
 | `plugins.code_safety.entry_path`                              | warn          | Plugin entry path points into hidden or `node_modules` locations                     | plugin manifest `entry`                                                                              | no       |
 | `plugins.code_safety.entry_escape`                            | critical      | Plugin entry escapes the plugin directory                                            | plugin manifest `entry`                                                                              | no       |