Kelvin plugin manifests may declare quality_tier:
unsigned_local- local development and experimentation only
- no signature required
signed_community- signed package expected (
plugin.sig) - non-empty
publisherrequired
- signed package expected (
signed_trusted- signed package expected (
plugin.sig) - non-empty
publisherrequired - trust policy membership required for verification gates
- signed package expected (
scripts/kelvin-plugin.sh verify enforces tier-specific checks.
For trusted tier:
scripts/kelvin-plugin.sh verify \
--package ./dist/acme.echo-1.0.0.tar.gz \
--trust-policy ./trusted_publishers.jsonInstalled plugin trust policy supports:
- revoked publishers
- plugin-to-publisher pinning
These controls are enforced by installed plugin loading (kelvin-brain).