gln plugin approve
Approve a plugin bundle after operator digest verification.
Synopsis
gln [global-options] plugin approve --plugin-path <path> [--note <text>] [digest options]
Options
| Argument or flag | Type | Required | Default | Description |
|---|---|---|---|---|
--plugin-path | path | yes | - | Plugin DLL path. |
--note | string | no | - | Operator note recorded in the plugin pin store. |
--expected-bundle-sha256 | string | no | - | Expected bundle SHA-256 digest. |
--expected-manifest-sha256 | string | no | - | Expected manifest SHA-256 digest. |
--expected-binary-sha256 | string | no | - | Expected plugin binary SHA-256 digest. |
--expected-dependency-sha256 | string | no | - | Expected native dependency SHA-256 digest. |
Description
Stages the plugin bundle through the public plugin approval C API, checks any provided expected digests, and writes the plugin pin only after those checks pass. The command returns the C API approval report; it does not add a separate trust-status field.
JSON output includes manifest identity and capability metadata, the bundle,
manifest, binary, and dependency digests, and the pin_store report from the
C API: path, approved_at, and replaced_existing_pin.
Requirements
- Profile: not used
- Credential type: none
- Backend prerequisites: plugin binary and adjacent manifest file
- Digest verification: compare the reported or expected digests with an out-of-band source before approving a plugin bundle.
Status and exit codes
| Status | Exit | Meaning | Continuation |
|---|---|---|---|
ok | 0 | Expected digests matched and the pin-store write succeeded. | - |
error | 1 | Plugin staging, digest verification, dependency verification, or pin-store write failed. | - |
Result keys: manifest, binary, pin_store
Examples
gln plugin approve `
--plugin-path .\galanthus_revolut.dll `
--expected-bundle-sha256 2d6b5c8f0f4c5f6c8b9d3ef4a0d2b52e5c9f5d8e9a1c2b3d4e5f60718293a4b5