WordPress Plugin Guard: File-Integrity Meets Swarm Autonomy

#python #matrix #matrixswarm #ai

Why This Exists

If you’ve ever inherited a WordPress instance, you know the feeling — plugin folders that look like a graveyard of forgotten ZIP files, mystery updates, and leftover .bak copies from 2017.

Most scanners wake up after compromise.
Plugin Guard doesn’t.
It locks down the plugin directory before anything moves.

What Plugin Guard Does

wordpress_plugin_guard is a MatrixSwarm agent that provides real-time file-integrity monitoring (FIM) and autonomous enforcement for WordPress plugins.

Baseline Snapshot — builds SHA-256 manifests of every approved plugin.
Continuous Scan — every 15 seconds, re-hashes all files and compares to the trusted baseline.
Instant Enforcement
- Enforce Mode quarantines anything untrusted.
- Block-New Mode deletes untracked folders outright.
Alerts — sends signed JSON alerts back through the Swarm’s hive.alert channel.

The Phoenix Panel

The GUI is handled by the plugin_guard.py panel inside Phoenix.
It exposes everything the agent can do — no command line needed.

Interface buttons:

Show Status
Toggle Enforce
Block New

Each click fires an RPC through the event bus, signed and timestamped.
The response flows back into a live QTextBrowser with colored sections:

Tracked & Clean
Untracked Plugins
Quarantined Plugins
Integrity Alerts

Example - somehow a directory appears in plugins directory

After the directory appears the guard will discover it.

if "Toggle Enforce" was selected the 'invadaaar' and any other directory would have been placed in the site's quarantine folder. In the panel you can approve, clear the site, or quarantine it.
If "Block New" was selected 'invadaaar' would have been nuked.

Logs

Stay on top of incidents with a timestamped ordered logging window, which is standardized for all agents.

Alerting

If you enable hive.alerts for your wordpress_plugin_guardian, using Telegram, Slack, or Discord agents, you can be alerted immediately of any incidents. The agent is already forensic_detective aware, alerts can be inspected using Oracle for deeper AI analyses.

Under the Hood

The agent compares real files to their baseline manifests every interval.
If anything drifts, it reacts — instantly.

def _compare_plugin(self, folder):
    out_dir = os.path.join(self.snapshot_root, self.site_id)
    norm_name = self._normalize_folder_name(folder)
    manifest_path = os.path.join(out_dir, f"{norm_name}.json")
    ...
    if changed or added or deleted:
        return False, "Plugin files were changed since last trusted baseline."
    return True, "Clean"

If enforcement is active, those changed folders go straight into quarantine:

def _quarantine(self, folder, fpath):
    self._ensure_dir(self.quarantine_dir)
    qpath = os.path.join(self.quarantine_dir, f"{folder}_{int(time.time())}")
    shutil.move(fpath, qpath)
    self.log(f"[PLUGIN-GUARD] Quarantined {folder} → {qpath}")

Safe Writes & Permission Awareness

Every write (snapshot or manifest update) passes through _safe_write().
If the agent can’t write — due to permissions, read-only mode, or I/O errors — it alerts the operator immediately.

def _safe_write(self, path, write_func, *args, **kwargs):
    try:
        return write_func(*args, **kwargs)
    except PermissionError:
        self.drop_alert({
            "plugin": "system",
            "path": path,
            "reason": "Permission denied",
            "action": "permission_error"
        })

Security Philosophy

Plugin Guard follows a fail-closed design.
If the connection breaks, the agent keeps scanning locally.
If a write fails, it reports the issue upstream.
If a cert fails validation, it drops to passive read-only mode.

No assumptions. No silent failures.

Swarm Integration

Every alert, snapshot, and state update travels through MatrixSwarm’s signed packet system:

Plugin Dir → Agent Scan → Hive.Alert → Phoenix Panel → Operator Action

When sending back packets to Phoenix, each packet is encrypted via encrypt_with_ephemeral_aes() and signed with RSA, ensuring no tampering between node and console.