fix: install preflight plugin signature

[yacosta738]

This pull request introduces significant improvements to plugin signature and certificate normalization and verification, as well as enhanced dependency management and user experience for the Corvus CLI installer. The changes ensure more robust handling of plugin artifacts and provide a smoother installation process, especially around dependency checks and auto-installation.

Key changes include:

Plugin signature/certificate normalization and verification

• Added robust normalization logic for plugin signatures and certificates in clients/agent-runtime/src/plugins/mod.rs, including support for base64-wrapped PEM certificates and signatures, and validation of payloads before verification. This ensures that plugin artifacts can be verified regardless of their encoding or formatting, reducing errors due to inconsistent file formats. [1] [2] [3] [4]
• Introduced comprehensive unit tests for signature and certificate normalization, improving reliability and maintainability of the verification process.
• Updated the cosign verification step in the GitHub Actions workflow (.github/workflows/publish-plugins.yml) to use Python for certificate normalization, handling both PEM and base64-wrapped PEM formats before verification. This aligns CI behavior with local verification logic.

Installer dependency management and user experience

• Refactored the Corvus CLI installer script (clients/web/apps/marketing/public/install) to detect platform and package manager, and to auto-install required dependencies (curl, tar, sha256sum/shasum, and cosign) where possible. The script now provides informative prompts, fallback instructions, and handles privilege escalation as needed.
• Added clear preflight checks, improved error handling, and user messaging for missing dependencies, making the installation process more robust and user-friendly. The installer now warns if cosign is unavailable, explaining the impact on plugin verification. [1] [2]

Version bump

• Bumped the version of the memory-surreal-graphs-plugin crate to 0.1.2 to reflect these changes.

Summary by CodeRabbit

• Chores
  • Patch version update to memory graph plugin (0.1.1 → 0.1.2). No behavioral changes included in this release.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	corvus-plugins-edge	b7945bc	Feb 25 2026, 07:00 AM

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d055872 and b7945bc.

⛔ Files ignored due to path filters (1)

• clients/agent-runtime/plugins/memory-surreal-graphs/Cargo.lock is excluded by !**/*.lock, !**/Cargo.lock

📒 Files selected for processing (1)

• clients/agent-runtime/plugins/memory-surreal-graphs/Cargo.toml

---

📝 Walkthrough

Walkthrough

Version bump of the memory-surreal-graphs crate from 0.1.1 to 0.1.2 in its manifest file. No code or behavioral changes; only the package version metadata is updated.

Changes

Cohort / File(s)	Summary
Version bump clients/agent-runtime/plugins/memory-surreal-graphs/Cargo.toml	Package version updated from 0.1.1 to 0.1.2 in manifest.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested labels

codex

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The PR title 'fix: install preflight plugin signature' is vague and does not clearly summarize the actual changes. While the PR touches on plugin signature verification, the title focuses narrowly on 'install preflight' without conveying the broader scope of improvements to signature normalization, certificate handling, installer dependency management, or the version bump.	Consider a more descriptive title that better reflects the main changes, such as 'fix: add preflight checks and enhance plugin signature verification in installer' or similar to clarify the scope.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description is comprehensive and well-structured, covering all major changes including plugin signature/certificate normalization, installer improvements, and version bumps with clear references. It aligns well with the description template's Summary section requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/install-preflight-plugin-signature

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying corvus-plugins with    Cloudflare Pages

Latest commit:	b7945bc
Status:	✅  Deploy successful!
Preview URL:	https://980dcc43.corvus-plugins.pages.dev
Branch Preview URL:	https://fix-install-preflight-plugin.corvus-plugins.pages.dev

View logs

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	89%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	9	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3042 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	369	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	3	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	89%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	57	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-02-25 to 2026-02-25}

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	b7945bc
Status:	✅  Deploy successful!
Preview URL:	https://7dbb9fcd.corvus-42x.pages.dev
Branch Preview URL:	https://fix-install-preflight-plugin.corvus-42x.pages.dev

View logs