plugin_not_allowed

Diagnostic `nanook::plugin::not_allowed`

Summary

plugin `{0}` hash is not in the allowlist

Help

after auditing the cdylib, append sha256:{1} to [plugins].allowed

Details

When this fires

PluginHost::admit checked the discovered cdylib's sha256 against [plugins].allowed and didn't find it. The default posture is paranoid: every plugin needs an explicit allow-entry. The error includes the actual hash so you can paste it back into config after auditing the binary. Surfaces at agent startup (when a configured collector / adapter / action references the plugin) or on nanook plugins inspect.

What to check

Audit the cdylib first (origin, builder, reproducibility), then confirm the hash from a clean checkout with sha256sum <path>. During dev, [plugins].verify = false skips the allowlist (the host still warns on load).

[plugins]
allowed = ["sha256:<paste-from-error>"]