Integrate ProxyCodebaseSPI so that PreferredProxyCodebaseProvider computes the SHA-256 hash of each JAR and queries the VerdictRegistry service before creating a PreferredClassLoader. The implementation must:
- Use VerdictRegistry.getVerdictByHash(contentHash) or getVerdict(codebaseUrls)
- Refuse to unmarshal or instantiate code when the registry returns DANGEROUS or no verdict is present ("absent" = not yet audited; see policy)
- Document and implement a fallback policy for absent verdicts (e.g. refuse, log, or allow with warning)
- Provide unit/integration test coverage around DANGEROUS/absent verdict cases
Acceptance Criteria:
- All proxy codebase instantiation paths are protected by a registry verdict check
- Tests prove code is never unmarshalled if verdict is DANGEROUS or absent
Integrate ProxyCodebaseSPI so that PreferredProxyCodebaseProvider computes the SHA-256 hash of each JAR and queries the VerdictRegistry service before creating a PreferredClassLoader. The implementation must:
Acceptance Criteria: