Skip to content

feat: declare plugin permissions and validate them#10

Merged
Maik-0000FF merged 2 commits into
mainfrom
feat/declare-permissions
Jun 6, 2026
Merged

feat: declare plugin permissions and validate them#10
Maik-0000FF merged 2 commits into
mainfrom
feat/declare-permissions

Conversation

@Maik-0000FF

Copy link
Copy Markdown
Owner

What

Plugins now declare the sensitive permissions they need (the SpaceUX app shows them before a user enables a plugin):

  • org.spaceux.freecad: network (its bridge socket) + filesystem (the bridge install).
  • org.spaceux.example-launch: exec (it spawns programs).
  • nav-style / shape plugins declare none (data-only / pure render).

Plus validate-plugins.mjs now checks the optional permissions field (known values, no duplicates), mirroring the app's loader, and CONTRIBUTING.md documents it.

Coupling

Declaring permissions changes those two plugins' content, so their content hashes change. The matching update to the app's shipped OFFICIAL_PLUGIN_HASHES is in Maik-0000FF/SpaceUX#430; the two should merge together so the official plugins keep verifying. (Users with an older installed copy re-verify after re-importing the updated plugin.)

Refs Maik-0000FF/SpaceUX#426

The SpaceUX app shows a plugin's declared permissions before enabling it,
so declare them here: the FreeCAD plugin uses network (its bridge socket)
and filesystem (the bridge install), and the example launcher uses exec.
Extend validate-plugins.mjs to check the optional `permissions` field
(known values, no duplicates), and document it in CONTRIBUTING.

Refs Maik-0000FF/SpaceUX#426
Report which permission(s) are unknown (e.g. ["bogus"]) instead of only
listing the allowed set, so a plugin author sees exactly what to fix.

Refs Maik-0000FF/SpaceUX#426
@Maik-0000FF Maik-0000FF merged commit 15a0993 into main Jun 6, 2026
6 checks passed
@Maik-0000FF Maik-0000FF deleted the feat/declare-permissions branch June 6, 2026 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant