Skip to main content

Extensions

Struct Extensions 

Source
pub struct Extensions {
Show 16 fields pub request: Option<Arc<RequestExtension>>, pub agent: Option<Arc<AgentExtension>>, pub http: Option<Arc<HttpExtension>>, pub security: Option<Arc<SecurityExtension>>, pub delegation: Option<Arc<DelegationExtension>>, pub raw_credentials: Option<Arc<RawCredentialsExtension>>, pub mcp: Option<Arc<MCPExtension>>, pub completion: Option<Arc<CompletionExtension>>, pub provenance: Option<Arc<ProvenanceExtension>>, pub llm: Option<Arc<LLMExtension>>, pub framework: Option<Arc<FrameworkExtension>>, pub meta: Option<Arc<MetaExtension>>, pub custom: Option<Arc<HashMap<String, Value>>>, pub http_write_token: Option<WriteToken>, pub labels_write_token: Option<WriteToken>, pub delegation_write_token: Option<WriteToken>,
}
Expand description

Typed container for all message extensions.

All slots are Arc<T> — fully immutable, zero-copy shareable. Cloning is all refcount bumps. filter_extensions() creates a filtered view by setting unwanted slots to None (still all Arc, no deep copies). Plugins receive &Extensions (zero cost).

To modify, plugins call cow_copy() which returns an OwnedExtensions with mutable/monotonic/guarded slots cloned out of Arc and write tokens propagated.

Mirrors Python’s cpex.framework.extensions.Extensions.

Fields§

§request: Option<Arc<RequestExtension>>

Execution environment and request tracing (immutable).

§agent: Option<Arc<AgentExtension>>

Agent execution context — session, conversation, lineage (immutable).

§http: Option<Arc<HttpExtension>>

HTTP headers (frozen as Arc — unfrozen in OwnedExtensions).

§security: Option<Arc<SecurityExtension>>

Security — labels, classification, subject (frozen as Arc).

§delegation: Option<Arc<DelegationExtension>>

Delegation chain (frozen as Arc).

§raw_credentials: Option<Arc<RawCredentialsExtension>>

Raw credential material — Layer 3 of the credential storage model (see RawCredentialsExtension docs). Capability-gated; filter_extensions strips this slot for plugins without read_inbound_credentials / read_delegated_tokens. Token fields inside this extension are #[serde(skip)], so any serialization (logs, audit dumps, hot-reload snapshots) drops secret material even when the slot itself survives. The out-of-process consequence — remote / WASM plugins can’t see raw tokens at all — is intentional and documented on RawCredentialsExtension.

§mcp: Option<Arc<MCPExtension>>

MCP entity metadata (immutable).

§completion: Option<Arc<CompletionExtension>>

LLM completion information (immutable).

§provenance: Option<Arc<ProvenanceExtension>>

Origin and message threading (immutable).

§llm: Option<Arc<LLMExtension>>

Model identity and capabilities (immutable).

§framework: Option<Arc<FrameworkExtension>>

Agentic framework context (immutable).

§meta: Option<Arc<MetaExtension>>

Host-provided operational metadata (immutable).

§custom: Option<Arc<HashMap<String, Value>>>

Custom extensions (frozen as Arc — unfrozen in OwnedExtensions).

§http_write_token: Option<WriteToken>

Write tokens — set by the executor per plugin, NOT serialized. Used by cow_copy() to propagate write access to OwnedExtensions.

§labels_write_token: Option<WriteToken>§delegation_write_token: Option<WriteToken>

Implementations§

Source§

impl Extensions

Source

pub fn cow_copy(&self) -> OwnedExtensions

Create a copy-on-write owned copy for modification.

Immutable slots share the same Arc (refcount bump, ~1ns). Mutable/monotonic/guarded slots are cloned out of Arc into owned values — the plugin can modify them directly. Write tokens are propagated from the original.

§Usage
fn handle(&self, payload: &P, ext: &Extensions, ctx: &mut PluginContext) -> PluginResult<P> {
    let mut owned = ext.cow_copy();
    owned.security.as_mut().unwrap().add_label("CHECKED");
    if let Some(ref token) = owned.http_write_token {
        owned.http.as_mut().unwrap().write(token).set_header("X-Foo", "bar");
    }
    PluginResult::modify_extensions(owned)
}
Examples found in repository?
examples/cmf_capabilities_demo.rs (line 163)
139    async fn handle(
140        &self,
141        _payload: &MessagePayload,
142        extensions: &Extensions,
143        _ctx: &mut PluginContext,
144    ) -> PluginResult<MessagePayload> {
145        // Can see HTTP (has read_headers)
146        if let Some(ref http) = extensions.http {
147            println!(
148                "  [header-injector] HTTP headers visible: {:?}",
149                http.request_headers
150            );
151        }
152
153        // Can NOT see security subject (no read_subject)
154        if let Some(ref security) = extensions.security {
155            if security.subject.is_some() {
156                println!("  [header-injector] WARNING: Subject visible (unexpected!)");
157            } else {
158                println!("  [header-injector] Security subject: not visible (no read_subject)");
159            }
160        }
161
162        // COW copy to modify — tokens propagate from the executor
163        let mut modified = extensions.cow_copy();
164
165        // Add a label via MonotonicSet (has append_labels)
166        if modified.labels_write_token.is_some() {
167            modified.security.as_mut().unwrap().add_label("PROCESSED");
168            println!("  [header-injector] Added label 'PROCESSED'");
169        }
170
171        // Inject a header via Guarded (has write_headers)
172        if let Some(ref token) = modified.http_write_token {
173            modified
174                .http
175                .as_mut()
176                .unwrap()
177                .write(token)
178                .set_header("X-Processed-By", "header-injector");
179            println!("  [header-injector] Injected header 'X-Processed-By'");
180        }
181
182        PluginResult::modify_extensions(modified)
183    }
Source

pub fn validate_immutable(&self, modified: &OwnedExtensions) -> bool

Validate that immutable slots were not tampered with.

A slot that is None in modified (because capability filtering hid it from the plugin) is always valid — the plugin never saw it. Only flag as tampering when both are Some with different Arc pointers, or when the original is None but modified is Some (the plugin fabricated a slot it shouldn’t have).

Source

pub fn merge_owned(&mut self, owned: OwnedExtensions)

Merge an OwnedExtensions back into this Extensions.

Trait Implementations§

Source§

impl Clone for Extensions

Source§

fn clone(&self) -> Self

All Arc bumps — zero data copies. Write tokens are NOT cloned.

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Extensions

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Extensions

Source§

fn default() -> Extensions

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for Extensions

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for Extensions

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more