dscode_extension_host/lib.rs
1//! # dscode-extension-host
2//!
3//! Extension host process management, IPC, sandbox, and security for DSCode.
4//!
5//! This crate provides the infrastructure for running and communicating with
6
7#![warn(missing_docs)]
8#![deny(rustdoc::broken_intra_doc_links)]
9#![warn(dead_code)]
10//! extension host processes, including:
11//!
12//! - **Process lifecycle management** with a state machine ([`manager::ExtensionHostManager`])
13//! - **Bidirectional IPC** over Unix domain sockets ([`ipc::IpcManager`])
14//! - **Path validation** to prevent filesystem traversal attacks ([`path_validator::PathValidator`])
15//! - **Capability-based permissions** for extensions ([`permissions::ExtensionPermissions`])
16//! - **Per-extension rate limiting** using token bucket algorithm ([`rate_limiter::RateLimiter`])
17//! - **Multi-platform sandboxing** (macOS sandbox-exec, Linux bwrap, Windows Job Objects) ([`sandbox`])
18//! - **OS keyring secret storage** ([`secrets::SecretStorage`])
19//!
20//! ## Feature Flags
21//!
22//! - `tauri` — Enables Tauri integration for the extension host manager
23
24mod binary_verifier;
25mod error;
26mod ipc;
27mod manager;
28mod path_validator;
29mod permissions;
30mod rate_limiter;
31mod sandbox;
32mod secrets;
33
34pub use binary_verifier::verify_binary;
35pub use error::ExtensionHostError;
36pub use ipc::{ExtensionIpc, IncomingIpc, IncomingRequestHandler, IpcManager};
37pub use manager::{ExtensionHostManager, ExtensionHostState};
38pub use path_validator::PathValidator;
39pub use permissions::{ExtensionPermissions, Permission};
40pub use rate_limiter::RateLimiter;
41pub use sandbox::{apply_sandbox, complete_sandbox_setup, SandboxConfig};
42pub use secrets::SecretStorage;