sen-plugin-host 0.8.1

Wasm plugin host runtime for sen-rs CLI framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

//! Permission system for plugin capabilities
//!
//! This module provides a flexible, customizable permission system for controlling
//! what capabilities plugins can access. It's designed as a framework that
//! application developers can customize to fit their needs.
//!
//! # Architecture
//!
//! ```text
//! ┌─────────────────────────────────────────────────────────────────────────┐
//! │                         PermissionConfig                                 │
//! │  ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐│
//! │  │  Strategy   │ │    Store    │ │   Prompt    │ │       Audit         ││
//! │  │             │ │             │ │             │ │                     ││
//! │  │ - Default   │ │ - File      │ │ - Terminal  │ │ - File (JSONL)      ││
//! │  │ - Strict    │ │ - Memory    │ │ - Auto      │ │ - Memory            ││
//! │  │ - Permissive│ │ - ReadOnly  │ │ - Recording │ │ - Null              ││
//! │  │ - CI        │ │             │ │             │ │ - Composite         ││
//! │  │ - TrustAll  │ │             │ │             │ │                     ││
//! │  └─────────────┘ └─────────────┘ └─────────────┘ └─────────────────────┘│
//! └─────────────────────────────────────────────────────────────────────────┘
//! ```
//!
//! # Quick Start
//!
//! ## Using Presets
//!
//! ```rust,ignore
//! use sen_plugin_host::permission::PermissionPresets;
//!
//! // Interactive development
//! let config = PermissionPresets::interactive("myapp")?;
//!
//! // CI/CD pipeline
//! let config = PermissionPresets::ci("myapp", None)?;
//!
//! // Testing
//! let config = PermissionPresets::testing();
//! ```
//!
//! ## Custom Configuration
//!
//! ```rust,ignore
//! use sen_plugin_host::permission::{
//!     PermissionConfigBuilder,
//!     DefaultPermissionStrategy,
//!     MemoryPermissionStore,
//!     TerminalPromptHandler,
//!     TrustFlagConfig,
//! };
//! use sen_plugin_host::audit::NullAuditSink;
//!
//! let config = PermissionConfigBuilder::new()
//!     .app_name("myapp")
//!     .strategy(DefaultPermissionStrategy)
//!     .store(MemoryPermissionStore::new())
//!     .prompt(TerminalPromptHandler::new())
//!     .audit(NullAuditSink)
//!     .trust_flags(TrustFlagConfig::default())
//!     .build()?;
//! ```
//!
//! # Components
//!
//! ## Strategy
//!
//! Controls how permission decisions are made:
//!
//! | Strategy | Granularity | Prompts | Best For |
//! |----------|-------------|---------|----------|
//! | Default | Plugin | When needed | General use |
//! | Strict | Command | Always (interactive) | Security |
//! | Permissive | Plugin | Network only | Development |
//! | CI | Plugin | Never | CI/CD |
//! | TrustAll | Plugin | Never | Testing only |
//!
//! ## Store
//!
//! Persists granted permissions:
//!
//! - `FilePermissionStore`: JSON file in config directory
//! - `MemoryPermissionStore`: In-memory (session only)
//! - `ReadOnlyPermissionStore`: Wrapper that prevents writes
//!
//! ## Prompt
//!
//! Handles user interaction:
//!
//! - `TerminalPromptHandler`: Interactive terminal prompts
//! - `AutoPromptHandler`: Automatic approve/deny
//! - `RecordingPromptHandler`: Records prompts (testing)
//!
//! ## Trust Flags
//!
//! Configurable CLI flags for explicit trust:
//!
//! ```bash
//! # Default format
//! myapp --trust-plugin=hello run
//!
//! # Allow-style (configurable)
//! myapp --allow-plugin=hello run
//!
//! # Custom aliases
//! myapp --yolo run  # Trust all (if configured)
//! ```

pub mod presets;
pub mod prompt;
pub mod store;
pub mod strategy;
pub mod trust;

// Re-exports for convenience
pub use presets::{PermissionConfig, PermissionConfigBuilder, PermissionPresets, PresetError};
pub use prompt::{AutoPromptHandler, RecordingPromptHandler, TerminalPromptHandler};
pub use prompt::{PromptError, PromptHandler, PromptResult};
pub use store::{FilePermissionStore, MemoryPermissionStore, ReadOnlyPermissionStore};
pub use store::{PermissionStore, StoreError, StoredPermission, StoredTrustLevel};
pub use strategy::{
    CiPermissionStrategy, DefaultPermissionStrategy, PermissivePermissionStrategy,
    StrictPermissionStrategy, TrustAllStrategy,
};
pub use strategy::{
    PermissionContext, PermissionDecision, PermissionGranularity, PermissionStrategy,
};
pub use trust::{
    TrustDirectives, TrustEffect, TrustFlagAlias, TrustFlagConfig, TrustFlagPresets, TrustTarget,
};