sen-plugin-host 0.8.1

Wasm plugin host runtime for sen-rs CLI framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359

//! Permission strategy trait and default implementations
//!
//! Framework users can customize permission behavior by implementing
//! the `PermissionStrategy` trait or using provided defaults.

use sen_plugin_api::Capabilities;

/// Permission granularity level
#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
pub enum PermissionGranularity {
    /// One permission per plugin (default)
    #[default]
    Plugin,
    /// Separate permissions per command/subcommand path
    Command,
    /// Require permission for every execution
    Execution,
}

/// Context provided to permission strategy for decision making
#[derive(Debug)]
pub struct PermissionContext<'a> {
    /// Plugin name
    pub plugin_name: &'a str,
    /// Command path (e.g., ["db", "migrate"] for "db:migrate")
    pub command_path: &'a [String],
    /// Capabilities requested by the plugin
    pub requested: &'a Capabilities,
    /// Previously granted capabilities (if any)
    pub granted: Option<&'a Capabilities>,
    /// Whether running in interactive mode
    pub interactive: bool,
}

/// Decision returned by permission strategy
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum PermissionDecision {
    /// Allow execution with requested capabilities
    Allow,
    /// Deny execution with reason
    Deny(String),
    /// Prompt user for permission
    Prompt,
    /// Allow but with reduced capabilities
    AllowPartial(Capabilities),
}

/// Strategy trait for permission resolution
///
/// Framework users implement this trait to customize permission behavior.
///
/// # Example
///
/// ```rust
/// use sen_plugin_host::permission::{
///     PermissionStrategy, PermissionGranularity, PermissionContext, PermissionDecision
/// };
///
/// struct MyStrategy {
///     trusted_plugins: Vec<String>,
/// }
///
/// impl PermissionStrategy for MyStrategy {
///     fn granularity(&self) -> PermissionGranularity {
///         PermissionGranularity::Plugin
///     }
///
///     fn inherit_capabilities(&self) -> bool {
///         false
///     }
///
///     fn check(&self, ctx: &PermissionContext) -> PermissionDecision {
///         if self.trusted_plugins.contains(&ctx.plugin_name.to_string()) {
///             PermissionDecision::Allow
///         } else {
///             PermissionDecision::Prompt
///         }
///     }
/// }
/// ```
pub trait PermissionStrategy: Send + Sync {
    /// Get the granularity level for permission checks
    fn granularity(&self) -> PermissionGranularity;

    /// Whether subcommands inherit parent command's capabilities
    fn inherit_capabilities(&self) -> bool;

    /// Check permission and return decision
    fn check(&self, ctx: &PermissionContext) -> PermissionDecision;

    /// Called when capabilities escalation is detected (plugin updated with more permissions)
    fn on_escalation(&self, ctx: &PermissionContext) -> PermissionDecision {
        // Default: always prompt on escalation
        let _ = ctx;
        PermissionDecision::Prompt
    }
}

// ============================================================================
// Default Implementations
// ============================================================================

/// Default permission strategy
///
/// - Plugin-level granularity
/// - No capability inheritance
/// - Prompts for ungranted permissions
/// - Allows if already granted
pub struct DefaultPermissionStrategy;

impl PermissionStrategy for DefaultPermissionStrategy {
    fn granularity(&self) -> PermissionGranularity {
        PermissionGranularity::Plugin
    }

    fn inherit_capabilities(&self) -> bool {
        false
    }

    fn check(&self, ctx: &PermissionContext) -> PermissionDecision {
        match ctx.granted {
            Some(granted) if ctx.requested.is_subset_of(granted) => PermissionDecision::Allow,
            Some(_) => PermissionDecision::Prompt, // Escalation
            None if ctx.requested.is_empty() => PermissionDecision::Allow,
            None => PermissionDecision::Prompt,
        }
    }
}

/// Strict permission strategy
///
/// - Command-level granularity
/// - No inheritance
/// - Denies in non-interactive mode
pub struct StrictPermissionStrategy;

impl PermissionStrategy for StrictPermissionStrategy {
    fn granularity(&self) -> PermissionGranularity {
        PermissionGranularity::Command
    }

    fn inherit_capabilities(&self) -> bool {
        false
    }

    fn check(&self, ctx: &PermissionContext) -> PermissionDecision {
        match ctx.granted {
            Some(granted) if ctx.requested.is_subset_of(granted) => PermissionDecision::Allow,
            _ if !ctx.interactive => PermissionDecision::Deny(
                "Non-interactive mode requires pre-granted permissions".into(),
            ),
            _ => PermissionDecision::Prompt,
        }
    }
}

/// Permissive strategy for trusted environments
///
/// - Plugin-level granularity
/// - Allows all non-network capabilities without prompt
/// - Still prompts for network access
pub struct PermissivePermissionStrategy;

impl PermissionStrategy for PermissivePermissionStrategy {
    fn granularity(&self) -> PermissionGranularity {
        PermissionGranularity::Plugin
    }

    fn inherit_capabilities(&self) -> bool {
        true
    }

    fn check(&self, ctx: &PermissionContext) -> PermissionDecision {
        // Allow everything except network
        if ctx.requested.net.is_empty() {
            PermissionDecision::Allow
        } else {
            match ctx.granted {
                Some(granted) if ctx.requested.is_subset_of(granted) => PermissionDecision::Allow,
                _ => PermissionDecision::Prompt,
            }
        }
    }
}

/// CI/Batch mode strategy
///
/// - Never prompts (non-interactive)
/// - Allows only pre-granted permissions
/// - Denies everything else
pub struct CiPermissionStrategy;

impl PermissionStrategy for CiPermissionStrategy {
    fn granularity(&self) -> PermissionGranularity {
        PermissionGranularity::Plugin
    }

    fn inherit_capabilities(&self) -> bool {
        false
    }

    fn check(&self, ctx: &PermissionContext) -> PermissionDecision {
        match ctx.granted {
            Some(granted) if ctx.requested.is_subset_of(granted) => PermissionDecision::Allow,
            None if ctx.requested.is_empty() => PermissionDecision::Allow,
            _ => PermissionDecision::Deny("CI mode: all permissions must be pre-granted".into()),
        }
    }

    fn on_escalation(&self, _ctx: &PermissionContext) -> PermissionDecision {
        PermissionDecision::Deny("CI mode: capability escalation not allowed".into())
    }
}

/// Trust-all strategy (DANGEROUS - for development only)
///
/// - Allows all capabilities without prompt
/// - Should only be used in development/testing
///
/// # Warning
///
/// This strategy bypasses ALL permission checks. Only use in:
/// - Local development environments
/// - Controlled testing scenarios
/// - Never in production or with untrusted plugins
#[derive(Debug)]
pub struct TrustAllStrategy {
    _private: (),
}

impl TrustAllStrategy {
    /// Create a new trust-all strategy
    ///
    /// # Warning
    ///
    /// This strategy bypasses all permission checks. Only use in controlled environments.
    /// The returned value must be used - ignoring it likely indicates a bug.
    #[must_use = "TrustAllStrategy must be used in a PermissionConfig, ignoring it is likely a bug"]
    pub fn new_dangerous() -> Self {
        Self { _private: () }
    }
}

impl PermissionStrategy for TrustAllStrategy {
    fn granularity(&self) -> PermissionGranularity {
        PermissionGranularity::Plugin
    }

    fn inherit_capabilities(&self) -> bool {
        true
    }

    fn check(&self, _ctx: &PermissionContext) -> PermissionDecision {
        PermissionDecision::Allow
    }

    fn on_escalation(&self, _ctx: &PermissionContext) -> PermissionDecision {
        PermissionDecision::Allow
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use sen_plugin_api::{PathPattern, StdioCapability};

    fn make_context<'a>(
        plugin: &'a str,
        requested: &'a Capabilities,
        granted: Option<&'a Capabilities>,
        interactive: bool,
    ) -> PermissionContext<'a> {
        PermissionContext {
            plugin_name: plugin,
            command_path: &[],
            requested,
            granted,
            interactive,
        }
    }

    #[test]
    fn test_default_strategy_empty_caps() {
        let strategy = DefaultPermissionStrategy;
        let caps = Capabilities::none();
        let ctx = make_context("test", &caps, None, true);

        assert_eq!(strategy.check(&ctx), PermissionDecision::Allow);
    }

    #[test]
    fn test_default_strategy_ungranted() {
        let strategy = DefaultPermissionStrategy;
        let caps = Capabilities::default().with_fs_read(vec![PathPattern::new("./data")]);
        let ctx = make_context("test", &caps, None, true);

        assert_eq!(strategy.check(&ctx), PermissionDecision::Prompt);
    }

    #[test]
    fn test_default_strategy_granted() {
        let strategy = DefaultPermissionStrategy;
        let caps = Capabilities::default().with_fs_read(vec![PathPattern::new("./data")]);
        let granted =
            Capabilities::default().with_fs_read(vec![PathPattern::new("./data").recursive()]);
        let ctx = make_context("test", &caps, Some(&granted), true);

        assert_eq!(strategy.check(&ctx), PermissionDecision::Allow);
    }

    #[test]
    fn test_strict_strategy_non_interactive() {
        let strategy = StrictPermissionStrategy;
        let caps = Capabilities::default().with_stdio(StdioCapability::stdout_only());
        let ctx = make_context("test", &caps, None, false);

        match strategy.check(&ctx) {
            PermissionDecision::Deny(_) => {}
            other => panic!("Expected Deny, got {:?}", other),
        }
    }

    #[test]
    fn test_ci_strategy_denies_ungranted() {
        let strategy = CiPermissionStrategy;
        let caps = Capabilities::default().with_fs_read(vec![PathPattern::new("./data")]);
        let ctx = make_context("test", &caps, None, false);

        match strategy.check(&ctx) {
            PermissionDecision::Deny(msg) => {
                assert!(msg.contains("CI mode"));
            }
            other => panic!("Expected Deny, got {:?}", other),
        }
    }

    #[test]
    fn test_permissive_allows_non_network() {
        let strategy = PermissivePermissionStrategy;
        let caps = Capabilities::default()
            .with_fs_read(vec![PathPattern::new("./data")])
            .with_fs_write(vec![PathPattern::new("./output")])
            .with_stdio(StdioCapability::all());
        let ctx = make_context("test", &caps, None, true);

        assert_eq!(strategy.check(&ctx), PermissionDecision::Allow);
    }

    #[test]
    fn test_trust_all_allows_everything() {
        let strategy = TrustAllStrategy::new_dangerous();
        let caps = Capabilities::default()
            .with_fs_read(vec![PathPattern::new("/")])
            .with_net(vec![sen_plugin_api::NetPattern::https("*")]);
        let ctx = make_context("test", &caps, None, false);

        assert_eq!(strategy.check(&ctx), PermissionDecision::Allow);
    }
}