sen-plugin-host 0.8.1

Wasm plugin host runtime for sen-rs CLI framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365

//! Trust flag configuration for CLI integration
//!
//! Provides template-based trust flag generation without reserving specific flag names.
//! Framework users can customize the flag format to match their CLI conventions.

/// Trust flag configuration
///
/// Allows framework users to define how trust flags are generated
/// without the framework reserving specific flag names.
///
/// # Example
///
/// ```rust
/// use sen_plugin_host::permission::{TrustFlagConfig, TrustEffect};
///
/// // Default: --trust-plugin=name, --trust-command=name
/// let config = TrustFlagConfig::default();
///
/// // Custom: --allow-plugin=name
/// let config = TrustFlagConfig::new()
///     .with_flag_template("--allow-{target}")
///     .with_alias("--yolo", TrustEffect::TrustAll);
/// ```
#[derive(Debug, Clone)]
pub struct TrustFlagConfig {
    /// Enable trust flags feature
    pub enabled: bool,

    /// Flag template: {target} is replaced with "plugin" or "command"
    /// Default: "--trust-{target}"
    pub flag_template: String,

    /// Value template: {name} is replaced with plugin/command name
    /// Default: "{name}"
    pub value_template: String,

    /// Custom aliases for common trust patterns
    pub aliases: Vec<TrustFlagAlias>,

    /// Whether to show trust flags in help
    pub show_in_help: bool,

    /// Help text template for generated flags
    pub help_template: String,
}

impl Default for TrustFlagConfig {
    fn default() -> Self {
        Self {
            enabled: true,
            flag_template: "--trust-{target}".into(),
            value_template: "{name}".into(),
            aliases: vec![],
            show_in_help: true,
            help_template: "Trust {target} '{name}' for this execution".into(),
        }
    }
}

impl TrustFlagConfig {
    /// Create a new trust flag configuration
    pub fn new() -> Self {
        Self::default()
    }

    /// Disable trust flags entirely
    pub fn disabled() -> Self {
        Self {
            enabled: false,
            ..Self::default()
        }
    }

    /// Set the flag template
    ///
    /// Variables:
    /// - `{target}`: "plugin" or "command"
    pub fn with_flag_template(mut self, template: impl Into<String>) -> Self {
        self.flag_template = template.into();
        self
    }

    /// Set the value template
    ///
    /// Variables:
    /// - `{name}`: plugin or command name
    pub fn with_value_template(mut self, template: impl Into<String>) -> Self {
        self.value_template = template.into();
        self
    }

    /// Add a custom alias
    pub fn with_alias(mut self, flag: impl Into<String>, effect: TrustEffect) -> Self {
        self.aliases.push(TrustFlagAlias {
            flag: flag.into(),
            description: effect.default_description(),
            effect,
        });
        self
    }

    /// Add a custom alias with description
    pub fn with_alias_desc(
        mut self,
        flag: impl Into<String>,
        description: impl Into<String>,
        effect: TrustEffect,
    ) -> Self {
        self.aliases.push(TrustFlagAlias {
            flag: flag.into(),
            description: description.into(),
            effect,
        });
        self
    }

    /// Hide trust flags from help output
    pub fn hidden(mut self) -> Self {
        self.show_in_help = false;
        self
    }

    /// Generate the flag name for a target type
    pub fn generate_flag(&self, target: TrustTarget) -> String {
        self.flag_template.replace("{target}", target.as_str())
    }

    /// Generate the value format for a name
    pub fn generate_value(&self, name: &str) -> String {
        self.value_template.replace("{name}", name)
    }

    /// Generate help text for a flag
    pub fn generate_help(&self, target: TrustTarget, name: &str) -> String {
        self.help_template
            .replace("{target}", target.as_str())
            .replace("{name}", name)
    }

    /// Parse command line arguments and extract trust directives
    pub fn parse_args(&self, args: &[String]) -> TrustDirectives {
        if !self.enabled {
            return TrustDirectives::default();
        }

        let mut directives = TrustDirectives::default();

        for arg in args {
            // Check aliases first
            for alias in &self.aliases {
                if arg == &alias.flag {
                    match &alias.effect {
                        TrustEffect::TrustAll => directives.trust_all = true,
                        TrustEffect::TrustSession => directives.trust_session = true,
                        TrustEffect::TrustNamed { target, name } => match target {
                            TrustTarget::Plugin => {
                                directives.trusted_plugins.push(name.clone());
                            }
                            TrustTarget::Command => {
                                directives.trusted_commands.push(name.clone());
                            }
                        },
                    }
                }
            }

            // Check template-based flags
            let plugin_flag = self.generate_flag(TrustTarget::Plugin);
            let command_flag = self.generate_flag(TrustTarget::Command);

            if let Some(value) = arg.strip_prefix(&format!("{}=", plugin_flag)) {
                directives.trusted_plugins.push(value.to_string());
            } else if let Some(value) = arg.strip_prefix(&format!("{}=", command_flag)) {
                directives.trusted_commands.push(value.to_string());
            }
        }

        directives
    }
}

/// Target type for trust flags
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TrustTarget {
    Plugin,
    Command,
}

impl TrustTarget {
    fn as_str(&self) -> &'static str {
        match self {
            Self::Plugin => "plugin",
            Self::Command => "command",
        }
    }
}

/// Custom trust flag alias
#[derive(Debug, Clone)]
pub struct TrustFlagAlias {
    /// The flag (e.g., "--yolo")
    pub flag: String,
    /// Description for help text
    pub description: String,
    /// What this alias does
    pub effect: TrustEffect,
}

/// Effect of a trust flag
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum TrustEffect {
    /// Trust a specific plugin or command
    TrustNamed { target: TrustTarget, name: String },
    /// Trust all plugins for this execution (dangerous)
    TrustAll,
    /// Trust for this session only (not persisted)
    TrustSession,
}

impl TrustEffect {
    /// Get default description for this effect
    fn default_description(&self) -> String {
        match self {
            Self::TrustNamed { target, name } => {
                format!("Trust {} '{}'", target.as_str(), name)
            }
            Self::TrustAll => "Trust all plugins (dangerous)".into(),
            Self::TrustSession => "Trust permissions for this session only".into(),
        }
    }
}

/// Parsed trust directives from command line
#[derive(Debug, Clone, Default)]
pub struct TrustDirectives {
    /// Explicitly trusted plugin names
    pub trusted_plugins: Vec<String>,
    /// Explicitly trusted command names
    pub trusted_commands: Vec<String>,
    /// Trust all plugins (--trust-all or equivalent)
    pub trust_all: bool,
    /// Trust for session only (not persisted)
    pub trust_session: bool,
}

impl TrustDirectives {
    /// Check if a plugin is trusted
    pub fn is_plugin_trusted(&self, name: &str) -> bool {
        self.trust_all || self.trusted_plugins.iter().any(|p| p == name)
    }

    /// Check if a command is trusted
    pub fn is_command_trusted(&self, name: &str) -> bool {
        self.trust_all || self.trusted_commands.iter().any(|c| c == name)
    }

    /// Check if any trust directive is active
    pub fn has_any(&self) -> bool {
        self.trust_all
            || self.trust_session
            || !self.trusted_plugins.is_empty()
            || !self.trusted_commands.is_empty()
    }
}

/// Builder for common trust flag configurations
pub struct TrustFlagPresets;

impl TrustFlagPresets {
    /// Standard configuration with --trust-plugin and --trust-command
    pub fn standard() -> TrustFlagConfig {
        TrustFlagConfig::default()
    }

    /// Allow-style flags (--allow-plugin, --allow-command)
    pub fn allow_style() -> TrustFlagConfig {
        TrustFlagConfig::new().with_flag_template("--allow-{target}")
    }

    /// Short flags (-tp, -tc)
    pub fn short_style() -> TrustFlagConfig {
        TrustFlagConfig::new()
            .with_flag_template("-t{target}")
            .with_alias("-ta", TrustEffect::TrustAll)
    }

    /// Kubernetes-style (--trust plugin=name)
    pub fn k8s_style() -> TrustFlagConfig {
        TrustFlagConfig::new()
            .with_flag_template("--trust")
            .with_value_template("{target}={name}")
    }

    /// Disabled (no trust flags)
    pub fn disabled() -> TrustFlagConfig {
        TrustFlagConfig::disabled()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_default_config() {
        let config = TrustFlagConfig::default();
        assert!(config.enabled);
        assert_eq!(config.generate_flag(TrustTarget::Plugin), "--trust-plugin");
        assert_eq!(
            config.generate_flag(TrustTarget::Command),
            "--trust-command"
        );
    }

    #[test]
    fn test_custom_template() {
        let config = TrustFlagConfig::new().with_flag_template("--allow-{target}");

        assert_eq!(config.generate_flag(TrustTarget::Plugin), "--allow-plugin");
    }

    #[test]
    fn test_parse_args() {
        let config = TrustFlagConfig::default();
        let args = vec![
            "--trust-plugin=hello".into(),
            "--trust-command=db:migrate".into(),
            "other-arg".into(),
        ];

        let directives = config.parse_args(&args);
        assert!(directives.is_plugin_trusted("hello"));
        assert!(directives.is_command_trusted("db:migrate"));
        assert!(!directives.is_plugin_trusted("other"));
    }

    #[test]
    fn test_alias() {
        let config = TrustFlagConfig::new().with_alias("--yolo", TrustEffect::TrustAll);

        let args = vec!["--yolo".into()];
        let directives = config.parse_args(&args);

        assert!(directives.trust_all);
        assert!(directives.is_plugin_trusted("any-plugin"));
    }

    #[test]
    fn test_disabled_config() {
        let config = TrustFlagConfig::disabled();
        let args = vec!["--trust-plugin=hello".into()];
        let directives = config.parse_args(&args);

        assert!(!directives.is_plugin_trusted("hello"));
    }

    #[test]
    fn test_presets() {
        let allow = TrustFlagPresets::allow_style();
        assert_eq!(allow.generate_flag(TrustTarget::Plugin), "--allow-plugin");

        let short = TrustFlagPresets::short_style();
        assert_eq!(short.generate_flag(TrustTarget::Plugin), "-tplugin");
    }
}