Expand description
Sidecar manifest + plugin discovery for SecretSource
plugins per ADR-021 §10.
§On-disk layout
Each plugin lives in ~/.devboy/plugins/secrets/:
~/.devboy/plugins/secrets/
├── devboy-source-doppler.toml ← sidecar manifest
└── devboy-source-doppler ← executableThe sidecar manifest declares the executable name, version, checksum (SHA-256 hex), and the env vars the plugin is allowed to read. The host enforces these before spawning the binary:
- Checksum verification prevents a swapped-out plugin
from running silently. The
[checksum]section pins the bytes the manifest was authored against. - Allowed env-var list is the only env the plugin
inherits. Everything else is scrubbed before exec — a
malicious plugin that tries to read
$AWS_SECRET_KEYto exfiltrate it sees an empty env.
§What this module does not do
Spawn the plugin or wire its stdio to the protocol from
plugin_protocol.rs. That’s the plugin client’s job
(P15.2). This module is purely declarative loading and
verification.
Structs§
- Discovered
Plugin - Plugin that survived discovery — manifest parsed cleanly and the executable matches the declared checksum. Ready to hand to the plugin client.
- Plugin
Manifest
Enums§
- Discovery
Outcome - Per-manifest outcome. Discovery doesn’t bubble the first error — a single bad plugin shouldn’t hide the others.
- Manifest
Error
Constants§
- MANIFEST_
PREFIX - Filename pattern:
devboy-source-<name>.toml. - MANIFEST_
SUFFIX
Functions§
- default_
discovery_ dir - Default plugin discovery directory:
$HOME/.devboy/plugins/secrets/. Scanned bydiscover_plugins_default. - discover_
plugins - Scan
dirfordevboy-source-*.tomlmanifests and load and verify each. Non-matching files are silently ignored. Errors are collected per-manifest in the returned outcomes rather than aborting the whole scan. - discover_
plugins_ default - Convenience over
discover_plugins+ the platform’s default discovery directory. Returns an empty Vec if the directory doesn’t exist (no plugins installed).