Expand description
§dscode-extension-host
Extension host process management, IPC, sandbox, and security for DSCode.
This crate provides the infrastructure for running and communicating with extension host processes, including:
- Process lifecycle management with a state machine (
manager::ExtensionHostManager) - Bidirectional IPC over Unix domain sockets (
ipc::IpcManager) - Path validation to prevent filesystem traversal attacks (
path_validator::PathValidator) - Capability-based permissions for extensions (
permissions::ExtensionPermissions) - Per-extension rate limiting using token bucket algorithm (
rate_limiter::RateLimiter) - Multi-platform sandboxing (macOS sandbox-exec, Linux bwrap, Windows Job Objects) ([
sandbox]) - OS keyring secret storage (
secrets::SecretStorage)
§Feature Flags
tauri— Enables Tauri integration for the extension host manager
Structs§
- Extension
Host Manager - Extension
Ipc - Extension
Permissions - Incoming
Ipc - IpcManager
- Path
Validator - Rate
Limiter - Sandbox
Config - Secret
Storage
Enums§
- Extension
Host Error - Errors that can occur in extension host operations.
- Extension
Host State - STATE MACHINE: ExtensionHostProcess
- Permission
Functions§
- apply_
sandbox - complete_
sandbox_ setup - Completes sandbox setup after the process has been spawned.
On Windows, this assigns the child process to the Job Object created by
apply_windows_sandbox. On other platforms this is a no-op. - verify_
binary - Verify the SHA256 hash of a binary file against allowed hashes.