haloforge_plugin_api/
permissions.rs1#[derive(Debug, Clone, PartialEq, Eq, Hash, serde::Serialize, serde::Deserialize)]
4#[serde(tag = "type", content = "value", rename_all = "snake_case")]
5pub enum Permission {
6 DatabaseReadAll,
8 DatabaseRead(String),
10 DatabaseWrite(String),
12 DatabaseCreateTables,
14
15 FilesystemRead,
17 FilesystemReadAppData,
19 FilesystemWrite,
21 FilesystemWriteAppData,
23
24 NetworkHttp,
26 NetworkHttpDomain(String),
28
29 IpcRegister,
31
32 EventsEmit,
34 EventsListen,
36
37 UiInject,
39
40 ProcessSpawn,
42 ProcessSpawnWhitelist(Vec<String>),
44
45 Notifications,
47
48 ClipboardRead,
50 ClipboardWrite,
52
53 HostNavigation,
55 HostFileIntents,
57 HostAIChatAccess,
59 HostThemeRead,
61 HostEventSubscribe,
63
64 AppConfigRead,
66}
67
68impl Permission {
69 pub fn tier(&self) -> PermissionTier {
71 match self {
72 Self::UiInject
73 | Self::EventsListen
74 | Self::DatabaseCreateTables
75 | Self::AppConfigRead
76 | Self::Notifications
77 | Self::HostThemeRead => PermissionTier::Transparent,
78
79 Self::DatabaseReadAll
80 | Self::DatabaseRead(_)
81 | Self::IpcRegister
82 | Self::EventsEmit
83 | Self::NetworkHttpDomain(_)
84 | Self::HostNavigation
85 | Self::HostFileIntents
86 | Self::HostAIChatAccess
87 | Self::HostEventSubscribe => PermissionTier::Standard,
88
89 Self::FilesystemRead
90 | Self::FilesystemWrite
91 | Self::FilesystemReadAppData
92 | Self::FilesystemWriteAppData
93 | Self::NetworkHttp
94 | Self::ProcessSpawnWhitelist(_)
95 | Self::ClipboardRead
96 | Self::ClipboardWrite => PermissionTier::Sensitive,
97
98 Self::DatabaseWrite(_)
99 | Self::ProcessSpawn => PermissionTier::Restricted,
100 }
101 }
102
103 pub fn description(&self) -> String {
105 match self {
106 Self::DatabaseReadAll => "Read all app data".into(),
107 Self::DatabaseRead(t) => format!("Read table: {t}"),
108 Self::DatabaseWrite(t) => format!("Write to table: {t}"),
109 Self::DatabaseCreateTables => "Create plugin-owned database tables".into(),
110 Self::FilesystemRead => "Read files from your filesystem".into(),
111 Self::FilesystemReadAppData => "Read files in the app data directory".into(),
112 Self::FilesystemWrite => "Write files to your filesystem".into(),
113 Self::FilesystemWriteAppData => "Write files in the app data directory".into(),
114 Self::NetworkHttp => "Make outbound HTTP requests".into(),
115 Self::NetworkHttpDomain(d) => format!("Make HTTP requests to: {d}"),
116 Self::IpcRegister => "Register new app commands".into(),
117 Self::EventsEmit => "Emit app events".into(),
118 Self::EventsListen => "Listen to app lifecycle events".into(),
119 Self::UiInject => "Inject UI components".into(),
120 Self::ProcessSpawn => "Spawn arbitrary child processes".into(),
121 Self::ProcessSpawnWhitelist(v) => format!("Spawn processes: {}", v.join(", ")),
122 Self::Notifications => "Show desktop notifications".into(),
123 Self::ClipboardRead => "Read the clipboard".into(),
124 Self::ClipboardWrite => "Write to the clipboard".into(),
125 Self::HostNavigation => "Navigate within HaloForge".into(),
126 Self::HostFileIntents => "Receive file-open intents from HaloForge".into(),
127 Self::HostAIChatAccess => "Use HaloForge AI models and chat transport".into(),
128 Self::HostThemeRead => "Read HaloForge theme tokens".into(),
129 Self::HostEventSubscribe => "Subscribe to HaloForge host events".into(),
130 Self::AppConfigRead => "Read app configuration".into(),
131 }
132 }
133}
134
135#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
136pub enum PermissionTier {
137 Transparent = 0,
139 Standard = 1,
141 Sensitive = 2,
143 Restricted = 3,
145}
146
147#[cfg(test)]
148mod tests {
149 use super::{Permission, PermissionTier};
150
151 #[test]
152 fn host_permissions_have_expected_tiers() {
153 assert_eq!(Permission::HostThemeRead.tier(), PermissionTier::Transparent);
154 assert_eq!(Permission::HostNavigation.tier(), PermissionTier::Standard);
155 assert_eq!(Permission::HostAIChatAccess.tier(), PermissionTier::Standard);
156 }
157}