Expand description
Extension protocol, policy, and runtime scaffolding.
This module defines the versioned extension protocol and provides validation utilities plus a minimal WASM host scaffold.
Structs§
- Baseline
Capability Profile - Per-capability robust statistics from approved traces.
- Baseline
Drift Anomaly - Single drift anomaly detected when comparing live features to baseline.
- Baseline
Drift Report - Result of comparing live features against a baseline model.
- Baseline
Markov Transition Matrix - Markov transition matrix over risk state labels.
- Capability
Explanation - Structured explanation of a single capability decision within a policy.
- Capability
Integrity Attestation - Capability
Manifest - Capability
Provenance - Capability
Publisher Attestation - Capability
Requirement - Capability
Scope - Compat
Capability Evidence - Compat
Evidence - Compat
Issue Evidence - Compat
Ledger - Compat
Rewrite Evidence - Compatibility
Scanner - Dangerous
OptIn Audit Entry - Audit trail entry for dangerous-capability opt-in via
allow_dangerous. - Enforcement
Hysteresis - Hysteresis configuration to prevent rapid oscillation (flapping) between enforcement states.
- Enforcement
Score Bands - Score band thresholds for each enforcement state. A score at or above
the threshold triggers that state. Thresholds must satisfy
allow < harden < prompt < deny < terminate. - Enforcement
State Machine - Per-extension enforcement state machine with hysteresis tracking.
- Enforcement
Transition - Result of an enforcement state machine evaluation.
- Error
Payload - Event
Coalescer - Event
Hook Payload - Exec
Mediation Artifact - Structured artifact for exec mediation decision history (SEC-4.3).
- Exec
Mediation Ledger Entry - Telemetry entry for exec mediation decisions.
- Exec
Mediation Policy - Policy configuration for exec mediation (SEC-4.3).
- Extension
Budget Controller Config - Budget controller settings for expected-loss fallback routing.
- Extension
Manager - Extension manager for handling loaded extensions.
- Extension
Manifest - Extension
Manifest Source - Extension
Message - Extension
Override - Per-extension policy override.
- Extension
Policy - Extension
Quota Config - Configurable per-extension resource quotas. When a quota is
None, the corresponding limit is not enforced. All values are per-extension. - Extension
Region - RAII guard for extension lifecycle with structured concurrency guarantees.
- Extension
Send Message - Extension
Send User Message - Extension
UiRequest - Extension UI request payload (host -> UI surface).
- Extension
UiResponse - Extension UI response payload (UI surface -> host).
- FsConnector
- FsScopes
- Host
Call Context - Context for the shared hostcall dispatcher.
- Host
Call Error - Host
Call Payload - Host
Result Payload - Host
Stream Backpressure - Host
Stream Chunk - Hostcall
Reactor Backpressure - Backpressure signal when a reactor shard lane is full.
- Hostcall
Reactor Completion - Completion of a reactor-dispatched hostcall.
- Hostcall
Reactor Config - Configuration for the core-pinned hostcall reactor mesh.
- Hostcall
Reactor Mesh - Deterministic SPSC reactor mesh for hostcall traffic.
- Hostcall
Reactor Request - A hostcall request enqueued into the reactor mesh for shard-local dispatch.
- Hostcall
Reactor Telemetry - Lightweight queueing telemetry for the reactor mesh.
- Incident
Bundle Filter - Filter criteria for scoping an incident evidence bundle.
- Incident
Bundle Redaction Policy - Redaction policy applied when exporting a bundle.
- Incident
Bundle Summary - High-level summary statistics for an incident evidence bundle.
- Incident
Bundle Verification Report - Verification report for an incident evidence bundle.
- Incident
Evidence Bundle - A self-contained incident evidence bundle containing all security artifacts for a filtered scope. Deterministic for the same scope and data.
- JsExtension
Load Spec - JsExtension
Runtime Handle - Handle to the JS extension runtime thread.
- Kill
Switch Audit Entry - Audit entry for a kill-switch activation or deactivation.
- Kill
Switch Result - Result of a kill-switch operation.
- LogCorrelation
- LogPayload
- LogSource
- Native
Rust Extension Load Spec - OcoTuner
Config - OCO controller configuration for queue, batch, and time-slice budgets.
- OcoTuner
Snapshot - Snapshot of OCO-tuned budgets for one extension.
- Policy
Check - Policy
Explanation - Full structured explanation of an effective policy, suitable for runtime diagnostics and audit logging.
- Policy
Snapshot - Precomputed per-extension capability decision table for O(1) hostcall authorization.
- Profile
Transition Check - Result of checking whether a profile transition constitutes a valid downgrade (tightening of security posture).
- Quota
Breach Event - Telemetry event emitted when a quota limit is breached.
- Regime
Shift Config - Configuration for CUSUM/BOCPD regime-shift detection that augments the simple sliding-window counting in the budget controller.
- Regime
Shift Snapshot - Telemetry snapshot of the regime-shift detector for one extension.
- Register
Payload - Rollback
Trigger - Automatic rollback trigger conditions. When any condition is met, the
rollout automatically reverts to
Shadowphase. - Rollback
Window Stats - Rolling statistics over the rollback evaluation window.
- Rollout
Decision Sample - A single decision sample in the rollback evaluation window.
- Rollout
State - Snapshot of graduated rollout state for operator inspection (SEC-7.2).
- Rollout
Tracker - Mutable rollout tracking state stored inside
ExtensionManagerInner. - Runtime
Hostcall Feature Vector - Runtime
Hostcall Sequence Context - Runtime
Hostcall Telemetry Artifact - Runtime
Hostcall Telemetry Event - Runtime
Risk Baseline Model - Complete baseline model for an extension, built from approved traces.
- Runtime
Risk Calibration Config - Runtime
Risk Calibration Report - Runtime
Risk Config - Deterministic runtime risk-controller settings for extension hostcalls.
- Runtime
Risk Expected Loss Evidence - Runtime
Risk Explanation Budget State - Runtime
Risk Explanation Contributor - Runtime
Risk Ledger Artifact - Runtime
Risk Ledger Artifact Entry - Runtime
Risk Ledger Integrity Error - Runtime
Risk Ledger Verification Report - Runtime
Risk Posterior Evidence - Runtime
Risk Replay Artifact - Runtime
Risk Replay Step - Runtime
Risk Threshold Calibration - Safety
Envelope Config - Configuration for conformal + PAC-Bayes safety envelopes that wrap adaptive optimization decisions.
- Safety
Envelope Snapshot - Telemetry snapshot of the safety envelope for one extension.
- Secret
Broker Artifact - Structured artifact for secret broker decision history (SEC-4.3).
- Secret
Broker Ledger Entry - Telemetry entry for secret broker decisions.
- Secret
Broker Policy - Patterns used to identify environment variables likely to contain secrets.
- Security
Alert - A structured security alert with who/what/why/action fields.
- Security
Alert Artifact - Container artifact for a stream of security alerts, suitable for export and downstream integration.
- Security
Alert Category Counts - Per-category alert counts for quick triage.
- Security
Alert Filter - Filter criteria for querying security alerts.
- Security
Alert Severity Counts - Per-severity alert counts.
- Slash
Command Payload - Slash
Result Payload - Tool
Call Payload - Tool
Result Payload - Trust
Onboarding Decision - Audit entry for a trust onboarding decision.
- Wasm
Extension - Wasm
Extension Handle - Wasm
Extension Host - Wasm
Extension Load Spec
Enums§
- Capability
- Enumeration of all recognised extension capabilities.
- Common
Hostcall Opcode - Dangerous
Command Class - Classification of dangerous command patterns for exec mediation.
- Enforcement
State - Enforcement states ordered by severity.
- Exec
Mediation Result - Result of exec mediation evaluation.
- Exec
Risk Tier - Risk tier for exec command classification.
- Extension
Body - Extension
Budget Tier - Workload tier presets for the hostcall budget controller.
- Extension
Deliver As - Extension
Event Name - Event names for the extension lifecycle.
- Extension
Load Spec - Extension
Policy Mode - Extension
Runtime - Extension
Trust State - Trust state for an extension.
- FsOp
- Host
Call Error Code - LogComponent
- LogLevel
- Policy
Decision - Policy
Profile - Named policy profiles providing curated defaults.
- Quota
Check Result - Result of a quota check before dispatching a hostcall.
- Repair
Policy Mode - Rollout
Phase - Rollout phases for graduated enforcement. Operators progress through phases to build confidence before full enforcement.
- Runtime
Risk Action Value - Runtime
Risk Calibration Objective - Runtime
Risk Explanation Level Value - Runtime
Risk State Label Value - Security
Alert Action - Action taken in response to a security event.
- Security
Alert Category - Category of a security alert, enabling consumers to distinguish policy denials from anomaly-based denials at a glance.
- Security
Alert Severity - Severity level for security alerts, ordered from lowest to highest.
Constants§
- ALL_
CAPABILITIES - All known capabilities in definition order.
- COMPAT_
LEDGER_ SCHEMA_ VERSION - EXTENSION_
COMMAND_ BUDGET_ MS - Default cancellation budget for extension command execution (ms).
- EXTENSION_
EVENT_ TIMEOUT_ MS - Default cancellation budget for extension event handlers (ms).
- EXTENSION_
LOAD_ BUDGET_ MS - Default cancellation budget for extension loading (ms).
- EXTENSION_
PROVIDER_ BUDGET_ MS - Default cancellation budget for provider stream operations (ms).
- EXTENSION_
QUERY_ BUDGET_ MS - Default cancellation budget for extension queries (get tools, pump, flags) (ms).
- EXTENSION_
SHORTCUT_ BUDGET_ MS - Default cancellation budget for extension shortcut execution (ms).
- EXTENSION_
TOOL_ BUDGET_ MS - Default cancellation budget for extension tool execution (ms).
- EXTENSION_
UI_ BUDGET_ MS - Default cancellation budget for UI dialog operations (ms).
- HOSTCALL_
IO_ URING_ CONTEXT_ SCHEMA_ VERSION - HOSTCALL_
OPCODE_ SCHEMA_ VERSION - HOSTCALL_
OPCODE_ VERSION - INCIDENT_
EVIDENCE_ BUNDLE_ SCHEMA_ VERSION - LOG_
SCHEMA_ VERSION - NUM_
CAPABILITIES - Number of known capabilities (must match
ALL_CAPABILITIESlength). - PROTOCOL_
VERSION - RUNTIME_
HOSTCALL_ FEATURE_ BUDGET_ US - RUNTIME_
HOSTCALL_ FEATURE_ SCHEMA_ VERSION - RUNTIME_
HOSTCALL_ TELEMETRY_ SCHEMA_ VERSION - RUNTIME_
RISK_ BASELINE_ SCHEMA_ VERSION - RUNTIME_
RISK_ CALIBRATION_ SCHEMA_ VERSION - RUNTIME_
RISK_ EXPLANATION_ SCHEMA_ VERSION - RUNTIME_
RISK_ EXPLANATION_ TERM_ BUDGET - RUNTIME_
RISK_ EXPLANATION_ TIME_ BUDGET_ MS - RUNTIME_
RISK_ LEDGER_ SCHEMA_ VERSION - RUNTIME_
RISK_ REPLAY_ SCHEMA_ VERSION - SECURITY_
ALERT_ SCHEMA_ VERSION
Traits§
- Extension
Host Actions - Extension
Session - Minimal session access for extensions (hostcalls).
- Hostcall
Interceptor - Trait allowing tests to intercept hostcalls before they reach real dispatch.
Return
Some(outcome)to short-circuit, orNoneto fall through to real dispatch.
Functions§
- amac_
telemetry_ snapshot - Query the AMAC batch executor telemetry for the current thread.
- build_
baseline_ from_ ledger - Build a complete baseline model from a runtime risk ledger artifact.
- build_
baseline_ from_ ledger_ with_ options - Build a baseline model with customizable thresholds.
- build_
incident_ evidence_ bundle - Build an incident evidence bundle from raw artifacts with filtering and redaction applied. Deterministic: same inputs produce the same bundle.
- calibrate_
runtime_ risk_ from_ ledger - classify_
dangerous_ command - Classify a command string into dangerous command classes.
- compute_
incident_ bundle_ hash - Compute the SHA-256 integrity hash of a bundle’s content and metadata.
- detect_
baseline_ drift - Detect drift in live features compared to a baseline model.
- dispatch_
host_ call_ shared - Dispatch a hostcall through the unified ABI surface.
- emit_
security_ alert - Record a security alert and emit a tracing event at the appropriate level.
- evaluate_
exec_ mediation - Evaluate exec mediation policy for a command.
- extension_
event_ from_ agent - Extract extension event information from an agent event.
- extension_
event_ name_ from_ agent - Cheap extraction of just the extension event name from an agent event,
without serializing the payload. Use this to check
has_hook_for()before paying theserde_json::to_value()cost. - handle_
extension_ message - Handle an incoming
ExtensionMessageof typehost_callby dispatching through the shared hostcall ABI and returninghost_resultmessages. - host_
result_ to_ outcome - Convert a
HostResultPayloadinto the JS-facingHostcallOutcome. - hostcall_
request_ to_ payload - Convert a
HostcallRequest(JS-origin) into the canonicalHostCallPayload. - is_
coalescable_ event - Returns
trueif the given event is fire-and-forget (response is discarded) and can be safely coalesced — i.e. only the most recent version matters. - is_
lifecycle_ event - Returns
truefor agent lifecycle events that are dispatched directly by the agent loop via [AgentSession::dispatch_extension_lifecycle_event]. - load_
extension_ manifest - outcome_
to_ host_ result - Convert a
HostcallOutcomeinto aHostResultPayload. - query_
security_ alerts - Query the alert stream with optional filters.
- redact_
command_ for_ logging - Redact secrets in a command string for safe logging.
- replay_
runtime_ risk_ ledger_ artifact - required_
capability_ for_ host_ call - resolve_
extension_ load_ spec - runtime_
risk_ compute_ ledger_ hash_ artifact - runtime_
risk_ ledger_ data_ hash - safe_
canonicalize - Canonicalize a path, stripping the
\\?\verbatim prefix on Windows. - sha256_
hex_ standalone - Compute SHA-256 hex digest of a string.
- strip_
unc_ prefix - Strip the
\\?\or//?/verbatim prefix from a path on Windows. No-op on Unix. - trace_
jit_ telemetry_ snapshot - Query the trace-JIT compiler telemetry for the current thread.
- verify_
incident_ evidence_ bundle - Verify the integrity of an incident evidence bundle.
- verify_
runtime_ risk_ ledger_ artifact