Expand description
Permission system for plugin capabilities
This module provides a flexible, customizable permission system for controlling what capabilities plugins can access. It’s designed as a framework that application developers can customize to fit their needs.
§Architecture
┌─────────────────────────────────────────────────────────────────────────┐
│ PermissionConfig │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐│
│ │ Strategy │ │ Store │ │ Prompt │ │ Audit ││
│ │ │ │ │ │ │ │ ││
│ │ - Default │ │ - File │ │ - Terminal │ │ - File (JSONL) ││
│ │ - Strict │ │ - Memory │ │ - Auto │ │ - Memory ││
│ │ - Permissive│ │ - ReadOnly │ │ - Recording │ │ - Null ││
│ │ - CI │ │ │ │ │ │ - Composite ││
│ │ - TrustAll │ │ │ │ │ │ ││
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────────────┘│
└─────────────────────────────────────────────────────────────────────────┘§Quick Start
§Using Presets
ⓘ
use sen_plugin_host::permission::PermissionPresets;
// Interactive development
let config = PermissionPresets::interactive("myapp")?;
// CI/CD pipeline
let config = PermissionPresets::ci("myapp", None)?;
// Testing
let config = PermissionPresets::testing();§Custom Configuration
ⓘ
use sen_plugin_host::permission::{
PermissionConfigBuilder,
DefaultPermissionStrategy,
MemoryPermissionStore,
TerminalPromptHandler,
TrustFlagConfig,
};
use sen_plugin_host::audit::NullAuditSink;
let config = PermissionConfigBuilder::new()
.app_name("myapp")
.strategy(DefaultPermissionStrategy)
.store(MemoryPermissionStore::new())
.prompt(TerminalPromptHandler::new())
.audit(NullAuditSink)
.trust_flags(TrustFlagConfig::default())
.build()?;§Components
§Strategy
Controls how permission decisions are made:
| Strategy | Granularity | Prompts | Best For |
|---|---|---|---|
| Default | Plugin | When needed | General use |
| Strict | Command | Always (interactive) | Security |
| Permissive | Plugin | Network only | Development |
| CI | Plugin | Never | CI/CD |
| TrustAll | Plugin | Never | Testing only |
§Store
Persists granted permissions:
FilePermissionStore: JSON file in config directoryMemoryPermissionStore: In-memory (session only)ReadOnlyPermissionStore: Wrapper that prevents writes
§Prompt
Handles user interaction:
TerminalPromptHandler: Interactive terminal promptsAutoPromptHandler: Automatic approve/denyRecordingPromptHandler: Records prompts (testing)
§Trust Flags
Configurable CLI flags for explicit trust:
# Default format
myapp --trust-plugin=hello run
# Allow-style (configurable)
myapp --allow-plugin=hello run
# Custom aliases
myapp --yolo run # Trust all (if configured)Re-exports§
pub use presets::PermissionConfig;pub use presets::PermissionConfigBuilder;pub use presets::PermissionPresets;pub use presets::PresetError;pub use prompt::AutoPromptHandler;pub use prompt::RecordingPromptHandler;pub use prompt::TerminalPromptHandler;pub use prompt::PromptError;pub use prompt::PromptHandler;pub use prompt::PromptResult;pub use store::FilePermissionStore;pub use store::MemoryPermissionStore;pub use store::ReadOnlyPermissionStore;pub use store::PermissionStore;pub use store::StoreError;pub use store::StoredPermission;pub use store::StoredTrustLevel;pub use strategy::CiPermissionStrategy;pub use strategy::DefaultPermissionStrategy;pub use strategy::PermissivePermissionStrategy;pub use strategy::StrictPermissionStrategy;pub use strategy::TrustAllStrategy;pub use strategy::PermissionContext;pub use strategy::PermissionDecision;pub use strategy::PermissionGranularity;pub use strategy::PermissionStrategy;pub use trust::TrustDirectives;pub use trust::TrustEffect;pub use trust::TrustFlagAlias;pub use trust::TrustFlagConfig;pub use trust::TrustFlagPresets;pub use trust::TrustTarget;