Module plugin 

Plugin runtime: wasmtime Component Model.

Replaces the dlopen-era libloading implementation with a sandboxed WebAssembly Component Model runtime. See docs/superpowers/specs/2026-04-27-wasm-plugin-runtime-design.md for the full design.

Pipeline:

1. PluginManager::new() builds a shared wasmtime::Engine.
2. For each enabled plugins.toml entry, load_plugin either uses the .cwasm cache (if all 5 trust conditions hold) or precompiles in-memory.
3. Per-plugin Store<HostContext> is created once and reused for every exec / hook dispatch.
4. with_env is the single dispatch wrapper. An EnvGuard RAII guard binds a raw *mut ShellEnv for the duration of the callback and resets to null on every exit path (Ok/Err/panic). The pointer is the only unsafe site in the binding layer.
5. exec_command returns a 3-valued PluginExec so callers in src/exec/ cannot accidentally fall through to PATH lookup when a plugin handler exists but failed.

Modules

cache

cwasm cache key + sidecar metadata + 5-condition trust validation.

config

pattern

Glob-style argv allowlist patterns for the commands:exec capability.

Structs

PluginManager

Manages loaded plugins and dispatches commands/hooks.

Enums

PluginExec

Result of attempting to dispatch a command to the plugin layer.