Summary
Plugins currently receive a PluginRegistry with full access to actions, signals, state, events, and the orchestrator. A malicious or buggy plugin can crash the service or manipulate any state.
Proposal
- Introduce capability levels for plugins (e.g.,
read-only, state-only, full)
- Plugin config should declare required capabilities
- The registry passed to
register() should be scoped to the declared capabilities
- A read-only plugin would receive a registry that omits write methods or raises on write attempts
Why
Defense in depth — even on a local service, a third-party plugin shouldn't need orchestrator access just to display a status widget. This also makes plugin intent explicit in configuration.
Summary
Plugins currently receive a
PluginRegistrywith full access to actions, signals, state, events, and the orchestrator. A malicious or buggy plugin can crash the service or manipulate any state.Proposal
read-only,state-only,full)register()should be scoped to the declared capabilitiesWhy
Defense in depth — even on a local service, a third-party plugin shouldn't need orchestrator access just to display a status widget. This also makes plugin intent explicit in configuration.