Skip to content

Add plugin capability restrictions#13

Merged
sebastientaggart merged 1 commit intomainfrom
feature/plugin-capabilities
Apr 8, 2026
Merged

Add plugin capability restrictions#13
sebastientaggart merged 1 commit intomainfrom
feature/plugin-capabilities

Conversation

@sebastientaggart
Copy link
Copy Markdown
Member

@sebastientaggart sebastientaggart commented Apr 8, 2026

Plugins now declare a capability level (read-only, state-only, or full) in configuration. The PluginRegistry passed to each plugin's register() is scoped to that level via proxy wrappers — attempts to call disallowed methods raise PermissionError. Non-full plugins also receive orchestrator=None. Config supports string, "module:capability" shorthand, and dict forms; defaults to full for backward compatibility.

Also bundles tangential working-tree edits to .claude/commands/*, .cursor/rules/*, and the CodeCannon submodule pointer.

Test plan

  • make check passes (61 tests)
  • Smoke test make dev with a config-declared read-only plugin

Closes #4

@sebastientaggart sebastientaggart linked an issue Apr 8, 2026 that may be closed by this pull request
Add capability restrictions to plugin registry #4
Closed
@sebastientaggart
Copy link
Copy Markdown
Member Author

sebastientaggart commented Apr 8, 2026

Review Summary

Verdict: APPROVE

Findings

  • [WARNING] ScopedStateStore.__getattr__ transparently delegates any non-underscore attribute to the inner StateStore. If future write helpers are added to StateStore (e.g. bulk update, delete), they would silently bypass the capability check for read-only/state-only plugins. Consider an explicit allow-list of read methods instead of a catch-all delegator.
  • [NOTE] ScopedActionRegistry.run is permitted for state-only (only read-only is denied), but the module docstring says state-only has "no orchestrator access" and cannot register actions "which by definition drive orchestrator commands." Allowing state-only to invoke actions is mildly inconsistent with that framing — either tighten run to full-only or clarify the docstring.
  • [NOTE] load_plugins type hint uses Union[str, PluginSpec] while the rest of the file uses PEP 604 X | Y syntax; minor style inconsistency.

Correctness, tests, and capability enforcement look good. Settings parsing covers string, module:capability shorthand, and dict forms with validation. No security issues spotted.

@sebastientaggart sebastientaggart merged commit 6ebd10d into main Apr 8, 2026
This was referenced Apr 8, 2026
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add capability restrictions to plugin registry

1 participant

@sebastientaggart