feat(plugins): add advanced plugin system with full TUI customization#551
Merged
feat(plugins): add advanced plugin system with full TUI customization#551
Conversation
- Add UiRegion enum for content injection zones (header, footer, sidebars, overlays) - Add comprehensive style types: Color, TextStyle, WidgetStyle, BorderStyle - Add WidgetSize/WidgetConstraints for layout control - Expand UiWidget with Text, List, Table, Gauge, Sparkline, layouts, Block - Add keyboard binding types: KeyBinding, KeyModifier, KeyBindingResult - Add ThemeColors and ThemeOverride for dynamic theming - Add hooks: WidgetRegisterHook, KeyBindingHook, ThemeOverrideHook - Add LayoutCustomizeHook with LayoutPanel and LayoutDirection - Add ModalInjectHook with ModalDefinition and ModalLayer - Add ToastShowHook with ToastDefinition and ToastLevel - All public types documented, 9 unit tests passing
- Add TypeScript template for JS/TS plugin development - Add tsconfig.json template for TypeScript plugins - Add hot-reload configuration template with watch patterns and debounce - Add testing utilities template with MockContext and MockToolInput - Add advanced Rust template with TUI hooks, widgets, and keybindings - Add HotReloadConfig struct with builder pattern - Add scaffold_advanced() method for advanced plugin scaffolding - Add tests for all new generator functions
Add comprehensive hook registration support for all TUI-related hooks: - UI hooks: UiRender, WidgetRegister, KeyBinding, ThemeOverride, LayoutCustomize, ModalInject, ToastShow - TUI event hooks: TuiEventSubscribe, TuiEventDispatch, CustomEventEmit, EventIntercept, AnimationFrame - Additional hooks: CommandExecuteBefore/After, InputIntercept, SessionStart/End, FocusChange Each hook type includes: - Registered hook wrapper struct with plugin_id, hook, and priority - Registration method with priority-based sorting - Unregistration support via unregister_plugin() - Hook count tracking via hook_count() and total_hook_count() - Plugin tracking via registered_plugins()
…stem WASM Runtime DoS Protection: - Add fuel-based CPU limiting (10M operations max) - Add epoch interruption support for timeout handling - Implement ResourceLimiter with 16MB memory cap - Add table/instance/memory limits - Remove panic-prone Default impl for WasmRuntime Path Traversal Prevention: - Canonicalize all paths before access checks - Resolve symlinks to prevent traversal via symlinks - Validate paths stay within allowed boundaries - Handle non-existent paths safely for write operations Fail-Closed Security Model: - Empty command allowlist now denies all commands - Empty domain allowlist now denies all network access - None allowed_domains denies network access - Explicit opt-in required via '*' wildcard SSRF Protection: - Block localhost/loopback addresses (127.0.0.1, ::1, etc.) - Block private IP ranges (10.x, 172.16-31.x, 192.168.x) - Block link-local addresses (169.254.x.x) - Block .local/.internal domain suffixes - Block dangerous ports (SSH, databases, etc.) - Allow only http/https protocols Permission Hook Security: - Document security implications of Allow decision - Add requires_elevated_trust() method - Add validate_for_third_party() method Hook Priority Security: - Reserve priorities 0-49 for system use - Add SYSTEM_CRITICAL, SYSTEM, SYSTEM_HIGH constants - Add PLUGIN_MIN (50), PLUGIN_HIGH (75) for third-party - Add validate_for_plugin() method - Deprecate HIGHEST/HIGH in favor of explicit names SDK Safety Documentation: - Add SAFETY comments to all unsafe FFI calls - Document host contract assumptions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a comprehensive enhancement to the plugin system, enabling developers to fully customize the CLI and TUI through plugins.
Changes
TUI Event Hooks
UI Hooks Expansion
Hook Registry
SDK Enhancements
Command Completion
Security Improvements
Testing