[WIP] Plugin System — Master Implementation Plan (QuickJS, RCU dispatch, capability security)#360
Merged
Merged
Conversation
Two new crates: jcode-plugin-core (types, manifest, security, events) and jcode-plugin-runtime (QuickJS sandbox, RCU dispatcher, plugin loader, audit). Wire-up spans the agent loop (7 event injection points), tool dispatch (plugin_-prefixed tools route through the system), CLI (install/list/info/ enable/disable/audit/doctor subcommands), config ([plugin] section), and protocol (PluginServerEvent variants for cross-process forwarding). - 123 unit tests in jcode-plugin-core (manifest, events, security, config, capability chain, preflight analysis with eval/process/fetch/sudo/rm -rf detection, plugin ID serde roundtrips). - 9 integration tests in jcode-plugin-runtime (register+dispatch flow, bitmap O(1) check, multi-plugin concurrent dispatch, unregister, audit ring buffer, kill switches, preflight pass/block). - Preflight runs before QuickJS eval in loader; blocks load on suspicious patterns, logs warnings on undeclared capability use. - Dispatcher uses join_all for concurrent handler invocation; RCU snapshot for zero-contention reads; bitmap for O(1) presence check. - Dual timeouts (500ms info / 5000ms actionable / 3600s permission) enforced per event in SandboxContext. - Three kill switches (JCODE_DISABLE_PLUGINS, JCODE_SKIP_PLUGINS, JCODE_TEAM_WORKER) with audit trail of all security decisions.
Implement jcode plugin system per plugin-master-plan.md: Plugin Runtime: - Add tui_api.rs: TUI API bridge (file ops, editor, shell, notifications) - Add tui_system.rs: event loop, snapshot polling, Lua coroutine integration - Update transpiler.rs: TSX/JSX support via SWC transforms - Add Lua sandbox require system with JSON/YAML/TOML parsers - Add execute_command, dialog, quick_pick, list_item Lua APIs - Add status severity mapping for plugin status items TUI Integration: - Add plugin_integration.rs: command palette, plugin status bar, hook dispatch - Wire PluginManager + ScriptRunner into TUI lifecycle - Add plugin commands to palette (/install, /enable, /disable, /run, etc.) - Add slash_commands metadata and hook_types to Plugin trait - Add EscapeEvent::PluginExit for plugin-driven dialog dismissal - Add PluginEvent variant to AppEvent for plugin-engine communication Documentation: - docs/plugins/README.md: plugin system overview - docs/plugins/getting-started.md: developer quick start - docs/plugins/api-reference.md: Lua API docs - docs/plugins/deploy.md: packaging and signing guide - docs/plugins/security.md: threat model and capability grants Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
added 2 commits
June 6, 2026 10:53
# Conflicts: # Cargo.lock # Cargo.toml # crates/jcode-app-core/src/lib.rs # crates/jcode-app-core/src/tool/mod.rs # crates/jcode-protocol/src/wire.rs # crates/jcode-tui/Cargo.toml # src/cli/dispatch.rs # src/cli/proctitle.rs
- Fix PluginEvent::COUNT: 28 -> 27 (discriminant 11 skipped, documented) - Fix sleep() blocking QuickJS thread: cap at 5s max - Fix block_on() panic: switch kv_store to std::sync::RwLock - Add STUB/WIP annotations to all unimplemented code paths: - HandlerSlot JS bridge (api.rs) - PromiseBridge::install (bridge.rs) - enable_plugin re-registration (server.rs) - register_js_tool (registry.rs) - SandboxContext::call_inner (sandbox.rs) - Keybinding/event handler wiring (tui_system.rs) - Wire capability chain checks in NativeBindings - Fix host matching: use proper hostname extraction instead of contains()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
Master implementation plan for jcode's JavaScript plugin system — embedded QuickJS runtime with RCU snapshot dispatch, 5-layer capability security, and dual server/TUI architecture.
Plan file:
.omo/plans/plugin-master-plan.md(1833 lines, 22 sections)Key Architecture Decisions
rquickjs— pi-agent-rust pattern, no external processpi.on(event, handler)subscription API — borrowed from pi-agent-rust + oh-my-pijcode plugin install <npm-package>CLIjcode-plugin-core+jcode-plugin-runtimeResearch Sources
Status
Related