frank/ruvnet--RuView
1
0
Fork 0
mirror of https://github.com/ruvnet/RuView synced 2026-06-23 12:33:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c84ea39e62d14dcafe61fc80d357dfe0349462cd
ruvnet--RuView/v2/crates/homecore-plugins/Cargo.toml
T
ruv 0ca903b497 feat(homecore-plugins): enforce plugin signature + capability isolation (ADR-162 P4/P5) 
ADR-161 honestly relabelled the manifest's wasm_module_hash / wasm_module_sig /
publisher_key as "(P4 — not yet enforced)" and the homecore_permissions claims
as deferred P5 authority isolation. This makes both real and tested.

P4 (signature/integrity verification, SECURITY):
- New `verify` module: SHA-256 module-hash check + Ed25519 signature
  verification over the digest against publisher_key, with a PluginPolicy
  trust allowlist and an explicit AllowUnsigned dev escape hatch (loud warn).
  Secure default rejects unsigned / unknown-publisher / tampered modules.
- Reuses the in-repo cog-ha-matter::witness_signing Ed25519 pattern; sha2 is a
  workspace dep, ed25519-dalek/hex/base64 already in the lock — no new external
  dep tree (only new edges in homecore-plugins).
- WasmtimeRuntime::load_plugin verifies before instantiation; legacy load_wasm
  retained for trusted/test modules.

P5 (authority/capability isolation, SECURITY):
- New `permissions` module: PermissionSet distilled from homecore_permissions
  (state:write:<glob> or bare entity glob). hc_state_set now consults it and
  returns a typed -3 to the guest on an undeclared write (no host panic).

Tests (fail on old code, which had no load_plugin/verify and an unchecked
hc_state_set): tampered module rejected; valid sig from trusted key loads;
valid sig from untrusted key rejected; unsigned rejected by default and loads
only under AllowUnsigned; light.* plugin writes light.kitchen but is denied
lock.front_door; no-permission plugin can write nothing. Real deterministic
keypair signs real bytes.

Manifest doc updated: P4/P5 now ENFORCED (was "not yet enforced").

homecore-plugins --features wasmtime: 32 passed (lib 23, integration 9), 0 failed.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-06-12 01:33:52 -04:00

74 lines
2.8 KiB
TOML
Raw Blame History

# HOMECORE-PLUGINS — WASM integration plugin system.
# Implements ADR-128 (HOMECORE-PLUGINS), P1 scaffold:
# - PluginManifest (serde-deserialised, superset of HA manifest.json)
# - HomeCorePlugin async trait + PluginId + PluginError
# - PluginRuntime trait + InProcessRuntime (native Rust, first-party plugins)
# - PluginRegistry (load / unload / list)
#
# P2 will add the `wasmtime` feature (gated below, default-off) for the real
# Wasmtime JIT sandbox. wasm3 interpretation mode lands behind `--features wasm3`
# in P3 for constrained-hardware targets.
[package]
name = "homecore-plugins"
version = "0.1.0-alpha.0"
edition = "2021"
license = "MIT"
authors = ["rUv <ruv@ruv.net>", "HOMECORE Contributors"]
description = "WASM integration plugin runtime for HOMECORE (ADR-128 P1 scaffold)"
repository = "https://github.com/ruvnet/RuView"
[lib]
name = "homecore_plugins"
path = "src/lib.rs"
[features]
default = []
# P2: real Wasmtime JIT sandbox (Cranelift; ~15 MB binary delta on Pi 5).
# Do not enable in production until the host ABI is frozen (ADR-128 §8 risk).
wasmtime = ["dep:wasmtime"]
# P3: wasm3 interpretation mode for constrained hardware (~50 kB).
wasm3 = ["dep:wasm3"]
[dependencies]
# HOMECORE state machine — local path (ADR-127).
homecore = { path = "../homecore", version = "0.1.0-alpha.0" }
# Async runtime — same version as workspace.
tokio = { version = "1", features = ["sync", "rt", "rt-multi-thread", "time", "macros"] }
# Async trait support for HomeCorePlugin.
async-trait = "0.1"
# Error handling.
thiserror = "1"
# Serialisation (manifest JSON + ABI call payloads).
serde = { version = "1", features = ["derive"] }
serde_json = "1"
# UUIDs for config entry IDs in host_abi.rs.
uuid = { version = "1", features = ["v4"] }
# ── ADR-162 P4: plugin signature + integrity verification ──────────────────
# Reuses the same in-repo crypto stack as cog-ha-matter (witness_signing.rs):
# Ed25519 over a SHA-256 module digest. All four are already in the workspace
# Cargo.lock (cog-ha-matter / bfld pull them in) — no new external dep tree.
ed25519-dalek = "2.1"
sha2 = { workspace = true }
hex = "0.4"
base64 = "0.22"
# Optional Wasmtime runtime (P2, default-off — 30 MB dep).
# Bumped from 25.0.3 → 42 to remediate RUSTSEC-2026-0095 and RUSTSEC-2026-0096
# (Cranelift/Winch sandbox-escape CVEs, CVSS 9.0 — iter-11 security sprint HC-03/04).
wasmtime = { version = "42", optional = true }
# Optional wasm3 interpretation runtime (P3, default-off).
wasm3 = { version = "0.3", optional = true }
[dev-dependencies]
tokio = { version = "1", features = ["sync", "rt", "rt-multi-thread", "time", "macros", "test-util"] }
# WAT text-format compiler for inline WASM unit tests (wasmtime feature only).
wat = { version = "1", optional = false }
Reference in New Issue View Git Blame Copy Permalink