Plugin Capabilities Model
Every plugin declares its required capabilities in its EngineDescriptor.
Capability Enum
type Capability string
const (
// Host function capabilities (what the plugin can call)
CapSQL Capability = "host:sql" // Execute SQL via core's connection manager
CapHTTP Capability = "host:http" // Make HTTP calls via core's connection manager
CapStoreRead Capability = "host:store:read" // Read from core's plugin_data store
CapStoreWrite Capability = "host:store:write" // Write to core's plugin_data store
CapCryptoEncrypt Capability = "host:crypto" // Request encryption from core
CapAuditEmit Capability = "host:audit" // Emit audit events through core
// Engine type capabilities (what kind of engine this is)
CapDynamicCreds Capability = "engine:dynamic_credentials" // Create/revoke credentials
CapRootRotation Capability = "engine:root_rotation" // Rotate root credentials
CapCrypto Capability = "engine:crypto" // Encrypt/decrypt (transit engine)
CapCertificates Capability = "engine:certificates" // Sign/revoke certificates (PKI/SSH)
)
Plugins declare capabilities in their descriptor. The core only exposes the host functions the plugin declared. A plugin that declares CapSQL but not CapHTTP cannot make HTTP calls — the host function simply does not exist in its sandbox.
Security Property
Plugins have NO direct access to network, filesystem, or core memory. All external access is mediated through host functions that the core controls.
Capability Grant Rules
| Plugin Tier | Capability Grant |
|---|---|
| Official (signed by GetArcan) | All declared capabilities auto-granted |
| Enterprise (activation key) | All declared + enterprise-only capabilities |
| Community (user-signed, future) | User must explicitly approve each capability on install |
The core checks capabilities before forwarding requests to plugins. A plugin that declares CapDynamicCreds but not CapCrypto will receive PermissionDenied if an Encrypt() call is routed to it.