1.5 KiB
1.5 KiB
Plugin Sandbox (Process Isolation)
Module
Plugin
Status
IMPLEMENTED
Description
Process-level plugin sandboxing with gRPC communication bridge for secure out-of-process plugin execution.
Implementation Details
- PluginTrustLevel:
src/Plugin/StellaOps.Plugin.Abstractions/PluginTrustLevel.cs-- enum: BuiltIn (in-process full access), Trusted (isolated monitored), Untrusted (sandboxed restricted) - PluginHost trust routing:
src/Plugin/StellaOps.Plugin.Host/PluginHost.cs-- DetermineTrustLevel routes plugins to BuiltIn (matching BuiltInPluginIds), Trusted (matching TrustedPluginIds/TrustedVendors), or Untrusted (default); trust level passed to loader and context factory for execution environment selection - PluginLifecycleManager:
src/Plugin/StellaOps.Plugin.Host/Lifecycle/PluginLifecycleManager.cs-- manages state transitions with PluginStateMachine - PluginStateMachine:
src/Plugin/StellaOps.Plugin.Host/Lifecycle/PluginStateMachine.cs-- enforces valid lifecycle state transitions - PluginHealthMonitor:
src/Plugin/StellaOps.Plugin.Host/Health/PluginHealthMonitor.cs-- periodic health checks with HealthChanged events - Source: Feature matrix scan
E2E Test Plan
- Verify untrusted plugins execute in sandboxed process with restricted capabilities
- Test trusted plugins run isolated but with monitoring
- Verify built-in plugins run in-process with full access
- Test health monitoring detects unhealthy sandboxed plugins
- Verify process isolation prevents sandbox escape