git.stella-ops.org/docs/features/unchecked/plugin/plugin-sandbox.md

# Plugin Sandbox (Process Isolation)

## Module
Plugin

## Status
IMPLEMENTED

## Description
Process-level plugin sandboxing with gRPC communication bridge for secure out-of-process plugin execution.

## Implementation Details
- **PluginTrustLevel**: `src/Plugin/StellaOps.Plugin.Abstractions/PluginTrustLevel.cs` -- enum: BuiltIn (in-process full access), Trusted (isolated monitored), Untrusted (sandboxed restricted)
- **PluginHost trust routing**: `src/Plugin/StellaOps.Plugin.Host/PluginHost.cs` -- DetermineTrustLevel routes plugins to BuiltIn (matching BuiltInPluginIds), Trusted (matching TrustedPluginIds/TrustedVendors), or Untrusted (default); trust level passed to loader and context factory for execution environment selection
- **PluginLifecycleManager**: `src/Plugin/StellaOps.Plugin.Host/Lifecycle/PluginLifecycleManager.cs` -- manages state transitions with PluginStateMachine
- **PluginStateMachine**: `src/Plugin/StellaOps.Plugin.Host/Lifecycle/PluginStateMachine.cs` -- enforces valid lifecycle state transitions
- **PluginHealthMonitor**: `src/Plugin/StellaOps.Plugin.Host/Health/PluginHealthMonitor.cs` -- periodic health checks with HealthChanged events
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Verify untrusted plugins execute in sandboxed process with restricted capabilities
- [ ] Test trusted plugins run isolated but with monitoring
- [ ] Verify built-in plugins run in-process with full access
- [ ] Test health monitoring detects unhealthy sandboxed plugins
- [ ] Verify process isolation prevents sandbox escape