From 4cd4a06e987a70e33c11b30f21c473fc0f5de4d7 Mon Sep 17 00:00:00 2001 From: Hare Date: Sun, 21 Jun 2026 16:17:57 +0900 Subject: [PATCH] ticket: route plugin request capabilities --- .../artifacts/orchestration-plan.jsonl | 1 + .yoi/tickets/00001KVMG8FTW/item.md | 4 +- .yoi/tickets/00001KVMG8FTW/thread.md | 96 +++++++++++++++++++ .../00001KVMGAEJN/artifacts/relations.json | 13 +++ .yoi/tickets/00001KVMGAEJN/item.md | 4 +- .yoi/tickets/00001KVMGAEJN/thread.md | 39 ++++++++ 6 files changed, 153 insertions(+), 4 deletions(-) create mode 100644 .yoi/tickets/00001KVMG8FTW/artifacts/orchestration-plan.jsonl create mode 100644 .yoi/tickets/00001KVMGAEJN/artifacts/relations.json diff --git a/.yoi/tickets/00001KVMG8FTW/artifacts/orchestration-plan.jsonl b/.yoi/tickets/00001KVMG8FTW/artifacts/orchestration-plan.jsonl new file mode 100644 index 00000000..b89690f2 --- /dev/null +++ b/.yoi/tickets/00001KVMG8FTW/artifacts/orchestration-plan.jsonl @@ -0,0 +1 @@ +{"id":"orch-plan-20260621-071725-1","ticket_id":"00001KVMG8FTW","kind":"accepted_plan","accepted_plan":{"summary":"Refactor Plugin one-shot outbound host API from `host_api.https` / `grants.https` to URL-permission-based `host_api.request`, including manifest request targets, enablement grants, runtime two-stage authorization, local/private explicit permissions, inspection diagnostics, docs/templates, and focused tests.","branch":"impl/00001KVMG8FTW-plugin-request-host-api","worktree":"/home/hare/Projects/yoi/.worktree/00001KVMG8FTW-plugin-request-host-api","role_plan":"Orchestrator accepts parallel implementation, creates a child worktree, and spawns a narrow-scope Coder. Reviewer will be spawned read-only after Coder reports implementation commit(s). After approval, Orchestrator will integrate into `orchestration`, validate, record closure, and clean only the child worktree/branch. Coordinate manually if active Workspace web branch creates Cargo.lock/package.nix conflicts."},"author":"yoi-orchestrator","at":"2026-06-21T07:17:25Z"} diff --git a/.yoi/tickets/00001KVMG8FTW/item.md b/.yoi/tickets/00001KVMG8FTW/item.md index 85611349..2b55dd7a 100644 --- a/.yoi/tickets/00001KVMG8FTW/item.md +++ b/.yoi/tickets/00001KVMG8FTW/item.md @@ -1,8 +1,8 @@ --- title: 'Plugin: host_api.https を廃止して URL 権限ベースの host_api.request に統合する' -state: 'queued' +state: 'inprogress' created_at: '2026-06-21T07:10:30Z' -updated_at: '2026-06-21T07:15:41Z' +updated_at: '2026-06-21T07:17:25Z' assignee: null readiness: 'implementation_ready' risk_flags: ['plugin', 'host-api', 'public-api', 'permissions', 'security', 'local-network', 'breaking-change'] diff --git a/.yoi/tickets/00001KVMG8FTW/thread.md b/.yoi/tickets/00001KVMG8FTW/thread.md index d435f9b0..af38d9c2 100644 --- a/.yoi/tickets/00001KVMG8FTW/thread.md +++ b/.yoi/tickets/00001KVMG8FTW/thread.md @@ -13,4 +13,100 @@ LocalTicketBackend によって作成されました。 Ticket を `workspace-panel` が queued にしました。 +--- + + + +## Decision + +Routing decision: `implementation_ready` + +Reason: +- Ticket body は `host_api.https` 廃止、`host_api.request` 統一、manifest-declared URL/request target permissions、enablement grant 照合、runtime fail-closed、local/private target 明示 grant、broad/arbitrary URL 表示、docs/tests/diagnostics 更新まで具体化されている。 +- `readiness: implementation_ready` で、relations / orchestration plan に blocker はない。 +- Current active implementation `00001KVMFFYVX` は Workspace web control plane bootstrap で、主対象は backend/frontend/store/Nix packaging。This Ticket の主対象は plugin manifest/pod runtime/plugin CLI/docs/tests で直接の semantic blocker はない。過去のユーザー指示「blocker無いなら並列に」に従い、並列実装可能と判断する。 +- Orchestrator worktree is clean on `orchestration` at `f164483e` で、対象 Ticket 用 worktree / branch は未作成。 +- Visible Pods に対象 Ticket の child Pod は存在しない。 + +Evidence checked: +- Ticket body / thread / artifacts via `TicketShow` and direct `item.md` read。 +- `TicketRelationQuery(00001KVMG8FTW)`: no relations / blockers。 +- `TicketOrchestrationPlanQuery(00001KVMG8FTW)`: no records。 +- `ListPods`: active child is only `yoi-coder-00001KVMFFYVX`; no child for this Ticket。 +- Orchestrator git state / worktree list / branch list checked from `/home/hare/Projects/yoi/.worktree/orchestration` only。 +- Bounded code map: + - `crates/manifest/src/plugin.rs`: `PluginGrantConfig.https`, `PluginHttpsGrant`, `PluginHostApi::Https`, permission/grant resolution/tests。 + - `crates/pod/src/feature/plugin.rs`: `PluginHttps*` runtime request path, `yoi:host/https@1.0.0` / raw wasm `yoi:https` imports, URL validation, request bounds, credential header checks, public-IP guard, allowlist checks, plugin tests。 + - `crates/yoi/src/plugin_cli.rs`: inspection formatting for configured HTTPS grants。 + - `docs/development/plugin-development.md`: active `host_api.https` / `grants.https` docs。 + +IntentPacket: + +Intent: +- Replace public/model/config-facing `host_api.https` with URL-permission based one-shot `host_api.request`. +- Keep existing safe outbound request behavior where applicable, but generalize schemes/targets so explicit manifest + enablement grants can authorize loopback/private/local targets. +- Keep WebSocket / SSE / persistent connections out of `request`. + +Binding decisions / invariants: +- Do not add backward compatibility aliases for `host_api.https`, `PluginHttps*`, or `grants.https` in active APIs unless explicitly escalated and reapproved。 +- Model/config-facing naming must be `request`; internal names should also avoid `PluginHttps*` unless truly private transitional code is justified and not exposed。 +- Runtime authorization requires both manifest-declared request target permission and enablement grant for that target。 +- Grant-only without manifest request must fail closed or be explicitly diagnosed as unsafe/unused override; do not silently expand authority。 +- Requested-but-ungranted target must fail closed before network I/O。 +- Localhost/loopback/private/local targets are not ambient; they require manifest declaration and enablement grant。 +- Arbitrary URL / broad network access must be visibly distinguished from normal target grants in inspection/diagnostics。 +- Embedded credentials, credential-like headers, request/response bounds, external-content untrusted treatment, and no hidden context injection remain mandatory。 +- WebSocket URL / upgrade / persistent stream must be rejected or explicitly unsupported by `request`。 +- Existing HTTPS request use cases must continue under `host_api.request` with explicit request permission/grant。 + +Requirements / acceptance criteria: +- Active API naming uses `host_api.request` / request grant naming。 +- Plugin manifest statically declares request target permissions readable from manifest alone。 +- Enablement config grants request targets and is matched against manifest-declared targets。 +- Runtime checks method/scheme/host/port/path prefix against declared+granted URL permission。 +- `http://localhost` / loopback request can be allowed only with explicit declaration+grant。 +- Existing public HTTPS use case works as request。 +- Broad/arbitrary URL is supported only with clear broad display/diagnostic if implemented。 +- `yoi plugin show` / static inspection distinguishes requested, granted, denied/missing, and broad request permissions。 +- Docs/templates/tests/diagnostics are updated to request naming and WebSocket separate-capability policy。 + +Implementation latitude: +- Exact Rust/TOML type names are up to Coder, but active names should be request-oriented, e.g. `PluginRequestGrant`, `PluginRequestTarget`, `host_api.request`. +- Regex support is optional. If added, it must include review-readable normalized display/warning/label and tests for broad/opaque handling。 +- Request target schema may start with exact scheme/host/optional port/method/path prefix. Keep permission review human-readable。 +- Internal runtime can reuse/refactor existing HTTPS client/request code, but reviewer should see active API renaming and policy changes。 +- Raw wasm/component import migration may choose new import names with tests; if keeping an internal compatibility import is unavoidable, escalate before committing. + +Escalate if: +- Compatibility alias for old `host_api.https` / `grants.https` seems required。 +- Local/private target policy would open without both manifest declaration and grant。 +- Arbitrary URL access becomes visually indistinguishable from normal grants。 +- WebSocket/SSE/daemon lifecycle begins to enter `request`。 +- Secret-bearing headers/env/config would flow from guest memory without explicit SecretRef/grant design。 +- Regex support becomes opaque or hard to review。 +- Parallel active `00001KVMFFYVX` work creates unavoidable `Cargo.lock` / `package.nix` conflict; report rather than broad-rebasing alone。 + +Validation plan: +- `cargo fmt --check` +- Focused manifest plugin tests for request permission parsing/resolution and naming removal。 +- Focused pod plugin tests for grant allow/deny, requested-but-ungranted, granted-but-unrequested, loopback/local allow/deny, WebSocket/upgrade rejection, request/response bounds/credential-header safety。 +- Focused yoi plugin CLI tests for request permission/grant/broad/missing diagnostics。 +- Docs/template grep ensuring active `host_api.https` / `grants.https` / `PluginHttps*` naming is removed except historical Ticket text or explicitly justified migration notes。 +- `cargo check` for affected crates, `git diff --check`, `yoi ticket doctor`。 + +Reviewer focus: +- Breaking-change intent is real: no stale active docs/templates/CLI inspection still teaching `host_api.https`。 +- Authorization must be two-stage: manifest request + grant。 +- Local/private network must not become ambient。 +- Old public HTTPS use case must still work under request naming。 +- External content and hidden context constraints remain intact。 + +--- + + + +## State changed + +Human authorized queue routing from Workspace Dashboard. Ticket has concrete acceptance criteria and no recorded blockers; active Workspace web control plane implementation is semantically separate enough for parallel implementation. Orchestrator accepts this Plugin host API refactor into implementation. + --- diff --git a/.yoi/tickets/00001KVMGAEJN/artifacts/relations.json b/.yoi/tickets/00001KVMGAEJN/artifacts/relations.json new file mode 100644 index 00000000..966cdb7d --- /dev/null +++ b/.yoi/tickets/00001KVMGAEJN/artifacts/relations.json @@ -0,0 +1,13 @@ +{ + "version": 1, + "relations": [ + { + "ticket_id": "00001KVMGAEJN", + "kind": "depends_on", + "target": "00001KVMG8FTW", + "note": "WebSocket capability design should reuse or deliberately diverge from the URL permission/request-target schema produced by `host_api.request`; current Ticket remains requirements_sync_needed until those design decisions are resolved.", + "author": "yoi-orchestrator", + "at": "2026-06-21T07:17:46Z" + } + ] +} diff --git a/.yoi/tickets/00001KVMGAEJN/item.md b/.yoi/tickets/00001KVMGAEJN/item.md index 62767bb4..7e8507f9 100644 --- a/.yoi/tickets/00001KVMGAEJN/item.md +++ b/.yoi/tickets/00001KVMGAEJN/item.md @@ -1,8 +1,8 @@ --- title: 'Plugin: URL 権限ベースの別 capability として WebSocket support を設計する' -state: 'queued' +state: 'planning' created_at: '2026-06-21T07:11:34Z' -updated_at: '2026-06-21T07:15:42Z' +updated_at: '2026-06-21T07:17:52Z' assignee: null readiness: 'requirements_sync_needed' risk_flags: ['plugin', 'host-api', 'websocket', 'service', 'ingress', 'lifecycle', 'permissions', 'security', 'persistence'] diff --git a/.yoi/tickets/00001KVMGAEJN/thread.md b/.yoi/tickets/00001KVMGAEJN/thread.md index d38a9af3..e0703cd0 100644 --- a/.yoi/tickets/00001KVMGAEJN/thread.md +++ b/.yoi/tickets/00001KVMGAEJN/thread.md @@ -29,4 +29,43 @@ LocalTicketBackend によって作成されました。 Ticket を `workspace-panel` が queued にしました。 +--- + + + +## Decision + +Routing decision: `return_to_planning_requirements_sync` + +Reason: +- Ticket frontmatter has `readiness: requirements_sync_needed`。 +- Intake summary explicitly says this should be handled as WebSocket capability design/spec sync, not implementation-direct routing。 +- Ticket body still lists concrete open questions that must be resolved before implementation or worktree side effects: + - WebSocket connection ownership: Yoi host-owned vs Plugin-instance-owned host API。 + - Incoming message dispatch route: Ingress vs Service event/status stream vs other host routing。 + - Reconnect / backoff / heartbeat / shutdown / cancellation / restore scope for first slice。 + - Auth/headers/secrets model and grant/display split。 + - Whether this work item closes as design/spec only or includes a minimal implementation slice。 +- Related Ticket `00001KVMG8FTW` is now routed for implementation of the `host_api.request` URL permission model. WebSocket design should reuse or intentionally diverge from that resulting URL permission schema after it stabilizes。 + +Decision: +- Do not create implementation worktree or spawn Coder/Reviewer for this Ticket now。 +- Return to `planning` with concrete missing requirements/design decisions。 +- Record relation to `00001KVMG8FTW` so WebSocket design can be resumed after request permission model lands。 + +Required next planning output before queueing again: +- Decide whether this is design/spec only or includes a minimal implementation slice。 +- Decide connection ownership and lifecycle boundary。 +- Decide incoming-message durable/visible dispatch path and no-hidden-context behavior。 +- Decide WebSocket URL permission/grant schema relative to `host_api.request` request-target schema。 +- Decide auth/secrets display/grant model and non-goals for reconnect/backoff/heartbeat in first slice。 + +--- + + + +## State changed + +Ticket remains `requirements_sync_needed` and has unresolved design questions around connection ownership, incoming-message dispatch path, lifecycle bounds, auth/secrets handling, and design-vs-implementation scope. Returning to planning rather than starting implementation side effects. + ---