alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
PSA/ee/docs/extension-system/comprehensive-analysis-report.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

3.6 KiB
Raw Permalink Blame History

Comprehensive Extension System Analysis Report (Enterprise v2)

Date: Aug 2025

This report describes the Enterprise v2 extension architecture and the design decisions behind it. The system prioritizes multitenant isolation, signed and contentaddressed artifacts, a strict API Gateway, and iframeonly UI hosted by the Runner.

Executive Summary

The v2 model provides:

  • Outofprocess execution in a dedicated Runner (Rust + Wasmtime) with resource limits and capabilityscoped host APIs
  • Signed, contentaddressed bundles stored in object storage and verified at install and load time
  • A Next.js API Gateway at /api/ext/[extensionId]/[[...path]] (manifest endpoints advisory) that proxies to Runner POST /v1/execute with strict header/size/time policies
  • UI delivered exclusively via sandboxed iframes; static assets are served by the Runner at ${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]

These choices materially improve isolation, provenance, security, and operability.

Target Architecture

  • Runner (Rust + Wasmtime)
    • Pooling allocator, epoch timeouts, memory caps, optional fuel
    • Capabilityscoped host APIs: storage, http egress, secrets, logging, metrics
    • Static UI hosting by content hash at ${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]
    • Execute endpoint: POST /v1/execute
  • Registry & Bundles
    • Tables: extension_registry, extension_version, extension_bundle, tenant_extension_install, extension_event_subscription, extension_execution_log, extension_quota_usage
    • Version metadata includes content_hash, signatures, runtime, optional precompiled artifacts
  • Gateway (Next.js)
    • Route: /api/ext/[extensionId]/[[...path]]
    • Resolves tenant install → version → manifest endpoint
    • Normalizes request and proxies to Runner POST /v1/execute
  • UI Delivery (Runnerhosted)
    • Immutable static assets at ${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]
    • Host constructs iframe src via buildExtUiSrc() and bootstraps via bootstrapIframe()

Data Model (Initial)

  • extension_registry, extension_version, extension_bundle
  • tenant_extension_install, extension_event_subscription
  • extension_execution_log, extension_quota_usage

See: registry_implementation.md and manifest_schema.md

Security and Policy

  • No tenant code executes in the core app process
  • Signed, contentaddressed bundles (sha256:…) with verification against a trust bundle
  • Capabilitybased host APIs; denybydefault egress with allowlists
  • Gateway header allowlists and size/time limits; Runner response header allowlists
  • Sandboxed iframe UI; origin validation aligned with RUNNER_PUBLIC_BASE

Observability

  • Structured execution logs with correlation IDs (request/tenant/extension/version/content_hash)
  • Metrics for invocation duration, memory, fuel, egress bytes, and errors

References