284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
2.8 KiB
2.8 KiB
Enterprise Extension System v2 — Final Outcomes and References
This document presents the v2-only extension model and points to the canonical specifications and guides. It supersedes any prior plans or notes that explored descriptor-based or in‑process rendering models.
v2 Architecture Outcomes
- Out-of-process execution in a dedicated Runner (Rust + Wasmtime), with strict isolation, quotas, and capability-scoped Host APIs.
- Signed, content-addressed bundles (sha256:...) verified on publish/install and on load, with provenance tracked in the Registry.
- API Gateway route
/api/ext/[extensionId]/[[...path]]that resolves manifest endpoints (advisory) and proxies to RunnerPOST /v1/executewith strict header/size/time policies. - UI delivered exclusively via sandboxed iframes; static assets are served by the Runner at
${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]. - No dynamic import of tenant code in the host; no in‑process execution of tenant UI.
Authoring Model
- Manifest v2 is authoritative:
- runtime, capabilities, api.endpoints, ui.iframe entry, precompiled artifacts, assets.
- Server handlers target the Runner; UI apps run in iframes and use the extension SDK and UI kit.
- Bundles are immutable and content-addressed; signatures are validated against a trust bundle.
Integration Points (clickable references)
- Gateway route scaffold: server/src/app/api/ext/[extensionId]/[[...path]]/route.ts
- Iframe URL builder and bootstrap: buildExtUiSrc(), bootstrapIframe()
- Registry v2 service scaffold: ExtensionRegistryServiceV2
Canonical Docs
- Architecture overview and goals: overview.md
- API routing specifics: api-routing-guide.md
- Manifest v2 schema: manifest_schema.md
- Security and signing model: security_signing.md
- Runner responsibilities and configuration: runner.md
- Development workflow and examples: development_guide.md, sample_template.md
Operational Rules
- All extension HTTP calls traverse
/api/ext/[extensionId]/[...]and are proxied to the RunnerPOST /v1/execute. - UI assets are served by the Runner at
${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...](no Next.js route for ext-ui). - The host constructs iframe src via buildExtUiSrc() and initializes via bootstrapIframe().