alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
PSA/ee/docs/extension-system/descriptor-architecture-implementation-plan.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

40 lines
2.8 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Enterprise Extension System v2 — Final Outcomes and References
This document presents the v2-only extension model and points to the canonical specifications and guides. It supersedes any prior plans or notes that explored descriptor-based or inprocess rendering models.
## v2 Architecture Outcomes
- Out-of-process execution in a dedicated Runner (Rust + Wasmtime), with strict isolation, quotas, and capability-scoped Host APIs.
- Signed, content-addressed bundles (sha256:...) verified on publish/install and on load, with provenance tracked in the Registry.
- API Gateway route `/api/ext/[extensionId]/[[...path]]` that resolves manifest endpoints (advisory) and proxies to Runner `POST /v1/execute` with strict header/size/time policies.
- UI delivered exclusively via sandboxed iframes; static assets are served by the Runner at `${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]`.
- No dynamic import of tenant code in the host; no inprocess execution of tenant UI.
## Authoring Model
- Manifest v2 is authoritative:
- runtime, capabilities, api.endpoints, ui.iframe entry, precompiled artifacts, assets.
- Server handlers target the Runner; UI apps run in iframes and use the extension SDK and UI kit.
- Bundles are immutable and content-addressed; signatures are validated against a trust bundle.
## Integration Points (clickable references)
- Gateway route scaffold: [server/src/app/api/ext/[extensionId]/[[...path]]/route.ts](../../../server/src/app/api/ext/%5BextensionId%5D/%5B%5B...path%5D%5D/route.ts)
- Iframe URL builder and bootstrap: [buildExtUiSrc()](../../../server/src/lib/extensions/ui/iframeBridge.ts:38), [bootstrapIframe()](../../../server/src/lib/extensions/ui/iframeBridge.ts:45)
- Registry v2 service scaffold: [ExtensionRegistryServiceV2](ee/server/src/lib/extensions/registry-v2.ts:48)
## Canonical Docs
- Architecture overview and goals: [overview.md](overview.md)
- API routing specifics: [api-routing-guide.md](api-routing-guide.md)
- Manifest v2 schema: [manifest_schema.md](manifest_schema.md)
- Security and signing model: [security_signing.md](security_signing.md)
- Runner responsibilities and configuration: [runner.md](runner.md)
- Development workflow and examples: [development_guide.md](development_guide.md), [sample_template.md](sample_template.md)
## Operational Rules
- All extension HTTP calls traverse `/api/ext/[extensionId]/[...]` and are proxied to the Runner `POST /v1/execute`.
- UI assets are served by the Runner at `${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]` (no Next.js route for ext-ui).
- The host constructs iframe src via [buildExtUiSrc()](../../../server/src/lib/extensions/ui/iframeBridge.ts:38) and initializes via [bootstrapIframe()](../../../server/src/lib/extensions/ui/iframeBridge.ts:45).
Reference in New Issue View Git Blame Copy Permalink