alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/extension-system/implementation_plan.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

88 lines
5.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Extension System Implementation Plan (Enterprise v2)
This plan specifies the v2 Enterprise extension architecture: out-of-process execution in the Runner, signed/content-addressed bundles, a Next.js API Gateway proxying to Runner /v1/execute, and iframe-only UI served by the Runner.
## Phase 0 — Foundations and Switches
- EE-only wiring: ensure extension code paths are included only in enterprise builds
- Env/config for object store, gateway timeout, Runner base/public URL, and trust bundle
- Finalize Manifest v2 schema and example bundle layout
## Phase 1 — Database Schema and Registry Services
- Add EE migrations:
- extension_registry, extension_version, extension_bundle
- tenant_extension_install, extension_event_subscription
- extension_execution_log, extension_quota_usage
- Enforce tenant isolation (RLS where applicable)
- Implement registry service for publish/list/get; version metadata includes `content_hash`, `signature`, `runtime`, `precompiled`, and `api.endpoints`
- Implement tenant install service (install/uninstall/enable/disable; `granted_caps`, `config`, `version_id`)
- Implement signature verification utility (trust bundle)
## Phase 2 — Bundle Storage Integration
- Use S3compatible storage provider (e.g., MinIO)
- Implement bundle helpers: `getBundleStream`, `getBundleIndex`, `extractSubtree` for `dist/` and `ui/`
- Support optional precompiled artifacts (cwasm) indexed by target triple
## Phase 3 — Runner Service (Rust + Wasmtime)
- Runner HTTP API: POST /v1/execute
- Configure Wasmtime (pooling allocator, store limits, epoch timeouts, optional fuel)
- Implement host imports: `alga.storage.*`, `alga.http.fetch`, `alga.secrets.get`, `alga.log.*`, `alga.metrics.emit`
- Fetch/verify/cache modules by `content_hash`; LRU policy
- Return normalized `{status, headers, body_b64}` with standardized error codes and traces
## Phase 4 — Next.js API Gateway
- Add route scaffold: [server/src/app/api/ext/[extensionId]/[[...path]]/route.ts](../../../server/src/app/api/ext/%5BextensionId%5D/%5B%5B...path%5D%5D/route.ts)
- Implement helpers: auth/tenant, registry resolution, endpoint matching, header filtering
- Proxy to Runner `POST ${RUNNER_BASE_URL}/v1/execute` with service token, timeouts, limited retries
- Enforce quotas and body/header size caps via configuration (`EXT_GATEWAY_TIMEOUT_MS`, etc.)
## Phase 5 — Runner Static UI Hosting
- Serve iframe UI assets from Runner at `${RUNNER_PUBLIC_BASE}/ext-ui/{extensionId}/{content_hash}/[...]`
- Immutable caching (ETag + `Cache-Control: immutable`)
- Runner-managed cache for `ui/**/*` by `content_hash`
- Host constructs iframe URL using [buildExtUiSrc()](../../../server/src/lib/extensions/ui/iframeBridge.ts:38) and bootstraps via [bootstrapIframe()](../../../server/src/lib/extensions/ui/iframeBridge.ts:45)
## Phase 6 — Client SDK and UI Kit
- Packages:
- `@alga/extension-iframe-sdk` (handshake, postMessage, auth, navigation, theme)
- `@alga/ui-kit` (components, tokens, hooks)
- Provide starter React template using SDK and UI kit
- Implement host bridge bootstrap with theme tokens/session propagation
## Phase 7 — Knative Serving (Runner)
- KService manifest with concurrency/scale bounds; health and warmup endpoints
- CI/CD step to deploy Runner revision and smoke test `/v1/execute`
## Phase 8 — Admin UX and Install Flows
- Admin UI for pertenant installs, versions, and capability grants
- “Open Extension” navigates to iframe app constructed from Runner public base and the installed versions `content_hash`
## Phase 9 — Security, Quotas, Policy
- Enforce capability grants; deny host imports when missing
- Pertenant egress allowlists for `http.fetch`
- Integrate secrets manager; enforce rotation policies
- Configure pertenant/perextension quotas and rate limits
## Phase 10 — Observability and Ops
- Structured execution logs with correlation IDs; persist to DB
- Prometheus metrics from Runner: duration, memory, fuel, egress bytes, errors
- Dashboards and alerts for failure rates, timeouts, resource breaches
## Phase 11 — Docs, Samples, Pilot
- Developer docs for manifest, building, publishing, installing, and iframe development
- Full sample extension (server handlers + iframe UI)
- Pilot with a partner tenant; validate SLOs and collect feedback
## Acceptance Criteria (Milestones)
- M1: Registry + Bundle Store + Signing operational; can install signed bundles
- M2: Runner executes helloworld with quotas/timeouts and audit logs
- M3: Client SDK (iframe) + Runner UI hosting operational; CSP and sandbox enforced
- M4: First partner extension on v2 endtoend
## References
- Overview: [overview.md](overview.md)
- Routing: [api-routing-guide.md](api-routing-guide.md)
- Security & Signing: [security_signing.md](security_signing.md)
- Registry: [registry_implementation.md](registry_implementation.md)
- Gateway route scaffold: [server/src/app/api/ext/[extensionId]/[[...path]]/route.ts](../../../server/src/app/api/ext/%5BextensionId%5D/%5B%5B...path%5D%5D/route.ts)
- Iframe bootstrap and src builder: [server/src/lib/extensions/ui/iframeBridge.ts](../../../server/src/lib/extensions/ui/iframeBridge.ts:38)
Reference in New Issue View Git Blame Copy Permalink