<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pantograph.git/examples/extensions/greet.lua, branch main</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.
</subtitle>
<id>https://code.tjp.lol/pantograph.git/atom?h=main</id>
<link rel='self' href='https://code.tjp.lol/pantograph.git/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/'/>
<updated>2026-07-01T21:37:04Z</updated>
<entry>
<title>Load extensions via unified policy, entry/activate, rocks and paths</title>
<updated>2026-07-01T21:37:04Z</updated>
<author>
<name>t</name>
<email>t@tjp.lol</email>
</author>
<published>2026-07-01T21:36:20Z</published>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/commit/?id=800b2c4b6115845f6bf15d90484b3e80e81a606f'/>
<id>urn:sha1:800b2c4b6115845f6bf15d90484b3e80e81a606f</id>
<content type='text'>
Replace the split [tools]/[extensions] config sections and the two-stage
load gate with a single model:

- [extensions] is now one policy resolved across all layers. Rules from
  every layer are kept (not clobbered) and resolved by last-match-wins
  after sorting by (layer, glob specificity, deny-last), so a base layer
  can carve one name out of an otherwise-denied group and a higher layer's
  broad rule still wins. Default is allow; whitelist via deny=["**"].
- Registration is deferred: a source returns an entry {name, activate}
  (or a list, or the sugar tool table), is always eval'd side-effect-free,
  and only permitted names get activate()d. Identity is the declared name,
  not the filename. Collapses the old pre/post-load two-stage gate.
- The loader runs two passes (eval -&gt; shadow -&gt; filter -&gt; activate) with
  precedence project&gt;user&gt;base and, within a layer, rocks&lt;paths&lt;dir.
- extensions.paths adds extra scan dirs; extensions.rocks loads luarocks
  packages as extension sources (require-as-entries). Startup installs
  only missing rocks (no per-launch network hit); panto update force-
  (re)installs every configured rock.

deny is a feature toggle, not a security boundary: rocks is where registry
code enters, so the pin list is the trust boundary. Rock integrity
(first-party GPG signing + --verify) is designed but not yet wired; until
then rocks pins which version, not which bytes.

Breaking: [tools] is removed; extensions must return entries. Built-in
tools and the wc example keep working via the sugar tool form.
</content>
</entry>
<entry>
<title>expose `panto` to extensions as a require()able module, not a global</title>
<updated>2026-06-10T15:55:05Z</updated>
<author>
<name>t</name>
<email>t@tjp.lol</email>
</author>
<published>2026-06-10T15:46:00Z</published>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/commit/?id=9bf1d800f2a24ed71221c64370c98ee8d907314b'/>
<id>urn:sha1:9bf1d800f2a24ed71221c64370c98ee8d907314b</id>
<content type='text'>
</content>
</entry>
<entry>
<title>event lifecycle</title>
<updated>2026-06-09T14:52:47Z</updated>
<author>
<name>t</name>
<email>t@tjp.lol</email>
</author>
<published>2026-06-09T06:00:56Z</published>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/commit/?id=97b10466d83d488ad2cb9e084159a445af74c845'/>
<id>urn:sha1:97b10466d83d488ad2cb9e084159a445af74c845</id>
<content type='text'>
</content>
</entry>
<entry>
<title>lua /commands</title>
<updated>2026-06-03T04:09:31Z</updated>
<author>
<name>t</name>
<email>t@tjp.lol</email>
</author>
<published>2026-06-03T01:41:56Z</published>
<link rel='alternate' type='text/html' href='https://code.tjp.lol/pantograph.git/commit/?id=442888c6c306cfff0708c3d4bbbeda685cec2e75'/>
<id>urn:sha1:442888c6c306cfff0708c3d4bbbeda685cec2e75</id>
<content type='text'>
</content>
</entry>
</feed>
