diff options
| author | t <t@tjp.lol> | 2026-07-01 15:36:20 -0600 |
|---|---|---|
| committer | t <t@tjp.lol> | 2026-07-01 15:37:04 -0600 |
| commit | 800b2c4b6115845f6bf15d90484b3e80e81a606f (patch) | |
| tree | 914981ad5c49e8941280d015923b7c3143463d64 /libpanto/build.zig.zon | |
| parent | ef7c37c3423ceb896f20676525307f15d6e927b4 (diff) | |
Load extensions via unified policy, entry/activate, rocks and paths
Replace the split [tools]/[extensions] config sections and the two-stage
load gate with a single model:
- [extensions] is now one policy resolved across all layers. Rules from
every layer are kept (not clobbered) and resolved by last-match-wins
after sorting by (layer, glob specificity, deny-last), so a base layer
can carve one name out of an otherwise-denied group and a higher layer's
broad rule still wins. Default is allow; whitelist via deny=["**"].
- Registration is deferred: a source returns an entry {name, activate}
(or a list, or the sugar tool table), is always eval'd side-effect-free,
and only permitted names get activate()d. Identity is the declared name,
not the filename. Collapses the old pre/post-load two-stage gate.
- The loader runs two passes (eval -> shadow -> filter -> activate) with
precedence project>user>base and, within a layer, rocks<paths<dir.
- extensions.paths adds extra scan dirs; extensions.rocks loads luarocks
packages as extension sources (require-as-entries). Startup installs
only missing rocks (no per-launch network hit); panto update force-
(re)installs every configured rock.
deny is a feature toggle, not a security boundary: rocks is where registry
code enters, so the pin list is the trust boundary. Rock integrity
(first-party GPG signing + --verify) is designed but not yet wired; until
then rocks pins which version, not which bytes.
Breaking: [tools] is removed; extensions must return entries. Built-in
tools and the wc example keep working via the sugar tool form.
Diffstat (limited to 'libpanto/build.zig.zon')
0 files changed, 0 insertions, 0 deletions
