74 lines
2.8 KiB
TOML
74 lines
2.8 KiB
TOML
# HOMECORE-PLUGINS — WASM integration plugin system.
|
|
# Implements ADR-128 (HOMECORE-PLUGINS), P1 scaffold:
|
|
# - PluginManifest (serde-deserialised, superset of HA manifest.json)
|
|
# - HomeCorePlugin async trait + PluginId + PluginError
|
|
# - PluginRuntime trait + InProcessRuntime (native Rust, first-party plugins)
|
|
# - PluginRegistry (load / unload / list)
|
|
#
|
|
# P2 will add the `wasmtime` feature (gated below, default-off) for the real
|
|
# Wasmtime JIT sandbox. wasm3 interpretation mode lands behind `--features wasm3`
|
|
# in P3 for constrained-hardware targets.
|
|
|
|
[package]
|
|
name = "homecore-plugins"
|
|
version = "0.1.0-alpha.0"
|
|
edition = "2021"
|
|
license = "MIT"
|
|
authors = ["rUv <ruv@ruv.net>", "HOMECORE Contributors"]
|
|
description = "WASM integration plugin runtime for HOMECORE (ADR-128 P1 scaffold)"
|
|
repository = "https://github.com/ruvnet/RuView"
|
|
|
|
[lib]
|
|
name = "homecore_plugins"
|
|
path = "src/lib.rs"
|
|
|
|
[features]
|
|
default = []
|
|
# P2: real Wasmtime JIT sandbox (Cranelift; ~15 MB binary delta on Pi 5).
|
|
# Do not enable in production until the host ABI is frozen (ADR-128 §8 risk).
|
|
wasmtime = ["dep:wasmtime"]
|
|
# P3: wasm3 interpretation mode for constrained hardware (~50 kB).
|
|
wasm3 = ["dep:wasm3"]
|
|
|
|
[dependencies]
|
|
# HOMECORE state machine — local path (ADR-127).
|
|
homecore = { path = "../homecore", version = "0.1.0-alpha.0" }
|
|
|
|
# Async runtime — same version as workspace.
|
|
tokio = { version = "1", features = ["sync", "rt", "rt-multi-thread", "time", "macros"] }
|
|
|
|
# Async trait support for HomeCorePlugin.
|
|
async-trait = "0.1"
|
|
|
|
# Error handling.
|
|
thiserror = "1"
|
|
|
|
# Serialisation (manifest JSON + ABI call payloads).
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
|
|
# UUIDs for config entry IDs in host_abi.rs.
|
|
uuid = { version = "1", features = ["v4"] }
|
|
|
|
# ── ADR-162 P4: plugin signature + integrity verification ──────────────────
|
|
# Reuses the same in-repo crypto stack as cog-ha-matter (witness_signing.rs):
|
|
# Ed25519 over a SHA-256 module digest. All four are already in the workspace
|
|
# Cargo.lock (cog-ha-matter / bfld pull them in) — no new external dep tree.
|
|
ed25519-dalek = "2.1"
|
|
sha2 = { workspace = true }
|
|
hex = "0.4"
|
|
base64 = "0.22"
|
|
|
|
# Optional Wasmtime runtime (P2, default-off — 30 MB dep).
|
|
# Bumped from 25.0.3 → 42 to remediate RUSTSEC-2026-0095 and RUSTSEC-2026-0096
|
|
# (Cranelift/Winch sandbox-escape CVEs, CVSS 9.0 — iter-11 security sprint HC-03/04).
|
|
wasmtime = { version = "42", optional = true }
|
|
|
|
# Optional wasm3 interpretation runtime (P3, default-off).
|
|
wasm3 = { version = "0.3", optional = true }
|
|
|
|
[dev-dependencies]
|
|
tokio = { version = "1", features = ["sync", "rt", "rt-multi-thread", "time", "macros", "test-util"] }
|
|
# WAT text-format compiler for inline WASM unit tests (wasmtime feature only).
|
|
wat = { version = "1", optional = false }
|