Define insecure-algorithms permission property

[phillipivan]

Define manifest permissions property to enable use of the --openssl-legacy-provider flag when starting connection process #187
Requires accompanying work in Companion to support

Summary by CodeRabbit

• New Features
  • Added a new insecure-algorithms permission option to module manifests, allowing users to explicitly control whether modules are permitted to use insecure algorithms at runtime. This provides enhanced security configuration and enables stricter compliance policies for deployments.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new boolean property insecure-algorithms has been added to the ModuleManifest.runtime.permissions schema. This property is positioned after the existing filesystem property and includes descriptive documentation.

Changes

Cohort / File(s)	Summary
Schema Enhancement assets/manifest.schema.json	Added insecure-algorithms boolean property to ModuleManifest.runtime.permissions, enabling new security-related configuration options.

Poem

🔐 Permissions expanded with care,
New flags floating through the air,
insecure-algorithms now declared,
Your schema's been thoughtfully prepared! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately describes the main change: adding a new 'insecure-algorithms' permission property to the manifest schema.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

assets/manifest.schema.json (1)

119-123: Nice addition — looks good! 👍

Thanks for contributing this! The new insecure-algorithms permission follows the existing pattern nicely — consistent kebab-case naming, boolean type, and clear description. Placing it alongside the other permission flags and within the additionalProperties: false boundary is exactly right.

One tiny thought (totally optional): you might consider expanding the description slightly to hint at the security trade-off, e.g., mentioning that this enables the --openssl-legacy-provider flag, so someone reading the schema alone understands the implication. But the current wording is perfectly fine too — just a suggestion!

💡 Optional: slightly more descriptive text

 						"insecure-algorithms": {
 							"type": "boolean",
-							"description": "Enable if the module requires legacy openssl algorithms"
+							"description": "Enable if the module requires legacy openssl algorithms. This will start the module with the --openssl-legacy-provider flag, which may reduce security"
 						}

[Julusian]

ah, I was a little wrong. current companion complains if a module has that property set (we have "additionalProperties": false in the schema), so this will have to be in the next minor rather than patch. So 4.3 not 4.2