Skip to content

Comments

hardening: gate plugins, add hook timeouts, and sanitize metadata#1

Open
mczabca-boop wants to merge 1 commit intosteven1522:feature/plugin-systemfrom
mczabca-boop:fix/plugin-security-hardening
Open

hardening: gate plugins, add hook timeouts, and sanitize metadata#1
mczabca-boop wants to merge 1 commit intosteven1522:feature/plugin-systemfrom
mczabca-boop:fix/plugin-security-hardening

Conversation

@mczabca-boop
Copy link

Summary

This is a stacked PR on top of TinyAGI#127 (feature/plugin-system) that hardens the plugin runtime without changing plugin API shape.

Changes:

  • Add explicit plugin enable gate:
    • TINYCLAW_PLUGINS_ENABLED=1 required to load plugins
  • Add timeout protection:
    • TINYCLAW_PLUGIN_HOOK_TIMEOUT_MS (default 1500)
    • TINYCLAW_PLUGIN_ACTIVATE_TIMEOUT_MS (default 3000)
  • Add outgoing metadata allowlist/sanitization in queue processor:
    • currently only allows parseMode === "MarkdownV2"
  • Document trust boundary and env controls in README (Plugin Security section)

Why

#127 introduces dynamic plugin loading from local filesystem.
This PR reduces risk and blast radius by:

  • disabling plugin execution by default
  • preventing plugin hangs from blocking processing
  • preventing arbitrary metadata passthrough to channel clients
  • documenting that plugins are fully trusted local code

Testing

  • npm run -s build:main passes
  • Queue startup with plugins disabled:
    • logs Plugins disabled..., normal startup/shutdown
  • Queue startup with plugins enabled and no plugin dir:
    • logs No plugins directory found, normal startup/shutdown
  • Timeout smoke test:
    • injected a temporary plugin with slow activate()
    • observed timeout log (activate timed out ...)
    • queue still starts and continues running

Dependency / Stacking

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant