Migrate test plugins to Rust and async-ify syscall modules

- Replace Python test plugins (echo, ai_test, claudecode) with Rust
  implementations driven by the plugin SDK
- Convert fs/network/process/timer syscall modules to async/await
- Change Network.OpenConn to return stream ConnEvent (conn_id handed
  to client in first "open" frame for Send/Close routing)
- Bind timer callbacks to plugin identity; stream_call subscriptions
  are identity-checked
- Update docs and regenerate Python SDK protobuf stubs

Verified: cargo build/test/clippy clean; echo + ai_test full syscall
suites pass; hermes & claudecode register and heartbeat; cross-plugin
bridge.call routing and auth denial verified end-to-end.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-06-10 14:27:46 +08:00
parent d533d0a30e
commit 3299468df6
26 changed files with 843 additions and 814 deletions

View File

@@ -177,3 +177,25 @@ message CallRequest {
- 系统插件:内核信任,无限制
- 基础插件:按 `syscalls` 白名单精确到方法(如 `fs.list`)校验,也支持 `fs` / `fs.*` / `*` 授权(= seccomp filter)
- 标准插件:syscalls + depends 白名单,未声明的一律拒绝
### 身份认证
所有 syscall 调用**必须**携带 `x-plugin-id` gRPC metadata,否则返回 `UNAUTHENTICATED`
这是第一道安全边界——即使 server 监听 TCP,未注册的进程也无法调用任何 syscall。
认证流程:
1. 插件通过 `PluginBridge.Register` 注册,获得 `session_id`
2. 后续所有 syscall 请求须在 gRPC metadata 中带 `x-plugin-id: <plugin_id>`
3. 内核校验:plugin_id 存在 → status=Running → syscall 在该插件的白名单内 → 放行
### stream_call 身份绑定
`PluginBridge.StreamCall` 用于订阅 Timer 等回调事件。安全策略:
- 必须携带 `x-plugin-id`(否则 UNAUTHENTICATED)
- 只能订阅**自己**的事件通道(target 为空或等于自身 plugin_id)
- 尝试订阅其他插件的事件返回 PERMISSION_DENIED
### 死插件路由保护
`PluginBridge.Call` 在路由到目标插件前,校验其 status 为 Running。
Stopped/Failed 的插件会立即返回错误,而不是等 5 秒连接超时。