pinakes-core: add plugin pipeline; impl signature verification & dependency resolution

Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Ida98135cf868db0f5a46a64b8ac562366a6a6964
2026-03-08 14:23:02 +03:00 · 2026-03-08 14:23:02 +03:00 · 4edda201e6
commit 4edda201e6
parent 8347a714d2
12 changed files with 2679 additions and 36 deletions
--- a/crates/pinakes-core/src/config.rs
+++ b/crates/pinakes-core/src/config.rs
@ -436,24 +436,69 @@ impl std::fmt::Display for UserRole {
  }
 }

+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PluginTimeoutConfig {
+  /// Timeout for capability discovery queries (`supported_types`,
+  /// `interested_events`)
+  #[serde(default = "default_capability_query_timeout")]
+  pub capability_query_secs: u64,
+  /// Timeout for processing calls (`extract_metadata`, `generate_thumbnail`)
+  #[serde(default = "default_processing_timeout")]
+  pub processing_secs:       u64,
+  /// Timeout for event handler calls
+  #[serde(default = "default_event_handler_timeout")]
+  pub event_handler_secs:    u64,
+}
+
+const fn default_capability_query_timeout() -> u64 {
+  2
+}
+
+const fn default_processing_timeout() -> u64 {
+  30
+}
+
+const fn default_event_handler_timeout() -> u64 {
+  10
+}
+
+impl Default for PluginTimeoutConfig {
+  fn default() -> Self {
+    Self {
+      capability_query_secs: default_capability_query_timeout(),
+      processing_secs:       default_processing_timeout(),
+      event_handler_secs:    default_event_handler_timeout(),
+    }
+  }
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct PluginsConfig {
  #[serde(default)]
-  pub enabled:             bool,
+  pub enabled:                  bool,
  #[serde(default = "default_plugin_data_dir")]
-  pub data_dir:            PathBuf,
+  pub data_dir:                 PathBuf,
  #[serde(default = "default_plugin_cache_dir")]
-  pub cache_dir:           PathBuf,
+  pub cache_dir:                PathBuf,
  #[serde(default)]
-  pub plugin_dirs:         Vec<PathBuf>,
+  pub plugin_dirs:              Vec<PathBuf>,
  #[serde(default)]
-  pub enable_hot_reload:   bool,
+  pub enable_hot_reload:        bool,
  #[serde(default)]
-  pub allow_unsigned:      bool,
+  pub allow_unsigned:           bool,
  #[serde(default = "default_max_concurrent_ops")]
-  pub max_concurrent_ops:  usize,
+  pub max_concurrent_ops:       usize,
  #[serde(default = "default_plugin_timeout")]
-  pub plugin_timeout_secs: u64,
+  pub plugin_timeout_secs:      u64,
+  #[serde(default)]
+  pub timeouts:                 PluginTimeoutConfig,
+  #[serde(default = "default_max_consecutive_failures")]
+  pub max_consecutive_failures: u32,
+
+  /// Hex-encoded Ed25519 public keys trusted for plugin signature
+  /// verification. Each entry is 64 hex characters (32 bytes).
+  #[serde(default)]
+  pub trusted_keys: Vec<String>,
 }

 fn default_plugin_data_dir() -> PathBuf {
@ -472,17 +517,24 @@ const fn default_plugin_timeout() -> u64 {
  30
 }

+const fn default_max_consecutive_failures() -> u32 {
+  5
+}
+
 impl Default for PluginsConfig {
  fn default() -> Self {
    Self {
-      enabled:             false,
-      data_dir:            default_plugin_data_dir(),
-      cache_dir:           default_plugin_cache_dir(),
-      plugin_dirs:         vec![],
-      enable_hot_reload:   false,
-      allow_unsigned:      false,
-      max_concurrent_ops:  default_max_concurrent_ops(),
-      plugin_timeout_secs: default_plugin_timeout(),
+      enabled:                  false,
+      data_dir:                 default_plugin_data_dir(),
+      cache_dir:                default_plugin_cache_dir(),
+      plugin_dirs:              vec![],
+      enable_hot_reload:        false,
+      allow_unsigned:           false,
+      max_concurrent_ops:       default_max_concurrent_ops(),
+      plugin_timeout_secs:      default_plugin_timeout(),
+      timeouts:                 PluginTimeoutConfig::default(),
+      max_consecutive_failures: default_max_consecutive_failures(),
+      trusted_keys:             vec![],
    }
  }
 }