deno
6bfe0e73 - feat(permissions): prototype per-API (capability) permissions

Commit
7 days ago
feat(permissions): prototype per-API (capability) permissions Add an experimental per-API permission gate that treats each JS API entry point (Deno.connect, fetch, node:net.listen, WebSocket, ...) as a discrete permission, checked in addition to the existing coarse resource flags. Every permission check site already threads an api_name string that today is only used for prompt/error text; this makes the engine match on it. The gate is consulted before the resource fast-path, so an individual API verb can be denied even when --allow-net would otherwise permit the operation. Entries may be narrowed by a host filter, e.g. fetch('*.openai.com'). When no allowlist is configured the gate is a no-op, so existing behavior is unchanged. This first pass is intentionally minimal to showcase the model: - delivery is the DENO_ALLOW_API env var (comma separated) rather than the deno.json permissions schema or CLI flags - enforcement is wired into the net check surface only (check_net, check_net_url, check_net_vsock, check_net_unix_socket); the same one-line call extends to check_open / check_run / etc.
Author
Parents
Loading