Spanda plugins run under a defense-in-depth model: manifest validation, capability review, trust tiers, signature verification, sandboxing, and audit logging.
| Control | Behavior |
|---|---|
| Signature verification | Ed25519 over canonical plugin payload |
| Manifest validation | Schema, plugin type, capability names |
| Capability review | Dangerous capabilities require --approve-dangerous |
| Sandboxing | WASM default; [security].sandbox = true |
| Trust tier | Registry tier gates install (blocked rejected) |
| Audit logging | Install, enable, disable, hook dispatch logged |
| Version compatibility | Spanda semver + API v1 enforced at install |
Install is rejected when:
blockedsigned = true but signature verification failsRequire spanda plugin install --approve-dangerous:
entity.write, device.write, filesystem.writenetwork.outbound, readiness.write, recovery.write| Tier | Install |
|---|---|
official |
Allowed; signature required when signed = true |
verified |
Allowed |
community |
Allowed |
experimental |
Allowed |
deprecated |
Allowed (discouraged) |
blocked |
Denied |
Plugin security is orthogonal to package trust. Packages continue to use spanda.toml and
registry provenance unchanged.