Helix StudioGenome IDE
← Docs
Helix CLI docs
Browse Helix CLI docs

Plugin Governance and Policy Profiles

Goal: keep the plugin ecosystem safe while still allowing rapid local iteration.

Capability taxonomy (declared in registry entries)

  • network: none (default), outbound, any (requires justification).
  • filesystem: read_project, read_home, write_cache, write_project; no unrestricted writes by default.
  • compute: cpu, gpu (flag GPU needs explicitly).
  • ui: dock_panel, web_panel, commands_only.
  • data access: reads_sequences, writes_artifacts, telemetry (must be off by default).

Registry entries should publish the capability set and the minimal Helix version range (helix_min_version / helix_max_version).

Review checklist (for publishing to a registry)

  • Package is deterministic: sorted zip, fixed timestamps, HASHES.json present, optional Ed25519 signature.
  • helix_plugin.json namespaced ids, pinned dependencies (vendored wheels if needed), and explicit capabilities.
  • UI/web content loads with strict CSP and does not fetch remote assets unless capability explicitly allows network.
  • Diagnostics and logging mark plugin id/publisher; no PII collected without consent.
  • Tests: run tools/conformance.sh plus tests/test_plugin_* locally before publishing.
  • dev-fast: allow user plugins (HELIX_STUDIO_USER_PLUGINS=1), signature optional, trust store optional, registry URL may be local.
  • lab-default: signatures required (HELIX_STUDIO_PLUGIN_REQUIRE_SIGNED=1), trust store enforced (HELIX_STUDIO_PLUGIN_REQUIRE_TRUSTED=1), user plugins disabled, capabilities limited to declared set.
  • audit-strict: lab-default plus registry pinned, extension-host isolation required when available, network capability forced to none, plugin updates locked unless signed and trusted.

Enterprises can ship these as wrapper scripts or managed environment profiles. Treat the policy profile as part of the manifest/taint class for any bundle produced under that session.

Locking policies for enterprises

  • Distribute Studio via a wrapper that exports the chosen env vars and points HELIX_STUDIO_PLUGIN_PATHS to a read-only, preapproved plugin root.
  • Set HELIX_STUDIO_PLUGIN_REGISTRY_URL to an internal registry and block outbound network via OS policy.
  • Keep the trust store under version control; publish its sha256 alongside internal plugin releases.
  • Periodically audit installed plugins against the registry index and HASHES.json; refuse drift unless explicitly approved.

Governance workflow

  1. Capability request from plugin author → review against taxonomy and policy profile.
  2. Security review signs the package (Ed25519) and updates the trust store entry.
  3. Registry publishes with sha256 + signature; announce in CHANGELOG or registry news feed.
  4. Labs roll out via the selected policy profile; conformance runner ensures host API changes didn’t weaken enforcement.