feat(policy): support native PolicyPlugin exports from module files#115
Open
yxbh wants to merge 1 commit intomicrosoft:mainfrom
Open
feat(policy): support native PolicyPlugin exports from module files#115yxbh wants to merge 1 commit intomicrosoft:mainfrom
yxbh wants to merge 1 commit intomicrosoft:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends the policy loading pipeline to support native PolicyPlugin exports from module files (detectors/hooks/recommenders), in addition to the existing declarative PolicyConfig DSL, and fixes Windows dynamic import() path handling.
Changes:
- Add native plugin detection/validation helpers (
isNativePlugin,validateNativePlugin) and re-export them. - Update policy loading and plugin-chain construction to accept/route native
PolicyPluginexports. - Update readiness reporting and tests to accommodate
loadPolicy()returning aPolicyConfig | PolicyPluginunion and to exercise native plugin loading/execution.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
packages/core/src/services/policy/types.ts |
Adds native plugin type guard + validation helpers. |
packages/core/src/services/policy/index.ts |
Re-exports new helpers from the policy public surface. |
packages/core/src/services/policy.ts |
Updates loadPolicy() to return a union and uses pathToFileURL() for Windows-safe dynamic imports. |
packages/core/src/services/policy/loader.ts |
Adds native plugin detection path and inserts native plugins directly into the chain with normalized trust/sourceType. |
packages/core/src/services/readiness/index.ts |
Skips native plugins in legacy resolveChain path and auto-enables engine/shadow execution when native plugins are present. |
src/services/__tests__/policy-engine-types.test.ts |
Adds unit tests for isNativePlugin and validateNativePlugin. |
src/services/__tests__/policy-loader.test.ts |
Adds tests for loading/executing native plugins via loadPluginChain. |
src/services/__tests__/policy.test.ts |
Adds helper to narrow loadPolicy() results to PolicyConfig for existing tests. |
Allow policy modules to export a native PolicyPlugin object (with detectors, hooks, and recommenders) instead of being limited to the PolicyConfig DSL. Changes: - isNativePlugin() type guard with validation of meta fields - validateNativePlugin() with thorough hook/array/type checking - loadPolicy() returns PolicyConfig | PolicyPlugin union - loadPluginChain() detects and adds native plugins directly - readiness auto-enables engine path when native plugins are present - pathToFileURL fix for Windows dynamic import Tests: 671 passing (34 new tests for type guard, validation, and loader) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
yxbh
force-pushed
the
feat/native-plugin-loader-v2
branch
from
49cf0b4 to
0cb4bd1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Allow policy modules to export a native \PolicyPlugin\ object (with detectors, hooks, and recommenders) instead of being limited to the \PolicyConfig\ criteria DSL.
What changed
Why
The \PolicyConfig\ DSL (\criteria.add/disable/override) is great for simple checks but can't express:
Native \PolicyPlugin\ exports unlock the full 5-stage engine pipeline for external policy authors.
Native plugin detection
\isNativePlugin()\ detects exports with:
ame\ string (which would indicate a \PolicyConfig)
\�alidateNativePlugin()\ then verifies:
ecommenders\ are arrays of objects with valid \id\ and callable members
Windows fix
\import(resolvedPath)\ fails on Windows for paths like \C:\...\ because Node treats \C:\ as a URL scheme. Fixed by using \pathToFileURL(resolved).href.
Testing