ObjectStackManifest
Manifest protocol schemas
Structured permission grants requested by a plugin (ADR-0025 §3.2).
Each list scopes one capability surface the plugin may touch. The
install-time consent flow (ADR §3.5 step 2) turns this declaration into
the persisted granted_permissions set enforced at load by the
PluginPermissionEnforcer.
@example
\{ "services": ["object", "http"], "hooks": ["record.beforeInsert"],
"network": ["api.acme.com"], "fs": [] \}
Source: packages/spec/src/kernel/manifest.zod.ts
TypeScript Usage
import { ManifestPermissions, PluginEngines, PluginIntegrity, PluginPackaging, PluginPermissions, PluginRuntime } from '@objectstack/spec/kernel';
import type { ManifestPermissions, PluginEngines, PluginIntegrity, PluginPackaging, PluginPermissions, PluginRuntime } from '@objectstack/spec/kernel';
// Validate data
const result = ManifestPermissions.parse(data);ManifestPermissions
Union Options
This schema accepts one of the following structures:
Option 1
Type: string[]
Option 2
Structured plugin permission grants (ADR-0025 §3.2)
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| services | string[] | optional | Platform services the plugin may resolve (e.g. "object", "http") |
| hooks | string[] | optional | Lifecycle hooks the plugin may register (e.g. "record.beforeInsert") |
| network | string[] | optional | Network hosts the plugin may reach (e.g. "api.acme.com") |
| fs | string[] | optional | Filesystem paths the plugin may access |
PluginEngines
Plugin compatibility ranges (ADR-0025 §3.2)
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| platform | string | optional | ObjectStack platform release range (SemVer, e.g. ">=4.0 <5") |
| protocol | string | optional | Runtime/metadata protocol range, checked first (ADR §3.10 #3) |
PluginPackaging
Dependency packaging strategy (ADR-0025 §3.3)
Allowed Values
bundledmanifest-deps
PluginPermissions
Structured plugin permission grants (ADR-0025 §3.2)
Properties
| Property | Type | Required | Description |
|---|---|---|---|
| services | string[] | optional | Platform services the plugin may resolve (e.g. "object", "http") |
| hooks | string[] | optional | Lifecycle hooks the plugin may register (e.g. "record.beforeInsert") |
| network | string[] | optional | Network hosts the plugin may reach (e.g. "api.acme.com") |
| fs | string[] | optional | Filesystem paths the plugin may access |
PluginRuntime
Plugin trust tier (ADR-0025 §3.6)
Allowed Values
nodesandboxworker