Plugins
Permission grant flow
When a plugin is activated for the first time, a single unified dialog shows the user every permission element declared in its manifest (capabilities · tools categories · pluginAccess · hostSecrets · agentApprovalScopes) at once.
Items reviewed from the manifest
- capabilities: 12 items in a closed enum —
mail-source,calendar-source,meeting-recorder,knowledge-index,background-watcher,external-auth-consumer,document-indexer,routine-provider,lifecycle-observer,worker-client,ms-graph-consumer,host:overlay. - tools[]: the list of tool names. Each tool's
toolSchemas.<name>.category—read | write | shell | network | meta— is grouped by category and shown to the user. - pluginAccess: which other plugin's tools/events this plugin will use (e.g. work-assistant calling ms-graph's
msgraph_calendar_today). - agentApprovalScopes: standard labels for cross-plugin risky actions (e.g.
agent_file_share,agent_task_delegate,agent_external_api_call). - hostSecrets / llmKeySource: secret access / LLM key vendor declarations.
- configSchema: user-editable config fields + defaults.
What the user sees
- 01
Deeplink from Marketplace
The "Install" button on the web page fires
lvis://install/<slug>orlvis://install/<type>/<slug>. The host receives and handles the URL (lvis-protocol.ts:72). - 02
Package + signature verification
sigThe host verifies the Ed25519 signature envelope issued by the Marketplace. It passes once at least one signature matches a known public key (
marketplace/server/src/lvis_marketplace/signing.py:219). - 03
Permission dialog — everything at once
The parsed manifest is grouped by category — capabilities / tools / pluginAccess / secrets — and shown together. The grant is saved once the user confirms.
- 04
First activation
start()Its own namespace
~/.lvis/plugins/<pluginId>/is created (0o700). The plugin'sstart()callback is called —hostApi.registerKeywordsis registered if present.