Plugins

WASM-sandboxed. Capability-gated. Any language that targets wasm32-wasi.

Because electron plugins are malware you paid for.

VS Code extensions can read every file on disk, open every socket, exfiltrate every token. We've all read the postmortems. vev plugins run in wasmtime with an explicit capability list. "Read ~/.vev-plugin/foo/" is a grant. "Read ~/" is a different grant. You see every one of them before you install.

the marketplace

One namespace. All signed.vev plugin install @namespace/name. Everything signed by the author's key, countersigned by the vev registry key. Source URL is mandatory in every manifest.

browse registry →

building a plugin

cargo new --lib my-vev-plugin
cd my-vev-plugin
cargo add vev-plugin-sdk
# write your command() impl
cargo build --target wasm32-wasi --release
vev plugin test target/wasm32-wasi/release/my-vev-plugin.wasm
vev plugin publish

Full docs at /docs/plugins.

capability list · all of them, no surprises

fs.read:<path>read-only access to a path prefix.

fs.write:<path>writes under a path prefix.

net.connect:<host:port>outbound sockets to a specific target.

net.listen:<port>bind a local port.

exec:<binary>run a named binary with scrubbed env.

session.readread current shell session output.

session.writewrite to current shell session (i.e., type).

ai.call:<provider>invoke a configured AI provider.

audit.appendwrite entries to the audit log.

Nothing else. If a plugin needs a capability not in this list, it can't have it.