This repository is a reference implementation for a first-party Lattice Bundle v2 plugin. Treat it as an example of the minimum safety bar, not as a shortcut around review.
manifest.jsonis intentionally unsigned for local development only.- Production bundles must replace the placeholder digest with the real artifact SHA-256 and add a trusted signature in release automation.
- The published trust decision should bind the manifest identity to the exact packaged bytes, not to an unpacked source checkout.
- The Go runtime is a separate stdio process with explicit JSON inputs and outputs.
- The UI runs in a sandboxed iframe and uses only the postMessage bridge with a
nonce from
location.hash. - The reference UI does not use
fetch, XHR, local/session storage, cookies, inline scripts, inline styles, or top-level navigation. - Built assets must stay self-contained under
ui/index.htmlandui/assets/.
tools/pluginpackemits deterministictar.gzarchives with sorted paths.- Tar headers use Unix-epoch timestamps and zero uid/gid metadata.
- Directories and runtime binaries use mode
0700; other files use0600. - Unsafe archive names, symlinks, and unsupported filesystem entry types are rejected before packaging.
- Keep runtime entrypoints limited to the manifest-declared Linux binaries.
- Keep UI changes auditable and avoid adding any dependency on
lattice-dashboardinternals. - Treat
network:planas a reviewed scope. Expanding to mutating or host-risk scopes should come with new interface metadata, tests, and explicit signer approval.