capabilities.md

 1# Extension Capabilities
 2
 3The operations that Zed extensions are able to perform are governed by a capability system.
 4
 5## Restricting capabilities
 6
 7As a user, you have the option of restricting the capabilities that are granted to extensions.
 8
 9This is controlled via the `granted_extension_capabilities` setting.
10
11Restricting or removing a capability will cause an error to be returned when an extension attempts to call the corresponding extension API without sufficient capabilities.
12
13For instance, if you wanted to restrict downloads to just files from GitHub, you could modify `host` for the `download_file` capability:
14
15```diff
16{
17  "granted_extension_capabilities": [
18    { "kind": "process:exec", "command": "*", "args": ["**"] },
19-   { "kind": "download_file", "host": "*", "path": ["**"] },
20+   { "kind": "download_file", "host": "github.com", "path": ["**"] },
21    { "kind": "npm:install", "package": "*" }
22  ]
23}
24```
25
26If you don't want extensions to be able to perform _any_ capabilities, you can remove all granted capabilities:
27
28```json
29{
30  "granted_extension_capabilities": []
31}
32```
33
34> Note that this will likely make many extensions non-functional, at least in their default configuration.
35
36## Capabilities
37
38### `process:exec`
39
40The `process:exec` capability grants extensions the ability to invoke commands using [`zed_extension_api::process::Command`](https://docs.rs/zed_extension_api/latest/zed_extension_api/process/struct.Command.html).
41
42#### Examples
43
44To allow any command to be executed with any arguments:
45
46```toml
47{ kind = "process:exec", command = "*", args = ["**"] }
48```
49
50To allow a specific command (e.g., `gem`) to be executed with any arguments:
51
52```toml
53{ kind = "process:exec", command = "gem", args = ["**"] }
54```
55
56### `download_file`
57
58The `download_file` capability grants extensions the ability to download files using [`zed_extension_api::download_file`](https://docs.rs/zed_extension_api/latest/zed_extension_api/fn.download_file.html).
59
60#### Examples
61
62To allow any file to be downloaded:
63
64```toml
65{ kind = "download_file", host = "github.com", path = ["**"] }
66```
67
68To allow any file to be downloaded from `github.com`:
69
70```toml
71{ kind = "download_file", host = "github.com", path = ["**"] }
72```
73
74To allow any file to be downloaded from a specific GitHub repository:
75
76```toml
77{ kind = "download_file", host = "github.com", path = ["zed-industries", "zed", "**"] }
78```
79
80### `npm:install`
81
82The `npm:install` capability grants extensions the ability to install npm packages using [`zed_extension_api::npm_install_package`](https://docs.rs/zed_extension_api/latest/zed_extension_api/fn.npm_install_package.html).
83
84#### Examples
85
86To allow any npm package to be installed:
87
88```toml
89{ kind = "npm:install", package = "*" }
90```
91
92To allow a specific npm package (e.g., `typescript`) to be installed:
93
94```toml
95{ kind = "npm:install", package = "typescript" }
96```