plugins: require cloud_unsupported_reason and reject placeholder versions#4384
plugins: require cloud_unsupported_reason and reject placeholder versions#4384twmb wants to merge 1 commit into
Conversation
|
I'd consider completely redoing this file or removing it completely. Having said that such a file comes in handy as a single source of truth. The problem is that data in component registration and cvs may and do diverge. |
|
having this data in |
|
@JakeSCahill we'll follow up on this — exposing |
twmb
force-pushed
the
plugins-cloud-reason-and-versions
branch
from
c0df421 to
014007f
Compare
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
twmb
force-pushed
the
plugins-cloud-reason-and-versions
branch
from
014007f to
4412edd
Compare
This comment was marked as resolved.
This comment was marked as resolved.
Adds a cloud_unsupported_reason column to internal/plugins/info.csv so that every connector excluded from the cloud distribution carries a one-line rationale alongside the cloud=n flag. The version column was a placeholder field that, in practice, diverged from component registration: 157 of 320 entries carried the 0.0.0 sentinel, and nothing in the runtime, docs, or cloud bundling consumed the value. New entries also had to be hand-tagged with the upcoming release at registration time, which is the wrong moment to make that decision. Drop the column entirely and remove the matching field on PluginInfo, the basePluginInfo default, the columnInfo entry, and TestPluginVersion. The cloud_unsupported_reason column and TestPluginCloudEnablement from the preceding commit on this branch remain. - TestPluginCloudEnablement requires every plugin to either be cloud-enabled or to carry a non-empty cloud_unsupported_reason; cloud-enabled rows must leave the reason empty. The reasons for the connectors deliberately gated on security review are bucketed into "security: arbitrary code execution", "security: local filesystem access", "security: raw socket access", "security: opens a listener unreachable from cloud", and "security: pipeline stdio not exposed in cloud". The remaining reasons cover deprecated upstream protocols, managed metrics/tracing in cloud, missing certification, and a few connector-specific limitations. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
twmb
force-pushed
the
plugins-cloud-reason-and-versions
branch
from
4412edd to
2fd9bab
Compare
|
Commits Review I verified that the Minor note: the PR description still references a LGTM |
|
(pr desc updated) |
3 participants
Adds a cloud_unsupported_reason column to internal/plugins/info.csv so that every connector excluded from the cloud distribution carries a one-line rationale alongside the cloud=n flag, and drops the version column entirely (157 of 320 rows carried the 0.0.0 placeholder, and nothing in the runtime, docs, or cloud bundling consumed the value).
A new TestPluginCloudEnablement in internal/plugins/alltest enforces the invariant going forward: every plugin must either be cloud-enabled or carry a non-empty cloud_unsupported_reason.
The reasons for connectors deliberately gated on security review are bucketed into "security: arbitrary code execution", "security: local filesystem access", "security: raw socket access", "security: opens a listener unreachable from cloud", and "security: pipeline stdio not exposed in cloud". The remaining reasons cover deprecated upstream protocols, managed metrics/tracing in cloud, missing certification, and a few connector-specific limitations.