Permissions / API
jsejcksn opened this issue ยท 3 comments
It is not possible for me to grant unsandboxed/unrestricted access to any unsigned application in my CLI environment. Using --allow-all during installation is simply not a possibility.
I would still like to interact with nest.land, and I am able to grant eggs restricted permissions in order to do so.
e.g.
--allow-net ๐
--allow-net=x.nest.land,deno.land,denopkg.com ๐
--allow-read ๐
--allow-read="$HOME/.nest-api-key","$HOME/.eggs" ๐
--allow-write ๐
--allow-write="$HOME/.nest-api-key","$HOME/.eggs" ๐
--allow-env ๐
--allow-run ๐
(this is presently equivalent to --allow-all)
I realize that some parts of the application might require either access to my environment variables OR for me to provide configuration values.
Will you provide a list maximally-restrictive permissions for functionality? If this is not possible, and you are unwilling to refactor the application to support greater user privacy and control, can you please detail how I can use the API to publish to and interact with nest.land? If there is already documentation for this, just point me to it. Thanks!
Hi Jesse,
Thanks for reaching out! Here is a list of permissions needed for each command to function properly: #89 (comment)
Based on the permissions you've listed, it appears that you'll be able to run some commands but not others. I think that the above link will give you a great amount of clarity for determining whether the CLI would be a good fit for what you're doing. If you find yourself needing to build a custom solution with our API, don't hesitate to contact me if you need any help with integration: tate@arceum.co
I'm sorry that our CLI does require so many permissions. Though we don't yet have API documentation, reading the endpoints from our x-node folder should suffice. I will note that @divy-work is working on a rewrite of the API in Rust, and we aren't yet sure when / how that will impact the functionality of our current API.
Thanks!
Tate
@tbaumer22 Thanks for linking me to the other issue. I think this one is effectively a duplicate of that one, so feel free to close it if you agree.
No problem! I didn't close this initially because I thought that it may turn into an API conversation, but I suppose you can open a new issue if you have any questions related to that.