Zed Industries
Download

Extension Capabilities

The operations that Zed extensions are able to perform are governed by a capability system.

Restricting capabilities

As a user, you have the option of restricting the capabilities that are granted to extensions.

This is controlled via the granted_extension_capabilities setting.

Restricting or removing a capability will cause an error to be returned when an extension attempts to call the corresponding extension API without sufficient capabilities.

For instance, if you wanted to restrict downloads to just files from GitHub, you could modify host for the download_file capability:

{
  "granted_extension_capabilities": [
    { "kind": "process:exec", "command": "*", "args": ["**"] },
-   { "kind": "download_file", "host": "*", "path": ["**"] },
+   { "kind": "download_file", "host": "github.com", "path": ["**"] },
    { "kind": "npm:install", "package": "*" }
  ]
}

If you don't want extensions to be able to perform any capabilities, you can remove all granted capabilities:

{
  "granted_extension_capabilities": []
}

Note that this will likely make many extensions non-functional, at least in their default configuration.

Capabilities

process:exec

The process:exec capability grants extensions the ability to invoke commands using zed_extension_api::process::Command.