SwiftPM command plugins with permission to access the network

Are there any plans to allow command plugins to access the network? Perhaps not for build tools as they have more deterministic requirements, but it would be useful to allow custom commands to carry out more involved tasks.

My motivating use case is that I am writing a GraphQL code generation tool, and as a part of that it needs to be able to download a schema from an endpoint, which may be over the internet or within the local network.

As an extension of SE-0332, I would imagine there would be a new permission something like:

public extension PluginPermission {
    /// The command plugin wants permission to make network requests.
    /// The `reason` string is shown to the user at the time of request
    /// for approval, explaining why the plugin is requesting this access.
    public static func accessNetwork(reason: String) -> PluginPermission

Are there any caveats that should be considered before allowing command plugins to do this?


There is certainly a lot of desire to do this, and this came up a bit during the proposal review. I think that extending the plugin permission along the lines you suggest would be a natural way to do it, and is part of the reason the PluginPermission is open-ended.

I think the challenges would be around what kinds of network access to allow. For example, should there be different permission levels for things like:

  • local vs remote connections
  • outbound-only connections vs listening on a port

In practical terms I could also imagine there might be questions about how to provide authentication credentials, etc. So I think it's just a matter of not yet having discussed and worked through these issues. It does seem like a natural extension.

1 Like

I would like to use this to make a deploy script that extracts info from the package and deploys a subset to another git repo. At present this is not possible. I solve this by running it as an executable but this beats a bit the purpose and lowers discoverability.