Skip to main content
Version: 0.5.x

Introduction​

Source plugins read host-managed file views through services.Files(). Dynamic plugins declare service: files in plugin.yaml and use BatchGetFiles and EnsureFilesVisible. Trusted source plugins that need to delete host files use services.Admin().Files().DeleteFiles.

The Files capability provides read-only access to the host file management system. Plugins cannot upload files or modify file metadata through this capability.

Capability Phase: Runtime

Supported Plugin Types: Source plugins, Dynamic plugins

Capability Design​

Host File Management Model​

The host file management is centered on the sys_file table, managing the full lifecycle of user-uploaded files:

FieldDescription
idFile primary key
tenant_idTenant ownership
nameStorage file name
originalOriginal file name
suffixFile extension
sceneBusiness scene identifier
sizeFile size
hashSHA-256 hash for deduplication
urlAccess path
pathPhysical storage path
engineStorage engine identifier
created_byUploader

The upload process automatically computes SHA-256 hashes for file deduplication within the same tenant: files with identical hashes reuse physical storage, creating only new metadata records.

Plugin-Visible View​

Plugins access file information through FileProjection, which does not expose physical storage paths, hash values, or underlying storage backends:

FieldDescription
IDFile identifier
NameDisplay file name
MimeTypeMedia type
SizeBytesFile size
BusinessSceneBusiness scene

Relationship with Other Resource Capabilities​

CapabilityPurpose
Files()Read host file management views, e.g., user-uploaded files, business attachments
Storage()Plugin's own object read/write, e.g., export results, temporary artifacts
Manifest()Read plugin's read-only manifest/ resources shipped with the artifact
AI AssetRefReference protected input or output assets in the AI capability

Interface Definitions​

Source Plugin Interface​

EntryMethodDescription
Files()BatchGetBatch-reads visible file views
Files()SearchSearches visible file candidates by business scene, keyword, and media type
Files()EnsureVisibleValidates that target file set is visible to the current call context
Admin().Files()DeleteDeletes visible files; host performs scene and target validation

Dynamic Plugin Interface​

Dynamic plugins can access two types of services:

files service — Host file views:

Dynamic MethodCapability ConstantDescription
files.batch_gethost:filesBatch-reads visible file views
files.searchhost:filesSearches visible file candidates by business scene, keyword, and media type
files.visible.ensurehost:filesValidates file visibility

storage service — Plugin-scoped object storage:

Dynamic MethodDescription
storage.putWrite object
storage.getRead object
storage.deleteDelete object
storage.delete_manyBatch-delete objects
storage.listList objects
storage.list_cursorCursor-paginated object listing
storage.statQuery object metadata
storage.batch_statBatch-query object metadata

Capability Usage​

Source Plugin Usage​

Source plugins read host-managed file views through services.Files():

// Batch-read file views
result, err := services.Files().BatchGet(ctx, capabilityCtx, fileIDs)

// Search visible file candidates
page, err := services.Files().Search(ctx, capabilityCtx, filecap.SearchInput{
BusinessScene: "avatar",
Keyword: "profile",
MimeType: "image/png",
Page: pageRequest,
})

// Validate file visibility
err := services.Files().EnsureVisible(ctx, capabilityCtx, fileIDs)

Trusted source plugins deleting files:

err := services.Admin().Files().Delete(ctx, capabilityCtx, fileIDs)

Dynamic Plugin Usage​

Dynamic plugins declare the files service in plugin.yaml:

hostServices:
- service: files
methods:
- files.batch_get
- files.search
- files.visible.ensure

Design Constraints​

  • Read-only view. Plugins cannot upload or modify files through the Files capability — only read and validate.
  • No physical paths exposed. FileProjection does not contain storage paths, hash values, or access URLs.
  • Deletion is a governance command. Delete operations must go through Admin().Files(), with the host performing scene and target validation.
  • Visibility is controlled by the host. Whether a file is visible to the current plugin is determined by the host based on tenant and data scope.