Declare a namespace
A namespace declaration contains:
The exact declaration syntax depends on the language and generated SDK. The
following language-neutral form shows the declaration:
Connect to a namespace
A client connects to the namespace declared by the plugin. The Kernel checks the plugin-wide and namespace access policies during the connection handshake. If either policy rejects the user, the connection is refused. The namespace is unavailable while no running plugin owns it. Stopping the owning plugin disconnects existing sockets from that namespace. Future connections are rejected until the plugin is started again.Receive an event
Only event names listed inevents are forwarded to the plugin. Events that
are not declared are ignored by the Kernel.
The event sent to the plugin is the Protobuf SocketEvent message. See the
Protobuf documentation for the shared contract. Its
fields are:
The Kernel does not impose an application schema on
payload. Define the
payload shape between your client and plugin, then decode and validate it in
the plugin. Since the payload is an array, an event with one object argument
is represented conceptually as:
user value. The User message contains a
username string and a groups list of strings.
Send an event
The plugin sends events using emit instructions. An emit instruction contains:
The event handler can return one or more emit instructions in its response.
This is the portable request/reply form. For WASM plugins, it is the normal way
to emit in response to an incoming event because the handler cannot push an
event spontaneously. A gRPC plugin can also use the host’s emit capability
when it needs to send an event outside the current handler call.
For a directed event, set
target to the receiving socket’s ID. For a
namespace broadcast, leave target empty:
payload must contain a JSON
array of arguments. An empty payload emits an event with no arguments.
Access control
The Kernel evaluates access at both connection and event time:- The plugin-wide policy must allow the user.
- The namespace policy must allow the user.
- If the event has an entry in
event_access, that event policy must also allow the user.
error event to that socket. The error identifies whether authentication is
required or the user is forbidden. The event is not forwarded to the plugin.
See Access control for the policy model.
Namespace conflicts and lifecycle
A namespace can have only one owning plugin at a time. If another running plugin already owns the namespace, the Kernel does not attach the new plugin’s namespace declaration. The namespace conflict affects only that declaration: the plugin still starts, but the Kernel marks itdegraded. Other non-conflicting resources can remain
available. Resolve the conflict and restart the plugin to claim the namespace.
Stopping a plugin releases its namespace ownership and disconnects all sockets
connected to that namespace. Restarting the plugin replaces the owner and lets
clients connect again.
Event handling checklist
Before loading the plugin, verify that:- the namespace begins with
/and is unique to the plugin; - every event the plugin expects is listed in
events; - client and plugin agree that each payload is a JSON array of arguments;
- payloads are validated before the plugin uses them;
- namespace and event access policies protect the intended users; and
- emitted events use the correct namespace and target.