Extend

Speaker 0: This has been a huge week of announcements and thank you so much for joining us and being a part of it but we're not quite at the end yet. The idea of a directus marketplace has been around for years. It's the natural next step from having a robust and flexible extensions framework. Now today's announcement isn't the marketplace, but instead the final piece of foundational work required to allow us to work on the marketplace with full force. So let's talk about that foundational work to date.

The Director's Extensions SDK provides a toolkit to help you build extensions all the way from scaffolding to working with data and building a polished user interface. You can install extensions via NPM or external storage locations like S3. We've created a detailed yet readable metadata structure for your extensions package JSON file and a host of smaller things, including a standardized way to present errors and more ways that we expose the directus internals for you to take advantage of. But underpinning everything is our need to have confidence in the way that we ask you to build extensions and that that should be more or less the same for many directors versions to come. The secure extensions framework shipping as part of Directus 10.7 is the final part of those foundations, providing an explicit permissions model the extensions will need to adopt to be distributed and adopted in the future.

To tell you more, here's Esther.

Speaker 1: As developers, we know security is one of the most crucial aspects of building software. Whether you're creating products for users or creating internal tools, you want to be able to innovate freely while also protecting your data from vulnerabilities. Extensions in directors provide a way to build, modify, or expand directors functionality beyond the default for your specific needs. That's why today, we are very excited to announce secure extensions. Secure extensions are a powerful way to maintain strict control over interactions with the external environment when developing extensions.

It allows you to configure restrictions on how extensions access your information and communicate externally. In addition to the security they provide, secure extensions also serve as a foundation for the director's marketplace, ensuring that all extensions available for users are developed with security in mind. At the heart of secure extensions is the concept of isolates. An isolate is a secure sandbox where extensions are evaluated and executed. Let's check out an example of how to develop a secure extension.

Start by creating an extension like you normally do using the director's extension CLI. Next, open the package dot JSON of the extension and add a sandbox property, which is an object. Within that object, add 2 properties enabled with the value of true and requested scopes, which is an array of function scopes the extension needs access to. By using scopes and the sandbox functions exposed by directors, isolates are granted new and specific capabilities. For example, the request function allows you to make requests to external services.

To use the request function, you need to add permissions for the request scope in your extension's metadata, including which external URLs can be accessed by it. Be sure to check out the full list of available sandbox functions in our documentation. We'll continuously be shipping more functions as part of the secure extensions framework, So keep an eye on future releases. With secure extensions laying the groundwork for the marketplace, you can create reliable extensions that enhance the functionality of directors while maintaining the highest standard of data protection. We can't wait to see your contributions and the extensions that you come up with.

Over to you, Kev.

Speaker 0: And that is the 1st director sleep week wrapped. We covered loads. The release of directors 10.7 comes with content versioning, huge improvements to our insights module, our secure extensions framework, and new app theming options. We also spoke about the evolution of Directus and what it means to treat it as a composable data platform as well as sharing agent c OS with you. And finally, there were some teasers of what comes after secure extensions.

Thank you so much for being a part of this. I've had a blast. And on behalf of the whole directors core team, thank you and bye for now.