SteamDeckHomebrew/decky-loader v1.2.0

New plugin format, Root plugins, Library improvements

on GitHub

Plugins now follow a new format

• Plugin metadata like name, description, html files and flags, now reside in a separate plugin.json file.
• This allows plugins that only use javascript (called passive plugins internally), to not include any python code at all
• This new format also supports the new flags field, where plugins can modify the way the loader treats them. The only flags supported so far are root, which loads the plugin into a root process, and the debug flag which replaces the hot_reload setting.
• You can find more information on this new plugin format in the Wiki.

Library improvements

• Added functions to inject and remove css from tabs.
• Added library function to execute code in a different tab.
• You can now find the documentation for all the library methods in the Wiki.

Security improvements

• Plugins are now assigned a callsign (a random string), which they use for all internal identification, like resource fetching and method calls. This is to ensure that plugins only access their own resources and methods.
• Plugins are now owned by root and have read-only permissions. This is handled automatically.
• Plugins now run in their own isolated processes, with their own event loop. This isolation allows us to implement useful functionality like root access, since these processes can also have different permissions.