VS Code extensions run with full Node.js capabilities in a shared process. A malicious or buggy extension can access any file, make any network request, and read another extension's state. The extension sandbox is a policy document, not a technical boundary.
"An extension can only touch what you explicitly grant. The sandbox is enforced by the hardware, not a policy."
Grove runs extensions compiled to WebAssembly inside WASMtime with capability-based security. An extension can only touch resources explicitly granted to it: a specific directory, a network endpoint, a named IPC channel. No implicit ambient authority. The WASM sandbox is a technical boundary enforced by the runtime.
- Capability-based isolation. Extensions can only access resources explicitly granted to them.
- WASM sandbox. WASMtime enforces the boundary at the runtime level, not by policy.
- Zero trust marketplace. The path to running untrusted extensions safely, like mobile apps on iOS.
- Rhai scripting. Lightweight automation tasks run in Grove without a full extension.
graph LR
classDef grove fill:#ccf,stroke:#333,stroke-width:2px;
classDef mountain fill:#f9f,stroke:#333,stroke-width:2px;
classDef wasm fill:#cfc,stroke:#333,stroke-width:1px;
classDef transport fill:#ff9,stroke:#333,stroke-width:1px,stroke-dasharray: 5 5;
subgraph "Grove 🌳 (Rust/WASM Extension Host)"
direction TB
ExtensionHost["Extension Host Controller"]:::grove
ActivationMgr["Activation Manager"]:::grove
APIBridge["VS Code API Bridge"]:::grove
WASMRuntime["WASM Runtime (WASMtime)"]:::wasm
TransportLayer["Transport Layer"]:::transport
ExtensionHost --> ActivationMgr
ActivationMgr --> APIBridge
APIBridge --> WASMRuntime
WASMRuntime --> TransportLayer
end
subgraph "Mountain ⛰️ (Rust/Tauri Backend)"
VineGRPC["Vine gRPC Server"]:::mountain
end
TransportLayer -- gRPC/IPC --> VineGRPC
Grove is a component of the Land workspace. Follow the Land Repository instructions to build and run.
CC0 1.0 Universal. Public domain. No restrictions. LICENSE
Grove is a core element of the Land ecosystem. This project is funded through NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet program. Learn more at the NLnet project page.
The project is operated by PlayForm, based in Sofia, Bulgaria.
PlayForm acts as the open-source steward for Code Editor Land under the NGI0 Commons Fund grant.
| Land | PlayForm | NLnet | NGI0 Commons Fund |
|---|---|---|---|
|
|
|
|
Project Maintainers: Source Open (Source/Open@Editor.Land) | GitHub Repository | Report an Issue | Security Policy
