Adopt llrt runtime modules: fetch, node:fs/os/zlib/path, crypto, subprocess, Web globals

[Mechazawa]

Replaces the hand-rolled Web-API layer in the plugin runtime with AWS's llrt module crates, pinned to one git rev (5af6d48, all on rquickjs 0.12). Plugins now get a standard runtime surface instead of high-beam-specific approximations.

What plugins see now

• fetch (gated on the http capability): real Headers/Request/Response/FormData, binary bodies, ReadableStream response bodies. highbeam:http is gone; migration notes live in sdk-reference.md (the gist: get(url, opts) becomes fetch(url, opts) and res.json() is async).
• node:fs + node:fs/promises behind a new coarse fs capability whose confirm-dialog wording says what it means: full read/write access. Declaring fs also unlocks the scoped highbeam:fs helpers. The narrow fs.read/fs.cache caps are unchanged and do not unlock node:fs.
• node:path, uncapped.
• Always-on globals: URL/URLSearchParams, Buffer/Blob/File, multi-encoding TextEncoder/TextDecoder (replaces the UTF-8-only polyfill from Fix plugin runtime gaps, enforce host-only actions, trim comment noise #51), web streams, DOMException, and native AbortController/AbortSignal with working timeout/any/abort statics and spec DOMException reasons.

Host-side changes

• rquickjs 0.11 → 0.12 (Resolver/Loader gained an ImportAttributes param; the deprecated async_with! macro is replaced by AsyncContext::async_with with async closures at all 27 call sites).
• The Rust Abort handle drives the native controller directly; the JS controller registry and its release() bookkeeping are deleted.
• The import allowlist is now highbeam:* plus the three node:* modules; everything else still fails at load with a capability or unknown-module error.

Two deliberate divergences from llrt, both soundness-driven

1. setTimeout stays our local polyfill. llrt_timers keys its state in a process-global Vec by raw *mut JSRuntime, never deregisters entries, and unwrap_uncheckeds lookups. Under one runtime per plugin plus reloads that leaks and aliases freed state on address reuse. LLRT itself is single-runtime-per-process and never hits this.
2. AbortSignal.timeout is replaced at install with a setTimeout-backed implementation. Cargo feature unification forces llrt_abort's sleep-timers backend on (llrt_fetch depends on it with defaults), and the native static routes into the table above: calling it aborted the process with unreachable_unchecked in testing.

Fetch guard

llrt_fetch ships no request timeout, so a wrapper joins every request with a 30 s AbortSignal.timeout deadline (caller signals can abort sooner, not later; response size is bounded by the plugin's memoryMb). The adversarial review pass surfaced two gaps the guard now covers, with regression tests: a Request-embedded signal was silently dropped (llrt gives the init arg precedence), and a pre-aborted signal hung the request until transport failure because llrt's fetch only subscribes to future abort sends and AbortSignal.any's already-aborted early-return never fires the sender. Both look like candidate upstream llrt reports.

Cost: release binary grows 16.9 MB → 21.0 MB (hyper, rustls + ring, webpki root store, llrt modules). Known minor residue: each early-finished fetch parks its 30 s deadline timer until it lapses (bounded by fetch rate, cleaned on context teardown); a timers upgrade with real clearTimeout would remove it and is left out of scope here.

Verification: cargo fmt --check, just lint, just lint-pedantic (0 warnings), 338 Rust tests across 16 binaries (new tests/runtime_globals.rs pins the per-capability global surface, node:fs read/write end-to-end, cap gating, the patched AbortSignal.timeout, and both fetch-guard regressions), 260 plugin vitest tests, full-plugin smoke test in the real runtime, release build. A five-lens review workflow (security, soundness, migration correctness, docs accuracy, CI/build) ran over the full diff; all five confirmed findings are fixed here or documented above.

Follow-up: broader llrt surface + highbeam:platform removal

After the initial migration, more llrt modules were wired up and one custom module retired. Each addition was verified against llrt source first (init signature, deps, soundness, binary cost) and gets shape-test pins plus functional probes.

New always-on globals (uncapped, pure compute):

• crypto: WebCrypto (getRandomValues, randomUUID, subtle.*) plus node-style randomBytes / createHash / createHmac (crypto-rust backend, no C).
• Temporal: full surface.
• Intl: partial, DateTimeFormat + supportedValuesOf only (that is all llrt_intl ships, no NumberFormat).

New uncapped node:* modules: node:os, node:zlib (forced to compression-rust, C-free), node:string_decoder.

New subprocess capability: gates node:child_process (spawn) and the process global. process.env is a live proxy over the daemon's real environment; process.exit is inert here (sets __exitCode, which the host does not act on), so a plugin cannot terminate the daemon through it. child_process stdio rides llrt_stream's Rust stream constructors directly, no node:stream registration needed.

Removed highbeam:platform: superseded by node:os. The 6 plugins that used it (app-launcher, kill-process, file-search, dictionary-linux, prefpanes, window-mgmt) now derive platform checks from os.platform() ("darwin"/"linux", not the old "macos"); their vitest suites mock node:os.

Intl and Temporal share jiff (no heavy ICU). Verification after the follow-up: fmt + just lint + pedantic (0 warnings), 354 Rust tests across 17 binaries, 260 plugin vitest tests, full-plugin smoke test in the real runtime.
🤖 Generated with Claude Code