Privileged Plugins

I was trying to port Things 3 Logbook for Obsidian to Logseq.

I figured since it works in Obsidian it should also work in Logseq, but it appears that Logseq has gone to much greater lengths to sandbox plugins. AFAIK Things does not have a public API and relies on iCloud to sync. The plugin works by directly querying the MySQL database Things uses to store its data. It is not ideal perhaps, but it works.

From what I can tell the sandboxing can be disabled with data-disable-sandbox=‘true’ attribute, but obviously, that needs to be done in logseq itself when creating the iframe.

I suppose it is a great thing that electron plugins can be sandboxed, but the alternative it seems is to write an external script that modifies the files directly outside of logseq which would make for terrible UX and requires the “plugin” to generate proper logseq formatted markup directly instead of using the API.

Perhaps a plugin can request privileged access in its package.json and logseq could display appropriate additional warnings that the plugin run requires full access to your computer yada yada before the plugin is installed and some sort of badge indicating it has privileged access?

I completely agree with your ideas. I also encountered the same issue when developing a Microsoft Todo synchronization plugin.