#"platform modules" design

@steel zealot @snow wraith my brain is mush this week with jetlag & heat... I am struggling to form a design opinion but really want to make progress on this, since it affects platform teams so much

anything specifically you need a hand with? I feel like the discussion we had, I'm happy with the outcome of that - or at least, happy for us to prototype that (since it split the daggerverse into two, probably worth looping more folks into discussion, if it works)

yeah I like the "self-declared upstream" design also. The daggerverse fragmentation issue is real but IMO very manageable.

My remaining concerns are:

1. what to call this feature 😭
2. the trust system (prompt the user on install?)
3. same install command or s separate one?

(my brain's a bit fuzzy today, not feeling at 100% 😢)

but:

1. I quite like "toolchain". "template" works, but to me, implies generation once, instead of kinda constantly updated. maybe even just "upstream" works as well?
2. do we need a trust system? i'm a bit confused by this, what's the problem we're trying to solve? i'm not convinced we need this?
3. no super strong preferences, but i like the idea of using the same install command - there's no ambiguity if the "platform module" can't be installed as a regular module...

trust wise, I think prompts are useful for when we need to get the users consent during an operation - we don't know all the details before (since it depends on execution), so llm API is perfect for that.
but in install, it's very procedural and straightforward - if we are worried about a security issue (not sure what that is?), then I think a warning message or even a flag passed to dagger install would be good (maybe that's a good reason to have a separate command)

yeah this all makes sense. the trust system is for granting a dependency full access to the caller's git repo. Seemed like a possible security issue

mm, there is that. but also, the user is explicitly installing it? the user still needs to type out and run a command to grant access.
I think the expectation of you installing a module is that you're already sharing some trust - we don't require any trust mechanism when calling any other module function even if you're passing sensitive info

but when you call a function from a regular module, you have to explicitly pass each directory as argument. A platform* module is more privileged than that