Capabilities & trust
A plugin has to ask before it touches your GPU, your files, the network, or saves anything to disk — and you approve that list when you install it.
DNA plugins run inside the same app as your work, so they don't get a blank cheque. Each plugin declares up front exactly which extra powers ("capabilities") it needs. You see that list before anything loads, and the app holds the plugin to it.
The five capabilities
A plugin can request any combination of these. If it doesn't ask for one, it simply can't do it — there's no way to sneak past the list.
GPU — use the graphics card directly, for example to run its own custom effect.
Saved state — remember something between sessions (a node that persists settings or cached data on disk).
Files — read and write files on your computer.
Network — open connections to the internet or your local network.
Load plugins — load other plugins of its own.
A plugin that asks for none of these is the safe default: it can still make nodes that crunch numbers, shapes, and signals, but it can't reach outside the app.
GPU, audio, physics, and simulation work that stays inside the app never needs your approval — none of it reaches your files, network, or the rest of your machine. Only the capabilities that reach outside the sandbox trigger a prompt.
You approve at install
When you install a plugin, DNA shows you the exact list of capabilities it's requesting, each with a plain-English line like "Files — reads and writes files on your computer." Nothing loads until you accept. See Installing plugins for the install flow.
This is the same trust prompt the app uses for any project that wants to reach outside the sandbox — so a plugin's request and a project's request feel identical. The full model lives in Trust & Permissions.
Trust travels with the project
Whether a capability-requesting plugin (or node) is actually allowed to run depends on whether the current project is trusted.
A project you've explicitly trusted runs its capability-bearing nodes and plugins normally.
A project that's restricted — anything freshly downloaded, or a path you haven't accepted yet — won't run those nodes until you trust it. They show a small lock badge and a yellow bar offers a Trust this project button.
If a node refuses to cook and shows a lock, that's the trust gate, not a bug. Click Trust this project (or open the trust prompt) to review what it wants and allow it.
A restricted project also refuses to load any plugin that asks for capabilities outright — the plugin is held back until you trust the project, rather than loaded and quietly blocked.
What the app enforces
Once you've approved a plugin, the app only hands it the powers you granted. If a plugin tries to use something it didn't ask for — or something a restricted project doesn't allow — that action is denied rather than silently succeeding. Approval is per-path, so trusting one project doesn't trust every file you ever open, and you can revoke trust later from preferences.