src,lib: stabilize permission model · nodejs/node@efcc5d9
@@ -123,7 +123,7 @@ require('nodejs-addon-example');
123123```
124124125125```console
126-$ node --experimental-permission --allow-fs-read=* index.js
126+$ node --permission --allow-fs-read=* index.js
127127node:internal/modules/cjs/loader:1319
128128 return process.dlopen(module, path.toNamespacedPath(filename));
129129 ^
@@ -165,7 +165,7 @@ childProcess.spawn('node', ['-e', 'require("fs").writeFileSync("/new-file", "exa
165165```
166166167167```console
168-$ node --experimental-permission --allow-fs-read=* index.js
168+$ node --permission --allow-fs-read=* index.js
169169node:internal/child_process:388
170170 const err = this._handle.spawn(options);
171171 ^
@@ -189,12 +189,15 @@ Error: Access to this API has been restricted
189189<!-- YAML
190190added: v20.0.0
191191changes:
192+ - version: REPLACEME
193+ pr-url: https://github.com/nodejs/node/pull/56201
194+ description: Permission Model and --allow-fs flags are stable.
192195 - version: v20.7.0
193196 pr-url: https://github.com/nodejs/node/pull/49047
194197 description: Paths delimited by comma (`,`) are no longer allowed.
195198-->
196199197-> Stability: 1.1 - Active development
200+> Stability: 2 - Stable.
198201199202This flag configures file system read permissions using
200203the [Permission Model][].
@@ -210,7 +213,7 @@ Examples can be found in the [File System Permissions][] documentation.
210213The initializer module also needs to be allowed. Consider the following example:
211214212215```console
213-$ node --experimental-permission index.js
216+$ node --permission index.js
214217215218Error: Access to this API has been restricted
216219 at node:internal/main/run_main_module:23:47 {
@@ -223,20 +226,23 @@ Error: Access to this API has been restricted
223226The process needs to have access to the `index.js` module:
224227225228```bash
226-node --experimental-permission --allow-fs-read=/path/to/index.js index.js
229+node --permission --allow-fs-read=/path/to/index.js index.js
227230```
228231229232### `--allow-fs-write`
230233231234<!-- YAML
232235added: v20.0.0
233236changes:
237+ - version: REPLACEME
238+ pr-url: https://github.com/nodejs/node/pull/56201
239+ description: Permission Model and --allow-fs flags are stable.
234240 - version: v20.7.0
235241 pr-url: https://github.com/nodejs/node/pull/49047
236242 description: Paths delimited by comma (`,`) are no longer allowed.
237243-->
238244239-> Stability: 1.1 - Active development
245+> Stability: 2 - Stable.
240246241247This flag configures file system write permissions using
242248the [Permission Model][].
@@ -282,7 +288,7 @@ new WASI({
282288```
283289284290```console
285-$ node --experimental-permission --allow-fs-read=* index.js
291+$ node --permission --allow-fs-read=* index.js
286292287293Error: Access to this API has been restricted
288294 at node:internal/main/run_main_module:30:49 {
@@ -313,7 +319,7 @@ new Worker(__filename);
313319```
314320315321```console
316-$ node --experimental-permission --allow-fs-read=* index.js
322+$ node --permission --allow-fs-read=* index.js
317323318324Error: Access to this API has been restricted
319325 at node:internal/main/run_main_module:17:47 {
@@ -949,24 +955,6 @@ added:
949955950956Enable experimental support for the network inspection with Chrome DevTools.
951957952-### `--experimental-permission`
953-954-<!-- YAML
955-added: v20.0.0
956--->
957-958-> Stability: 1.1 - Active development
959-960-Enable the Permission Model for current process. When enabled, the
961-following permissions are restricted:
962-963-* File System - manageable through
964-[`--allow-fs-read`][], [`--allow-fs-write`][] flags
965-* Child Process - manageable through [`--allow-child-process`][] flag
966-* Worker Threads - manageable through [`--allow-worker`][] flag
967-* WASI - manageable through [`--allow-wasi`][] flag
968-* Addons - manageable through [`--allow-addons`][] flag
969-970958### `--experimental-print-required-tla`
971959972960<!-- YAML
@@ -1780,6 +1768,28 @@ unless either the `--pending-deprecation` command-line flag, or the
17801768are used to provide a kind of selective "early warning" mechanism that
17811769developers may leverage to detect deprecated API usage.
178217701771+### `--permission`
1772+1773+<!-- YAML
1774+added: v20.0.0
1775+changes:
1776+ - version: REPLACEME
1777+ pr-url: https://github.com/nodejs/node/pull/56201
1778+ description: Permission Model is now stable.
1779+-->
1780+1781+> Stability: 2 - Stable.
1782+1783+Enable the Permission Model for current process. When enabled, the
1784+following permissions are restricted:
1785+1786+* File System - manageable through
1787+[`--allow-fs-read`][], [`--allow-fs-write`][] flags
1788+* Child Process - manageable through [`--allow-child-process`][] flag
1789+* Worker Threads - manageable through [`--allow-worker`][] flag
1790+* WASI - manageable through [`--allow-wasi`][] flag
1791+* Addons - manageable through [`--allow-addons`][] flag
1792+17831793### `--preserve-symlinks`
1784179417851795<!-- YAML
@@ -3089,6 +3099,7 @@ one is included in the list below.
30893099* `--openssl-legacy-provider`
30903100* `--openssl-shared-config`
30913101* `--pending-deprecation`
3102+* `--permission`
30923103* `--preserve-symlinks-main`
30933104* `--preserve-symlinks`
30943105* `--prof-process`