Presently working on WFCORE-4360 adding support for expression resolution backed by a credential store - the main barrier is going to be the solution to bridge expression resolution with a subsystem provided component.

I am wondering if the following is going to be viable to support a configurable expression resolver from a subsystem.

I see the RuntimeExpressionResolver is created very early in the boot process, however at the time it is created the CapabilityRegistry is also available. This is making me think if the CapabilityRegistry can be passed in to the RuntimeExpressionResolver.

I would then imagine the resource handling expression resolution would register a non-dynamic capability which exposes an expression resolver runtime API. This in turn may also need to cross reference a credential store which would also need to be accessible using the runtime API of a capability.

At the time of expression resolution the RuntimeExpressionResolver would then check the CapabilityRegistry to see if an expression resolver has been registered and attempt to use it falling back to vault then default ModelNode resolution if it does not resolve the expression.
Using a runtime API I suspect I would likely need to trigger the initialisation of these APIs at the start of Stage.RUNTIME - that looks feasible by adding a stage to Stage.RUNTIME with addFirst test to true - maybe to be safe these should also start on demand based on first access.

Regards,
Darran Lofthouse.