# Unified Plugin Architecture with Trust-Based Execution Model

## Module
Plugin

## Status
IMPLEMENTED

## Description
Complete unified plugin system reworking seven disparate plugin patterns (Crypto, Auth, LLM, SCM, Scanner, Router, Concelier) into a single IPlugin interface with trust-based execution (Built-in=in-process, Untrusted=sandboxed), capability composition (11 capability interfaces including ICryptoCapability, IAuthCapability, ILlmCapability, IScmCapability), database-backed PostgreSQL registry with health tracking, process-based sandbox with gRPC bridge/resource limits/filesystem isolation/secret pr

## Implementation Details
- **IPlugin**: `src/Plugin/StellaOps.Plugin.Abstractions/IPlugin.cs` -- core interface: Info (PluginInfo), TrustLevel (BuiltIn/Trusted/Untrusted), Capabilities (PluginCapabilities), State (PluginLifecycleState), InitializeAsync(IPluginContext), HealthCheckAsync; extends IAsyncDisposable
- **Capability interfaces**: `src/Plugin/StellaOps.Plugin.Abstractions/Capabilities/` -- IAnalysisCapability, IAuthCapability, IConnectorCapability, ICryptoCapability, IFeedCapability, ILlmCapability, IScmCapability, ITransportCapability
- **PluginAttribute**: `src/Plugin/StellaOps.Plugin.Abstractions/Attributes/PluginAttribute.cs` -- assembly attribute for plugin discovery
- **PluginCapabilities**: `src/Plugin/StellaOps.Plugin.Abstractions/PluginCapabilities.cs` -- flags enum for capability composition
- **PluginInfo**: `src/Plugin/StellaOps.Plugin.Abstractions/PluginInfo.cs` -- ID, version, vendor metadata
- **PluginHost**: `src/Plugin/StellaOps.Plugin.Host/PluginHost.cs` -- full lifecycle coordinator with discovery, dependency validation, assembly isolation, initialization, health monitoring, auto-recovery
- **HelloWorldPlugin**: `src/Plugin/Samples/StellaOps.Plugin.Samples.HelloWorld/HelloWorldPlugin.cs` -- sample plugin implementation
- **Tests**: `src/Plugin/Samples/StellaOps.Plugin.Samples.HelloWorld.Tests/HelloWorldPluginTests.cs`
- **ServiceCollectionExtensions**: `src/Plugin/StellaOps.Plugin.Host/Extensions/ServiceCollectionExtensions.cs` -- DI registration for plugin host services
- **Source**: SPRINT_20260110_100_000_INDEX_plugin_unification.md

## E2E Test Plan
- [ ] Verify IPlugin lifecycle transitions: Discovered -> Loading -> Initializing -> Active -> Stopping -> Stopped
- [ ] Test trust-based execution: BuiltIn=in-process, Trusted=monitored, Untrusted=sandboxed
- [ ] Verify capability composition allows multiple capabilities per plugin
- [ ] Test GetPluginsWithCapability<T> returns only active plugins with matching capability
- [ ] Verify plugin unload disposes and unloads AssemblyLoadContext
- [ ] Test plugin reload preserves configuration after restart