# Plugin Architecture Gaps (Stub)

Use with sprint task 14 (Plugin architecture gaps remediation).

- TODO: Signed schemas/capability catalog for plugins.
- TODO: Sandbox/resource limits and crash kill-switch rules.
- TODO: Provenance: SBOM + DSSE verification for plugins; offline kit packaging + verify script.
- TODO: Compatibility matrix and dependency/secret rules.
- TODO: Signed plugin index with revocation/CVE data (see `tests/plugins/plugin-index.json`).
- TODO: Determinism harness and fixture plan (see `tests/plugins/README.md`).
- TODO: Publish `docs/process/plugin-capability-catalog.json` and sign it.