Plugin Framework

Universal extensibility framework providing plugin lifecycle management, sandboxing, registry, and SDK for building Stella Ops plugins.

Purpose

The Plugin Framework is a foundational library that provides a consistent plugin lifecycle, trust-based sandboxing, and a registry for managing plugins across all Stella Ops modules. It enables any module to be extended with third-party or custom logic while maintaining security boundaries and operational visibility.

Quick Links

Architecture - Technical design and implementation details

Status

Attribute	Value
Maturity	Production
Source	`src/Plugin/`

Key Features

IPlugin interface and lifecycle: Standard contract for all plugins with well-defined states (Discovery, Loading, Initialization, Active, Shutdown)
Trust levels: Three-tier trust model -- BuiltIn (in-process), Trusted (isolated with monitoring), Untrusted (sandboxed in separate process)
Process sandboxing: Untrusted plugins run in isolated processes with gRPC IPC for communication
Plugin registry: Persistent catalog of installed plugins with version tracking (InMemory for tests, PostgreSQL for production)
SDK and test utilities: Plugin.Sdk for plugin authors, Plugin.Testing for deterministic test harnesses
Capability declarations: Plugins declare their capabilities; the host enforces capability restrictions at runtime

Dependencies

Upstream (this module depends on)

None (foundational library with no upstream module dependencies)

Downstream (modules that depend on this)

Integrations - Uses plugin framework for connector plugins (GitHub, GitLab, Harbor)
Scanner - Scanner analysis plugins
Policy - Policy evaluation plugins
Orchestrator - Worker plugins and task runner extensions

Integrations - Primary consumer of plugin framework
Scanner - Uses plugins for analysis extensibility

README.md