Plugins extend CortexPrism with new capabilities. They can add:
- Tools — new capabilities for agents (API calls, database queries, custom logic)
- UI Panels — new tabs and widgets in the Web UI
- CLI Commands — new
cortex <cmd>subcommands - LLM Providers — support for new AI providers
- Config Extensions — new settings sections and defaults
- Middleware — pre/post execution hooks that intercept all tool calls
- Event Listeners — subscribe to session, tool, LLM, and agent lifecycles
- Memory Backends — custom memory stores and embedding providers
| Kind | Description | Best For |
|---|---|---|
| ESM | JavaScript/TypeScript modules loaded via import() |
Most plugins — tools, UI, providers, middleware |
| MCP | Model Context Protocol servers (JSON-RPC) | Wrapping existing MCP servers as tools |
| WASM | WebAssembly modules (any language → WASM) | Performance-critical or multi-language plugins |
Each plugin moves through these states:
DISCOVERED → INSTALLED → LOADING → ACTIVE
↓
UNLOADING → REMOVED
Lifecycle hooks fire at each transition:
| Hook | Trigger |
|---|---|
onInstall |
Plugin manifest stored, files staged |
onLoad |
Module imported into memory |
onActivate |
Tools registered, providers bound, events subscribed |
onDeactivate |
Plugin begins disabling |
onUnload |
Module unloaded from memory |
onUninstall |
Database row deleted, files cleaned |
# Install from marketplace
cortex marketplace install plugins/slack-bot
# Install from URL
cortex plugins install https://example.com/my-plugin/manifest.json
# Install from local manifest
cortex plugins install ./my-plugin/manifest.json
# List installed plugins
cortex plugins list
# Enable/disable by plugin name
cortex plugins enable my-plugin
cortex plugins disable my-plugin
# Update plugins
cortex plugins update my-plugin
cortex plugins update --all
# Verify integrity
cortex plugins verify my-plugin
# Inspect permissions
cortex plugins permissions my-plugin
# Remove
cortex plugins remove my-plugin┌─────────────────────────────────────────────┐
│ PluginManager │
│ install / enable / disable / remove │
│ loadAll / emitToPlugins │
└──────────┬──────────────────────────────────┘
│
┌─────┴──────┐
│ Loader │
│ esm/mcp/wasm│
└─────┬──────┘
│
┌─────┴──────────────────┐
│ Plugin Module │
│ tools[] │──→ globalRegistry (ToolRegistry)
│ providers{} │──→ providerRegistry
│ lifecycle hooks │──→ called at state transitions
│ middleware │──→ wraps tool execution
└─────────────────────────┘
Plugins integrate at multiple levels:
- Agent loop — tools registered in
globalRegistryare available to all agents - Server — UI panels served as iframes, REST API for plugin management
- CLI — commands registered via
@cliffy/command - Event bus — plugins subscribe to and react to system events
- Config — settings stored in
~/.cortex/config.json, rendered as forms in Web UI
Plugin settings are stored in ~/.cortex/config.json under the plugins key:
{
"plugins": {
"my-plugin": {
"apiKey": "sk-...",
"maxRetries": 3,
"endpoint": "https://api.example.com"
}
}
}Settings are declared in the manifest ui.settings section and rendered as form fields in the Web UI. Plugin code accesses them via ctx.config.get<T>('key').
Plugins and their data are stored under ~/.cortex/data/plugins/:
~/.cortex/data/plugins/
├── <plugin-name>/
│ ├── esm/ # downloaded ESM source (remote installs)
│ ├── wasm/ # downloaded WASM binaries
│ ├── data/ # plugin-private data
│ └── state.json # persisted ctx.state values
All plugins declare required permissions via capabilities in their manifest. Three trust levels control sandboxing:
| Level | Sandbox | Permissions |
|---|---|---|
untrusted |
Worker sandbox | Limited to declared permissions |
signed |
Worker sandbox | Broader permissions based on signature |
trusted |
In-process | Full declared permissions |
Run cortex plugins permissions <name> to inspect declared, effective, and overridden permissions for any plugin.
| Document | Audience | Contents |
|---|---|---|
| Getting Started | Users | CLI commands, Web UI, configuration, plugin store, REST API |
| Developing Plugins | Developers | Project structure, entry point, extension points, lifecycle hooks, events, middleware, MCP/WASM guides, testing, debugging |
| Manifest Reference | Developers + LLMs | Complete manifest schema, all types/interfaces, PluginContext API, PluginEvents, database schema, trust levels |
| Best Practices | Developers | Design principles, error handling, input validation, per-kind guidance, testing, what to avoid |
| Publishing | Developers | Marketplace account setup, web/API submission, review process, version management, marketplace API |
| Submission Standards | Developers | Repository structure, versioning rules, AI disclosure requirements, submission checklist, marketplace review criteria |