1+ # Agent-Plugins-Platform Development Rules
2+
3+ ## Project Overview
4+ Agent-Plugins-Platform (APP) is a browser extension that enables Python plugin execution in browsers using Pyodide and MCP protocol. The project focuses on security, performance, and developer experience.
5+
6+ ## Architecture Patterns
7+
8+ ### Core Components
9+ - **Plugin Manager** (`core/plugin-manager.js`): Handles plugin lifecycle and coordination
10+ - **Host API** (`core/host-api.js`): Provides browser API access to Python
11+ - **Workflow Engine** (`core/workflow-engine.js`): Executes plugin workflows
12+ - **MCP Bridge** (`bridge/mcp-bridge.js`): JavaScript-Python communication
13+ - **Pyodide Worker** (`bridge/pyodide-worker.js`): Isolated Python execution
14+
15+ ### Plugin Structure
16+ ```
17+ public/plugins/plugin-name/
18+ ├── manifest.json # Plugin metadata and permissions
19+ ├── mcp_server.py # Python MCP protocol implementation
20+ ├── workflow.json # Plugin workflow definition
21+ └── icon.svg # Plugin icon
22+ ```
23+
24+ ### Communication Flow
25+ 1. UI → Plugin Manager → MCP Bridge → Pyodide Worker → Python Plugin
26+ 2. Python Plugin → Host API → Browser APIs
27+ 3. Results flow back through the same path
28+
29+ ## Development Guidelines
30+
31+ ### JavaScript/TypeScript
32+ - Use ES6+ features and modern async/await patterns
33+ - Follow modular architecture with clear separation of concerns
34+ - Implement proper error handling and logging
35+ - Use TypeScript for type safety where possible
36+ - Prefer functional programming patterns
37+
38+ ### Python (Plugins)
39+ - Follow MCP protocol standards for communication
40+ - Use async/await for all I/O operations
41+ - Implement proper error handling and validation
42+ - Keep plugins focused and single-purpose
43+ - Document plugin APIs and usage
44+
45+ ### Security First
46+ - Always validate plugin manifests and permissions
47+ - Sanitize all data passed between JS and Python
48+ - Implement proper sandboxing for plugin execution
49+ - Use principle of least privilege for API access
50+ - Audit plugin code for security issues
51+
52+ ### Performance Considerations
53+ - Lazy load plugins and Pyodide runtime
54+ - Implement caching for repeated operations
55+ - Monitor memory usage and cleanup resources
56+ - Optimize bundle size and loading times
57+ - Use WebWorkers for non-blocking operations
58+
59+ ## File Organization
60+
61+ ### Core Files
62+ - `manifest.json`: Extension configuration (Manifest V3)
63+ - `package.json`: Node.js dependencies and scripts
64+ - `vite.config.js`: Build configuration
65+ - `index.html`: Main application entry point
66+ - `test-harness.js`: Development testing interface
67+
68+ ### Plugin Development
69+ - Create plugins in `public/plugins/`
70+ - Follow naming convention: `plugin-name/`
71+ - Include complete plugin metadata in manifest.json
72+ - Implement MCP protocol in mcp_server.py
73+ - Define workflows in workflow.json
74+
75+ ### Build and Deploy
76+ - Use `npm run dev` for development
77+ - Use `npm run build` for production
78+ - Test extension in browser developer mode
79+ - Validate plugin security before distribution
80+
81+ ## Common Patterns
82+
83+ ### Plugin Manifest Structure
84+ ```json
85+ {
86+ "name": "Plugin Name",
87+ "version": "1.0.0",
88+ "description": "Plugin description",
89+ "main_server": "mcp_server.py",
90+ "host_permissions": ["*://*.example.com/*"],
91+ "permissions": ["activeTab", "scripting"]
92+ }
93+ ```
94+
95+ ### MCP Message Format
96+ ```javascript
97+ {
98+ "type": "request|response|notification",
99+ "id": "unique-message-id",
100+ "method": "function-name",
101+ "params": { /* parameters */ },
102+ "result": { /* result */ }
103+ }
104+ ```
105+
106+ ### Python Plugin Template
107+ ```python
108+ import sys
109+ import json
110+ from typing import Any, Dict
111+
112+ async def main():
113+ line = sys.stdin.readline()
114+ request = json.loads(line)
115+
116+ # Handle request
117+ result = await process_request(request)
118+
119+ # Send response
120+ response = {"result": result}
121+ sys.stdout.write(json.dumps(response) + '\n')
122+
123+ async def process_request(request: Dict[str, Any]) -> Dict[str, Any]:
124+ # Plugin logic here
125+ return {"status": "success"}
126+ ```
127+
128+ ## Testing Strategy
129+
130+ ### Unit Testing
131+ - Test individual components in isolation
132+ - Mock external dependencies
133+ - Validate error handling paths
134+ - Test security boundaries
135+
136+ ### Integration Testing
137+ - Test plugin loading and execution
138+ - Validate JS-Python communication
139+ - Test browser API integration
140+ - Verify permission enforcement
141+
142+ ### End-to-End Testing
143+ - Test complete plugin workflows
144+ - Validate user interactions
145+ - Test extension installation and updates
146+ - Verify cross-browser compatibility
147+
148+ ## Debugging Guidelines
149+
150+ ### JavaScript Debugging
151+ - Use browser DevTools for extension debugging
152+ - Add console.log for message flow tracking
153+ - Use breakpoints for complex logic
154+ - Monitor WebWorker communication
155+
156+ ### Python Debugging
157+ - Use print statements for basic debugging
158+ - Implement structured logging
159+ - Test plugins in isolation first
160+ - Use Pyodide console for runtime debugging
161+
162+ ### Common Issues
163+ - Pyodide startup time: Implement loading indicators
164+ - Memory leaks: Monitor worker lifecycle
165+ - Permission errors: Validate manifest permissions
166+ - Communication failures: Check MCP message format
167+
168+ ## Performance Optimization
169+
170+ ### Startup Optimization
171+ - Lazy load Pyodide runtime
172+ - Cache plugin manifests
173+ - Optimize bundle size
174+ - Use service worker caching
175+
176+ ### Runtime Optimization
177+ - Implement plugin result caching
178+ - Optimize memory usage
179+ - Use efficient data structures
180+ - Minimize cross-worker communication
181+
182+ ### Memory Management
183+ - Clean up WebWorker resources
184+ - Monitor memory usage
185+ - Implement garbage collection hints
186+ - Limit concurrent plugin execution
187+
188+ ## Security Best Practices
189+
190+ ### Plugin Validation
191+ - Validate plugin manifests
192+ - Check permission requirements
193+ - Scan for malicious code
194+ - Verify plugin signatures
195+
196+ ### Runtime Security
197+ - Enforce sandbox boundaries
198+ - Validate all inputs
199+ - Monitor plugin behavior
200+ - Implement rate limiting
201+
202+ ### Data Protection
203+ - Sanitize all user data
204+ - Encrypt sensitive information
205+ - Implement secure communication
206+ - Audit data access patterns
207+
208+ ## Documentation Standards
209+
210+ ### Code Documentation
211+ - Document all public APIs
212+ - Include usage examples
213+ - Explain security considerations
214+ - Provide troubleshooting guides
215+
216+ ### User Documentation
217+ - Create plugin development guide
218+ - Document installation process
219+ - Provide troubleshooting FAQ
220+ - Include security best practices
221+
222+ ### API Documentation
223+ - Document MCP protocol usage
224+ - Explain Host API capabilities
225+ - Provide plugin templates
226+ - Include performance guidelines
227+
228+ ## Deployment Considerations
229+
230+ ### Extension Distribution
231+ - Follow Chrome Web Store guidelines
232+ - Implement secure update mechanism
233+ - Provide clear privacy policy
234+ - Include user support channels
235+
236+ ### Plugin Distribution
237+ - Create plugin marketplace
238+ - Implement plugin validation
239+ - Provide version management
240+ - Include security scanning
241+
242+ ### Monitoring and Analytics
243+ - Track plugin usage patterns
244+ - Monitor performance metrics
245+ - Collect error reports
246+ - Analyze user feedback
247+
248+ ## Future Considerations
249+
250+ ### Scalability
251+ - Plan for plugin ecosystem growth
252+ - Design for concurrent execution
253+ - Consider distributed architecture
254+ - Plan for internationalization
255+
256+ ### Feature Roadmap
257+ - Enhanced plugin management
258+ - Advanced security features
259+ - Performance optimizations
260+ - Developer tooling improvements
261+
262+ ### Community Building
263+ - Foster plugin developer community
264+ - Create plugin templates
265+ - Provide developer support
266+ - Establish contribution guidelines
0 commit comments