The plugins module composes plugin lifecycle orchestration, manifest/security validation, hot-plug monitoring, health/metrics reporting, and remote repository integration into a bounded extension subsystem for ThemisDB.
- Lifecycle and registry plane
- plugin load/unload/reload orchestration
- plugin registration and capability/edition gating
- Security and validation plane
- manifest parsing and signature verification
- capability validation and runtime compatibility checks
- Monitoring and integration plane
- plugin metrics, health monitoring, and hot-plug behavior
- OCI/rpc and WASM-related integration surfaces
| Contract | Behavior |
|---|---|
| lifecycle contract | deterministic plugin state transitions and rollback behavior |
| security contract | explicit manifest/signature/capability enforcement |
| monitoring contract | bounded health and metrics reporting behavior |
| integration contract | deterministic repository/rpc/runtime integration behavior |
- invalid manifest/signature/capability input fails with explicit outcomes.
- reload failures preserve deterministic fallback behavior.
- unavailable integrations are surfaced as explicit errors.
- Verified files:
- src/plugins/plugin_manager.cpp
- src/plugins/plugin_registry.cpp
- src/plugins/plugin_hot_plug_monitor.cpp
- src/plugins/plugin_health_monitor.cpp
- src/plugins/signed_plugin_repository.cpp
- src/plugins/oci_registry_client.cpp
- Verified architecture claims:
- explicit lifecycle/security/monitoring/integration planes
- deterministic failure boundaries across plugin workflows
- module-local ownership of plugin orchestration behavior