Skip to content

[23] Plugin marketplace (search, install, verify) #52

Description

@rfunix

Problem

No way to discover or install community-contributed tools. The plugin architecture (item 15) needs a distribution mechanism.

Implementation Steps

  1. Create community plugin registry at `https://github.com/rfunix/tengu-plugins\`:
    • `index.json` with plugin metadata: name, version, author, description, install command, GPG fingerprint
  2. Add CLI subcommands to `src/tengu/cli.py`:
    • `tengu plugin search ` — Search index.json
    • `tengu plugin install ` — pip install + verify GPG signature
    • `tengu plugin list` — List installed plugins with versions
    • `tengu plugin remove ` — Uninstall plugin
  3. Plugin validation pipeline:
    • GPG signature verification against known-good fingerprints
    • Automated sandbox testing: install in ephemeral container, run `tengu check-tools`
  4. Add plugin commands to main `tengu` CLI entry point

Files to Modify

  • `src/tengu/cli.py` — Plugin subcommands
  • New: `src/tengu/plugins/marketplace.py` — Registry client

Dependencies

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:infraInfrastructure and Dockerarea:toolsPentesting tools wrapperseffort:XLExtra-large effort (> 4 weeks)priority:P2Normal priority

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions