Plugins
The plugin workflow is an intentional extension beyond the upstream daemon surface.
The goal is not “arbitrary user code everywhere.” The goal is a narrow, observable, fast byte-path extension model that can support policy and traffic inspection without turning the daemon into a black box.
Current properties
Section titled “Current properties”- in-process
- trait-based
- explicit attachment and subscription rules
- fail-open / fail-closed behavior
- inspect-byte limits
- bounded async export queueing
- JSONL export
- live Unix-socket export
/statscounters for observed, blocked, skipped, and error decisions
Related audit/export surface for transport and daemon-socket bytes:
- JSONL export
- Unix-socket collector export
/statscounters for ingress/egress event counts and sink failures
Current built-in plugin
Section titled “Current built-in plugin”ai-prompt-injection-filter
Performance discipline
Section titled “Performance discipline”The plugin path is already benchmarked and gated.
Current enforced regression checks:
just bench-plugin-budgetjust bench-control-plane-budgetThe normal pass-through path remains zero-copy for unchanged payloads. Plugins
inspect borrowed bytes, and the runtime continues by cloning Bytes handles
instead of re-materializing payload buffers.
Current limits
Section titled “Current limits”Runtime-loaded third-party plugins are still future work. The current model is focused on built-in or tightly controlled in-process plugins with explicit failure and export behavior.