Official and Community Plugin Catalog for TDM DaOS
Official and community plugin catalog for the ToDealMarket DaOS ecosystem.
Documentation • TDM SDK • GitHub • X/Twitter
████████╗ ██████╗ ███╗ ███╗ ╚══██╔══╝ ██╔══██╗ ████╗ ████║ ██║ ██║ ██║ ██╔████╔██║ ██║ ██║ ██║ ██║╚██╔╝██║ ██║ ██████╔╝ ██║ ╚═╝ ██║ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ TDM Plugins [V0.1.0] Official and Community Plugin Catalog Mode: local-first | Docs: todealmarket.com/docs
TDM plugins extend autonomous contours with typed intents, sandboxed runtime capabilities, connector permissions, and Hub catalog metadata. This repository is the source used by the TDM Hub website, local SDK Dashboard, and SDK tooling.
catalog.json- public Hub catalog index consumed by Hub APIs and Dashboard UI.plugins/<id>/tdm-plugin.json- runtime manifest used by CLI/dashboard install.plugins/<id>/dist/*.wasm- WASM runtime artifact for approved public plugins.plugins/<id>/tdm-plugin.lock.json- pinned manifest/artifact integrity record.plugins/<id>/sbom.cdx.json- CycloneDX SBOM for security review.schemas/plugin.schema.json- Hub catalog item schema.scripts/validate-catalog.mjs- local and CI validation without external deps.
Every catalog entry must declare governance. Hub, Dashboard, SDK, and MCP use
this metadata to group packages, preview install plans, and stop the catalog
from becoming an unreviewed dump of disconnected entries.
Required fields:
family:baseline,language,framework,capability,locale,security,finance,agent, orothertargets: one or more ofglobal,workspace,contour,agent,dashboard, ormcpdependencies: other Hub item ids required before this item is usefulcost:light,medium, orheavystability:experimental,beta, orstable
Optional fields:
packageId: groups plugins and skills into one installable Hub packageprofile: groups an operator-facing setup profile such asoperator,analyst, orcommunity
Validation rejects self-dependencies and dependencies that are not present in the unified Hub catalog. Paid or remote-source entries are not installed in one blind step: the SDK Dashboard first shows an install plan with checkout, source, security, dependency, and local registration operations.
npm run release:checkThis command regenerates deterministic pre-release artifacts and validates:
- catalog shape and unique ids;
- manifest path existence;
- manifest id/version alignment;
- WASM artifact existence;
- WASM exports required by
tdm-wasi-ipc-v1; - manifest/catalog/artifact checksum consistency;
- SBOM and lock-file presence;
- blocked wildcard permissions;
- approved plugins use WASM runtime.
tdm-plugins/
├── catalog.json
├── plugins/
│ ├── tdm-gateway/
│ │ ├── tdm-plugin.json
│ │ ├── tdm-plugin.lock.json
│ │ ├── sbom.cdx.json
│ │ └── dist/tdm-gateway.wasm
│ └── tdm-mcp-server/
├── schemas/plugin.schema.json
├── scripts/
│ ├── prepare-artifacts.mjs
│ └── validate-catalog.mjs
└── docs/
A TDM connector plugin exposes one or more intents and requests the smallest permission set needed to execute them.
The sandbox loads WebAssembly as a WASI Preview1 reactor with an empty capability set: no args, no env, and no preopened directories. The host also enforces a deterministic WASI import allowlist; broad filesystem, fd, process, socket, and unknown host imports are rejected before instantiation. A runtime artifact must export:
memorytdm_alloc(size) -> ptrtdm_free(ptr, size)tdm_plugin_execute_intent(ptr, len) -> ptr
tdm_plugin_execute_intent receives a JSON-RPC request in memory and returns a
pointer to [u32 little-endian json_length][json response bytes]. Ownership is
explicit:
- the host calls plugin
tdm_alloc(request_len), writes the request, and callstdm_free(request_ptr, request_len)after execution; - the plugin owns the response buffer until it returns the pointer;
- after parsing, the host calls
tdm_free(response_ptr, response_len + 4)exactly once; - the response buffer must not overlap the host-owned request buffer.
The response JSON body is capped at 1 MiB. The JSON response must contain a
Contour status such as completed, blocked, challenge-required, suspended,
or failed. output, when present, must be a JSON object. Unknown top-level
result fields are ignored by the host.
plugins/<id>/tdm-plugin.json
{
"id": "my-plugin",
"name": "My Plugin",
"version": "1.0.0",
"publisher": "Your Company",
"entry": "./dist/my-plugin.wasm",
"runtime": {
"type": "wasm",
"module": "./dist/my-plugin.wasm",
"abi": "tdm-wasi-ipc-v1"
},
"supportedIntents": ["my.plugin.intent"],
"permissions": ["network:https"],
"checksum": "sha256:<artifact-digest>"
}catalog.json
{
"id": "my-plugin",
"type": "plugin",
"name": "My Plugin",
"publisher": "Your Company",
"description": "Short catalog description.",
"version": "1.0.0",
"category": "Infrastructure",
"tags": ["connector"],
"verified": false,
"featured": false,
"complexity": "intermediate",
"ratings": {
"averageScore": 0,
"totalReviews": 0,
"distribution": [0, 0, 0, 0, 0]
},
"pricing": {
"mode": "free",
"amountUsd": 0,
"currency": "USD",
"billingCycle": "one-time"
},
"access": { "unlockRequired": false },
"governance": {
"family": "finance",
"targets": ["workspace", "contour"],
"dependencies": [],
"cost": "medium",
"stability": "beta",
"packageId": "payments",
"profile": "operator"
},
"security": {
"reviewStatus": "pending_review",
"provenance": "community",
"checksum": "sha256:<artifact-digest>",
"signedManifestUrl": "https://raw.githubusercontent.com/ToDealMarket/tdm-plugins/main/plugins/my-plugin/tdm-plugin.lock.json",
"sbomUrl": "https://raw.githubusercontent.com/ToDealMarket/tdm-plugins/main/plugins/my-plugin/sbom.cdx.json",
"anchor": {
"chain": "solana",
"kind": "transaction",
"transaction": "<optional-anchor-signature>",
"encoding": "memo-json",
"expectedPluginId": "my-plugin"
},
"scorecard": {
"score": 0,
"checkedAt": "2026-05-14T00:00:00.000Z"
}
},
"plugin": {
"supportedIntents": ["my.plugin.intent"],
"permissions": ["network:https"],
"runtime": {
"type": "wasm",
"module": "./dist/my-plugin.wasm",
"abi": "tdm-wasi-ipc-v1"
},
"install": {
"type": "git",
"source": "https://github.com/ToDealMarket/tdm-plugins.git",
"manifestPath": "plugins/my-plugin/tdm-plugin.json",
"checksum": "sha256:<artifact-digest>"
}
}
}Pricing modes are standardized across plugins and skills:
freepaidfreemiumsubscriptionwithbillingCycleset tomonthlyorannual
New public entries start with zeroed ratings; Hub review submissions and the
ratings API update aggregate scores separately from runtime manifests.
Intent names must be stable, lowercase, and namespaced:
publisher.domain.action
tdm.balance
tdm.authorize
mycompany.crm.lookup
mycompany.payments.refund
Rules:
- no wildcard
*intents; - no changing semantics for an existing intent without a major version bump;
- every intent must document input, output, failure modes, and cost/risk class;
- intents that can move money, write data, or trigger external effects must require operator confirmation unless explicitly first-party approved.
Allowed examples:
network:https- outbound HTTPS through the TDM network broker;vault:read- read non-secret vault metadata only: wallet binding ids, labels, chain names, public addresses, readiness status, and policy limits. It never returns seed phrases, private keys, bearer tokens, TOTP secrets, raw signing payloads, or decrypted credential material.analytics:send- send non-secret telemetry;context:read- read contour context passed by the operator;tools:execute- call approved MCP/tool bridge operations.
Blocked for catalog auto-approval:
*network:*filesystem:*secret:readsecret:read:*secrets:readwallet:sign:*process:spawn
- Add plugin manifest, WASM artifact, SBOM, lock file, and catalog entry.
- Run
npm run release:check. - Submit PR with the generated validation output.
- Automated CI validates catalog integrity.
- Reviewers inspect permissions, intent semantics, SBOM, and runtime behavior.
- Only after approval can
security.reviewStatusbecomeapproved.
Trust levels:
first_party- maintained by ToDealMarket core team.verified_publisher- partner publisher with signed releases.community- public submission, sandboxed and manually approved.unknown- untrusted metadata; UI must not auto-launch.
Catalog authenticity:
- Remote catalog URLs must be pinned with
#sha256=<64-hex>or the matchingTDM_HUB_CATALOG_SHA256entry. - Remote catalogs must include an Ed25519
signatureorsignatures[]envelope over the canonical JSON with the signature fields removed. security.anchoris optional. When present, SDK and Dashboard resolve the Solana/Base anchor and show a chain badge; chain price/resource id overrides GitHub catalog metadata when the chain value is higher or more specific.
The Hub website is the public search and install showcase. Publishing, ratings, paid access checks, signatures, optional chain anchors, and catalog mutations happen from the local SDK Dashboard after install, not from a public website form. After a user unlocks or installs a plugin:
- show manifest, permissions, checksum, SBOM, and trust level;
- install into the local registry;
- keep the plugin sandboxed;
- require explicit operator confirmation before first launch;
- never auto-run plugin code immediately after payment or unlock.
In local SDK development the dashboard can also create a PR-ready submission:
- install the SDK with
npm install -g tdm-sdkand open Dashboard withtdm; - the SDK writes
plugins/<id>/tdm-plugin.json,dist/<id>.wasm, SBOM, lock file, source scaffold, and apending_reviewcatalog entry; - publish signed JSON with
tdm plugin publish ./tdm-plugin.json; - optionally anchor with
tdm plugin publish ./tdm-plugin.json --anchor; npm run release:checkverifies checksums and WASM exports;- the developer opens a PR for security review.
tdm-sdk-private can load this catalog together with tdm-skills:
cd ../tdm-sdk-private
npm run dev:setup-dashboardThe dev script sets TDM_HUB_CATALOG_URLS to both local catalogs.
It also sets TDM_PLUGINS_REPO_DIR and TDM_SKILLS_REPO_DIR, so dashboard
submission forms write to the same source-of-truth repositories the Hub reads.
Before public release, every approved plugin must have:
- valid WASM artifact;
- real artifact checksum;
- lock file;
- SBOM;
- signed release metadata;
- documented intents;
- minimal permissions;
- install path verified by dashboard and CLI;
- no auto-run after unlock.