Skip to content

ToDealMarket/tdm-plugins

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TDM Plugins

TDM Plugins

Official and Community Plugin Catalog for TDM DaOS

License: MIT GitHub stars TypeScript

Official and community plugin catalog for the ToDealMarket DaOS ecosystem.

DocumentationTDM SDKGitHubX/Twitter

████████╗ ██████╗  ███╗   ███╗
╚══██╔══╝ ██╔══██╗ ████╗ ████║
   ██║    ██║  ██║ ██╔████╔██║
   ██║    ██║  ██║ ██║╚██╔╝██║
   ██║    ██████╔╝ ██║ ╚═╝ ██║
   ╚═╝    ╚═════╝  ╚═╝     ╚═╝

TDM Plugins [V0.1.0]
Official and Community Plugin Catalog
Mode: local-first | Docs: todealmarket.com/docs

TDM plugins extend autonomous contours with typed intents, sandboxed runtime capabilities, connector permissions, and Hub catalog metadata. This repository is the source used by the TDM Hub website, local SDK Dashboard, and SDK tooling.

What This Repo Provides

  • catalog.json - public Hub catalog index consumed by Hub APIs and Dashboard UI.
  • plugins/<id>/tdm-plugin.json - runtime manifest used by CLI/dashboard install.
  • plugins/<id>/dist/*.wasm - WASM runtime artifact for approved public plugins.
  • plugins/<id>/tdm-plugin.lock.json - pinned manifest/artifact integrity record.
  • plugins/<id>/sbom.cdx.json - CycloneDX SBOM for security review.
  • schemas/plugin.schema.json - Hub catalog item schema.
  • scripts/validate-catalog.mjs - local and CI validation without external deps.

Hub Governance Contract

Every catalog entry must declare governance. Hub, Dashboard, SDK, and MCP use this metadata to group packages, preview install plans, and stop the catalog from becoming an unreviewed dump of disconnected entries.

Required fields:

  • family: baseline, language, framework, capability, locale, security, finance, agent, or other
  • targets: one or more of global, workspace, contour, agent, dashboard, or mcp
  • dependencies: other Hub item ids required before this item is useful
  • cost: light, medium, or heavy
  • stability: experimental, beta, or stable

Optional fields:

  • packageId: groups plugins and skills into one installable Hub package
  • profile: groups an operator-facing setup profile such as operator, analyst, or community

Validation rejects self-dependencies and dependencies that are not present in the unified Hub catalog. Paid or remote-source entries are not installed in one blind step: the SDK Dashboard first shows an install plan with checkout, source, security, dependency, and local registration operations.

Install And Validate

npm run release:check

This command regenerates deterministic pre-release artifacts and validates:

  • catalog shape and unique ids;
  • manifest path existence;
  • manifest id/version alignment;
  • WASM artifact existence;
  • WASM exports required by tdm-wasi-ipc-v1;
  • manifest/catalog/artifact checksum consistency;
  • SBOM and lock-file presence;
  • blocked wildcard permissions;
  • approved plugins use WASM runtime.

Repository Layout

tdm-plugins/
├── catalog.json
├── plugins/
│   ├── tdm-gateway/
│   │   ├── tdm-plugin.json
│   │   ├── tdm-plugin.lock.json
│   │   ├── sbom.cdx.json
│   │   └── dist/tdm-gateway.wasm
│   └── tdm-mcp-server/
├── schemas/plugin.schema.json
├── scripts/
│   ├── prepare-artifacts.mjs
│   └── validate-catalog.mjs
└── docs/

Plugin Connector Contract

A TDM connector plugin exposes one or more intents and requests the smallest permission set needed to execute them.

The sandbox loads WebAssembly as a WASI Preview1 reactor with an empty capability set: no args, no env, and no preopened directories. The host also enforces a deterministic WASI import allowlist; broad filesystem, fd, process, socket, and unknown host imports are rejected before instantiation. A runtime artifact must export:

  • memory
  • tdm_alloc(size) -> ptr
  • tdm_free(ptr, size)
  • tdm_plugin_execute_intent(ptr, len) -> ptr

tdm_plugin_execute_intent receives a JSON-RPC request in memory and returns a pointer to [u32 little-endian json_length][json response bytes]. Ownership is explicit:

  • the host calls plugin tdm_alloc(request_len), writes the request, and calls tdm_free(request_ptr, request_len) after execution;
  • the plugin owns the response buffer until it returns the pointer;
  • after parsing, the host calls tdm_free(response_ptr, response_len + 4) exactly once;
  • the response buffer must not overlap the host-owned request buffer.

The response JSON body is capped at 1 MiB. The JSON response must contain a Contour status such as completed, blocked, challenge-required, suspended, or failed. output, when present, must be a JSON object. Unknown top-level result fields are ignored by the host.

Required Runtime Manifest

plugins/<id>/tdm-plugin.json

{
  "id": "my-plugin",
  "name": "My Plugin",
  "version": "1.0.0",
  "publisher": "Your Company",
  "entry": "./dist/my-plugin.wasm",
  "runtime": {
    "type": "wasm",
    "module": "./dist/my-plugin.wasm",
    "abi": "tdm-wasi-ipc-v1"
  },
  "supportedIntents": ["my.plugin.intent"],
  "permissions": ["network:https"],
  "checksum": "sha256:<artifact-digest>"
}

Required Catalog Entry

catalog.json

{
  "id": "my-plugin",
  "type": "plugin",
  "name": "My Plugin",
  "publisher": "Your Company",
  "description": "Short catalog description.",
  "version": "1.0.0",
  "category": "Infrastructure",
  "tags": ["connector"],
  "verified": false,
  "featured": false,
  "complexity": "intermediate",
  "ratings": {
    "averageScore": 0,
    "totalReviews": 0,
    "distribution": [0, 0, 0, 0, 0]
  },
  "pricing": {
    "mode": "free",
    "amountUsd": 0,
    "currency": "USD",
    "billingCycle": "one-time"
  },
  "access": { "unlockRequired": false },
  "governance": {
    "family": "finance",
    "targets": ["workspace", "contour"],
    "dependencies": [],
    "cost": "medium",
    "stability": "beta",
    "packageId": "payments",
    "profile": "operator"
  },
  "security": {
    "reviewStatus": "pending_review",
    "provenance": "community",
    "checksum": "sha256:<artifact-digest>",
    "signedManifestUrl": "https://raw.githubusercontent.com/ToDealMarket/tdm-plugins/main/plugins/my-plugin/tdm-plugin.lock.json",
    "sbomUrl": "https://raw.githubusercontent.com/ToDealMarket/tdm-plugins/main/plugins/my-plugin/sbom.cdx.json",
    "anchor": {
      "chain": "solana",
      "kind": "transaction",
      "transaction": "<optional-anchor-signature>",
      "encoding": "memo-json",
      "expectedPluginId": "my-plugin"
    },
    "scorecard": {
      "score": 0,
      "checkedAt": "2026-05-14T00:00:00.000Z"
    }
  },
  "plugin": {
    "supportedIntents": ["my.plugin.intent"],
    "permissions": ["network:https"],
    "runtime": {
      "type": "wasm",
      "module": "./dist/my-plugin.wasm",
      "abi": "tdm-wasi-ipc-v1"
    },
    "install": {
      "type": "git",
      "source": "https://github.com/ToDealMarket/tdm-plugins.git",
      "manifestPath": "plugins/my-plugin/tdm-plugin.json",
      "checksum": "sha256:<artifact-digest>"
    }
  }
}

Pricing modes are standardized across plugins and skills:

  • free
  • paid
  • freemium
  • subscription with billingCycle set to monthly or annual

New public entries start with zeroed ratings; Hub review submissions and the ratings API update aggregate scores separately from runtime manifests.

Intent Standard

Intent names must be stable, lowercase, and namespaced:

publisher.domain.action
tdm.balance
tdm.authorize
mycompany.crm.lookup
mycompany.payments.refund

Rules:

  • no wildcard * intents;
  • no changing semantics for an existing intent without a major version bump;
  • every intent must document input, output, failure modes, and cost/risk class;
  • intents that can move money, write data, or trigger external effects must require operator confirmation unless explicitly first-party approved.

Permission Standard

Allowed examples:

  • network:https - outbound HTTPS through the TDM network broker;
  • vault:read - read non-secret vault metadata only: wallet binding ids, labels, chain names, public addresses, readiness status, and policy limits. It never returns seed phrases, private keys, bearer tokens, TOTP secrets, raw signing payloads, or decrypted credential material.
  • analytics:send - send non-secret telemetry;
  • context:read - read contour context passed by the operator;
  • tools:execute - call approved MCP/tool bridge operations.

Blocked for catalog auto-approval:

  • *
  • network:*
  • filesystem:*
  • secret:read
  • secret:read:*
  • secrets:read
  • wallet:sign:*
  • process:spawn

Security And Review Flow

  1. Add plugin manifest, WASM artifact, SBOM, lock file, and catalog entry.
  2. Run npm run release:check.
  3. Submit PR with the generated validation output.
  4. Automated CI validates catalog integrity.
  5. Reviewers inspect permissions, intent semantics, SBOM, and runtime behavior.
  6. Only after approval can security.reviewStatus become approved.

Trust levels:

  • first_party - maintained by ToDealMarket core team.
  • verified_publisher - partner publisher with signed releases.
  • community - public submission, sandboxed and manually approved.
  • unknown - untrusted metadata; UI must not auto-launch.

Catalog authenticity:

  • Remote catalog URLs must be pinned with #sha256=<64-hex> or the matching TDM_HUB_CATALOG_SHA256 entry.
  • Remote catalogs must include an Ed25519 signature or signatures[] envelope over the canonical JSON with the signature fields removed.
  • security.anchor is optional. When present, SDK and Dashboard resolve the Solana/Base anchor and show a chain badge; chain price/resource id overrides GitHub catalog metadata when the chain value is higher or more specific.

Website And Dashboard Flow

The Hub website is the public search and install showcase. Publishing, ratings, paid access checks, signatures, optional chain anchors, and catalog mutations happen from the local SDK Dashboard after install, not from a public website form. After a user unlocks or installs a plugin:

  1. show manifest, permissions, checksum, SBOM, and trust level;
  2. install into the local registry;
  3. keep the plugin sandboxed;
  4. require explicit operator confirmation before first launch;
  5. never auto-run plugin code immediately after payment or unlock.

In local SDK development the dashboard can also create a PR-ready submission:

  1. install the SDK with npm install -g tdm-sdk and open Dashboard with tdm;
  2. the SDK writes plugins/<id>/tdm-plugin.json, dist/<id>.wasm, SBOM, lock file, source scaffold, and a pending_review catalog entry;
  3. publish signed JSON with tdm plugin publish ./tdm-plugin.json;
  4. optionally anchor with tdm plugin publish ./tdm-plugin.json --anchor;
  5. npm run release:check verifies checksums and WASM exports;
  6. the developer opens a PR for security review.

Local SDK Development

tdm-sdk-private can load this catalog together with tdm-skills:

cd ../tdm-sdk-private
npm run dev:setup-dashboard

The dev script sets TDM_HUB_CATALOG_URLS to both local catalogs. It also sets TDM_PLUGINS_REPO_DIR and TDM_SKILLS_REPO_DIR, so dashboard submission forms write to the same source-of-truth repositories the Hub reads.

Pre-Release Gate

Before public release, every approved plugin must have:

  • valid WASM artifact;
  • real artifact checksum;
  • lock file;
  • SBOM;
  • signed release metadata;
  • documented intents;
  • minimal permissions;
  • install path verified by dashboard and CLI;
  • no auto-run after unlock.

About

WASM plugin catalog for TDM DaOS Contour Runtime typed intents, permission sets, governance contracts, and blockchain-anchored provenance

Topics

Resources

License

Contributing

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors