Skip to content

[Tier 3] Add tool plugin manifest system #17

Description

@justsml

Problem

Adding a new security tool requires editing source files in at least 3 places: src/mastra/tools/, src/lib/tools/catalog.ts, and potentially the Render JSON catalog. There is no config-driven or plugin-based registration. This prevents community contributions and makes the core codebase a bottleneck.

Goal

Design and implement a tool plugin manifest system where new tools can be registered via configuration without modifying core source files.

Acceptance Criteria

  • Design a tool manifest schema (JSON or TypeScript) that defines:
    • Tool name, description, input schema (Zod)
    • Approval gate requirements
    • Target scope rules
    • Network profile restrictions
    • Output format and artifact type
  • Create src/mastra/tools/registry.ts that loads manifests from a tools/ directory or config file
  • Support built-in tools (current) and external/community tools (new)
  • Validate manifests at startup and report errors clearly
  • Update selectSecurityResearchTools to use the registry instead of hardcoded imports
  • Document the manifest format in docs/tool-plugin-manifest.md
  • Provide an example community tool manifest
  • Ensure backward compatibility with existing hardcoded tools

Context

  • src/lib/tools/catalog.ts defines a closed union of tool names
  • src/mastra/tools/ has individual tool definitions
  • The Render JSON catalog in src/lib/render-json/security-research-catalog.ts may need to reference tool outputs

Labels

dx, tier-3-virality-polish, help wanted

Metadata

Metadata

Assignees

No one assigned

    Labels

    dxDeveloper experiencehelp wantedExtra attention is neededtier-3-virality-polishOngoing polish for viral adoption

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions