Plugin System Guide
The XyPriss Plugin System is a modular, high-performance architecture designed to extend the framework's capabilities while maintaining strict security boundaries via the Capability-Based Security Model.
Plugin Management Pipeline
Specialized sub-modules handle discovery, validation, and execution.
Enforces contract verification and restricted server access for every plugin.
Core Architecture
Unlike monolithic plugin systems, XyPriss decomposes management into specialized sub-modules that work in harmony:
Plugin Loader
Handles dynamic discovery and initialization of plugins from configuration and files.
Plugin Registry
Manages global registration state and ensures unique naming and correct execution order.
Plugin Security
Enforces contract verification and creates the Restricted Server Proxy for isolation.
Hook Runner
Orchestrates the execution of lifecycle and functional hooks across registered plugins.
Plugin Interceptor
Powers the custom middleware and request/response interception logic within the pipeline.
Contract Security Verification
Every plugin is subject to automated contract verification. XyPriss detects the origin of every loading request to prevent unauthorized or hidden module activation.
Performance Optimization
The system uses Phase-Based Execution to categorize plugins by their functional intent (e.g., SECURITY, NETWORK, CACHE), ensuring microsecond-level overhead.
Security Model: The Restricted Server
To prevent plugins from accidentally or maliciously compromising the core framework, XyPriss does not provide direct access to the app instance. Instead, each plugin receives a PluginServer proxy.
app Protection
The app object in the plugin context only exposes a subset of safe methods (get, post, use, etc.).
Immutability Enforcement
Plugins cannot add, delete, or modify properties on the global application instance.
Zero-Trust Integrity Layer
In the G3 architecture, the security model is extended with a mandatory Zero-Trust integrity layer that validates every byte of code. For a complete implementation guide, see the usage tutorial.
Complete Usage Tutorial
Learn how to install, trust, and authorize plugins using XFPM and the Capability-Based model.
Identity Attribution: Signed by authorized Developer IDs (Ed25519).
Portable Integrity: SHA-256 validation via
xypriss.plugin.xsigmanifest.
Plugin Lifecycle
Plugins follow a strict, deterministic sequence of events managed by the PluginHookRunner. For detailed technical specifications, see the .
onRegisteronServerStartonServerReadyonServerStopLearn how to configure security capabilities and grant explicit access to protected APIs.