Skip to content

feat: add plugin system#464

Open
DioCrafts wants to merge 2 commits intokite-org:mainfrom
DioCrafts:feat/plugin-system
Open

feat: add plugin system#464
DioCrafts wants to merge 2 commits intokite-org:mainfrom
DioCrafts:feat/plugin-system

Conversation

@DioCrafts
Copy link
Copy Markdown
Contributor

@DioCrafts DioCrafts commented Mar 29, 2026
edited
Loading

feat: Plugin System

Extend Kite with your own routes, AI tools, resource handlers, and frontend pages — without touching core code.

image

Summary

This PR introduces a first-class plugin system for Kite. Plugins are independent Go binaries that communicate with the host over gRPC via stdio (HashiCorp go-plugin). Each plugin can contribute:

  • HTTP routes mounted under /api/v1/plugins/<name>/
  • AI tools injected into Kite's AI agent
  • Custom resource types with full CRUD via ResourceHandler
  • Frontend pages loaded at runtime via Module Federation
  • Sidebar entries and settings panels in the Kite UI

Everything is hardened with per-plugin permission enforcement, rate limiting, audit logging, and dependency resolution — so plugins are safe to install and easy to trust.

Architecture

┌─────────────────────────────────────────────────────┐
│                     Kite Host                       │
│                                                     │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────┐   │
│  │PluginManager │  │  Permission  │  │  Rate    │   │
│  │load/reload/  │  │  Enforcer    │  │ Limiter  │   │
│  │enable/disable│  │HTTP→K8s verb │  │token bkt │   │
│  └──────┬───────┘  └──────────────┘  └──────────┘   │
│         │ stdio/gRPC                                │
└─────────┼───────────────────────────────────────────┘
          │
  ┌───────▼────────┐     ┌─────────────────────────┐
  │ Plugin Process │     │   Browser (React)       │
  │                │     │                         │
  │  KitePlugin    │     │  Module Federation      │
  │  impl (Go)     │     │  shared: React 19       │
  │                │     │  react-router-dom 7     │
  └────────────────┘     │  @tanstack/react-query 5│
                         └─────────────────────────┘

Load sequence on startup

  1. Scan KITE_PLUGIN_DIR (./plugins/ by default)
  2. Validate manifests and resolve topological load order (Kahn's algorithm + semver)
  3. Start each plugin binary as a subprocess — gRPC over stdio, no network socket
  4. Register permissions, rate-limit buckets, AI tools, resource handlers
  5. Mount plugin routes and broadcast cluster state

What's included

Backend (pkg/plugin/)

Component Description
interface.go KitePlugin interface — RegisterRoutes, RegisterAITools, RegisterResourceHandlers, OnClusterEvent, Shutdown
manager.go Loads, reloads, enables/disables plugins; state machine (loaded / failed / disabled / stopped)
permission.go PermissionEnforcer — declares allowed resources+verbs per plugin, maps HTTP methods to K8s verbs
ratelimit.go Per-plugin token bucket; burst capacity = 2× sustained rate; returns 429 when exceeded
dependency.go Kahn's topological sort with blang/semver constraints and cycle detection
audit.go Writes every plugin operation to ResourceHistory (plugin, plugin_tool, plugin_resource)
proxy.go HTTP→gRPC bridge: permission check → rate limit → forward to plugin process
ai_tool.go AIToolDefinition, AIToolExecutor, AIToolAuthorizer — tools are registered as plugin_<name>_<tool>
sdk/sdk.go Serve(), BasePlugin (no-op defaults), NewAITool(), NewAIToolFull(), Logger()

Frontend (ui/plugin-sdk/)

Export Description
useKiteCluster() Current cluster, all clusters, loading state
useKiteApi() Authenticated Kite API client
usePluginApi(name) Scoped client — all requests prefixed /api/v1/plugins/<name>/
KitePluginPage Layout wrapper matching Kite's native page style
definePluginFederation() Vite build helper — externalizes react, react-dom, react-router-dom, @tanstack/react-query

REST API

Public (auth required):

GET  /api/v1/plugins/                    → list plugins (name, version, state)
GET  /api/v1/plugins/manifests           → frontend manifests for loaded plugins
POST /api/v1/plugins/tools/:toolName     → execute AI tool directly
ANY  /api/v1/plugins/:name/*path         → HTTP proxy to plugin process

Admin only:

GET  /api/v1/admin/plugins/              → full list (permissions, settings)
GET  /api/v1/admin/plugins/:name/settings
PUT  /api/v1/admin/plugins/:name/settings
POST /api/v1/admin/plugins/:name/enable  → { "enabled": false }
POST /api/v1/admin/plugins/:name/reload  → hot-reload without restarting Kite

CLI (cmd/kite-plugin)

kite-plugin init my-plugin --with-frontend   # scaffold
kite-plugin build                            # go build + pnpm build
kite-plugin validate                         # check manifest + required files
kite-plugin package                          # → my-plugin-1.0.0.tar.gz

Documentation (docs/)

  • docs/guide/plugins.md — full guide: quick start, architecture, all API interfaces, security model, manifest schema, frontend SDK, CLI reference, REST API reference, examples
  • docs/config/env.md — added KITE_PLUGIN_DIR env var
  • docs/faq.md — plugin troubleshooting section (failed state, Module Federation errors)
  • docs/.vitepress/config.mts — added "Plugin System" to sidebar nav

Why

Kite users increasingly need to add domain-specific tooling — cost analysis, backup management, custom alerting — without forking the project. Today the only option is to patch core code, which makes upgrades painful.

A plugin system solves this by giving teams a stable, versioned API surface to build against. The gRPC + stdio model means plugins can't interfere with each other or with the host even if they crash.

Validation

  • 57 Go testspkg/plugin/ unit tests + integration test with a real plugin subprocess
  • 74 frontend tests — plugin loader, plugin route rendering, error boundary
  • E2E (e2e/specs/plugin-system.spec.ts) — verifies list, proxy, and admin endpoints against a live cluster
  • Minikube deploy — deployed kite:local image, confirmed GET /api/v1/plugins/manifests200 [], proxy to unknown plugin → 404, bad tool name → 400

Checklist

  • I reviewed this PR myself before requesting review.
  • I understand the changes, including AI-generated parts (if any).
  • For new features, a feature request issue is linked.
  • I cleaned up AI noise (unnecessary comments, dead code, and unrelated changes).
  • This PR is reasonably scoped (or split into smaller PRs).

Related issue

Closes #

Diocrafts added 2 commits March 29, 2026 23:26
feat: add plugin system
26f70f8 
- Add plugin architecture with gRPC process isolation (HashiCorp go-plugin)
- Add PluginManager with lifecycle management (load/reload/enable/disable)
- Add PermissionEnforcer with HTTP method to K8s verb mapping
- Add token-bucket rate limiter (burst = 2x sustained rate)
- Add topological dependency resolver with semver constraints
- Add audit logging to ResourceHistory table
- Add AI tool integration (plugin_name_tool naming convention)
- Add ResourceHandler interface for custom resource types
- Add Module Federation frontend loading with shared React 19 scope
- Add Go plugin SDK (sdk.Serve, BasePlugin, NewAITool, Logger)
- Add TypeScript plugin SDK (useKiteCluster, useKiteApi, usePluginApi, KitePluginPage, definePluginFederation)
- Add kite-plugin CLI (init, build, validate, package)
- Add plugin REST API (public + admin endpoints)
- Add plugin E2E tests
- Add comprehensive plugin system documentation
feat(plugins): add UI injection slots, Plugin Catalog UI, and install…
eebfae0 
…/uninstall API
@DioCrafts
Copy link
Copy Markdown
Contributor Author

DioCrafts commented Apr 8, 2026

Hey Buddy @zxh326 did you check if you like this plugin system?

Kind regards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DioCrafts