All features

Plugins & extensibility

Ed25519-signed plugin bundles with a three-tier trust model.

Plugins are signed by one of three sources: the nosdesk-root key, a verified or community publisher, or the instance's own local key. The backend re-syncs the registry every 24 hours and verifies signatures on every install path. Trusted tiers install in one click; community plugins ask you to type the plugin name to confirm.

7 total 6 shipping 1 planned

  • Signed plugin bundles

    Shipping

    Ed25519 signature envelope embedded in each plugin zip; verification on every install path.

  • Plugin registry

    Shipping

    nosdesk.com publishes signed publishers.json + index.json with monotonic version. The backend fetches every 24h, verifies against a baked-in root pubkey, and upserts trusted publishers.

  • Plugin slots in the UI

    Shipping

    Frontend exposes <PluginSlot> placeholders (e.g. ticket-sidebar); installed plugins inject components into named slots.

  • Per-plugin state

    Shipping

    plugin_data, plugin_collection_schemas, and plugin_collection_rows tables provide JSONB-typed storage namespaced per plugin.

  • Plugin trust tiers

    Shipping

    Official (Nosdesk-signed, one-click install). Verified / community (publisher-signed, requires confirm; community uses two-step type-the-name confirmation). Local (CLI-only, intentionally awkward).

  • CLI admin tool

    Shipping

    A nosdesk-cli binary is built into the production image; admins exec into the container to manage plugins.

  • Plugin sandbox

    Planned

    Designed in docs/plugin-sandbox-plan.md as a community-tier iframe sandbox with postMessage RPC. Not yet implemented; all plugins currently run in-process.

Previous Integrations Next Notifications

Want to see it in action?

Join the waitlist for early access, or browse the rest of the catalogue.

Join waitlist All features