Plugins

Real-time scanning against the OWASP Agentic Top 10 attack vectors. Blocks prompt injection, tool poisoning, and lateral A2A escalation before execution.

Redacts API keys, tokens, and PII from agent prompts and outputs. Pattern library updated nightly.

Refuses rm -rf, chmod 777, fork bombs, and 60+ destructive shell patterns. Hard block, no override.

Lock workspace filesystem access to declared paths. Anything outside throws EACCES at the runtime layer.

Multi-dimensional review — security, performance, readability, test coverage, dependency hygiene, license compatibility, and 10 more.

Lint, type, test, coverage, security, license, signoff. Seven mandatory gates before any agent-authored PR can merge.

Tiered human approval — single reviewer, dual sign-off, or executive override. Routes by risk score and org topology.

Watches code diffs, regenerates the corresponding docs section, opens a PR. Keeps docs.* and src/* in lockstep.

Auto-generates audit trails, transparency disclosures, and human oversight records mapped to specific EU AI Act articles. Export-ready PDF & JSON.

Blocks any agent from importing dependencies with known CVEs above your configured CVSS threshold. NIST + GHSA feeds.

Long-term memory with TTL, scoping, and decay. Drops in any agent; backed by pgvector.

Headless Chromium under HITL gating. Form fill, scrape, screenshot, PDF export — with a kill switch on every action.

Blocks GPL/AGPL contamination of proprietary code. Per-package allowlist. SPDX-compliant.

Routes the same diff to Claude, GPT-5, and Gemini. Surfaces disagreements as review comments — consensus or escalation.

Streams every tool call as a Datadog span. Latency, error rate, and cost all flow into your existing dashboards.

Hourly memory consolidation. Promotes repeated successful patterns into Hermes skills. Set-and-forget.

Two-key HITL — production diffs require two distinct human approvers. Enforces separation of duties.