plugin-development

The plugin-development skill provides a comprehensive toolkit for extending Memoria's governance capabilities. Memoria allows users to define custom logic for AI agent memory operations, ensuring safety, compliance, and decision-making integrity through sandboxed scripts or remote services. This skill is intended for engineers and security architects who need to create custom guardrails for agent interactions or define complex validation logic that executes during plan or execution phases.

• Scaffold plugin structures: Quickly generate manifest files and initial policy logic using the CLI.

• Runtime flexibility: Supports in-process Rhai scripts for lightweight, memory-limited rules and out-of-process gRPC services for complex logic requiring external integrations.

• Signing and Security: Features built-in cryptographic signing tools (ed25519) to ensure the integrity and authenticity of governance plugins before deployment.

• Full Lifecycle Management: Includes commands for list, audit, review, and activation of plugins across different Memoria domains and bindings.

• Testing Harnesses: Provides access to contract testing via the GovernancePluginContractHarness to validate logic before production usage.

• Use manifest.json to define permissions, resource limits (memory/time), and metadata for governance modules.

• Implement policy.rhai logic using built-in helpers like decision() and evidence() to influence agent planning and execution.

• Always use memoria plugin publish to sign your package before activating it in a production environment.

• Ensure plugin capabilities include the correct governance.plan or governance.execute flags as required by your business rules.

• Development workflow involves local testing with environment variables followed by secure deployment via the sign and publish commands.

• Note that Rhai runtimes are sandboxed for security, while gRPC allows for more complex, network-enabled backend logic.