Plugin Catalog
In Gigi docs, plugin means an approved external Discord app, bot, or service integration that Gigi can understand through a manifest. It does not mean arbitrary code loaded into Gigi, and Gigi does not run third-party app code. Plugin catalog work has started. This slice validates, imports, stores, lists, enables, disables, dry-run matches, can propose policy-gated semantic plans through a configured routing model, and can dispatch public prefix actions for approved external app versions that explicitly opt in with action-leveldispatch: "send_message" plus stored public-dispatch consent. It does not publish commands declared by manifests, scrape docs, or use unvalidated LLM-driven dispatch.
Current Behavior
- external app manifests can be decoded from
gigi-plugin.json - manifests must declare exact Discord application ID or bot user ID
- manifests can come from the known catalog, an explicitly provided HTTPS manifest URL, or a Discord attachment upload
- URL imports reject unsafe literal hosts, DNS-resolved unsafe addresses, unsafe redirects, and non-JSON manifest responses
- approved manifests can be stored in PostgreSQL
/plugins listshows approved manifests/plugins import-manifestimports and approves a URL-sourced manifest/plugins import-fileimports and approves an uploaded JSON manifest- public
send_messageactions with emptypermissionsrequire explicitallow-public-dispatch:trueat import time, and that approval is stored on the approved plugin version /plugins enableenables an approved external app version for the current guild/plugins disabledisables an external app integration for the current guild/plugins enabledshows enabled guild external app integrations- enabled guild external app installs can be loaded from PostgreSQL
- guild mentions can match enabled action
prefixtriggers onguild_text - dry-run checks action permissions before returning a planned command; empty
permissionsmeans public guild action after enablement - action-level
dispatch: "send_message"sends the planned prefix command as Gigi only when the approved version has stored public-dispatch consent and the matched action has emptypermissions - actions without
dispatch: "send_message"remain dry-run only - restricted actions with non-empty
permissionsremain dry-run only even when the action asks forsend_message - trigger
aliasescan match friendlier Gigi mention text while dispatch still uses the triggervalue - semantic routing runs only after deterministic prefix matching fails and
/llm routingallows it; it uses the configuredroutingmodel, validates the LLM proposal against enabled manifests, and either dry-runs or dispatches public actions by policy /plugins dry-runcan test enabled manifest matching without depending on Discord message-content events
Manifest Requirements
Each manifest must include:- plugin id, name, version, source, and source kind
- exact Discord application ID or bot user ID
- capabilities
- actions with id, trigger, surfaces, safety class, optional permissions, optional argument schema, and optional dispatch adapter
- legacy top-level triggers, surfaces, permissions, and dispatch are still accepted and normalized into actions
- prefix triggers may include aliases
- supported surfaces; action surfaces can inherit top-level surfaces
- optional Gigi capabilities; empty action
permissionsmeans public guild action - optional action dispatch mode:
dry_runorsend_message - audit events
- attribution resources
Content-Type header must be JSON-like. Attachment imports must use a .json file with a JSON-like content type when Discord provides one, reject unsafe redirects, and are stored as uploaded_file source without storing the Discord CDN URL. The current code validates supplied manifest JSON; it does not browse or scrape external app documentation.
Not Live Yet
- admin-assisted custom manifest creation
- community registry support
- external app command publishing
- restricted external app dispatch
- native slash, button, DM, or rich external app dispatch
- LLM-driven dispatch to external app actions
- confirmed per-message dispatch approval
- docs scraping or browser-based discovery
!example ..., but the external app decides whether to act.