Store
If you want to share your plugin package with the Caido community, the best way is to submit it to the official list of plugin packages. Once we've reviewed and published your plugin package, users will be able to install it directly from within Caido.
You only need to submit your plugin packge once. Once it has been accept, users will be able to download new releases from GitHub directly.
Prerequisites
- A GitHub account.
Step 1: Create a repository
All Caido plugin packages must have their source code on GitHub. If you're unfamiliar with GitHub, refer to the GitHub docs for how to Create a new repository.
- Your repository can live under your account, like
github.com/bebiksior/EvenBetter
- You can request our team for a repository under caido-community, like
github.com/caido-community/authmatrix
Using a template
If you are not familiar with the plugin system of Caido and/or the release process. We highly recommend that you start with one of our templates.
- Visit
github.com/caido/starterkit-plugin
- Select
Use this template
->Create a new repository
- Give it a name
- Select
Create repository
Step 2: Preparation
At the root of your repository please ensure that you have:
- Have a
manifest.json
file that follows the standard Caido manifest format. - Have a
LICENSE
file to describe the licensing of your plugin package. - Have a
README.md
file to describe the goal and usage of your plugin packge.
Step 3: Generate a key-pair
All plugin packages must releases be signed to be installable in Caido. We use public-key signature using ed25519
keys for that purpose. Learn more.
1. Generate the private key: openssl genpkey -algorithm ed25519 -out private.pem
.
The file private.pem
will contain the following format:
-----BEGIN PRIVATE KEY-----
<SOME BASE64 DATA ON ONE LINE>
-----END PRIVATE KEY-----
WARNING
Keep this key very private! Ideally, you should encrypt it or store it in Github Action Secrets.
2. Generate the public key: openssl pkey -in private.pem -pubout --out public.pem
The file public.pem
will contain the following format:
-----BEGIN PUBLIC KEY-----
<SOME BASE64 DATA ON ONE LINE>
-----END PUBLIC KEY-----
INFO
This is safe to share with other people, in fact it will be used later in the store.
Step 4: Create a release
There are two ways to create a release, either manually or using the Github Workflow from our starterkit.
Manually
- In
manifest.json
, update theversion
field to a new version that follows the Semantic Versioning specification, for example0.1.0
for your initial release. Only use numbers and dots. - Build the plugin package zip archive. If you use the starterkit, this will be
pnpm build
and it will createdist/plugin_package.zip
. - Generate the signature:
openssl pkeyutl -sign -inkey private.pem -out dist/plugin_package.zip.sig -rawin -in dist/plugin_package.zip
- Create a GitHub release. The
Tag version
of the release must match the version in yourmanifest.json
, it must not include av
prefix. - Enter a name for the release, and describe it in the description field. Caido doesn't use the release name for anything, but we recommend also using the version for simplicity.
- Upload the following assets to the release as binary attachments:
plugin_package.zip
plugin_package.zip.sig
Github Workflow
If you want to simplify your life, we have created a Github Workflow to automate all the steps from above.
- Add your private key in a Github Action Secret called
PRIVATE_KEY
. - In
manifest.json
, update theversion
field to a new version that follows the Semantic Versioning specification, for example0.1.0
for your initial release. Only use numbers and dots. - In
Actions
, trigger theRelease
workflow.
Step 5: Submit your plugin for review
In this step, we will submit your plugin to the Caido store for review.
Go to the repository
github.com/caido/store
.In plugin_packages.json, selct
Edit this file
in the in the upper-right corner.Add a new entry at the end of the JSON array.
json{ "id": "my-unique-plugin", "name": "My Unique Plugin", "license": "CC0-1.0", "description": "This my super cool new Caido plugin", "author": { "name": "John Doe", "email": "john@example.com", "url": "https://example.com" }, "public_key": "MCowBQYDK2VwAyEA0zDx1tIO7S/d+AYFjLLmTA6pvuEyf+70KfcgVi1DNhc=", "repository": "john/my-unique-plugin" }
A few things to be aware of:
id
,name
,author
,license
, anddescription
determine how your plugin appear to the user in Caido.id
is unique to your plugin. Searchplugin_packages.json
to confirm that there's no existing plugin with the same id.public_key
is the base64 part of the public key generated in Step 3. Don't include the header/footer (BEGIN/END PUBLIC KEY
).repository
is the path to your GitHub repository. For example, if your GitHub repo is https://github.com/username/repo-name, the path isusername/repo-name
.
WARNING
Remember to add a comma after the closing brace (
}
) of the previous entry otherwise the json will not be valid!Select
Commit changes...
in the upper-right corner.Select
Propose changes
.In the name of the pull request, enter
Add <YOUR PLUGIN PACKAGE NAME>
Fill in the details in the description for the pull request. For the checkboxes, insert an x between the brackets, [x], to mark them as done.
Click
Create pull request
.
You've now submitted your plugin package to the Caido store. Our bot will verify that that format is correct and you will have to sign the Contributor License Agreement. Once your submission is ready for review, you can sit back and wait for the Caido team to review it.
Step 6: Address review comments
Once a Caido team member has reviewed your plugin, they will add a comment to your pull request with the result of the review. The reviewer may ask that you update your plugin, or they can offer suggestions on how you can improve it.
Address any required changes and update the GitHub release with the new changes. Leave a comment on the PR to let us know you've addressed the feedback.
We will publish the plugin as soon we have verified that all required changes have been addressed.
Next steps
Once your plugin is published, it is time to announce it to the community ✨
- Announce it in the Plugin
#discussion
channel on Discord.