docs(building-plugins): document npm plugin sources#1227
docs(building-plugins): document npm plugin sources#1227factory-davidgu wants to merge 1 commit into
Conversation
|
Droid finished @factory-davidgu's task —— View job Review summarySolid, detailed docs for the new npm plugin source. A couple small clarifications around pinning/versioning semantics across source types will prevent readers from applying the marketplace (git commit hash) guidance to npm-based installs. |
Document the npm plugin source for marketplace manifests, including required/optional fields, the published package layout (Droid and Claude Code formats), install-time hardening defaults, and the wrapper-marketplace pattern for shipping a single npm-published plugin. Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
factory-davidgu
force-pushed
the
dgu/docs-npm-plugin-source
branch
from
c9bd8b9 to
29b2748
Compare
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
![factory-droid[bot]](https://avatars.githubusercontent.com/in/358017?s=60&v=4){kind=small}
|
|
||
| ### Plugin sources | ||
|
|
||
| Each plugin entry's `source` field tells Droid where to fetch the plugin from. The default form, a relative path string like `"./plugin-one"`, points at a directory inside the marketplace repository. For plugins that live elsewhere, use a source object. |
There was a problem hiding this comment.
[P1] Resolve pinning guidance ambiguity across source types
The new Plugin sources table lists per-plugin ref/sha for git-based sources, but the Version management note later says pinning a plugin requires pinning the marketplace, which is only true for relative-path plugins. This internal contradiction can mislead readers about how to pin plugins depending on the source type.
| Each plugin entry's `source` field tells Droid where to fetch the plugin from. The default form, a relative path string like `"./plugin-one"`, points at a directory inside the marketplace repository. For plugins that live elsewhere, use a source object. | |
| Each plugin entry's `source` field tells Droid where to fetch the plugin from. The default form, a relative path string like "./plugin-one", points at a directory inside the marketplace repository. For plugins that live elsewhere, use a source object. Pinning behavior depends on the source type: git-based sources can be pinned per-plugin (via `ref`/`sha` when supported), while relative-path plugins are pinned by pinning the marketplace source. |
|
|
||
| #### npm packages | ||
|
|
||
| Distribute plugins as npm packages when you already ship to a private registry (Artifactory, CodeArtifact, GitHub Packages, Verdaccio, and so on) and want to reuse that channel for your Droid plugins. Public packages on the npm registry work the same way. |
There was a problem hiding this comment.
[P1] Clarify npm versioning vs git commit-hash note
This PR adds npm version (semver ranges and dist-tags) for plugin sources, but the Version management note later states Droid tracks plugin versions by Git commit hash, which can be read as contradicting npm-based installs. A short clarification here helps readers understand that the git commit-hash guidance applies to git-based sources, while npm sources follow npm version resolution.
| Distribute plugins as npm packages when you already ship to a private registry (Artifactory, CodeArtifact, GitHub Packages, Verdaccio, and so on) and want to reuse that channel for your Droid plugins. Public packages on the npm registry work the same way. | |
| Distribute plugins as npm packages when you already ship to a private registry (Artifactory, CodeArtifact, GitHub Packages, Verdaccio, and so on) and want to reuse that channel for your Droid plugins. Public packages on the npm registry work the same way. For npm sources, pinning and updates follow npm version resolution via the `version` field (the git commit-hash guidance in [Version management](#version-management) applies to git-based sources). |
factory-ain3sh
left a comment
factory-ain3sh
left a comment
There was a problem hiding this comment.
pls address review droid feedback before merging
2 participants
Documents the new
npmplugin source type for marketplace manifests inguides/building/building-plugins.mdx.What changed
github,url,git-subdir,npm).package,version,registry)package.jsonfilesconfiguration--ignore-scripts, scratch-scoped.npmrc)npm:is not a valid marketplace source.Notes
@your-org/droid-pr-triage,your-org-plugins,https://npm.your-org.example). No real published packages are referenced.dgu/npm-marketplace.