This repository contains the community plugin marketplace catalog for Tyk AI Studio.
tyk-ai-studio-plugins-ce/
├── index.yaml # Auto-generated plugin index (DO NOT EDIT)
├── plugins/
│ ├── llm-firewall/
│ │ └── 1.0.0/ # Version directory
│ │ ├── manifest.yaml # Plugin metadata (required)
│ │ ├── README.md # Plugin documentation
│ │ ├── CHANGELOG.md # Version history
│ │ └── icon.svg # Plugin icon (SVG recommended)
│ └── <other-plugins>/
│ ├── 1.0.0/
│ ├── 1.1.0/ # Multiple versions supported
│ └── 2.0.0/
└── .github/
└── workflows/
└── generate-index.yml # Auto-generates index.yaml on push
Each plugin uses version directories to support multiple releases:
plugins/
my-plugin/
1.0.0/
manifest.yaml
README.md
CHANGELOG.md
icon.svg
1.1.0/
manifest.yaml
README.md
CHANGELOG.md
icon.svg
This allows users to install specific versions and see version history in the marketplace UI.
- Plugin Submission: Contributors add a new directory under
plugins/<plugin-name>/<version>/with amanifest.yamlfile - CI/CD: GitHub Actions automatically generates
index.yamlfrom all plugin manifests when changes are pushed tomain - Distribution: Plugin binaries are hosted on OCI registries (GitHub Container Registry, Nexus, etc.)
- Discovery: AI Studio periodically fetches
index.yamlto update the marketplace catalog - Versioning: Multiple versions are supported - each version has its own directory with a complete manifest
Each plugin must have a manifest.yaml file. Below is the complete schema with all supported fields:
# ============================================
# IDENTITY & VERSIONING (Required)
# ============================================
id: "com.tyk.plugin-name" # Unique identifier (reverse domain notation)
name: "Plugin Name" # Human-readable name
version: "1.0.0" # Semantic version
description: "Brief description" # What the plugin does
# ============================================
# OCI DISTRIBUTION (Required)
# ============================================
oci:
registry: "ghcr.io" # OCI registry hostname
repository: "tyk-technologies/plugins/name" # Repository path
tag: "1.0.0" # Image tag
digest: "sha256:abc123..." # Image digest for verification
platform: # Supported platforms
- "linux/amd64"
- "linux/arm64"
- "darwin/arm64"
# ============================================
# DISCOVERY & CLASSIFICATION (Required)
# ============================================
category: "security" # Plugin category (see below)
keywords: # Search keywords
- "security"
- "firewall"
maturity: "stable" # alpha, beta, stable
# ============================================
# DOCUMENTATION & SUPPORT (Required)
# ============================================
links:
documentation: "https://github.com/org/repo/tree/main/plugins/name"
repository: "https://github.com/org/repo"
support: "https://community.tyk.io"
issues: "https://github.com/org/repo/issues"
homepage: "https://tyk.io/ai-studio"
# ============================================
# DISPLAY ASSETS (Required)
# ============================================
icon: "https://raw.githubusercontent.com/org/repo/main/plugins/name/icon.svg"
screenshots: [] # Optional: Array of screenshot URLs
# ============================================
# MAINTAINERS (Required)
# ============================================
maintainers:
- name: "Your Name"
email: "[email protected]"
organization: "Your Organization"
publisher: "tyk-community" # tyk-official, tyk-verified, tyk-community
license: "Apache-2.0" # SPDX license identifier
# ============================================
# CAPABILITIES (Required)
# ============================================
capabilities:
hooks: # All hooks this plugin implements
- "pre_auth"
- "post_auth"
primary_hook: "pre_auth" # Main hook type for categorization
# ============================================
# REQUIREMENTS (Required)
# ============================================
requirements:
min_studio_version: "2.0" # Minimum AI Studio version
api_versions: # Supported API versions
- "gateway-v1"
dependencies: [] # Other plugins this depends on
# ============================================
# PERMISSIONS (Required)
# ============================================
permissions:
services: [] # Service access: llms.proxy, llms.read, tools.call, etc.
kv: [] # Key-value store access
rpc: [] # RPC service access
ui: [] # UI extension permissions
# ============================================
# ENTERPRISE (Required)
# ============================================
enterprise_only: false # true if requires enterprise license
# ============================================
# OPTIONAL FIELDS
# ============================================
config_schema_url: "" # URL to JSON schema for plugin config
# Attestation/Signing (optional)
attestation:
enabled: false
sigstore_bundle_url: ""
# ============================================
# METADATA (Required)
# ============================================
created_at: "2025-01-15T10:00:00Z" # ISO 8601 timestamp
updated_at: "2025-01-15T10:00:00Z" # ISO 8601 timestamp
deprecated: false # Set to true to mark as deprecated
deprecated_message: "" # Message explaining deprecation
replacement: "" # Plugin ID of replacement (if deprecated)All fields marked with (Required) sections above must be present for the plugin to be indexed correctly.
| Field | Description |
|---|---|
id |
Unique plugin identifier (e.g., com.tyk.llm-firewall) |
name |
Human-readable name |
version |
Semantic version string |
description |
Brief description |
oci.* |
OCI registry distribution details |
category |
Plugin category |
maturity |
Release maturity level |
publisher |
Publisher type |
license |
SPDX license identifier |
capabilities.hooks |
List of implemented hooks |
capabilities.primary_hook |
Main hook type |
requirements.min_studio_version |
Minimum compatible version |
permissions.* |
Required permissions (can be empty arrays) |
enterprise_only |
Enterprise-only flag |
created_at / updated_at |
Timestamps |
- Fork this repository
- Create a new directory structure:
plugins/<plugin-name>/<version>/(e.g.,plugins/my-plugin/1.0.0/) - Add your
manifest.yamlfile with all required fields - Add a
README.mdwith plugin documentation - Add an
icon.svg(SVG recommended, or PNG at 256x256) - Create a pull request
To release a new version of an existing plugin:
-
Copy the existing version directory to a new version directory:
cp -r plugins/my-plugin/1.0.0 plugins/my-plugin/1.1.0
-
Update the manifest in the new directory:
- Update
versionfield (e.g.,"1.1.0") - Update
oci.tagto match the new version - Update
oci.digestwith the new image digest - Update
updated_attimestamp - Update
descriptionif needed
- Update
-
Update
CHANGELOG.mdwith the new version's changes -
Push to main (or create a pull request)
The GitHub Action will automatically regenerate index.yaml with all versions, sorted by semver (newest first).
# Copy existing version
cp -r plugins/llm-cache/1.0.0 plugins/llm-cache/1.1.0
# Edit the manifest
# - version: "1.0.0" → "1.1.0"
# - oci.tag: "1.0" → "1.1"
# - oci.digest: "<new-digest>"
# - updated_at: "<current-timestamp>"
# Commit and push
git add plugins/llm-cache/1.1.0
git commit -m "Release llm-cache v1.1.0"
git push-
manifest.yamlincludes all required fields -
idfollows reverse domain notation (e.g.,com.yourorg.plugin-name) -
versionin manifest matches the directory name - OCI image is published and accessible
-
oci.tagmatches the version being released -
iconURL points to a valid image - All
linksURLs are valid and accessible -
enterprise_onlyis set correctly -
created_atandupdated_atare valid ISO 8601 timestamps
| Category | Description |
|---|---|
security |
Security plugins (firewalls, content filtering, policy enforcement) |
agents |
AI agent plugins that handle conversations |
connectors |
Integration plugins for external services |
tools |
Tool plugins that extend AI capabilities |
ui-extensions |
UI plugins that add custom interfaces |
analytics |
Analytics and monitoring plugins |
data |
Data processing and transformation plugins |
Plugins can implement one or more hooks:
| Hook | Description |
|---|---|
pre_auth |
Runs before authentication, can modify/reject requests |
post_auth |
Runs after authentication with user context |
pre_request |
Runs before sending request to LLM |
post_request |
Runs after receiving response from LLM |
agent |
Full agent implementation |
| Publisher | Description |
|---|---|
tyk-official |
Plugins maintained by Tyk Technologies |
tyk-verified |
Community plugins verified by Tyk |
tyk-community |
Community-contributed plugins |
Available service permissions:
| Scope | Description |
|---|---|
llms.proxy |
Access to call LLM services via the proxy |
llms.read |
Read LLM configurations |
llms.write |
Modify LLM configurations |
tools.call |
Execute tool operations |
tools.read |
Read tool configurations |
datasources.query |
Query datasources |
datasources.read |
Read datasource configurations |
kv.readwrite |
Read and write plugin key-value storage |
The index.yaml file is automatically generated by GitHub Actions when changes are pushed to main. Do not edit index.yaml directly - your changes will be overwritten.
The index includes all fields from the manifest plus:
- Auto-generated
manifest_urlpointing to the raw manifest file
The GitHub Action scans for all manifest.yaml files under plugins/:
plugins/<plugin-name>/<version>/manifest.yaml- Versioned structure (recommended)plugins/<plugin-name>/manifest.yaml- Legacy single-version structure (still supported)
All versions of a plugin are grouped together in the index and sorted by semantic version (newest first). This allows:
- Users to see all available versions in the marketplace UI
- Installing specific versions
- Detecting available updates for installed plugins
For questions or issues: