Extensible Plugin System with Secure Route Isolation
Extend DeployStack with custom functionality through our secure plugin architecture. Build plugins that add database tables, API endpoints, and global settings - all with automatic security isolation.
The plugin system provides a complete framework for extending DeployStack without compromising security or stability. Each plugin operates in its own namespace with API routes automatically isolated under /api/plugin/<plugin-id>/, preventing route hijacking and ensuring plugins cannot interfere with core authentication or user management endpoints.
Plugins can define their own database tables through a secure two-phase initialization process - core migrations run first in a trusted environment, followed by plugin tables created dynamically in a sandboxed phase. This architecture ensures plugins cannot modify core database structure while still providing full database functionality including relationships, seeding, and migrations.
Beyond database and API extensions, plugins can contribute their own global settings managed through DeployStack's admin interface, integrate with other plugins through the Plugin Manager API, and implement lifecycle hooks for initialization and cleanup. Whether you're adding support for a new cloud provider, implementing custom business logic, or extending DeployStack's capabilities, the plugin system provides a secure, structured foundation for development.