Skip to content
Open Choice

Installing a Plugin

When you trigger an install — from the registry or from a file — Open Choice runs a verification pipeline before writing anything to disk or the database.

What happens during install

  1. Manifest is read — the plugin’s manifest.json is extracted from the package
  2. Signature is verified — the manifest signature is checked against the trusted key store. If the key is not trusted, the install is blocked (unless developer mode is on)
  3. Binary hash is verified — the SHA-256 of the plugin binary is computed and compared against the value declared in the manifest. A mismatch is a hard failure
  4. Capabilities are extracted — the host reads what filesystem, network, and shell access the plugin declares
  5. The install dialog is shown — you see all of the above before anything is written

The install dialog

Publisher and trust

The top section shows who made the plugin and whether their signature is trusted.

StatusMeaning
VerifiedThe plugin is signed by a publisher in the trusted key store
WarningThe plugin is signed but the key is not in the trusted key store, or it is unsigned. Requires developer mode to install

Capabilities

Each declared capability is listed with a plain-English description and a risk level:

  • Filesystem read / write — which directories the plugin can access. Plugin folder only is minimal; Anywhere on your system means the plugin can read or write any file
  • Network — whether the plugin makes outbound network requests
  • Shell execute — whether the plugin spawns external processes (always true for script wrappers)
  • Environment variables — whether the plugin reads your environment

Risk profile

A single label summarising the overall access level, derived from the capabilities:

  • safe — minimal access, no shell execution, no network
  • elevated — broader filesystem access than the plugin’s own folder
  • arbitrary-code-execution — runs scripts or external code; no sandboxing

Confirming the install

Click Install to proceed. The binary is extracted to the plugins directory, static assets (help, examples, schema) are cached in the database, and the plugin appears in the installed list.

If you want to review before running anything, click the plugin name to open its detail page. From there you can inspect the declared endpoints and run a self-test.

Version updates

If you install a newer version of an already-installed plugin, the install dialog shows a capabilities changed warning if the new version declares different permissions than the one currently installed. Review the change before confirming.