Skip to content

feat: add plugin schema#37

Open
fzipi wants to merge 3 commits intomainfrom
feat/add-plugin-schema
Open

feat: add plugin schema#37
fzipi wants to merge 3 commits intomainfrom
feat/add-plugin-schema

Conversation

@fzipi
Copy link
Copy Markdown
Member

@fzipi fzipi commented Apr 13, 2026

what

  • add plugin schema for discovery and configuration

why

  • enhance plugin onboarding experience

@fzipi
feat: add plugin schema
25def86 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
@fzipi fzipi requested a review from Copilot April 13, 2026 12:30
Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a JSON Schema and accompanying documentation/examples to standardize CRS plugin discovery and configuration via a plugin.yaml descriptor.

Changes:

  • Introduce plugin-schema.json (JSON Schema draft 2020-12) for validating plugin descriptors.
  • Add documentation describing the schema fields and intended usage (docs/plugin-descriptor-schema.md).
  • Provide example plugin descriptors under examples/ for reference and onboarding.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
plugin-schema.json Defines the structure/constraints for plugin.yaml plugin descriptors.
docs/plugin-descriptor-schema.md Documents the schema fields, intent, and rollout plan.
examples/wordpress-rule-exclusions-plugin.yaml Example descriptor for a rule-exclusion plugin.
examples/fake-bot-plugin.yaml Example descriptor for a detection plugin with multiple variables.
examples/body-decompress-plugin.yaml Example descriptor for a utility plugin with numeric bounds.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@fzipi
Copy link
Copy Markdown
Member Author

fzipi commented Apr 13, 2026

@copilot apply changes based on the comments in this thread

Copy link
Copy Markdown

Copilot AI commented Apr 13, 2026

@copilot apply changes based on the comments in this thread

Applied all changes from the review in commit bc82781:

  • configuration.variables: added minItems: 1 to prevent empty variable lists
  • default/example type validation: added if/then conditionals for all four types — boolean values must be integer 0 or 1; integer values must be integers; string and enum values must be strings
  • allowed_values: added items: {type: string} and a conditional requiring it when type is "enum", and forbidding it for non-enum types
  • min/max: changed from type: number to type: integer and added a conditional that forbids them on non-integer variable types
  • Example fix: renamed tx.body-decompress-plugin_enabletx.body-decompress-plugin_enabled to match the documented convention
  • Docs: updated the boolean type description to clarify values are integers (0/1) following the ModSecurity convention

@fzipi fzipi requested a review from theseion April 13, 2026 21:44
@fzipi @claude
feat: remove version field from plugin schema
e9ba83f 
Version is derived from GitHub release tags at query time. Embedding it
in plugin.yaml would inevitably drift as developers forget to update it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@theseion theseion Awaiting requested review from theseion

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fzipi