agentflow-plugins
Agentflow Plugins
Plugins package reusable team workflows and CLI tools for supervised Agentflow runs. They resolve from Git or local folders, pin through agentflow.plugins.lock.json, and compile into normal Agentflow runtime behavior.
Must Know
- Prefer native repo/device CLIs for simple one-tool work that agents can discover with
--help. - Prefer a plugin when the capability composes multiple CLIs, normalizes fragile sequences, needs credential isolation, needs stable JSON I/O, or should be reused across graphs.
- Tool
--helpis the agent-facing API contract. - Tool implementation can be shell-native or language-backed; choose based on complexity, parsing needs, tests, dependencies, and portability.
- Name plugins by domain/capability, and name exports narrowly enough to avoid collisions with native CLIs, reserved runtime commands, and other plugin tools.
- Secrets belong in plugin credential scopes and
agentflow auth, never inline graph config. - Plugin workflows publish stable public artifacts from one
publish_node; consumers should not depend on generated internal node ids. - A plugin is not complete until it resolves and validates from a consumer graph.
Route By Task
- Need workflow plugin layout, manifests,
plugin_file,plugin://, config, lockfiles, or public artifacts: read references/plugin-workflows.md. - Need graph primitives, supervision, delivery, or run behavior: use
agentflow.
Default Workflow
- Decide native CLI, primitive graph, workflow plugin, tool plugin, or combined package.
- Use native CLIs for simple single-command behavior; use plugins for reusable behavior, multi-CLI composition, auth isolation, stable I/O, policy, or auditability.
- Keep workflow config small and schema-backed.
- Expose public artifacts from one
publish_node. - Declare a clear tool
description; put detailed CLI usage in the executable's--help. - Use plugin
credentialsplusagentflow authfor tools that need auth; keep inlinetools[].configfor non-secret graph-provided defaults only. - Keep tool config schemas string-only and reject secrets such as tokens, passwords, or API keys.
- Implement credential-free, side-effect-free executable
--helpfor every plugin tool. - Run
agentflow plugin resolve --graph <path>. - Run
agentflow validate --graph <path>. - Run
agentflow validate --graph <path> --strictwhen the plugin graph is team-owned or release-bound. - Use
agentflow validate --graph <path> --show-compiledwhen the compiled graph needs inspection. - Inspect
validate --show-compiledfor workflow lowering and tool policy; use--diagram-outputor--diagram-image-outputwhen reviewing nontrivial workflow expansion.
Authoring Posture
- Plugins do not create new primitive node kinds.
- Plugin workflows lower into normal graph nodes.
- Plugin tools are ordinary CLIs launched inside the node sandbox.
- A plugin tool may wrap one CLI, but it is often most valuable when it composes several CLIs into one stable capability that agents should not reimplement every run.
- Plugin ids, workflow ids, and tool aliases should be stable, domain-based, and descriptive; avoid generic names like
run,check,deploy,poll, orsyncunless the plugin domain makes the generated callable unambiguous. - Plugin
tools[].configis for non-secret graph-provided defaults only; use credential scopes for anything sensitive. - Tool launchers expose graph config to the plugin subprocess as
AGENTFLOW_TOOL_<CALLABLE_NAME>_<KEY>environment variables. - Tool
config_schemavalidates those graph config defaults; it is not the tool's CLI argument schema. - Plugin manifests do not declare default CLI arguments; agents pass CLI arguments when invoking the generated callable tool.
- Secret credential values are resolved only by generated tool launchers and are not exported into Codex or Cursor harness environments.
- Tool
--helpis the detailed API contract agents should read before first use. - Shell tools are good for thin orchestration; language-backed tools are better for parsing, validation, structured output, and nontrivial logic.
- Downstream graph nodes consume only public plugin node artifacts.
More from koji98/agentflow
agentflow
Use when authoring, validating, running, inspecting, or debugging supervised Agentflow graphs, managed patterns, plugin tools, delivery packages, supervisor interventions, or Codex/Cursor harness behavior.
10agentflow-run-debugging
Inspect, explain, and debug Agentflow runs. Use when a run failed, resumed unexpectedly, or needs artifact-level diagnosis; when tracing state.json, events.jsonl, execution logs, context packets, or execution artifacts; or when deciding why passed work did or did not preserve on resume.
3agentflow-graph-authoring
Design, review, and refine Agentflow execution graphs. Use when authoring or editing Agentflow graph JSON, choosing between primitive nodes and managed workflows, or checking topology, profiles, context flow, outputs, and validation against the shipped runtime contract.
3agentflow-managed-workflows
Author and review Agentflow managed workflows. Use when choosing between deep_research, spec_design, execute_spec, and review_change, or when filling their brief, context_policy, approval_policy, strategy, delivery, and runtime fields.
3agentflow-evals
Use when designing, validating, running, inspecting, or improving Agentflow eval suites, scenarios, variants, criteria, environment simulation, trajectory checks, trace packets, scorecards, benchmark reports, prompt-pack experiments, dogfood workflow-quality evals, capability-workflow local repo evals, or pinned real-world GitHub issue evals.
2agentflow-grill-me
Use when the user wants to be grilled, interviewed, pressure-tested, or questioned before creating an Agentflow plan, graph, workflow, feature design, or implementation plan.
1