@lamalibre/portlama-agent 1.0.21 → 1.0.22

package/src/lib/agent-plugins.js

@@ -0,0 +1,358 @@
+/**
+ * Agent plugin lifecycle management.
+ *
+ * Manages plugin installation, enable/disable, uninstall, and update for
+ * per-agent plugin registries. Plugins are installed into the agent's data
+ * directory and mounted on the agent panel server (port 9393) when enabled.
+ *
+ * Adapted from local-plugins.js — key differences:
+ * - All functions take `label` as first parameter (per-agent isolation)
+ * - Uses agentDataDir/agentPluginsFile/agentPluginsDir from platform.js
+ * - Validates modes.includes('agent') instead of 'local'
+ */
+
+import { readFile, writeFile, rename, open, mkdir, rm } from 'node:fs/promises';
+import { createRequire } from 'node:module';
+import path from 'node:path';
+import { execa } from 'execa';
+import { agentDataDir, agentPluginsFile, agentPluginsDir } from './platform.js';
+
+// Reserved names that cannot be used as plugin names (matches panel-server constants).
+const RESERVED_NAMES = [
+  'health', 'onboarding', 'invite', 'enroll', 'tunnels', 'sites', 'system',
+  'services', 'logs', 'users', 'certs', 'invitations', 'plugins', 'tickets',
+  'settings', 'identity', 'storage', 'agents',
+];
+
+// --- Promise-chain mutex (serialises registry modifications) ---
+
+let lockTail = Promise.resolve();
+
+function withLock(fn) {
+  const next = lockTail.then(fn, fn);
+  lockTail = next.catch(() => {});
+  return next;
+}
+
+// --- Registry read / write ---
+
+/**
+ * Read the agent plugin registry.
+ * @param {string} label - Agent label
+ * @returns {Promise<{plugins: Array}>}
+ */
+export async function readAgentPluginRegistry(label) {
+  try {
+    const raw = await readFile(agentPluginsFile(label), 'utf-8');
+    const parsed = JSON.parse(raw);
+    return Array.isArray(parsed.plugins) ? parsed : { plugins: [] };
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      return { plugins: [] };
+    }
+    throw new Error(`Failed to read agent plugin registry: ${err.message}`);
+  }
+}
+
+/**
+ * Write the agent plugin registry atomically.
+ * @param {string} label - Agent label
+ * @param {object} data
+ */
+export async function writeAgentPluginRegistry(label, data) {
+  const filePath = agentPluginsFile(label);
+  const tmpPath = `${filePath}.tmp`;
+
+  await mkdir(path.dirname(filePath), { recursive: true, mode: 0o700 });
+
+  const content = JSON.stringify(data, null, 2) + '\n';
+  await writeFile(tmpPath, content, { encoding: 'utf-8', mode: 0o600 });
+
+  const fd = await open(tmpPath, 'r');
+  await fd.sync();
+  await fd.close();
+
+  await rename(tmpPath, filePath);
+}
+
+// --- Plugin lifecycle ---
+
+/**
+ * Install a plugin on the agent.
+ * @param {string} label - Agent label
+ * @param {string} packageName - Must be @lamalibre/ scoped
+ * @returns {Promise<object>} The new registry entry
+ */
+export function installAgentPlugin(label, packageName) {
+  return withLock(async () => {
+    if (!packageName.startsWith('@lamalibre/')) {
+      throw new Error('Only @lamalibre/ scoped packages are allowed');
+    }
+
+    // Validate the portion after scope to prevent path traversal
+    const pkgName = packageName.slice('@lamalibre/'.length);
+    if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(pkgName)) {
+      throw new Error('Invalid package name');
+    }
+
+    const registry = await readAgentPluginRegistry(label);
+    if (registry.plugins.find((p) => p.packageName === packageName)) {
+      throw new Error(`Plugin "${packageName}" is already installed`);
+    }
+
+    // Hard cap to prevent disk exhaustion
+    if (registry.plugins.length >= 20) {
+      throw new Error('Maximum of 20 agent plugins allowed');
+    }
+
+    // Ensure agent dir has a package.json so npm installs locally
+    const dir = agentDataDir(label);
+    await mkdir(dir, { recursive: true, mode: 0o700 });
+    const pkgJsonPath = path.join(dir, 'package.json');
+    try {
+      await readFile(pkgJsonPath, 'utf-8');
+    } catch (err) {
+      if (err.code === 'ENOENT') {
+        await writeFile(pkgJsonPath, '{"private":true}\n', { encoding: 'utf-8', mode: 0o600 });
+      }
+    }
+
+    // Install via npm
+    await execa('npm', ['install', '--ignore-scripts', packageName], { cwd: dir, timeout: 120_000 });
+
+    // Read and validate manifest
+    let manifest;
+    try {
+      const require = createRequire(path.join(dir, '/'));
+      const manifestPath = require.resolve(`${packageName}/portlama-plugin.json`);
+      const manifestRaw = await readFile(manifestPath, 'utf-8');
+      manifest = JSON.parse(manifestRaw);
+    } catch {
+      // Clean up on manifest failure
+      await execa('npm', ['uninstall', packageName], { cwd: dir }).catch(() => {});
+      throw new Error(`No valid portlama-plugin.json found in "${packageName}"`);
+    }
+
+    // Validate name
+    if (!/^[a-z0-9-]+$/.test(manifest.name)) {
+      await execa('npm', ['uninstall', packageName], { cwd: dir }).catch(() => {});
+      throw new Error(`Invalid plugin name: "${manifest.name}"`);
+    }
+
+    if (RESERVED_NAMES.includes(manifest.name)) {
+      await execa('npm', ['uninstall', packageName], { cwd: dir }).catch(() => {});
+      throw new Error(`Plugin name "${manifest.name}" is reserved`);
+    }
+
+    // Check for duplicate name (different package, same manifest name)
+    if (registry.plugins.find((p) => p.name === manifest.name)) {
+      await execa('npm', ['uninstall', packageName], { cwd: dir }).catch(() => {});
+      throw new Error(`A plugin named "${manifest.name}" is already installed`);
+    }
+
+    // Validate agent mode support
+    const modes = manifest.modes || ['server', 'agent'];
+    if (!modes.includes('agent')) {
+      await execa('npm', ['uninstall', packageName], { cwd: dir }).catch(() => {});
+      throw new Error(`Plugin "${manifest.name}" does not support agent mode`);
+    }
+
+    // Create plugin data directory
+    const pluginDir = path.join(agentPluginsDir(label), manifest.name);
+    await mkdir(pluginDir, { recursive: true, mode: 0o700 });
+
+    const entry = {
+      name: manifest.name,
+      displayName: manifest.displayName,
+      packageName,
+      version: manifest.version,
+      description: manifest.description || '',
+      capabilities: Array.isArray(manifest.capabilities) ? manifest.capabilities : [],
+      packages: manifest.packages || {},
+      panel: manifest.panel || {},
+      modes,
+      config: manifest.config || {},
+      status: 'disabled',
+      installedAt: new Date().toISOString(),
+    };
+
+    registry.plugins.push(entry);
+    await writeAgentPluginRegistry(label, registry);
+    return entry;
+  });
+}
+
+/**
+ * Uninstall an agent plugin. Must be disabled first.
+ * @param {string} label - Agent label
+ * @param {string} name - Plugin name
+ */
+export function uninstallAgentPlugin(label, name) {
+  return withLock(async () => {
+    const registry = await readAgentPluginRegistry(label);
+    const index = registry.plugins.findIndex((p) => p.name === name);
+    if (index === -1) {
+      throw new Error(`Plugin "${name}" not found`);
+    }
+
+    const plugin = registry.plugins[index];
+    if (plugin.status === 'enabled') {
+      throw new Error(`Plugin "${name}" must be disabled before uninstalling`);
+    }
+
+    if (!plugin.packageName.startsWith('@lamalibre/')) {
+      throw new Error('Registry corruption: invalid package scope');
+    }
+
+    // npm uninstall
+    await execa('npm', ['uninstall', plugin.packageName], { cwd: agentDataDir(label) }).catch(() => {});
+
+    // Remove plugin data directory
+    const pluginDir = path.join(agentPluginsDir(label), plugin.name);
+    await rm(pluginDir, { recursive: true, force: true }).catch(() => {});
+
+    registry.plugins.splice(index, 1);
+    await writeAgentPluginRegistry(label, registry);
+  });
+}
+
+/**
+ * Enable an agent plugin.
+ * @param {string} label - Agent label
+ * @param {string} name - Plugin name
+ */
+export function enableAgentPlugin(label, name) {
+  return withLock(async () => {
+    const registry = await readAgentPluginRegistry(label);
+    const plugin = registry.plugins.find((p) => p.name === name);
+    if (!plugin) {
+      throw new Error(`Plugin "${name}" not found`);
+    }
+    if (plugin.status === 'enabled') return;
+
+    plugin.status = 'enabled';
+    plugin.enabledAt = new Date().toISOString();
+    await writeAgentPluginRegistry(label, registry);
+  });
+}
+
+/**
+ * Disable an agent plugin.
+ * @param {string} label - Agent label
+ * @param {string} name - Plugin name
+ */
+export function disableAgentPlugin(label, name) {
+  return withLock(async () => {
+    const registry = await readAgentPluginRegistry(label);
+    const plugin = registry.plugins.find((p) => p.name === name);
+    if (!plugin) {
+      throw new Error(`Plugin "${name}" not found`);
+    }
+    if (plugin.status === 'disabled') return;
+
+    plugin.status = 'disabled';
+    delete plugin.enabledAt;
+    await writeAgentPluginRegistry(label, registry);
+  });
+}
+
+/**
+ * Update an agent plugin to the latest version.
+ * @param {string} label - Agent label
+ * @param {string} nameOrPackage - Plugin name or package name
+ * @returns {Promise<object>} The updated registry entry
+ */
+export function updateAgentPlugin(label, nameOrPackage) {
+  return withLock(async () => {
+    const registry = await readAgentPluginRegistry(label);
+    const plugin = registry.plugins.find(
+      (p) => p.name === nameOrPackage || p.packageName === nameOrPackage,
+    );
+
+    if (!plugin) {
+      throw new Error(`Plugin "${nameOrPackage}" not found`);
+    }
+
+    if (!plugin.packageName.startsWith('@lamalibre/')) {
+      throw new Error('Registry corruption: invalid package scope');
+    }
+
+    const dir = agentDataDir(label);
+    await execa('npm', ['install', '--ignore-scripts', plugin.packageName], { cwd: dir, timeout: 120_000 });
+
+    // Re-read manifest to capture the updated version
+    try {
+      const require = createRequire(path.join(dir, '/'));
+      const manifestPath = require.resolve(`${plugin.packageName}/portlama-plugin.json`);
+      const manifestRaw = await readFile(manifestPath, 'utf-8');
+      const manifest = JSON.parse(manifestRaw);
+      plugin.version = manifest.version || plugin.version;
+      if (manifest.capabilities) plugin.capabilities = manifest.capabilities;
+      if (manifest.panel) plugin.panel = manifest.panel;
+      if (manifest.packages) plugin.packages = manifest.packages;
+      if (manifest.description) plugin.description = manifest.description;
+      if (manifest.displayName) plugin.displayName = manifest.displayName;
+    } catch {
+      // Manifest may not exist — keep existing metadata
+    }
+
+    plugin.updatedAt = new Date().toISOString();
+    await writeAgentPluginRegistry(label, registry);
+    return plugin;
+  });
+}
+
+/**
+ * Read a plugin's panel.js bundle from the installed package.
+ * @param {string} label - Agent label
+ * @param {string} name - Plugin name
+ * @returns {Promise<string>} JavaScript source
+ */
+export async function checkAgentPluginUpdate(label, name) {
+  const registry = await readAgentPluginRegistry(label);
+  const plugin = registry.plugins.find((p) => p.name === name);
+  if (!plugin) {
+    throw new Error(`Plugin "${name}" not found`);
+  }
+
+  const pkg = plugin.packageName;
+  if (!pkg || !pkg.startsWith('@lamalibre/')) {
+    throw new Error('Invalid package scope');
+  }
+
+  const { stdout } = await execa('npm', ['view', pkg, 'version', '--json'], {
+    cwd: agentDataDir(label),
+  });
+
+  const latestVersion = JSON.parse(stdout.trim());
+  const currentVersion = plugin.version;
+
+  return {
+    name,
+    currentVersion,
+    latestVersion,
+    hasUpdate: latestVersion !== currentVersion,
+  };
+}
+
+export async function readAgentPluginBundle(label, name) {
+  const registry = await readAgentPluginRegistry(label);
+  const plugin = registry.plugins.find((p) => p.name === name);
+  if (!plugin) {
+    throw new Error(`Plugin "${name}" not found`);
+  }
+
+  const serverPkg = plugin.packages?.server;
+  if (!serverPkg) {
+    throw new Error(`Plugin "${name}" has no server package with panel bundle`);
+  }
+
+  // Defense-in-depth: verify scope in case registry was tampered
+  if (!serverPkg.startsWith('@lamalibre/')) {
+    throw new Error('Server package scope violation');
+  }
+
+  const require = createRequire(path.join(agentDataDir(label), '/'));
+  const panelPath = require.resolve(`${serverPkg}/panel.js`);
+  return readFile(panelPath, 'utf-8');
+}

package/src/lib/keychain.js

@@ -4,23 +4,6 @@ import path from 'node:path';
 import { execa } from 'execa';
 import { AGENT_DIR } from './platform.js';
 
-/**
- * Prompt for the macOS login Keychain password via a native OS dialog.
- * Uses osascript to display a secure input dialog (hidden answer).
- * Throws if the user cancels.
- *
- * @returns {Promise<string>}
- */
-async function promptKeychainPassword() {
-  const { stdout } = await execa('osascript', [
-    '-e',
-    'display dialog "Portlama needs your macOS login password to store the agent certificate in your Keychain." default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with title "Portlama — Keychain Access" with icon caution',
-    '-e',
-    'text returned of result',
-  ]);
-  return stdout.trim();
-}
-
 /**
  * Overwrite a file with random bytes, then unlink it.
  * Provides defense-in-depth against key recovery from disk.
@@ -86,155 +69,3 @@ export async function generateKeypairAndCSR(label) {
   }
 }
 
-/**
- * Import a signed certificate and its private key into the macOS Keychain
- * as a non-extractable identity.
- *
- * Creates a temporary P12 from the key+cert+CA, imports into Keychain with
- * the -x flag (non-extractable), sets the key partition list for curl access,
- * and securely deletes all temporary files.
- *
- * @param {string} keyPath - Path to the temporary private key PEM
- * @param {string} certPem - PEM-encoded signed certificate
- * @param {string} caCertPem - PEM-encoded CA certificate
- * @param {string} label - Agent label
- * @param {import('pino').Logger | Console} logger
- * @returns {Promise<{ identity: string }>}
- */
-export async function importIdentityToKeychain(keyPath, certPem, caCertPem, label, logger) {
-  const suffix = crypto.randomBytes(8).toString('hex');
-  const certPath = path.join(AGENT_DIR, `.tmp-cert-${suffix}.pem`);
-  const caPath = path.join(AGENT_DIR, `.tmp-ca-${suffix}.pem`);
-  const p12Path = path.join(AGENT_DIR, `.tmp-import-${suffix}.p12`);
-  const p12Password = crypto.randomBytes(16).toString('hex');
-  const identityName = `Portlama Agent (${label})`;
-
-  try {
-    // Write cert and CA to temp files
-    await writeFile(certPath, certPem, { mode: 0o600 });
-    await writeFile(caPath, caCertPem, { mode: 0o600 });
-
-    // Create temporary P12 from key + cert + CA
-    logger.info?.({ label }, 'Creating temporary P12 for Keychain import') ??
-      logger.log?.(`Creating temporary P12 for Keychain import: ${label}`);
-    await execa('openssl', [
-      'pkcs12',
-      '-export',
-      '-keypbe',
-      'PBE-SHA1-3DES',
-      '-certpbe',
-      'PBE-SHA1-3DES',
-      '-macalg',
-      'sha1',
-      '-out',
-      p12Path,
-      '-inkey',
-      keyPath,
-      '-in',
-      certPath,
-      '-certfile',
-      caPath,
-      '-name',
-      identityName,
-      '-passout',
-      `env:PORTLAMA_TMP_P12_PASS`,
-    ], {
-      env: { ...process.env, PORTLAMA_TMP_P12_PASS: p12Password },
-    });
-
-    // Import into Keychain with -x (non-extractable) and -T for curl access.
-    // Known limitation: `security import -P` passes the password as a CLI argument,
-    // visible in `ps aux`. The `security` command does not support stdin or env var
-    // password input. Mitigated by: the P12 is ephemeral (random password, temp file,
-    // deleted immediately after import), so the exposure window is seconds.
-    logger.info?.({ label }, 'Importing identity into Keychain (non-extractable)') ??
-      logger.log?.(`Importing identity into Keychain: ${label}`);
-    await execa('security', [
-      'import',
-      p12Path,
-      '-x',                 // non-extractable private key
-      '-T',
-      '/usr/bin/curl',      // allow curl to use this identity
-      '-P',
-      p12Password,
-    ]);
-
-    // Trust the Portlama CA so macOS considers the agent identity valid.
-    // Without this, `security find-identity -v -p ssl-client` marks the
-    // identity as CSSMERR_TP_NOT_TRUSTED and curl exits with code 58.
-    // `add-trusted-cert` is idempotent — safe to call on every import.
-    try {
-      await execa('security', [
-        'add-trusted-cert',
-        '-p',
-        'ssl',                // trust for SSL/TLS
-        caPath,
-      ]);
-    } catch (err) {
-      logger.warn?.({ err, label }, 'Could not set CA trust — curl may fail with exit 58') ??
-        logger.log?.(`Warning: Could not trust CA certificate for ${label}`);
-    }
-
-    // Set the key partition list so curl can access the identity without prompts.
-    // Requires the login Keychain password — prompt via native macOS dialog.
-    const keychainPassword = await promptKeychainPassword();
-    try {
-      await execa('security', [
-        'set-key-partition-list',
-        '-S',
-        'apple-tool:,apple:',  // apple-tool: for /usr/bin/curl, apple: for GUI apps
-        '-k',
-        keychainPassword,
-        '-l',                  // match by Label (friendly name from -name), not -D (Description)
-        identityName,
-      ]);
-    } catch {
-      throw new Error(
-        'Could not authorize Keychain access. The macOS login password may be incorrect.',
-      );
-    }
-
-    return { identity: identityName };
-  } finally {
-    // Securely delete all temp files
-    await secureDelete(keyPath);
-    await secureDelete(certPath);
-    await secureDelete(caPath);
-    await secureDelete(p12Path);
-  }
-}
-
-/**
- * Check if a Keychain identity exists for the given agent label.
- *
- * @param {string} label - Agent label
- * @returns {Promise<boolean>}
- */
-export async function keychainIdentityExists(label) {
-  const identityName = `Portlama Agent (${label})`;
-  try {
-    const { stdout } = await execa('security', [
-      'find-identity',
-      '-v',
-      '-p',
-      'ssl-client',
-    ]);
-    return stdout.includes(identityName);
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Remove a Keychain identity for the given agent label.
- *
- * @param {string} label - Agent label
- */
-export async function removeKeychainIdentity(label) {
-  const identityName = `Portlama Agent (${label})`;
-  await execa('security', [
-    'delete-identity',
-    '-c',
-    identityName,
-  ]);
-}

package/src/lib/local-plugin-host.js

@@ -59,9 +59,14 @@ export async function startLocalPluginHost({ port = 9293 } = {}) {
 
   const hostToken = await getOrCreateHostToken();
 
-  // Allow Tauri webview and localhost origins to call plugin APIs
+  // Allow Tauri webview and localhost origins to call plugin APIs.
+  // Restrict to known origins — never echo arbitrary origins with credentials.
   await server.register(cors, {
-    origin: true,
+    origin: [
+      'tauri://localhost',
+      'https://tauri.localhost',
+      /^http:\/\/(?:localhost|127\.0\.0\.1)(?::\d+)?$/,
+    ],
     credentials: true,
   });
 

package/src/lib/panel-api-routes.js

@@ -17,6 +17,17 @@ import {
   retractPanelTunnel,
   fetchPanelTunnelStatus,
 } from './panel-api.js';
+import {
+  readAgentPluginRegistry,
+  installAgentPlugin,
+  uninstallAgentPlugin,
+  enableAgentPlugin,
+  disableAgentPlugin,
+  updateAgentPlugin,
+  checkAgentPluginUpdate,
+  readAgentPluginBundle,
+} from './agent-plugins.js';
+import { unloadPanelService, loadPanelService } from './panel-service.js';
 
 // UUID regex for validating :id params before proxying to panel server
 const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
@@ -257,4 +268,123 @@ export default async function panelApiRoutes(fastify, opts) {
     await unloadAgent(label);
     return { ok: true, message: 'Agent stopped. Run portlama-agent uninstall for full removal.' };
   });
+
+  // --- Plugins ---
+
+  const PLUGIN_NAME_RE = /^[a-z0-9-]+$/;
+
+  fastify.get('/plugins', async () => {
+    return readAgentPluginRegistry(label);
+  });
+
+  fastify.post('/plugins/install', async (request, reply) => {
+    const { packageName } = request.body || {};
+    if (!packageName || typeof packageName !== 'string') {
+      return reply.code(400).send({ error: 'packageName is required' });
+    }
+    try {
+      const entry = await installAgentPlugin(label, packageName);
+      return { ok: true, plugin: entry };
+    } catch (err) {
+      return reply.code(400).send({ error: err.message });
+    }
+  });
+
+  fastify.post('/plugins/:name/enable', async (request, reply) => {
+    const { name } = request.params;
+    if (!PLUGIN_NAME_RE.test(name)) {
+      return reply.code(400).send({ error: 'Invalid plugin name' });
+    }
+    try {
+      await enableAgentPlugin(label, name);
+      // Restart panel service to mount newly enabled plugin routes.
+      // The response is sent before the process exits — launchd/systemd
+      // will restart the process with the updated registry.
+      setTimeout(async () => {
+        try {
+          await unloadPanelService(label);
+          await loadPanelService(label);
+        } catch (err) {
+          fastify.log.error({ err: err.message }, 'Failed to restart panel service');
+        }
+      }, 500);
+      return { ok: true, name, status: 'enabled', restarting: true };
+    } catch (err) {
+      return reply.code(400).send({ error: err.message });
+    }
+  });
+
+  fastify.post('/plugins/:name/disable', async (request, reply) => {
+    const { name } = request.params;
+    if (!PLUGIN_NAME_RE.test(name)) {
+      return reply.code(400).send({ error: 'Invalid plugin name' });
+    }
+    try {
+      await disableAgentPlugin(label, name);
+      // Restart panel service to unmount disabled plugin routes.
+      // Use setTimeout to flush the response before the process exits.
+      setTimeout(async () => {
+        try {
+          await unloadPanelService(label);
+          await loadPanelService(label);
+        } catch (err) {
+          fastify.log.error({ err: err.message }, 'Failed to restart panel service after disable');
+        }
+      }, 500);
+      return { ok: true, name, status: 'disabled', restarting: true };
+    } catch (err) {
+      return reply.code(400).send({ error: err.message });
+    }
+  });
+
+  fastify.delete('/plugins/:name', async (request, reply) => {
+    const { name } = request.params;
+    if (!PLUGIN_NAME_RE.test(name)) {
+      return reply.code(400).send({ error: 'Invalid plugin name' });
+    }
+    try {
+      await uninstallAgentPlugin(label, name);
+      return { ok: true, name };
+    } catch (err) {
+      return reply.code(400).send({ error: err.message });
+    }
+  });
+
+  fastify.post('/plugins/:name/update', async (request, reply) => {
+    const { name } = request.params;
+    if (!PLUGIN_NAME_RE.test(name)) {
+      return reply.code(400).send({ error: 'Invalid plugin name' });
+    }
+    try {
+      const plugin = await updateAgentPlugin(label, name);
+      return { ok: true, plugin };
+    } catch (err) {
+      return reply.code(400).send({ error: err.message });
+    }
+  });
+
+  fastify.get('/plugins/:name/check-update', async (request, reply) => {
+    const { name } = request.params;
+    if (!PLUGIN_NAME_RE.test(name)) {
+      return reply.code(400).send({ error: 'Invalid plugin name' });
+    }
+    try {
+      return await checkAgentPluginUpdate(label, name);
+    } catch (err) {
+      return reply.code(400).send({ error: err.message });
+    }
+  });
+
+  fastify.get('/plugins/:name/bundle', async (request, reply) => {
+    const { name } = request.params;
+    if (!PLUGIN_NAME_RE.test(name)) {
+      return reply.code(400).send({ error: 'Invalid plugin name' });
+    }
+    try {
+      const source = await readAgentPluginBundle(label, name);
+      return { source };
+    } catch (err) {
+      return reply.code(404).send({ error: err.message });
+    }
+  });
 }