Skip to main content

Plugin Data Isolation

Core owns all data. Plugins are stateless compute.

The plugin_data Table

The core database includes a generic plugin_data table:

CREATE TABLE plugin_data (
    id          TEXT PRIMARY KEY,
    engine_id   TEXT NOT NULL REFERENCES engines(id),
    realm_id    TEXT NOT NULL REFERENCES realms(id),
    data_key    TEXT NOT NULL,
    data_value  TEXT NOT NULL,     -- encrypted by core before storage
    created_at  TEXT NOT NULL,
    updated_at  TEXT NOT NULL,
    UNIQUE(engine_id, realm_id, data_key)
);

Host Function Flow

Plugins access this table through host functions:

Plugin calls ctx.Store.Put("root_password", encrypted_value)
  → Host function call handled by core
  → Core encrypts value with AES-256-GCM
  → Core writes to plugin_data table
  → Scoped to plugin's engine_id + realm_id (cannot access other plugins' data)

Why Core Owns Data

Single backup target — back up the core database and you have everything.
Encryption at rest — core handles it uniformly.
No data scattered across plugin directories.
Plugin crash or upgrade — state is safe in the core database.
Multi-tenant isolation — core enforces realm boundaries.

The plugin_data Table
Host Function Flow
Why Core Owns Data