Plugin System

RootCause allows extending its capabilities via external plugins that run as separate processes and communicate through JSON-RPC.

Basic usage

Management commands

bash

# Install a plugin
rootcause plugin install ./my-plugin
rootcause plugin install https://github.com/user/plugin.git

# Manage plugins
rootcause plugin list                    # List installed plugins
rootcause plugin remove plugin-name      # Remove
rootcause plugin verify ./plugin         # Verify it works

# Create a new plugin
rootcause plugin init ./my-new-plugin

For more commands, see the CLI module.

Using plugins

bash

# Single plugin
rootcause ./code --rules ./rules --plugin ./plugins/decodebase64

# Multiple plugins with options
rootcause ./code --rules ./rules \
  --plugin decodebase64 \
  --plugin ts-eval \
  --plugin-opt decodebase64.mode=aggressive \
  --plugin-opt ts-eval.max_lines=2000

Execution flow

Plugin types

Type	Capability	Purpose
Discover	`discover`	Add additional paths or exclude directories
Transform	`transform`	Modify content before analysis (decode, decompress)
Analyse	`analyze`	Process files and emit findings
Rules	`rules`	Provide additional rules
Report	`report`	Generate custom output formats

Plugin locations

RootCause searches for plugins in this order:

--plugin ./explicit/path
./.rootcause/plugins/*

Plugin System ​

Basic usage ​

Management commands ​

Using plugins ​

Execution flow ​

Plugin types ​