Plugin System
RootCause allows extending its capabilities via external plugins that run as separate processes and communicate through JSON-RPC.
Basic usage
Management commands
bash
# Install a plugin
rootcause plugin install ./my-plugin
rootcause plugin install https://github.com/user/plugin.git
# Manage plugins
rootcause plugin list # List installed plugins
rootcause plugin remove plugin-name # Remove
rootcause plugin verify ./plugin # Verify it works
# Create a new plugin
rootcause plugin init ./my-new-pluginFor more commands, see the CLI module.
Using plugins
bash
# Single plugin
rootcause ./code --rules ./rules --plugin ./plugins/decodebase64
# Multiple plugins with options
rootcause ./code --rules ./rules \
--plugin decodebase64 \
--plugin ts-eval \
--plugin-opt decodebase64.mode=aggressive \
--plugin-opt ts-eval.max_lines=2000Execution flow
Plugin types
| Type | Capability | Purpose |
|---|---|---|
| Discover | discover | Add additional paths or exclude directories |
| Transform | transform | Modify content before analysis (decode, decompress) |
| Analyse | analyze | Process files and emit findings |
| Rules | rules | Provide additional rules |
| Report | report | Generate custom output formats |
Plugin locations
RootCause searches for plugins in this order:
--plugin ./explicit/path./.rootcause/plugins/*