Skip to content

Add plugin installation support via frontmatter with dual-format configuration and cascading token resolution#14041

Merged
pelikhan merged 8 commits intomainfrom
copilot/add-plugin-support-frontend
Feb 6, 2026
Merged

Add plugin installation support via frontmatter with dual-format configuration and cascading token resolution#14041
pelikhan merged 8 commits intomainfrom
copilot/add-plugin-support-frontend

Conversation

Copy link
Contributor

Copilot AI commented Feb 6, 2026
edited
Loading

Adds plugins frontmatter field supporting both array and object formats for flexible plugin configuration. Compiler generates installation steps using engine-specific CLI commands with intelligent cascading GitHub token authentication.

Implementation

  • Frontmatter parsing: Extract plugins in both array and object formats, validate repo slugs (org/repo pattern)
  • Schema: Added plugins field to main workflow schema with oneOf for dual-format support
    • Array format: ["org/repo1", "org/repo2"]
    • Object format: { repos: ["org/repo1"], github-token: "${{ secrets.TOKEN }}" }
  • Step generation: Created GeneratePluginInstallationSteps() that produces installation steps with:
    • Engine-specific commands: copilot install plugin, claude install plugin, codex install plugin
    • GITHUB_TOKEN environment variable with cascading token resolution
    • Quoted step names to handle special characters in YAML
  • Engine integration: Inserted plugin installation after CLI installation in Copilot, Claude, and Codex engines
  • Token resolution: Implemented getEffectivePluginGitHubToken() with cascading precedence:
    1. Custom plugins.github-token from object format (highest priority, overrides all defaults)
    2. Custom github-token from top-level frontmatter (if specified)
    3. secrets.GH_AW_PLUGINS_TOKEN (dedicated plugin token)
    4. secrets.GH_AW_GITHUB_TOKEN (general gh-aw token)
    5. secrets.GITHUB_TOKEN (default GitHub Actions token)

Testing

  • Unit tests (plugin_installation_test.go): 23 test cases covering step generation, extraction, and token resolution
  • Integration tests (plugin_compilation_test.go): 11 test cases validating end-to-end compilation:
    • Array format with all three engines (Copilot, Claude, Codex)
    • Object format with and without custom token
    • Token precedence hierarchy validation
    • Top-level github-token precedence
    • No plugins scenario
    • Invalid repo format schema rejection

All 34 test cases pass successfully.

Usage

Array format (simple):

---
engine: copilot
plugins:
  - github/test-plugin
  - acme/custom-tools
---

Generates installation steps with cascading token resolution:

- name: 'Install plugin: github/test-plugin'
  env:
    GITHUB_TOKEN: ${{ secrets.GH_AW_PLUGINS_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
  run: copilot install plugin github/test-plugin

Object format (with custom token override):

---
engine: copilot
plugins:
  repos:
    - github/test-plugin
    - acme/custom-tools
  github-token: ${{ secrets.CUSTOM_PLUGIN_TOKEN }}
---

Generates installation steps with custom token:

- name: 'Install plugin: github/test-plugin'
  env:
    GITHUB_TOKEN: ${{ secrets.CUSTOM_PLUGIN_TOKEN }}
  run: copilot install plugin github/test-plugin

With top-level github-token:

---
github-token: ${{ secrets.MY_GITHUB_TOKEN }}
plugins:
  - github/test-plugin
---

Generates:

- name: 'Install plugin: github/test-plugin'
  env:
    GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }}
  run: copilot install plugin github/test-plugin
Original prompt

Add support for specifying plugins in the frontmatter and installing them through the agentic engine commands.

plugins will be a top-level frontmatter field that contains an array of strings. Each string is a repo slug in the form org/repo.

The compiler will take these repos and generate a step that calls the agentic CLI install plugin command for each one. It will generate a step that invokes the appropriate API to install these repos based on the correct syntax from Copilot, Claude, and Codex documentation.

Ensure the github-token is set on the step so the installation can use it to make Git requests.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 4 commits February 6, 2026 04:19
@pelikhan
Initial planning for plugin installation support
d659068 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Add plugin installation support to frontmatter and engines
66237cd 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Add comprehensive tests for plugin installation and fix linter issues
7f87ee7 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Final validation: all tests pass, workflows recompiled successfully
92bd6c4 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add support for plugins in frontmatter with agentic installation Add plugin installation support via frontmatter Feb 6, 2026
Copilot AI requested a review from pelikhan February 6, 2026 04:36
@pelikhan
Copy link
Contributor

pelikhan commented Feb 6, 2026

Add support for cascading token resolution. The resolution order should be:

  1. gh-aw-plugins-token
  2. gh-aw-github-token
  3. github-token

@copilot

@pelikhan
Copy link
Contributor

pelikhan commented Feb 6, 2026

Copilot also adds support for an object-type configuration setting for plugins. This configuration includes a repos field, which is a string array of repositories, and a github-token field, which holds a custom token to use. This token overrides the default token resolution chain.

@pelikhan
Copy link
Contributor

pelikhan commented Feb 6, 2026

@copilot Copilot also adds support for an object-type configuration setting for plugins. This configuration includes a repos field, which is a string array of repositories, and a github-token field, which holds a custom token to use. This token overrides the default token resolution chain.

@pelikhan
Implement cascading token resolution for plugin installation
bcffcfb 
Added getEffectivePluginGitHubToken function with cascading precedence:
1. Custom token from frontmatter github-token field
2. secrets.GH_AW_PLUGINS_TOKEN
3. secrets.GH_AW_GITHUB_TOKEN
4. secrets.GITHUB_TOKEN

Updated all engine integrations to use cascading resolution and added tests for token resolution behavior.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 6, 2026

Add support for cascading token resolution. The resolution order should be:

  1. gh-aw-plugins-token...

Implemented cascading token resolution with the requested precedence order:

  1. github-token (from frontmatter)
  2. secrets.GH_AW_PLUGINS_TOKEN
  3. secrets.GH_AW_GITHUB_TOKEN
  4. secrets.GITHUB_TOKEN

The implementation follows the same pattern used in github_token.go for other token resolution functions. Users can now configure a dedicated GH_AW_PLUGINS_TOKEN secret for plugin operations, with automatic fallback to general-purpose tokens.

Example output:

- name: 'Install plugin: github/test-plugin'
  env:
    GITHUB_TOKEN: ${{ secrets.GH_AW_PLUGINS_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
  run: copilot install plugin github/test-plugin

Commit: bcffcfb

Copilot AI changed the title Add plugin installation support via frontmatter Add plugin installation support via frontmatter with cascading token resolution Feb 6, 2026
@pelikhan
Copy link
Contributor

pelikhan commented Feb 6, 2026

@copilot , make sure the main JSON schema is updated with the new frontmatter entries.

@pelikhan
Add support for object format in plugins configuration
fea000d 
- Added PluginsConfig struct to support object format with repos and github-token fields
- Updated schema to accept both array and object formats using oneOf
- Updated extractPluginsFromFrontmatter to return (repos, token) tuple
- Updated engine integrations to use plugin-specific token with precedence:
  1. plugins.github-token (custom token in object format)
  2. github-token (top-level frontmatter token)
  3. Cascading fallback (GH_AW_PLUGINS_TOKEN || GH_AW_GITHUB_TOKEN || GITHUB_TOKEN)
- Added comprehensive tests for object format with custom token override

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 6, 2026
edited
Loading

Copilot also adds support for an object-type configuration setting for plugins. This configuration includes a repos field, which is a string array of repositories, and a github-token field, which ...

Implemented object-type configuration for plugins with repos array and github-token field. The custom token overrides the cascading resolution chain.

Both formats are now supported:

Array format:

plugins:
  - github/example-plugin

Object format:

plugins:
  repos:
    - github/example-plugin
  github-token: ${{ secrets.CUSTOM_PLUGIN_TOKEN }}

Token precedence: plugins.github-tokengithub-tokenGH_AW_PLUGINS_TOKENGH_AW_GITHUB_TOKENGITHUB_TOKEN

Commit: fea000d

@copilot Copilot also adds support for an object-type configuration setting for plugins. This configuration includes a repos field, which is a string array of repositories, and a github-token field, w...

Implemented object-type configuration for plugins with repos array and github-token field. The custom token overrides the cascading resolution chain.

Both formats are now supported:

Array format:

plugins:
  - github/example-plugin

Object format:

plugins:
  repos:
    - github/example-plugin
  github-token: ${{ secrets.CUSTOM_PLUGIN_TOKEN }}

Token precedence: plugins.github-tokengithub-tokenGH_AW_PLUGINS_TOKENGH_AW_GITHUB_TOKENGITHUB_TOKEN

Commit: fea000d

Copilot AI changed the title Add plugin installation support via frontmatter with cascading token resolution Add plugin installation support via frontmatter with dual-format configuration and cascading token resolution Feb 6, 2026
@pelikhan
Copy link
Contributor

pelikhan commented Feb 6, 2026

@copilot add more tests for compilation

Copy link
Contributor Author

Copilot AI commented Feb 6, 2026

@copilot , make sure the main JSON schema is updated with the new frontmatter entries.

The main JSON schema (pkg/parser/schemas/main_workflow_schema.json) has been updated with the new plugins frontmatter configuration. The schema supports both formats using oneOf:

  1. Array format: ["org/repo1", "org/repo2"]
  2. Object format: { repos: ["org/repo1"], github-token: "${{ secrets.TOKEN }}" }

Schema validation is active and correctly rejects invalid fields while accepting both valid formats.

Updated in commit: fea000d

@pelikhan
Add comprehensive compilation tests for plugin installation
0daa50e 
Added integration tests covering:
- Array format with single and multiple plugins for all engines
- Object format with and without custom token
- Top-level github-token precedence
- Token precedence hierarchy validation
- No plugins scenario
- Invalid repo format schema validation

All 5 test suites with 11 test cases pass successfully.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Feb 6, 2026

@copilot add more tests for compilation

Added comprehensive compilation tests in plugin_compilation_test.go covering:

Test Coverage (5 test suites, 11 test cases):

  • TestPluginCompilationArrayFormat: Array format with single/multiple plugins for Copilot, Claude, Codex
  • TestPluginCompilationObjectFormat: Object format with and without custom token
  • TestPluginCompilationWithTopLevelGitHubToken: Top-level github-token usage
  • TestPluginCompilationTokenPrecedence: Token hierarchy validation (plugins.github-token > github-token > cascading)
  • TestPluginCompilationAllEngines: All engines with quoted step names and proper commands
  • TestPluginCompilationNoPlugins: Verify no steps when plugins not specified
  • TestPluginCompilationInvalidRepoFormat: Schema validation rejection

All tests pass successfully.

Commit: 0daa50e

@pelikhan pelikhan marked this pull request as ready for review February 6, 2026 05:30
Copilot AI review requested due to automatic review settings February 6, 2026 05:30
Copilot AI reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds comprehensive plugin installation support to the agentic-workflows compiler, enabling users to specify plugins in the frontmatter that will be automatically installed before workflow execution. The implementation includes dual-format configuration (array and object formats), intelligent cascading GitHub token resolution, and seamless integration with all three supported engines (Copilot, Claude, and Codex).

Changes:

  • Added plugins frontmatter field with dual-format support (array or object with optional custom token)
  • Implemented cascading GitHub token resolution for plugin authentication (custom token → GH_AW_PLUGINS_TOKEN → GH_AW_GITHUB_TOKEN → GITHUB_TOKEN)
  • Integrated plugin installation steps into Copilot, Claude, and Codex engine installation flows

Reviewed changes

Copilot reviewed 158 out of 158 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/workflow/frontmatter_extraction_metadata.go Adds extractPluginsFromFrontmatter() to parse both array and object plugin formats
pkg/workflow/compiler_types.go Adds Plugins and PluginsToken fields to WorkflowData struct
pkg/workflow/compiler_orchestrator_tools.go Integrates plugin extraction into tools processing pipeline
pkg/workflow/compiler_orchestrator_workflow.go Passes plugin data to WorkflowData initialization
pkg/workflow/copilot_engine_installation.go Adds plugin installation steps after Copilot CLI installation
pkg/workflow/claude_engine.go Adds plugin installation steps after Claude CLI installation
pkg/workflow/codex_engine.go Adds plugin installation steps after Codex CLI installation
pkg/parser/schemas/main_workflow_schema.json Defines plugins field schema with oneOf for dual-format validation
docs/src/content/docs/reference/frontmatter-full.md Documents the plugins frontmatter field
.github/workflows/*.lock.yml Recompiled workflow lock files with updated MCP_GATEWAY_PAYLOAD_DIR configuration

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

This was referenced Feb 6, 2026
Closed
Merged
Closed
@pelikhan pelikhan merged commit 7ec4e03 into main Feb 6, 2026
133 checks passed
@pelikhan pelikhan deleted the copilot/add-plugin-support-frontend branch February 6, 2026 05:41
This was referenced Feb 6, 2026
Closed
Merged
github-actions bot added a commit that referenced this pull request Feb 6, 2026
@github-actions @claude
docs: document plugins and payload-dir frontmatter fields
c8616c2 
Add documentation for two new frontmatter features:
- plugins: Plugin installation support with dual-format config
- payload-dir: MCP gateway payload directory configuration

Related PRs: #14041, #14026

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This was referenced Feb 6, 2026
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan