Plugins
Extend your Oxagen workspace with plugins — pre-built integrations that add tools, slash commands, and agent capabilities to your MCP-connected coding agents.
Plugins extend the Oxagen MCP server with additional tools, slash commands, and workspace capabilities. A plugin is a versioned manifest that declares what tools it adds, what permissions it requires, and how to install it. Once installed, a plugin's tools appear alongside the core Oxagen tools in any connected MCP client.
Plugins are workspace-scoped. Installing a plugin for one workspace does not affect others.
How plugins work
- A plugin manifest declares a set of MCP tools (or slash commands) and the permissions they need (e.g.
ontology:read,ontology:write,memory:read). - A workspace owner installs the plugin via the Oxagen web app or API.
- The plugin's tools are registered with the workspace's MCP server session.
- Any MCP-connected agent (Claude Code, Cursor, VS Code, Windsurf) can call the plugin's tools with the same syntax as core tools.
Plugins run in an ephemeral sandbox (services/worker-sandbox) that is isolated from the main API and worker. Plugins cannot read raw credentials, access other workspaces, or bypass RLS.
Installing a plugin
Via API
POST /v1/plugins accepts the raw YAML manifest body (manifest) plus an
optional install-time config map. The plugin is workspace-scoped to the
caller's default workspace.
curl -X POST https://api.oxagen.ai/v1/plugins \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"manifest": "name: my-plugin\nversion: 0.1.0\nkind: mcp_tool\n...",
"config": {}
}'Claude Code plugin marketplace
The Claude Code plugin marketplace install flow is the recommended path for human-installable plugins — see Claude Code plugin.
Plugin permissions
Every plugin declares the minimum permissions it needs. You approve them at install time. Permissions are:
| Permission | What it allows |
|---|---|
ontology:read | Read nodes, edges, and types |
ontology:write | Create and update nodes and edges |
memory:read | Read agent memory nodes |
memory:write | Write agent memory annotations |
connections:read | Read connection metadata (not credentials) |
agent:coordinate | Start sessions, claim work, record findings |
Plugins cannot be granted permissions beyond what the installing user holds in the workspace.
Available plugins
Claude Code plugin
The official Oxagen plugin for Claude Code. Open source at
oxagenai/claude-code-plugin
(MIT). Ships 50+ slash commands across discovery, traversal, history,
tests, CI, security, memory, incident response, and multi-agent
coordination. The SessionStart hook pins three guarantees on every turn —
graph first, memory always recalled, coordination respected — so
the agent treats Oxagen as a first-class concern across coding,
incident response, security triage, customer-impact analysis, and
research workflows.
Install:
/plugin marketplace add oxagenai/claude-code-plugin
/plugin install oxagen@oxagen
/oxagen:setupSource: github.com/oxagenai/claude-code-plugin
Building a plugin
Plugins are JSON manifests paired with a serverless function or MCP endpoint. The manifest schema is documented in the API reference. Plugin development tooling (plugin-dev:create-plugin) is available in the Oxagen Claude Code plugin.
MCP Server
The Oxagen MCP server exposes your workspace knowledge graph as typed, workspace-scoped tools to any MCP-compatible coding agent.
Claude Code Plugin
Connect Claude Code to your Oxagen workspace — typed ontology access, durable agent memory, multi-agent coordination, and 50+ slash commands. Engineered for code, but the same surface powers incident response, security triage, customer-impact analysis, and research workflows.