Skip to content

Overview

AI4Meta exposes a third-party plugin port so that researchers, methodological communities, and vendors can ship capabilities that are not in the built-in catalog. Plugins are installed at the account or institution level and enabled per project, and within a project they may be scoped to specific workflow stages.

A plugin is a bundle of one or more of the following:

  • Skills. Slash commands available in the copilot and workspace palette.
  • Connectors. Data-source integrations (reference managers, repositories, paper databases).
  • Views. Embedded panels that appear inside a workflow stage (for example, a custom screening triage view, a domain-specific risk of bias tool).
  • Exporters. Output formats beyond the built-in PRISMA, APA 7, and journal report.

Where Plugins Live in the UI

Settings → Plugins hosts the catalog, install flow, and per-stage toggles. Opening a plugin reveals its capabilities, permissions, and the stages at which it can attach.

On any workflow tab (Screening, Extraction, Analysis, Report), the plugin bar at the top of the panel lists active plugins that declared that stage as a target. An inline toggle enables or disables each plugin for the current project without leaving the workflow.

Manifest Schema

Every plugin declares a manifest. The minimal shape is:

{
  "id": "org.example.risk-of-bias-robust",
  "name": "ROBINS-I Enhanced",
  "version": "1.2.0",
  "author": "Evidence Synthesis Lab",
  "description": "Extended ROBINS-I tool with per-domain adjudication and inter-rater reporting.",
  "icon": "https://cdn.example.org/robust-icon.svg",
  "stages": ["screening", "extraction", "analysis"],
  "capabilities": {
    "skills": [
      { "slug": "robust assess", "class": "reasoning", "writes": ["rob_records"] }
    ],
    "views": [
      { "stage": "rob_assessment", "mount": "panel", "component": "RobustAdjudicationView" }
    ],
    "connectors": [],
    "exporters": [
      { "format": "robust-xlsx", "label": "ROBINS-I workbook" }
    ]
  },
  "permissions": [
    "read:papers",
    "read:extractions",
    "write:rob_records"
  ],
  "data_handling": {
    "residency": "EU",
    "sends_fulltext_to_third_parties": false
  }
}

Required fields

| Field | Notes | |-------|-------| | id | Reverse-DNS style, globally unique. | | name, version, author | Surface in the plugin list and on the audit log. | | stages | Which workflow stages the plugin can attach to. Any of import, screening, extraction, analysis, report. | | capabilities | At least one of skills, views, connectors, exporters. | | permissions | Scoped to the minimum needed. The install flow prompts the user to grant them. | | data_handling | Declaration of where data goes and whether full text leaves the project boundary. Visible in Settings. |

Installation Flow

  1. The administrator pastes a manifest URL or uploads a signed bundle in Settings → Plugins → Install.
  2. AI4Meta fetches and validates the manifest against the schema.
  3. The user reviews requested permissions and the data_handling declaration.
  4. On approval, the plugin appears in the catalog with a default system state of disabled.
  5. Per-project enablement is handled on the project's Settings → Plugins tab. Per-stage enablement is handled inside the plugin's detail pane.

Because installations carry a signed manifest, unsigned installs are confined to a sandboxed development mode intended for plugin authors.

Per-Workflow-Stage Enablement

The clause "enable for certain parts of workflow" maps to the stages array on the manifest plus a per-stage toggle in the UI. When a stage is toggled off, the plugin is invisible in that stage's panel, its skills are hidden from the palette within that stage context, and its exporters are hidden from the stage's export menu. The plugin is not uninstalled; toggling back on restores it immediately.

| Stage | What a plugin may do | |-------|----------------------| | Import | Add data sources, deduplication heuristics, RIS or BibTeX variants. | | Screening | Add triage views, per-paper checklists, reliability reports. | | Extraction | Add codebook templates, extraction helpers, custom variable validators. | | Analysis | Add estimators, diagnostic plots, sensitivity routines. | | Report | Add sections, templates, journal-specific formatters. |

Security and Data Posture

Plugins run in a sandbox. They receive a scoped OAuth-style token with only the permissions granted at install. The token cannot access the project's full corpus unless read:papers (or the more scoped read:fulltext) is granted. Plugins that want to call third-party endpoints must declare them in data_handling.sends_fulltext_to_third_parties; the UI renders a red banner on the plugin card if that flag is true, and the audit log captures every cross-boundary call.

Reviewers of a manuscript can export the plugin manifest set used in the project as part of reproducibility materials. This is how a referee can verify that a computed effect size was produced by a specific, versioned plugin.

Authoring a Plugin

A plugin is a folder with a manifest.json, optional React component bundles for any views, and server-side handlers for any skills. The development loop is:

  1. Scaffold with ai4meta plugin init (CLI shipping soon).
  2. Iterate against a local project with the dev sandbox.
  3. Submit the signed manifest URL to the organisation or to the shared marketplace.

A full authoring guide will live at /docs/plugin-authoring once the CLI is released. In the interim, the manifest schema above is complete and stable.

FAQ

Can a plugin write to my data without asking? No. Every write is gated by the permissions you granted at install time, and every action is recorded in the audit log.

Can I disable a plugin for one project but keep it for another? Yes. Enablement is per project and per stage within a project.

What happens if a plugin breaks? The stage loads without the plugin's contribution; core workflows are unaffected. A diagnostic notice appears on the plugin card.

Are plugins shared between accounts? An organisation-level install makes the plugin available to all projects in that organisation. A marketplace install is user-scoped. Neither makes a project's data visible to other accounts.

See Also

  • Skills. The built-in skill catalog that plugins extend.
  • Settings → Plugins. The management UI where you install, enable, and configure plugins.