feat(plugins): add remote registry discovery and plugin signing

- Add RemoteRegistry and PluginIndexEntry types for remote plugin discovery
- Add PluginSigner for ed25519 signature verification
- Add checksum (SHA256) verification for downloaded plugins
- Add registry methods: fetch_remote_index, search, check_updates, download_plugin
- Add SignatureError, NetworkError, ChecksumMismatch, RegistryError to PluginError
- Export new types from lib.rs

Author: echobt

Cargo.lock

@@ -45,6 +45,13 @@ reqwest = { workspace = true }
 # URL parsing
 url = { workspace = true }
 
+# Cryptographic signing
+ed25519-dalek = "2.1"
+
+# Checksums
+sha2 = { workspace = true }
+hex = { workspace = true }
+
 
 
 [dev-dependencies]

src/cortex-plugins/Cargo.toml

@@ -84,6 +84,26 @@ pub enum PluginError {
     /// Plugin is disabled.
     #[error("Plugin is disabled: {0}")]
     Disabled(String),
+
+    /// Signature verification error.
+    #[error("Signature error: {0}")]
+    SignatureError(String),
+
+    /// Network/HTTP error.
+    #[error("Network error: {0}")]
+    NetworkError(String),
+
+    /// Checksum verification error.
+    #[error("Checksum mismatch for plugin '{plugin}': expected {expected}, got {actual}")]
+    ChecksumMismatch {
+        plugin: String,
+        expected: String,
+        actual: String,
+    },
+
+    /// Registry error.
+    #[error("Registry error: {0}")]
+    RegistryError(String),
 }
 
 impl PluginError {
@@ -142,6 +162,19 @@ impl PluginError {
             message: message.into(),
         }
     }
+
+    /// Create a checksum mismatch error.
+    pub fn checksum_mismatch(
+        plugin: impl Into<String>,
+        expected: impl Into<String>,
+        actual: impl Into<String>,
+    ) -> Self {
+        Self::ChecksumMismatch {
+            plugin: plugin.into(),
+            expected: expected.into(),
+            actual: actual.into(),
+        }
+    }
 }
 
 impl From<toml::de::Error> for PluginError {
@@ -162,6 +195,12 @@ impl From<wasmtime::Error> for PluginError {
     }
 }
 
+impl From<reqwest::Error> for PluginError {
+    fn from(err: reqwest::Error) -> Self {
+        Self::NetworkError(err.to_string())
+    }
+}
+
 /// Result type alias for plugin operations.
 pub type Result<T> = std::result::Result<T, PluginError>;
 

src/cortex-plugins/src/error.rs

@@ -60,6 +60,7 @@ pub mod plugin;
 pub mod registry;
 pub mod runtime;
 pub mod sdk;
+pub mod signing;
 
 // Re-exports for convenience
 pub use api::{PluginApi, PluginContext, PluginHostFunctions};
@@ -273,7 +274,8 @@ pub use manifest::{
     PluginManifest, PluginPermission,
 };
 pub use plugin::{Plugin, PluginInfo, PluginState, PluginStatus};
-pub use registry::PluginRegistry;
+pub use registry::{PluginIndex, PluginIndexEntry, PluginRegistry, RemoteRegistry};
+pub use signing::PluginSigner;
 pub use runtime::{PluginStoreState, WasmPlugin, WasmRuntime};
 
 // Host function re-exports