Status: Planning Repo: https://github.com/SwiftWing21/BigEd-ModuleHub Purpose: Community and enterprise plugin repository for BigEd CC modules
GitHub is the right choice because:
- Version control — modules are versioned, diffable, auditable
- Security — PRs require review, code is inspectable before install
- Discovery — GitHub search, topics, stars, README previews
- Enterprise — organizations can fork and run private module repos
- CI/CD — GitHub Actions can lint, test, and validate modules on push
- No infrastructure — no server to maintain, no database, no CDN
- Precedent — VS Code marketplace, Homebrew, Terraform Registry all use GitHub
BigEd-ModuleHub/
├── README.md # Hub landing page
├── CONTRIBUTING.md # How to publish a module
├── SECURITY.md # Security requirements for modules
├── registry.json # Module catalog (machine-readable)
├── modules/
│ ├── crm/
│ │ ├── manifest.json # Module metadata
│ │ ├── mod_crm.py # Module code
│ │ ├── README.md # Module documentation
│ │ └── screenshots/ # Module screenshots
│ ├── accounts/
│ ├── onboarding/
│ ├── customers/
│ ├── intelligence/
│ ├── ingestion/
│ ├── outputs/
│ └── owner_core/ # Enterprise-only (gated)
└── enterprise/
├── ENTERPRISE.md # Enterprise module guidelines
├── compliance/ # SOC 2 compliance templates
└── federation/ # Federation module configs
{
"version": "1.0",
"modules": [
{
"name": "intelligence",
"version": "0.051",
"description": "System transparency, model controls, prompt queue, evaluation display",
"author": "BigEd Core",
"license": "Apache-2.0",
"min_biged_version": "0.051.00b",
"default_enabled": true,
"enterprise_only": false,
"soc2_compliant": true,
"dependencies": [],
"size_kb": 15,
"download_url": "modules/intelligence/mod_intelligence.py",
"checksum_sha256": "...",
"tags": ["transparency", "cost-tracking", "evaluation"]
}
]
}{
"name": "intelligence",
"label": "Intelligence",
"version": "0.051",
"description": "System transparency, model controls, prompt queue",
"author": "BigEd Core",
"license": "Apache-2.0",
"min_biged_version": "0.051.00b",
"default_enabled": true,
"enterprise_only": false,
"soc2_compliant": true,
"requires_network": false,
"requires_api_keys": false,
"filesystem_zones": ["knowledge"],
"dependencies": [],
"icon": "🧠"
}The launcher gets a Module Hub tab (or section in Settings → Modules):
┌─────────────────────────────────────────────────────┐
│ 🏪 Module Hub [Refresh] │
├─────────────────────────────────────────────────────┤
│ │
│ INSTALLED (3) │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ 🧠 Intel │ │ 📥 Ingest │ │ 📤 Outputs │ │
│ │ v0.051 │ │ v0.023 │ │ v0.023 │ │
│ │ ✓ Enabled │ │ ✓ Enabled │ │ ✓ Enabled │ │
│ │ [Disable] │ │ [Disable] │ │ [Disable] │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ AVAILABLE (5) │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ 🤝 CRM │ │ 👥 Custom │ │ 📋 Accounts │ │
│ │ v0.022 │ │ v0.023 │ │ v0.022 │ │
│ │ ☐ Disabled │ │ ☐ Disabled │ │ ☐ Disabled │ │
│ │ [Install] │ │ [Install] │ │ [Install] │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ Hub: github.com/SwiftWing21/BigEd-ModuleHub │
│ Enterprise: [Configure Private Hub] │
└─────────────────────────────────────────────────────┘
- User clicks [Install] on a module card
- BigEd downloads
manifest.jsonfrom the hub repo - Verifies: checksum, min version, SOC 2 flag, enterprise gate
- Downloads module
.pyfile(s) toBigEd/launcher/modules/ - Updates local
manifest.jsonwith new module entry - Adds to
fleet.toml [launcher.tabs] - Tab appears immediately (lazy-loaded on first click)
- Enterprise installs set
BIGED_ENTERPRISE=1 - On boot, federation auto-selects modules from configured hub
- Enterprise hub URL in
fleet.toml:[modules] hub_url = "https://github.com/SwiftWing21/BigEd-ModuleHub" enterprise_hub_url = "" # Private org repo URL auto_update = false # Auto-download module updates
- Enterprise-only modules require
enterprise_only: trueflag - Custom modules: enterprise orgs push to their own hub repo
- Agent-generated module recommendations logged for operator review
- No hardcoded credentials or API keys
- No network calls without
requires_network: truedeclaration - No file access outside declared
filesystem_zones - No subprocess execution without sandbox flag
- Code must pass
py_compile+ basic lint - SHA-256 checksum verified on download
- Module code is inspectable (source only, no compiled/obfuscated)
- Must declare all filesystem zones accessed
- Must pass FileSystemGuard validation
- Audit logging for all data operations
- DLP scanning on module outputs
- Code review approval required before deployment
- Signed commits (GPG) from verified authors
BigEd CC maintains SOC 2 compliance via:
fleet/skills/security_audit.py— automated security scanningfleet/skills/security_review.py— code review for security issuesfleet/filesystem_guard.py— file access control enforcementfleet/skills/_watchdog.py— DLP secret detection + quarantinefleet/security.py— RBAC, TLS, CSRF, rate limiting
- Restructure BigEd-ModuleHub repo with registry.json
- Move current modules from BigEd main repo to hub
- Module download/install function in BigEd launcher
- Module Hub section in Settings → Modules panel
- Checksum verification on download
- Dedicated Module Hub tab or Settings panel
- Module cards with install/enable/disable/update
- Version checking (installed vs available)
- Module search/filter by tags
- Module README preview
- Private hub URL configuration
- Federation auto-select from enterprise hub
- Enterprise-only module gating
- Agent-generated module recommendations
- Custom module publishing workflow
- Module submission PR template
- Automated CI validation (lint, compile, security scan)
- Module ratings/downloads tracking
- Module dependency resolution
- Module versioning (semver within hub)
[modules]
hub_url = "https://github.com/SwiftWing21/BigEd-ModuleHub"
enterprise_hub_url = "" # Private org repo (empty = use public)
auto_update = false # Check for module updates on boot
check_interval_hours = 24 # How often to check for updates
verify_checksums = true # SHA-256 verification on download
allow_community = true # Allow non-core modules (enterprise may disable)BigEd CC (main repo)
│
├── BigEd/launcher/modules/ ← Installed modules live here
│ ├── __init__.py ← Module loader + registry
│ ├── manifest.json ← Local installed module catalog
│ ├── mod_intelligence.py ← Core module (ships with BigEd)
│ ├── mod_ingestion.py ← Core module
│ └── mod_crm.py ← Downloaded from Module Hub
│
├── Module Hub (GitHub repo)
│ ├── registry.json ← Available module catalog
│ └── modules/ ← Module source + manifests
│
└── Enterprise Private Hub (optional)
├── registry.json ← Org-specific modules
└── modules/ ← Custom/proprietary modules
[Hub Registry] → [Download] → [Verify Checksum] → [Install to modules/]
→ [Update manifest.json] → [Add to fleet.toml tabs]
→ [Lazy-load on first tab click] → [on_refresh() polling]
→ [on_close() cleanup]
[Enterprise Hub] → [Federation selects modules] → [Auto-download]
→ [FileSystemGuard validates zones] → [SOC 2 audit check]
→ [Install with enterprise flags] → [Audit logged]