Feature Request: Native Support for Locked/Protected Plugins

Resolved 💬 3 comments Opened Dec 27, 2025 by zero20nemvp Closed Feb 14, 2026

Problem:
Plugin authors who want to distribute commercial or proprietary plugins have no way to protect their intellectual property. Plugin source code (skills, agents, CLAUDE.md) is fully readable.

Proposed Solution:
Native support for token-based content locking, where plugin files contain numeric token IDs that are decoded at runtime using a separate key file.

Whitepaper:
https://zero2one.ee/whitepapers/context-lock.html

Example Repository:
https://github.com/zero20nemvp/claude-code

This marketplace contains a locked plugin (agentc) with:

  • Token-encoded files (e.g., CLAUDE.md, skills/*.md)
  • SessionStart hook decoder: plugins/agentc/hooks/decode-session.sh
  • Key file expected at: ~/.config/context-lock/keys/agentc/lock.yml

Suggested Schema:

{
  "plugins": [{
    "name": "my-plugin",
    "locked": {
      "format": "context-lock",
      "keyPath": "~/.config/context-lock/keys/my-plugin/lock.yml"
    }
  }]
}

Benefits:

  • IP protection for commercial plugins
  • Enables plugin monetization
  • Key and plugin distribution are separate
  • Simple vocabulary-based encoding (not encryption)
  • Verifies that what was intended is what is run in context

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗