Feature Request: Native Support for Locked/Protected Plugins
Resolved 💬 3 comments Opened Dec 27, 2025 by zero20nemvp Closed Feb 14, 2026
Problem:
Plugin authors who want to distribute commercial or proprietary plugins have no way to protect their intellectual property. Plugin source code (skills, agents, CLAUDE.md) is fully readable.
Proposed Solution:
Native support for token-based content locking, where plugin files contain numeric token IDs that are decoded at runtime using a separate key file.
Whitepaper:
https://zero2one.ee/whitepapers/context-lock.html
Example Repository:
https://github.com/zero20nemvp/claude-code
This marketplace contains a locked plugin (agentc) with:
- Token-encoded files (e.g.,
CLAUDE.md,skills/*.md) - SessionStart hook decoder:
plugins/agentc/hooks/decode-session.sh - Key file expected at:
~/.config/context-lock/keys/agentc/lock.yml
Suggested Schema:
{
"plugins": [{
"name": "my-plugin",
"locked": {
"format": "context-lock",
"keyPath": "~/.config/context-lock/keys/my-plugin/lock.yml"
}
}]
}
Benefits:
- IP protection for commercial plugins
- Enables plugin monetization
- Key and plugin distribution are separate
- Simple vocabulary-based encoding (not encryption)
- Verifies that what was intended is what is run in context
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗