Plugins
Agorio ships six enterprise governance plugins. All are MIT-licensed and published to npm
as @agorio/plugin-* — there’s no license-key gating.
| Plugin | Package | What it does |
|---|---|---|
| Spending Controls | @agorio/plugin-spending-controls | Per-transaction / session / daily spend limits |
| Approval Workflow | @agorio/plugin-approval-workflow | Threshold-based checkout approval gates |
| Audit Trail | @agorio/plugin-audit-trail | Structured, redacted tool-call logs |
| Agent Identity | @agorio/plugin-agent-identity | Org identity attachment + activity logging |
| Policy Engine | @agorio/plugin-policy-engine | JSON-based rule evaluation |
| Procurement | @agorio/plugin-procurement | B2B PO# / vendor / expense tracking |
The EnterprisePlugin lifecycle
Every governance plugin implements the EnterprisePlugin interface, a middleware that hooks into
the agent’s tool-call loop:
onRegister— called when the plugin is added; one-time setup.onInit— called when the agent initializes a run.onBeforeToolCall— runs before each tool call and can block or modify the call (this is where spend limits, approval gates, and policy rules intervene).onAfterToolCall— runs after each tool call (where audit trails record what happened).
For session resume, a plugin can also implement:
getState?()— contribute the plugin’s state to the agent’s snapshot.hydrate?(state)— restore the plugin’s state from a snapshot.
import { ShoppingAgent } from '@agorio/sdk';
import { spendingControls } from '@agorio/plugin-spending-controls';
const agent = new ShoppingAgent({
llm,
plugins: [spendingControls({ perTransaction: 50000 })],
});There’s also a simpler
AgentPlugininterface for plugins that just register a custom tool (name, JSON schema, handler) — use that when you don’t need the full lifecycle.