Skip to main content
The noorle.yaml file configures your plugin’s metadata, runtime behavior, and security permissions. This is the authoritative reference for all available configuration options.

File Structure

schema_version: "1.0"

metadata:
  name: "plugin-name"
  description: "What your plugin does"
  author: "Your Name or Organization"
  license: "MIT"
  tags:
    - "data-processing"
    - "ai"
  homepage: "https://example.com"

runtime: "v1"

permissions:
  network:
    allow:
      - host: "api.example.com"
      - cidr: "10.0.0.0/8"
    deny: []

  filesystem:
    allow:
      - uri: "fs://work/agent/**"
        access: [read, write]
    deny: []

  environment:
    allow:
      - key: "API_KEY"
      - key: "DEBUG_MODE"

resources:
  limits:
    memory: "512Mi"
    timeout: "30s"

Schema Version

Type: string Required: Yes Current Version: "1.0" Specifies the noorle.yaml schema version. Ensures forward compatibility as the platform evolves. 
schema_version: "1.0"

Metadata

name

Type: string Required: Yes The plugin identifier (lowercase alphanumeric and hyphens only). 
metadata:
  name: "my-awesome-plugin"

description

Type: string Required: No Human-readable description of what your plugin does. Used in plugin listings. 
metadata:
  description: "Connects to external APIs and processes data"

author

Type: string Required: No Author name or organization that created the plugin. 
metadata:
  author: "Acme Corp"

license

Type: string (SPDX identifier) Required: No SPDX license identifier (e.g., MIT, Apache-2.0, GPL-3.0). 
metadata:
  license: "Apache-2.0"

tags

Type: array<string> Required: No Searchable tags for discoverability. 
metadata:
  tags:
    - "data-processing"
    - "cloud"
    - "ai"

homepage

Type: string (URL) Required: No URL to the plugin’s documentation or homepage. 
metadata:
  homepage: "https://github.com/org/plugin"

Runtime

Type: string Required: No Default: "v1" Specifies which runtime profile to use for execution. Each profile defines memory limits, timeout behaviors, and execution environment. Available Values:
  • "v1" - Standard WASM runtime with Wasmtime
  • "v2" - Enhanced runtime with additional capabilities (future)
  • "edge" - Optimized for low-latency edge execution (future)
  • "native" - Native binary execution (future)
runtime: "v1"

Permissions

The permissions section defines the security sandbox for your plugin. Everything is denied by default — only explicitly allowed resources are accessible.

Network

Controls which external hosts and networks your plugin can access. 
permissions:
  network:
    allow:
      - host: "api.example.com"
      - host: "*.github.com"  # Wildcard support
      - cidr: "10.0.0.0/8"
    deny:
      - host: "internal.company.com"
Supported formats:
  • host: "example.com" - Specific hostname
  • host: "*.example.com" - Wildcard subdomains
  • cidr: "10.0.0.0/8" - CIDR range notation

Filesystem

Controls which filesystem paths your plugin can read or write. 
permissions:
  filesystem:
    allow:
      - uri: "fs://work/agent/**"
        access: [read, write]
      - uri: "fs://cache/data/*"
        access: [read]
    deny: []
URI Patterns:
  • fs://work/agent/** - Recursive (all nested paths)
  • fs://cache/data/* - Single level wildcard
  • fs://config/settings.json - Specific file
Access Types:
  • read - Read-only access
  • write - Write access (implies read)

Environment

Controls which environment variables your plugin can access. 
permissions:
  environment:
    allow:
      - key: "API_KEY"
      - key: "DATABASE_URL"
      - key: "DEBUG"
Environment variables are allow-only (no deny list). Only explicitly listed variables are accessible to your plugin.

Resources

Defines execution resource limits for safety and cost control.

Memory Limit

Type: string (Kubernetes-style format) Examples: "512Mi", "1Gi", "256Ki" 
resources:
  limits:
    memory: "512Mi"
Supported suffixes:
  • Ki - Kibibytes (1024 bytes)
  • Mi - Mebibytes (1024² bytes)
  • Gi - Gibibytes (1024³ bytes)

Timeout

Type: string (duration format) Examples: "30s", "5m", "1h" 
resources:
  limits:
    timeout: "30s"
Maximum execution time for a single tool invocation.

Complete Example

schema_version: "1.0"

metadata:
  name: "weather-plugin"
  description: "Fetches weather data from OpenWeatherMap API"
  author: "Weather Corp"
  license: "MIT"
  tags:
    - "weather"
    - "api"
  homepage: "https://github.com/weather-corp/plugin"

runtime: "v1"

permissions:
  network:
    allow:
      - host: "api.openweathermap.org"
      - host: "*.openweathermap.org"

  filesystem:
    allow:
      - uri: "fs://work/agent/cache/**"
        access: [read, write]

  environment:
    allow:
      - key: "OPENWEATHER_API_KEY"
      - key: "CACHE_DIR"

resources:
  limits:
    memory: "256Mi"
    timeout: "10s"

Validation Rules

  • schema_version must be a valid version string
  • metadata.name must be alphanumeric with hyphens only
  • runtime must be one of the supported runtime profiles
  • Network hosts support wildcards (*) but not other regex patterns
  • Filesystem URIs must start with fs://
  • Memory values must be valid Kubernetes-style notation
  • Timeouts must follow duration format (number + unit)

Environment Variables in Config

Plugin runtime environment variables are set via the .env file in your .npack archive or via the API. 
API_KEY=sk-1234567890
DATABASE_URL=postgres://localhost/mydb
DEBUG=false
These values override any system environment variables and are scoped to your plugin execution.