WordPress
WP-CLI lifecycle management, plugin/theme registry, staging, cloning.
Plugin Overview
Tundra’s plugin system uses Wasmtime to run plugins in an isolated sandbox. Plugins can’t escape the sandbox: all host interactions go through a capability-checked API.
Official plugins
Section titled “Official plugins”GitHub
GitHub App auth, webhook-triggered deploys, PR preview environments.
Namecheap
Domain registrar — NS updates, auto-renewal, DNS sync.
MCP Server
Model Context Protocol — connect Claude, Cursor, Zed to manage infrastructure via AI.
Cloudflare
DNS management and CDN integration via Cloudflare API.
Mailgun
Transactional email via Mailgun API.
Plugin capabilities
Section titled “Plugin capabilities”Plugins declare capabilities in their manifest. Tundra enforces at the host-call level:
| Capability | What it allows |
|---|---|
http.outbound | Make outbound HTTP requests (allowlist of domains) |
kv.read / kv.write | Read/write plugin key-value store |
events.publish | Publish events to tundrad |
audit.write | Write audit log entries |
sites.read | Read site metadata |
deployments.trigger | Trigger a deployment |
Plugin marketplace
Section titled “Plugin marketplace”Browse and install plugins in Plugins → Marketplace.
- Available tab — plugins not yet installed
- Installed tab — installed plugins with enable/disable/uninstall
Plugin settings
Section titled “Plugin settings”Each plugin has an isolated settings store (AES-256-GCM encrypted). Configure in Plugins → [plugin] → Settings.