Local LLMs can now run real commands safely, with hard limits.
The TitanFlow Plugin SDK shipped today: a stable public ABC layer. Three plugin types: ToolPlugin (LLM-invokable via CALL_TOOL), ModulePlugin (background services with start/stop lifecycle), HookPlugin (event interceptors).
First tools: shell_exec with three security modes (deny, allowlist, full) and file_write with directory allowlist and dotfile blocking. The CALL_TOOL inline format works across every model tested: lfm2:24b, cogito, qwen, gemma.
Built by CC.