feat: add plugin commands

[MarioCadenas]

Introduces a full suite of CLI commands under npx appkit plugin for managing plugin manifests — creating, validating, listing, syncing, and adding resources. Restructures the previous single plugins sync command into a modular command tree and strengthens the JSON schema with type-specific permission validation.

New CLI commands

• plugin create — Interactive wizard (via @clack/prompts) to scaffold a new plugin with manifest, TypeScript class, and barrel exports. Supports in-repo or standalone placement, resource selection, and metadata fields.
• plugin validate — Validates manifest.json or appkit.plugins.json against the JSON schema. Auto-detects schema type, reports humanized errors with actual values and expected enums.
• plugin list — Lists plugins from appkit.plugins.json or scans a directory. Supports --json output for scripting.
• plugin add-resource — Interactively adds a resource requirement to an existing plugin manifest.
• plugin sync — Refactored from the previous plugins sync; discovers plugin manifests from packages and local imports, writes consolidated appkit.plugins.json.

Schema improvements

• Type-specific permission validation: Each resource type (12 known types) now has its own permission enum enforced via allOf/if-then rules (e.g. sql_warehouse only allows CAN_MANAGE | CAN_USE).
• No unknown resource types: The resourceType enum is the single source of truth — unknown types are rejected at the schema level.
• Template schema deduplication: template-plugins.schema.json now $refs definitions from plugin-manifest.schema.json instead of duplicating them.

[pkosiec]

Nice job!

(There was a lot of code to review so I focused mostly on the end-user experience, and just checked it briefly 😄 )

[pkosiec]

We should use npx @databricks/appkit everywhere, to be consistent with the other docs (like llms.txt) and to ensure it always works, whenever it's ran outside scope of a project or inside of it

Suggested change

	AppKit includes a CLI for managing plugins. All commands are available under `npx appkit plugin`.
	AppKit includes a CLI for managing plugins. All commands are available under `npx @databricks/appkit plugin`.

[pkosiec]

The CLI is not only about plugins, right? So I'd suggest

Suggested change

	## Plugin CLI
	## Plugin management

[pkosiec]

BTW IMO much clearer label would be displayName - but not sure if that's the best moment to change it 😄

[pkosiec]

Oh man, this is getting super complicated 🤔

We could use

 "additionalProperties": true,
"oneOf": [
    {
      "properties": {
        "type": { "const": "secret" },
        "permission": { "$ref": "#/$defs/secretPermission" }
      }
    },
    {
      "properties": {
        "type": { "const": "job" },
        "permission": { "$ref": "#/$defs/jobPermission" }
      }
    }
    // ... etc
  ]

WDYT? is much simpler without ifs - but requires allowed additional properties (IMO that's not an issue as we validate the fields we need anyway)

[pkosiec]

I don't like the fact that those resources (and sometimes permissions) are defined on:

• CLI: https://github.com/databricks/cli/blob/main/libs/apps/generator/generator.go#L233 + https://github.com/databricks/cli/blob/main/libs/apps/prompt/resource_registry.go#L10
• AppKit plugin-manifest schema: https://github.com/databricks/appkit/blob/main/packages/shared/src/schemas/plugin-manifest.schema.json#L92
• now here, in App CLI

This becomes super difficult to maintain. When I'll be adding the postgres resource support, I'll need to update so many places (and wait for CLI release) 😶

I think we should get that from the schema: https://github.com/databricks/appkit/blob/main/packages/shared/src/schemas/plugin-manifest.schema.json - especially that we host it on docs:

appkit/docs/static/schemas/plugin-manifest.schema.json

Line 2 in 01c25e7

"$schema": "http://json-schema.org/draft-07/schema#",

[pkosiec]

To be honest there are so many steps that I'd simplify it:
I'd suggest removing the following steps:

• version (always start with 0.1.0)
• maybe the confirmation at the end (why?) because on mistake everyone can do CTRL+C and exit
• not sure about the author and license 🤔 maybe we can get rid of license at least?

Even reducing the flow by 2 steps would be super beneficial 👍

[pkosiec]

I got

npx appkit plugin validate ../../template
Warning: Could not load JSON schema at /Users/pawel.kosiec/repositories/databricks-os/appkit/apps/dev-playground/node_modules/@databricks/appkit/dist/schemas/plugin-manifest.schema.json: ENOENT: no such file or directory, open '/Users/pawel.kosiec/repositories/databricks-os/appkit/apps/dev-playground/node_modules/@databricks/appkit/dist/schemas/plugin-manifest.schema.json'. Falling back to basic validation.
✓ ../../template/appkit.plugins.json

Even thought I did build the appkit and force installed it in the dev playground catalog (like here #64). Are you sure the schema is embedded properly in the package?

[pkosiec]

I expected the same syntax as validate (npx appkit plugin list ../../template). By default it would use . as before.
WDYT? IMO it would be great to keep the consistency across commands.