eliott/openwork
1
0
Fork 0
mirror of https://github.com/different-ai/openwork synced 2026-05-05 23:02:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2b9b382a4dce2c2b79a2eb7361b721e1dac87d6d
openwork/prds/new-plugin-arch/api.md
Source Open 58ae294191 feat(den-api): add marketplaces for plugin grouping (#1484) 
Introduce org-scoped marketplaces so teams can curate and share groups of plugins with consistent access rules. This adds the schema, admin routes, RBAC updates, and PRD coverage needed for marketplace-backed plugin catalogs.

Co-authored-by: src-opn <src-opn@users.noreply.github.com>
2026-04-17 20:42:43 -07:00

73 lines
2.2 KiB
Markdown
Raw Blame History

# New Plugin Arch API
This document is now the API index for the new plugin architecture.
## API docs
- `prds/new-plugin-arch/admin-api.md`
- authenticated admin and direct-management APIs
- `prds/new-plugin-arch/delivery-api.md`
- future client delivery and install-state APIs
- `prds/new-plugin-arch/webhooks-api.md`
- public webhook ingress and async sync trigger shapes
- `prds/new-plugin-arch/GitHub-connector.md`
- GitHub-specific connector flow, permissions, webhook behavior, and reconciliation model
## Shared principles
- expose logical resources, not raw tables;
- current-state endpoints should return projected current rows, not version-history duplicates;
- version/history endpoints should be explicit;
- delivery APIs should stay distinct from admin mutation APIs;
- public webhooks should stay distinct from authenticated APIs.
## Suggested split of responsibility
### Admin API
Use for:
- config object CRUD
- version history access
- plugin management
- marketplace management
- access grants
- connector setup and mapping management
- sync-event inspection and retries
### Delivery API
Use for:
- listing accessible plugins for clients/users
- manifest retrieval
- download/install payloads
- reporting and comparing installed state
### Webhooks API
Use for:
- public connector ingress
- signature verification
- normalized webhook envelope handling
- async sync enqueue contracts
## Current recommendations
- keep one shared `config-objects` admin surface and add type-specific convenience endpoints where UI needs them;
- keep current-state search/list endpoints separate from version-history endpoints;
- treat plugin access management as a first-class API surface;
- treat marketplace access and marketplace-plugin composition as first-class API surfaces;
- keep connector setup, target, mapping, and sync APIs explicit;
- keep public webhook ingress separate from authenticated APIs.
## Current gaps
Still to decide:
- exact auth model for end-user delivery endpoints;
- rolling-latest vs release-snapshot delivery semantics;
- which type-specific validate/preview endpoints are public vs internal-only;
- whether bulk mutation endpoints are needed for large plugin or mapping edits.
Reference in New Issue View Git Blame Copy Permalink