|
1 | 1 |
|
2 | 2 | # Curated Plugin Registry |
3 | 3 |
|
4 | | -When `FEATURE_V3_PLUGINS=true`, the API exposes discovery endpoints used by the Admin Console. |
5 | | - |
6 | | -Endpoints (admin scope required) |
7 | | -- `GET /plugins` — list installed plugins with manifests and current enabled/config values |
8 | | -- `GET /plugins/{id}/config` — return `enabled` and `settings` for a plugin |
9 | | -- `PUT /plugins/{id}/config` — validate/persist via the JSON config store |
10 | | -- `GET /plugin-registry` — serve the curated registry JSON for UI search |
11 | | - |
12 | | -Config store |
13 | | -- Resolved config path: `FAXBOT_CONFIG_PATH` (default `config/faxbot.config.json`) |
14 | | -- Atomic writes with `.bak` backups; roll back to last known‑good on validation/startup failure |
15 | | - |
16 | | -Security & permissions |
17 | | -- New admin scopes: `admin:plugins:read`, `admin:plugins:write` |
18 | | -- Only keys with `keys:manage` may change plugin configs |
19 | | -- Per‑key RPM: mirror inbound list/get defaults for reads (stricter for writes) |
20 | | - |
21 | | -Dynamic install (optional) |
22 | | -- Keep `FEATURE_PLUGIN_INSTALL=false` by default |
23 | | -- If enabled, use a strict allowlist and checksums (signatures if provided); non‑interactive, sandboxed install only |
24 | | -- For HIPAA profiles, leave remote install disabled |
25 | | - |
26 | | -Admin Console behavior |
27 | | -- The Plugins tab reads `/plugins` and renders schema‑driven forms |
28 | | -- Only the active outbound provider’s help is shown; switching providers is a guided flow (no mixed instructions) |
29 | | - |
30 | | -Notes |
31 | | -- Backends remain isolated across docs and UI; Phaxio users never see SIP/Asterisk instructions |
| 4 | +The Plugins tab uses these discovery endpoints when `FEATURE_V3_PLUGINS=true`. |
| 5 | + |
| 6 | +[:material-puzzle-outline: Plugins Overview](index.md){ .md-button } |
| 7 | +[:material-http: HTTP Manifest Docs](manifest-http.md){ .md-button } |
| 8 | +[:material-file-cog: Plugin Config File](config-file.md){ .md-button } |
| 9 | +[:material-puzzle: Plugin Builder](../admin-console/plugin-builder.md){ .md-button } |
| 10 | + |
| 11 | +--- |
| 12 | + |
| 13 | +## Endpoints (admin scope required) |
| 14 | + |
| 15 | +:material-puzzle: `GET /plugins` |
| 16 | +: List installed plugins with manifests and current enabled/config values |
| 17 | + |
| 18 | +:material-cog: `GET /plugins/{id}/config` |
| 19 | +: Return `enabled` and `settings` for a plugin |
| 20 | + |
| 21 | +:material-content-save-cog: `PUT /plugins/{id}/config` |
| 22 | +: Validate and persist via the JSON config store |
| 23 | + |
| 24 | +:material-database-search: `GET /plugin-registry` |
| 25 | +: Serve the curated registry JSON for UI search |
| 26 | + |
| 27 | +--- |
| 28 | + |
| 29 | +## Config store |
| 30 | + |
| 31 | +:material-file-cog: Path |
| 32 | +: `FAXBOT_CONFIG_PATH` (default `config/faxbot.config.json`) |
| 33 | + |
| 34 | +:material-content-save: Writes |
| 35 | +: Atomic writes with `.bak` backups; roll back to last known‑good on validation/startup failure |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | +## Security & permissions |
| 40 | + |
| 41 | +:material-shield-key: Scopes |
| 42 | +: `admin:plugins:read`, `admin:plugins:write` |
| 43 | + |
| 44 | +:material-key: Who can write |
| 45 | +: Only keys with `keys:manage` may change plugin configs |
| 46 | + |
| 47 | +:material-speedometer: Rate limits |
| 48 | +: Per‑key RPM: mirror inbound list/get defaults for reads (stricter for writes) |
| 49 | + |
| 50 | +--- |
| 51 | + |
| 52 | +## Dynamic install (optional) |
| 53 | + |
| 54 | +:material-toggle-switch-off: Default |
| 55 | +: Keep `FEATURE_PLUGIN_INSTALL=false` |
| 56 | + |
| 57 | +:material-shield-lock: When enabled |
| 58 | +: Use a strict allowlist and checksums (signatures if provided); non‑interactive, sandboxed install only |
| 59 | + |
| 60 | +:material-hospital: HIPAA |
| 61 | +: Leave remote install disabled for HIPAA profiles |
| 62 | + |
| 63 | +--- |
| 64 | + |
| 65 | +## Admin Console behavior |
| 66 | + |
| 67 | +:material-view-grid-plus: Plugins tab |
| 68 | +: Reads `/plugins` and renders schema‑driven forms |
| 69 | + |
| 70 | +:material-filter-variant: Backend isolation |
| 71 | +: Only the active outbound provider’s help is shown; switching providers is a guided flow (no mixed instructions) |
| 72 | + |
| 73 | +--- |
| 74 | + |
| 75 | +## Notes |
| 76 | + |
| 77 | +- Backends remain isolated across docs and UI; Phaxio users never see SIP/Asterisk instructions |
32 | 78 | - Inbound cloud callbacks remain core HTTP endpoints that delegate to plugin handlers; HMAC/signature verification is enforced in core |
33 | 79 |
|
34 | | -Troubleshooting |
35 | | -- If `/plugins` returns 404, enable the feature flag (`FEATURE_V3_PLUGINS=true`) and restart the API |
36 | | -- For config write errors, check file permissions on `FAXBOT_CONFIG_PATH` (the default lives under the `faxdata` volume) |
| 80 | +--- |
| 81 | + |
| 82 | +## Troubleshooting |
| 83 | + |
| 84 | +- `/plugins` returns 404 → enable `FEATURE_V3_PLUGINS=true` and restart the API |
| 85 | +- Config write errors → check permissions on `FAXBOT_CONFIG_PATH` (default lives under the `faxdata` volume) |
0 commit comments