Plugin SystemAPI & Database Reference

Plugin API & Database Reference

This page documents all API endpoints and the MongoDB/Mongoose schema for the NetPad plugin system. Use this as a reference for advanced integration, automation, or troubleshooting.

1. API Endpoints

MethodEndpointDescription
POST/api/pluginsPublish plugin
GET/api/pluginsBrowse store
GET/api/plugins/:idGet plugin details
POST/api/plugins/:id/installInstall plugin
DELETE/api/plugins/:id/installUninstall plugin
GET/api/my/pluginsUser’s plugins
GET/api/org/pluginsOrganization plugins
POST/api/org/plugins/:id/enableEnable for org
DELETE/api/org/plugins/:id/disableDisable for org
GET/api/admin/pluginsAdmin plugin management
POST/api/admin/plugins/:id/killEmergency disable
GET/api/admin/auditAudit logs

2. Plugin Model (Mongoose)

Plugin.js

const PluginSchema = new mongoose.Schema({
  id: String, // Unique plugin identifier (author.name)
  name: String, // Plugin name (from manifest)
  version: String, // Semantic version
  manifest: mongoose.Schema.Types.Mixed, // Complete plugin manifest
  files: {
    runner: String,
    shape: String,
    icon: String,
    readme: String
  },
  author_id: { type: mongoose.Schema.Types.ObjectId, ref: 'User' },
  organization_id: { type: mongoose.Schema.Types.ObjectId, ref: 'Organization' },
  status: String, // draft, pending, approved, rejected
  scope: String, // private, org, public
  category: String, // ai, data, integration, etc.
  stats: {
    downloads: Number,
    installations: Number,
    rating: Number,
    reviews: Number
  },
  verified: Boolean,
  verified_by: { type: mongoose.Schema.Types.ObjectId, ref: 'User' },
  verified_at: Date,
  tags: [String],
  review_notes: String,
  reviewed_by: { type: mongoose.Schema.Types.ObjectId, ref: 'User' },
  reviewed_at: Date,
  published_at: Date,
  homepage: String,
  repository: String,
  size: Number,
  checksum: String
}, { timestamps: { createdAt: 'created_at', updatedAt: 'updated_at' }});

Key Fields:

FieldTypeDescription
idStringUnique plugin identifier (author.name)
nameStringPlugin name (from manifest)
versionStringSemantic version
manifestMixedComplete plugin manifest
filesObjectrunner, shape, icon, readme
author_idObjectIdReference to User
organization_idObjectIdReference to Organization
statusStringdraft, pending, approved, rejected
scopeStringprivate, org, public
categoryStringai, data, integration, etc.
statsObjectdownloads, installations, rating, reviews
verifiedBooleanTrust indicator
tags[String]Search tags
published_atDateWhen published

3. Plugin Installation Model (Mongoose)

PluginInstallation.js

const PluginInstallationSchema = new mongoose.Schema({
  plugin_id: String, // Plugin.id field
  user_id: { type: mongoose.Schema.Types.ObjectId, ref: 'User' },
  organization_id: { type: mongoose.Schema.Types.ObjectId, ref: 'Organization' },
  scope: String, // user, org, public
  status: String, // active, disabled, failed
  installed_version: String,
  config: mongoose.Schema.Types.Mixed,
  last_used: Date,
  execution_count: Number,
  avg_execution_time: Number,
  total_execution_time: Number,
  error_count: Number,
  last_error: {
    message: String,
    timestamp: Date,
    stack: String
  },
  installed_at: Date,
  auto_update: Boolean,
  update_available: Boolean,
  available_version: String,
  source: String // store, upload, cli, org_admin
}, { timestamps: { createdAt: 'created_at', updatedAt: 'updated_at' }});

Key Fields:

FieldTypeDescription
plugin_idStringReference to Plugin.id
user_idObjectIdReference to User
organization_idObjectIdReference to Organization
scopeStringuser, org, public
statusStringactive, disabled, failed
installed_versionStringVersion at install
configMixedUser/org config
last_usedDateLast used timestamp
execution_countNumberUsage count
avg_execution_timeNumberms average
error_countNumberError count
last_errorObjectLast error details
installed_atDateInstall timestamp
auto_updateBooleanAuto-update enabled
update_availableBooleanUpdate available flag
sourceStringstore, upload, cli, org_admin

4. Usage Notes

  • All endpoints require authentication
  • Organization and admin endpoints require appropriate permissions
  • Audit logs are available to admins for compliance and security

Further Reading

For more, see the Plugin Sprint Plan.

Admin & Org ControlsSecurity & Audit