@plank-cms/plank 0.27.3 → 0.28.0

package/dist/{server-5JMBMGIN.js → server-DONLO5CM.js}

@@ -37,6 +37,8 @@ var DEFAULT_ROLE_PERMISSIONS = {
     "media:read",
     "media:write",
     "media:delete",
+    "addons:read",
+    "addons:write",
     "settings:overview:read",
     "settings:users:read",
     "settings:users:write",
@@ -650,8 +652,8 @@ function validate(contentType, payload) {
 import express from "express";
 import cors from "cors";
 import helmet from "helmet";
-import { join as join4, dirname as dirname2 } from "path";
-import { fileURLToPath as fileURLToPath3 } from "url";
+import { join as join6, dirname as dirname3 } from "path";
+import { fileURLToPath as fileURLToPath4 } from "url";
 
 // ../core/dist/routes/auth.js
 import { Router } from "express";
@@ -4875,6 +4877,10 @@ function maskSettings(namespace, settings) {
 }
 async function getNamespaceSettings(req, res) {
   const { namespace } = req.params;
+  if (namespace.startsWith("addon:")) {
+    res.status(403).json({ error: "Addon settings must be accessed through the add-ons API" });
+    return;
+  }
   const settings = await getSettings(namespace);
   res.json(maskSettings(namespace, settings));
 }
@@ -4903,6 +4909,10 @@ async function getEditorialMode(_req, res) {
 }
 async function updateNamespaceSettings(req, res) {
   const { namespace } = req.params;
+  if (namespace.startsWith("addon:")) {
+    res.status(403).json({ error: "Addon settings must be accessed through the add-ons API" });
+    return;
+  }
   const incoming = req.body;
   if (typeof incoming !== "object" || Array.isArray(incoming)) {
     res.status(400).json({ error: "Body must be a flat key-value object" });
@@ -4929,13 +4939,16 @@ async function updateNamespaceSettings(req, res) {
 
 // ../core/dist/lib/version.js
 import { readFile as readFile2 } from "fs/promises";
+import { join as join4 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 var PACKAGE_NAME = "@plank-cms/plank";
 var CHANGELOG_BASE_URL = "https://github.com/plank-cms/plank/releases";
-var UPDATE_COMMAND = "npm run update";
 var REGISTRY_URL = `https://registry.npmjs.org/${encodeURIComponent(PACKAGE_NAME)}/latest`;
 var CACHE_TTL_MS = 1e3 * 60 * 30;
-var packageJsonUrl = new URL("../../package.json", import.meta.url);
+var packageJsonUrls = [
+  new URL("../../package.json", import.meta.url),
+  new URL("../package.json", import.meta.url)
+];
 var cachedVersionCheck = null;
 function normalizeVersion(value) {
   return value.trim().replace(/^v/i, "").split("-")[0].split(".").map((part) => Number.parseInt(part, 10) || 0);
@@ -4957,17 +4970,62 @@ function compareVersions(a2, b3) {
 function getChangelogUrl(version) {
   return version ? `${CHANGELOG_BASE_URL}/tag/${version}` : CHANGELOG_BASE_URL;
 }
-async function readCurrentVersion() {
-  const packageJsonPath = fileURLToPath2(packageJsonUrl);
-  const raw = await readFile2(packageJsonPath, "utf8");
-  const parsed = JSON.parse(raw);
-  return parsed.version ?? "0.0.0";
+function getUpdateCommandForPackageManager(packageManager) {
+  return packageManager === "pnpm" ? "pnpm run update" : "npm run update";
+}
+async function detectProjectPackageManager() {
+  try {
+    const raw = await readFile2(join4(process.cwd(), "package.json"), "utf8");
+    const parsed = JSON.parse(raw);
+    if (parsed.packageManager?.startsWith("pnpm@") || parsed.packageManager === "pnpm") {
+      return "pnpm";
+    }
+    if (parsed.packageManager?.startsWith("npm@") || parsed.packageManager === "npm") {
+      return "npm";
+    }
+  } catch {
+    return await detectPackageManagerFromLockfiles();
+  }
+  return await detectPackageManagerFromLockfiles();
+}
+async function hasLockfile(filename) {
+  try {
+    await readFile2(join4(process.cwd(), filename), "utf8");
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function detectPackageManagerFromLockfiles() {
+  if (await hasLockfile("pnpm-lock.yaml")) {
+    return "pnpm";
+  }
+  if (await hasLockfile("package-lock.json")) {
+    return "npm";
+  }
+  return null;
+}
+async function getCurrentVersion() {
+  for (const packageJsonUrl of packageJsonUrls) {
+    try {
+      const packageJsonPath = fileURLToPath2(packageJsonUrl);
+      const raw = await readFile2(packageJsonPath, "utf8");
+      const parsed = JSON.parse(raw);
+      if (parsed.version) {
+        return parsed.version;
+      }
+    } catch {
+      continue;
+    }
+  }
+  return "0.0.0";
 }
 async function getVersionCheck() {
   if (cachedVersionCheck && cachedVersionCheck.expiresAt > Date.now()) {
     return cachedVersionCheck.value;
   }
-  const currentVersion = await readCurrentVersion();
+  const currentVersion = await getCurrentVersion();
+  const packageManager = await detectProjectPackageManager();
   let latestVersion = null;
   try {
     const response = await fetch(REGISTRY_URL, {
@@ -4981,13 +5039,14 @@ async function getVersionCheck() {
       latestVersion = payload.version ?? null;
     }
   } catch {
+    latestVersion = null;
   }
   const value = {
     currentVersion,
     latestVersion,
     updateAvailable: latestVersion ? compareVersions(latestVersion, currentVersion) > 0 : false,
     changelogUrl: getChangelogUrl(latestVersion),
-    updateCommand: UPDATE_COMMAND,
+    updateCommand: getUpdateCommandForPackageManager(packageManager),
     checkedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
   cachedVersionCheck = {
@@ -5003,6 +5062,657 @@ async function getVersionInfo(_req, res) {
   res.json(versionInfo);
 }
 
+// ../core/dist/controllers/addons.js
+import { z as z9 } from "zod";
+
+// ../core/dist/lib/addons.js
+import { access, readFile as readFile3 } from "fs/promises";
+import { createRequire } from "module";
+import { dirname as dirname2, join as join5, resolve } from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+import { z as z8 } from "zod";
+var ADDON_PACKAGE_PREFIX = "@plank-cms/addon-";
+function getHostRequire() {
+  return createRequire(join5(process.cwd(), "package.json"));
+}
+var addonSlotSchema = z8.object({
+  id: z8.string().min(1),
+  title: z8.string().min(1),
+  order: z8.number().int().optional()
+});
+var addonManifestSchema = z8.object({
+  id: z8.string().min(1),
+  packageName: z8.string().min(1),
+  name: z8.string().min(1),
+  version: z8.string().min(1),
+  plankRange: z8.string().min(1),
+  description: z8.string().optional(),
+  settingsNamespace: z8.string().min(1).optional(),
+  slots: z8.object({
+    dashboardWidgets: z8.array(addonSlotSchema).optional(),
+    addonsSections: z8.array(addonSlotSchema).optional()
+  }),
+  admin: z8.object({
+    entry: z8.string().min(1)
+  }).optional()
+});
+var addonAdminFieldSchema = z8.discriminatedUnion("type", [
+  z8.object({
+    key: z8.string().min(1),
+    type: z8.literal("contentTypesMultiSelect"),
+    label: z8.string().min(1),
+    description: z8.string().min(1),
+    defaultValue: z8.array(z8.string())
+  }),
+  z8.object({
+    key: z8.string().min(1),
+    type: z8.literal("number"),
+    label: z8.string().min(1),
+    description: z8.string().min(1),
+    min: z8.number(),
+    defaultValue: z8.number()
+  })
+]);
+var addonAdminModuleSchema = z8.object({
+  addonId: z8.string().min(1),
+  title: z8.string().min(1),
+  description: z8.string().min(1),
+  settingsNamespace: z8.string().min(1),
+  checks: z8.array(z8.object({
+    id: z8.string().min(1),
+    label: z8.string().min(1),
+    description: z8.string().min(1)
+  })),
+  settings: z8.object({
+    title: z8.string().min(1),
+    description: z8.string().min(1),
+    fields: z8.array(addonAdminFieldSchema)
+  })
+});
+function normalizeSlot(slot) {
+  return {
+    id: slot.id,
+    title: slot.title,
+    order: slot.order ?? 100
+  };
+}
+function compareSlotOrder(left, right) {
+  if ((left.order ?? 100) !== (right.order ?? 100)) {
+    return (left.order ?? 100) - (right.order ?? 100);
+  }
+  return left.id.localeCompare(right.id);
+}
+function normalizeAddonSlots(manifest) {
+  const dashboardWidgets = (manifest.slots.dashboardWidgets ?? []).map(normalizeSlot).sort(compareSlotOrder);
+  const addonsSections = manifest.admin?.entry ? (manifest.slots.addonsSections ?? []).map(normalizeSlot).sort(compareSlotOrder) : [];
+  return {
+    dashboardWidgets,
+    addonsSections
+  };
+}
+function createFallbackAddonId(packageName) {
+  return packageName.startsWith(ADDON_PACKAGE_PREFIX) ? packageName.slice(ADDON_PACKAGE_PREFIX.length) : packageName;
+}
+async function pathExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function resolvePackageJsonPath(packageName) {
+  const hostRequire = getHostRequire();
+  try {
+    return hostRequire.resolve(`${packageName}/package.json`);
+  } catch {
+    try {
+      const entryPath = hostRequire.resolve(packageName);
+      let currentDir = dirname2(entryPath);
+      for (; ; ) {
+        const candidate = join5(currentDir, "package.json");
+        if (await pathExists(candidate)) {
+          return candidate;
+        }
+        const parentDir = dirname2(currentDir);
+        if (parentDir === currentDir)
+          return null;
+        currentDir = parentDir;
+      }
+    } catch {
+      return null;
+    }
+  }
+}
+async function resolvePackageRoot(packageName) {
+  const packageJsonPath = await resolvePackageJsonPath(packageName);
+  if (packageJsonPath)
+    return dirname2(packageJsonPath);
+  try {
+    const manifestUrl = import.meta.resolve(`${packageName}/plank`);
+    let currentDir = dirname2(fileURLToPath3(manifestUrl));
+    for (; ; ) {
+      const candidate = join5(currentDir, "package.json");
+      if (await pathExists(candidate)) {
+        return currentDir;
+      }
+      const parentDir = dirname2(currentDir);
+      if (parentDir === currentDir)
+        return null;
+      currentDir = parentDir;
+    }
+  } catch {
+    return null;
+  }
+}
+async function readInstalledPackageJson(packageName) {
+  const packageJsonPath = await resolvePackageJsonPath(packageName);
+  if (!packageJsonPath)
+    return null;
+  try {
+    const raw = await readFile3(packageJsonPath, "utf8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+async function readHostPackageJson() {
+  const raw = await readFile3(join5(process.cwd(), "package.json"), "utf8");
+  return JSON.parse(raw);
+}
+function listDeclaredAddonPackages(packageJson) {
+  return Array.from(/* @__PURE__ */ new Set([
+    ...Object.keys(packageJson.dependencies ?? {}),
+    ...Object.keys(packageJson.optionalDependencies ?? {})
+  ])).filter((packageName) => packageName.startsWith(ADDON_PACKAGE_PREFIX)).sort();
+}
+function normalizeVersion2(value) {
+  const [major = 0, minor = 0, patch = 0] = value.trim().replace(/^v/i, "").split("-")[0].split(".").map((part) => Number.parseInt(part, 10) || 0);
+  return [major, minor, patch];
+}
+function compareVersions2(left, right) {
+  const leftParts = normalizeVersion2(left);
+  const rightParts = normalizeVersion2(right);
+  for (let index = 0; index < 3; index += 1) {
+    if (leftParts[index] > rightParts[index])
+      return 1;
+    if (leftParts[index] < rightParts[index])
+      return -1;
+  }
+  return 0;
+}
+function buildCaretUpperBound(version) {
+  const [major, minor, patch] = normalizeVersion2(version);
+  if (major > 0)
+    return `${major + 1}.0.0`;
+  if (minor > 0)
+    return `0.${minor + 1}.0`;
+  return `0.0.${patch + 1}`;
+}
+function buildTildeUpperBound(version) {
+  const [major, minor] = normalizeVersion2(version);
+  return `${major}.${minor + 1}.0`;
+}
+function satisfiesComparator(version, comparator) {
+  const value = comparator.trim();
+  if (!value)
+    return true;
+  if (value.startsWith(">="))
+    return compareVersions2(version, value.slice(2)) >= 0;
+  if (value.startsWith("<="))
+    return compareVersions2(version, value.slice(2)) <= 0;
+  if (value.startsWith(">"))
+    return compareVersions2(version, value.slice(1)) > 0;
+  if (value.startsWith("<"))
+    return compareVersions2(version, value.slice(1)) < 0;
+  if (value.startsWith("^")) {
+    const lower = value.slice(1);
+    return compareVersions2(version, lower) >= 0 && compareVersions2(version, buildCaretUpperBound(lower)) < 0;
+  }
+  if (value.startsWith("~")) {
+    const lower = value.slice(1);
+    return compareVersions2(version, lower) >= 0 && compareVersions2(version, buildTildeUpperBound(lower)) < 0;
+  }
+  return compareVersions2(version, value) === 0;
+}
+function satisfiesVersionRange(version, range) {
+  const normalizedRange = range.trim();
+  if (!normalizedRange || normalizedRange === "*")
+    return true;
+  return normalizedRange.split("||").some((part) => part.trim().split(/\s+/).every((token) => satisfiesComparator(version, token)));
+}
+async function loadAddonManifest(packageName) {
+  const module = await import(`${packageName}/plank`);
+  const parsed = addonManifestSchema.safeParse(module?.manifest);
+  if (!parsed.success) {
+    throw new Error(parsed.error.issues.map((issue) => issue.message).join(", "));
+  }
+  if (parsed.data.packageName !== packageName) {
+    throw new Error(`Manifest packageName mismatch for ${packageName}`);
+  }
+  return parsed.data;
+}
+async function loadAddonAdminModule(packageName) {
+  const module = await import(`${packageName}/admin`);
+  const candidate = module?.adminModule ?? module?.default;
+  const parsed = addonAdminModuleSchema.safeParse(candidate);
+  if (!parsed.success) {
+    throw new Error(parsed.error.issues.map((issue) => issue.message).join(", "));
+  }
+  return parsed.data;
+}
+async function loadAddonServerModule(packageName) {
+  const module = await import(`${packageName}/server`);
+  const candidate = module?.serverModule ?? module?.default;
+  if (!candidate || typeof candidate.runAction !== "function") {
+    throw new Error(`Invalid server module for ${packageName}`);
+  }
+  return candidate;
+}
+async function resolveAddonAdminEntryPath(packageName) {
+  const [manifest, packageRoot] = await Promise.all([
+    loadAddonManifest(packageName),
+    resolvePackageRoot(packageName)
+  ]);
+  if (!manifest.admin?.entry || !packageRoot)
+    return null;
+  const entryPath = resolve(packageRoot, manifest.admin.entry);
+  if (!entryPath.startsWith(packageRoot)) {
+    throw new Error(`Invalid admin entry path for ${packageName}`);
+  }
+  if (!await pathExists(entryPath)) {
+    throw new Error(`Admin entry file not found for ${packageName}: ${entryPath}`);
+  }
+  return entryPath;
+}
+async function discoverAddon(packageName, coreVersion) {
+  const packageJson = await readInstalledPackageJson(packageName);
+  try {
+    const manifest = await loadAddonManifest(packageName);
+    const compatible = satisfiesVersionRange(coreVersion, manifest.plankRange);
+    return {
+      id: manifest.id,
+      packageName,
+      name: manifest.name,
+      version: manifest.version,
+      plankRange: manifest.plankRange,
+      description: manifest.description ?? packageJson?.description ?? null,
+      installed: true,
+      enabled: false,
+      compatible,
+      hasAdminUi: Boolean(manifest.admin?.entry),
+      settingsNamespace: manifest.settingsNamespace ?? null,
+      slots: normalizeAddonSlots(manifest)
+    };
+  } catch (error) {
+    const fallbackId = createFallbackAddonId(packageName);
+    const message = error instanceof Error ? error.message : "Unknown manifest error";
+    console.warn(`[plank/addons] Skipping invalid add-on manifest for ${packageName}: ${message}`);
+    return {
+      id: fallbackId,
+      packageName,
+      name: packageJson?.name ?? fallbackId,
+      version: packageJson?.version ?? null,
+      plankRange: null,
+      description: packageJson?.description ?? null,
+      installed: true,
+      enabled: false,
+      compatible: false,
+      hasAdminUi: false,
+      settingsNamespace: null,
+      slots: {
+        dashboardWidgets: [],
+        addonsSections: []
+      }
+    };
+  }
+}
+async function syncInstalledAddons() {
+  const hostPackageJson = await readHostPackageJson();
+  const packageNames = listDeclaredAddonPackages(hostPackageJson);
+  const coreVersion = await getCurrentVersion();
+  const discovered = (await Promise.all(packageNames.map((packageName) => discoverAddon(packageName, coreVersion)))).filter((addon) => addon !== null);
+  const client = await pool_default.connect();
+  try {
+    await client.query("BEGIN");
+    for (const addon of discovered) {
+      await client.query(`INSERT INTO plank_addons (
+           id,
+           package_name,
+           name,
+           version,
+           plank_range,
+           description,
+           installed,
+           compatible,
+           has_admin_ui,
+           settings_namespace,
+           slots_json
+         )
+         VALUES ($1, $2, $3, $4, $5, $6, TRUE, $7, $8, $9, $10::jsonb)
+         ON CONFLICT (id) DO UPDATE SET
+           package_name = EXCLUDED.package_name,
+           name = EXCLUDED.name,
+           version = EXCLUDED.version,
+           plank_range = EXCLUDED.plank_range,
+           description = EXCLUDED.description,
+           installed = EXCLUDED.installed,
+           compatible = EXCLUDED.compatible,
+           has_admin_ui = EXCLUDED.has_admin_ui,
+           settings_namespace = EXCLUDED.settings_namespace,
+           slots_json = EXCLUDED.slots_json,
+           updated_at = NOW()`, [
+        addon.id,
+        addon.packageName,
+        addon.name,
+        addon.version,
+        addon.plankRange,
+        addon.description,
+        addon.compatible,
+        addon.hasAdminUi,
+        addon.settingsNamespace,
+        JSON.stringify(addon.slots)
+      ]);
+    }
+    if (packageNames.length > 0) {
+      await client.query(`UPDATE plank_addons
+         SET installed = FALSE,
+             compatible = FALSE,
+             has_admin_ui = FALSE,
+             slots_json = '{}'::jsonb,
+             updated_at = NOW()
+         WHERE package_name LIKE $1
+           AND package_name <> ALL($2::text[])`, [`${ADDON_PACKAGE_PREFIX}%`, packageNames]);
+    } else {
+      await client.query(`UPDATE plank_addons
+         SET installed = FALSE,
+             compatible = FALSE,
+             has_admin_ui = FALSE,
+             slots_json = '{}'::jsonb,
+             updated_at = NOW()
+         WHERE package_name LIKE $1`, [`${ADDON_PACKAGE_PREFIX}%`]);
+    }
+    await client.query("COMMIT");
+  } catch (error) {
+    await client.query("ROLLBACK");
+    throw error;
+  } finally {
+    client.release();
+  }
+}
+function normalizeSlotsFromRow(value) {
+  return {
+    dashboardWidgets: Array.isArray(value?.dashboardWidgets) ? value.dashboardWidgets : [],
+    addonsSections: Array.isArray(value?.addonsSections) ? value.addonsSections : []
+  };
+}
+function mapAddonRow(row) {
+  return {
+    id: row.id,
+    packageName: row.package_name,
+    name: row.name,
+    version: row.version ?? "",
+    ...row.description ? { description: row.description } : {},
+    installed: row.installed,
+    enabled: row.enabled,
+    compatible: row.compatible,
+    hasAdminUi: row.has_admin_ui,
+    ...row.settings_namespace ? { settingsNamespace: row.settings_namespace } : {},
+    ...row.has_admin_ui ? { adminUrl: `/admin/add-ons/${row.id}` } : {}
+  };
+}
+async function listAddonRows() {
+  const { rows } = await pool_default.query(`SELECT
+       id,
+       package_name,
+       name,
+       version,
+       plank_range,
+       description,
+       installed,
+       enabled,
+       compatible,
+       has_admin_ui,
+       settings_namespace,
+       slots_json
+     FROM plank_addons
+     ORDER BY name ASC, id ASC`);
+  return rows;
+}
+async function getAddonRow(id) {
+  const { rows } = await pool_default.query(`SELECT
+       id,
+       package_name,
+       name,
+       version,
+       plank_range,
+       description,
+       installed,
+       enabled,
+       compatible,
+       has_admin_ui,
+       settings_namespace,
+       slots_json
+     FROM plank_addons
+     WHERE id = $1`, [id]);
+  return rows[0] ?? null;
+}
+async function getAddonAdminModule(id) {
+  const addon = await getAddonRow(id);
+  if (!addon || !addon.installed || !addon.has_admin_ui)
+    return null;
+  try {
+    return await loadAddonAdminModule(addon.package_name);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown admin module error";
+    console.warn(`[plank/addons] Failed to load admin module for ${addon.package_name}: ${message}`);
+    return null;
+  }
+}
+async function getAddonAdminEntryPath(id) {
+  const addon = await getAddonRow(id);
+  if (!addon || !addon.installed || !addon.has_admin_ui)
+    return null;
+  try {
+    return await resolveAddonAdminEntryPath(addon.package_name);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown admin entry error";
+    console.warn(`[plank/addons] Failed to resolve admin entry for ${addon.package_name}: ${message}`);
+    return null;
+  }
+}
+async function runAddonServerAction(id, action, input) {
+  const addon = await getAddonRow(id);
+  if (!addon) {
+    throw new Error("Addon not found");
+  }
+  if (!addon.installed) {
+    throw new Error("Addon is not installed");
+  }
+  if (!addon.enabled) {
+    throw new Error("Addon is disabled");
+  }
+  if (!addon.compatible) {
+    throw new Error("Addon is not compatible with this Plank version");
+  }
+  const serverModule = await loadAddonServerModule(addon.package_name);
+  return serverModule.runAction({
+    action,
+    input,
+    addon: {
+      id: addon.id,
+      packageName: addon.package_name,
+      settingsNamespace: addon.settings_namespace
+    },
+    context: {
+      db: {
+        query: pool_default.query.bind(pool_default)
+      },
+      getSettings,
+      findAllContentTypes,
+      findContentTypeBySlug,
+      quoteIdentifier
+    }
+  });
+}
+async function updateAddonEnabled(id, enabled) {
+  const { rows } = await pool_default.query(`UPDATE plank_addons
+     SET enabled = $2, updated_at = NOW()
+     WHERE id = $1
+     RETURNING
+       id,
+       package_name,
+       name,
+       version,
+       plank_range,
+       description,
+       installed,
+       enabled,
+       compatible,
+       has_admin_ui,
+       settings_namespace,
+       slots_json`, [id, enabled]);
+  return rows[0] ?? null;
+}
+async function buildAdminAddonsRegistry() {
+  const rows = await listAddonRows();
+  const enabledRows = rows.filter((row) => row.installed && row.enabled && row.compatible);
+  return {
+    addons: rows.map(mapAddonRow),
+    slots: {
+      dashboardWidgets: enabledRows.flatMap((row) => normalizeSlotsFromRow(row.slots_json).dashboardWidgets.map((slot) => ({
+        addonId: row.id,
+        slotId: slot.id,
+        title: slot.title,
+        order: slot.order ?? 100
+      }))),
+      addonsSections: enabledRows.flatMap((row) => normalizeSlotsFromRow(row.slots_json).addonsSections.map((slot) => ({
+        addonId: row.id,
+        slotId: slot.id,
+        title: slot.title,
+        order: slot.order ?? 100
+      })))
+    }
+  };
+}
+
+// ../core/dist/controllers/addons.js
+function mapAddon(row) {
+  return {
+    id: row.id,
+    packageName: row.package_name,
+    name: row.name,
+    version: row.version ?? "",
+    ...row.description ? { description: row.description } : {},
+    installed: row.installed,
+    enabled: row.enabled,
+    compatible: row.compatible,
+    hasAdminUi: row.has_admin_ui,
+    ...row.settings_namespace ? { settingsNamespace: row.settings_namespace } : {}
+  };
+}
+async function getSettingsAddon(id) {
+  const addon = await getAddonRow(id);
+  if (!addon)
+    return { error: "Addon not found" };
+  if (!addon.settings_namespace)
+    return { error: "Addon does not expose settings" };
+  return { addon };
+}
+async function getAddonsRegistry(_req, res) {
+  const registry = await buildAdminAddonsRegistry();
+  res.json(registry);
+}
+async function listAddons(_req, res) {
+  const addons = await listAddonRows();
+  res.json(addons.map(mapAddon));
+}
+async function enableAddon(req, res) {
+  const addon = await getAddonRow(req.params.id);
+  if (!addon) {
+    res.status(404).json({ error: "Addon not found" });
+    return;
+  }
+  if (!addon.installed) {
+    res.status(409).json({ error: "Addon is not installed" });
+    return;
+  }
+  if (!addon.compatible) {
+    res.status(409).json({ error: "Addon is not compatible with this Plank version" });
+    return;
+  }
+  const updated = await updateAddonEnabled(req.params.id, true);
+  res.json(mapAddon(updated));
+}
+async function disableAddon(req, res) {
+  const addon = await getAddonRow(req.params.id);
+  if (!addon) {
+    res.status(404).json({ error: "Addon not found" });
+    return;
+  }
+  const updated = await updateAddonEnabled(req.params.id, false);
+  res.json(mapAddon(updated));
+}
+async function getAddonSettings(req, res) {
+  const result = await getSettingsAddon(req.params.id);
+  if ("error" in result) {
+    res.status(result.error === "Addon not found" ? 404 : 400).json({ error: result.error });
+    return;
+  }
+  const settings = await getSettings(result.addon.settings_namespace);
+  res.json(settings);
+}
+async function getAddonAdminModuleDefinition(req, res) {
+  const addon = await getAddonAdminModule(req.params.id);
+  if (!addon) {
+    res.status(404).json({ error: "Addon admin module not found" });
+    return;
+  }
+  res.json(addon);
+}
+async function getAddonAdminEntry(req, res) {
+  const entryPath = await getAddonAdminEntryPath(req.params.id);
+  if (!entryPath) {
+    res.status(404).json({ error: "Addon admin entry not found" });
+    return;
+  }
+  res.type("application/javascript");
+  res.sendFile(entryPath);
+}
+async function runAddonAction(req, res) {
+  const parsed = z9.object({
+    action: z9.string().min(1),
+    input: z9.unknown().optional()
+  }).safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ error: "Body must include a valid action name" });
+    return;
+  }
+  try {
+    const result = await runAddonServerAction(req.params.id, parsed.data.action, parsed.data.input);
+    res.json({ result });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Could not run add-on action";
+    const status = message === "Addon not found" ? 404 : message === "Addon is not installed" ? 409 : message === "Addon is disabled" || message === "Addon is not compatible with this Plank version" ? 409 : 400;
+    res.status(status).json({ error: message });
+  }
+}
+async function updateAddonSettings(req, res) {
+  const result = await getSettingsAddon(req.params.id);
+  if ("error" in result) {
+    res.status(result.error === "Addon not found" ? 404 : 400).json({ error: result.error });
+    return;
+  }
+  const parsed = z9.record(z9.string(), z9.string()).safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ error: "Body must be a flat key-value object" });
+    return;
+  }
+  await setSettings(result.addon.settings_namespace, parsed.data);
+  const settings = await getSettings(result.addon.settings_namespace);
+  res.json(settings);
+}
+
 // ../core/dist/routes/admin.js
 var router2 = Router2();
 router2.use(authenticate);
@@ -5061,6 +5771,15 @@ router2.get("/editorial-mode", getEditorialMode);
 router2.get("/version", getVersionInfo);
 router2.get("/settings/:namespace", authorize("settings:overview:read"), getNamespaceSettings);
 router2.put("/settings/:namespace", authorize("settings:overview:write"), updateNamespaceSettings);
+router2.get("/addons/registry", authorize("addons:read"), getAddonsRegistry);
+router2.get("/addons", authorize("addons:read"), listAddons);
+router2.post("/addons/:id/enable", authorize("addons:write"), enableAddon);
+router2.post("/addons/:id/disable", authorize("addons:write"), disableAddon);
+router2.get("/addons/:id/admin-module", authorize("addons:read"), getAddonAdminModuleDefinition);
+router2.get("/addons/:id/admin-entry.js", authorize("addons:read"), getAddonAdminEntry);
+router2.post("/addons/:id/actions", authorize("addons:read"), runAddonAction);
+router2.get("/addons/:id/settings", authorize("addons:read"), getAddonSettings);
+router2.put("/addons/:id/settings", authorize("addons:write"), updateAddonSettings);
 router2.get("/webhooks", authorize("settings:webhooks:read"), listWebhooks);
 router2.post("/webhooks", authorize("settings:webhooks:write"), createWebhook);
 router2.delete("/webhooks/:id", authorize("settings:webhooks:delete"), deleteWebhook);
@@ -5772,9 +6491,9 @@ if (isDev) {
   app.get("/admin/*path", (_req, res) => res.redirect(adminDevUrl));
   app.get("/admin", (_req, res) => res.redirect(adminDevUrl));
 } else {
-  const adminDist = process.env.PLANK_ADMIN_DIST ?? join4(dirname2(fileURLToPath3(import.meta.url)), "../public/admin");
+  const adminDist = process.env.PLANK_ADMIN_DIST ?? join6(dirname3(fileURLToPath4(import.meta.url)), "../public/admin");
   app.use("/admin", express.static(adminDist));
-  app.get("/admin/*path", (_req, res) => res.sendFile(join4(adminDist, "index.html")));
+  app.get("/admin/*path", (_req, res) => res.sendFile(join6(adminDist, "index.html")));
 }
 app.use(errorHandler);
 var app_default = app;
@@ -5785,6 +6504,7 @@ async function start() {
   const isDev2 = !process.env.PLANK_ADMIN_DIST;
   await migrate();
   await syncAllTables();
+  await syncInstalledAddons();
   app_default.listen(PORT2, () => {
     const coreBase = `http://localhost:${PORT2}`;
     const adminUrl = isDev2 ? "http://localhost:3000" : `${coreBase}/admin`;