Skip to content

feat: add proprietary plugin upload support#18

Open
Rezn1r wants to merge 3 commits into
mainfrom
feat/proprietary-plugin-support
Open

feat: add proprietary plugin upload support#18
Rezn1r wants to merge 3 commits into
mainfrom
feat/proprietary-plugin-support

Conversation

@Rezn1r
Copy link
Copy Markdown
Collaborator

@Rezn1r Rezn1r commented May 24, 2026

Description

Adds an alternative plugin creation flow for proprietary plugins that allows direct file upload of pre-built artifacts (.whl for Python, .so/.dll for C++) instead of connecting a GitHub repository. The build pipeline is bypassed — artifacts go directly to storage and still go through VirusTotal scanning and admin review.

Changes

  • Schema: Add isProprietary Boolean @default(false) to Plugin model
  • Middleware: Add requireTrusted (rejects NEW/FLAGGED users) and proprietaryUploadRateLimit (3/hour per user)
  • Upload module (src/modules/upload/):
    • POST /api/v1/upload/plugin — create proprietary plugin with artifact upload
    • POST /api/v1/upload/plugin/:slug/version — upload new version for existing proprietary plugin
    • Magic number verification (.whl→ZIP, .so→ELF, .dll→MZ), filename sanitization, atomic failure cleanup
    • Immediate VT scan enqueue on upload, per-user plugin count limit (max 10)
  • Submit service: Skip GitHub username validation for proprietary plugins, force "Proprietary" license
  • Plugin service: Specific error message when attempting triggerBuild on proprietary plugins

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • My changes generate no new warnings

Rezn1r added 3 commits May 24, 2026 20:18
@Rezn1r
feat: add proprietary plugin upload support
05270da 
- Add isProprietary flag to Plugin schema
- Add requireTrusted middleware and proprietaryUploadRateLimit
- New upload module: POST /api/v1/upload/plugin for initial upload
- New upload module: POST /api/v1/upload/plugin/:slug/version for version updates
- Skip GitHub username validation for proprietary plugins in submit service
- Force Proprietary license for proprietary plugins
- Block triggerBuild with specific error for proprietary plugins
- Magic number verification, filename sanitization, atomic failure cleanup
- Immediate VirusTotal scan enqueue on upload
@Rezn1r
style: format with prettier
cba1aea
@Rezn1r
ci: add prisma generate step before type-check
607dd11
@Rezn1r Rezn1r requested a review from 0xliam627 May 24, 2026 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xliam627 0xliam627 Awaiting requested review from 0xliam627

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Rezn1r