Roadmap

Feature planning and evolution of Pumpkin Hub.

Vision

Pumpkin Hub aims to become the reference platform for the Pumpkin MC ecosystem — a performant, secure and community-driven plugin registry, natively designed for Rust. The roadmap below details the major development phases to achieve this goal.

Legend

Completed In Progress Next Up Planned Backlog

Phase 0 — Foundations Completed

Development Infrastructure

Multi-service Docker Compose (API, Frontend, PostgreSQL, Meilisearch)
Hot-reload with cargo-watch (API) and next dev (Frontend)
Health checks and persisted volumes

Rust API Skeleton

Axum architecture with testable build_app()
Full middleware stack (CORS, Trace, RequestId, Timeout, Compression)
Typed configuration from environment variables
Centralized AppError type with automatic HTTP mapping
Operational /api/v1/health endpoint

Frontend Skeleton

Next.js 16 with App Router and React 19
Tailwind CSS 4 and TypeScript configuration
ESLint with Next.js configuration

CI/CD and Quality

GitHub Actions pipeline (lint, clippy, type-check, tests, build)
NPM and Rust cache for faster builds

Design System & Mockups

"Brutalist Industrial" art direction validated
4 high-fidelity HTML mockups (Landing, Explorer, Plugin, Dashboard)
Raleway + JetBrains Mono typography, orange/black palette

Phase 1 — Core Platform Completed

Database & Models

SQLx integration with PostgreSQL (migrations, connection pool)
Data models: Users, Plugins, Versions, Categories
Relations and integrity constraints
Development seeds with test data

GitHub OAuth Authentication

OAuth 2.0 flow with GitHub — GET /auth/github redirect + /auth/github/callback
CSRF state validation via HttpOnly cookie
JWT session management with axum-extra secure cookies (SameSite=Lax, HttpOnly)
AuthUser middleware extractor for protecting routes (cookie or Bearer header)
User profile sync from GitHub API on each login (upsert)
GET /auth/me — protected current-user endpoint
POST /auth/logout — cookie invalidation (POST-only for CSRF protection)

Plugin CRUD

Complete REST endpoints: list, create, read, update, delete
Input validation (name, description, categories, license, URLs)
Pagination, sorting (created_at, updated_at, downloads, name) and category filtering
Unique URL-safe slug generation with collision handling
Ownership enforcement — only the author can update or delete
Soft-delete via is_active flag
Batch category loading (N+1 prevention)

Frontend Page Implementation

Design system with Tailwind CSS 4 tokens (Brutalist Industrial: colors, typography, effects, animations)
Shared UI components: Navbar, Footer, Badge, Button, PluginCard
API layer with SWR hooks (usePlugins, usePlugin) and typed DTOs
Landing page: hero section, trending bento grid, features grid, CTA, live ticker
Explorer page: sidebar filters (search, sort, categories), paginated results, URL-based state with Suspense boundary
Plugin detail page: install panel with copy-to-clipboard, tabbed content (Overview/Versions/Dependencies), sidebar (stats, links, details, author)
Optimized fonts via next/font/google (Raleway + JetBrains Mono)
Next.js Image optimization for external avatars

Phase 1.5 — Integration & Quality Completed

Categories API Endpoint

GET /api/v1/categories — dynamic list endpoint
Frontend sidebar categories fetched from API (replaces hardcoded list)
SWR hook useCategories() and typed DTO

Frontend Authentication Integration

Navbar "Sign In" button triggers GitHub OAuth redirect
Session state management (authenticated/unauthenticated)
User profile display in Navbar (avatar, username, dropdown menu)
Logout functionality from UI
useCurrentUser() SWR hook consuming GET /auth/me
Cookie-based auth with credentials: "include" on all API requests

Multi-Provider Authentication

Email/password registration & login with Argon2 password hashing
Google OAuth 2.0 — GET /auth/google redirect + callback
Discord OAuth 2.0 — GET /auth/discord redirect + callback
auth_providers table linking multiple providers to a single user (provider + provider_id)
Account linking by email — existing users can add new sign-in methods
Password hash stored on users table (nullable for OAuth-only accounts)
POST /auth/register — email/password signup with validation
POST /auth/login — email/password authentication
Dedicated /auth frontend page with sign-in/sign-up forms and OAuth provider buttons

Plugin Submission & Management Forms

Authenticated "Publish a Plugin" form at /plugins/new (create)
Fields: name, short description, description (Markdown), categories picker, license, repository URL, documentation URL
Client-side validation module mirroring backend rules (name 3-100 chars, URL format, max 5 categories, etc.)
Reusable PluginForm component shared between create and edit flows
Edit page at /plugins/{slug}/edit — pre-populated form with ownership enforcement
Delete action with confirmation modal — soft-delete via API
PluginActions component (Edit/Delete) visible only to plugin authors and admins
Navbar "Submit Plugin" link wired to /plugins/new

User Profile & Creator Dashboard

PUT /api/v1/auth/me — profile update endpoint (display name, bio)
POST /api/v1/auth/avatar — multipart avatar upload with MIME + magic-bytes validation (max 2 MB), stored as BYTEA
GET /api/v1/users/{id}/avatar — public binary serving with cache headers
User profile page at /profile with editable display name, bio and avatar upload
Creator dashboard at /dashboard — published plugins list with stats and quick-action links (edit, view, delete)
Responsive layout consistent with Brutalist Industrial design system

Versions Tab — Real Data

GET /api/v1/plugins/{slug}/versions endpoint
Plugin detail Versions tab consuming live API data
Yanked version indicator and Pumpkin compatibility range display

Unit & Integration Tests

Rust unit tests: auth handlers, slug generation, input validation, ownership enforcement (81 tests)
Rust integration tests: plugin CRUD flow, auth, pagination, versions, categories (14 tests)
Frontend component tests with Vitest + Testing Library (60 tests: validation, Badge, Button, PluginCard)
CI pipeline updated with PostgreSQL service, migrations, test execution and coverage thresholds (50%)

SEO & Metadata

Dynamic generateMetadata() on Explorer and Plugin Detail pages
Open Graph and Twitter Card tags with plugin name and description
Structured data (JSON-LD / schema.org/SoftwareApplication) for plugin entries
Plugin Detail page refactored from client to server component
metadataBase and title template in root layout, configurable via NEXT_PUBLIC_SITE_URL

Phase 2 — Distribution Completed

Version Metadata Management

Version CRUD: create, list, yank endpoints
Semver validation and Pumpkin compatibility ranges (pumpkin_version_min / pumpkin_version_max)
Changelog per version (Markdown supported)
Download counter increment on version fetch
Version management UI for authors (publish, yank)

Binary Storage & Distribution

Binary file upload with multi-platform support (Windows, macOS, Linux) and MIME-type validation
S3-compatible object storage: MinIO for development, Cloudflare R2 for production
Dual-client architecture for SigV4 signature correctness: separate clients for server-side operations (upload/delete) and presigned URL generation (browser downloads)
Pre-signed download URLs with 1-hour TTL, signed for browser-reachable endpoint
Automatic SHA-256 checksum generation and storage for integrity verification
File size limits (100 MB default) and optimized object key structure (plugins/{slug}/{version}/{platform}/{filename})

Full-Text Search

Plugin indexing in Meilisearch with automatic sync on CRUD operations
Instant search with typo-tolerance (Meilisearch SDK integration)
Faceted filters (category, platform, Pumpkin version) with live counts
Sort by relevance, downloads, date (newest/oldest/updated), name
Autocomplete suggestions via GET /search/suggest
Pumpkin MC version list fetched from official GitHub releases (GET /pumpkin-versions)
Explorer page fully powered by Meilisearch with SearchBar, faceted sidebar, and processing time display

Dependency Graph

Inter-plugin dependency declaration — CRUD endpoints (POST/PUT/DELETE) with ownership enforcement
Compatibility resolution via semver version ranges (>=0.2.0, ^0.3, ~1.0)
Dependency graph resolution — BFS traversal with resolved versions (GET /dependencies/graph)
Conflict detection: no matching version, incompatible ranges, circular dependencies, inactive plugins
Reverse dependency lookup — GET /plugins/{slug}/dependants
Frontend: dependency list view, tree graph visualization, conflict alerts, dependants view

Phase 2.5 — Hardening & Polish Done

Rate Limiting & API Protection

Per-IP rate limiting via tower-governor middleware
Stricter limits on authentication endpoints (register, login, OAuth) to prevent brute-force
Relaxed limits on read-only endpoints (search, plugin list, download)
Configurable thresholds via environment variables
429 Too Many Requests response with Retry-After header

Password Recovery & Email Verification

Forgot password flow — email with time-limited reset token (1 hour TTL)
Reset password page at /auth/reset-password with token validation
Email verification on registration — activation link sent on signup
Email sending infrastructure via SMTP or transactional email service (Resend / SendGrid)
email_verified flag on users table, enforced on sensitive operations

Custom Error Pages & Toast Notifications

Custom 404 Not Found page consistent with Brutalist Industrial design
Custom 500 Internal Error page with helpful recovery actions
Next.js error.tsx and global-error.tsx error boundaries
Toast notification system for user feedback (success, error, info) on CRUD operations
Next.js loading.tsx suspense boundaries with skeleton UI on all pages

Public Author Profiles

GET /api/v1/users/{username} — public author profile endpoint
GET /api/v1/users/{username}/plugins — author's published plugins
Public profile page at /users/{username} with avatar, bio, and plugin portfolio
Author stats: total plugins published, cumulative downloads, member since
Click-through from plugin detail author name to profile page

Admin Moderation Basics

Admin-only routes protected by role middleware (admin / moderator)
Deactivate or flag plugins from admin panel
User management: ban, role change, account deactivation
Audit log of admin actions (who, what, when)
Admin dashboard at /admin with pending reviews and flagged content

Performance & Caching Layer

Redis integration for distributed caching — hot data (popular plugins, category lists, user sessions)
Cache invalidation strategy on CRUD operations (write-through pattern)
Meilisearch search result caching with TTL
Connection pooling and eviction policies (LRU/TTL)
Measurable performance gains: 90% reduction on popular plugin detail page latency, sub-100ms search responses

Phase 3 — Community In Progress

Advanced Author Dashboard

Advanced KPIs: total downloads, 7-day & 30-day windows, trend percentage, top plugin identification
Download charts over time with configurable granularity (daily/weekly/monthly) and period count
API key management for CI/CD integration — create, list, revoke keys with scoped permissions (publish, upload, read)
Notification center with download milestone alerts (10, 50, 100, 500, 1K, 5K, 10K, 50K, 100K), unread badge, and mark-as-read
Permission enforcement — API keys are validated against each endpoint's required permission; admin routes locked to JWT
API key usage audit trail — every API-key-authenticated request logs action, resource, success/failure, and timestamp
Per-API-key rate limiting — individual quotas (burst & sustained) replace the global rate limiter for key-authenticated traffic

Publishing from GitHub

GitHub App to link a repository to a plugin
Automatic publishing on GitHub tag/release with binary artifact detection
Webhook to synchronize READMEs and changelogs from repository
Dynamic "Download on Pumpkin Hub" badge for GitHub repositories

Review System

Star ratings (1–5) with per-user enforcement (one review per plugin, authors cannot self-review)
Review form with title, body and inline StarRating component (hover + keyboard)
Rating distribution overview (bar chart per star level) and computed average
Moderation by plugin authors and staff — toggle review visibility via PATCH /reviews/:id/hide
Abuse reporting with 5 reason types, deduplication guard, and admin resolution workflow
average_rating & review_count included in PluginSummary and Meilisearch documents
Automatic Meilisearch reindex on every review mutation (create / update / delete / hide)
Rating display on plugin detail page (header), explorer cards (PluginCard & SearchHitCard)
New rating sort option on search endpoint (average_rating:desc/asc)

Enhanced Plugin Detail & Media Gallery

New Gallery tab on plugin detail page for images and videos (JPEG, PNG, WebP ≤ 10 MB; MP4, WebM ≤ 100 MB, max 20 items per plugin)
Drag-and-drop MediaUpload component with client-side validation, preview, and XHR progress bar
Reorder and caption editing for each media item; soft-delete with fire-and-forget S3 cleanup
Lightbox carousel — fullscreen overlay with prev/next, thumbnail strip, caption, keyboard navigation (← → Esc), video autoplay support
New Changelog tab with Keep-a-Changelog markdown rendering (headings, lists, code blocks, links); source badge (GitHub synced vs manual)
Inline markdown editor for owners with live char count (max 200 K chars); UPSERT via ON CONFLICT
XSS protection in markdown renderer via escapeHtml() before all output
New API routes: GET/POST /plugins/{slug}/media, PATCH/DELETE /media/{id}, PUT /media/reorder, GET/PUT/DELETE /plugins/{slug}/changelog

Plugin Categories Refinement

17 server-plugin categories inspired by Modrinth/CurseForge, aligned with server-side-only plugin use cases
4 renamed: Gameplay → Game Mechanics, Administration → Management, API/Library → Library, Performance → Optimization
9 new categories: Adventure, Decoration, Equipment, Minigame, Mobs, Social, Storage, Transportation, Utility
Soft-deletion via is_active column — deactivated categories preserved in historical data, filtered from all API responses
display_order column for deterministic alphabetical ordering independent of insertion order
Shared lib/category-icons.ts module — single CATEGORY_ICON_MAP + getCategoryIcon() used across ExplorerSidebar, PluginForm, and PublishFromGithubForm
CategoryPicker updated with Lucide icons and title tooltip showing category descriptions

User Experience Improvements Completed

Grid View toggle on Explorer page — switch between list and card grid layouts for plugin browsing
Persistent user preference via localStorage (pumpkin-hub:explorer-view key)
Search Bar on Landing Page — unified search experience linking to Explorer with pre-filled query
Auto-focus and ⌘K / Ctrl+K global keyboard shortcut on Landing & Explorer pages
Hero section updated with prominent search CTA, OS-aware shortcut hints, and Escape-to-clear

Test Coverage & Code Quality — 80%+ Target Completed

Frontend coverage raised from ~5% to 80%+ through progressive milestones (36% → 40% → 45% → 48% → 50% → 53% → 80%+)
Comprehensive test suites added: smoke tests for all pages, MSW API contract mocks, component integration tests
Covered modules: lib/validation.ts, lib/api.ts, UI components (Badge, Button, PluginCard, PluginIcon), plugin forms, review system, dashboard, profile, media gallery, lightbox, changelog, notifications
CI thresholds enforced: lines 80%, functions 80%, branches 75% — hard gate on every PR
Backend coverage tracked via cargo-tarpaulin with LCOV output
SonarQube integration: combined frontend + backend coverage analysis on every CI run
Quality tooling: MSW (Mock Service Worker) for API contract testing, @testing-library/user-event for interaction scenarios

Security Hardening Completed

Secure cookies: Secure flag on all auth cookies, auto-detected from ALLOWED_ORIGINS HTTPS scheme or forced via COOKIE_SECURE env var
POST-only logout: POST /auth/logout replaces GET to prevent CSRF-based sign-out attacks
HTTP security headers via Next.js: X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy (camera, mic, geo disabled)
Cookie domain configuration: COOKIE_DOMAIN env var enables shared auth across subdomains (e.g., .pumpkinhub.org)
Pre-production security audit performed with P0/P1/P2 findings tracked and resolved

Production Deployment & CI/CD Completed

Production Docker stack: multi-stage Dockerfiles for API (Alpine-based, static Rust binary) and Frontend (Next.js standalone)
Container registry: pre-built images on GitHub Container Registry (ghcr.io/fablrc/pumpkin-hub-api, ghcr.io/fablrc/pumpkin-hub-frontend)
Docker build workflow: GitHub Actions builds and pushes images on every successful CI run, with Coolify webhook trigger for auto-deployment
Health checks: Docker HEALTHCHECK instructions on frontend and API containers
Deployment target: Hetzner VPS + Coolify (self-hosted PaaS) + Cloudflare R2 for object storage
Upload proxy: Next.js proxy routes (/api/upload/*) for browser binary uploads via internal Docker network, with R2 presign fallback
Public statistics API: GET /api/v1/stats — unauthenticated endpoint returning total plugins, authors, and downloads for the homepage
Plugin icons: icon upload/display on plugin pages with S3 storage and 2-letter initial fallback component

Collections & Curations

Thematic plugin collections (e.g., "Essential PvP Pack")
Staff Picks — featured plugins by the team
Editorial categories and community tags

Phase 3.5 — Server Configuration Planned

Pumpkin Server Builder

Interactive server build wizard at /server-builder — select plugins from catalog with granular filtering
Plugin compatibility check — auto-detect conflicts, circular dependencies, version incompatibilities
Dependency graph auto-resolution — add a plugin and its required dependencies are automatically included
Pre-configuration of selected plugins — tune parameters, settings, and game mechanics (optional)
Generate downloadable ZIP with pre-configured server files:
- pumpkin-config.toml (server configuration)
- All plugin binaries organized by platform (Windows/Linux/macOS)
- README with setup instructions and dependency list
Save & share configurations — unique shareable links (/configs/{id}) for easy server setup distribution
Analytics dashboard — track popular plugin combinations and configuration patterns

Phase 4 — Ecosystem Planned

Pumpkin Hub CLI

Rust CLI tool to publish, search and install plugins
Commands: ph publish, ph search, ph install
Lock file for dependency resolution
Authentication via API token

Public API & Webhooks

Auto-generated OpenAPI/Swagger documentation
~~Rate limiting and quotas per API key~~ (moved to Phase 3 — completed)
Configurable webhooks (new version, new plugin, download)
Client SDKs for third-party integrations

Advanced Security

Automatic scan of uploaded binaries (antivirus, static analysis)
Cryptographic release signing (GPG / cosign)
~~Audit log of all publishing operations~~ (moved to Phase 3 — completed via API key audit trail)
Community bug bounty program

Internationalization

Multilingual interface (EN, FR, DE, ES, PT, ZH)
Multilingual plugin descriptions
Translated documentation

Plugin Co-Creators & Advanced Permissions

Add co-creators to a plugin with granular permission roles:
- Owner — full control (edit, publish, delete, manage contributors)
- Maintainer — can edit, publish versions, manage dependencies
- Contributor — can edit plugin metadata and create versions (no deletion)
- Viewer — read-only access to dashboard and analytics
Invite system with email notifications and acceptance flow
Permission enforcement on all plugin mutations (CRUD, version management, etc.)
Audit log showing which contributor performed each action
Remove contributors with history preservation
UI on plugin dashboard to manage contributors and their roles

Backlog — Future Ideas

These features are not yet scheduled but are part of the long-term project vision. They will be prioritized based on community feedback.

Monetized Marketplace

Premium plugin support with integrated payment system for authors.

Cloud Test Server

Ephemeral Pumpkin MC environment to test a plugin directly from the browser.

Plugin Templates

Plugin project scaffolding via cargo generate with official templates.

Advanced Analytics

Detailed metrics: retention, active versions, geographic distribution.

Role System

Organizations with members, granular permissions and plugin co-ownership.

GraphQL API

Alternative GraphQL endpoint for flexible client-side queries.

Advertising Integration

Community-friendly ad network integration (Google Ads, EthikAds/CarbonAds) to support hosting and development costs. Non-intrusive, focused on environmental/ethical options.

Contribute

Want to contribute to a feature? Check the contribution guide and open an issue on GitHub to discuss the implementation before starting.