2024-04-16 Extensions Platform - Backend


  • Anna Sirota
  • Dalai Felinto
  • Oleg Komarov

Meeting to check the status of the backlog tasks and to clarify some questions regarding the Extensions Platform project.

Recent changes

  • ClamAV running on the server.
  • More validation tests.
  • New API/JSON (both Blender and the server were updated).
  • User Interface changes.
    • Move Repositories under the dropdown menu.
    • Small tweaks to Repositories pop-over.
  • New proposal for access to the internet and notifications:
    • First time dialogs and setups #120665
    • Filter option to show only Update Available #120609
    • Show Available Updates on status bar #120610
    • Splashscreen and Available Extensions Update #120612
    • Repository option to “Check for Updates on Startup” #120613
  • Documentation for the Listing API and manifest schema.

In progress

  • Notification system !80.
  • Thumbnails for media !51.


  • When submitting for approval, an approval activity item should be created.
  • Status Disabled by author
    • Not exposed for now, but there may be use case in the future.
    • Once needed, we can add UI for that.
    • It would generate an event on the approval queue.
  • Manifest:
    • Meta-data needs to update.
    • Fields that can never change:
      • id
      • type
  • Slugs
    • Always derive slugs from id (right now they are deriving from name).
  • Approval Queue:
    • Users can unsubscribe from the activity notifications.
    • New versions create an event on the approval queue (without this notifying anyone).
  • Suspicious activity
    • The communication with the author is expected to happen outside the approval queue.
    • It needs a new STATUS (hold for investigation due to clamAV)
    • Moderators and admins can see it listed in the Approval Queue.
    • Users (and author) can no longer see the Approval Queue page for this extension.
    • The possible actions are:
      • Remove faulty version, and re-approve the extension.
      • Disable by staff (manually triage it, but keep it undecided while the investigation continues - e.g., reach out to author to see if was an account take over).
    • First submission
      • Nothing in particular, the extension was never officially listed.
    • Subsequent version
      • Extension (not only version) gets unlisted (not blocked - yet).
      • Mark extension as “blocklisted”, copy data to private vault, delete.
  • Notifications
    • Keep all the events on the notification queue.
    • Send email even if notification was seen on the site.
    • Send granular emails (or have an option for bundle/granular).
  • Featured Image
    • This remains a target.
    • We also want a required “icon” (square image).
    • In the future we can auto-generate the icons for themes (with SVG).
    • Same for gallery images (based on a .blend).
  • Deleting
    • If an extension was never published, deletion can be a full hard-deleted.
    • The “slug/extension id” can be free to re-use.
    • If there was approval queue (or suspicious) activities, we want to keep a copy for logs.
    • Only admins need to access this.