Dev hub

Koder Hub — dev/store

  • *rea:*Developer Platform
  • *ath:*dev/store
  • *ind:*Full-stack universal app store — Flutter (6 platforms) + Depot backend

Role in the stack

Koder Hub is the universal app distribution platform for the Koder ecosystem. It is the single place where users discover, install, and update Koder apps across Android, iOS, Linux, Windows, macOS, and Web (CanvasKit). The Go backend at hub.koder.dev:9400 exposes a REST API for app catalog, downloads, reviews, and developer publishing; its editable source lives in dev/depot/platform, while products/dev/store/src/koder-hub is a compiled deployment artifact. A single Flutter codebase drives all six platform clients.

*ey capabilities:*

  • *ultiplatform install*— platformnative install flows per OS: pkexec dpkg -i (Linux), Add-AppxPackage (Windows), open + dragtoApplications (macOS), PackageInstaller API (Android), App Store redirect (iOS), <a download> anchor (Web)
  • *utoupdate*— background selfupdate check (UpdateCheckerService), silent download, and relaunch for Linux and macOS; installer wizard for Windows; OS-handled for Android
  • *wo-attempt download*— POST token flow first, then DirectDownload GET fallback with explicit 302/301 redirect handling for resilience when the token service is degraded
  • *khub package identity** — Linux binary, kpkg package name, Store catalog slug and desktop startup class align on khub; koderhub` remains a onerelease CLI alias
  • * layout modes*— Grid, List, Editorial (Applestyle), Compact, Discover (Steamstyle), persisted in SharedPreferences
  • *oder ID SSO*— OIDC/PKCE login with flutter_secure_storage and refresh token auto-renewal
  • *inux package browser*— native DEBRPMFlatpakSnapAppImage panel backed by enabled koder-packages.json feeds and stale-cache fallback
  • *icrosoft Store integration*— browse and install Windows apps from the same UI

Platform install matrix

Platform Download Install Relaunch
Linux POST token → GET /download/{token} (DirectDownload fallback) pkexec dpkg -i relaunchSelf() — detached Process.start
Windows POST token → GET /download/{token} PowerShell Add-AppxPackage / msiexec MSIX handles restart
macOS POST token → GET /download/{token} (DirectDownload fallback) open <dmg> (user drags to /Applications) relaunchSelf() — re-opens Platform.resolvedExecutable
Android System DownloadManager PackageInstaller API OS restarts after install
iOS App Store URL redirect System App Store N/A
Web Token → <a download> anchor Browser download N/A

Primary couplings

Module Relationship
platform/id Auth — OIDC/PKCE token exchange + introspection
sdk-koder-kit (engines/sdk/koder_kit) Shared Flutter shell primitives, auth-aware app scaffolding, theme, and localization helpers
sdk-store (engines/sdk/store) Flutter SDK that any Koder app embeds for self-update awareness
dev/depot/platform Editable Store API/backend source: handlers, repo, storage, migrations, metrics
infra/jet Reverse proxy + TLS at hub.koder.dev
data/kdb (current) Telemetry ingest for download events

Interfaces

*ackend REST API*— https://hub.koder.dev/api/v1/

Endpoint Purpose
GET /apps Browse + search catalog
GET /apps/{slug} App detail + version + artifacts
GET /apps/{slug}/install?platform=… Install metadata (download URL, version)
POST /download/token Generate a short-lived download token
GET /download/{token} Resolve token → binary stream (302 redirect)
GET /apps/{slug}/download?platform=… DirectDownload fallback

*lient service*— PackageInstallerService (Dart)

  • downloadAndInstall(slug, version, {onProgress}) — routes per platform
  • downloadPackageOnly(slug, version, format) — save native package to ~/Downloads/
  • relaunchSelf() — detached relaunch after self-update (Linux + macOS)

*inux package feed*— repository JSON contract

  • Enabled repositories expose koder-packages.json
  • Client cache key: linux_package_feed_cache_v1
  • Failures surface through the app shell instead of being collapsed to silent empty lists

*ndroid privileged extension*— products/dev/store/privileged/

  • KoderHubPrivileged.apk lives at /system/priv-app/ and exposes an

    AIDL service guarded by the signature-level dev.koder.koder_store.privileged.BIND permission, granting Store silent install/uninstall without the system confirmation dialog

  • AOSP integration via PRODUCT_PACKAGES + mac_permissions.xml; non-AOSP

    ROMs (Samsung, Pixel retail, OnePlus) get a Magisk-flashable SELinux module at products/dev/store/privileged/selinux/ that injects the cross-domain Binder rules required on enforcing-SELinux devices

Status

Version *.29.82*— production. Fixed package name computation: _packageName(slug) no longer strips the koder- prefix, so koder-mosaic correctly resolves to dev.koder.koder_mosaic (was silently failing with "Installation not confirmed" for all koder-* slugs). Also fixed "Not available for {platform}" text to use title-case platform names.

*.29.81*— khub package identity alignment, Linux package browser with repository feeds.

/k-evolve pass — 20260426

First evolve pass on dev/store. Phase 2 surfaced 14 gaps across the six dimensions; HUB1 (KSTORE error IDs) and HUB8 (KoderErrorBanner adoption) were merged into a single ticket, leaving 13 in backlog/pending/ (HUB063–HUB075). Five landed in the same session:

  • *UB-069*— RedactedString for bearer tokens; toString() returns <redacted:hash8> so accidental log/crash interpolation never leaks the secret.
  • *UB-070*— requireHttps() at ApiClient constructor and Linux package feed fetch; loopback HTTP allowed only in kDebugMode.
  • *UB065*— KoderBackScope(enableSystemExitAtRoot: true) at the app root, satisfying `specsnavigationbackbehavior.kmd`.
  • *UB-067*— Linux package feed JSON decode moves to a worker isolate (compute()) above 256 KB, keeping the main isolate responsive on large feeds.
  • *UB068*— KStoreLogger (structured JSON via dart:developer.log) replaces the silent catch (_) {} sites in update_checker_service.dart and billing_service.dart; newTraceId() available for crossservice correlation.

Remaining open: HUB063 (KSTORE error catalog + KoderErrorBanner sweep), HUB064 (KoderSafeScaffold perroute), HUB066 (catalog pagination), HUB071 (engines/sdk/koder_ipc adoption), HUB072 (paginated reviews), HUB073 (client metrics), HUB074 (model input validation), HUB075 (health probe). Plus HUB062 (privileged SELinux ondevice verification — hardwareblocked).

Source: ../home/koder/dev/koder/meta/docs/stack/modules/dev-hub.md