--- id: core.lumi title: lumi-bot scope: core status: active priority: 20 visibility: user category: Core tags: core, routes, commands, settings generated: true editable: false updated_at: "2026-06-25T12:06:11.231Z" --- # lumi-bot Lumi is the core web UI and bot runtime. ## Runtime Package: lumi-bot Version: 0.1.9 ## Routes - GET /api/events - POST /api/destructive-confirmations - GET /api/users/search - GET /api/placeholders/catalog - POST /api/placeholders/preview - GET /api/feedback/similar - POST /api/feedback/:id/support - POST /api/feedback - GET /api/feedback/notifications - GET / - GET /api/assistant-panels - GET /setup - GET /setup/discord - POST /setup/discord/verify - POST /setup/discord/cancel - GET /setup/twitch - POST /setup/twitch/verify - POST /setup/twitch/cancel - GET /setup/youtube - POST /setup/youtube/connect - POST /setup/youtube/verify - POST /setup/youtube/cancel - GET /auth/discord - GET /auth/discord/callback - GET /auth/localhost - POST /auth/localhost - POST /auth/logout - GET /auth/twitch - GET /auth/twitch/login - GET /auth/twitch/callback - GET /auth/youtube - GET /auth/youtube/login - GET /auth/youtube/callback - GET /profile - POST /profile/unlink/:provider - POST /profile/username - GET /feedback - POST /feedback/:id/comment - POST /feedback/:id/support - GET /feedback/:id/screenshot - GET /feedback/:id/attachments/:attachmentId - GET /health - GET /commands - GET /leaderboards - GET /stats - GET /stats/:username - GET /pages/:slug - GET /moderator - GET /admin - GET /api/admin/dashboard-metrics - GET /admin/settings - POST /admin/settings - POST /admin/settings/nav-icons - POST /admin/settings/nav-icons/reset - GET /admin/navigation - POST /admin/navigation - POST /admin/navigation/reset - GET /admin/discord-wizard - POST /admin/discord-wizard/verify - POST /admin/discord-wizard/cancel - GET /admin/twitch-wizard - POST /admin/twitch-wizard/verify - POST /admin/twitch-wizard/cancel - GET /admin/youtube-wizard - POST /admin/youtube-wizard/connect - POST /admin/youtube-wizard/verify - POST /admin/youtube-wizard/cancel - GET /admin/theming - POST /admin/theming/select - POST /admin/theming/duplicate - POST /admin/theming/custom/:id/save - POST /admin/theming/custom/:id/rename - POST /admin/theming/custom/:id/delete - POST /admin/theming - GET /admin/logs - GET /admin/logs/download - GET /admin/feedback - POST /admin/feedback/export - POST /admin/feedback/:id/export - POST /admin/feedback/:id/create-okf-correction - POST /admin/feedback/:id - POST /admin/feedback/:id/finalize - POST /admin/feedback/:id/reopen - POST /admin/feedback/:id/delete - POST /admin/feedback/:id/cleanup - GET /admin/privileges - GET /admin/commands - POST /admin/commands - POST /admin/commands/:id/toggle - POST /admin/commands/:id/delete - POST /admin/commands/:id/update - POST /admin/commands/:id/preview - GET /admin/pages - GET /admin/users - POST /admin/users/:id/username - POST /admin/pages - POST /admin/pages/:id/toggle - POST /admin/pages/:id/delete - POST /admin/pages/:id/update - GET /admin/plugins - POST /admin/plugins/:id/toggle - POST /admin/plugins/:id/uninstall - POST /admin/plugins/upload - POST /admin/plugins/install - POST /admin/plugins/create - POST /admin/plugins/:id/update - GET /admin/updates/events - GET /admin/updates/status - GET /admin/updates/recovery - POST /admin/updates/recovery/clear-marker - POST /admin/updates/recovery/retry-normal-startup - GET /admin/updates - POST /admin/updates/core/check - POST /admin/updates/core/apply - POST /admin/updates/core/revert - POST /admin/updates/bot - POST /admin/updates/core/zip - POST /admin/updates/plugin - POST /admin/updates/plugins/:id/check - POST /admin/updates/plugins/:id/apply - POST /admin/updates/plugins/:id/revert - POST /admin/updates/plugins/:id/disable - POST /admin/updates/plugins/:id/zip - POST /admin/update - POST /admin/check-update - POST /admin/restart ## Route Reference ### GET /api/events - Purpose: Streams live WebUI event notifications to the browser. - Inputs: No request parameters detected by static analysis. - Response format: streaming event response - Access: logged-in session required or used - Side effects: publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. API consumers should expect JSON unless the response format says otherwise. ### POST /api/destructive-confirmations - Purpose: Provides api destructive confirmations data as JSON. - Inputs: body: `action` - Response format: JSON response - Access: logged-in session required or used - Side effects: Consumes submitted data; state mutation happens in called helpers if present. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### GET /api/users/search - Purpose: Searches known linked Lumi users for shared user-lookup fields. - Inputs: query: `limit`, `q` - Response format: JSON response - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. API consumers should expect JSON unless the response format says otherwise. ### GET /api/placeholders/catalog - Purpose: Returns placeholder suggestions available to the current user and field policy. - Inputs: query: `field_id`, `output_audience` - Response format: JSON response - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### POST /api/placeholders/preview - Purpose: Previews placeholder rendering for a submitted template without saving it. - Inputs: body: `field_id`, `output_audience`, `template` - Response format: JSON response - Access: logged-in session required or used - Side effects: Consumes submitted data; state mutation happens in called helpers if present. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### GET /api/feedback/similar - Purpose: Provides api feedback similar data as JSON. - Inputs: query: `limit` - Response format: JSON response - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### POST /api/feedback/:id/support - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id` - Response format: JSON response - Access: logged-in session required or used - Side effects: Action route; side effects were not detected statically. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### POST /api/feedback - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: file upload: multipart form file data; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service - Response format: API response; exact schema was not detected statically. - Access: logged-in session required or used - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### GET /api/feedback/notifications - Purpose: Provides api feedback notifications data as JSON. - Inputs: No request parameters detected by static analysis. - Response format: JSON response - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. API consumers should expect JSON unless the response format says otherwise. ### GET / - Purpose: Renders the requested WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. ### GET /api/assistant-panels - Purpose: Provides api assistant panels data as JSON. - Inputs: No request parameters detected by static analysis. - Response format: JSON response - Access: logged-in session required or used; mount-level canAccess predicate applies - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### GET /setup - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /setup/discord - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /setup/discord/verify - Purpose: Guides first-time platform setup and verification. - Inputs: body: `discord_admin_role_id`, `discord_bot_token`, `discord_client_id`, `discord_client_secret`, `discord_guild_id`, `discord_mod_role_id`, `discord_redirect_uri` - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /setup/discord/cancel - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /setup/twitch - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /setup/twitch/verify - Purpose: Guides first-time platform setup and verification. - Inputs: body: `twitch_bot_oauth`, `twitch_bot_username`, `twitch_channels`, `twitch_client_id`, `twitch_client_secret`, `twitch_redirect_uri` - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /setup/twitch/cancel - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /setup/youtube - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /setup/youtube/connect - Purpose: Guides first-time platform setup and verification. - Inputs: body: `youtube_client_id`, `youtube_client_secret`, `youtube_redirect_uri` - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /setup/youtube/verify - Purpose: Guides first-time platform setup and verification. - Inputs: body: `youtube_client_id`, `youtube_client_secret`, `youtube_redirect_uri` - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /setup/youtube/cancel - Purpose: Guides first-time platform setup and verification. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /auth/discord - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /auth/discord/callback - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: query: full query object is passed to a helper; exact fields are defined by the matching view/service - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. ### GET /auth/localhost - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /auth/localhost - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: body: `password`, `username` - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /auth/logout - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Action route; side effects were not detected statically. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /auth/twitch - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /auth/twitch/login - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /auth/twitch/callback - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: query: full query object is passed to a helper; exact fields are defined by the matching view/service - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. ### GET /auth/youtube - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /auth/youtube/login - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /auth/youtube/callback - Purpose: Starts, completes, or cancels a platform authentication/linking flow. - Inputs: query: full query object is passed to a helper; exact fields are defined by the matching view/service - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. ### GET /profile - Purpose: Renders the profile WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /profile/unlink/:provider - Purpose: Processes the profile unlink provider action and stores or applies submitted form data. - Inputs: path params: `provider` - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /profile/username - Purpose: Processes the profile username action and stores or applies submitted form data. - Inputs: body: `internal_username` - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /feedback - Purpose: Renders the feedback WebUI page. - Inputs: query: `id` - Response format: HTML page rendered from an EJS view - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /feedback/:id/comment - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: `comment` - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /feedback/:id/support - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /feedback/:id/screenshot - Purpose: Handles feedback id screenshot. - Inputs: path params: `id` - Response format: static file response - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /feedback/:id/attachments/:attachmentId - Purpose: Handles feedback id attachments attachmentId. - Inputs: path params: `attachmentId`, `id` - Response format: static file response - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /health - Purpose: Returns runtime health information. - Inputs: No request parameters detected by static analysis. - Response format: JSON response - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /commands - Purpose: Displays configured bot commands. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected; logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /leaderboards - Purpose: Displays leaderboard data. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: No explicit access guard detected in the route handler; check surrounding router/mount middleware. - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /stats - Purpose: Displays user or community statistics. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /stats/:username - Purpose: Displays user or community statistics. - Inputs: path params: `username` - Response format: HTML page rendered from an EJS view - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /pages/:slug - Purpose: Renders the pages slug WebUI page. - Inputs: path params: `slug` - Response format: HTML page rendered from an EJS view - Access: logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /moderator - Purpose: Renders the moderator WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: moderator access may be required - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /admin - Purpose: Renders the admin WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /api/admin/dashboard-metrics - Purpose: Provides api admin dashboard metrics data as JSON. - Inputs: query: `scope` - Response format: JSON response - Access: admin access expected - Side effects: writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. API consumers should expect JSON unless the response format says otherwise. ### GET /admin/settings - Purpose: Renders the core settings page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected; logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/settings - Purpose: Saves core settings from the admin settings form. - Inputs: body: `localhost_login_password`, `localhost_login_username` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Input length or numeric bounds are enforced by helper functions in the handler. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/settings/nav-icons - Purpose: Saves core settings from the admin settings form. - Inputs: body: `item_id`; file upload: multipart form file data - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/settings/nav-icons/reset - Purpose: Saves core settings from the admin settings form. - Inputs: body: `item_id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/navigation - Purpose: Renders the admin navigation WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected; logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/navigation - Purpose: Processes the admin navigation action and stores or applies submitted form data. - Inputs: body: `nav_enabled`, `nav_include_unassigned`, `nav_sections`, `nav_unassigned_icon`, `nav_unassigned_id`, `nav_unassigned_label` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/navigation/reset - Purpose: Processes the admin navigation reset action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/discord-wizard - Purpose: Renders the admin discord wizard WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/discord-wizard/verify - Purpose: Renders the admin discord wizard verify WebUI page. - Inputs: body: `discord_admin_role_id`, `discord_bot_token`, `discord_client_id`, `discord_client_secret`, `discord_guild_id`, `discord_mod_role_id`, `discord_redirect_uri` - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/discord-wizard/cancel - Purpose: Processes the admin discord wizard cancel action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/twitch-wizard - Purpose: Renders the admin twitch wizard WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/twitch-wizard/verify - Purpose: Renders the admin twitch wizard verify WebUI page. - Inputs: body: `twitch_bot_oauth`, `twitch_bot_username`, `twitch_channels`, `twitch_client_id`, `twitch_client_secret`, `twitch_redirect_uri` - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/twitch-wizard/cancel - Purpose: Processes the admin twitch wizard cancel action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/youtube-wizard - Purpose: Renders the admin youtube wizard WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/youtube-wizard/connect - Purpose: Processes the admin youtube wizard connect action and stores or applies submitted form data. - Inputs: body: `youtube_client_id`, `youtube_client_secret`, `youtube_redirect_uri` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/youtube-wizard/verify - Purpose: Renders the admin youtube wizard verify WebUI page. - Inputs: body: `youtube_client_id`, `youtube_client_secret`, `youtube_redirect_uri` - Response format: HTML page rendered from an EJS view; HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/youtube-wizard/cancel - Purpose: Processes the admin youtube wizard cancel action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/theming - Purpose: Renders the admin theming WebUI page. - Inputs: query: `edit` - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/theming/select - Purpose: Processes the admin theming select action and stores or applies submitted form data. - Inputs: body: `theme_id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/theming/duplicate - Purpose: Processes the admin theming duplicate action and stores or applies submitted form data. - Inputs: body: `name`, `theme_id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/theming/custom/:id/save - Purpose: Processes the admin theming custom id save action and stores or applies submitted form data. - Inputs: path params: `id`; body: `apply` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/theming/custom/:id/rename - Purpose: Processes the admin theming custom id rename action and stores or applies submitted form data. - Inputs: path params: `id`; body: `name` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/theming/custom/:id/delete - Purpose: Processes the admin theming custom id delete action and stores or applies submitted form data. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/theming - Purpose: Processes the admin theming action and stores or applies submitted form data. - Inputs: body: full submitted body is passed to a helper; exact fields are defined by the matching form/service - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/logs - Purpose: Displays, downloads, or manages application logs. - Inputs: query: `level`, `limit`, `range` - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /admin/logs/download - Purpose: Displays, downloads, or manages application logs. - Inputs: query: `level`, `limit`, `range` - Response format: plain or HTML response - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /admin/feedback - Purpose: Renders the admin feedback WebUI page. - Inputs: query: `area`, `category`, `date_from`, `date_to`, `needs_action`, `scope`, `severity`, `sort`, `status`, `submitter` - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/feedback/export - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: body: full submitted body is passed to a helper; exact fields are defined by the matching form/service - Response format: JSON response - Access: admin access expected - Side effects: Action route; side effects were not detected statically. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id/export - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service - Response format: JSON response - Access: admin access expected - Side effects: Action route; side effects were not detected statically. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id/create-okf-correction - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: `status_note` - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id/finalize - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: `status_note` - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id/reopen - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: `status_note` - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id/delete - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/feedback/:id/cleanup - Purpose: Creates, updates, comments on, exports, or manages feedback records depending on the action path. - Inputs: path params: `id`; body: full submitted body is passed to a helper; exact fields are defined by the matching form/service - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/privileges - Purpose: Renders the admin privileges WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /admin/commands - Purpose: Displays configured bot commands. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected; logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/commands - Purpose: Creates, updates, previews, toggles, or deletes custom commands. - Inputs: body: `code`, `language`, `mode`, `response`, `trigger` - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/commands/:id/toggle - Purpose: Creates, updates, previews, toggles, or deletes custom commands. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/commands/:id/delete - Purpose: Creates, updates, previews, toggles, or deletes custom commands. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/commands/:id/update - Purpose: Creates, updates, previews, toggles, or deletes custom commands. - Inputs: path params: `id`; body: `code`, `language`, `mode`, `response`, `trigger` - Response format: HTTP redirect after handling the request - Access: admin access expected; logged-in session required or used - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/commands/:id/preview - Purpose: Creates, updates, previews, toggles, or deletes custom commands. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/pages - Purpose: Renders the admin pages WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /admin/users - Purpose: Renders the admin users WebUI page. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected; logged-in session required or used - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/users/:id/username - Purpose: Processes the admin users id username action and stores or applies submitted form data. - Inputs: path params: `id`; body: `internal_username` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/pages - Purpose: Processes the admin pages action and stores or applies submitted form data. - Inputs: body: `content`, `content_css`, `format`, `nav_label`, `role`, `show_in_nav`, `slug`, `title` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/pages/:id/toggle - Purpose: Processes the admin pages id toggle action and stores or applies submitted form data. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/pages/:id/delete - Purpose: Processes the admin pages id delete action and stores or applies submitted form data. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/pages/:id/update - Purpose: Processes the admin pages id update action and stores or applies submitted form data. - Inputs: path params: `id`; body: `content`, `content_css`, `format`, `nav_label`, `role`, `show_in_nav`, `slug`, `title` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes database state when the called service mutates data - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/plugins - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/plugins/:id/toggle - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: path params: `id`; body: `enabled` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/plugins/:id/uninstall - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/plugins/upload - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: file upload: multipart form file data - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/plugins/install - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: body: `url` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/plugins/create - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: body: `description`, `id`, `name` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/plugins/:id/update - Purpose: Manages installed plugins, plugin uploads, installs, updates, or plugin enablement. - Inputs: path params: `id` - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/updates/events - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: streaming event response - Access: admin access expected - Side effects: publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### GET /admin/updates/status - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: JSON response - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. ### GET /admin/updates/recovery - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: JSON response - Access: admin access expected - Side effects: Usually read-only. - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. ### POST /admin/updates/recovery/clear-marker - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/recovery/retry-normal-startup - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ### GET /admin/updates - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: HTML page rendered from an EJS view - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. ### POST /admin/updates/core/check - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/core/apply - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: No request parameters detected by static analysis. - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/core/revert - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: body: `snapshot_id` - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/bot - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: body: `patch_mode`; file upload: multipart form file data - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/core/zip - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: body: `patch_mode`, `rollback_safe`; file upload: multipart form file data - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/plugin - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: file upload: multipart form file data - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; writes files; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/plugins/:id/check - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: path params: `id` - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/plugins/:id/apply - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: path params: `id` - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/plugins/:id/revert - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: path params: `id`; body: `snapshot_id` - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/plugins/:id/disable - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: path params: `id` - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: publishes or streams live WebUI events - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/updates/plugins/:id/zip - Purpose: Checks, applies, reverts, or reports update state for core or plugin updates. - Inputs: path params: `id`; body: `rollback_safe`; file upload: multipart form file data - Response format: Form/action response; exact format was not detected statically. - Access: admin access expected - Side effects: writes or mutates server-side state; writes files - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/update - Purpose: Processes the admin update action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/check-update - Purpose: Processes the admin check update action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Errors are caught and usually returned as a flash message, JSON error, or error page. Most non-API POST routes are browser form submissions and usually redirect after completion. ### POST /admin/restart - Purpose: Processes the admin restart action and stores or applies submitted form data. - Inputs: No request parameters detected by static analysis. - Response format: HTTP redirect after handling the request - Access: admin access expected - Side effects: writes or mutates server-side state; may restart or stop runtime processes - Limits/notes: Generated from static route source analysis; confirm exact behavior in the handler before changing integrations. Most non-API POST routes are browser form submissions and usually redirect after completion. ## README Summary # Lumi Bot Discord bot + WebUI with role-based access, plugin management, and self-update support. ## Quick start Requires Node.js 18+. 1. Install dependencies: ``` npm install ``` 2. Run with auto-restart: ``` npm run run ```