🛍️ The Store (App Store)
NoCloudMe's sections aren't all hard-wired: many are modules you install and remove from the Store, the way apps work on a phone — except they run on your own server.
What a module is
Every module lives in its own folder with a manifest that explicitly declares everything it needs and does:
| Field | What it's for |
|---|---|
owns / read_tables / write_tables |
which database tables it reads and writes — its data permission |
secrets |
which credentials it needs (never shipped in the code) |
jobs |
scheduled tasks it brings along (e.g. an ingest job) |
assets / i18n |
translated strings it adds and removes on install/uninstall |
At a glance, you always know exactly what each app touches: nothing reaches data it hasn't declared.
Connectors: modules with database-write access
A connector is a special kind of module (module.kind: "connector") built to bring your own
files in: drop a bank export, a tax return, or a data export from another service, and it parses the
file itself — no AI involved — and inserts the rows into the right table.
Connectors have one elevated capability ordinary modules don't: writing to the core's database. That capability is disclosed up front — the Store shows exactly which tables a connector can write to before you install it — and it's tightly boxed in even after installation:
- A connector never writes SQL. It parses its file into plain rows and hands them to the core's ingest engine over an internal API; the engine is the only thing that ever touches the database.
- The engine validates every table/column name against a safe-identifier whitelist and binds every value as a parameter — the two things that make SQL injection possible are both closed off.
- A connector can only write the tables its own manifest's
permissions.write_tablesnames — the same declared, visible permission any other module has, just withwriteinstead of onlyread. Two independent gates enforce it: the connector's own manifest, and the dataset it's trying to write. - Every write is reversible (a snapshot is taken first) and idempotent — dropping the same file twice changes nothing the second time.
- If a file can't be processed, or only partly can, you get a short, plain-language log of exactly what went wrong, row by row — never a silent failure.
Connectors typically cover things like bank statements or tax declarations from a specific institution; each ships its own parser and file-format definitions, and you only install the ones that match banks or agencies you actually use.
Where modules live
Most sections ship with the core product. Optional apps and connectors live in a separate, lighter-weight companion repository dedicated to the module catalog, so the core stays focused on the platform itself — but they install and appear exactly the same way from the Store.
Install and uninstall
- Installing adds the section to the catalog (it appears on everyone's home screen and in Settings) and deploys its code to the server.
- Uninstalling removes it from the catalog and deletes its code from the server. Its data is left untouched — still in the database, ready to pick back up if you reinstall it.
Only admins can install or uninstall; the action is audited.
Authorship
Every app shows its creator (by GitHub user) and links to its code, so you can always see where a piece came from. The catalog of available apps lives in the repository itself.
Tip
The Messaging module is a good example of an ordinary module: it ships its own
chat_* tables, an ingest job, and its own credential to reach the backup — all declared in its
manifest.