feat: add package manager plugin for external repo management

New plugin at internal/plugins/packages/ that manages external GitHub
repositories for game system packs and the Foundry VTT module. Provides
admin UI with version management, auto-update policies, version pinning,
and background update worker. Routes registered under /admin/packages.

https://claude.ai/code/session_01NnKM8NqJzGz8756CZ4PEGg

Author: claude

.ai/status.md

@@ -8,7 +8,12 @@
 <!-- ====================================================================== -->
 
 ## Last Updated
-2026-03-17 -- **Sprint: Draw Steel System Module + Foundry Infrastructure Fixes.**
+2026-03-17 -- **Sprint: Package Manager Plugin + Repo Separation Docs.**
+
+45. **Sprint: Package Manager Plugin + Repo Separation.**
+    - **Repo Separation Documentation (COMPLETE)** — Created comprehensive documentation templates in `docs/repo-templates/` for `chronicle-foundry-module` and `chronicle-systems` repos. Includes README, CLAUDE.md, .ai/ architecture docs, API contracts, adapter docs, JSON schemas, and step-by-step system creation guides.
+    - **Package Manager Plugin (COMPLETE)** — New `internal/plugins/packages/` plugin with full admin UI. Features: GitHub release fetching, version management (install/pin/unpin), auto-update policies (off/nightly/weekly/on_release), background update worker, package CRUD, HTMX version picker and usage tracking UI. Database: `packages` and `package_versions` tables. Routes under `/admin/packages`. Sidebar link added.
+    - **Next Steps**: Wire usage tracking to campaign addon tables. Replace bundled Foundry module serving with package manager's installed path. Remove bundled system data and load from package manager instead.
 
 44. **Sprint: Draw Steel System Module + Infrastructure.**
     - **Draw Steel System (COMPLETE)** — Full manifest expansion: 24-field character preset with Foundry path annotations, creature preset with EV/role/role_type, kit preset. Reference data: 8 abilities, 6 creatures, 10 ancestries, 6 kits (CC-BY-4.0). Status changed from `coming_soon` to `available`.

cmd/server/main.go

@@ -17,6 +17,7 @@ import (
 	"github.com/keyxmakerx/chronicle/internal/database"
 	"github.com/keyxmakerx/chronicle/internal/plugins/calendar"
 	"github.com/keyxmakerx/chronicle/internal/plugins/maps"
+	"github.com/keyxmakerx/chronicle/internal/plugins/packages"
 	"github.com/keyxmakerx/chronicle/internal/plugins/sessions"
 	"github.com/keyxmakerx/chronicle/internal/plugins/syncapi"
 	"github.com/keyxmakerx/chronicle/internal/plugins/timeline"
@@ -166,5 +167,6 @@ func registeredPlugins() []database.PluginSchema {
 		{Slug: "sessions", MigrationsFS: mustSub(sessions.MigrationsFS, database.PluginMigrationsSubdir)},
 		{Slug: "timeline", MigrationsFS: mustSub(timeline.MigrationsFS, database.PluginMigrationsSubdir)},
 		{Slug: "syncapi", MigrationsFS: mustSub(syncapi.MigrationsFS, database.PluginMigrationsSubdir)},
+		{Slug: "packages", MigrationsFS: mustSub(packages.MigrationsFS, database.PluginMigrationsSubdir)},
 	}
 }

internal/app/routes.go

@@ -23,6 +23,7 @@ import (
 	"github.com/keyxmakerx/chronicle/internal/plugins/campaigns"
 	"github.com/keyxmakerx/chronicle/internal/plugins/entities"
 	"github.com/keyxmakerx/chronicle/internal/plugins/media"
+	"github.com/keyxmakerx/chronicle/internal/plugins/packages"
 	"github.com/keyxmakerx/chronicle/internal/plugins/settings"
 	"github.com/keyxmakerx/chronicle/internal/plugins/smtp"
 	"github.com/keyxmakerx/chronicle/internal/plugins/calendar"
@@ -971,6 +972,19 @@ func (a *App) RegisterRoutes() {
 	extensions.RegisterCampaignRoutes(e, extHandler, campaignService, authService)
 	extensions.RegisterAssetRoutes(e, extHandler)
 
+	// Package manager: external repo management for systems and Foundry module.
+	pkgRepo := packages.NewPackageRepository(a.DB)
+	pkgGitHub := packages.NewGitHubClient()
+	pkgService := packages.NewPackageService(pkgRepo, pkgGitHub, a.Config.Upload.MediaPath)
+	pkgHandler := packages.NewHandler(pkgService)
+	if a.PluginHealth.IsHealthy("packages") {
+		packages.RegisterRoutes(adminGroup, pkgHandler)
+		// Start background auto-update worker.
+		go pkgService.StartAutoUpdateWorker(context.Background())
+	} else {
+		slog.Warn("packages plugin degraded — routes not registered")
+	}
+
 	// Security admin: event logging, session management, user account actions.
 	securityRepo := admin.NewSecurityEventRepository(a.DB)
 	securityService := admin.NewSecurityService(securityRepo, authRepo, authService)

internal/plugins/packages/.ai.md

@@ -0,0 +1,44 @@
+# Packages Plugin
+
+The packages plugin manages external package repositories for Chronicle. It pulls
+game system packs and the Foundry VTT module from GitHub repos, providing version
+management, auto-updates, and an admin UI.
+
+## Files
+
+| File | Purpose |
+|------|---------|
+| `model.go` | Domain types: Package, PackageVersion, PackageUsage, input DTOs |
+| `embed.go` | Embeds SQL migrations via `//go:embed` |
+| `repository.go` | PackageRepository interface + MariaDB implementation |
+| `github_client.go` | GitHubClient for fetching releases and downloading assets |
+| `service.go` | PackageService with business logic, version management, auto-updates |
+| `handler.go` | Admin HTTP handlers (thin controllers) |
+| `routes.go` | Route registration under `/admin/packages` |
+| `packages.templ` | Templ templates for admin UI (package list, version picker, usage) |
+
+## Key Concepts
+
+- **PackageType**: `system` (game content packs) or `foundry-module` (Foundry VTT sync module)
+- **UpdatePolicy**: `off`, `nightly`, `weekly`, `on_release` — controls auto-update frequency
+- **Version pinning**: Locks a package to a specific version, preventing auto-updates
+- **GitHub integration**: Uses GitHub Releases API; supports GITHUB_TOKEN for higher rate limits
+
+## Database Tables
+
+- `packages` — registered package repositories with installed state
+- `package_versions` — discovered versions from GitHub releases
+
+## Admin Routes
+
+All under `/admin/packages`, requiring site admin authentication:
+- `GET /admin/packages` — package management page
+- `POST /admin/packages` — add new package repo
+- `DELETE /admin/packages/:id` — remove package
+- `GET /admin/packages/:id/versions` — list versions (HTMX fragment)
+- `PUT /admin/packages/:id/version` — install version
+- `PUT /admin/packages/:id/pin` — pin version
+- `DELETE /admin/packages/:id/pin` — unpin
+- `PUT /admin/packages/:id/auto-update` — change policy
+- `POST /admin/packages/:id/check` — manual update check
+- `GET /admin/packages/:id/usage` — campaign usage (HTMX fragment)

internal/plugins/packages/embed.go

@@ -0,0 +1,11 @@
+// Package packages provides the package manager plugin for Chronicle.
+// This file embeds the plugin's SQL migration files so they are available
+// in the compiled binary regardless of the runtime working directory.
+package packages
+
+import "embed"
+
+// MigrationsFS contains the embedded SQL migration files for the packages plugin.
+//
+//go:embed migrations/*.sql
+var MigrationsFS embed.FS

internal/plugins/packages/github_client.go

@@ -0,0 +1,134 @@
+package packages
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// repoPattern extracts owner/repo from a GitHub URL.
+var repoPattern = regexp.MustCompile(`github\.com[/:]([^/]+)/([^/.]+)`)
+
+// GitHubRelease represents a release from the GitHub Releases API.
+type GitHubRelease struct {
+	TagName     string        `json:"tag_name"`
+	Name        string        `json:"name"`
+	Body        string        `json:"body"`
+	PublishedAt time.Time     `json:"published_at"`
+	Assets      []GitHubAsset `json:"assets"`
+}
+
+// GitHubAsset represents a downloadable file in a GitHub release.
+type GitHubAsset struct {
+	Name               string `json:"name"`
+	BrowserDownloadURL string `json:"browser_download_url"`
+	Size               int64  `json:"size"`
+	ContentType        string `json:"content_type"`
+}
+
+// GitHubClient fetches release information from GitHub repositories.
+type GitHubClient struct {
+	httpClient *http.Client
+	token      string // Optional GitHub token for higher rate limits.
+}
+
+// NewGitHubClient creates a GitHub API client. It reads GITHUB_TOKEN
+// from the environment for authenticated requests (5000 req/hour vs 60).
+func NewGitHubClient() *GitHubClient {
+	return &GitHubClient{
+		httpClient: &http.Client{Timeout: 30 * time.Second},
+		token:      os.Getenv("GITHUB_TOKEN"),
+	}
+}
+
+// parseRepo extracts owner and repo from a GitHub URL.
+// Supports https://github.com/owner/repo and git@github.com:owner/repo.
+func parseRepo(repoURL string) (owner, repo string, err error) {
+	matches := repoPattern.FindStringSubmatch(repoURL)
+	if len(matches) < 3 {
+		return "", "", fmt.Errorf("cannot parse GitHub repo from URL: %s", repoURL)
+	}
+	return matches[1], strings.TrimSuffix(matches[2], ".git"), nil
+}
+
+// ListReleases fetches all releases for a GitHub repository.
+// Returns them sorted by published_at descending (newest first).
+func (c *GitHubClient) ListReleases(ctx context.Context, repoURL string) ([]GitHubRelease, error) {
+	owner, repo, err := parseRepo(repoURL)
+	if err != nil {
+		return nil, err
+	}
+
+	apiURL := fmt.Sprintf("https://api.github.com/repos/%s/%s/releases?per_page=50", owner, repo)
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, apiURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("creating request: %w", err)
+	}
+
+	req.Header.Set("Accept", "application/vnd.github+json")
+	if c.token != "" {
+		req.Header.Set("Authorization", "Bearer "+c.token)
+	}
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("fetching releases: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024))
+		return nil, fmt.Errorf("GitHub API returned %d: %s", resp.StatusCode, string(body))
+	}
+
+	var releases []GitHubRelease
+	if err := json.NewDecoder(resp.Body).Decode(&releases); err != nil {
+		return nil, fmt.Errorf("decoding releases: %w", err)
+	}
+
+	return releases, nil
+}
+
+// DownloadAsset downloads a release asset (ZIP file) to disk.
+// Returns the number of bytes written.
+func (c *GitHubClient) DownloadAsset(ctx context.Context, downloadURL, destPath string) (int64, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, nil)
+	if err != nil {
+		return 0, fmt.Errorf("creating download request: %w", err)
+	}
+
+	if c.token != "" {
+		req.Header.Set("Authorization", "Bearer "+c.token)
+	}
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return 0, fmt.Errorf("downloading asset: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return 0, fmt.Errorf("download returned HTTP %d", resp.StatusCode)
+	}
+
+	out, err := os.Create(destPath)
+	if err != nil {
+		return 0, fmt.Errorf("creating file %s: %w", destPath, err)
+	}
+	defer out.Close()
+
+	n, err := io.Copy(out, resp.Body)
+	if err != nil {
+		_ = os.Remove(destPath)
+		return 0, fmt.Errorf("writing file: %w", err)
+	}
+
+	return n, nil
+}