OpenC3 · jmthomas · May 27, 2026 · May 27, 2026 · May 27, 2026 · May 28, 2026
diff --git a/openc3-cosmos-cmd-tlm-api/app/controllers/plugins_controller.rb b/openc3-cosmos-cmd-tlm-api/app/controllers/plugins_controller.rb
@@ -185,6 +185,26 @@ def update
     create(true)
   end
 
+  # Dry run before an upgrade: returns which modified files differ from the
+  # incoming plugin's rendered content so the UI can warn the user that those
+  # modifications will be superseded (a new Version History entry is created).
+  def modified_diff
+    return unless authorization('admin')
+    begin
+      scope = sanitize_params([:scope])
+      return unless scope
+      scope = scope[0]
+      plugin_hash = JSON.parse(params[:plugin_hash])
+      files = OpenC3::PluginModel.modified_diff(plugin_hash, scope: scope)
+      render json: { files: files }
+    rescue JSON::ParserError => error
+      render json: { status: 'error', message: error.message }, status: :bad_request
+    rescue Exception => error
+      logger.error(error.formatted)
+      render json: { status: 'error', message: error.message }, status: :internal_server_error
+    end
+  end
+
   def install
     return unless authorization('admin')
     begin
@@ -194,8 +214,22 @@ def install
       temp_dir = Dir.mktmpdir
       plugin_hash_filename = Dir::Tmpname.create(['plugin-instance-', '.json']) {}
       plugin_hash_file_path = File.join(temp_dir, File.basename(plugin_hash_filename))
+      # Stamp the installing user server-side (never trust a client-supplied
+      # username) so Version History can attribute plugin-upgrade versions of
+      # modified files. Falls back to writing the body verbatim if it isn't
+      # the expected JSON object.
+      plugin_hash_body = params[:plugin_hash]
+      begin
+        parsed = JSON.parse(params[:plugin_hash])
+        if parsed.is_a?(Hash)
+          parsed['username'] = username()
+          plugin_hash_body = JSON.generate(parsed)
+        end
+      rescue JSON::ParserError
+        # leave plugin_hash_body as the original string
+      end
       File.open(plugin_hash_file_path, 'wb') do |file|
-        file.write(params[:plugin_hash])
+        file.write(plugin_hash_body)
       end
 
       gem_name = sanitize_params([:id])

diff --git a/openc3-cosmos-cmd-tlm-api/app/controllers/targets_controller.rb b/openc3-cosmos-cmd-tlm-api/app/controllers/targets_controller.rb
@@ -48,8 +48,12 @@ def delete_modified
     return unless authorization('system')
     scope, id = sanitize_params([:scope, :id], require_params: true)
     return unless scope
+    # Optional: delete only specific modified files (e.g. plugin upgrade
+    # removing non-script modifications while keeping versioned scripts).
+    files = params[:files]
+    files = nil unless files.is_a?(Array)
     begin
-      @model_class.delete_modified(id, scope: scope)
+      @model_class.delete_modified(id, scope: scope, files: files)
       head :ok
     rescue Exception => e
       log_error(e)

diff --git a/openc3-cosmos-cmd-tlm-api/config/routes.rb b/openc3-cosmos-cmd-tlm-api/config/routes.rb
@@ -92,6 +92,7 @@
     resources :permissions, only: [:index]
 
     post '/plugins/install/:id', to: 'plugins#install', id: /[^\/]+/
+    post '/plugins/modified_diff', to: 'plugins#modified_diff'
     resources :plugins, only: [:index, :create]
     get '/plugins/:id', to: 'plugins#show', id: /[^\/]+/
     match '/plugins/:id', to: 'plugins#update', id: /[^\/]+/, via: [:patch, :put]

diff --git a/openc3-cosmos-cmd-tlm-api/spec/controllers/plugins_controller_spec.rb b/openc3-cosmos-cmd-tlm-api/spec/controllers/plugins_controller_spec.rb
@@ -87,6 +87,30 @@
     end
   end
 
+  describe "POST modified_diff" do
+    it "returns the list of modified files that differ from the plugin" do
+      allow(OpenC3::PluginModel).to receive(:modified_diff)
+        .with({"name" => "x"}, scope: "DEFAULT").and_return(["INST/screen.txt"])
+
+      post :modified_diff, params: {scope: "DEFAULT", plugin_hash: '{"name":"x"}'}
+      expect(response).to have_http_status(:ok)
+      json = JSON.parse(response.body)
+      expect(json["files"]).to eq(["INST/screen.txt"])
+    end
+
+    it "returns bad_request on invalid plugin_hash JSON" do
+      post :modified_diff, params: {scope: "DEFAULT", plugin_hash: "not json"}
+      expect(response).to have_http_status(:bad_request)
+      json = JSON.parse(response.body)
+      expect(json["status"]).to eq("error")
+    end
+
+    it "returns nothing without authorization" do
+      post :modified_diff, params: {plugin_hash: "{}"}
+      expect(response).to have_http_status(:unauthorized)
+    end
+  end
+
   describe "POST create" do
     before(:each) do
       @file = Tempfile.new(["test-plugin", ".gem"])

diff --git a/openc3-cosmos-cmd-tlm-api/spec/controllers/targets_controller_spec.rb b/openc3-cosmos-cmd-tlm-api/spec/controllers/targets_controller_spec.rb
@@ -37,4 +37,27 @@
       expect(ret['message']).to eql('Invalid scope: ../DEFAULT')
     end
   end
+
+  describe "delete_modified" do
+    it "forwards a files list to the model" do
+      expect(OpenC3::TargetModel).to receive(:delete_modified)
+        .with("INST", scope: "DEFAULT", files: ["INST/screens/a.txt"])
+      post :delete_modified, params: { scope: "DEFAULT", id: "INST", files: ["INST/screens/a.txt"] }
+      expect(response).to have_http_status(:ok)
+    end
+
+    it "passes files: nil when no files param is given" do
+      expect(OpenC3::TargetModel).to receive(:delete_modified)
+        .with("INST", scope: "DEFAULT", files: nil)
+      post :delete_modified, params: { scope: "DEFAULT", id: "INST" }
+      expect(response).to have_http_status(:ok)
+    end
+
+    it "passes files: nil when files is not an array" do
+      expect(OpenC3::TargetModel).to receive(:delete_modified)
+        .with("INST", scope: "DEFAULT", files: nil)
+      post :delete_modified, params: { scope: "DEFAULT", id: "INST", files: "oops" }
+      expect(response).to have_http_status(:ok)
+    end
+  end
 end
diff --git a/openc3-cosmos-init/plugins/packages/openc3-js-common/src/services/api.js b/openc3-cosmos-init/plugins/packages/openc3-js-common/src/services/api.js
@@ -8,7 +8,7 @@
 # See LICENSE.md for more details.
 
 # Modified by OpenC3, Inc.
-# All changes Copyright 2022, OpenC3, Inc.
+# All changes Copyright 2026, OpenC3, Inc.
 # All Rights Reserved
 #
 # This file may also be used under the terms of a commercial license
@@ -27,6 +27,7 @@ const request = async function (
     noAuth = false,
     noScope = false,
     onUploadProgress = false,
+    responseType,
   } = {},
 ) {
   if (!noAuth) {
@@ -56,6 +57,7 @@ const request = async function (
     params,
     headers,
     onUploadProgress,
+    responseType,
   })
 }
 
@@ -77,6 +79,7 @@ export default {
       noScope,
       noAuth,
       onUploadProgress,
+      responseType,
     } = {},
   ) {
     return request('get', path, {
@@ -85,6 +88,7 @@ export default {
       noScope,
       noAuth,
       onUploadProgress,
+      responseType,
     })
   },
 
@@ -118,6 +122,7 @@ export default {
       noScope,
       noAuth,
       onUploadProgress,
+      responseType,
     } = {},
   ) {
     return request('post', path, {
@@ -127,6 +132,7 @@ export default {
       noScope,
       noAuth,
       onUploadProgress,
+      responseType,
     })
   },
 

diff --git a/openc3-cosmos-init/plugins/packages/openc3-vue-common/package.json b/openc3-cosmos-init/plugins/packages/openc3-vue-common/package.json
@@ -83,6 +83,7 @@
     "date-fns-tz": "3.2.0",
     "dompurify": "3.4.7",
     "lodash": "4.18.1",
+    "monaco-editor": "0.54.0",
     "pinia": "3.0.4",
     "sass": "1.100.0",
     "semver": "7.8.1",