docs(phase-7d): foundation design — print API + QR tab + hangar plugin

[strausmann]

Summary

Phase 7d foundation design spec — covers:

1. Generic Print API (POST /api/preview + POST /api/print) with uniform γ-hybrid item schema (name/subtitle/qr_url/image_url + per-item copies + extras dict)
2. Plugin protocol extension — search(query), get_item(item_id), optional get_children(item_id) for hierarchical sources
3. QR Print Tab UI in label-printer-hub (HTMX, platform-toggle across 4 plugins, per-item copies input, tape-match preview)
4. Hangar plugin module (new) with search + get_item + get_children
5. Extension of 3 existing plugins (Grocy, Snipe-IT, Spoolman) with search + get_item

Cross-app coordination

The Hangar side of this integration is tracked in strausmann/hangar#63 (GitLab) — describes the new Hangar print-page UI + 3 new Hangar API endpoints the label-printer-hub plugin will consume.

Dependencies

• Phase 7c API-Auth (Phase 7c: App-side API-Authentifizierung (multi-key, scoped, audit-trail) #78) must land before production deploy
• Hangar API endpoints (strausmann/hangar#63) must be available before Hangar plugin can run in production
• Phase 7b.1 (fix(api): Phase 7b.1 — upsert name-collision + /readiness proxy gap #77) is currently merging in parallel

Review

Please review the spec at docs/superpowers/specs/2026-05-17-phase-7d-foundation-design.md — 13 sections + self-review notes. Key decisions documented:

• Item-payload model: γ-hybrid (Section 2)
• Hierarchy logic placement: V1 Hangar decides for push, V2 Label-Hub uses plugin.get_children() for QR-Tab — both implemented
• Tape-mismatch UX: modal-warn with force-override + audit flag
• Multi-item × copies: total_jobs = sum(items × copies), each copy is one Job row
• Plugin scope: 4 plugins in MVP (Grocy + Snipe-IT + Spoolman + new Hangar)

Bot-review fixes applied (commit 61602d0)

Objective findings from the 20 unresolved threads addressed in follow-up commit 61602d0 (pushed to main after squash-merge):

Fix	Threads	Details
Privacy sanitise	Copilot #12, #13, #14 / Gemini #7	strausmann.cloud → example.com; self-review note corrected
PRINTER_HUB_ env prefix	Copilot #15, #16, #17	HANGAR_BASE_URL → PRINTER_HUB_HANGAR_BASE_URL throughout
Protocol self params	Gemini #1–4 / Copilot #8, #9	Added self to lookup, search, get_item, get_children
Import path	Copilot #25	app.integrations.registry → app.integrations.base
Module path consistency	Copilot #24	Section 3 table label_hub_hangar/ aligned to backend/app/integrations/hangar/
Preview render count	Copilot #19	items_rendered_count: Always min(N,5) → Always 1 (items[0] only)
Migration column count	Copilot #18	"two new optional columns" → "five"
HTMX auth note	Copilot #20	Section 5 note now consistent with Section 9 auth matrix
PluginItem.extras Any	Gemini #5 / Copilot #28	Added docstring note: Any intentional — plugin payloads are untrusted; PrintItem.extras is the tighter public boundary
Snipe-IT spelling	Copilot #35	All occurrences corrected

Spec polish — deferred suggestions

The following bot suggestions are acknowledged but explicitly deferred to the writing-plans / implementation phase:

Deferred to implementation:

• Mutable dict defaults (Copilot feat(printer-models): Brother PT-Series plugin (PT-E550W/PT-P710BT/PT-P750W) #10, feat(printer-models): Brother QL-Series plugin (QL-800/QL-810W/QL-820NWB) #11): extras: dict = {} → Field(default_factory=dict). Correct Pydantic pattern — will be enforced when translating spec to code. Spec intentionally uses simplified syntax for readability.
• plugin_item_id vs slug key (Gemini chore(deps-dev): bump semantic-release from 24.2.9 to 25.0.3 #6 / Copilot docs: master tracking issue — overall implementation phases #22): The job-creation pseudo-code uses item.extras.get("plugin_item_id") while the Hangar plugin stores slug. The implementation will standardise on a reserved _plugin_item_id key in extras during the write-plans phase.
• template_id/data vs template_key/payload (Copilot ci: optional Prometheus snmp_exporter integration (Phase 12) #21): The job-creation example uses illustrative field names. Actual field names from backend/app/models/job.py will be used when writing code.
• request.plugin missing from PrintRequest schema (Copilot docs: master tracking issue — overall implementation phases #22): Intentionally omitted from the public API schema — plugin routing happens internally via the registry. Will be clarified in writing-plans.
• current_api_key None path (Copilot docs: documentation strategy — repo docs/ vs GitHub Wiki (hybrid?) #23): The pseudocode omits the SSO-authenticated path for brevity. Implementation will guard api_key_id=current_api_key.id if current_api_key else None.
• request.client None guard (Copilot chore(deps): bump github.com/go-chi/chi/v5 from 5.1.0 to 5.2.2 in /frontend #36): Same — pseudocode elides source_ip=request.client.host if request.client else None.
• items min-1 validation (Copilot feat(api,ui): browse mode — paginated grid view per integration #26): Add min_length=1 to items: list[PrintItem] — implementation detail, not spec design.
• Breaking lookup return type (Copilot feat(api,ui): cart + bulk-print across integrations #27): PluginItem | None vs current LabelData + raises. Acknowledged as a breaking Protocol change — intentional. Migration notes will be added to writing-plans.
• parent_slug: None in extras (Copilot ci: make Python lint/test job branch-tolerant #30): Filter out None values before building extras in implementation.
• extras key collision (Copilot docs(ci): document mypy as hard gate; clarify CI gate policy #31): Namespace reserved keys with _ prefix in implementation (e.g. _slug, _type).
• Idempotency-Key semantics under-specified (Copilot ci(release): trigger releases via cron + workflow_dispatch only #32): Deferred to Phase 7c which owns the idempotency layer design.
• Batch partial-rollback semantics (Copilot docs(learnings): code-review patterns from PR #29/#30/#32 + AI tool references #33): The pseudocode shows the intent; actual per-job commit strategy will be decided during writing-plans.
• Auth direction in Section 9 (Copilot feat(backend): FastAPI app skeleton + /healthz endpoint + Dockerfile #34): The note in Section 9 describes two different keys — settings.hangar_api_key (Label-Hub calls Hangar) and LABEL_HUB_API_KEY (Hangar calls Label-Hub). This is correct but the phrasing was confusing. Will be reworded in writing-plans.
• PluginItem.extras type width (Copilot feat(api): item-image proxy + cache for browse mode #28): Any is the intentional wider type for raw plugin data. PrintItem.extras (dict[str, str|int|float|bool]) is the narrow public type. Plugins must convert between them — mapping logic will be in writing-plans.

Refs #22

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes the foundation for Phase 7d, enabling cross-application label printing within the label-printer-hub. It introduces a standardized API for external applications to request prints, adds a new user-facing QR Print Tab for streamlined selection and printing, and extends the plugin architecture to support advanced search and hierarchical data retrieval. These changes facilitate a cohesive integration with external systems like Hangar while maintaining strict tape-match validation and auditability.

Highlights

• Generic Print API: Introduced new POST /api/preview and /api/print endpoints using a uniform γ-hybrid item schema to support cross-application label printing.
• QR Print Tab UI: Added a new HTMX-based UI for searching items across plugins (Grocy, SnipeIt, Spoolman, Hangar), selecting templates, and managing print jobs with live tape-match feedback.
• Plugin Protocol Extension: Extended the existing plugin interface with search(query), get_item(item_id), and optional get_children(item_id) methods to support hierarchical data sources.
• Hangar Integration: Implemented a new Hangar plugin module to enable deep integration with the Hangar application, including support for hierarchical location lookups.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.93%. Comparing base (784decc) to head (a075665).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #79   +/-   ##
=======================================
  Coverage   91.93%   91.93%           
=======================================
  Files          70       70           
  Lines        3038     3038           
  Branches      259      259           
=======================================
  Hits         2793     2793           
  Misses        181      181           
  Partials       64       64           

Components	Coverage Δ
Printer Backends (transport)	87.50% <ø> (ø)
Printer Models (drivers)	91.42% <ø> (ø)
Services	92.09% <ø> (ø)
REST API	91.30% <ø> (ø)
Pydantic Schemas	100.00% <ø> (ø)
Integration Plugins	100.00% <ø> (ø)

Flag	Coverage Δ
backend	91.93% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 784decc...a075665. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gemini-code-assist]

Code Review

This pull request adds the design specification for Phase 7d, detailing a generic print API, an HTMX-based QR print tab, and a new Hangar integration plugin. The review feedback identifies several issues in the documentation's code examples, including missing 'self' parameters in Python protocol methods and the use of 'Any' which violates type safety guidelines. Additionally, the reviewer noted a naming discrepancy for item identifiers between the backend logic and the plugin implementation, as well as a privacy violation concerning the use of real domain names.

[gemini-code-assist]

The lookup method signature in the IntegrationPlugin protocol is missing the self parameter. Please include it to align with Python's protocol requirements and maintain consistency with the implementation in Section 8.

Suggested change

	async def lookup(identifier: str) -> PluginItem | None:
	async def lookup(self, identifier: str) -> PluginItem | None:

References

1. Ensure classes claiming to implement a Protocol fulfill all required methods to prevent runtime failures.

[strausmann]

Fixed in 61602d0 — added self parameter to lookup method signature in IntegrationPlugin Protocol. Refs #22

[gemini-code-assist]

The search method signature in the IntegrationPlugin protocol is missing the self parameter.

Suggested change

	async def search(query: str, limit: int = 20) -> list[PluginItemSummary]:
	async def search(self, query: str, limit: int = 20) -> list[PluginItemSummary]:

References

1. Ensure classes claiming to implement a Protocol fulfill all required methods to prevent runtime failures.

[strausmann]

Fixed in 61602d0 — added self parameter to search method signature. Refs #22

[gemini-code-assist]

The get_item method signature in the IntegrationPlugin protocol is missing the self parameter.

Suggested change

	async def get_item(item_id: str) -> PluginItem | None:
	async def get_item(self, item_id: str) -> PluginItem | None:

References

1. Ensure classes claiming to implement a Protocol fulfill all required methods to prevent runtime failures.

[strausmann]

Fixed in 61602d0 — added self parameter to get_item method signature. Refs #22

[gemini-code-assist]

The get_children method signature in the HasChildren protocol is missing the self parameter.

Suggested change

	async def get_children(item_id: str) -> list[PluginItemSummary]:
	async def get_children(self, item_id: str) -> list[PluginItemSummary]:

References

1. Ensure classes claiming to implement a Protocol fulfill all required methods to prevent runtime failures.

[strausmann]

Fixed in 61602d0 — added self parameter to get_children method signature in HasChildren Protocol. Refs #22

[gemini-code-assist]

The use of Any in the PluginItem model's extras field violates the project's type safety guidelines. Please use the same union type defined for PrintItem in Section 2 to maintain consistency and strict typing.

Suggested change

	extras: dict[str, Any] = {}
	extras: dict[str, str | int | float | bool] = {}

References

1. Type safety. mypy --strict on app/. Flag new Any introductions. ^(link)

[strausmann]

Acknowledged in 61602d0; keeping Any on PluginItem.extras by design — plugin payloads are untrusted and carry arbitrary types before mapping into PrintItem. A docstring note was added to the spec to make this intentional. The tighter dict[str, str | int | float | bool] is the public boundary on PrintItem.extras. Documented in PR description under 'deferred suggestions'. Refs #22

[gemini-code-assist]

There is a discrepancy between the job creation logic and the plugin implementation. The logic here expects a plugin_item_id key in extras, but the HangarPlugin implementation in Section 8 uses slug. Consider standardizing the key name or adding plugin_item_id to the PrintItem model directly to ensure the audit trail is correctly populated.

References

1. Attributes intended to satisfy a Protocol must use the exact names defined in that Protocol (e.g., use 'id' instead of 'printer_id' if the Protocol requires 'id').

[strausmann]

Acknowledged in 61602d0; deferred to writing-plans — the implementation will standardise on a reserved _plugin_item_id extras key. Documented in PR description under 'deferred suggestions'. Refs #22

[gemini-code-assist]

The use of the real domain strausmann.cloud violates the project's privacy rules. Please use example.com as a placeholder for all documentation and example code, as per the Repository Style Guide and General Rules. This also applies to lines 356 and 439.

Suggested change

	qr_url=f"https://hangar.strausmann.cloud/locations/{loc['slug']}",
	qr_url=f"https://hangar.example.com/locations/{loc['slug']}",

References

1. Privacy violations. Flag any hardcoded LAN IPs, real hostnames, real domains, real tokens, or PII. The maintainer's network must not be deducible from this repository. ^(link)
2. Use RFC 5737 documentation IPs and 'example.com' placeholders instead of real LAN IPs, hostnames, or domains in documentation and code to maintain privacy.

[strausmann]

Sanitised in 61602d0 — replaced all personal-domain references in code examples with example.com placeholder. Refs #22

[Copilot]

Pull request overview

This PR adds a Phase 7d foundation design spec for extending Label Printer Hub with a generic print API, QR Print Tab, and Hangar integration planning.

Changes:

• Defines proposed print request/item schemas and /api/preview + /api/print behavior.
• Extends the integration plugin contract with search/item/children capabilities.
• Documents QR Print Tab UX, Hangar plugin behavior, auth dependencies, testing strategy, and DoD.

Comments suppressed due to low confidence (5)

docs/superpowers/specs/2026-05-17-phase-7d-foundation-design.md:103

• The integration name is written as SnipeIt, but the repository consistently uses the product/trademark spelling Snipe-IT (for example docs/policies/trademarks.md:31 and existing UI docs). Use the established spelling in the plugin table and UI labels.

| SnipeIt | ✅ new | ✅ new | — | Same |

docs/superpowers/specs/2026-05-17-phase-7d-foundation-design.md:180

• The UI mockup uses SnipeIt, but existing docs and trademark references use Snipe-IT. Keeping the visible label consistent avoids shipping a misspelled integration name in the QR tab.

|   (o) Grocy   ( ) SnipeIt   ( ) Spoolman   ( ) Hangar         |

docs/superpowers/specs/2026-05-17-phase-7d-foundation-design.md:16

• This visible integration label should be Snipe-IT, not SnipeIt, to match the spelling used elsewhere in the project.

2. **QR Print Tab** (`/qr-print`) inside the label-printer-hub HTMX UI. Users can search across multiple external sources (Grocy, SnipeIt, Spoolman, Hangar) through a single search field with a platform toggle, select an item, choose a template, see a live preview with tape-match indicator, and print.

docs/superpowers/specs/2026-05-17-phase-7d-foundation-design.md:416

• Use the established spelling Snipe-IT here instead of SnipeIt, consistent with the existing integration documentation.

- **Per-plugin search-result filters** (e.g. SnipeIt: filter by location/status; Grocy: filter by stock-level)

docs/superpowers/specs/2026-05-17-phase-7d-foundation-design.md:427

• Use the established spelling Snipe-IT here instead of SnipeIt so the DoD matches the plugin's documented name.

- [ ] 3 existing plugins (Grocy, SnipeIt, Spoolman) implement `search()` + `get_item()` with at least one passing integration test against a mock HTTP server

[strausmann]

Fixed in 61602d0 — added self parameter to get_item (and all Protocol methods: lookup, search, get_item, get_children). Refs #22

[strausmann]

Fixed in 61602d0 — added self parameter to get_children in HasChildren Protocol. Refs #22

[strausmann]

Acknowledged in 61602d0; deferred — spec uses simplified syntax for readability. Implementation will use Field(default_factory=dict) as per project convention. Documented in PR description under 'deferred suggestions'. Refs #22

[strausmann]

Acknowledged in 61602d0; deferred — same as above. Will use Field(default_factory=dict) in implementation. Documented in PR description under 'deferred suggestions'. Refs #22

[strausmann]

Sanitised in 61602d0 — replaced with https://hangar.example.com/locations/{slug}. Refs #22

[strausmann]

Acknowledged in 61602d0; deferred to Phase 7c which owns the idempotency layer design. Phase 7d spec declares the header as optional; full semantics (storage, scope, expiry, replay response) are Phase 7c scope. Documented in PR description under 'deferred suggestions'. Refs #22

[strausmann]

Acknowledged in 61602d0; deferred — the pseudocode illustrates intent. Actual per-job commit strategy (savepoints vs individual flushes) will be specified in writing-plans. Documented in PR description under 'deferred suggestions'. Refs #22

[strausmann]

Acknowledged in 61602d0; the section describes two different keys: settings.PRINTER_HUB_HANGAR_API_KEY (Label-Hub → Hangar) and LABEL_HUB_API_KEY (Hangar → Label-Hub). The phrasing was confusing — will be reworded in writing-plans to make the bidirectional auth explicit. Documented in PR description under 'deferred suggestions'. Refs #22

[strausmann]

Fixed in 61602d0 — all occurrences of SnipeIt replaced with Snipe-IT throughout the spec. Refs #22

[strausmann]

Acknowledged in 61602d0; deferred — pseudocode elides the None guard. Implementation will use source_ip=request.client.host if request.client else None. Documented in PR description under 'deferred suggestions'. Refs #22