PedOS 1.1 Lumina Developer Documentation
PedOS Plugin SDK Wiki
The SDK Wiki is the technical companion to the PedOS SDK landing page. It documents the package contract that both human developers and Agentic Studio must satisfy before an app can be reviewed, listed in the Plugins Directory, installed into My Apps, and allowed to capture approved evidence.
Architecture Overview
PedOS is the LearnAdapt app runtime for educational plugins. A PedOS plugin is installed only after it declares metadata, permissions, package files, runtime surfaces, and evidence boundaries. The installed app runs at /plugin/{slug} inside the LearnAdapt shell.
| Layer | Responsibility |
|---|---|
| LearnAdapt Core | Routing, authentication, dashboard shell, tenant handling, database connection, storage proxy, analytics surfaces. |
| PedOS Runtime | Loads approved app fragments, exposes window.PedOSApp, gates telemetry, storage, settings, lifecycle events, and app analytics. |
| Plugin Package | Provides manifest, guarded PHP entry point, scoped JavaScript, scoped CSS, README, screenshots, optional migrations, and support metadata. |
| Review Layer | Runs SDK validation, static checks, route checks, permission/evidence review, human-language UI checks, and admin preview. |
Two Build Paths
Developers and non-coders use different creation paths, but both must produce the same SDK-compliant package.
| Path | User | Output | Gate |
|---|---|---|---|
| Developer ZIP upload | Developers, researchers, advanced teams | A ZIP containing manifest.json, php/init.php, js/main.js, css/style.css, README, screenshots, and optional migration SQL. | Developer role, SDK validation, SAST, admin review. |
| Agentic Studio | Educators, designers, novice builders, non-coders | The same package, generated by agents from the user's natural-language brief. | Preview, iteration, SDK validation, SAST, admin review. |
PedOS 1.1 Lumina Runtime Matrix
PedOS 1.1 Lumina is the platform and SDK release. PedOS App Runtime v2 is the installed-app compatibility layer inside that release. Agentic Studio and developer ZIP submissions must stay inside this matrix unless a future PedOS version explicitly adds a new option.
| Contract area | Current options | Validation rule |
|---|---|---|
| Placement after installation | my_apps, course_space, student_activity, teacher_dashboard, analytics_dashboard, admin_tools | Must declare a host surface and mount visibly after installation. |
| Capabilities | auth_context, settings, user_storage, telemetry, analytics, file_upload, ai_generation, admin_review | Must map to manifest permissions, a runtime bridge service, review checks, and smoke coverage. |
| Expected views | launch_view, main_activity, settings, analytics, review_queue, export | Must become QA expectations before approval. |
| Studio app types | retrieval_practice, formative_assessment, peer_feedback, classroom_workflow, learning_analytics, adaptive_orchestration, research_study, custom | Must have prompt guidance, package validation, and staging canary coverage. |
Free-form Studio prompts are normalized into this matrix before planning and coding. Unsupported requests are shown to the user before generation; the user must remove them or confirm that they should be recorded as KIV for future PedOS versions and left out of the current build.
Deterministic Preflight Agent
Agentic Studio runs a deterministic preflight helper before the generative agent team starts. This helper does not call an AI provider and does not spend LearnAdapt credits. It supports both guided-brief and free-form-prompt authoring, checks whether the request is specific enough, normalizes it into the current PedOS 1.1 Lumina / App Runtime v2 matrix, and verifies that the account has enough LearnAdapt credits to cover the high-end build estimate.
| Check | Purpose | Outcome |
|---|---|---|
| SDK matrix fit | Compares app type, placement, capabilities, expected views, and evidence category against the locked runtime matrix. | Supported items continue; unsupported items require explicit KIV acceptance before generation. |
| Prompt-to-brief sync | Detects when the free-form prompt clearly implies a different app type, users, workflow, AI generation, file upload, analytics, or review view than the current structured form. | Studio shows the inferred change, fills the PedOS contract, and submits the normalized SDK contract instead of stale defaults. |
| Prompt quality | Looks for audience, subject/context, user action, reviewer control, settings/state, analytics, data boundary, and non-goals. | The user sees suggestions before submitting the build. |
| Domain specificity | Prevents Studio from inventing a subject when the prompt is intentionally generic. | Generic apps use neutral sample content unless the user provides a subject, item bank, rubric, or reference file. |
| Credit readiness | Uses the current LearnAdapt account balance and estimated metered AI usage range. | Generation is blocked if the account cannot cover the high-end estimate; only completed metered usage is charged. |
| Preview evidence | Requires a captured preview screenshot before directory submission. | Admin reviewers see the intended app state, display mode, and user-facing behavior as release evidence. |
For research reporting, preflight gives a clean split between original teacher intent, current-version build requirements, unsupported future requests, and the final generated package.
Agentic Studio Team
The user's prompt is treated as the client brief. The agents must behave like a professional development team, not like a demo generator.
- Product/SRS analyst extracts users, non-goals, constraints, evidence boundary, and acceptance criteria.
- Pedagogical designer, UX designer, and solution architect work in parallel after the brief stabilizes.
- Full-stack developer and data/evidence engineer build the package and the minimum data contract.
- QA/security reviewer blocks unsafe code, broken runtime bridge, over-collection, raw technical jargon, and static demos.
- Release manager prepares metadata, icon, screenshots, version, support notes, and admin review notes.
Agentic Studio output must be installable. A preview-only page, raw HTML demo, or app that cannot open from My Apps fails the SDK contract.
Package Structure
my-plugin/
manifest.json
php/
init.php
js/
main.js
css/
style.css
migration.sql
assets/
icon.png
screenshots/
README.md
LICENSEmanifest.jsonis required for metadata, permissions, evidence category, runtime surfaces, and review status.php/init.phpis the guarded PHP entry point. It renders only when the current route is/plugin/{slug}.js/main.jsandcss/style.cssmust be slug-scoped and loaded from/plugins/{slug}/current/.README.md, icon, and screenshots are required for a professional directory listing.migration.sqlis optional and must use slug-prefixed, idempotent tables.
manifest.json
The manifest is the app contract. It should be explicit enough for admin review, directory discovery, installation, runtime permission checks, and future versioning.
{
"name": "Quick Check Exit Ticket",
"slug": "quick_check_exit_ticket",
"version": "1.0.0",
"description": "A quick end-of-lesson check with confidence and follow-up planning.",
"category": "Formative Assessment",
"author": { "name": "Developer or Studio Builder" },
"telemetry": {
"profile": "learning_evidence",
"data_classes": ["interaction", "learning_evidence"],
"requires_learning_data": true,
"requires_bkt_ready": true
},
"runtime": {
"version": "pedos_app_runtime_v2",
"launch": { "display": "app_shell", "route": "/plugin/quick_check_exit_ticket" },
"permissions": [
"context:read",
"settings:read",
"settings:write",
"storage:user",
"telemetry:learning_evidence",
"analytics:read"
],
"host_surfaces": ["standalone_app", "dashboard_my_apps", "settings_panel", "analytics_panel"]
}
}PedOS Runtime APIs
Installed apps should use the host runtime instead of creating plugin-local APIs.
| API | Use |
|---|---|
window.PedOSApp.getContext() | Read approved user, app, manifest, route, and host context. |
window.PedOSApp.getSettings() | Read user-scoped app settings declared by the manifest. |
window.PedOSApp.saveSettings(settings) | Save approved app settings through the platform runtime. |
window.PedOSApp.storage.get/set/list/remove | Read, write, list, or remove lightweight user-scoped app state. |
window.PedOSApp.telemetry() | Emit approved app activity, learning progress, adaptive support, or research-study events. |
window.PedOSApp.analytics.summary() | Read human-facing installed-app analytics summaries. |
window.PedOSApp.files.upload/list/remove | Use reviewed file-upload storage for apps approved for files. |
window.PedOSApp.ai.generate(payload) | Request credit-metered AI generation for installed apps approved for AI generation. |
window.PedOSApp.review.status() | Read the app's approved review and release status. |
Hook System
PedOS exposes a PHP hook pattern for lifecycle and approved platform extension points.
<?php
if (!class_exists('LearnAdapt_Hook_System')) {
return;
}
LearnAdapt_Hook_System::add_action('pedos_plugin_my_plugin_install', function ($context) {
// Initialize approved defaults or run idempotent setup.
});
$path = parse_url($_SERVER['REQUEST_URI'] ?? '', PHP_URL_PATH);
if ($path !== '/plugin/my_plugin') {
return;
}
?>
<section class="my_plugin-app" data-plugin-slug="my_plugin">
<h1>My Plugin</h1>
</section>Evidence and xAPI
Every app chooses the minimum evidence category needed for its purpose. User-facing labels stay human-readable; internal profiles stay in admin/developer/research surfaces.
| User-facing category | Internal profile | Use when |
|---|---|---|
| Classroom operations | ops_only | The app manages workflow and does not collect learning performance. |
| App activity | interaction | The app records lightweight usage and interaction events. |
| Learning progress | learning_evidence | The app collects attempts, confidence, response time, hints, scores, or progress evidence. |
| Adaptive support | esllm_orchestration | The app coordinates adaptive hints, support modes, or orchestrated agent support. |
| Research study support | research_study | The app is used only under approved study mode and active consent. |
Security Model
- No
eval,exec,shell_exec,system,passthru,proc_open,assert, or unsafe deserialization. - No hidden external network access unless explicitly approved in the manifest.
- No plugin-local mutation endpoints for settings, storage, or telemetry.
- No learner/teacher-facing raw JSON, xAPI statements, internal profile tokens, or developer diagnostics.
- All output must escape user-provided content.
- All SQL migrations must be reviewed, idempotent, and slug-prefixed.
Submission and Review Lifecycle
- Build package through Agentic Studio or developer ZIP upload.
- Run SDK schema and package validation.
- Preview inside the sandbox/runtime shell.
- Iterate until the app is useful, interactive, and human-facing.
- Submit to directory review.
- Admin validates route, assets, permissions, evidence category, UI copy, screenshots, and runtime behavior.
- Approved app appears in Plugins Directory.
- User installs into My Apps and opens the app in the PedOS shell.
- Approved evidence is captured and shown through app analytics.
Database Conventions
Plugins should use platform APIs where possible. If durable tables are approved, migrations must use strict namespacing.
CREATE TABLE IF NOT EXISTS my_plugin_attempts (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
item_key VARCHAR(120) NOT NULL,
result_success TINYINT(1) DEFAULT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
INDEX idx_my_plugin_user (user_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;Frontend Conventions
- Use slug-prefixed classes and IDs.
- Use buttons, inputs, sliders, menus, and tabs that match LearnAdapt styling.
- Show plain-language data notices when evidence is collected.
- Provide empty, loading, error, success, and review states.
- Do not expose internal diagnostics to educators or learners.
Testing and Validation
Every app must pass the same evidence-backed test path before it is considered real.
- Route check:
/plugin/{slug}returns a valid app shell. - Asset check: CSS and JS load from
/plugins/{slug}/current/. - Interaction check: controls respond and update UI state.
- Telemetry gate: anonymous writes are rejected; installed-user writes follow the approved profile.
- Analytics check: user-facing analytics summarize activity without raw technical logs.
- Review check: admin can inspect technical details separately.
Minimal Plugin Example
<?php
$pluginSlug = 'quick_check_exit_ticket';
$path = parse_url($_SERVER['REQUEST_URI'] ?? '', PHP_URL_PATH);
if ($path !== '/plugin/' . $pluginSlug) {
return;
}
?>
<section class="quick_check_exit_ticket-app" data-plugin-slug="quick_check_exit_ticket">
<h1>Quick Check Exit Ticket</h1>
<label>What is one thing you understand now?</label>
<textarea class="quick_check_exit_ticket-response"></textarea>
<button class="quick_check_exit_ticket-submit">Submit check</button>
</section>
This is only the app fragment. A production package must also include manifest metadata, JavaScript behavior, CSS, README, screenshots, validation report, and review notes.