Generated: 2026-01-09 Plugin: @allow2/allow2automate-xbox Version: 1.0.0 Status: Initial Structure Created
The Xbox Live Controls plugin has been architecturally designed and scaffolded following the Allow2 Automate plugin patterns (Steam and PlayStation plugins). This document summarizes the complete file structure, configuration, and integration points.
/mnt/ai/automate/plugins/allow2automate-xbox/
├── package.json # Plugin manifest with allow2automate metadata
├── rollup.config.js # Rollup bundler configuration
├── .babelrc # Babel transpilation config
├── .gitignore # Git ignore rules
├── .eslintrc.js # ESLint configuration
├── README.md # User-facing documentation
├── ARCHITECTURE.md # Technical architecture (31KB)
├── PLUGIN_ARCHITECTURE_SUMMARY.md # This file
├── LICENSE # Apache 2.0 license
│
├── src/ # Source code
│ ├── index.js # Main plugin entry (factory function)
│ │
│ ├── services/ # Business logic layer
│ │ ├── XboxAuthManager.js # OAuth2 authentication (3-stage)
│ │ ├── XboxMonitorCoordinator.js # Presence polling (15-second)
│ │ ├── ChildLinkManager.js # Child-to-gamertag mapping
│ │ └── XboxAPI.js # Xbox Live API wrapper
│ │
│ ├── components/ # React UI components
│ │ ├── TabContent.jsx # Main plugin settings tab
│ │ ├── XboxStatus.jsx # Real-time status display
│ │ ├── ChildLinkingWizard.jsx # Child account linking wizard
│ │ ├── ActivityLog.jsx # Gaming activity history
│ │ └── QuotaDisplay.jsx # Time remaining display
│ │
│ ├── utils/ # Utility functions
│ │ ├── tokenStorage.js # Secure token storage (Electron safeStorage)
│ │ ├── privacy.js # XUID privacy utilities (XR-013 compliance)
│ │ ├── rateLimiter.js # API rate limiting (10/15s, 30/5min)
│ │ └── cacheManager.js # NodeCache wrapper for TTL management
│ │
│ └── constants/ # Constants
│ ├── xboxEndpoints.js # Xbox Live API URLs
│ └── errorCodes.js # Xbox error code mappings
│
├── __tests__/ # Test files
│ ├── unit/ # Unit tests (80% coverage target)
│ └── integration/ # Integration tests
│
├── img/ # Plugin assets
│ ├── icon.png # Plugin icon (256x256)
│ └── logo.svg # Xbox logo
│
└── dist/ # Built files (generated by rollup)
├── index.js # CommonJS bundle
└── index.es.js # ES module bundle
Key Metadata:
{
"name": "@allow2/allow2automate-xbox",
"shortName": "xbox",
"version": "1.0.0",
"description": "Xbox Live parental control integration for Allow2 Automate",
"main": "dist/index.js",
"module": "dist/index.es.js",
"allow2automate": {
"plugin": true,
"pluginId": "allow2automate-xbox",
"displayName": "Xbox Live Controls",
"category": "Gaming",
"permissions": ["network", "configuration", "storage"],
"minAppVersion": "2.0.0"
}
}Dependencies:
@babel/runtime- Babel runtime helpersnode-fetch- HTTP client for Xbox Live APIsnode-cache- In-memory caching (TTL support)
Peer Dependencies (provided by main app):
@material-ui/core^4.0.0@material-ui/icons^4.0.0react^16.0.0 || ^17.0.0react-dom^16.0.0 || ^17.0.0
Build Scripts:
npm run build- Build production bundlenpm start- Watch mode for developmentnpm test- Run Jest testsnpm run lint- ESLint code quality
Configuration:
- Input:
src/index.js - Output: CommonJS (
dist/index.js) + ES Modules (dist/index.es.js) - Plugins:
rollup-plugin-peer-deps-external- Externalize peer depsrollup-plugin-postcss- CSS processing@rollup/plugin-babel- JSX/ES6+ transpilation@rollup/plugin-node-resolve- Node module resolution@rollup/plugin-commonjs- CommonJS compatibility
Externals: fs, path, os, electron, node-fetch, node-cache
Presets:
@babel/preset-env- ES6+ transpilation@babel/preset-react- JSX support
Plugins (40+ Babel plugins for advanced JS features):
- Class properties
- Optional chaining
- Nullish coalescing
- Decorators (legacy)
- Pipeline operator
- And more...
Configuration:
- Environment: Browser, Node, ES2021, Jest
- Extends:
eslint:recommended,plugin:react/recommended - Rules: Console allowed, prop-types warned
-
authenticate
- Description: Connect Microsoft account via OAuth2
- Handler:
xbox:authenticate - Returns: Authentication status
-
linkChild
- Description: Link Allow2 child to Xbox gamertag
- Handler:
xbox:linkChild - Parameters:
{ childId, gamertag } - Returns:
{ success, xuid, gamertag }
-
unlinkChild
- Description: Remove Xbox gamertag link
- Handler:
xbox:unlinkChild - Parameters:
{ childId }
-
refreshPresence
- Description: Force refresh Xbox presence data
- Handler:
xbox:refreshPresence
-
checkQuota
- Description: Check remaining gaming time quota
- Handler:
xbox:checkQuota - Parameters:
{ childId }
-
quotaExceeded
- Fired when: Child exceeds Xbox gaming quota
- Payload:
{ childId, timeUsed, quotaLimit }
-
gameStarted
- Fired when: Child starts playing a game
- Payload:
{ childId, game, timestamp }
-
gameEnded
- Fired when: Child stops playing
- Payload:
{ childId, game, duration }
-
sessionViolation
- Fired when: Gaming detected while blocked
- Payload:
{ childId, game, reason }
Plugin Factory:
// src/index.js
function plugin(context) {
const xbox = {};
xbox.onLoad = async function(loadState) {
// Initialize OAuth, monitoring, IPC handlers
};
xbox.newState = function(newState) {
// Handle configuration updates
};
xbox.onSetEnabled = async function(enabled) {
// Start/stop monitoring
};
xbox.onUnload = function(callback) {
// Cleanup
};
return xbox;
}Context APIs Used:
context.ipcMain.handle()- IPC communicationcontext.configurationUpdate()- State persistencecontext.statusUpdate()- Plugin statuscontext.sendToRenderer()- UI eventscontext.allow2- Allow2 API integrationcontext.services.agent- Agent communication
Authentication Flow:
- Microsoft OAuth2 → Access Token
- Xbox User Token (XAU) → JWT
- XSTS Token → API Authorization
API Endpoints:
https://login.live.com/oauth20_*- OAuthhttps://user.auth.xboxlive.com/user/authenticate- User Tokenhttps://xsts.auth.xboxlive.com/xsts/authorize- XSTS Tokenhttps://userpresence.xboxlive.com/users/batch- Presencehttps://profile.xboxlive.com/users/gt(...)- Profilehttps://titlehub.xboxlive.com/titles/...- Game metadata
Rate Limits:
- Burst: 10 requests per 15 seconds
- Sustained: 30 requests per 5 minutes
- Recommended polling: 15-second intervals
Hybrid Detection Strategy:
- Cloud Detection (Primary): Xbox Live Presence API
- Local Detection (Secondary): Agent process monitoring
Agent Communication:
agentService.createPolicy(agentId, {
processName: 'XboxApp.exe',
processAlternatives: ['xboxconsolecompanion.exe', 'gamebarftserver.exe'],
allowed: false, // Updated based on quota
checkInterval: 30000,
actions: {
onDetected: 'check-quota',
onViolation: 'kill-process'
}
});XUID Privacy Safeguards:
- ✅ XUID stored internally, NEVER exposed in UI
- ✅ Gamertag displayed to users (public identifier)
- ✅ Periodic gamertag refresh (handles name changes)
- ✅ Explicit consent required before linking
- ✅ Unlink functionality provided
Token Security:
- Electron
safeStorageencryption- Windows: DPAPI
- macOS: Keychain
- Linux: Secret Service API
- Automatic token refresh 5 minutes before expiry
- Secure credential storage in Redux state
cd /mnt/ai/automate/plugins/allow2automate-xbox
npm install# Development watch mode
npm start
# Production build
npm run build
# Run tests
npm test
# Test coverage
npm run test:coverage
# Lint code
npm run lintUnit Tests (Jest):
- Target: 80%+ coverage
- Test files:
__tests__/unit/*.test.js - Focus: Services (Auth, Monitor, API)
Integration Tests:
- Test files:
__tests__/integration/*.test.js - Focus: End-to-end flows
Coverage Thresholds:
{
"branches": 80,
"functions": 80,
"lines": 80,
"statements": 80
}cd /mnt/ai/automate/automate/dev-data/plugins
npm install @allow2/allow2automate-xboxAuto-discovery: Plugin discovered via node_modules scan
# .env in main app root
MICROSOFT_CLIENT_ID=your_azure_client_id
MICROSOFT_CLIENT_SECRET=your_azure_client_secret
XBOX_OAUTH_REDIRECT_URI=http://localhost:8080/oauth/callback- OAuth2 flow implementation
- Token chain (OAuth → User Token → XSTS)
- Secure token storage
- Automatic token refresh
- Child linking wizard
- Gamertag validation
- State management
- Link/unlink operations
- Presence API polling (15s)
- Batch presence queries
- Game activity detection
- Title metadata caching
- Activity logging to Allow2 API
- Quota enforcement
- Violation notifications
- Dashboard widgets
- Agent-side process monitoring
- Policy creation for Xbox games
- Hybrid detection (cloud + local)
- Policy synchronization
- Comprehensive testing
- Error handling improvements
- Documentation
- Privacy compliance audit
Decision: Implement full Microsoft OAuth → Xbox User Token → XSTS Token chain Rationale: Required by Xbox Live API for parental account access Alternatives: Direct OAuth (rejected - insufficient permissions)
Decision: Poll Xbox Live Presence API every 15 seconds Rationale: Balance between accuracy and rate limits (30 req/5min) Alternatives: 5s (too aggressive), 30s (too slow)
Decision: Never expose XUID in UI, display Gamertag only Rationale: Microsoft XR-013 policy compliance Alternatives: Display XUID (rejected - privacy violation)
Decision: Combine cloud Presence API with local agent monitoring Rationale: Maximize accuracy, faster PC gaming detection Alternatives: Cloud-only (rejected - slower), Local-only (rejected - console blind)
Decision: Use node-cache for in-memory title metadata caching
Rationale: Simple TTL management, no external dependencies
Alternatives: Redis (overkill), No cache (inefficient)
- ✅ Plugin structure created
- ✅ Configuration files complete
- ✅ Architecture documented
- ⏳ Phase 1: Implement XboxAuthManager.js
- ⏳ Phase 2: Implement ChildLinkManager.js
- ⏳ Phase 3: Implement XboxMonitorCoordinator.js
- ⏳ Phase 4: Implement UI components
- ⏳ Phase 5: Agent integration
- ⏳ Phase 6: Testing and polish
- Implementation Plan:
/mnt/ai/automate/automate/docs/plugins/xbox-implementation-plan.md - Architecture Design:
./ARCHITECTURE.md - Steam Plugin Pattern:
/mnt/ai/automate/plugins/allow2automate-steam/ - PlayStation Plugin Pattern:
/mnt/ai/automate/plugins/allow2automate-playstation/
Status: ✅ READY FOR IMPLEMENTATION
All configuration files, build setup, and directory structure are in place. Development can begin with Phase 1 (Core Authentication).