Add octogoat plugin

[ksmith1489]

• You have read the "Registering a new Plugin" guide.
• You want to and are able to maintain the plugin you are registering, long-term.
• You understand why the plugin you are registering works.
• You have read and acknowledge the Code of Conduct.

What is the name of your plugin?

OctoGoat

What does your plugin do?

OctoGoat helps users recover failed 3D prints when the partially completed print is still attached to the bed.

The plugin generates reconstructed resume G-code locally inside OctoPrint, using the original G-code file, the measured print height, and the user’s slicer layer height. It also provides a guided alignment flow so the user can safely align the printer to the real-world print position before choosing to resume.

It is designed to keep the user in control of printer movement and final resume confirmation. It does not force automatic Z homing into an existing print.

OctoGoat also includes optional Klipper/Moonraker support through a user-provided local Moonraker address.

Where can we find the source code of your plugin?

https://github.com/ksmith1489/octogoat-plugin

Was any kind of genAI (ChatGPT, Copilot etc) involved in creating this plugin?

Yes. ChatGPT, GitHub Copilot, and Codex were used as development assistants while building and refining the plugin.

The plugin was not simply generated blindly and published without review. I have been actively involved in the design, testing, debugging, and iteration of the plugin, including testing the OctoPrint UI, local resume G-code generation, license validation behavior, and Klipper/Moonraker command flow on actual printer setups.

I understand the main architecture and behavior of the plugin: the OctoPrint plugin UI gathers the file and recovery inputs, the local resume engine reconstructs the resume G-code, unsafe commands are removed before resuming, alignment commands are user-triggered, and the external service is used for subscription/license validation rather than for uploading or processing the print file.

I also have prior coding experience from building trading bots and indicators, including Pine Script and MetaTrader 4 related work, and I am comfortable maintaining and debugging this plugin going forward.

Is your plugin commercial in nature?

Yes.

OctoGoat is a commercial plugin with subscription-based licensing. Installing the plugin is free, but an active paid subscription is required before the plugin can generate, download, upload, or execute resume output. There is only one price and plan for $29 per year.

License, terms, and privacy information are available at:

https://app.lazarus3dprint.com

Does your plugin rely on some cloud services?

Partially.

The resume G-code generation runs locally inside the OctoPrint plugin. The original G-code file is not uploaded to the OctoGoat/Lazarus service for resume generation.

The plugin does use the OctoGoat/Lazarus service at:

https://app.lazarus3dprint.com

for subscription and license validation.

The plugin is marked with the cloud attribute and includes a privacy policy link in the registration file:

https://app.lazarus3dprint.com/privacy

If the license validation service is unreachable, the plugin is intended to fail gracefully and not cause OctoPrint itself to malfunction.

Further notes

OctoGoat is focused on failed-print recovery with a safety-first, user-controlled workflow. Its goal is to make print recovery approachable for normal users while avoiding dangerous automatic behavior, especially around Z homing and printer movement near an already-existing print..
Big Thank you to Gina and everyone that keeps OctoPrint going strong. Holler at me and I will give you guys coupon codes for a free year's subscription.

[jacopotediosi]

The following is the result of my preliminary review. A decision on this PR will follow in the next days.

Security concerns

• The plugin's SimpleAPI endpoints check that the user is authenticated but do not verify granular permissions. E.g. some commands allow moving the printer head without checking the CONTROL permission, others modify plugin settings without checking the SETTINGS permission.

• The plugin injects a JavaScript file from Stripe's site into OctoPrint's DOM, on every page and even when the plugin is not in use - as long as it is installed and enabled - in order to handle license payments. This allows Stripe to execute virtually any JavaScript code within OctoPrint's pages, and could be a risk - even assuming we trust Stripe - due to potential supply chain attacks. Furthermore, I'm not convinced that handling payments inside OctoPrint's UI is a good idea, and I don't think it's a responsibility the project wants to take on. Please handle payments outside OctoPrint, e.g. on your own licensing server.

Privacy concerns

• The Privacy Policy does not mention that Stripe's Privacy Policy also applies, nor that including Stripe's script could result in third-party data collection.

Concerns about the licensing approach

• There is no way to know the pricing, the available plans, or the limits of the free tier (if any) before installing the plugin.

• The license check is entirely client-side and performed in the plugin's template file. A user could bypass it without even needing to tamper with the plugin's code, simply by using the plugin's SimpleAPI endpoints (which don't check license validity at all), or by setting the last_validated field in the settings to today's date, tricking the plugin into thinking the license has already been validated.

Concerns about adherence to OctoPrint best practices

• The plugin still uses setup.py instead of the newer pyproject.toml-based packaging. Wasn't it generated from a recent version of the cookiecutter template?

• is_template_autoescaped is not implemented, so a warning is printed to the logs on every OctoPrint startup.

• The Software Update hook is not implemented, so plugin users won't be notified of future plugin updates and won't be able to upgrade easily.

Legal concerns

• The static images in the plugin's folder carry a Sora watermark, so I assume they were generated on the free plan. I believe their terms of use do not allow commercial use of those images.

• It should also be verified whether the plugin is actually allowed to use the Octo prefix in its name, according to OctoPrint's Trademark Rules. I'm not sure fair use would be justifiable here, per section 5(b):

  Using trading names that include the prefix "Octo" for the sole purpose of giving the impression that the product or service in question is related to OctoPrint.

Minor concerns about code hygiene

• Placeholders are left throughout:

  • In the online Privacy Policy: Privacy questions: support@YOURDOMAIN.COM
  • In README.md: Terms: https://YOURDOMAIN.COM/terms and Privacy: https://YOURDOMAIN.COM/privacy
  • In TERMS.md: Support: support@YOURDOMAIN.COM Business / OEM / partnership inquiries: support@YOURDOMAIN.COM
  • In PRIVACY.md: Privacy questions: support@YOURDOMAIN.COM
  • In __init__.py: __plugin_url__ = "https://YOURDOMAIN.COM/octogoat" and __plugin_license__ = "Proprietary - See LICENSE.txt"

• Many of the plugin's defined settings are unused, e.g. api_key, park_z_offset, smart_park_enabled, smart_park_acknowledged.

• Stray files have been committed: a .codex file and the __pycache__ directory.

• In __init__.py the plugin version is 0.1.0, but in setup.py it is 0.1.1.

[jacopotediosi]

This must be the same as declared in your __plugin_pythoncompat__: >=3.7,<4

[ksmith1489]

Hi @jacopotediosi, I pushed follow-up changes addressing the preliminary review.

Summary of fixes:

• Registry metadata aligned and updated, including python: ">=3.7,<4" and removal of the misleading free-tier attribute.
• Plugin metadata cleaned up and made consistent with OctoPrint control properties.
• Added server-side OctoPrint permission checks for sensitive SimpleAPI commands.
• Moved pricing and checkout out of the OctoPrint UI and onto the Lazarus activation site.
• Added server-side license enforcement for generating, downloading, uploading, and executing resume output.
• Added is_template_autoescaped and the Software Update hook.
• Updated privacy wording to mention Stripe's privacy policy and corrected placeholder/legal text.
• Removed the unused watermarked image file and other stray tracked artifacts.

Activation, pricing, and legal pages are now here:

• https://app.lazarus3dprint.com/activate
• https://app.lazarus3dprint.com/privacy
• https://app.lazarus3dprint.com/terms
• https://app.lazarus3dprint.com/license

The plugin source updates are on ksmith1489/octogoat-plugin main, and the registry submission branch has been updated as well.

Please take another look when you have time. Thank you.

[jacopotediosi]

Some points from my initial review haven't actually been addressed: unused settings are still there (and with your latest commits last_validated was added to the list). In the images folder there's still one with the Sora watermark, although it's not the one I had explicitly flagged in the initial review. The plugin still hasn't been migrated to pyproject.toml, and in any case it doesn't use the cookiecutter template I had linked.

As has already happened in the past with heavily vibecoded plugins, here too the use of AI has made the code hard to review (and therefore to maintain) for a human. To be honest, it really feels like the human is barely in the loop here.

Beyond the dead code (there are unreachable branches, entire functions and API commands that aren't called from anywhere), it's the very structure of the code that doesn't make much sense. For example, in on_after_startup, self._ensure_assumed_position_defaults() is called, whose body is:

def _ensure_assumed_position_defaults(self):
    # Leave fresh-install settings blank; runtime fallbacks are computed as needed.
    return

I don't think any of this makes sense, just like many of the ideas in this plugin, that's why I'm for rejecting this PR.

Final decision is up to the other reviewers and @foosel, of course (also regarding the use of the Octo prefix in the plugin name, in case it doesn't fall within the fair use of the OctoPrint watermark rules).

[jneilliii]

I don't think any of this makes sense, just like many of the ideas in this plugin, that's why I'm for rejecting this PR.

Final decision is up to the other reviewers and @foosel, of course (also regarding the use of the Octo prefix in the plugin name, in case it doesn't fall within the fair use of the OctoPrint watermark rules).

I am in agreement of rejecting this PR based on Jacopo's review and the quality of code not meeting our expected standards.

As it relates to the Octo prefix you can find more about that in the Trademark Rules, section 5. Based on the website name you may want to rebrand anyway to use the Lazarus name, which is very fitting for what the plugin does.

[jacopotediosi]

I'm replying for transparency and to provide some additional useful feedback, but this will be my last comment here, as I don't want to fuel potential drama.

---

I think there was a misunderstanding on my part as much of the review language just sounded like complaining rather than this needs to be fixed, that needs to be fixed, it came off more like just criticism.

This isn't criticism for its own sake. I evaluated your code and provided my honest review.

The code is sloppy. That doesn't necessarily mean it doesn't work, but that it's barely understandable to a human, because the code structure and the project design don't reflect a way of reasoning that's easily comprehensible, nor the programming patterns we're accustomed to. Even the foundations of your plugin were blindly generated from scratch by your LLM instead of following the documentation and the cookiecutter template, and as a result they differ from the norm.

You submitted this PR without a human review pass, because otherwise you would have noticed that many things don't make sense. A glaring example is that very function that is called on startup and simply returns with no body.

This is exactly the biggest problem we're running into with vibecoding, including in other plugins we've rejected recently. Reviewing incomprehensible code like this takes considerable effort, and it becomes a lack of respect for our time. In particular, we expect to review a plugin when it's ready for final publication, not while it's still a work in progress or hasn't been cleaned up to the best of your ability.

I might have sloppy code but I can fix that problem AND HAVE FIXED THE BIGGEST PROBLEM WITH 3D PRINTING PERIOD.

That's a very strong claim. Keep in mind that the higher the claims you make about your product, the higher the expectations will be.

And with the progress of LLMs .... maintaining the plugin isn't going to be difficult. We moved and rerouted the entire stripe payment flow which the first time took forever but now it was one prompt. And one more little clean up prompt. Things that I pulled my hair out for weeks over are done in seconds now. Ok so I will go back and look at everything you mentioned and take it as something to be fixed and fix it.

That's not how things work, at least not in OctoPrint. In this PR's template you ticked a checkbox in which you guarantee that you understand the code you wrote. We have also a policy that explicitly requires you to understand your own code. This is meant to ensure quality standards and to protect OctoPrint's users.

It's not a matter of "one more little prompt". We expect you to do the bulk of the work, because we can't trust what your LLM generated blindly. We need guarantees and accountability, and we need code we can understand, because that's how open source works.

Do me a favor and just try it. Here is a promotional code [REDACTED] that will give you free forever access to the plugin.

As I told you in the preliminary review, the license verification is client side and the code is open source. The verification mechanism is bypassable by design (even after your additional hardening changes), as long as your entire resume logic stays client side. That's exactly what I did during the review to test the plugin. So I don't need any coupon.

A genetic disorder ended my 30 years of cabinet [...]. Sorry for getting personal, but everything is personal when you are a person.

I can empathize with your story, but we're here to evaluate the code. There shouldn't be anything personal about this process, and I did my best to evaluate your code and not your person. If you'll notice, I only expressed opinions about your plugin, not about you.

To make this process easier, please, going forward as well, keep personal stories out of PRs.

This needs to be available to the public.

It still can be. You can distribute the plugin through your own channels, and users will be able to install it via OctoPrint's Plugin Manager by entering the URL.

We simply concluded that the plugin doesn't meet the quality standards required for publication in OctoPrint's official plugin repository.