Four primitives describe every plugin in ADOS: a manifest, a signature, a sandbox, and a set of capability tokens. If you understand those four, the rest of the system follows.Documentation Index
Fetch the complete documentation index at: https://docs.altnautica.com/llms.txt
Use this file to discover all available pages before exploring further.
Manifest
Amanifest.yaml at the root of the archive declares everything the
host needs to install the plugin: the id, the version, which halves
(agent, gcs, or both), the permissions each half requests, the
slots the GCS panels mount into, and the SHA-256 of every shipped
asset.
The host validates the manifest against
schemas/plugin-manifest.schema.json before unpacking anything. A
malformed manifest is rejected with code 12 (manifest_invalid).
See manifest reference for the full field list.
Signature
The archive is an Ed25519-signed zip. The signing pass:- Computes a SHA-256 over each declared asset.
- Writes the hashes back into
manifest.yaml. - Signs the canonical manifest body with an Ed25519 private key.
- Embeds the base64 signature back into
manifest.yaml’ssigningblock.
altnautica-2026-A) are pre-trusted.
Third-party keys must be added explicitly. Unsigned archives install
only when the agent is in developer mode (red banner, manual
toggle).
Sandbox
Each half runs in a separate sandbox.- Agent half: a Python subprocess under
ados-supervisor. cgroup v2 controls cap CPU percent, memory, and PIDs. seccomp tightens the syscall surface. The plugin reaches the host only through a Unix domain socket; it cannot open arbitrary network sockets unless it declarednetwork.outbound. - GCS half: an
<iframe sandbox="allow-scripts">with noallow-same-origin. Null origin means no shared cookies, no shared storage, no DOM access to the host. The plugin reaches the host only throughpostMessage. The host validates every envelope.