.adosplug; the agent downloads it,
verifies the signature, and runs the same install flow as a local file.
How it works
URL install is a GCS-driven flow, not a standalone agent command. The GCS posts the URL to the agent’sPOST /api/plugins/install_from_url
endpoint. The agent downloads the archive directly (no intermediate
storage hop), then hands the bytes to the same installer that local file
install uses: archive parse, signature verify, manifest validation,
board-compatibility check, and permission gating all run unchanged. Only
the transport differs.
There is no ados plugin install <url> command. The agent CLI installs
from a local path; the URL path is reached through the GCS.
When to use it
Local file install is right when you have the.adosplug on disk and
want a deterministic, sneakernet-friendly path. URL install is right
when you want the operator to paste a published release link into the
GCS instead of downloading the file first.
GCS flow
In Mission Control -> Settings -> Plugins -> Install plugin, choose Install from URL, paste the link, and submit. The GCS forwards it to the agent over the host bridge. Once the agent has downloaded and parsed the archive, the same permission dialog as local file install appears: name, version, signer, risk band, and requested permissions for approval.Rules the agent enforces
A URL whose host is not on the allowlist is rejected before any bytes
are downloaded.