You can monetize plugins
Nothing in the plugin system stops you from charging for your plugin. You can:- Sell licences directly to operators.
- Ship a closed-source proprietary plugin under your own EULA.
- Run a subscription or activation server and have your plugin check in against it.
- Bundle paid support, updates, or a hardware product.
- Offer a free open-source community edition plus a paid pro edition under different licenses.
Pick any license
Declare the license in the manifest using a valid SPDX identifier or expression:LicenseRef-<your-id>
form and ship the full license text in the archive at
LICENSE.txt.
The host runtime does not gate plugins by license at install time.
Operators see the declared license string in the install dialog
and can decide whether they accept it.
What changes when you link against GPL code
The agent and the GCS are licensed GPL-3.0-or-later. If your plugin links into the same process (the GCS iframe is a separate process by default; the agent’sinprocess isolation mode is the
case that matters) then the GPL’s copyleft can apply. The
practical patterns:
- GPL-friendly host integration. Default. The agent runs
third-party plugins as separate subprocesses over a defined IPC
surface. The GCS sandboxes plugins inside iframes that
communicate by
postMessage. Subprocess and iframe boundaries are widely treated as license boundaries; your plugin can ship under a license different from the host without copyleft reaching into your code. - Inprocess isolation. Reserved for first-party Altnautica plugins. Third-party plugins do not get inprocess linkage today, so the GPL-linkage question does not arise.
- Vendor SDKs. A proprietary SDK loaded by your plugin runs inside your plugin’s subprocess, not the host’s. You are responsible for whether the SDK’s licence allows distribution with your plugin. See Vendor binaries.
How distribution channels interact with licensing
There are three distribution channels for plugins. Each one has different requirements.
For commercial closed-source plugins, URL install is usually the
right channel. You keep your archive on your own infrastructure,
your own gating logic decides who gets the download URL, and your
EULA is part of your transaction with the operator. The agent
does not need to know any of that.
The hosted registry is best for OSS plugins where free
redistribution is the intent. For commercial offerings, the
registry’s auto-publish gate is OSS-licence-only and discretion
on hosted distribution rests with the registry operator.
The hosted registry’s auto-publish list
The Altnautica-hosted registry’s auto-publish path accepts these licenses without manual review (when the registry is live):
Anything else routes to manual review at the registry operator’s
discretion. The same plugin can ship through URL install with no
review involved.
Vendored binaries
Some plugins must ship vendor SDKs (camera firmware, gimbal control libraries, model files with their own license). Declare the inclusion on the agent half withcontains_vendor_binary plus vendor_attribution:
- Each declared vendor binary carries its own
license(required). Ship the full license text inside the archive too. - The plugin’s overall
licenseis independent. A GPL-3.0-or-later wrapper around an Apache-2.0 vendor SDK is fine. A GPL-3.0-or-later wrapper around a proprietary SDK is fine provided the proprietary terms allow distribution. - Third-party plugins already run subprocess isolation; setting
contains_vendor_binaryadds the vendor-binary signal to the install dialog. - The
ados plugin lintstatic analyzer never inspects vendor binaries; the publisher is on the hook for what they ship. - Operators see the vendor attribution on the install dialog and on the plugin detail page.
Patent grants and DRM
Plugins that bundle DRM, attempt to enforce DRM, or include software patents that they assert against the host or other plugins are rejected. The registry’s redistribution right is conditioned on the publisher not asserting patents against the host runtime or against other plugins running on the same host.SECURITY.md is recommended
Add aSECURITY.md at the root of your plugin’s source repository.
The file should cover:
- How to report a security issue (preferred contact channel).
- PGP key or signal channel for sensitive reports.
- Your typical response cadence so reporters know what to expect.
- The current major versions you support with security fixes.
- Whether you publish post-mortems.
SECURITY.md is recommended for any plugin you distribute. When the
hosted registry is live it will factor into submission review; today it
is good practice that helps reporters reach you.
Trademark policy
Altnautica brand assets are reserved. Specifically:
What is allowed:
- Stating compatibility: “Works with the ADOS Drone Agent”, “Mission Control plugin”, “for ADOS Mission Control”.
- Pointing to the Altnautica docs or GitHub from your README.
- Using the standard manifest field
compatibility.ados_versionto declare the agent versions you target.
com.your-name.something) makes namespace ownership
explicit.
If you are an integrator or partner who wants to use the trademarks
in marketing material, get in touch through the contact channel on
altnautica.com for a trademark usage
agreement.
The registry’s role: distributor, not author
The registry hosts archives published by their authors. The registry does not author the plugins. Specifically:- The registry redistributes signed archives the publisher uploaded.
- The registry runs static analysis at submission time as a defense-in-depth measure, not as a quality endorsement.
- The registry hosts metadata (description, screenshots, README) the publisher provided.
- The registry does not modify the archive bytes after upload.
No warranty
The agent and the GCS ship under GPL-3.0-or-later, which carries no warranty. Plugins inherit the same default. Specifically:- Plugins distributed via the Altnautica registry come with no warranty from Altnautica.
- The plugin’s own license governs what the publisher warrants. A GPL-3.0-or-later plugin disclaims warranty per GPL section 15.
- Verified-publisher status is not a warranty. It is a domain- ownership proof plus a track record on the registry.
- The static-analyzer report is a snapshot of detected patterns at submission time. It is not a security audit.