Skip to main content
ados plugin lint runs a static-analysis rule set over a packed archive. It is the same rule set the planned registry will apply at submission time, so running it locally before you push a tag catches findings early.

Quickstart

Output:
JSON form for CI:
Exit code 0 means pass. Non-zero means at least one finding at severity error or critical.

What it checks

The linter unpacks the archive and walks every entry. Findings are keyed by rule id with severity and the source location.

Python rules

GCS bundle rules

Manifest and archive rules

info findings are advisory and do not affect the verdict. warn findings show in the report but still pass. error findings fail.

Score

Each finding deducts points: Floor at 0. The planned registry will use the same score, with an auto-publish gate at 90 or above plus zero error findings.

Network imports versus permissions

If your plugin imports requests, httpx, or aiohttp, the linter warns unless the manifest declares network.outbound. The host enforces this at runtime regardless. Declare the permission and the warning disappears.

False positives

The linter is conservative. If a finding is wrong for your case (the SDK wraps a syscall the rule did not learn yet, your eval is in a data file the linter mistakes for code), open an issue with the archive and the finding so the rule can be tightened.

Running before every release

Recommended pre-tag check:
Wire this into your release workflow as a CI step before the GitHub Release upload. A failing lint should block the release.

See also