ados plugin lint runs a static-analysis rule set over a packed
archive. It is the same rule set the planned registry will apply at
submission time, so running it locally before you push a tag catches
findings early.
Quickstart
error or critical.
What it checks
The linter unpacks the archive and walks every entry. Findings are keyed by rule id with severity and the source location.Python rules
GCS bundle rules
Manifest and archive rules
info findings are advisory and do not affect the verdict. warn
findings show in the report but still pass. error findings fail.
Score
Each finding deducts points:
Floor at 0. The planned registry will use the same score, with an
auto-publish gate at 90 or above plus zero
error findings.
Network imports versus permissions
If your plugin importsrequests, httpx, or aiohttp, the linter
warns unless the manifest declares network.outbound. The host
enforces this at runtime regardless. Declare the permission and the
warning disappears.
False positives
The linter is conservative. If a finding is wrong for your case (the SDK wraps a syscall the rule did not learn yet, youreval is in a
data file the linter mistakes for code), open an issue with the
archive and the finding so the rule can be tightened.