Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.altnautica.com/llms.txt

Use this file to discover all available pages before exploring further.

The manifest is the entire contract between a plugin and the host. Get it right and everything else (install, permission grants, slot mounting, capability checks) falls into place automatically.

File location

manifest.yaml lives at the root of the .adosplug archive. The host opens the archive, reads the manifest first, and refuses to unpack anything else if the manifest fails validation.

Top-level shape

plugin:           # required, identity block
compatibility:    # required, version + profile gates
agent:            # optional, agent half
gcs:              # optional, GCS half
assets:           # required, file list with hashes
signing:          # required, Ed25519 signature
At least one of agent or gcs must be present. The host accepts plugins that ship only one half; first-party Battery Health Panel, for example, is GCS-only.

plugin

FieldTypeNotes
idstringReverse-DNS, lowercase, dotted. Regex ^[a-z][a-z0-9-]*(\.[a-z][a-z0-9-]*)+$.
versionstringSemver.
namestringOperator-facing display name.
authorstringFree-form. Single name or organization.
licensestringSPDX expression. GPL-3.0-or-later recommended.
descriptionstringOne sentence under 200 chars.
homepageurlOptional. Direct link to the plugin’s source.
sourceurlOptional. The repository URL.
tagsstring[]Optional. For registry search later.

compatibility

FieldNotes
ados_versionsemver range. The agent half compares against setup status or /api/version.
gcs_versionsemver range. The GCS half compares against the running build.
python_versionoptional. Required only if agent: is set.
min_tierinteger. Vehicle integration tier. 0 means any drone.
supported_boardsarray. Either ["*"] or specific board ids the plugin needs.
profilesarray. Subset of ["drone", "ground-station"].

agent

agent:
  entrypoint: "agent/plugin.py"
  isolation: "subprocess"        # or "inprocess" for first-party
  permissions:
    - event.publish
    - event.subscribe
    - mavlink.read
  resources:
    max_ram_mb: 64
    max_cpu_percent: 10
    max_pids: 4
  contributes:
    services: []                 # optional, named services on the agent bus
isolation: subprocess is the default and the only mode third-party plugins are allowed to declare. inprocess is reserved for built-in plugins that ship inside the agent itself.

gcs

gcs:
  bundle: "gcs/plugin.bundle.js"
  isolation: "iframe-sandbox"    # only mode supported
  permissions:
    - ui.slot.fc-tab
    - telemetry.subscribe.battery
  contributes:
    panels:
      - id: battery-health-tab
        slot: fc.tab
        title: "Battery Health"
        icon: "battery"
        order: 30
    notifications:
      - id: battery-anomaly
        title: "Battery anomaly"
        severity: warning
    settings_sections:
      - id: battery-health-settings
        title: "Battery Health"
    locales:
      - "en"
Slots from the 12-slot taxonomy live in contributes.panels[].slot. Each panel needs an id unique within the plugin, a slot, and a human-readable title.

assets

Every file the host needs to extract must be listed: 
assets:
  - path: "gcs/plugin.bundle.js"
    role: "gcs-bundle"
    sha256: "<computed-by-pack.sh>"
  - path: "locales/en.json"
    role: "gcs-locale"
    sha256: "<computed-by-pack.sh>"
The role catalog: gcs-bundle, gcs-style, gcs-locale, icon, config-schema, agent-entrypoint, agent-source. The host verifies SHA-256 on every asset at install time. If a hash mismatches the install is rejected with code 12 (manifest_invalid).

signing

signing:
  signature: "<base64 ed25519>"
  signer_key_id: "altnautica-2026-A"
  algorithm: "ed25519"
Sign the canonical manifest body (signature placeholder set to "" during signing). The host re-canonicalizes the same way on verify. Unknown signer ids are rejected with code 10 unless the agent is in developer mode.

See also