Skip to main content
The hosted registry is not built yet, so there is no submission API or publisher account to register against today. To ship a plugin now, use local file install or URL install: both take a signed .adosplug and need no registry account. The flow below is the planned submission contract, documented so authors can structure a plugin for it in advance.
In the planned design, the registry is gated by signature, not gated by review for every submission. Low-risk, OSS-licensed, signed-by-known-publisher plugins auto-publish. High-permission or vendor-binary plugins queue for human review. Either way you upload the same archive.

Prerequisites

  1. A built and tested plugin (see Your first plugin).
  2. An Ed25519 publisher key (see Signing keys).
  3. A registry account with a registered publisher key id.
  4. A registry token (ADOS_REGISTRY_TOKEN env var) for the REST API, or the equivalent web sign-in for the UI.

Step 1: Pack

Output: dist/<plugin-id>-<version>.adosplug. The archive is deterministic. Two pack runs against the same source tree produce byte-identical archives.

Step 2: Sign

Output: dist/com.example.foo-1.0.0.signed.adosplug. The signature covers the canonical payload hash: a SHA-256 over the sorted list of each archive entry’s path and SHA-256, so every file is bound, not just the manifest. The signer key id and the base64 signature are written into an in-archive SIGNATURE file (two lines: signer id, then signature).

Step 3: Register your publisher key

Once per key. The registry needs the public half so it can verify your submitted archives. Web UI: log in at registry.example.com, open Account, Signing keys, Add key, paste the raw 32-byte hex public key, and pick a key id that matches ADOS_SIGNING_KEY_ID. REST:
The response includes the registered key id and the SHA-256 fingerprint shown to operators on the install dialog. To become a verified publisher (green badge in the catalog), follow registry.example.com/verify. It is a domain ownership proof plus six months of activity on the registry. Verified status is not required for submission; it just changes the operator-facing trust signal.

Step 4: Submit

REST upload:
Web UI: Submit, Upload archive. Drop the file, fill the metadata form (repo URL, category, release notes), submit.

What happens server-side

  1. The registry validates the manifest against the JSON Schema. A schema failure rejects the submission immediately.
  2. The Ed25519 signature is verified against your registered public key. Mismatch rejects with the signer key id and fingerprint in the error body.
  3. The static analyzer runs over the agent half (Python source detection of subprocess, eval, os.system, undeclared requests / socket calls, file writes outside ctx.data_dir) and the GCS bundle (detection of eval, Function(), top.location, document.cookie, localStorage).
  4. The submission is routed to one of the states below.

Submission states

Check status:

Manifest fields the analyzer reads

The analyzer relies on accurate manifest declarations. Fields that matter at submission time:

Categories

Pick the closest match. The analyzer does not block on category choice, but the wrong category is a soft signal and can route a submission to review when it would have auto-published.

Resubmitting after rejection

Fix what the rejection reason called out. Bump the version (semver patch is fine for analyzer fixes). Re-run pack and sign. Submit the new archive. The previous submission stays in rejected state for the audit trail; the new submission gets its own state machine.

Withdrawal

To remove a published version:
Withdrawal removes the version from search and the download endpoint. Already-installed copies keep running; operators see a “withdrawn by author” badge on the detail page. For active malicious-version recall, use revocation instead (see Revocation and incidents).

See also