Prerequisites
- A built and tested plugin (see Your first plugin).
- An Ed25519 publisher key (see Signing keys).
- A registry account with a registered publisher key id.
- A registry token (
ADOS_REGISTRY_TOKENenv var) for the REST API, or the equivalent web sign-in for the UI.
Step 1: Pack
dist/<plugin-id>-<version>.adosplug.
The archive is deterministic. Two pack runs against the same source
tree produce byte-identical archives.
Step 2: Sign
dist/com.example.foo-1.0.0.signed.adosplug. The signature
covers the canonical payload hash: a SHA-256 over the sorted list of
each archive entry’s path and SHA-256, so every file is bound, not just
the manifest. The signer key id and the base64 signature are written
into an in-archive SIGNATURE file (two lines: signer id, then
signature).
Step 3: Register your publisher key
Once per key. The registry needs the public half so it can verify your submitted archives. Web UI: log in atregistry.example.com, open
Account, Signing keys, Add key, paste the raw 32-byte hex public
key, and pick a key id that matches ADOS_SIGNING_KEY_ID.
REST:
registry.example.com/verify. It is a domain ownership
proof plus six months of activity on the registry. Verified status
is not required for submission; it just changes the operator-facing
trust signal.
Step 4: Submit
REST upload:Submit, Upload archive. Drop the file, fill the metadata
form (repo URL, category, release notes), submit.
What happens server-side
- The registry validates the manifest against the JSON Schema. A schema failure rejects the submission immediately.
- The Ed25519 signature is verified against your registered public key. Mismatch rejects with the signer key id and fingerprint in the error body.
- The static analyzer runs over the agent half (Python source
detection of
subprocess,eval,os.system, undeclaredrequests/socketcalls, file writes outsidectx.data_dir) and the GCS bundle (detection ofeval,Function(),top.location,document.cookie,localStorage). - The submission is routed to one of the states below.
Submission states
Check status:
Manifest fields the analyzer reads
The analyzer relies on accurate manifest declarations. Fields that matter at submission time:Categories
Pick the closest match. The analyzer does not block on category choice, but the wrong category is a soft signal and can route a submission to review when it would have auto-published.Resubmitting after rejection
Fix what the rejection reason called out. Bump the version (semver patch is fine for analyzer fixes). Re-run pack and sign. Submit the new archive. The previous submission stays inrejected state for the audit
trail; the new submission gets its own state machine.