Skip to main content
Run:
npx @budscollab/cli app pack budscollab.package.json
The review report explains package surfaces, tools, safety posture, and marketplace blockers. It is evidence for review, not proof of installation. The review report includes:
  • schemaVersion
  • status
  • packageCount
  • package summaries with id, source, surfaces, required host capabilities, validation gates, tool names, property ids, JSON-render action ids, JSON-render sample names, provenance, renderer boundary, and permission boundary
  • marketplace blockers explaining why the artifact is not installable yet
Current SDK artifacts should remain hostInstallable: false until publisher verification, stored review evidence, signing, and host install policy exist.

Key fields

FieldWhat to check
hostInstallable: falseThe artifact is review-gated, not ready for marketplace install.
reviewPolicyPublisher identity, stored review evidence, signing, and host policy are still required.
artifactDigestsPackage hashes are preserved for future signing.
installableCount: 0Registry output remains non-installable until host gates pass.
For registry handoff, include owner metadata and run the registry preflight commands:
npx @budscollab/cli app pack budscollab.package.json --owner-id example-dev --owner-name "Example Developer" --visibility unlisted
npx @budscollab/cli app registry budscollab-registry-submission.json --out budscollab-registry-index.json
npx @budscollab/cli app registry-validate budscollab-registry-index.json
npx @budscollab/cli app registry-acceptance budscollab-registry-submission.json --out budscollab-registry-acceptance-request.json
npx @budscollab/cli app registry-acceptance-validate budscollab-registry-acceptance-request.json
npx @budscollab/cli app registry-publisher-verification budscollab-registry-submission.json --out budscollab-registry-publisher-verification.json
npx @budscollab/cli app registry-publisher-verification-validate budscollab-registry-publisher-verification.json
npx @budscollab/cli app registry-review-evidence budscollab-registry-submission.json --out budscollab-registry-review-evidence.json
npx @budscollab/cli app registry-review-evidence-validate budscollab-registry-review-evidence.json
npx @budscollab/cli app registry-signing-request budscollab-registry-acceptance-request.json --out budscollab-registry-signing-request.json
npx @budscollab/cli app registry-signing-request-validate budscollab-registry-signing-request.json
npx @budscollab/cli app registry-install-policy budscollab-registry-signing-request.json --out budscollab-registry-install-policy.json
npx @budscollab/cli app registry-install-policy-validate budscollab-registry-install-policy.json
The output is still review evidence. It can prove that the repo produced a valid package, declared owner metadata, preserved unsigned artifact digests, and prepared the future hosted registry payloads. It does not prove publisher verification, stored review evidence, signing, install policy, or marketplace install. For the meaning of each registry artifact, see Registry.