> ## Documentation Index
> Fetch the complete documentation index at: https://docs.budscollab.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Review report

> Review evidence produced by the BudsCollab CLI.

Run:

```bash theme={null}
npx @budscollab/cli app pack budscollab.package.json
```

The review report explains package surfaces, tools, safety posture, and
marketplace blockers. It is evidence for review, not proof of installation.

The review report includes:

* `schemaVersion`
* `status`
* `packageCount`
* package summaries with id, source, surfaces, required host capabilities,
  validation gates, tool names, property ids, JSON-render action ids,
  JSON-render sample names, provenance, renderer boundary, and permission
  boundary
* marketplace blockers explaining why the artifact is not installable yet

Current SDK artifacts should remain `hostInstallable: false` until publisher
verification, stored review evidence, signing, and host install policy exist.

## Key fields

| Field                    | What to check                                                                            |
| ------------------------ | ---------------------------------------------------------------------------------------- |
| `hostInstallable: false` | The artifact is review-gated, not ready for marketplace install.                         |
| `reviewPolicy`           | Publisher identity, stored review evidence, signing, and host policy are still required. |
| `artifactDigests`        | Package hashes are preserved for future signing.                                         |
| `installableCount: 0`    | Registry output remains non-installable until host gates pass.                           |

For registry handoff, include owner metadata and run the registry preflight
commands:

```bash theme={null}
npx @budscollab/cli app pack budscollab.package.json --owner-id example-dev --owner-name "Example Developer" --visibility unlisted
npx @budscollab/cli app registry budscollab-registry-submission.json --out budscollab-registry-index.json
npx @budscollab/cli app registry-validate budscollab-registry-index.json
npx @budscollab/cli app registry-acceptance budscollab-registry-submission.json --out budscollab-registry-acceptance-request.json
npx @budscollab/cli app registry-acceptance-validate budscollab-registry-acceptance-request.json
npx @budscollab/cli app registry-publisher-verification budscollab-registry-submission.json --out budscollab-registry-publisher-verification.json
npx @budscollab/cli app registry-publisher-verification-validate budscollab-registry-publisher-verification.json
npx @budscollab/cli app registry-review-evidence budscollab-registry-submission.json --out budscollab-registry-review-evidence.json
npx @budscollab/cli app registry-review-evidence-validate budscollab-registry-review-evidence.json
npx @budscollab/cli app registry-signing-request budscollab-registry-acceptance-request.json --out budscollab-registry-signing-request.json
npx @budscollab/cli app registry-signing-request-validate budscollab-registry-signing-request.json
npx @budscollab/cli app registry-install-policy budscollab-registry-signing-request.json --out budscollab-registry-install-policy.json
npx @budscollab/cli app registry-install-policy-validate budscollab-registry-install-policy.json
```

The output is still review evidence. It can prove that the repo produced a
valid package, declared owner metadata, preserved unsigned artifact digests, and
prepared the future hosted registry payloads. It does not prove publisher
verification, stored review evidence, signing, install policy, or marketplace
install.

For the meaning of each registry artifact, see [Registry](/concepts/registry).
