DevelopersAPIPlugin authors
Everything a developer needs to publish extensions, inspect the marketplace contract, wire agents into catalog search, and understand why a release passed or failed review.
Start here when you are building a plugin or theme and need to know what the runtime expects before a bundle reaches review.
How EmDash loads plugins, grants capabilities, copies bundles into site storage, and tracks installs.
The fields every plugin declares: capabilities, hooks, routes, storage, admin surfaces, and version support.
The permission vocabulary site owners see before installing a marketplace plugin.
Register an extension, upload a tarball, wire GitHub releases, and understand version review states.
The marketplace is meant to be read by EmDash core, people, search engines, and agents. The same catalog data is available through predictable human and machine surfaces.
The public read contract used by EmDash core and third-party catalog clients.
Streamable HTTP JSON-RPC tools for agents that need marketplace search and metadata.
A concise machine-readable index for AI crawlers and coding assistants.
New plugins, updated plugins, new themes, and the weekly digest as feed endpoints.
Releases are easier to trust when every step is inspectable: source, declared permissions, scanner findings, AI review, badges, and moderation history.
Static scanner rules, AI review behaviour, trust tiers, and public rejection history.
Each plugin detail page exposes embeddable SVG badges for audit status, trust tier, downloads, installs, and lifecycle state.
The authenticated place to create listings, upload versions, and manage release history.
The app, audit pipeline, API contracts, tests, migrations, and deployment scripts.