Publishing Plugins
HaloForge uses one publishing toolchain for official and community plugins.
Package
Section titled “Package”npx --yes @haloforge/plugin-pack@0.2.13 check .npx --yes @haloforge/plugin-pack@0.2.13 pack . --release --out dist/packageGenerate Catalog Metadata
Section titled “Generate Catalog Metadata”npx --yes @haloforge/plugin-pack@0.2.13 metadata dist/package/<plugin-id>-<version>.hfpkg \ --signing-key-id haloforge-official-2026-05 \ --signing-key-env HF_PLUGIN_SIGNING_PRIVATE_KEY \ --pretty \ --output dist/catalog-draft.jsonSubmit
Section titled “Submit”npx --yes @haloforge/plugin-pack@0.2.13 submit dist/catalog-draft.json --token-env HF_ADMIN_TOKENOfficial plugin repositories should run this through GitHub Actions and store signing keys in repository secrets.
When a plugin uses the multi-window manifest policy or current-window title SDK APIs, publish it with min_app_version at least 0.8.0 and min_host_api_version at least 0.2.13.
Review Model
Section titled “Review Model”Submitted metadata creates a draft. An admin reviews:
- source label
- package signature
- manifest permissions
- compatibility
- artifact URL
- homepage/repository URL
- trust policy
Only approved items should be published to the public catalog.