Publishing to Registry
The AI Supreme Council marketplace uses a tiered distribution model that balances openness with trust. You can distribute apps freely by URL, or list them in the registry for broader discovery with trust badges.
Distribution Tiers
| Tier | How to List | Review | Badge | Paid Apps | Featured |
|---|---|---|---|---|---|
| Direct Install | User pastes any manifest URL | None | None | No | No |
| Community | PR to registry/packages.json | Automated | "Community" | Yes | No |
| AI Verified | Community + paid AI scan | LLM security audit | "AI Verified" | Yes | No |
| Verified | Community + manual team review | Human review | "Verified" | Yes | Yes |
Direct Install
The simplest distribution method. Host your manifest and files anywhere, then share the manifest URL. Users paste it into the Sideload section to install.
- No registry listing needed
- No review process
- No trust badge
- Free apps only
- Works immediately
This is the web's native distribution model. See Sideloading Apps for details.
Community
The standard registry listing. Submit a pull request to add your app to registry/packages.json. If the automated validation passes, the PR can be merged and your app appears in the App Store with a "Community" badge.
- Automated validation via
validate.py - Discoverable in the App Store
- Supports free and paid apps
- No manual review required
AI Verified
An optional trust upgrade for Community apps. Pay for an LLM-powered security scan that checks your code for malware, data exfiltration, permission misuse, obfuscated code, and sandbox escape attempts.
- Costs $19-$99 per version depending on scan depth
- Badge is pinned to a SHA-256 content hash
- Code changes invalidate the badge
- Badge expires after 12 months
The AI Verified system (the /v1/verify/* endpoints) is planned for a future release. The workflow described here will be available when those endpoints ship.
Verified
The highest trust tier. A platform maintainer manually reviews your manifest, permissions, entry HTML, and (for plugins) the WASM binary.
- Requires human approval
- Gets the "Verified" badge
- Featured placement in the App Store
- Recommended for apps handling sensitive data
Publishing a Free App (Community Tier)
1. Host Your App Files
Upload your manifest.json and index.html (plus any assets) to a publicly accessible CDN. Popular free options:
| Host | URL Pattern | Setup |
|---|---|---|
| GitHub Pages | yourname.github.io/app-name/ | Enable in repo Settings > Pages |
| Cloudflare Pages | app-name.pages.dev/ | Connect repo in CF dashboard |
| Vercel | app-name.vercel.app/ | Import repo at vercel.com |
| Netlify | app-name.netlify.app/ | Import repo at netlify.com |
Make sure your manifest.json has the correct base_url pointing to where the files are hosted:
{
"name": "word-counter",
"version": "1.0.0",
"abi": 1,
"type": "mini-program",
"entry": "index.html",
"base_url": "https://yourname.github.io/word-counter/"
}
2. Test Your App
Before submitting, verify the app works by sideloading it:
- Open aiscouncil.com
- Go to Apps > Sideload
- Paste your manifest URL
- Install and test all features
3. Fork the Repository
Go to github.com/nicholasgasior/bcz and click Fork.
4. Add Your Package Entry
Edit registry/packages.json and add an entry to the packages array:
{
"name": "word-counter",
"type": "mini-program",
"version": "1.0.0",
"manifest": "https://yourname.github.io/word-counter/manifest.json",
"tier": "community",
"category": "utilities",
"description": "Count words in your chat history by role",
"icon": "https://yourname.github.io/word-counter/icon.png",
"added": "2026-02-19",
"price": 0,
"currency": "USD",
"seller": null
}
5. Validate
Run the validation script to check your entry:
python3 registry/validate.py packages
Fix any errors before proceeding. Common issues:
| Error | Fix |
|---|---|
| Name mismatch | name in packages.json must match name in manifest.json |
| Invalid version | Use semver format: 1.0.0, not 1.0 or v1.0.0 |
| Missing required field | Ensure name, type, version, and manifest are present |
| Invalid tier | Must be community, ai-verified, or verified |
6. Submit a Pull Request
Push your changes to your fork and create a PR against the main branch. Include:
- A brief description of what your app does
- A link to the hosted app so reviewers can test it
- Screenshots if applicable
If the automated validation passes, the PR can be merged and your app will appear in the App Store.
Package Registry Entry Format
Required Fields
| Field | Type | Description |
|---|---|---|
name | string | Package name (must match manifest name) |
type | string | "plugin", "addon", or "mini-program" |
version | string | Semver (must match manifest version) |
manifest | string | Full URL to the hosted manifest.json |
Optional Fields
| Field | Type | Default | Description |
|---|---|---|---|
tier | string | "community" | "community", "ai-verified", or "verified" |
category | string | -- | One of: productivity, developer, communication, media, utilities, games, education, finance |
description | string | -- | Store listing description |
icon | string | -- | URL to icon (128x128 PNG recommended) |
added | string | -- | ISO 8601 date when first listed (e.g., "2026-02-19") |
price | number | 0 | Price in cents (0 = free, 499 = $4.99) |
currency | string | "USD" | ISO 4217 currency code |
priceType | string | -- | "one-time" for one-time purchase |
geoPrice | object | -- | Geo-tier pricing overrides |
seller | object|null | null | Stripe Connect seller info (required for paid apps) |
verification | object | -- | AI Verified badge data |
Paid Apps
Setting a Price
Set the price field in cents. For example, $4.99 = 499:
{
"name": "pro-editor",
"type": "mini-program",
"version": "2.0.0",
"manifest": "https://cdn.example.com/pro-editor/manifest.json",
"tier": "community",
"price": 499,
"currency": "USD",
"priceType": "one-time",
"seller": {
"name": "DevCo",
"id": "acct_abc123"
}
}
Platform Commission
The platform takes a 15% commission on paid sales. The seller receives 85% via Stripe Connect payouts.
| Price | Commission (15%) | Seller Receives |
|---|---|---|
| $0.99 | $0.15 | $0.84 |
| $4.99 | $0.75 | $4.24 |
| $9.99 | $1.50 | $8.49 |
| $19.99 | $3.00 | $16.99 |
Geo-Pricing
You can set different prices for different geographic tiers using the geoPrice field:
"geoPrice": {
"1": 1500,
"2": 1000,
"3": 700,
"4": 400
}
Tiers correspond to purchasing power regions:
- Tier 1: US, Canada, Western Europe, Australia, Japan ($15.00)
- Tier 2: Eastern Europe, South America, Middle East ($10.00)
- Tier 3: Southeast Asia, Central America ($7.00)
- Tier 4: Sub-Saharan Africa, South Asia ($4.00)
The platform detects the user's region from the API and applies the appropriate tier price.
Seller Onboarding
To receive payments, you need a Stripe Connect account linked to the platform:
- Go to Settings > Account > Developer in the AI Supreme Council app
- Click Connect Stripe Account
- Complete the Stripe Connect onboarding flow
- Your Stripe Connected Account ID (format:
acct_xxx) is assigned - Add the
sellerobject to your registry entry:
"seller": {
"name": "Your Name or Company",
"id": "acct_abc123"
}
Paid apps require a seller object with a valid Stripe Connect account ID. The validation script will reject paid entries without seller information.
AI Verified Badge
The AI Verified system is planned for a future release. This section describes the intended workflow.
The AI Verified badge certifies that your app's code has been scanned by an LLM and found free of common security issues.
Scan Tiers
| Tier | Price | Max Size | Badge Text |
|---|---|---|---|
| Quick | $19 | 100 KB | "AI Scanned" |
| Full | $49 | 500 KB | "AI Verified" |
| Deep | $99 | 2 MB | "AI Verified + Reviewed" |
Workflow (Planned)
- Publish your app as Community tier first
- Submit your manifest URL to
POST /v1/verify/submitwith the scan tier - Pay the scan fee via Stripe checkout
- The LLM analyzes your code for:
- Malware and backdoors
- Data exfiltration attempts
- Permission misuse (requesting more than needed)
- Obfuscated or minified code that hides behavior
- Sandbox escape attempts
- Check status at
GET /v1/verify/status/{jobId} - If passed, retrieve the
verificationobject fromGET /v1/verify/report/{jobId} - Add the verification object to your registry entry:
"verification": {
"hash": "sha256:a1b2c3d4...",
"tier": "full",
"date": "2026-02-19",
"expires": "2027-02-19",
"job_id": "ver_xyz789"
}
- Submit a PR with the updated registry entry
- The validation script confirms the badge is valid via
/v1/verify/badge/{hash}
Badge Rules
- The badge is pinned to the SHA-256 hash of your app's entry HTML
- Any code change invalidates the badge (new hash = badge gone)
- Badges expire after 12 months and must be renewed
- Failed scans provide a report with findings to fix
Verified Badge (Manual Review)
For the highest trust level, request manual verification:
- Set
"tier": "verified"in your registry entry - Submit a PR
- A platform maintainer will review:
- Manifest permissions (are they justified?)
- Entry HTML and JavaScript (no malicious code?)
- Sandbox compliance (no escape attempts?)
- For plugins: WASM binary analysis
- If approved: badge granted, featured placement enabled
- If rejected: feedback is provided on the PR
Verified apps get:
- The "Verified" badge (green checkmark)
- Featured placement at the top of the App Store
- Higher trust from users
Updating Your App
To update a published app:
- Deploy the new version of your app files to your CDN
- Update
versionin yourmanifest.json - Update
versioninregistry/packages.json - Submit a PR with the version bump
Follow semver conventions:
- Patch (1.0.0 -> 1.0.1): Bug fixes, no new features
- Minor (1.0.0 -> 1.1.0): New features, backward compatible
- Major (1.0.0 -> 2.0.0): Breaking changes
Users who have already installed your app will see the update when the registry refreshes (daily cache).
Best Practices
Description and Icon
- Write a clear, concise description (under 256 characters) that explains what the app does
- Use a 128x128 PNG icon with a transparent or dark background
- SVG icons are also accepted and render crisply at any size
Permissions
- Request only the permissions your app actually uses
- Explain in your PR description why each permission is needed
- Apps with fewer permissions get more installs
Testing Checklist
Before submitting your PR:
- App installs and launches without errors
- All features work as described
- App handles permission denials gracefully (try/catch around SDK calls)
- App works in dark mode (the platform default)
- Buttons and interactive elements are at least 48px tall
- Text is at least 14px
-
ais.close()returns to chat cleanly -
python3 registry/validate.py packagespasses -
python3 registry/validate.py manifest path/to/manifest.jsonpasses
Category Selection
Choose the most appropriate category for your app:
| Category | Examples |
|---|---|
productivity | Task managers, note-taking, project tools |
developer | Code editors, API testers, debug tools |
communication | Chat extensions, email integrations |
media | Image editors, audio tools, video players |
utilities | Calculators, converters, system tools |
games | Interactive games, puzzles |
education | Flashcards, quiz tools, learning aids |
finance | Budget trackers, crypto tools, invoicing |