ObjectStackObjectStack

Package Artifact

Package Artifact protocol schemas

Package Artifact Format Protocol

Defines the standard structure of a package artifact (.tgz) produced by

os plugin build. The marketplace uses these schemas to validate, store,

and distribute package artifacts.

Artifact Internal Structure


├── manifest.json          ← ManifestSchema serialized

├── metadata/              ← 30+ metadata types (JSON)

│   ├── objects/            ← *.object.json

│   ├── views/              ← *.view.json

│   ├── pages/              ← *.page.json

│   ├── flows/              ← *.flow.json

│   ├── dashboards/         ← *.dashboard.json

│   ├── permissions/        ← *.permission.json

│   ├── agents/             ← *.agent.json

│   └── ...                 ← Other metadata types

├── assets/                ← Static resources

│   ├── icon.svg

│   └── screenshots/

├── data/                  ← Seed data (DatasetSchema serialized)

├── locales/               ← i18n translation files

├── checksums.json         ← SHA256 checksum per file

└── signature.sig          ← RSA-SHA256 package signature

Architecture Alignment

  • Salesforce: Managed Package .zip with metadata components

  • npm: .tgz with package.json + contents

  • Helm: Chart .tgz with Chart.yaml + templates

  • VS Code: .vsix (zip) with extension manifest + assets

Source: packages/spec/src/kernel/package-artifact.zod.ts

TypeScript Usage

import { ArtifactChecksum, ArtifactFileEntry, ArtifactSignature, MetadataCategoryEnum, PackageArtifact } from '@objectstack/spec/kernel';
import type { ArtifactChecksum, ArtifactFileEntry, ArtifactSignature, MetadataCategoryEnum, PackageArtifact } from '@objectstack/spec/kernel';

// Validate data
const result = ArtifactChecksum.parse(data);

ArtifactChecksum

Checksum manifest for artifact integrity verification

Properties

PropertyTypeRequiredDescription
algorithmEnum<'sha256' | 'sha384' | 'sha512'>Hash algorithm used for checksums
filesRecord<string, string>File path to hash value mapping

ArtifactFileEntry

A single file entry within the artifact

Properties

PropertyTypeRequiredDescription
pathstringRelative file path within the artifact
sizeintegerFile size in bytes
categoryEnum<'objects' | 'views' | 'pages' | 'flows' | 'dashboards' | 'permissions' | 'agents' | 'reports' | 'actions' | 'translations' | 'themes' | 'datasets' | 'apis' | 'triggers' | 'workflows'>optionalMetadata category this file belongs to

ArtifactSignature

Digital signature for artifact authenticity verification

Properties

PropertyTypeRequiredDescription
algorithmEnum<'RSA-SHA256' | 'RSA-SHA384' | 'RSA-SHA512' | 'ECDSA-SHA256'>Signing algorithm used
publicKeyRefstringPublic key reference (URL or fingerprint) for signature verification
signaturestringBase64-encoded digital signature
signedAtstringoptionalISO 8601 timestamp of when the artifact was signed
signedBystringoptionalIdentity of the signer (publisher ID or email)

MetadataCategoryEnum

Metadata category within the artifact

Allowed Values

  • objects
  • views
  • pages
  • flows
  • dashboards
  • permissions
  • agents
  • reports
  • actions
  • translations
  • themes
  • datasets
  • apis
  • triggers
  • workflows

PackageArtifact

Package artifact structure and metadata

Properties

PropertyTypeRequiredDescription
formatVersionstringArtifact format version (e.g. "1.0")
packageIdstringPackage identifier from manifest
versionstringPackage version from manifest
formatEnum<'tgz' | 'zip'>Archive format of the artifact
sizeintegeroptionalTotal artifact file size in bytes
builtAtstringISO 8601 timestamp of when the artifact was built
builtWithstringoptionalBuild tool identifier (e.g. "os-cli@3.2.0")
filesObject[]optionalList of files contained in the artifact
metadataCategoriesEnum<'objects' | 'views' | 'pages' | 'flows' | 'dashboards' | 'permissions' | 'agents' | 'reports' | 'actions' | 'translations' | 'themes' | 'datasets' | 'apis' | 'triggers' | 'workflows'>[]optionalMetadata categories included in this artifact
checksumsObjectoptionalSHA256 checksums for artifact integrity verification
signatureObjectoptionalDigital signature for artifact authenticity verification

On this page