Submitting — Publishing Packages

Phase 3 — PENDING This feature is planned but not yet implemented.

Submit API

POST /api/marketplace/submit
Authorization: Bearer {publisherToken}
Content-Type: multipart/form-data

// Form fields:
package              — (file) The .installhub.zip package
description          — Short description shown in marketplace search results (max 500 chars)
category             — Package category (see Category Values below)
tags                 — Comma-separated list of tags, max 10, max 30 chars each
changelog            — Release notes for this version (max 5000 chars)
requestCertification — "true" to enter the Certified review queue (optional, default false)

// Response — HTTP 202 Accepted:
{
  "submissionId":      "sub-a1b2c3d4",
  "packageId":         "mkt-pkg-a1b2c3",   // Assigned on first submission; reused for new versions
  "version":           "3.0.0",
  "status":            "Queued",
  "trustLevelTarget":  "Community",         // Or "Certified" if requestCertification=true
  "statusUrl":         "/api/marketplace/submissions/sub-a1b2c3d4/status",
  "estimatedMinutes":  10
}

Category Values

Category	Use For
`Workflows`	Process definitions, approval flows, automation chains
`Forms`	AtlasForm packages — data capture and structured input
`Agents`	AI agent packages — Claude-powered decision and orchestration nodes
`Templates`	Starter templates combining workflows + forms for a vertical (HR, Finance, etc.)
`Utilities`	Shared rule sets, entity schemas, configuration helpers

Submission Status Lifecycle

GET /api/marketplace/submissions/{submissionId}/status

// Status values and transitions:
// Queued → SecurityScanning → ManifestValidation → [HumanReview] → Listed / Rejected

// During scan:
{
  "status":   "SecurityScanning",
  "stage":    "ExpressionInjectionCheck",
  "progress": "2 of 5 checks complete"
}

// During manifest validation:
{
  "status":   "ManifestValidation",
  "stage":    "ReadmeCompletenessCheck"
}

// Awaiting human review (Certified path only):
{
  "status":          "AwaitingHumanReview",
  "estimatedDays":   3,
  "reviewQueuePosition": 7
}

// Successfully listed:
{
  "status":         "Listed",
  "packageId":      "mkt-pkg-a1b2c3",
  "trustLevel":     "Community",
  "listedAt":       "2026-05-25T14:22:00Z",
  "marketplaceUrl": "https://marketplace.bizfirstai.com/packages/mkt-pkg-a1b2c3"
}

// Rejected:
{
  "status":  "Rejected",
  "reason":  "SecurityScanFailed",
  "details": "Expression injection detected in ProcessDefinition 'EmployeeOnboarding': expression contains environment variable access",
  "scanReport": "/api/marketplace/submissions/sub-a1b2c3d4/scan-report",
  "resubmitAfterFix": true
}

Submission Constraints

Constraint	Limit
Maximum package size	50 MB
Maximum artifacts per package	100
Maximum submissions per day (per publisher)	20
Maximum versions per packageId	No limit
Version resubmission	Not allowed — each SemVer version is immutable once listed
Same version resubmission after rejection	Allowed after fixing the reported issue

Listing Your Submissions

GET /api/marketplace/publishers/{publisherId}/submissions?status=Rejected

{
  "items": [
    {
      "submissionId": "sub-a1b2c3d4",
      "packageId":    "mkt-pkg-a1b2c3",
      "version":      "3.0.0",
      "status":       "Rejected",
      "reason":       "SecurityScanFailed",
      "submittedAt":  "2026-05-25T14:00:00Z"
    }
  ]
}

Error Responses

HTTP Status	Error Code	Cause
400	`InvalidPackageFormat`	ZIP is malformed or not an InstallHub package
400	`VersionAlreadyPublished`	This version of this packageId is already listed
400	`MissingRequiredField`	A required manifest field or form field is absent
403	`PublisherNotVerified`	Publisher profile domain not yet verified
403	`PackageBelongsToOtherPublisher`	The packageId was first submitted by a different publisher
429	`RateLimitExceeded`	Exceeded 20 submissions/day limit

← Preparing the Package Next: Review Process →

Submitting a Package

Submit API

Category Values

Submission Status Lifecycle

Submission Constraints

Listing Your Submissions

Error Responses