Private registry
Register customer-owned platform components.
The private registry answers what is installed, trusted, approved, and emitting evidence inside a BYOC boundary. It is not a public marketplace.
Sample manifest
The repository ships a sample internal registry manifest for the platform golden path.
text
packages/verifier/examples/enterprise-registry/autodevops.enterprise-registry.jsonbash
npm -w packages/verifier run build
node packages/verifier/dist/cli.js platform registryRegistry objects
Every object should be auditable by identity, version, lifecycle state, and approval metadata.
| Object | Purpose |
|---|---|
| Connector | Adapts agent activity from Claude Code, Cursor, Codex, MCP clients, or internal agents into signed events. |
| Capability | A governed executable action with permission scope, policy tags, and audit evidence. |
| Plugin | A packaged extension that contributes agents, tools, hooks, analyzers, or reports. |
| Policy pack | Customer-owned deterministic rules and sensitivity defaults. |
| Analyzer | Projection logic such as Agent Run Audit that turns raw events into findings. |
| Exporter | Evidence artifact generator such as audit CSV or future evidence package export. |
What it must not become
The near-term registry exists for regulated enterprise deployment, not public ecosystem growth.
- No public package ratings.
- No public publishing workflow.
- No vendor-hosted installation state.
- No multi-tenant sharing of customer capability metadata.
- No claim that registry data leaves the customer boundary.
Positioning rule
Say private enterprise registry or customer-owned registry. Do not call this a public marketplace.