The cheap lint that runs before the expensive pipeline.
The attribute gate is the first automated filter a submission encounters. It runs in milliseconds and rejects anything that would waste clean-room compute. Eight checks run in sequence:
| CHECK | WHAT IT VALIDATES |
|---|---|
| Provenance | Sigstore bundle present, Rekor UUID resolvable, OIDC issuer on the allowlist |
| Envelope | Tarball parses, manifest is valid JSON, required top-level fields present |
| Manifest | Per-type required attributes: skills need entry points, agents need capability declarations |
| README | Non-empty README.md included in the bundle with minimum length threshold |
| Namespace | Publisher owns the @scope, no collision with existing package names |
| Capabilities | Every declared capability has a justification string (not empty) |
| Bundle integrity | SHA-256 of tarball matches the hash in the submission envelope |
| License | SPDX identifier present and recognized |
Three rate-limit dimensions protect the gate from abuse:
Per-IP — prevents anonymous flooding. A single IP address can submit a limited number of packages per hour before being throttled.
Per-identity — a verified publisher identity has a higher submission quota, but still bounded. New publishers (tier ○) have tighter limits than Proven publishers (tier ●).
Per-sponsor — a sponsor’s review queue is bounded. If a sponsor has too many pending reviews, new submissions requiring their sponsorship are queued rather than rejected.
Hard fail — the submission is rejected outright. The publisher receives an error with the specific check that failed and a remediation hint. No audit-log entry is created beyond the rejection event. Hard fails include: missing provenance, invalid manifest, namespace collision, empty README.
Soft fail — the submission proceeds but with a warning flag attached. The sponsor sees the flag in their review checklist. Soft fails include: capability justifications that are suspiciously short, license identifiers that are valid but uncommon, README below recommended (but above minimum) length.