Skip to content

Publishing Extensions

Ready to share your extension with other teams? Publishing packages your manifest, documentation, and pricing into a discoverable listing.

1. Prepare Metadata

  • Ensure the manifest includes an accurate description, version, and host.
  • Write usage documentation and changelog in your repository (README plus any supporting guide you ship to customers).
  • Provide support contact details and SLA expectations.

Documentation Structure

Kiket automatically discovers and displays documentation from your repository. Place files in a docs/ folder:

your-extension/
├── .kiket/
│   └── manifest.yaml
├── docs/
│   ├── README.md              # Overview (displayed on marketplace)
│   ├── CHANGELOG.md           # Version history
│   ├── getting-started.md     # Quick start guide
│   └── examples/              # Usage examples
│       ├── basic-usage.yaml
│       └── advanced-workflow.yaml
└── README.md                  # Fallback if docs/README.md missing

Supported files:

File Description
docs/README.md or README.md Main documentation shown in Overview tab
docs/CHANGELOG.md or CHANGELOG.md Version history shown in Changelog tab
docs/getting-started.md or docs/quickstart.md Shown in Getting Started tab
docs/examples/*.yaml YAML workflow examples with syntax highlighting

Example files format:

# docs/examples/notify-on-issue.yaml
title: Notify on Issue Creation
description: Send a Slack message when issues are created

on_enter:
  - extension: slack.sendMessage
    channel: "#alerts"
    template: issue_created_message

Documentation is synced automatically when you publish or push to GitHub.

2. Submit to Marketplace

  1. Visit Organization → Extensions → Marketplace → Submit Extension.
  2. Select the repository + manifest version to publish.
  3. Provide listing details: summary, screenshots, pricing (free, flat fee, usage-based), and categories.
  4. Upload compliance documents if required (security review, data handling statement).

GitHub validation & private repositories

  • Kiket validates every submission directly against GitHub before activating it. Provide the HTTPS repository URL and optional ref when you publish.
  • For private repositories, paste a repo-scoped personal access token (PAT) when prompted in the CLI/UI. The token is stored encrypted and only used to fetch manifests and commits during validation.
  • Keep PAT scopes minimal (repo:read + metadata:read). Rotate by republishing the extension with a new token—existing installs keep working while validation history is updated.

Configure the GitHub webhook

Kiket automatically revalidates your manifest when GitHub sends a push event.

  1. Copy the callback URL shown in Settings → Extension Webhooks (/api/v1/extensions/registry/webhook).
  2. In GitHub, open the repository → Settings → WebhooksAdd webhook. Paste the callback URL and choose application/json.
  3. Use the repository-specific secret generated by Kiket (also shown in Settings). GitHub signs every payload with this secret; requests without a valid signature are rejected.
  4. Select the Push event only and save. Each push now triggers a manifest re-validation and updates the marketplace listing.

3. Review & Approval

  • Internal reviewers check scopes, webhook endpoints, and quality bars.
  • Automated sanity tests call health endpoints defined in the manifest.
  • You receive feedback in-app; update the manifest or docs as needed.

4. Release & Versioning

  • Once approved the extension appears in the marketplace.
  • Publish updates by incrementing the manifest version and submitting a new release. Organizations can opt-in to automatic upgrades or approve manually.
  • Deprecate versions when you drop support; Kiket notifies installations with upgrade instructions.
  • Kiket enforces monotonically increasing semantic versions. Submissions with a version equal to or lower than the current published version are rejected—bump at least the patch number for hotfixes.
  • Validation caches the manifest per commit for a few minutes to avoid hitting GitHub on every publish, but webhooks always trigger a refresh when new commits land.

5. Hosting Requirements for Managed Extensions

Managed extensions are hosted by Kiket and don't require customers to deploy infrastructure. To publish a managed extension:

Declare Hosting in Manifest

Add a hosting block to your manifest:

hosting:
  tier: standard    # minimal, standard, compute, or memory
  egress:           # Required: list external domains your extension calls
    - api.slack.com
    - hooks.zapier.com
  managed: true

Choose the Right Tier

Tier Resources Monthly Cost Use Case
minimal 0.25 CPU, 256Mi $5 Simple webhooks, notifications
standard 1 CPU, 512Mi $15 Most extensions, API integrations
compute 2 CPU, 1Gi $35 Data processing, heavy computations
memory 1 CPU, 2Gi $30 Large datasets, caching

Egress Requirements

For security, managed extensions must declare all external domains they communicate with:

  • Use exact domains: api.slack.com
  • Use wildcards sparingly: *.googleapis.com
  • Omit protocol—HTTPS is always enforced
  • Traffic to undeclared domains is blocked

Container Requirements

Managed extensions run as containers. Your repository must include:

  1. Dockerfile at the repository root
  2. Health check endpoint at /health returning HTTP 200
  3. Webhook endpoint at the path specified in your manifest

Billing for Managed Extensions

Hosting costs are billed to customers who install your extension:

  • Customers see the tier and monthly cost before installation
  • Costs appear on their Kiket invoice under "Extension Hosting"
  • You can change tiers via manifest updates (customers are notified)

6. Billing & Revenue Share

  • Paid extensions integrate with Kiket Billing for subscription management.
  • Revenue shares default to 80/20 (you/Kiket) but enterprise agreements can override.
  • Payouts occur monthly with downloadable statements.

Deprecating older versions

  • Use the API endpoint POST /api/v1/extensions/registry/:registry/:extension_id/deprecations with version, reason, and optional sunset_at to announce end-of-life.
  • Kiket stores the list under Settings → Extension Webhooks so admins and customers can see upcoming sunsets.
  • Deprecated versions still installable until the sunset date; Kiket will surface upgrade prompts once CLI/UI wiring ships.
  • Consumers can query GET /api/v1/extensions/upgrade_recommendations?organization_id=... to list installations running deprecated versions along with the recommended upgrade target.

Security scans

  • After every publish, Kiket runs automated checks (manifest completeness, sensitive files). Results appear in Settings.
  • For deeper analysis (dependency CVEs, static analysis), connect your own scanning pipeline and attach logs/attestations in your listing.

6. Support After Launch

  • Monitor error rates via the extension analytics dashboard.
  • Respond to customer reviews and support tickets.
  • Keep documentation up to date—link to it from the extension listing.

Publishing ensures your extension reaches the Kiket community while maintaining quality and security.