Skip to main content

What you will learn

  • The structure of a SkillManifest v1 document
  • Required fields for permissions, sandbox configuration, and file integrity
  • How manifest signing and verification works

Overview

A SkillManifest is a JSON document that describes a sandboxed skill: its name, publisher, permissions, resource limits, file hashes, and a cryptographic signature. Skills must be registered via POST /v1/skills/register before they can execute in Domain C.

Schema structure

{
  "version": "1",
  "name": "my-rebalancer",
  "publisher": {
    "name": "Operator Name",
    "address": "0xPublisherAddress",
    "contact": "[email protected]"
  },
  "permissions": {
    "actions": ["transfer", "swap_exact_in"],
    "chains": [8453],
    "network": false,
    "filesystem": false
  },
  "sandbox": {
    "memoryMb": 128,
    "timeoutMs": 30000,
    "allowSpawn": false
  },
  "files": [
    {
      "path": "run.mjs",
      "sha256": "a1b2c3d4e5f6..."
    }
  ],
  "signature": "0xecdsa-signature..."
}

Fields

Top-Level

FieldTypeRequiredDescription
version"1"YesSchema version
namestringYesUnique skill identifier
publisherobjectYesPublisher information
permissionsobjectYesWhat the skill is allowed to do
sandboxobjectYesContainer resource limits
filesarrayYesFile listing with integrity hashes
signaturestringYesECDSA signature over the canonical manifest

Publisher

FieldTypeRequiredDescription
namestringYesPublisher display name
addressstringYesEthereum address (0x + 40 hex) for signature verification
contactstringYesContact email

Permissions

FieldTypeRequiredDescription
actionsstring[]YesAllowed TxIntent action types (e.g., ["transfer", "swap_exact_in"])
chainsnumber[]YesAllowed chain IDs
networkbooleanYesWhether the container gets network access (usually false)
filesystembooleanYesWhether the container gets writable filesystem (usually false)

Sandbox

FieldTypeRequiredConstraintsDescription
memoryMbnumberYes1—512Container memory limit in MB
timeoutMsnumberYes1000—60000Execution timeout in milliseconds
allowSpawnbooleanYesWhether to allow child process spawning

Files

Each entry in the files array:
FieldTypeRequiredDescription
pathstringYesFile path relative to skill root
sha256stringYesSHA-256 hash of file contents

Registration pipeline

When a manifest is submitted to POST /v1/skills/register, it goes through 6 validation steps:
1

Schema Validation

The manifest is validated against the JSON Schema with additionalProperties: false.
2

Signature Verification

The ECDSA signature is verified against the publisher.address. The manifest is canonicalized (JCS) before verification.
3

Hash Computation

A keccak256 hash of the canonical manifest is computed for the registry record.
4

File Hash Verification

Each file’s SHA-256 hash is compared against the declared hash in the manifest. Any mismatch rejects the registration.
5

Static Analysis

The skill code is scanned for security violations: prohibited imports (child_process, fs), direct network access (fetch, http), and environment variable access (process.env).
6

Registry Storage

The manifest and hash are stored in the SQLite registry. Duplicate names are rejected (409 Conflict).

Signing a manifest

To sign a manifest, canonicalize the JSON (excluding the signature field) and produce an ECDSA signature: 
import { keccak256, toBytes } from "viem";
import canonicalize from "canonicalize";

const manifestWithoutSig = { ...manifest };
delete manifestWithoutSig.signature;

const canonical = canonicalize(manifestWithoutSig);
const hash = keccak256(toBytes(canonical));
const signature = await wallet.signMessage({ message: hash });

Next steps