Marketplace
Marketplace konektorów
Attesto Marketplace pod https://marketplace.attesto.eu to
publiczny katalog zweryfikowanych producentów evidence. Publiczni
odwiedzający mogą przeglądać connector cards. Tenant acquisition,
install, update, revoke i artifact download wymagają uwierzytelnionej
dashboard tenant session. Publisher signup, publisher profile
management i connector submission używają osobnego marketplace-only
developer account. Attesto review i publication są prywatnymi procesami
wewnętrznymi i nie są wystawiane publicznym odwiedzającym ani
marketplace developers.
Marketplace model
Marketplace item jest zweryfikowanym connector asset. Katalog przechowuje asset metadata, current version, manifest hash, artifact hash, validation result, entitlement state, install state oraz marketplace evidence events. Marketplace nie uruchamia kodu konektora w przeglądarce i nie ujawnia connector secrets.
| Object | Znaczenie |
|---|---|
asset | Connector listing, taki jak GitHub, GitLab lub S3/R2 object commitments. |
version | Zweryfikowany connector manifest z manifest i artifact hashes. |
entitlement | Prawo tenanta do pobrania lub instalacji version. |
install | Tenant-scoped installation record dla wybranej version. |
evidence event | Kanoniczny marketplace receipt dla acquisition, installation, submission lub validation. |
Przeglądaj publiczny katalog
Publiczny katalog ujawnia tylko zweryfikowane publiczne assets. Można go bezpiecznie przeglądać bez tenant session:
GET https://marketplace.attesto.eu/v1/marketplace/categories
GET https://marketplace.attesto.eu/v1/marketplace/items?category=devops
GET https://marketplace.attesto.eu/v1/marketplace/items/attesto-github-repository-referenceKażda card pokazuje evidence score, validation state, supported languages, category, current version i documentation link. Publiczni odwiedzający widzą sign-in action zamiast acquire/install/download commands.
Evidence Score nie jest oceną marketingową. Jest deterministycznym
wynikiem attesto-marketplace-validation-v1: ten sam
manifest, source reference i validator version dają ten sam score.
Score jest sumą jawnych kryteriów dla receipts, offline verification,
secret scanning, dependency scanning, witness compatibility,
documentation, repository reference, Proofstream capability, source
reference i obsługiwanych Attesto languages. Validation report
przechowuje formula, criteria,
components, total i max, aby
operators i publishers mogli odtworzyć, dlaczego connector otrzymał
swój tier.
Tenant acquisition and install lifecycle
Tenant users z rolą owner, admin lub developer mogą acquire i install
darmowy first-party connector. Przeglądarka musi posiadać tenant
session cookie i czytelny CSRF token. Production cookies są scoped do
.attesto.eu, więc session utworzona na
dashboard.attesto.eu działa również na
marketplace.attesto.eu.
POST /v1/marketplace/items/attesto-github-repository-reference/acquire
X-CSRF-Token: <attesto_csrf cookie>
POST /v1/marketplace/items/attesto-github-repository-reference/install
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"configRef": "tenant-managed-github-installation"
}Zainstalowane free assets mogą zostać zaktualizowane do aktualnej zweryfikowanej version albo revoked przez owner/admin. Revoke dezaktywuje entitlement i tenant install; artifact download kończy się błędem, dopóki tenant ponownie nie acquire i install asset.
POST /v1/marketplace/items/attesto-github-repository-reference/install/update
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"configRef": "tenant-managed-github-installation-v2"
}
POST /v1/marketplace/items/attesto-github-repository-reference/revoke
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"reason": "tenant_request"
}Endpoint artifact zwraca connector manifest dopiero, gdy tenant ma aktywne entitlement:
GET /v1/marketplace/items/attesto-github-repository-reference/artifactConnector manifest
Manifest opisuje connector bez secrets. To obiekt, który Python, TypeScript, Go, CLI, backend validation i marketplace walidują wobec tego samego kontraktu.
{
"schemaVersion": "attesto.connector.v2",
"slug": "attesto-github-repository-reference",
"name": "GitHub Repository Reference",
"version": "1.0.0",
"assetType": "connector",
"category": "devops",
"summary": "Creates Proofstream references for repository changes.",
"description": "Records repository change references as verifiable Attesto events.",
"publisher": {
"slug": "attesto",
"name": "Attesto"
},
"repository": {
"url": "https://git.example.com/attesto/connectors/github"
},
"documentation": {
"url": "https://docs.attesto.eu/manuals/connectors.html#github"
},
"capabilities": ["proofstream", "offline-verification"],
"evidence": {
"receipts": true,
"offlineVerification": true,
"witnessCompatible": true
},
"security": {
"secretScan": true,
"dependencyScan": true
},
"supportedLanguages": ["en", "nl", "de", "fr", "es", "pl", "it"],
"provider": {
"id": "github",
"name": "GitHub",
"websiteUrl": "https://github.com"
},
"auth": {
"mode": "signed-webhook",
"scopes": ["repo", "push-events"]
},
"sync": {
"modes": ["webhook"],
"supportsReplay": true,
"rateLimitPolicy": "provider-default"
},
"eventTypes": ["repository.push", "repository.merge_request"],
"sourceTime": {
"required": true,
"timezonePolicy": "source-offset-required"
},
"configSchema": { "type": "object", "properties": {} },
"secretSchema": { "type": "object", "properties": {} },
"diagnostics": {
"providerAuthStatus": true,
"testConnection": true,
"syncLag": true,
"replayConflictCheck": true,
"revocationCheck": true
},
"runtime": {
"officialConnectorKit": true,
"sdkSurfaces": ["python", "typescript", "go", "cli"],
"requiredMethods": [
"metadata",
"validateConfig",
"testConnection",
"sync",
"handleWebhook",
"emitProofstreamEvent",
"diagnostics",
"revoke"
],
"canary": {
"status": "green",
"ref": "release/attesto-2.0-connector-assurance-readiness/result.json"
}
},
"installRequirements": {
"tenantLoginRequired": true,
"entitlementRequired": true
},
"changelog": [
{
"version": "1.0.0",
"date": "2026-06-09",
"changes": ["Validated first-party connector release."]
}
]
}Wymagane pola są sprawdzane, zanim asset zostanie zaakceptowany. Backend validator odrzuca hidden assets poniżej Evidence Score 50; Attesto może nadal stosować ostrzejszą prywatną release policy dla first-party lub partner connectors. Score jest evidence-derived validation output, nie adoption badge ani osądem marketingowym.
Marketplace CLI publishing flow
Publisher automation może używać Attesto CLI dla tego samego manifest contract co backend i connector kits. CLI waliduje manifest lokalnie, zanim cokolwiek wyśle do Attesto. Submission używa marketplace publisher bearer token. Publiczna dokumentacja obejmuje tylko publisher path; Attesto review i publication pozostają prywatnymi procesami wewnętrznymi. Publisher commands nigdy nie drukują stored tokens, Stripe identifiers, connector secrets ani raw customer payloads.
attesto --json marketplace init \
--output attesto.connector.json \
--slug acme-risk-connector \
--name "ACME Risk Connector" \
--version 1.0.0 \
--category ai-governance \
--summary "Produces Attesto evidence for ACME risk decisions." \
--description "Produces verifiable Proofstream events for ACME risk decisions." \
--publisher-slug acme \
--publisher-name ACME \
--repository-url https://git.example.com/acme/risk-connector \
--docs-url https://docs.example.com/acme/risk-connector \
--provider-url https://example.com/acme \
--auth-mode oauth2 \
--auth-scopes risk.read,risk.events \
--sync-modes polling,webhook \
--event-types risk.decision.created,risk.decision.updated \
--canary-ref release/acme-risk-connector/canary-result.json \
--capabilities proofstream,offline-verification
attesto --json marketplace validate \
--manifest-file attesto.connector.json
attesto --json --token-env ATTESTO_MARKETPLACE_TOKEN marketplace submit \
--manifest-file attesto.connector.json \
--source-ref https://git.example.com/acme/risk-connector/releases/v1.0.0 \
--visibility public \
--pricing-model freePo submission asset pozostaje private pending Attesto review. Attesto reviewuje validation evidence, source reference, publisher identity, pricing i release provenance prywatnie. Publiczne docs celowo kończą się na developer submission boundary.
Publisher validation
Marketplace developer accounts są marketplace-only. Mogą się
rejestrować i logować na marketplace.attesto.eu,
zarządzać publisher profile, wybrać developer tier, wysyłać darmowe
connector assets do private Attesto review i rozpocząć realny
developer billing flow dla paid publishing. Nie mogą logować się do
dashboard.attesto.eu; zwykli tenant users nadal potrzebują
normalnego Attesto tenant account dla dashboardu.
POST /v1/marketplace/auth/signup
Content-Type: application/json
{
"displayName": "ACME Evidence Labs",
"name": "Publisher Operator",
"email": "publisher@example.com",
"password": "<operator-chosen password>"
}
POST /v1/marketplace/auth/login
Content-Type: application/json
{
"email": "publisher@example.com",
"password": "<operator-chosen password>"
}
GET /v1/marketplace/auth/meUtworzenie lub aktualizacja publisher profile zapisuje marketplace evidence przed submission assets. Sam profile nigdy nie publikuje asset: free submissions są private pending review, a paid submissions wymagają aktywnego paid developer tier oraz Stripe Connect readiness. To zapobiega temu, by publiczny marketplace stał się otwartą powierzchnią upload.
POST /v1/marketplace/publisher/profile
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"displayName": "Attesto Official Connector Team"
}
GET /v1/marketplace/publisher/profile
PATCH /v1/marketplace/publisher/profile
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"displayName": "Attesto Business Connectors"
}Developer publisher rights są aktualizowane in-place. Publisher zachowuje to samo marketplace-only account i publisher profile. Community developers mogą wysyłać free assets do private review. Verified Developer, Professional Publisher i Marketplace Partner plans używają 14-day Stripe trial i odblokowują paid connector submission dopiero po potwierdzeniu subscription przez Stripe. Paid listing publication dodatkowo wymaga Stripe Connect payout readiness. Checkout i portal URLs są tworzone server-side przez encrypted Stripe integration store.
GET /v1/marketplace/developer-tiers
[
{
"tier": "community",
"label": "Free Developer",
"monthlyCents": 0,
"annualCents": 0,
"currency": "EUR",
"checkoutRequired": false,
"submissionEnabledWhenActive": false,
"description": "Marketplace-only developer identity for profile management, manifest preparation, documentation review, and free connector submission into private Attesto review.",
"requirements": [
"marketplace publisher profile",
"private Attesto review before public listing",
"paid developer publisher tier before paid connector submission"
],
"trialDays": 0
},
{
"tier": "premium",
"label": "Verified Developer",
"monthlyCents": 1900,
"annualCents": 19000,
"currency": "EUR",
"checkoutRequired": true,
"submissionEnabledWhenActive": true,
"description": "Paid developer publishing tier with a 14-day Stripe trial.",
"requirements": [
"active developer subscription",
"connector validation passes",
"private Attesto review before public listing"
],
"trialDays": 14
}
]
GET /v1/marketplace/publisher/billing-state
{
"publisher": {
"tier": "premium",
"developerSubscriptionState": "active",
"payoutState": "ready",
"commercialEnabled": true
},
"checkoutAvailable": true,
"billingPortalAvailable": true,
"canSubmitAssets": true,
"developerSignupRequired": false,
"supportedTiers": [
{"tier": "premium", "label": "Verified Developer", "monthlyCents": 1900, "annualCents": 19000, "currency": "EUR"},
{"tier": "professional", "label": "Professional Publisher", "monthlyCents": 4900, "annualCents": 49000, "currency": "EUR"},
{"tier": "partner", "label": "Marketplace Partner", "monthlyCents": 9900, "annualCents": 99000, "currency": "EUR"}
],
"submissionRequirements": [],
"commercialRequirements": [
"active developer subscription",
"Stripe Connect payout readiness"
],
"gracePeriodDays": 14
}
POST /v1/marketplace/publisher/upgrade
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"tier": "premium",
"interval": "month",
"successUrl": "https://marketplace.attesto.eu/?publisher=upgrade-success",
"cancelUrl": "https://marketplace.attesto.eu/?publisher=upgrade-cancel"
}
POST /v1/marketplace/publisher/billing-portal
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"returnUrl": "https://marketplace.attesto.eu/?publisher=billing-return"
}Publishers, którzy chcą sprzedawać paid assets, muszą ukończyć Stripe Connect payout onboarding po aktywacji developer account. API używa server-side encrypted Stripe configuration Attesto i zwraca wyłącznie Stripe-hosted onboarding URL. Nie zwraca Stripe secret keys, connected-account IDs ani payout credentials do frontendu.
POST /v1/marketplace/publisher/payout/onboarding
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"returnUrl": "https://marketplace.attesto.eu/?publisher=payout-return",
"refreshUrl": "https://marketplace.attesto.eu/?publisher=payout-refresh",
"country": "NL"
}
POST /v1/marketplace/publisher/payout/statusPaid connector acquisition używa Stripe Checkout ze Stripe Connect. Backend tworzy Checkout Session, stosuje Attesto application fee, kieruje developer share do connected account i czeka na verified Stripe webhook przed utworzeniem tenant entitlement i marketplace ledger entry.
POST /v1/marketplace/items/{slug}/acquire
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"successUrl": "https://marketplace.attesto.eu/?marketplace=checkout-success",
"cancelUrl": "https://marketplace.attesto.eu/?marketplace=checkout-cancel"
}
Webhook result:
marketplace_purchase_created
marketplace_entitlement_created
marketplace_revenue_split_recordedStripe refund i payout notifications są również przetwarzane przez verified webhook endpoint. Full refund zamyka entitlement, revokes aktywne installs dla connector, blokuje artifact download i zapisuje refund oraz entitlement-revocation evidence. Payout events rozliczają eligible publisher ledger entries i zapisują payout evidence bez ujawniania Stripe object identifiers lub provider payloads do przeglądarki.
Webhook result for full refund:
marketplace_refund_recorded
marketplace_entitlement_revoked
Webhook result for payout:
developer_payout_completed
Webhook result for failed payout/refund:
developer_payout_failed
marketplace_refund_failed
Active developer publishers mogą następnie wysyłać business connectors
przez marketplace publisher surface. Submit action waliduje manifest,
zapisuje validation run, tworzy private pending-review asset,
przechowuje version hashes i zapisuje marketplace evidence. Nawet gdy
visibility jest żądane jako public, listing
pozostaje ukryty, dopóki private Attesto review i publication policy
nie zostaną ukończone. Nieuprawnieni tenants otrzymują fail-closed
response przed manifest validation.
POST /v1/marketplace/publisher/assets
Content-Type: application/json
X-CSRF-Token: <attesto_csrf cookie>
{
"sourceRef": "https://example.com/repository/connector-release",
"visibility": "private",
"pricingModel": "free",
"manifest": { "...": "attesto.connector.v2 manifest" }
}Attesto review i publication są prywatnymi procesami wewnętrznymi. Zapisują marketplace evidence, ale internal endpoints i procedures nie są częścią publicznej developer documentation. Publiczny katalog zwraca tylko approved, non-revoked versions.
Source reference musi wskazywać realne release source konektora. Secrets, private keys, API tokens i customer payloads nigdy nie mogą znaleźć się w connector manifests.
Marketplace evidence events
Marketplace publisher profile create/update, acquisition, install, install update, entitlement revoke, paid purchase, refund, payout, publisher submission i validation/review actions zapisują kanoniczne marketplace evidence. Receipt hash jest wyprowadzany z kanonicznej evidence envelope i payload hash; receipt record przechowuje tenant, actor, subject, timestamp i sanitized payload dla tenant audit views. Daje to operators deterministyczny audit trail: kto zmienił publisher identity oraz kto acquired, installed, updated, reviewed, published, refunded, paid out lub revoked którą connector version.
GET /v1/marketplace/evidence/<receipt-id-or-receipt-hash>Security boundaries
- Public catalog browsing jest unauthenticated i read-only.
- Tenant acquire, install, artifact download, install update i tenant revoke actions wymagają dashboard tenant auth i CSRF.
- Marketplace asset submission, publisher profile changes, developer-tier checkout, billing portal access i payout onboarding wymagają marketplace-only developer auth i CSRF.
- Free marketplace developer accounts mogą wysyłać free assets do private review; paid assets wymagają aktywnego paid developer tier i Stripe Connect readiness.
- Public listing review, publication i marketplace asset withdrawal są prywatnymi procesami Attesto, nie publicznymi marketplace ani developer APIs.
- Connector manifests to tylko metadata; nie mogą zawierać secrets ani raw customer payloads.
- Frontend otrzymuje tylko public catalog data i non-secret build metadata.
- Production bundles nie mogą zawierać source maps, source files, test fixtures, credentials ani API keys.
- Marketplace evidence wspiera auditability; sama nie certyfikuje third-party legal compliance.