Marketplace¶
Two Channels¶
| Community | Verified | |
|---|---|---|
| Who publishes | Anyone | Approved vendors |
| Review | Automated only | Automated + manual |
| Cost to publish | Free | Free |
| Cost to install | Free | Vendor sets price |
| Trust level | Use at own risk | Meridian Certified badge |
| Visible to | All deployments | All deployments (including enterprise-restricted) |
Both channels use the same plugin format, the same SDK, and the same conformance tests. The difference is the level of review and the ability to charge for your plugin.
Publishing a Plugin¶
Use the meridian publish CLI command or declare your plugin metadata in a meridian.yaml manifest. Automated checks run immediately on submission.
See The Vendor Journey for the full walkthrough, including CLI examples and manifest format.
What Gets Checked Automatically¶
Every submission -- Community or Verified -- passes through two automated stages:
Stage 1: Structural Verification (instant)¶
| Check | What It Verifies |
|---|---|
| Conformance | Required fields, topic patterns, plugin metadata |
| Topic access | ACL grants match your declared pool type |
| Dependencies | No known vulnerabilities, compatible licenses |
| Static analysis | No direct publish/subscribe calls outside the domain API |
Stage 2: Containerized Verification (minutes)¶
Your plugin is built and tested in an isolated container paired with a real sidecar:
| Step | What Happens |
|---|---|
| Build | Plugin container built from your source using a language-appropriate Dockerfile |
| Sidecar pairing | Plugin paired with a real sidecar in an isolated namespace |
| Conformance | Full conformance test suite run against the real sidecar |
| Integration | Test data injected on expected topics; verify plugin responds correctly |
| Resource check | Memory, CPU, startup time measured |
Both stages are mandatory
Submissions that fail any check are rejected immediately with specific error output. Fix the issues and resubmit -- there is no manual override and no limit on resubmissions.
Verified Certification¶
The manual review goes beyond automated checks. Reviewers evaluate code quality, security posture, domain API usage, and error handling. They confirm that plugins query the kernel for state rather than maintaining shadow copies -- a critical requirement for correctness across restarts and failovers.
Reviews are completed within 48 hours of submission. If changes are needed, you will receive specific feedback and can resubmit as many times as needed at no cost.
Certification Badge¶
The Meridian Verified badge is displayed in marketplace search results, the plugin detail page, the Vendor Portal, and the Deployment Admin installer. Enterprise deployments that restrict plugin sources to Verified-only will see your plugin. Community-only plugins will not appear for those deployments.
Recertification¶
Certification expires when a new major SDK version is released. Resubmit your plugin against the updated conformance suite to recertify. Minor and patch SDK updates do not trigger recertification.
Listing Tips¶
Make your plugin stand out:
- Clear description -- what it does, who it is for, and what problem it solves
- Compatible plugin types -- declare the pool types your plugin works with
- SDK versions -- list the SDK versions you have tested against
- Screenshots -- if your plugin includes a UI component, show it
Next Steps¶
- The Vendor Journey -- step-by-step path from build to deployment
- Why Build on Meridian -- platform benefits and partnership model