Marketplace Discussion

[BenjaminPrice]

I've renamed this discussion to be more general around the Marketplace itself rather than just my original ideas around building out the UI. The bits about the UI may still be useful later so I'm leaving the original body here.

--- Previous Body (4/18/2026) ---

The marketplace backend is solid but there's no public-facing layer yet. I'd like to build it out. Posting here to align on approach before I start opening PRs.

---

Gaps

1. No public website. marketplace.emdashcms.com serves only the API. No web UI for discovering plugins outside the admin panel, nothing to land on from a search engine.

2. No reviews or ratings. Install counts exist but there's no qualitative signal.

3. No categories. keywords JSON column but no structured taxonomy, no browse-by-category.

4. Search is LIKE-based. searchPlugins() won't scale. Should be FTS5.

5. No publisher dashboard. CLI-only for publishing. No web UI for managing listings or viewing stats.

6. First-party plugins aren't seeded. 7+ plugins in the repo but only marketplace-test is packaged for marketplace publishing.

7. No marketplace docs.

---

Plan

Six PRs, ordered by dependency:

PR 1: Categories + FTS5 Search
Only touches packages/marketplace.

• categories + plugin_categories tables
• ~12 seed categories (SEO, Forms, Analytics, Email, Media, Social, Security, Dev Tools, Content, Performance, Migration, E-commerce)
• FTS5 virtual table with sync triggers
• Update searchPlugins() to use FTS5
• GET /categories route, ?category= filter
• Publishers pick up to 3 categories; moderators can override

PR 2: Reviews & Ratings
Touches packages/marketplace + packages/admin.

• reviews table, denormalized rating_avg/rating_count on plugins
• Review CRUD routes (GitHub auth)
• Publisher reply support
• sort=rating
• Review list component in admin MarketplacePluginDetail

PR 3: Marketplace Website
New package. Flexible on approach (separate Astro site vs SSR in the existing Worker).

• Homepage with featured plugins, category cards, search
• Plugin browse with filters + sort
• Plugin detail (README, screenshots, capabilities, audit badge, install instructions, reviews)
• Publisher profiles
• Category pages

PR 4: Publisher Dashboard
Extends the website behind GitHub auth.

• Plugin list with install stats
• Metadata editing (name, description, categories, URLs)
• Profile settings

PR 5: Seed Plugins + Template Config

• Marketplace packaging for existing first-party plugins
• New lightweight plugins (SEO meta, sitemap, reading-time, TOC, related posts, robots.txt, social sharing, redirects)
• GitHub Actions workflow to auto-publish on merge using SEED_TOKEN
• Add marketplace URL to marketing-cloudflare, portfolio-cloudflare, starter-cloudflare (already in blog-cloudflare)

PR 6: Documentation

• Publishing guide, API reference, plugin dev guide, contributing guide

---

Questions

1. Website deployment. What's the preferred pattern for serving the website alongside the API Worker on marketplace.emdashcms.com? Route splitting? SSR in the Hono app? Service bindings?

2. PR ordering. Does this sequence make sense? Could also seed plugins (PR 5) before the website (PR 3) so there's content ready when the UI ships.

3. Design direction. Any preferences for the public website? Match the docs site, or its own thing? Leaning towards using kumo already.

4. Review auth. Proposing GitHub auth (same as publisher flow). Right level of friction?

5. Categories. Fixed set of ~12, moderator-managed. Or something more dynamic?

Can start on PR 1 right away.

---

Detailed PRD with data models, architecture decisions, and scope estimates: https://gist.github.com/BenjaminPrice/270411fd4e2516331184ee4f8784a060

[JULJERYT]

[BenjaminPrice]

Sorry, maybe it wasn't clear. I was calling that out as a current gap - the lack of a website.

That domain is currently only referenced and used in the Blog site template (you can see the marketplace in action). There's no UI etc.

[JULJERYT]

sounds good!

[BenjaminPrice]

#303 is the first PR in the series.

[erlend-sh]

Looking good ❤️

For the ratings though, I suggest looking into how Steam does reviews with a binary ‘recommended/not’ signal to go along with a review, which others can in turn upvote as relevant or not.

This is an easier signal for reviewers to work with as opposed to an arbitrary 5/5 star system that assumes a uniformly internalized framework for quality tiers.

[JULJERYT]

great idea!

[BenjaminPrice]

It's interesting but it increases the scope. I think starting with the 5 star system is a decent baseline and it can later be expanded upon as it's own effort.

[erlend-sh]

It reduces scope if the v1 is just the binary ‘recommended/not’ without the additional ‘useful review’ signal. It’s very hard to radically change a review scoring system down the line.

[ZebTheWizard]

I think the API and UI should always have the same URL. Changing something like the content-type header would yield a different response JSON or HTML

[BenjaminPrice]

The marketplace.emdashcms.com is already a thing in place and used in the codebase. I'm just looking to build upon it.

[BenjaminPrice]

#366 The next PR is ready (Reviews)

[BenjaminPrice]

#368 enables the marketplace in the other templates (not just blog where it was already enabled)

[ascorbic]

I appreciate your work here, but I think we need to nail down a few things before we can start merging PRs.

I'm unsure of how it would interact with the proposal of federated package distribution, which I like a lot. I'd much rather allow multiple marketplaces that interoperate than forcing users to choose which ones to use. Can you think about how this might work with that?

With ratings and install counts we need to think hard about how we'd handle manipulation and abuse.

It's currently unclear what we'd do for trusted plugins that can't be installed via the admin UI.

[BenjaminPrice]

Doing evening family stuff now but I'll give it a ponder tonight. Likely won't be able to touch much of anything until Friday though.

[BenjaminPrice]

Decentralized plugin distribution + reviews

Thanks @ascorbic for flagging the FAIR discussion in #307 and @erlend-sh for the detailed writeup there. I spent some time with the FAIR protocol spec, the ATProto labeler architecture, and Andrew Nesbitt's analysis of where FAIR stands today. There's a lot EmDash could borrow, and I want to keep the conversation here so we have one place for marketplace direction.

I'm pretty excited about this. EmDash has a real shot at getting decentralized plugin distribution right in a way WordPress never could. Here's where my head is at.

---

EmDash's advantage

FAIR was built for a world where plugins have full database and filesystem access. The entire trust model has to be external: signatures, labelers, SBOM verification, community vetting. All of it because you fundamentally cannot trust the code.

EmDash already solves the hardest part at runtime. The sandbox enforces capability boundaries. A plugin declaring read:content physically cannot make network requests. That could shift what decentralization needs to accomplish:

• FAIR asks: "Is this code safe?" -- requires deep inspection and layered trust signals
• EmDash could ask: "Are these declared capabilities acceptable?" -- a much simpler question the site owner can answer by reading the manifest

Signing in EmDash shouldn't be about proving code safety. It should be about proving provenance: this bundle was produced by this publisher and hasn't been modified in transit. The sandbox handles the rest. If that holds, EmDash could ship a lighter decentralized model than FAIR with fewer trust layers needed to reach the same level of confidence.

---

A possible approach

Five phases, each independently useful. The marketplace UI work from the OP could be built as part of this effort, informed by the decisions we make here.

Phase 1: Signed bundles + multi-source

Publishers sign bundles with ED25519 during emdash plugin publish. Sites verify on install. The marketplace config accepts an array of source URLs instead of a single string. Admin UI shows source origin.

No new identity infrastructure. Just tamper detection and the ability to pull plugins from multiple registries.

Phase 2: Decentralized identifiers

Publishers and packages each get a DID. Support both did:web (resolves via the publisher's domain, simple) and did:plc (supports key rotation, PLC registry now under a Swiss public-benefit association).

The install flow would become: resolve DID, get public key, verify signature. The marketplace would no longer be the authority on identity -- just a host. Publisher identity becomes portable across registries. Package DIDs would also enable direct install without a marketplace: resolve the DID, find the repository, download, verify.

Phase 3: Aggregator

The official marketplace becomes an aggregator that crawls external repositories alongside its own. Deduplicates by package DID. Multiple aggregators could coexist -- a hosting company runs one, an enterprise runs an internal one. marketplace.emdashcms.com as the default, not the only option.

For aggregator discovery, I'd suggest starting with a directory model: a well-known list of aggregators maintained in the EmDash repo or at a known URL (e.g. emdashcms.com/.well-known/marketplace-aggregators.json). New aggregators request inclusion, the EmDash project curates the list. This is centralized governance of a decentralized network, but it's how DNS root servers, FAIR's own governance, and most federated systems bootstrap. A gossip-based peer discovery model could come later if the number of aggregators outgrows a static list, but realistically that's a long way off.

Note that a compromised or malicious aggregator can't serve tampered bundles -- signatures prevent that. An aggregator can only influence metadata and curation (search ranking, featured placement, install counts). The directory model gives the community a way to delist bad actors without needing protocol-level enforcement.

Phase 4: Labelers

ATProto-style trust overlays. Independent services that attach signed labels to packages: security-audit:pass, cra-compliant, sbom-verified, enterprise-approved:acme-corp. Site owners subscribe to whichever labelers they trust.

EmDash could build and operate the first labelers (the AI audit pipeline is already most of a security scanner labeler). Third parties build their own for compliance, community trust, etc. More on what a first labeler might look like below.

Phase 5: Protocol spec + FAIR interop

Document the full system as a formal spec. FAIR is already platform-agnostic and exploring non-WordPress implementations (TYPO3 is in progress at CloudFest). EmDash could be the second ecosystem to implement a compatible protocol.

---

What this could look like in config

emdash({
  marketplace: {
    sources: [
      "https://marketplace.emdashcms.com",
      "https://plugins.mycompany.internal",
    ],
    pinned: [
      "did:web:somepublisher.dev:seo-meta",
    ],
    labelers: [
      "did:web:labeler.emdashcms.com",
      "did:web:security.mycompany.internal",
    ],
  },
})

---

Review system

This is where the labeler architecture gets practical. WordPress and FAIR don't really address reviews. Steam does, and there's a lot worth borrowing.

Design principle: if you can install a plugin, you can review it. No extra accounts, no signup, no barriers. EmDash site owners are already authenticated with their own site via passkeys. That's the identity. We're building a WordPress replacement -- many of those users are non-technical and shouldn't need a GitHub account or a DID to leave a rating.

How it could work

The plugin manager in the admin panel shows a "Rate this plugin" option for any installed plugin. Stars, optional text, submit. The review goes to the marketplace the plugin was installed from, tagged with the site's anonymous hash (already generated for install tracking) and install metadata.

Install-gated: no install record for your site hash, no review form. Same idea as Steam -- you can only review what you own. Prevents drive-by reviews from people who never used the plugin.

Each review would carry context that the marketplace can display alongside it:

• How long the plugin has been installed
• Whether it's currently active or disabled
• The plugin version at time of review

"Active for 3 months, version 1.2.0" is a very different trust signal than "installed 10 minutes ago."

Other marketplace users (website or admin panel) could upvote or downvote reviews as helpful or unhelpful. Anonymous, low-friction. Helpful reviews surface over time.

Two rating windows on the plugin detail page: last 30 days and all-time. A plugin that was rough at launch but improved shouldn't be permanently punished by early reviews.

Publishers can reply to any review, clearly labeled as the developer response.

Each review would be a self-contained portable record (site hash, plugin ID, rating, text, install duration, version, active status, timestamp) so aggregators could carry reviews across sources in the future. When DIDs land, a signature field gets added without changing the record structure.

---

First labeler: review quality

Built and operated by EmDash. Watches reviews across the marketplace and publishes labels that aggregators use to downrank (never delete) low-quality reviews.

Spam and low-effort detection

Flags reviews matching common abuse patterns:

• Very short text on low ratings
• Review submitted within minutes of install
• Identical or near-identical text across multiple plugins
• Site hashes reviewing an unusually high number of plugins in a short window

Flagged reviews would be downranked in display order, not removed. Still visible if you want them.

Review bombing detection

Borrowing from Steam's playbook: the labeler monitors the rate and sentiment of incoming reviews per plugin. Anomalous spike in volume with skewed sentiment? The time window gets flagged. Reviews within a flagged window would be excluded from the aggregate score by default but remain visible with an annotation. Both positive and negative reviews in the window get excluded to prevent counter-bombing from inflating the score.

Vote manipulation detection

If a cluster of helpful/unhelpful votes comes from site hashes that only ever vote on one plugin's reviews, those votes could be downweighted.

Labels the review labeler could publish:

• review:low-effort
• review:suspected-spam
• review:bombing-window
• review:vote-manipulation

The marketplace (or any aggregator) subscribes to these labels and applies them to display logic. Default behavior would be to downrank labeled reviews and exclude bombing-window reviews from aggregates. Aggregators could adjust their response per label type.

This would be the first labeler. The architecture would support anyone building more: a community trust labeler weighing reviewer history, an enterprise labeler surfacing only reviews from verified internal deployments, a language-specific labeler filtering by locale. Same protocol -- subscribe to the feed, publish labels, let aggregators decide what to do with them.

---

The argument for starting early: the API surface is still v0.1 and malleable. Designing for multi-source and signatures while everything is still taking shape is cheap. Retrofitting after the ecosystem ossifies around a centralized model is exactly what made FAIR's job impossible with WordPress.

If we're directionally aligned, I'd like to put together a more detailed spec and implementation plan as a next step. Would love to hear thoughts -- especially on DID method preferences and how deep into FAIR compatibility the team wants to go.

[ascorbic]

Thanks for looking into this. You've highlighted some of the same things I've been thinking about it. I've been wondering if one of the possible solutions is to lean-in to atproto and use that to handle aggregation (with an AppView) and labeller services for packages and reviews. We'd need custom lexicons for packages, ratings and reviews. It would give us real-time updates and user auth. The existing marketplace package already performs AI-driven code reviews, and we have a separate plugin that does AI reviews of comments. We could use both of these for labellers.

[toderash]

@BenjaminPrice what you've described is basically the FAIR model. And by "basically" I mean almost exactly, so this path could be fully compatible with FAIR: DIDs, aggregators, labellers, and all. (Disclosure: I'm deeply involved in FAIR; not speaking formally on behalf of the project here, but this is all reliably consistent with internal discussion.)

I can offer a few small corrections about FAIR's trust model and its inherent design considerations, along with some additional background.

FAIR doesn't necessarily need to have every package pass a deep scan, as that could differ based on package type, based on ecosystem or based on specific a policy applied by a host or site manager, or baked into a CI/CD pipeline. FAIR supports adding a private repo by design, so a deployment pipeline could include repos that bypass any inspection or labelling systems. What FAIR is building is an ATProto-inspired labelling system which can provide a "Trust Score" based on a variety of factors (more flexible than trusted/not) and will offer insight into how the score was calculated. Some of this is necessary because of security shortfalls in the WordPress plugin supply chain, but it can take the corrective much further. For example, Bluesky specifically added Ed25519 support for FAIR, as package signing is crucial for the federated/distributed system we're building - because yes, provenance! Basically, there's flexibility in what can be distributed, so one aggregator doesn't necessarily need to apply the same rules or strict checks on packages, much like you don't get the same moderation terms from one Mastodon server to the next. To your point above, this keeps the actual FAIR Protocol very light on its own.

While FAIR was born out of a need for technical independence (and governance) in the WordPress supply chain, it's a common and understandable misconception that it was designed for WordPress. At the outset, the FAIR Protocol was designed to be platform-agnostic to the point where you could use it to distribute epub or mp3 files, basically any digital goods, not just software. WordPress was obviously the initial application of the FAIR Protocol, which actually has all of the WordPress-centric parts of the spec as extensions to and not part of the core protocol. It was always designed for more than WordPress.

A couple of weeks ago at CloudFest, FAIR & TYPO3 teams worked together to add TYPO3 support to FAIR, and vice-versa, so that TYPO3's upcoming release can have FAIR support in its core. This was a 3-day hackathon project that didn't take all 3 days - the upshot is that FAIR has definitely moved beyond WordPress, and has several other platforms interested.

One of the key points is that FAIR moved quickly past thinking about WordPress to thinking about supply chain security more generally, and working on a distributed model that could also improve upon the security we've known. The design gives us the ability to add more (or less) stringent requirements where appropriate, along with labeller support including third-party labels. On that front, we worked with Patchstack to create a proof-of-concept labeller in November that could put CVE information in front of site owners at the time they were making install decisions.

Miscellaneous thoughts - FAIR has been vetted and tested by a few web hosts, who have chosen not to make any public statements about it, but who affirmed the security of the architecture. On labelling, a small heads-up that you won't be able to say whether something is CRA-compliant, only that it isn't. This is something I've been looking at in recent weeks for our own purposes, but boils down to not being able to apply the right tests without knowing the use case for the software. There is however a baseline list of requirements (SBOM, Security info, etc) without which it would not be CRA-compliant, so the wording of the label will matter significantly.

Sorry for the lengthy post, but you won't see a lot of that on the FAIR website or on GitHub without a lot of digging. :) We'd be happy to collaborate, and would be very open to discuss what that could look like and where the collaboration could help propel the marketplace forward as well, as that's an aspect we're discussing as well, with the FAIR Protocol having roughed-in support for commercial participation in monetizing an ecosystem.

[BenjaminPrice]

@toderash thank you for the detailed reply.

As you've laid out, what I proposed is pretty close to what FAIR has spec'd out. I think the biggest gaps are around formatting of things like manifests (easy to match FAIR) and the API contracts defined in FAIR (this is the bigger bit).

Since we're early stage, making the API contracts compatible is something that could be tackled now. Either by reworking the current ones or adding a facade that maps the endpoints.

As we move forward with more detailed specifications, I'll aim to match FAIR as closely as possible and call out if/why anything differs.

[BenjaminPrice]

Over the coming weekend I'll work on a more detailed specification for review.

[kenny08gt]

Great discussion. I’ve been experimenting with building a frontend on top of the existing headless marketplace pieces in the repo, mainly to understand how discovery and distribution feel in practice. Some of that work landed in #384 (admin-configurable marketplace settings).

One thing that became clear pretty quickly while building:

even in a very simple setup, a single marketplace/registry assumption breaks down fast, multi-source feels necessary almost immediately

As soon as you support different ingestion paths (GitHub releases, npm, ZIPs), you start needing:

• provenance tracking (where did this come from?)
• checksums / artifact identity
• consistent metadata normalization across sources

A few other observations from working against the current model:

• The headless approach works really well, separating registry/API from frontend makes it easy to experiment without touching core
• Treating the published artifact as a structured bundle (instead of just an archive) feels important for validation and compatibility, this is where signed bundles would slot in naturally
• Having stable marketplace-facing IDs (separate from internal DB IDs) makes cross-registry or aggregated setups much easier to reason about
• On the frontend side, even basic discovery flows (search, filtering, installs) start to assume that plugins may come from different sources, not a single canonical registry

So from actually building on top of it, the distributed/federated direction being discussed here feels less like a future extension and more like a natural continuation of how the system already behaves in practice.

Happy to share more concrete examples if helpful. Still early, but building a frontend against it made some of these tradeoffs much clearer.

[BenjaminPrice]

Proposed EmDash Decentralized Marketplace Spec

Status: Draft / Proposal
Last updated: April 12, 2026

---

1. Overview

This document proposes a decentralized plugin distribution system for EmDash. It draws from the FAIR protocol (Federated and Independent Repositories) and the AT Protocol's identity, labeler, and data distribution architecture. Where those systems were designed for platforms without runtime safety guarantees, this spec takes advantage of EmDash's sandbox model to build a lighter trust layer that achieves similar outcomes with less infrastructure.

The goals are:

1. Any EmDash site can install plugins from multiple independent sources
2. Plugin bundles are cryptographically signed so tampering is detectable regardless of which host serves the bundle
3. Publisher and package identity is globally portable via decentralized identifiers (DIDs)
4. Trust signals (security audits, compliance labels, review quality) are provided by independent labelers using the ATProto labeler specification
5. Site owners can leave reviews with zero friction -- no accounts, no signup, no protocol knowledge -- using a transparent DID identity derived from their own domain
6. Publishers can host plugin listings as ATProto records in a PDS, making their catalog portable and subscribable
7. Bundles can be mirrored to any host for offline, air-gapped, or non-Cloudflare distribution
8. An EmDash-operated aggregator provides centralized discovery across decentralized repositories
9. SBOM and security metadata are supported for CRA compliance readiness, without being required for installation
10. Interoperability with FAIR-compatible aggregators and ATProto-compatible labelers is achievable

This spec describes the full system as a single deliverable. Nothing ships until the complete architecture is operational.

---

2. Design Principles

The sandbox is the primary trust layer. EmDash plugins run in isolated V8 workers with declared capability manifests. A plugin requesting read:content physically cannot make network requests. Signing proves provenance, not safety. The sandbox handles safety.

No barriers for end users. Site owners install plugins and leave reviews using the identity they already have: their EmDash site authenticated via passkeys. No GitHub account, no ATProto login, no manual DID setup. Identity is derived transparently from their domain. Publishers (who are developers) interact with DIDs, signing keys, and PDS tooling via the CLI.

Aggregators are convenience, not authority. An aggregator indexes plugins from multiple repositories and provides search. It cannot modify bundles (signatures prevent it). It cannot forge publisher identity (DIDs prevent it). If an aggregator misbehaves, sites remove it.

Labelers are additive, not load-bearing. Labelers provide useful trust signals but the system is safe without them. A site owner can install a plugin with zero labeler subscriptions and still be protected by the sandbox.

Distribution is decoupled from discovery. A plugin can be installed by DID alone, without any marketplace or aggregator. The DID document points to the repository. The repository serves the bundle. The signature verifies integrity. Discovery through aggregators is a convenience layer on top.

---

3. Architecture

3.1 Layers

┌─────────────────────────────────────────────┐
│           Site Owner (EmDash Admin)          │
│  Installs plugins, leaves reviews, sees     │
│  labels. Identity: did:web (auto-generated) │
├─────────────────────────────────────────────┤
│              Labelers                        │
│  Independent services publishing trust       │
│  labels. ATProto-compatible label schema.    │
├─────────────────────────────────────────────┤
│        Aggregator (EmDash-operated)          │
│  Crawls repositories, deduplicates by DID,  │
│  serves unified search. Directory-based     │
│  discovery for additional aggregators.       │
├─────────────────────────────────────────────┤
│              Repositories                    │
│  Host plugin metadata and signed bundles.   │
│  Mirrors replicate bundles for offline /    │
│  non-Cloudflare distribution.               │
├─────────────────────────────────────────────┤
│        Publisher PDS (ATProto)               │
│  Plugin listings as ATProto records.        │
│  Portable, subscribable via firehose.       │
│  Marketplace indexes from PDS, not the      │
│  other way around.                           │
├─────────────────────────────────────────────┤
│              Identity (DIDs)                 │
│  Publishers: did:web or did:plc (CLI setup) │
│  Packages: derived from publisher DID       │
│  Sites: did:web (auto-generated by EmDash)  │
└─────────────────────────────────────────────┘

3.2 Site Configuration

// astro.config.mjs
emdash({
  marketplace: {
    // Repositories and aggregators to search for plugins.
    // Searched in parallel. Results merged in the admin UI.
    sources: [
      "https://marketplace.emdashcms.com",
      "https://plugins.mycompany.internal",
    ],
 
    // Plugins installed directly by DID, bypassing discovery.
    // The DID document points to the repository.
    pinned: [
      "did:web:somepublisher.dev:seo-meta",
    ],
 
    // Labelers whose labels are fetched and displayed.
    // Site owner configures per-label behavior.
    labelers: [
      "did:web:labeler.emdashcms.com",
      "did:web:security.mycompany.internal",
    ],
 
    // Mirrors for offline / air-gapped / non-Cloudflare bundle distribution.
    mirrors: [
      "https://mirror.hostingcompany.com/emdash-plugins",
    ],
  },
})

Backward compatibility: If marketplace is a plain string, it is treated as { sources: [theString] }. Existing configs continue to work.

---

4. Identity

4.1 DID Methods

Two DID methods are supported. DID is required for all participants from day one.

did:web resolves via HTTPS. did:web:benprice.dev resolves by fetching https://benprice.dev/.well-known/did.json. Simple, requires only a domain and a static file. No external infrastructure dependency.

did:plc resolves via the PLC directory (plc.directory), now operated by an independent Swiss public-benefit association. Supports key rotation without changing the DID. Does not depend on DNS.

Both methods are first-class.

4.2 Publisher Identity

Publishers register a DID via the CLI. Their DID document contains:

• ED25519 signing key(s) for bundle signatures
• Service endpoint pointing to their PDS (where plugin listings live as ATProto records)
• Service endpoint pointing to their repository (where bundles are hosted)

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:web:benprice.dev",
  "verificationMethod": [{
    "id": "did:web:benprice.dev#atproto",
    "type": "Multikey",
    "controller": "did:web:benprice.dev",
    "publicKeyMultibase": "zDnaef5rGMoatrSj1f..."
  }],
  "service": [
    {
      "id": "#atproto_pds",
      "type": "AtprotoPersonalDataServer",
      "serviceEndpoint": "https://pds.benprice.dev"
    },
    {
      "id": "#emdash_repo",
      "type": "EmDashRepository",
      "serviceEndpoint": "https://marketplace.emdashcms.com"
    }
  ]
}

4.3 Package Identity

Each plugin gets a DID derived from the publisher's DID:

• did:web:benprice.dev:seo-meta for did:web publishers
• For did:plc publishers, the package DID is a separate PLC entry linked to the publisher

The package DID document contains the publisher DID (ownership link), the repository service endpoint, and the signing key for this package's bundles.

4.4 Site Identity (Transparent)

EmDash sites get a did:web identity automatically. On first boot, EmDash core:

1. Generates an ED25519 keypair
2. Stores the private key in the site's local database (D1 or SQLite)
3. Serves a DID document at /.well-known/did.json via an auto-registered Astro route

The site's DID is did:web:theirsite.com. The site owner never sees it, configures it, or knows it exists. It's used behind the scenes to sign reviews and install reports.

This gives every EmDash site a verifiable, globally unique identity without any user action. Reviews signed by did:web:theirsite.com can be verified by anyone who can fetch that site's DID document.

4.5 DID Resolution and Caching

DID documents change rarely. EmDash core caches resolved DID documents with a 6-hour TTL (matching ATProto client conventions). Cache is stored in the site's local database. A failed signature verification triggers an immediate re-resolve to check for key rotation.

---

5. Bundle Signing

5.1 Signing Flow

1. Publisher runs emdash plugin publish
2. CLI computes SHA-256 hash of the bundle tarball
3. CLI signs the hash with the publisher's ED25519 private key
4. Signature is included in the upload as a detached field (not inside the tarball, so the tarball contents remain deterministic)
5. Repository stores the signature alongside the bundle

5.2 Verification Flow

1. EmDash site downloads the bundle from a repository (or mirror)
2. EmDash reads the publisher DID from the bundle manifest
3. EmDash resolves the publisher DID independently (HTTPS fetch for did:web, PLC directory for did:plc)
4. EmDash extracts the signing public key from the DID document
5. EmDash verifies the bundle signature against that key
6. If the DID can't be resolved or the signature doesn't match, installation is rejected

A compromised repository or mirror cannot serve a tampered bundle. It would need the publisher's private key to produce a valid signature.

5.3 Bundle Manifest Additions

{
  "id": "seo-meta",
  "version": "1.0.0",
  "publisher": "did:web:benprice.dev",
  "capabilities": ["read:content"],
  "sbom": {
    "format": "cyclonedx",
    "url": "sbom.json"
  },
  "security": {
    "contact": "security@benprice.dev",
    "policy": "https://benprice.dev/.well-known/security.txt"
  },
  ...
}

The sbom and security fields are optional. They exist so that labelers can evaluate CRA compliance and vulnerability exposure. They are not required for installation. See Section 10 for CRA considerations.

---

6. Publisher PDS

6.1 Plugin Listings as ATProto Records

Publishers host plugin listings as records in a Personal Data Server. The EmDash marketplace indexes these records rather than being the source of truth.

A custom ATProto lexicon defines the record schema:

com.emdash.plugin.listing

Each listing record contains:

• Plugin ID and name
• Description
• Capabilities
• Repository URL (where the bundle is hosted)
• Current version
• License (SPDX)
• Keywords and categories
• SBOM reference (optional)
• Security contact (optional)

When a publisher runs emdash plugin publish, the CLI:

1. Bundles and signs the plugin
2. Uploads the bundle to the repository
3. Creates or updates the com.emdash.plugin.listing record in the publisher's PDS

The marketplace aggregator subscribes to publisher PDS repositories (via the ATProto firehose or polling) and indexes new listings automatically.

6.2 Why PDS

The publisher's catalog is portable. If they switch repositories, the listing data travels with the PDS. The marketplace can re-index from the PDS without the publisher re-uploading anything.

Plugin metadata is owned by the publisher, not by the marketplace. A marketplace operator cannot unilaterally alter a listing's description, capabilities, or metadata. They can choose not to index it, but they can't modify it.

Aggregators can discover new plugins by subscribing to the ATProto network rather than relying on publishers to manually register with each aggregator.

6.3 PDS Hosting

Publishers can:

• Self-host a PDS (full control, requires infrastructure)
• Use a hosted PDS provider (several exist in the ATProto ecosystem)
• Use an EmDash-operated PDS instance for plugin publishers (if the project provides one)

The CLI handles PDS setup and record management. emdash plugin publish abstracts the ATProto details.

---

7. Repositories and Mirrors

7.1 Repositories

A repository hosts plugin metadata and signed bundles. It implements the EmDash Marketplace API. All JSON responses include JSON-LD @context for semantic interoperability and HAL _links for resource navigation, enabling FAIR aggregators to index EmDash repositories without a translation layer.

• GET /api/v1/plugins -- list/search plugins
• GET /api/v1/plugins/:id -- plugin detail
• GET /api/v1/plugins/:id/versions -- version history
• GET /api/v1/plugins/:id/versions/:ver/bundle -- download signed bundle
• POST /api/v1/plugins/:id/installs -- report install (fire-and-forget)

Example response envelope:

{
  "@context": "https://emdashcms.com/ns/marketplace/v1",
  "id": "seo-meta",
  "name": "SEO Meta Tags",
  "publisher": "did:web:benprice.dev",
  "_links": {
    "self": { "href": "/api/v1/plugins/seo-meta" },
    "versions": { "href": "/api/v1/plugins/seo-meta/versions" },
    "latest-bundle": { "href": "/api/v1/plugins/seo-meta/versions/1.0.0/bundle" },
    "publisher": { "href": "/api/v1/publishers/did:web:benprice.dev" }
  },
  ...
}

Anyone can run a repository. The existing marketplace Worker at marketplace.emdashcms.com is the first repository.

7.2 Mirrors

A mirror replicates bundles from upstream repositories for local, offline, or non-Cloudflare distribution. Mirrors serve bundles but don't need to implement the full marketplace API.

Mirror sync protocol:

A mirror fetches a bundle manifest from the upstream repository:

GET /api/v1/mirror/manifest

Returns a list of all plugin bundles with their SHA-256 checksums and signatures:

{
  "bundles": [
    {
      "pluginId": "seo-meta",
      "version": "1.0.0",
      "bundleUrl": "/api/v1/plugins/seo-meta/versions/1.0.0/bundle",
      "sha256": "abc123...",
      "signature": "ed25519sig...",
      "publisherDid": "did:web:benprice.dev",
      "updatedAt": "2026-04-12T10:00:00Z"
    }
  ],
  "cursor": "..."
}

The mirror downloads bundles it doesn't have (or where the checksum has changed), stores them locally, and serves them directly. Since bundles are signed by the publisher, a mirror cannot tamper with them. Verification works identically whether the bundle comes from the origin repository, a CDN, or an air-gapped mirror behind a corporate firewall.

Mirror configuration:

Sites add mirrors to their config. During install, EmDash checks mirrors before the origin repository:

mirrors: [
  "https://mirror.hostingcompany.com/emdash-plugins",
  "file:///mnt/plugin-mirror",  // local filesystem for air-gapped
],

7.3 Why Mirrors

EmDash runs on Node.js as well as Cloudflare Workers. A Node.js deployment behind a corporate firewall with no internet access can't reach marketplace.emdashcms.com. Mirrors solve this. A hosting company can pre-populate a mirror with vetted plugins and serve them to customer sites without external dependencies.

---

8. Aggregator

8.1 EmDash Aggregator

EmDash operates a first-party aggregator at marketplace.emdashcms.com. This is the EmDash equivalent of FAIR's AspireCloud. It:

• Crawls registered repositories on a schedule
• Subscribes to publisher PDS firehoses for real-time listing updates
• Indexes plugin metadata from all sources
• Deduplicates by package DID (same plugin on multiple repos = one result, multiple sources listed)
• Serves a unified search API with categories, FTS5, and sorting
• Hosts reviews and applies review quality labels
• Serves as the default sources entry in EmDash templates

8.2 Third-Party Aggregators

Anyone can run an aggregator. A hosting company indexes plugins relevant to its customer base. An enterprise indexes only internally approved plugins. A regional aggregator surfaces plugins with documentation in a specific language.

8.3 Aggregator Discovery

Two models for how aggregators discover each other are under consideration. See Section 17 (Decisions) for the tradeoffs.

Directory model: A well-known JSON file lists known aggregators:

https://emdashcms.com/.well-known/marketplace-aggregators.json

{
  "aggregators": [
    {
      "url": "https://marketplace.emdashcms.com",
      "name": "EmDash Official",
      "did": "did:web:marketplace.emdashcms.com",
      "tier": "official"
    },
    {
      "url": "https://plugins.hostingcompany.com",
      "name": "HostCo Plugin Index",
      "did": "did:web:plugins.hostingcompany.com",
      "tier": "verified"
    }
  ]
}

The EmDash project maintains this file. Aggregator operators request inclusion. The project curates the list.

Gossip model: Each aggregator maintains its own peer list. When a new aggregator comes online, it introduces itself to one or more known peers. Those peers share their own peer lists. Over time, every aggregator knows about every other aggregator. No central directory required.

Trust tiers (applicable to either model):

• Official -- operated by the EmDash project
• Verified -- vetted by the project or community (listed in the directory, or vouched for by trusted peers)
• Custom -- manually added by the site owner, displayed with "not verified" indicator

In either model, a compromised aggregator can't serve tampered bundles (signatures prevent it). It can only influence metadata and curation.

8.4 Aggregator API

An aggregator exposes the same EmDash Marketplace API as a repository, plus:

• GET /api/v1/repositories -- repositories this aggregator indexes
• GET /api/v1/plugins/:id/sources -- which repositories carry this plugin
• GET /api/v1/mirror/manifest -- mirror manifest for downstream mirrors
• GET /api/v1/categories -- browseable category taxonomy
• GET /api/v1/plugins?category=seo -- filter by category

A site can add an aggregator URL to its sources config and it works identically to adding a repository URL. The site doesn't need to know whether a source is a single repository or an aggregator of many.

---

9. Labelers

9.1 Architecture

Labelers are independent services that subscribe to events (new plugin versions, new reviews, new votes) and publish signed labels. The labeler protocol aligns with ATProto's labeler specification.

A labeler has a DID, a signing key, and a set of label definitions.

9.2 ATProto Alignment

Labelers implement ATProto-compatible endpoints:

com.atproto.label.subscribeLabels -- a stream of labels as they're published. Aggregators and sites subscribe.

Label format:

{
  "src": "did:web:labeler.emdashcms.com",
  "uri": "did:web:benprice.dev:seo-meta",
  "val": "security-audit:pass",
  "cts": "2026-04-12T10:00:00Z",
  "sig": "ed25519signaturebase64..."
}

• src -- the labeler's DID
• uri -- the target (package DID, review ID, or publisher DID)
• val -- the label value
• cts -- creation timestamp
• sig -- ED25519 signature

This format is directly compatible with ATProto labelers. Bluesky's Ozone moderation tool could consume EmDash labels and vice versa.

9.3 Label Definitions

Each labeler publishes a definition document declaring its label vocabulary:

{
  "did": "did:web:labeler.emdashcms.com",
  "labels": [
    {
      "id": "security-audit:pass",
      "description": "Plugin passed automated security analysis",
      "severity": "info"
    },
    {
      "id": "sbom:verified",
      "description": "SBOM present and dependencies checked against advisory databases",
      "severity": "info"
    },
    {
      "id": "cra:compliant",
      "description": "Meets EU Cyber Resilience Act requirements",
      "severity": "info"
    }
  ]
}

Site owners configure per-label behavior:

• require -- plugin cannot be installed without this label
• warn -- show a warning but allow installation
• info -- display the label, no action
• ignore -- don't display

9.4 Potential EmDash-Operated Labelers

EmDash could build and operate some or all of the following first-party labelers. See Section 17 (Decisions) for which to prioritize.

Security scanner labeler -- extracted from the existing AI audit pipeline in the marketplace Worker. Subscribes to new plugin version events. Runs Workers AI code analysis and image analysis. Publishes security-audit:pass, security-audit:warn, or security-audit:fail.

SBOM/vulnerability labeler -- checks for SBOM presence, validates format, cross-references dependencies against vulnerability databases (e.g. GitHub Advisory DB, OSV). Publishes sbom:verified, sbom:missing, vulnerability:found.

Publisher identity labeler -- verifies that a publisher's DID resolves correctly, the signing key matches, and the PDS is accessible. Publishes publisher:verified.

Review quality labeler -- detailed in Section 12.

9.5 Third-Party Labelers

Anyone can build a labeler. Examples:

• CRA compliance labeler -- verifies SBOM, vulnerability disclosure, and security contact for EU Cyber Resilience Act
• Enterprise approval labeler -- an organization's security team vets plugins and labels approved ones
• Community trust labeler -- weighs install counts, review scores, and publisher history
• Performance labeler -- benchmarks plugin resource usage

---

10. CRA Compliance Readiness

The EU Cyber Resilience Act (arriving December 2027) requires software supply chain integrity, vulnerability disclosure, and dependency transparency. EmDash doesn't mandate these today, but the architecture supports them.

SBOM: The manifest sbom field allows publishers to include a CycloneDX or SPDX bill of materials. The SBOM/vulnerability labeler validates it and cross-references against advisory databases. Publishers who include an SBOM get the sbom:verified label. Those who don't get sbom:missing. Neither blocks installation by default, but enterprises can configure sbom:verified as a require label.

Security contact: The manifest security field provides a contact email and policy URL. Labelers can verify the policy URL is accessible.

Vulnerability disclosure: When a labeler detects a known vulnerability in a plugin's dependencies (via SBOM cross-referencing), it publishes a vulnerability:found label with details. The aggregator surfaces this on the plugin detail page and in the admin UI. The publisher is notified via their PDS.

Provenance chain: Every bundle is signed by the publisher's DID-anchored key. The DID document is independently resolvable. The complete chain from "this person published this code at this time" is cryptographically verifiable.

This positions EmDash ahead of most CMS ecosystems for CRA readiness. Compliance is enabled by the architecture and incentivized by labeler visibility, without being enforced as a gate.

---

11. Review System

11.1 Principles

If you can install a plugin, you can review it. No extra accounts. No signup. No barriers.

The site owner's identity is did:web:theirsite.com, auto-generated by EmDash on first boot (Section 4.4). Reviews are signed with the site's private key. The site owner never interacts with DIDs or keys. They tap stars and optionally write text.

11.2 Submitting a Review

The plugin manager in the admin panel shows "Rate this plugin" for any installed plugin. The review form: star rating (1-5, required) and text (optional).

On submit, EmDash core:

1. Constructs a review record with install metadata
2. Signs the record with the site's ED25519 private key
3. Submits to the marketplace the plugin was installed from

Review record:

{
  "reviewer": "did:web:theirsite.com",
  "plugin": "did:web:benprice.dev:seo-meta",
  "rating": 4,
  "text": "Works well, easy to configure.",
  "installDuration": "P92D",
  "pluginVersion": "1.2.0",
  "isActive": true,
  "timestamp": "2026-04-12T10:00:00Z",
  "sig": "ed25519signaturebase64..."
}

11.3 Install-Gated

A review can only be submitted if the marketplace has an install record for this site's DID on this plugin. No install, no review form. Same principle as Steam: you can only review what you own.

11.4 Install Context

The marketplace displays install context alongside each review:

• How long the plugin has been installed
• Whether it's currently active or disabled
• The plugin version at time of review

"Active for 3 months, version 1.2.0" is a very different trust signal than "installed 10 minutes ago."

11.5 Helpful / Unhelpful Voting

Anyone browsing the marketplace (website or admin panel) can upvote or downvote a review. Helpful reviews surface to the top of the display order.

11.6 Rating Windows

Two rating windows on the plugin detail page:

• Recent -- last 30 days
• All-time -- lifetime

11.7 Publisher Reply

Publishers can respond to any review via their PDS or the CLI. Replies are visually distinct. One reply per review.

11.8 Portable Review Records

Each review is a signed, self-contained record with a DID-based reviewer identity. Aggregators can carry reviews across sources. Deduplication is by (reviewer DID, plugin DID) -- one review per site per plugin, most recent wins. The signature proves the review was actually submitted by that site, preventing aggregators from fabricating reviews.

---

12. Review Quality Labeler

Built and operated by EmDash. Inspired by the ai-moderation plugin architecture (categories with configurable actions, Llama Guard integration, enrichment + decision separation).

12.1 Architecture

The review quality labeler follows the same pattern as ai-moderation:

• Enrichment phase: analyze the review (text content, timing, pattern matching)
• Decision phase: compute a label based on the analysis and configurable category actions
• Categories with configurable severity: block (downrank immediately), hold (flag for review), ignore

12.2 Categories

ID	Name	Description	Default Action
R1	Low-effort	Very short text on low ratings, no substantive content	hold
R2	Instant review	Review submitted within minutes of install	hold
R3	Duplicate text	Identical or near-identical text across multiple plugins	block
R4	Bulk reviewer	Site DID reviewing an unusually high number of plugins in a short window	block
R5	Bombing window	Review falls within a detected anomaly window (sudden volume + sentiment spike)	block
R6	Vote manipulation	Cluster of helpful/unhelpful votes from DIDs that only vote on one plugin	hold
R7	Toxic content	Review text classified as toxic, spam, or harassment by Llama Guard	block

12.3 Llama Guard Integration

For R7 (toxic content), the labeler runs the review text through Llama Guard 3 8B (same model as the ai-moderation plugin) using a taxonomy tuned for review content:

C1: Spam -- Unsolicited promotion, links, or repetitive content
C2: Toxic -- Insults, hostility, or language intended to demean
C3: Harassment -- Targeted abuse directed at the plugin author
C4: Misinformation -- Demonstrably false claims about plugin behavior

The Llama Guard result feeds into the decision as an additional signal alongside the pattern-matching categories.

12.4 Bombing Detection

The labeler maintains a rolling baseline of review volume and sentiment per plugin (average reviews per day, average rating over 30 days). When incoming reviews deviate significantly from baseline (configurable threshold, default 3x volume with >1.5 standard deviation sentiment shift), the time window is flagged.

Reviews within a flagged window are labeled review:bombing-window. Both positive and negative reviews in the window are labeled to prevent counter-bombing from inflating the score.

12.5 Labels Published

• review:low-effort
• review:instant
• review:duplicate-text
• review:bulk-reviewer
• review:bombing-window
• review:vote-manipulation
• review:toxic

12.6 Default Aggregator Behavior

Label	Default behavior
review:low-effort	Downranked in display order
review:instant	Downranked in display order
review:duplicate-text	Hidden, visible on toggle
review:bulk-reviewer	Hidden, visible on toggle
review:bombing-window	Excluded from aggregate score, visible with annotation
review:vote-manipulation	Affected votes downweighted
review:toxic	Hidden, visible on toggle

Aggregators can adjust these defaults. Labels are informational -- the aggregator decides how to act on them.

---

13. CLI Tooling

13.1 Existing Commands (Unchanged)

Command	Purpose
emdash plugin init	Scaffold a new plugin
emdash plugin bundle	Build a publishable tarball
emdash plugin validate	Validate a bundle without producing a tarball
emdash plugin login	Authenticate with a marketplace (GitHub OAuth device flow)
emdash plugin logout	Clear stored credentials

13.2 Modified Commands

emdash plugin publish

Currently: uploads tarball to marketplace, marketplace assigns author from GitHub auth.

Changes:

• Signs the tarball with the publisher's ED25519 private key before upload
• Includes the publisher DID in the upload metadata
• Creates or updates the com.emdash.plugin.listing ATProto record in the publisher's PDS
• Includes SBOM file in the tarball if present in the plugin directory
• Includes security metadata if present in package.json or a security.txt file

emdash plugin bundle

Currently: produces a tarball with manifest, backend.js, admin.js, README, icon, screenshots.

Changes:

• Includes sbom.json if present (CycloneDX or SPDX format)
• Validates manifest includes publisher DID field
• Warns if SBOM is missing (not an error, informational)

13.3 New Commands

emdash plugin keygen

Generates an ED25519 keypair and registers a DID for the publisher.

# did:web -- requires owning a domain
emdash plugin keygen --method web --domain benprice.dev
# Generates keypair, creates did.json, prompts to upload to domain
 
# did:plc -- registers via PLC directory
emdash plugin keygen --method plc
# Generates keypair, registers DID, stores credentials locally

Stores private key in ~/.config/emdash/keys/. Public key is embedded in the DID document.

emdash plugin pds setup

Configures PDS connectivity for the publisher.

# Use a hosted PDS
emdash plugin pds setup --host https://pds.provider.com
 
# Self-hosted PDS
emdash plugin pds setup --host https://pds.benprice.dev --self-hosted

Registers the publisher's DID with the PDS and updates the DID document's #atproto_pds service endpoint. Stores PDS credentials in ~/.config/emdash/auth.json.

emdash plugin pds sync

Manually syncs plugin listings from the local bundle history to the PDS. Useful for initial migration or if the PDS was unavailable during publish.

emdash plugin pds sync
# Reads all published bundles from local history, creates/updates PDS records

emdash plugin mirror

Syncs bundles from a repository to a local mirror directory.

# Sync all bundles to a local directory
emdash plugin mirror --from https://marketplace.emdashcms.com --to ./mirror
 
# Sync specific plugins
emdash plugin mirror --from https://marketplace.emdashcms.com --to ./mirror --plugins seo-meta,sitemap
 
# Serve the mirror locally
emdash plugin mirror serve --dir ./mirror --port 8788

emdash plugin inspect

Inspect a published plugin's provenance and verification status.

emdash plugin inspect did:web:benprice.dev:seo-meta
# Resolves DID, fetches metadata from repository, verifies signature,
# checks labeler status, displays trust summary

emdash plugin sbom generate

Generate a CycloneDX SBOM from the plugin's dependencies.

emdash plugin sbom generate
# Reads package.json / pnpm-lock.yaml, produces sbom.json

13.4 Credential Storage

Extends the existing ~/.config/emdash/ credential store:

~/.config/emdash/
  auth.json           # existing: marketplace + site OAuth tokens
  keys/
    ed25519.key        # new: publisher signing private key
    ed25519.pub        # new: publisher signing public key
  pds.json             # new: PDS host, auth token, publisher DID
  marketplace.json     # existing: marketplace credentials

---

14. Changes to EmDash Core

14.1 MarketplaceClient

The existing createMarketplaceClient(baseUrl) is unchanged. A new MultiSourceMarketplaceClient wraps multiple clients:

• Parallel search across all configured sources
• Results merged and deduplicated by package DID
• Source attribution on each result
• Install routing to the specific source

14.2 Site DID Generation

On first boot, EmDash core:

1. Checks if a keypair exists in the local database
2. If not, generates an ED25519 keypair
3. Stores the private key in the database
4. Registers an Astro route at /.well-known/did.json that serves the DID document
5. The DID document includes the public key with a #emdash verification method

This is automatic and invisible to the site owner.

14.3 Install Flow

Updated install flow:

1. User selects a plugin (from search results, or via pinned DID)
2. If pinned DID: resolve DID document, extract repository service endpoint
3. If search result: use the source URL from the search result
4. Check mirrors first; if bundle is cached locally, use it
5. Otherwise, download bundle from repository
6. Resolve publisher DID independently
7. Extract signing key from DID document
8. Verify bundle signature -- reject if invalid
9. Display capability consent dialog
10. On approval: store bundle in site-local storage, register Dynamic Worker, write _plugin_state
11. Fire-and-forget: report install to the marketplace, signed with the site's DID

14.4 Review Submission

New API route in EmDash core: POST /_emdash/api/admin/plugins/:id/review

1. Reads install metadata from _plugin_state (install duration, version, active status)
2. Constructs review record
3. Signs with the site's private key
4. Submits to the marketplace the plugin was installed from
5. Returns confirmation to the admin UI

14.5 Admin UI

• Plugin cards show source origin badge
• Plugin detail shows labeler badges, review summary (recent + all-time), install context
• Browse page supports filtering by source, category, and labeler status
• "Rate this plugin" in the plugin manager for installed plugins
• Helpful/unhelpful voting on reviews
• Mirror status indicator (if configured)

14.6 Database Migrations

• Auto-generated site keypair storage (_site_keys table or similar)
• Review state tracking (which plugins have been reviewed by this site)

---

15. Divergences from FAIR

These are active choices, not oversights.

15.1 Trust model weight

FAIR: Signatures, labelers, SBOMs, and community vetting are all critical trust infrastructure. The trust model is load-bearing because WordPress plugins run with full system access.

EmDash: The Dynamic Workers sandbox enforces capability boundaries at runtime. Signatures prove provenance. Labelers provide supplementary signals. SBOM and security metadata are available for compliance but not required for installation. The system is safe without any external trust infrastructure.

Why: EmDash's sandbox is a genuinely different security model. Replicating FAIR's full trust stack as mandatory gates would add friction without proportional safety benefit.

If adopted: Making labeler checks mandatory before installation would increase supply chain rigor and CRA readiness. It would also require labeler infrastructure to be operational and responsive before any plugin can be installed, creating an availability dependency. Site owners could configure this via the require label behavior -- the architecture supports it without mandating it.

15.2 WordPress API compatibility

FAIR: A large portion of FAIR's complexity is replacing WordPress.org's specific API endpoints as a drop-in replacement.

EmDash: No legacy API to maintain. The marketplace API is designed for federation from the start.

15.3 Aggregator discovery

FAIR: AspireCloud is the initial aggregator, with architecture supporting fully independent aggregators from day one. Aggregator participation is permissionless -- anyone can stand one up without requesting inclusion in a central list.

EmDash: Aggregator discovery model is pending decision (Section 17). If directory-based, this is a divergence from FAIR: aggregator participation is curated rather than permissionless. If gossip-based, EmDash would be closely aligned with FAIR's vision of fully decentralized aggregator participation.

15.4 Data distribution

FAIR: Does not use ATProto's PDS/firehose model. Repositories are standalone servers with their own data stores.

EmDash: Publishers host listings in a PDS. The marketplace indexes from PDS records. This is a deeper ATProto integration than FAIR has pursued.

Why: EmDash is a greenfield CMS with no legacy data distribution to be compatible with. ATProto's PDS model provides data portability and real-time discoverability that standalone repositories don't. Since publishers are developers comfortable with CLI tooling, the PDS setup friction is acceptable.

---

16. Divergences from ATProto

16.1 No ATProto login for site owners

ATProto: Users have a DID and a PDS. All data lives in the PDS.

EmDash: Site owners use a transparent did:web identity derived from their domain. Reviews are signed and submitted to the marketplace, not stored in a PDS. No ATProto account, no login, no PDS for end users.

Why: Requiring an ATProto account to rate a plugin is a non-starter for WordPress-replacement users. Many site owners are non-technical. Their hosting provider set up their site. They authenticate with passkeys. That's enough.

If adopted: If reviews were ATProto records in the reviewer's PDS, they would be fully owned by the reviewer and portable. Reviews couldn't be deleted by the marketplace operator. The reviewer's entire review history would be cryptographically their own. The cost is that every site owner needs a PDS, which is infrastructure non-technical users should not be expected to manage.

16.2 PDS for publishers only

ATProto: All participants in the network use a PDS.

EmDash: Only publishers use a PDS. Site owners have a did:web identity but no PDS. Aggregators and labelers have DIDs but are not PDS-based.

Why: Publishers are developers who benefit from data portability and can handle CLI-driven PDS setup. Site owners need zero friction. Splitting the identity model between these user types is the pragmatic path.

16.3 No relay / firehose dependency

ATProto: Data distribution relies on relays that aggregate the firehose from all PDSes.

EmDash: The aggregator polls publisher PDSes directly or subscribes to their individual event streams. No centralized relay infrastructure.

Why: The ATProto relay model is optimized for high-volume social networking workloads (millions of small records per second). EmDash plugin publishing is low-volume (maybe hundreds of new versions per day across the entire ecosystem). Direct polling or per-PDS subscription is sufficient and avoids depending on relay infrastructure.

If adopted: Using the ATProto relay/firehose would give aggregators real-time, network-wide visibility into all plugin publishing activity from a single subscription point. It would also enable non-EmDash ATProto applications to discover and surface EmDash plugins. The cost is a hard dependency on relay availability and the operational overhead of firehose processing.

16.4 Custom lexicon, limited scope

ATProto: Applications define lexicons for all their record types. A full ATProto social app has lexicons for posts, follows, likes, blocks, lists, etc.

EmDash: Defines a single lexicon (com.emdash.plugin.listing) for plugin metadata in the publisher's PDS. Reviews, labels, and other data use ATProto-compatible formats but are not full ATProto records in a PDS.

Why: The lexicon covers the one record type that benefits most from PDS portability: the plugin listing. Reviews don't need PDS portability (the site owner's did:web signature is sufficient for authenticity). Labels follow ATProto's label spec already. Defining lexicons for every data type in the system would be over-engineering for the current needs.

If adopted: Full lexicon coverage (reviews, labels, aggregator metadata) would make the entire EmDash marketplace a native ATProto application. Any ATProto client could browse plugins, read reviews, and subscribe to labelers. The cost is significantly more protocol work and a tighter coupling to ATProto's evolution.

---

17. Open Decisions

The following decisions need to be resolved before implementation can proceed.

17.1 Aggregator Discovery Model

How do aggregators find each other?

Option A: Directory

A curated list maintained by the EmDash project (e.g. a JSON file in the repo or at a well-known URL). Aggregator operators request inclusion.

Pros	Simple to implement. Clear moderation path -- bad actors are removed from the list. Predictable for site owners. Low protocol complexity.
Cons	Centralized governance. The EmDash project becomes a gatekeeper for aggregator participation. If the project goes dormant, the directory stops being maintained. Not permissionless.

Option B: Gossip

Aggregators discover peers by exchanging peer lists. A new aggregator introduces itself to one or more known peers and learns about others organically.

Pros	Fully permissionless. No gatekeeper. More resilient to any single entity going offline. Closer alignment with FAIR's decentralization goals.
Cons	More complex to implement. Harder to moderate -- delisting a bad actor requires propagating the delisting through the gossip network. At low scale (5-20 aggregators), the complexity may not be justified. Sybil resistance is harder without a curated list.

Option C: Directory now, gossip later

Start with a directory for simplicity. Define a gossip protocol in the spec but don't require it. Migrate when the aggregator count justifies it.

Pros	Ships faster. Keeps the door open. Pragmatic.
Cons	Two discovery mechanisms to maintain during the transition. Risk of never migrating if the directory "works well enough."

17.2 EmDash-Operated Labelers

Which labelers should EmDash build and operate as first-party infrastructure? The architecture supports any number, but each is a service to build, deploy, and maintain.

Security scanner labeler

Extracted from the existing AI audit pipeline. Lowest-effort to build since most of the code exists in packages/marketplace/src/audit/.

Pros	Already mostly built. Directly addresses the primary trust question ("has this code been reviewed?"). High signal value for site owners.
Cons	AI-based scanning is probabilistic. False positives erode trust in the labeler. Ongoing cost for Workers AI inference on every new plugin version.

Review quality labeler

Described in detail in Section 12. Protects the review system from abuse.

Pros	Essential for review credibility. Without it, the review system is vulnerable to spam, bombing, and manipulation from day one. Directly inspired by proven patterns (Steam, ai-moderation plugin).
Cons	Requires ongoing tuning of detection thresholds. Bombing detection needs a baseline of review volume to be meaningful -- at very low scale, everything looks anomalous.

SBOM/vulnerability labeler

Cross-references plugin SBOMs against vulnerability databases.

Pros	Enables CRA compliance readiness. High value for enterprise adopters. Automated -- no human review needed.
Cons	Only useful for plugins that include SBOMs (initially few). Requires integration with external advisory databases (GitHub Advisory DB, OSV). False positives from transitive dependency matches that don't actually affect sandboxed code.

Publisher identity labeler

Verifies DID resolution, signing key validity, PDS accessibility.

Pros	Simple to build. Provides the baseline "this publisher is who they say they are" signal. Low maintenance.
Cons	Low signal value in isolation -- DID resolution either works or it doesn't. Most useful as a foundation for other labelers to build on.

Recommendation to discuss: At minimum, the security scanner labeler (already mostly built) and the review quality labeler (essential for review credibility) seem necessary. The publisher identity labeler is cheap to add. The SBOM labeler is high-value but may be premature until SBOM adoption among publishers reaches critical mass.

17.3 FAIR Extension Spec

API responses include JSON-LD @context and HAL _links by default (Section 7.1), so FAIR aggregators can index EmDash repositories at the response format level. The remaining question is whether and when to publish a formal EmDash FAIR extension spec -- defining how EmDash-specific metadata (capabilities, sandbox requirements, admin UI blocks) maps into FAIR's extension framework.

Option A: Publish alongside launch

Coordinate with the FAIR team during implementation. Ship the extension spec as part of this deliverable.

Pros	EmDash plugins are fully discoverable in the FAIR network from day one. Positions EmDash as the second FAIR ecosystem. Strong signal to the FAIR community.
Cons	FAIR's extension framework is still evolving (the TYPO3 implementation is actively discovering gaps). Building against a moving target may require rework. Coordination overhead with the FAIR team adds to timeline.

Option B: Publish as a fast-follow

Ship the marketplace without a FAIR extension spec. JSON-LD/HAL responses mean FAIR aggregators can partially index EmDash plugins (basic metadata works, EmDash-specific fields are opaque). Publish the extension spec once the marketplace is stable and the FAIR extension framework has matured via the TYPO3 implementation.

Pros	Ships faster. Learns from TYPO3's experience with FAIR extensions before committing. EmDash-specific metadata still travels in responses, just not formally mapped to FAIR's schema.
Cons	Partial FAIR discoverability until the extension spec ships. Missed opportunity to shape FAIR's extension framework for non-WordPress ecosystems.

Option C: No formal extension spec

Rely on JSON-LD/HAL for basic interop. Don't publish a FAIR extension. Let FAIR aggregators handle EmDash-specific fields however they choose.

Pros	Zero coordination overhead. Full independence.
Cons	EmDash-specific metadata (capabilities, sandbox info) is opaque to FAIR aggregators. No formal interop story to point to.

17.4 PDS Hosting for Publishers

Who operates the PDS infrastructure that publishers use?

Option A: Bring your own PDS

Publishers self-host or use an existing ATProto PDS provider. EmDash CLI handles the setup but doesn't provide infrastructure.

Pros	No infrastructure burden on the EmDash project. Publishers have full control. Aligns with ATProto's "your data, your server" philosophy.
Cons	PDS setup is friction for publishers who just want to ship a plugin. Existing ATProto PDS providers are optimized for social networking, not package management.

Option B: EmDash-operated PDS

EmDash runs a shared PDS instance for plugin publishers (similar to how bsky.social hosts PDS accounts for Bluesky users).

Pros	Zero-friction for publishers. emdash plugin keygen creates a DID and PDS account in one step. EmDash controls the infrastructure and can optimize for package management workloads.
Cons	Infrastructure cost and operational burden on the EmDash project. Creates a centralized dependency that partially undermines the decentralization goals. Publishers who want to leave need to migrate their PDS data.

Option C: Both

EmDash operates a default PDS. Publishers can migrate to their own PDS at any time. Same model as Bluesky: start on the hosted PDS, self-host when you're ready.

Pros	Low friction to start, full control when desired. Proven model (Bluesky).
Cons	EmDash still bears the infrastructure cost of the default PDS. Migration path needs to be tested and documented.

---

18. Next Steps

If we're directionally aligned:

1. Resolve the open decisions in Section 17
2. Create a detailed implementation plan with task breakdown
3. Coordinate with the FAIR team on extension spec requirements for non-WordPress ecosystems
4. Engage with the ATProto community on labeler spec alignment and PDS hosting for non-social-networking use cases
5. Build it

Feedback welcome on all of it.

[kenny08gt]

My two cents on aggregator discovery (17.1): Option C makes the most sense at this stage. A curated directory is simpler to implement and gives site owners a trust signal they can actually understand. The gossip model adds complexity that's only justified at scale when there are dozens of active aggregators. Start with the directory, define the gossip protocol in the spec for later, and migrate when the ecosystem justifies it.

[chuckadams]

One thing that gave us pause in FAIR was key management, specifically key storage. Ultimately we decided that the private keys were too sensitive to entrust in a WP database, given the vast number of insecure configurations that are possible with WP. Even with emdash's sandboxing, a plugin with DB access can't be allowed to exfiltrate publishing keys. So that means encrypting the key with a passphrase, and that means addressing the UX of prompting for it, and so on...

It's still something of an open design issue in FAIR Beacon (the WP-based publisher dashboard), but our command line toolchain (aka FAIR Pulse) just generates the keys to stdout and expects you to persist them in environment variables or whatever else you're using to manage secrets. Integration with external vaults like 1Password, aws-vault, or the system keychain is on the roadmap.

Whichever choice of key management schemes you do use, I would encourage the default behavior be something simple, sane, and safe, and not persisting private keys as plaintext in any form.

[erlend-sh]

@toderash @chuckadams there’s now an RFC ready for review here: #694

It’s not based on FAIR but it borrows a lot of ideas from it and still builds on atproto.

[ascorbic]

Despite what I said, I'll reply here to keep it together.

First, thanks for the corrections. I've made the changes to the RFC, which should hopefully reflect them.

I think there is some misunderstanding here. The RFC is very much a draft and I have been actively requesting feedback.This isn't a case of me making decisions without discussion. I created it as a PR rather than a discussion because it's easier to discuss a specific document in that context. You will see there are some substantive comments on there already, which I have integrated into the document. I welcome more.

Regarding the specifics of why I didn't base it on FAIR, there are two main reasons I did that. First, FAIR seems very PHP-focused, which is understandable. All the reference implementations are written in PHP, and the spec for packages assumes they are PHP. EmDash is TypeScript-based, and all of our tooling and hosting infra is based on JavaScript or TypeScript. This is not a blocker and I'm sure we could find a way around it, though means we wouldn't be able to re-use any of the existing FAIR code, which knocks out one of the biggest benefits. Creating new implementations against a spec would be fine I'm sure though/

The second reason is that FAIR seemed have made a specific decision to diverge from atproto, whereas to me atproto looks like the best way to solve a lot of the requirements for this project. Atproto has a very large developer ecosystem, with lots of reference implementations of every part in many languages. It solves the discovery question, with near-instant updates, has a mature labelling system, and simple ways to extend the protocol to add things like ratings and reviews and other social aspects. Using an incompatible system seemed like a missed opportunity.

I would still very much like to work with you though. Ideally I would like to find a way to use FAIR in a way that meets our requirements. I hadn't seen previously that FAIR already uses Ozone for labelling, so I guess that means there is openness to working within atproto?

[toderash]

Thanks @ascorbic - I understand the RFC is just a discussion draft, so that's why I wanted to hop in early. Ultimately if the spec diverges, that fine - but I want to make sure that there aren't any misconceptions that cause a divergence, reserving that decision to legit and well-founded reasons that we can vet from both sides. I'll start a discussion on the RFC after checking your revisions. I've done a deep dive already, but give me a couple of days, as I'd like to create a couple of PRs against the FAIR Protocol and an issue/discussion or two over there to serve as stubs for a couple of the changes needed over there.

I'll respond here to some of the FAIR-orientation & cooperation parts here though :)

First, the FAIR community has EmDash fans - just so you know! I don't think the spec here needs to be based on FAIR, but hoping we can make it compatible with FAIR. It'd be great if we can modify/extend FAIR to serve all the goals here, but I don't know yet if that's feasible, so looking forward to exploring that.

On the PHP-centric nature of FAIR: yes, almost all of the software we've built around it is PHP based on the available contributors. There is a set of node.js tools for working with PLC DIDs & FAIR that one person built, but isn't maintained, and there's currently a PR in one of our repos for an extensive set of shell scripts, so the build tools are negotiable based on contributors and fit for purpose. I would very much love to have some people around who are focused on TypeScript & JavaScript generally. I'm keenly interested in reference implementations for other platforms, but we're pursuing what we have right now and still hard to keep up! You probably noticed some of the work is Laravel or Symfony, not entirely WordPress, so I call that progress ;-)

The Protocol itself is of course separate from the implementations. On that score, my go-to explanation in a number of discussions has been that the FAIR Protocol is designed to be suitable for any type of digital goods, including software. If you had a network of hobby sci-fi writers who wanted to exchange epub files, FAIR could do it. Software of course has more supply chain security implications, and that's been my focus within FAIR.

wrt ATproto - love ARproto, and has always been the model for our moderation/labelling spec. I'd like to be able to use Oxygen for that, but have avoided assuming it'll work - will likely need some modification, but even if it's a rewrite, we're looking at ATproto support. I wouldn't say we've diverged completely, but I will say that "maybe" our documentation is unclear :P I'd also like to stick close to ATproto for the reasons you cite. We took some early criticism for making PLC a single point of failure, or a new form of centralized control. We already knew Bluesky's intent was to hand it over, so part of that is resolved at least. We tackled another part by supporting web DIDs right away and saying we'd run our own PLC server if we needed to (seems unlikely of course, unless for performance reasons connecting the aggregator to the DID resolver). So what we didn't do is make FAIR dependent upon PLC specifically, though that's our recommended DID platform. Of over 100 W3C DID implementations, one of our contributors has looked at the bunch and identified about a dozen that could work for us.

On the difference of how the two specs use DID, I'll write up something in more detail to attach to the RFC, but a preview that follows what I've just said is that we do have an identified concept of a "Publisher", which may also be an "Author" but doesn't have to be. A lot of packages are multi-author, and may or may not choose to list them individually, but we need some entity as the primary/publisher for practical reasons. We have a problem that EmDash doesn't, in dealing with legacy packages for 2 CMSs with histories of 20+ years, but the way we deal with them could be instructive, as EmDash could use it to avoid what it needs to while building a structure that supports that kind of ecosystem. The general approach here is that since we already have a repo hosting many packages with many authors, we simply assign Web DIDs that we can use to establish provenance. That gets paired with a process for migrating to a PLC DID so the actual publisher or maintainer can take it over, transferring trust in the package from a centralized repo to a decentralized one. For TYPO3, that meant dynamically assigning a few thousand DIDs, but it's entirely frictionless, with no effort required from maintainers.

Another notable item is Composer support. TYPO3 uses Composer natively, and we've got a working proof of concept for supporting that in FAIR, which forms a pattern for npm et al. I'll save the rest for discussion attached to the RFC, and restate some of this over there for continuity.

[ascorbic]

@toderash thanks for this. I've just gone through your PRs and issues on the FAIR repo and it's looking really promising. I think there's a real opportunity to align here.

I have some more specific comments on parts of the protocol, and new issues and I'll go into more detail over there, but overall I think things are a lot closer than they were last week.

[ascorbic]

Commented here: fairpm/fair-protocol#75 (comment)

[toderash]

Wow, @ascorbic, you're keeping 2 steps ahead of me! Github's been having issues the last couple of days with not displaying complete lists of issues or PRs, so I'm glad you could see them - hopefully all of them! :-)

I've got a few more things to add into the mix (local drafts etc) but as you can see, the gap can get closed up pretty quickly. I need to get through the #694 thread in more detail to catch up, and will add something to that thread as well. I keep getting distracted with client work and other "urgencies" ;-)