Publishing Competencies
What you'll accomplish: Package, sign, and publish a competency to a registry for others to install.
Package workflow
1. Scaffold the package
hoziron package init --type competency --name claims-intake
This creates:
claims-intake/
├── MANIFEST.toml (package metadata)
├── COMPETENCY.toml (competency definition)
└── payload/ (additional files: knowledge docs, etc.)
2. Write the MANIFEST.toml
[package]
type = "competency"
name = "claims-intake"
version = "1.0.0"
description = "First Notice of Loss processing for property and auto claims"
license = "MIT"
min_platform_version = "0.5.0"
[package.author]
name = "Your Company"
email = "platform@company.com"
[package.metadata]
keywords = ["insurance", "claims", "fnol"]
categories = ["insurance/claims"]
regions = ["us", "uk"]
[dependencies]
document-ocr = "^1.0"
postgresql-connector = "^2.0"
email-skill = "^1.2"
3. Build the archive
hoziron package build ./claims-intake/
Produces a deterministic .hpkg archive (reproducible builds — same input always produces byte-identical output).
4. Lint for compliance
hoziron package lint ./claims-intake/
Checks: valid name, version, description, license, dependency constraints, and category taxonomy.
5. Sign with your publisher key
# Generate a key (first time only)
hoziron package keygen
# Sign the package
hoziron package sign ./claims-intake/
Signing uses Ed25519. The signature covers the MANIFEST.toml content and a SHA-256 Merkle root of the payload directory.
6. Publish to registry
hoziron package publish ./claims-intake/
Publish target resolution:
- Explicit
--registry <name>flag - Scope-based routing (if package name has
@scope/prefix) default_publish_registryconfig field
Verification
Others can verify your package:
hoziron package verify ./claims-intake/
This checks:
- Ed25519 signature over MANIFEST.toml
- SHA-256 content hash matches the payload
Next steps
Related: