agent.json manifest

The manifest that defines a package's identity, version, type, platforms, and permissions.

agent.json manifest

The agent.json manifest is the single source of truth for a package. The registry and CLI parse only this file to understand what your package is, what version it is, which platforms it targets, and what it is allowed to do.

A complete example

json

{
  "name": "security-review",
  "displayName": "Security Review Agent",
  "version": "1.0.0",
  "type": "agent",
  "description": "Reviews code for OWASP, auth, secrets, and AI-agent security risks.",
  "platforms": [
    "claude-code",
    "cursor",
    "openai-agents",
    "mcp"
  ],
  "permissions": {
    "readFiles": true,
    "writeFiles": false,
    "runCommands": false,
    "network": false,
    "env": false
  },
  "entry": "instructions.md",
  "license": "MIT"
}

Field reference

Field	Type	Required	Description
`name`	string	Yes	Unique registry slug. Lowercase, hyphenated (e.g. `security-review`). This is what users install.
`displayName`	string	No	Human-readable title. Falls back to `name`.
`version`	string	Yes	Semver version (`MAJOR.MINOR.PATCH`). Each publish must bump this.
`type`	enum	Yes	One of `agent`, `claude-skill`, `cursor-rule`, `mcp-server`, `workflow`, `prompt-pack`, `custom-mode`, `tool-adapter`, `agent-template`, `automation`. See Installable AI capabilities.
`description`	string	Yes	One-line summary shown in search results. Keep it under ~120 characters.
`platforms`	string[]	Yes	Target platforms: `claude-code`, `claude-desktop`, `cursor`, `windsurf`, `openai-agents`, `gemini-cli`, `github-copilot`, `replit-agent`, `mcp`. Drives compatibility badges and install targets.
`permissions`	object	Yes	Declared permission scope. Each key is a boolean. Used to compute the risk level. See Permissions model.
`entry`	string	No	Path to the entry file loaded by the tool. Defaults to `instructions.md`.
`license`	enum	No	`MIT`, `Apache-2.0`, `GPL-3.0`, `Proprietary`, or `Unknown`. Defaults to `Unknown`.

Notes on individual fields

platforms

List every platform your package genuinely supports — not aspirational ones. The marketplace renders a compatibility table from this field, and the CLI uses it to decide which install and export targets are valid. See Platform compatibility.

permissions

The permissions object is the heart of Nuclexa's trust model. Declare only what you truly need: fewer, lower-risk permissions earn a lower risk badge and more installs. Any key you omit defaults to false.

Next: the Permissions model explains each permission and how risk is computed.