Last Updated: November 21, 2025
Manifest Essentials
| Field | Purpose |
|---|---|
schema_version
|
Plugin manifest format |
auth
|
Define key-based or oauth authentication |
api
|
OpenAPI spec + server endpoints |
Security Checklist
Validate user input, enforce CORS + rate limits, and ensure service credentials rotate regularly.
Developer Flow
npm run dev -- --port 3333
Run plugin server locally
curl https://example.com/.well-known/ai-plugin.json
Verify manifest is reachable
openai plugins deploy
Submit for review if needed
💡 Pro Tip:
Serve plugin metadata over HTTPS and verify schema before publishing.