Developer Documentation/Extensions/Manifest Reference

Manifest Reference

Complete reference for the extension manifest.json file structure and all available fields.

Overview

The manifest.json file is the heart of your extension. It defines metadata, permissions, and configuration. The minimum required fields are:

{
  "name": "my-extension",
  "version": "1.0.0",
  "publicKey": "a1b2c3d4e5f6..."
}

Required Fields

These fields must be present in every manifest:

name

string

required

Unique identifier for your extension (lowercase, alphanumeric, hyphens)

version

string

required

Semantic version string (e.g., 1.0.0)

publicKey

string

required

Ed25519 public key (64 hex characters, generated by haex init)

Optional Fields

These fields enhance your extension but are not required:

Field	Type	Default	Description
`author`	string \| null	-	Author name displayed in the marketplace
`description`	string \| null	-	Human-readable description of your extension
`homepage`	string \| null	-	URL to your extension's homepage or repository
`entry`	string	"index.html"	HTML entry point relative to the build output
`icon`	string	"icon.png"	Path to the extension icon (relative to haextension folder)
`displayMode`	"auto" \| "window" \| "iframe"	"auto"	How the extension displays in haex-vault
`singleInstance`	boolean	false	If true, only one instance can run at a time
`signature`	string	-	Ed25519 signature (added automatically during signing)

Display Modes

The displayMode field controls how your extension appears in haex-vault:

auto

Automatically choose the best display mode based on context

window

Display as a separate window with native window controls

iframe

Display as an embedded iframe within haex-vault

Permissions

Declare all permissions your extension needs in the manifest. Users will review these during installation.

Database Permissions

Define which tables your extension can read from or write to:

"permissions": {
  "database": [
    { "target": "MCowBQYDK2Vw...__other-extension__users", "operation": "read" },
    { "target": "MCowBQYDK2Vw...__other-extension__settings", "operation": "read_write" }
  ]
}

Filesystem Permissions

Specify file paths and operations using glob patterns:

"permissions": {
  "filesystem": [
    { "target": "**/*.txt", "operation": "read" },
    { "target": "exports/**", "operation": "read_write" }
  ]
}

HTTP Permissions

Declare URLs your extension can fetch from using glob patterns:

"permissions": {
  "http": [
    { "target": "https://api.example.com/**" },
    { "target": "https://*.github.com/api/*" }
  ]
}

For detailed permission information, see the Permissions Guide

Complete Example

Here's a complete manifest with all commonly used fields:

{
  "name": "password-manager",
  "version": "1.0.0",
  "author": "John Doe",
  "description": "Securely store and manage your passwords",
  "homepage": "https://example.com/password-manager",

  "entry": "index.html",
  "icon": "icon.png",
  "displayMode": "window",
  "singleInstance": true,

  "publicKey": "a1b2c3d4e5f6...",
  "signature": "",

  "permissions": {
    "database": [],
    "filesystem": [
      { "target": "**/*.json", "operation": "read_write" }
    ],
    "http": [
      { "target": "https://api.haveibeenpwned.com/**" }
    ],
    "shell": null
  }
}

←Build an Extension Permissions→