Publishing
Sign, package, and publish your extension to the haex.space marketplace.
Overview
Publishing your extension to the marketplace involves signing it with your private key, packaging it into a .xt file, and submitting it for review.
Test Thoroughly
Test on all target platforms and verify permissions
Prepare Assets
Create screenshots, icon, and description
Submit
Upload your .xt file to the marketplace
Review
Wait for security and quality review (2-3 days)
Cryptographic Signing
Every extension must be signed with an Ed25519 keypair. This ensures users can verify the extension came from you and hasn't been tampered with.
Generate a Keypair
If you haven't already, generate a keypair:
# Generate a new keypair
npx haex keygen -o ./haextension
# This creates:
# - haextension/public.key (share this)
# - haextension/private.key (keep secret!)
Critical: Never commit private.key to version control. If you lose this key, you cannot update your extension and must publish as a new extension with a different identity.
Protect Your Private Key
# Add to .gitignore
haextension/private.key
About Ed25519
- Algorithm: Ed25519 (elliptic curve)
- Public key: 64 hex characters (included in manifest)
- Private key: 256 hex characters (keep secret!)
- Signature: 128 hex characters (added during signing)
Building
Build your extension for production and sign it:
# Build your extension (e.g., with Vite)
npm run build
# Sign the built extension
npx haex sign ./dist -k ./haextension/private.key
# This creates: my-extension-1.0.0.xt
NPM Scripts
Add convenient scripts to your package.json:
{
"scripts": {
"dev": "vite",
"build": "vite build",
"ext:sign": "haex sign dist -k ./haextension/private.key",
"ext:build": "npm run build && npm run ext:sign"
}
}
Package Contents
The signing process creates a .xt file (ZIP archive) containing:
$ npx haex sign ./dist -k ./haextension/private.key
✓ Reading manifest from ./dist/haextension/manifest.json
✓ Loading private key
✓ Deriving public key
✓ Creating content hash
✓ Signing extension
✓ Packaging extension
Success! Created my-extension-1.0.0.xt
Extension Details:
Name: my-extension
Version: 1.0.0
Public Key: a1b2c3d4e5f6...
Signature: 7a8b9c0d1e2f...
Package Contents
- my-extension-1.0.0.xt
- ├── index.html
- ├── assets/
- └── haextension/
- ├── manifest.json (signed)
- └── public.key
The private.key is never included in the package.
Submitting to Marketplace
Follow these steps to submit your extension:
1 Create a Developer Account
Sign up or log in at haex.space/developers
2 Prepare Your Listing
Write a compelling description, create screenshots, and prepare your icon (256x256 PNG recommended)
3 Upload Extension
Upload your .xt file and fill in the listing details
4 Submit for Review
Submit and wait for our security review (typically 2-3 business days)
Pre-submission Checklist
- Extension tested on all target platforms
- All permissions are necessary and documented
- Icon and screenshots are high quality
- Description is clear and accurate
- Private key is backed up securely
Publishing Updates
To update your extension, increment the version in manifest.json and sign again:
{
"name": "my-extension",
"version": "1.1.0", // Increment version for updates
...
}
You must use the same private key that signed the original extension. Users will only receive updates from the same publisher.