Agent Manifest Specification

The manifest file declares your agent's identity, capabilities, and permission scopes.

Complete Example

{
  "id": "com.metaoslabs.agent.travel",
  "name": "Travel Agent",
  "version": "0.1.0",
  "description": "AI-powered travel planning assistant that helps you book flights, hotels, and activities",
  
  "capabilities": [
    "calendar.read",
    "calendar.write",
    "messages.send",
    "storage.write",
    "contacts.read"
  ],
  
  "scopes": {
    "storage.write": ["metaos://notes/travel/*"],
    "network.fetch": ["https://api.example.com/*"]
  },
  
  "author": "METAOS LABS",
  "homepage": "https://metaoslabs.com/agents/travel",
  "repository": "https://github.com/metaoslabs/travel-agent",
  "license": "MIT",
  
  "icon": "https://metaoslabs.com/icons/travel-agent.png",
  
  "privacy": {
    "dataCollection": [
      "Calendar events",
      "Travel preferences",
      "Contact information"
    ],
    "dataRetention": "30 days",
    "dataSharing": "Never shared with third parties"
  }
}

Field Reference

id

Required

Unique identifier for your agent using reverse domain notation.

"id": "com.yourcompany.agent.name"

name

Required

Human-readable name displayed to users.

"name": "Travel Agent"

version

Required

Semantic version number (major.minor.patch).

"version": "1.2.3"

capabilities

Required

Array of OS capabilities your agent requires. Users must explicitly grant these permissions.

"capabilities": [ "calendar.read", "calendar.write", "messages.send" ]

Available capabilities: calendar.read, calendar.write, messages.read, messages.send, contacts.read, storage.read, storage.write, network.fetch

scopes

Optional

Limit capabilities to specific paths or patterns.

"scopes": { "storage.write": ["metaos://notes/travel/*"], "network.fetch": ["https://api.example.com/*"] }

privacy

Recommended

Privacy policy information shown to users before installation.

"privacy": { "dataCollection": ["Calendar events", "Contacts"], "dataRetention": "30 days", "dataSharing": "Never shared" }

✨ Best Practices

  • Request only the minimum capabilities needed
  • Use scopes to limit access to specific paths
  • Provide clear privacy information
  • Follow semantic versioning for updates
  • Include a descriptive icon (512x512 PNG recommended)