Use this page when writing a new governed addon manifest.
The current manifest pattern is provider-first: the manifest identifies the package and points to contract files. It does not carry copied permission catalogs, copied route tables, or copied frontend target records.
'placeholder' => false,
'product_uuid' => 'PUT-STABLE-PRODUCT-UUID-HERE',
'package_uuid' => 'PUT-UNIQUE-PACKAGE-UUID-HERE',
'addon_key' => 'your_addon',
'display_name' => 'Your Addon',
'slug' => 'your-addon',
'version' => 'v0.0001 Alpha',
'addon_type' => 'application',
'status' => 'ready_for_review',`product_uuid` stays stable across releases of the same addon. `package_uuid` changes for each release artifact.
Use provider pointers for the real contracts:
'contract_providers' => [
'install_contract' => [
'path' => 'addons/your_addon/bootstrap/install_contract.php',
'trusted_by' => 'installer',
],
'permissions_contract' => [
'path' => 'addons/your_addon/src/permissions_contract.php',
'function' => 'amv_your_addon_permissions_contract',
'trusted_by' => 'installer_aem',
],
'route_contract' => [
'path' => 'addons/your_addon/routes/routes.php',
'function' => 'amv_your_addon_routes_contract',
'trusted_by' => 'admin_aem',
],
],Only include providers that exist. Do not point to a file you have not shipped.
Do not put the full permission list in manifest. Put it in `src/permissions_contract.php`.
Do not put the full route list in manifest. Put it in `routes/routes.php`.
Do not put public target records in manifest. Put them in `src/public_targets.php`.
Do not put schema SQL in manifest. Put it in `src/schema_contract.php`.
Do not put install execution details in manifest. Put them in `bootstrap/install_contract.php`.
A clean manifest answers: who is this package, where are its contracts, and what risk does it carry?
It should not answer every detailed operational question. That is what the governed contract files are for.
Updated: 2026-05-07 20:06:59