Drive manifest reference

schema_version

Pinned to the integer 1 for the current Platform Contract. When the contract bumps to a backwards-incompatible v2, this becomes 2; old Drives keep working at v1 until they re-publish. Don't use a string ("1") — must be a JSON number.

drive

Everything the Garage needs to render the listing card + the operator needs to identify your Drive. Required keys:

• id · string · lowercase-hyphen slug · stable forever (pinned to install records, payouts, slug reservations)
• name · string · operator-facing display name
• tagline · string · ≤ 80 chars; what the operator sees on the card
• category · string · one of Productivity, Sales, Content, Operations, Intelligence, Marketing, Compliance, Utilities
• motion · string · one of build, scale, intel · drives in-platform grouping
• homepage · string · public-facing product URL · null for Merkava-only Drives
• support_url · string · where operator support tickets route (your responsibility, not Merkava's)
• support_email · string · same purpose · email contact
• icon_url · string · 512×512 PNG/SVG, served over HTTPS
• pricing_tier · string · one of free, starter, standard, pro, premium, flagship

endpoints

Path strings (not full URLs) for the seven Platform Contract endpoints. Merkava prepends the base of the manifest URL.

"endpoints": {
  "health":    "/api/meridian/health",
  "manifest":  "/api/meridian/drive/manifest",
  "metrics":   "/api/meridian/metrics",
  "events":    "/api/meridian/events",
  "billing":   "/api/meridian/billing",
  "install":   "/api/meridian/install",
  "uninstall": "/api/meridian/install/:id"
}

Paths can vary if you have your own routing scheme, but each must be reachable on the same origin as the manifest URL. :id is the only path-parameter convention; substitute when calling.

capabilities

Declare every capability the Drive supports. Merkava hides UI for capabilities you don't list (e.g., no quota dial if you don't list quota).

Standard values:

• install, uninstall · the install handshake (essentially always present)
• metrics, events · expose data back to Merkava's substrate
• billing · paid Drives only · enables billing-summary surfaces in Merkava
• config · operator-set fields exist · Merkava will surface a config form (see config_schema below)
• quota · usage caps per tenant · pairs with the optional quota top-level block
• provision_widget · returns a scoped artifact at install (see install_returns)
• phi_handling, audit_export · regulated-tier extras · pairs with the compliance block

events_emitted

Event-type strings the Drive emits to Merkava's platform event bus. The Merkava's automation matrix surfaces these for operator opt-in. Naming convention is noun.verb in past tense (install.created, content.published, baa.expiring). Listing an event you don't actually emit is a lie that breaks operator-side automation.

events_consumed

Event-type strings the Drive listens for from Merkava. This is a contract — Merkava only fans out the events you list, and only verifies your endpoint can receive each one at install time. Listing an event you don't actually handle wastes outbound budget on Merkava's side; missing one means your Drive silently misses signal.

contract_version

The Platform Contract version this Drive implements. Currently "1.0.0". Tracks Merkava's contract semver (not your Drive's product version — that goes in drive.version if you choose to publish it).

config_schema

A standard JSON Schema describing operator-set config fields. Merkava auto-renders a form from this schema at install time + on the Drive's settings panel. Only type: 'object' top-level is supported; nested objects fine.

"config_schema": {
  "type": "object",
  "required": ["brand_voice"],
  "properties": {
    "brand_voice":  { "type": "string", "minLength": 10 },
    "monthly_quota": { "type": "integer", "minimum": 1, "maximum": 200 }
  }
}

quota

Tells the Merkava's gauges what unit to render. Reservation, not billing — Merkava bills the flat tier price; the quota is for operator self-regulation.

• unit · string · the unit you meter (articles_per_month, installs_per_month, api_calls_per_day)
• limit · integer · the cap
• overage_policy · string · block (Drive returns 402 over the cap) or meter (Drive bills usage upstream out of band)

compliance

Drives the Merkava's pre-connect gate for tenants on regulated tiers (HIPAA, SOC2, PCI). Lying in this block is fraud, not a bug — every claim must be substantiated.

• frameworks · array of string · e.g. ["HIPAA", "SOC2-Type-II"]
• data_classes · array of string · e.g. ["PHI", "PII"]
• data_residency · array of string · region codes (us-east-1, etc.)
• subprocessors_url · string · public list of subprocessors; emits subprocessor.updated when changed
• baa_required · boolean · if true, Merkava blocks installs without a BAA on file
• encryption_at_rest · string · e.g. AES-256
• encryption_in_transit · string · e.g. TLS 1.3

support

Surfaces SLA + contact info on the listing page for enterprise operators evaluating the Drive. Doesn't change Merkava's behavior — purely informational.

• sla_response_business_hours · string · e.g. 1h
• sla_response_off_hours · string · e.g. 4h
• incident_email · string · paged on Sev-1
• status_page · string · public uptime URL

install_returns

For Drives that ship a deployable artifact (chat widget, embed, tracking pixel). Tells Merkava how to render the install response so the operator can copy the snippet.

• type · string · usually scoped_widget_token
• token_prefix · string · token namespace (rb_pub_)
• embed_snippet · string · template with {{scoped_token}} placeholder
• host_origin · string · the CDN/host the embed loads from