Publish a Package
Developer guide — from sno.toml to the registry in three commands
Overview
The Synoema registry is source-only: every package consists exclusively of .sno source files. No compiled binaries, shared libraries, or native objects are accepted. This policy lets the registry typecheck every upload before it is published, giving consumers confidence that any package they install will compile against their version of the language.
Publishing a package requires three things:
- A valid
sno.tomlmanifest in the package directory - A
lib.snoentry point that passessno check - An authenticated session created with
sno pkg login
sno.toml — Package manifest
Place sno.toml at the root of your package directory. The [package] section is required; the others are strongly recommended for registry discoverability.
[package]
name = "my-package"
version = "1.0.0"
description = "One-sentence description for registry search"
keywords = ["keyword1", "keyword2", "keyword3"]
license = "Apache-2.0"
repository = "https://github.com/you/my-package"
[package.exports]
functions = ["my_func", "helper_func", "MyType"]
[package.use_cases]
tasks = [
"parse JSON from an HTTP response",
"validate structured data",
]
[package.capabilities]
network = false # true if the package makes outbound network calls
filesystem = false # true if the package reads or writes files
spawn = false # true if the package spawns OS threads or processes
Required fields
| Field | Required | Notes |
|---|---|---|
[package] name | yes | Lowercase, hyphens allowed. Immutable after first publish. |
[package] version | yes | Semantic versioning: 1.0.0, 1.0.0-beta.1, etc. |
[package] description | yes | Shown in search results. Keep it under 120 characters. |
Recommended fields
| Field | Purpose |
|---|---|
keywords | Improves FTS5 search ranking in the registry |
[package.exports].functions | Tells the MCP search_packages and suggest_packages tools which symbols the package provides — used for builtin disambiguation |
[package.use_cases].tasks | Natural-language task descriptions for semantic search by LLM agents |
[package.capabilities] | Lets the MCP server warn LLM agents before they import a package that requires network or filesystem access |
Source-only policy
The registry rejects uploads containing files with these extensions:
.so .dll .bin .o .dylib .exe .aIf your package wraps a native library, document the installation steps in your README and use fd_popen or a shell-out builtin to call the external tool at runtime. The .sno wrapper itself will be accepted by the registry.
CLI workflow
Step 1 — Authenticate
Run once per machine. Opens a browser tab for GitHub or Google OAuth:
sno pkg loginYour API key is saved to ~/.sno/config.toml automatically. If you prefer to supply the key directly (for CI environments), use:
sno pkg login --key sno_YOUR_KEY_HEREStep 2 — Prepare your package
Your directory must contain at least:
my-package/
├── sno.toml # package manifest
└── lib.sno # entry point — must pass `sno check`Verify locally before publishing:
sno check lib.sno # typecheck — must exit 0
sno doc lib.sno # preview generated docsStep 3 — Publish
Run from inside the package directory:
sno publishThe CLI will:
- Read
sno.tomlfor name and version - Detect breaking changes relative to the previously published version and prompt for confirmation
- Pack the directory into a
.tar.gzarchive - Upload to the registry with a SHA-256 checksum
To skip the breaking-change prompt in CI:
sno publish --no-breaking-checkRate limits
The registry enforces a limit of 10 uploads per publisher per hour. Pre-release versions (1.0.0-beta.1) and stable versions share the same counter.
Quality gates
Every upload is validated server-side before it is stored. All of the following must pass:
| Gate | What is checked | Error on failure |
|---|---|---|
| Checksum | SHA-256 of the uploaded archive matches the X-Checksum header | 400 Bad Request |
| Binary scan | No .so, .dll, .bin, .o, .dylib, .exe, or .a files | 400 Bad Request |
| Manifest | sno.toml present and parseable; name and version match upload headers | 400 Bad Request |
| Typecheck | lib.sno passes sno check (invoked server-side) | 422 Unprocessable Entity |
| Rate limit | Publisher has not exceeded 10 uploads/hour | 429 Too Many Requests |
Yanking a version
If you need to retract a release, yank it. Yanked versions remain downloadable for existing users but are excluded from sno pkg add pkg@latest and the GET /pkg/{name}/latest endpoint.
sno pkg yank my-package@1.0.0Yanking is irreversible via the CLI. Contact registry support to un-yank a version.
What's Next
Browse packages →
See what's already in the registry. Search by keyword, capability, or function name.
Import layers →
Understand the four import layers — syntax, builtins, prelude, and packages — and when each one requires an explicit import.
Quick start →
Install your first package in two commands and use it in a program.