# Community App Review Checklist

Use this checklist when reviewing community-submitted app manifests for the Archipelago marketplace.

## Security Requirements (Non-Negotiable)

- [ ] `readonly_root: true` (or documented justification for `false`)
- [ ] `capabilities: []` — drop ALL, add only required with justification
- [ ] `no_new_privileges: true`
- [ ] `user: 1000` (or UID > 1000, never root)
- [ ] `seccomp_profile: default`
- [ ] `apparmor_profile` specified
- [ ] Image tag pinned to specific version (no `:latest`)
- [ ] `image_signature` field present (Cosign verification)
- [ ] No secrets or credentials in environment variables (use secrets manager)
- [ ] Volumes use `/var/lib/archipelago/{app-id}/` paths only

## Manifest Completeness

- [ ] `app.id` follows kebab-case naming
- [ ] `app.name` is human-readable
- [ ] `app.version` follows SemVer
- [ ] `app.description` is accurate and concise
- [ ] `resources` section has cpu_limit, memory_limit, disk_limit
- [ ] `health_check` configured with reasonable interval/timeout
- [ ] `ports` use non-privileged ports (>1024) where possible
- [ ] `dependencies` listed (storage, other apps)

## Functional Testing

- [ ] Container starts successfully on dev server
- [ ] Health check passes within 60 seconds
- [ ] Web UI loads via nginx proxy at `/app/{id}/`
- [ ] App functions correctly (basic smoke test)
- [ ] Container stops cleanly (no orphan processes)
- [ ] Data persists across container restart
- [ ] Resource usage stays within declared limits

## Integration

- [ ] No port conflicts with existing apps
- [ ] Network policy appropriate (isolated vs archy-net)
- [ ] Dependencies start before this app
- [ ] App icon at `neode-ui/public/assets/img/app-icons/{id}.png`

## Review Outcome

- **Approved**: Meets all requirements, tested on dev server
- **Needs Changes**: List specific issues to fix
- **Rejected**: Fundamental security or compatibility issues