// DOCS / MODULES
Module Author Docs
This page is for people building modules for the ThreatCrush marketplace at threatcrush.com/store. It focuses on what contributors can do today, what metadata the platform expects, and what parts of the module ecosystem are still planned.
// CURRENT MODEL
How module contribution works today
Today, the module contribution flow is primarily a marketplace publishing flow. You provide a Git URL or website URL, ThreatCrush fetches metadata, you review it, and then publish the listing.
The listing/store side is real now. The deeper runtime/module execution contract is still evolving, so this page separates supported marketplace behavior from planned runtime behavior.
// SUPPORTED
Supported contributor flow
Web UI publish flow
Use the publish page to paste a GitHub repo URL or website URL, auto-fetch metadata, review it, and submit.
Open publish page →CLI publish flow
Run `threatcrush store publish <url>` to fetch metadata, preview it in the terminal, and publish the module.
Back to CLI docs →Store listing review
Browse the live store and make sure your listing quality matches the marketplace expectations before publishing more modules.
Browse store →// API REFERENCE
Module Store HTTP API
The full reference — request/response shapes, auth modes, error codes, and worked examples — lives in docs/MODULE_STORE_API.md. Endpoints at a glance:
| Method | Path | Auth | Purpose |
|---|---|---|---|
| GET | /api/modules | — | List / search / paginate published modules |
| POST | /api/modules | Bearer | Publish a new module |
| GET | /api/modules/{slug} | — | Module detail + versions + recent reviews |
| PATCH | /api/modules/{slug} | Edit your module | |
| DELETE | /api/modules/{slug} | Remove your module | |
| GET | /api/modules/{slug}/install | — | Read-only install info (does not count) |
| POST | /api/modules/{slug}/install | — | Install info + increment download count |
| GET | /api/modules/{slug}/review | — | List reviews (paginated) |
| POST | /api/modules/{slug}/review | Create / update your review (one per email) | |
| POST | /api/modules/fetch-meta | — | Probe URL or GitHub repo for prefilled meta |
// BOILERPLATES
Starter templates
Three working starters in the repo. Clone the one closest to what you're shipping and rename it. Each ships with mod.toml, a src/ layout, and a README.
module-example
Minimal hello-world module that subscribes to daemon events.
View on GitHub →
free-module
MIT-licensed fetch-loop API integration (URLhaus public feed) → emits ThreatEvents.
View on GitHub →
paid-module
Paid template with login / logout / status CLI commands and a license-gated init.
View on GitHub →
// REQUIRED METADATA
What your module listing should include
Required
- name
- display_name
- description
- version
- license
- author_name
- git_url or homepage_url
Recommended
- logo_url
- banner_url
- screenshot_url
- tags
- homepage_url
- pricing_type
- price_usd (if paid)
// QUALITY BAR
Module listing quality guidelines
- Use a stable, clean slug/name that will still make sense a year from now.
- Write a concrete description: what it detects, scans, automates, or integrates with.
- Include real screenshots or branding assets when possible.
- Link to a real repo or homepage that explains the module and shows signs of maintenance.
- Use accurate pricing metadata. If it is paid, be explicit about what the buyer gets.
- Do not market vaporware as a finished installable runtime module if it is still just a concept.
// PLANNED
Planned module-author features
- Fully documented SDK package with starter templates and stronger versioning guarantees
- Formal manifest spec for installable runtime modules
- Module install/remove/update lifecycle docs once the runtime side is complete
- More explicit review, moderation, and trust/safety policy for marketplace listings
- Richer pricing and billing docs for paid modules
// PUBLISH NOW
Ready to list a module?
If you already have a repo or product URL, use the publish flow now. ThreatCrush will try to fetch metadata automatically, and you can review/edit it before submitting.