Publishing & installing
The author → registry → consumer lifecycle.
The full lifecycle of a pack: author it, publish it to the registry, and install it into any consumer project.
Authoring
A pack's source repo holds Markdown memories and a root rulepack.json. The
memories map declares the files the pack must contain; files globs decide
what else rides along (a README, LICENSE, shared snippets).
You can author entirely from the CLI (rulepack init) or from the web editor —
no local checkout required for the latter.
Publishing
rulepack publish packs the declared files into a tarball, validates the
manifest against the schema, computes a SHA-256, and uploads. The scope in
name must be one you own.
$ rulepack publish
✓ Packed 4 files (12.3 KB)
✓ Published @ichi/[email protected]
→ npx rulepack add @ichi/nextjsImmutable versions
Once published, a version can't be overwritten. Re-publishing the same semver
returns a 409 — bump version for every change. This guarantees a given
@scope/name@version always resolves to identical bytes.
Installing
rulepack add resolves the latest version (or a requested one), downloads the
tarball, verifies its SHA-256 against the registry header, and writes the memory
files into the consumer project.
$ rulepack add @ichi/nextjs
✓ Resolved @ichi/[email protected]
✓ Wrote AGENTS.md · CLAUDE.md · .cursor/rules/main.mdc
✓ Recorded in rulepack.jsonIf the consumer project has a rulepack.json, the pack is recorded under
dependencies with a caret range. Existing files prompt before overwrite (skip
with --force).
Integrity
Every tarball is content-addressed by SHA-256. The CLI verifies the downloaded
bytes against the X-Pack-Shasum header on install and aborts on mismatch, so a
corrupted or tampered download never reaches your project.
Last updated on