Publishing Cargos
How to build, submit, and certify your own cargos on the Archipelag.io network
Publishing Cargos
This guide covers the full lifecycle of publishing a Cargo on Archipelag.io — from building a container image to getting it certified and live on the network.
Cargo Tiers
Every Cargo on Archipelag.io falls into one of three publishing tiers. The tier determines visibility, trust level, and what resources the Cargo can access on Islands.
| Tier | Trust Levels | Signature | Network Access | GPU Access | Who Can Publish |
|---|---|---|---|---|---|
| Community | 0 (Untrusted), 1 (Basic) | Not required | Disabled | Disabled | Any registered publisher |
| Certified | 2 (Verified) | Required (cosign) | Disabled | Disabled | Verified publishers with clean security scans |
| Official | 3 (Official) | Required (cosign) | Enabled | Enabled | First-party or fully audited Cargos |
Community Cargos
Community Cargos are the entry point for any publisher. They run in a restricted sandbox with no network or GPU access, making them safe for the network while publishers establish trust.
- Trust level 0 (Untrusted): Initial submission. Minimal sandbox — 256 MB memory, 60s timeout, 1 CPU, ~10 allowed syscalls.
- Trust level 1 (Basic): After passing security scanning and code review. Standard sandbox — 1 GB memory, 300s timeout, 2 CPUs, ~140 allowed syscalls.
Community publishers can submit up to 3 active Cargos.
Certified Cargos
Certified Cargos have been verified by the Archipelag.io review team and are signed using cosign. The signature is recorded in the Rekor transparency log, providing a public audit trail.
Certification requirements:
- Clean security scan (zero critical/high vulnerabilities)
- Verified publisher identity
- Container image signed with cosign
- At least 100 successful job completions at Community tier
- Reputation score above 0.8
Official Cargos
Official Cargos are first-party or fully audited workloads that run in the elevated sandbox tier. They can access GPU hardware and network resources on Islands. Official status is reserved for Cargos that have undergone a comprehensive audit by the Archipelag.io security team.
Official Cargos get elevated resources: 8 GB memory, 600s timeout, 4 CPUs, and GPU/Network seccomp profiles.
Submitting a Community Cargo
Test locally
Run your container with a test input to verify correctness under production-like constraints:
# Basic test
echo '{"prompt": "Hello"}' | docker run -i --rm your-cargo:latest
# Test with sandbox-equivalent resource limits
echo '{"prompt": "Hello"}' | docker run -i --rm \
--memory=256m --cpus=1 --network=none \
--read-only --tmpfs /tmp:size=64m \
your-cargo:latest
Verify that:
- The container reads JSON from stdin correctly
- Each stdout line is valid JSON with a
typefield - A
doneorerrormessage is emitted as the final line - The container exits with code 0 on success
- The container runs within the restricted sandbox limits (256 MB, 1 CPU, no network)
Pre-scan for vulnerabilities
Run vulnerability scanners locally before submitting to avoid rejection:
# Trivy
trivy image your-cargo:latest
# Grype
grype your-cargo:latest
Fix all critical and high severity vulnerabilities. Medium severity findings should be justified or resolved.
Push to an approved registry
Push your container image to one of the approved registries:
# Tag with a semantic version
docker tag your-cargo:latest ghcr.io/archipelag-io/your-cargo:v1.0.0
# Push
docker push ghcr.io/archipelag-io/your-cargo:v1.0.0
Approved registries:
| Registry | Address |
|---|---|
| GitHub Container Registry | ghcr.io/archipelag-io |
| Docker Hub | docker.io/archipelag |
Submit for review
Create a Cargo submission through the API or the web dashboard. Provide all required fields (see Cargo Definition Requirements below), then transition the submission from draft to pending_review.
# Example API submission
curl -X POST https://archipelag.io/api/v1/workloads \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "My Text Processor",
"slug": "my-text-processor",
"description": "Processes text input and returns structured output",
"runtime_type": "container",
"container_image": "ghcr.io/archipelag-io/my-text-processor:v1.0.0",
"input_schema": {"type": "object", "properties": {"text": {"type": "string"}}},
"output_schema": {"type": "object", "properties": {"result": {"type": "string"}}},
"price_per_job": 1,
"required_cpu_cores": 1,
"required_ram_mb": 256
}'
Wait for review
Once submitted, your Cargo enters the review pipeline:
- Automated security scan — Trivy and Grype analyze your container image
- SBOM generation — A Software Bill of Materials is created
- Manual review — A platform reviewer evaluates compliance, schemas, and resource requirements
- Trust level assignment — The reviewer assigns trust level 0 or 1
You will be notified of the outcome. If rejected, the rejection reason is provided so you can fix issues and resubmit.
{% end %}
Cargo Definition Requirements
Every Cargo submission must include the following metadata:
Required Fields
| Field | Type | Description |
|---|---|---|
name | string | Human-readable Cargo name (e.g., “LLM Chat Mistral 7B”) |
slug | string | URL-safe identifier, unique across the platform (e.g., llm-chat-mistral) |
description | string | Clear description of what the Cargo does |
runtime_type | enum | Execution environment: container, wasm, coreml, or onnx |
container_image | string | Full image reference including registry (e.g., ghcr.io/archipelag-io/llm-chat:v1.0.0) |
input_schema | JSON | JSON Schema describing expected input format |
output_schema | JSON | JSON Schema describing output format |
Pricing (at least one required)
| Field | Type | Description |
|---|---|---|
price_per_job | integer | Fixed credit cost per job submission |
price_per_token | integer | Credit cost per output token (LLM Cargos) |
price_per_second | integer | Credit cost per compute second |
Resource Requirements (optional)
| Field | Type | Default | Description |
|---|---|---|---|
required_vram_mb | integer | 0 | Minimum GPU memory in MB |
required_cpu_cores | integer | 1 | Minimum CPU cores |
required_ram_mb | integer | 256 | Minimum system RAM in MB |
Optional Metadata
| Field | Type | Description |
|---|---|---|
category | string | Discovery category (e.g., llm, image-gen, audio, text) |
tags | list | Searchable tags for Cargo Registry discovery |
revenue_share | integer | Island revenue share percentage (default: 70%) |
image_digest | string | SHA256 digest for integrity verification |
I/O Protocol
All Cargos communicate using a simple stdin/stdout JSON protocol, regardless of runtime type. This section is a brief overview — see the full I/O protocol reference for complete details.
Input: The Island sends a JSON object on stdin when the Cargo starts. The schema depends on the Cargo type (e.g., prompt + max_tokens for LLM Cargos).
Output: The Cargo emits JSON Lines on stdout. Each line must include a type field:
| Output Type | Purpose | Key Fields |
|---|---|---|
status | Informational updates | message |
token | Streaming text output (LLM) | content |
progress | Step progress | step, total |
image | Completed image data | data (base64), format, width, height |
done | Signals successful completion | usage (optional) |
error | Signals failure | message |
stdin (JSON) ──► Cargo ──► stdout (JSON Lines)
│
├── {"type": "status", "message": "Loading model..."}
├── {"type": "token", "content": "Hello"}
├── {"type": "token", "content": " world"}
└── {"type": "done", "usage": {"tokens": 2}}
Output is streamed in real time through the Island software to the coordinator and then to the Consumer via WebSocket.
Security Review Process
Every Cargo submission goes through a multi-stage security review before it can run on the Archipelag.io network.
Automated Scanning
Two vulnerability scanners run automatically when a submission enters pending_review:
| Scanner | What It Checks |
|---|---|
| Trivy | OS packages, language dependencies (pip, npm, go modules, etc.) |
| Grype | Container layers, known CVE database |
Scan results are categorized by severity:
| Severity | Impact |
|---|---|
| Critical | Blocks approval — must be fixed |
| High | Blocks approval — must be fixed |
| Medium | Flagged for review — may require justification |
| Low | Informational — does not block approval |
A Software Bill of Materials (SBOM) is generated as part of the scan.How to pre-scan locally
Manual Review
After automated scanning, a platform reviewer evaluates:
- Vulnerability scan results — all critical/high findings must be resolved
- I/O protocol compliance — input/output schemas are well-defined
- Resource requirements — requested resources are reasonable for the workload
- Description and metadata — clear, accurate, and complete
- Policy compliance — no prohibited content or functionality
Ongoing Monitoring
Published Cargos are not “set and forget”:
- Weekly rescans — automated vulnerability scanning runs on all published Cargos
- Reputation tracking — success rate, execution time, and complaint volume are monitored
- Auto-suspension — Cargos with reputation below 0.5 or success rate below 90% (after 100+ jobs) are automatically suspended
- Complaint flagging — Cargos with excessive consumer complaints are flagged for manual review
Trust Levels
Trust levels control what resources a Cargo can access when executing on Islands. Higher trust levels unlock more capabilities but require stronger verification.
Level 0 — Untrusted
The starting point for all new Cargos.
| Property | Value |
|---|---|
| Sandbox | Restricted |
| Memory | 256 MB |
| Timeout | 60 seconds |
| CPUs | 1 |
| Network | Disabled |
| GPU | Disabled |
| Seccomp | Minimal (~10 syscalls) |
| Signature | Not required |
What it unlocks: Basic compute tasks that fit within tight resource constraints. Good for text processing, simple transformations, and lightweight inference.
How to get here: Submit a Cargo. All new submissions start at level 0.
Level 1 — Basic
Reviewed Cargos with a clean security scan.
| Property | Value |
|---|---|
| Sandbox | Standard |
| Memory | 1 GB |
| Timeout | 300 seconds (5 min) |
| CPUs | 2 |
| Network | Disabled |
| GPU | Disabled |
| Seccomp | Default (~140 syscalls) |
| Signature | Not required |
What it unlocks: More memory and time for heavier compute — quantized model inference, batch text processing, data transformation pipelines.
How to get here: Pass automated security scanning (zero critical/high vulnerabilities) and manual review.
Level 2 — Verified
Signed Cargos from verified publishers.
| Property | Value |
|---|---|
| Sandbox | Standard |
| Memory | 1 GB |
| Timeout | 300 seconds (5 min) |
| CPUs | 2 |
| Network | Disabled |
| GPU | Disabled |
| Seccomp | Default (~140 syscalls) |
| Signature | Required (cosign) |
What it unlocks: Same resource limits as level 1, but the cosign signature provides integrity guarantees. Islands verify the signature before execution, ensuring the Cargo has not been tampered with. Certified Cargos get a verified badge in the Cargo Registry.
How to get here:
- Maintain a reputation score above 0.8 at level 1
- Complete 100+ successful jobs
- Verify your publisher identity
- Sign your container image with cosign
Signing with cosign
Level 3 — Official
First-party or fully audited Cargos with elevated access.
| Property | Value |
|---|---|
| Sandbox | Elevated |
| Memory | 8 GB |
| Timeout | 600 seconds (10 min) |
| CPUs | 4 |
| Network | Enabled |
| GPU | Enabled |
| Seccomp | GPU or Network profile |
| Signature | Required (cosign) |
What it unlocks: Full GPU access for large model inference (LLMs, image generation, video processing). Network access for Cargos that need to fetch models or call external APIs. This is the tier for production AI workloads.
How to get here: Official status requires a comprehensive security audit by the Archipelag.io team. This tier is currently reserved for first-party Cargos and select partners.
Submission States
A Cargo submission progresses through these states:
draft ──► pending_review ──► approved ──► published
│
▼
rejected ──► (fix and resubmit as new draft)
| State | Meaning |
|---|---|
draft | Editable — fill in details before submitting for review |
pending_review | In the review queue — security scanning runs automatically |
approved | Passed review — ready for signing (if required) and publishing |
rejected | Did not pass review — see rejection reason, fix issues, resubmit |
published | Live in the Cargo Registry and available to Consumers |
Updating Published Cargos
To update a published Cargo:
- Build and push a new container image version (use semantic versioning)
- Create a new submission referencing the updated image
- The new version goes through the same scan and review process
- Once approved, the new version replaces the previous one in the catalog
Best Practices
- Minimal base images — use
alpine,distroless, or-slimvariants to reduce vulnerability surface - Pin all dependencies — lock versions in
requirements.txt,package-lock.json,Cargo.lock, etc. - Multi-stage builds — keep compilers and build tools out of the final image layer
- No secrets in images — never embed API keys, tokens, or credentials in container layers
- Test with constraints — always test with
--memory,--cpus, and--network=noneflags locally - Pre-scan before submitting — run Trivy and Grype locally to catch vulnerabilities early
- Handle stdin EOF — your Cargo must handle the case where stdin is empty or malformed gracefully
- Emit clear errors — use the
erroroutput type with a descriptivemessagefield when something goes wrong
Next Steps
Cargo Registry
Browse published Cargos and see what's available on the network.
API Reference
Full API documentation for programmatic Cargo submission and management.
{% end %}