vault.yaml Specification
vault.yaml is a 9-15 line YAML manifest that defines metadata, pricing, and configuration for any MyClaude product.
vault.yaml is a 9-15 line YAML manifest that defines metadata, pricing, and configuration for any MyClaude product.
Every product published to MyClaude requires a vault.yaml file in its root directory. It is the authoritative source of truth for your product's identity, category, and pricing. Think of it as package.json — but for Claude Code products.
What is vault.yaml?
When you run myclaude publish, the CLI reads vault.yaml first. Every field is validated against the JSON Schema at /specs/vault-yaml.schema.json before anything is uploaded. Invalid files are rejected with a descriptive error message before any upload happens.
vault.yaml serves three roles simultaneously:
- Marketplace listing — name, description, category, and tags power the search index and product page
- Install configuration — tells the CLI where to place files in the buyer's environment
- Commerce contract — price and license define the terms of every transaction
Minimal example
The minimum valid vault.yaml has 9 fields. Every other field is optional.
name: my-review-skill
version: "1.0.0"
category: skill
description: "Performs systematic code review with security, performance, and style analysis."
author: your-username
license: MIT
price: 0That is a valid, publishable product. Add optional fields only when they add real value.
Complete field reference
| Field | Type | Required | Description | Default |
|---|---|---|---|---|
name | string | Yes | URL-safe product identifier. Lowercase, hyphens only. Must be unique within your namespace. | — |
version | string | Yes | SemVer string (e.g., "1.0.0"). Quoted to prevent YAML from stripping trailing zeros. | — |
category | enum | Yes | Product category. One of: skill, squad, agent, workflow, design-system, prompt, claude-md, application | — |
description | string | Yes | One-sentence product description. Appears in search results and product cards. Max 160 characters. | — |
author | string | Yes | Your MyClaude username. Must match your authenticated account. | — |
license | string | Yes | SPDX license identifier. Common values: MIT, Apache-2.0, GPL-3.0, proprietary | — |
price | number | Yes | Sale price in USD. Use 0 for free products. Minimum paid price: 1.00. No maximum. | — |
tags | string[] | No | Up to 5 tags for search and filtering. Lowercase strings only. | [] |
entry | string | No | Primary entry file path relative to product root. Overrides category defaults. | Category default |
install_path | string | No | Target directory in buyer's environment. Overrides category defaults. | Category default |
min_cli_version | string | No | Minimum CLI version required to install. SemVer. Example: "1.2.0" | "1.0.0" |
config | object | No | Arbitrary key-value pairs passed to the product at install time. | {} |
Field constraints
name — Must match ^[a-z0-9][a-z0-9-]{0,62}[a-z0-9]$. Names beginning with a digit are allowed. Hyphens at start/end are not. The full product handle on the marketplace is @author/name.
version — Must be a valid SemVer string. Always quote it in YAML to prevent 1.0 from becoming 1 after parsing. The CLI enforces monotonically increasing versions — you cannot re-publish a lower version.
category — Must be one of the 8 exact enum values. The category determines default entry and install_path values and controls which file structure validations run. See the examples below.
price — Stored as a float. The CLI rejects values between 0.01 and 0.99 — the minimum paid price is $1.00. Values above 0 require Stripe Connect to be configured on your account.
license — The proprietary value signals buyers that the product has no open source redistribution rights. All other values must be valid SPDX identifiers.
tags — Maximum 5 tags. Tags longer than 30 characters are rejected. Each tag should be a single concept: security, code-review, typescript — not for-typescript-projects.
Examples by product type
Skill
name: aegis-security-audit
version: "2.1.0"
category: skill
description: "Performs comprehensive security audits covering OWASP Top 10, auth flows, and dependency vulnerabilities."
author: kairo
license: MIT
price: 19.00
tags: [security, audit, owasp, vulnerability]Default entry: SKILL.md
Default install path: .claude/skills/
Squad
name: copy-squad
version: "1.0.0"
category: squad
description: "15-agent content team: strategist, copywriters, editor, SEO specialist, and brand voice guardian."
author: content-labs
license: proprietary
price: 49.00
tags: [content, copywriting, seo, team]
config:
max_agents: 15
coordination: sequentialDefault entry: SQUAD.md
Default install path: .claude/squads/
Agent
name: typescript-reviewer
version: "1.3.0"
category: agent
description: "Single-purpose TypeScript code reviewer with strict mode analysis and type safety enforcement."
author: devtools
license: MIT
price: 9.00
tags: [typescript, code-review, static-analysis]
entry: AGENT.mdDefault entry: AGENT.md
Default install path: .claude/agents/
Workflow
name: ci-deploy-pipeline
version: "1.0.0"
category: workflow
description: "Automated CI/CD workflow: test, build, security scan, deploy, and notify — wired for GitHub Actions."
author: platform-team
license: Apache-2.0
price: 0
tags: [ci-cd, deployment, automation, github-actions]
min_cli_version: "1.2.0"Default entry: WORKFLOW.md
Default install path: .claude/workflows/
Design System
name: terminal-dark-ds
version: "3.0.0"
category: design-system
description: "Dark terminal design system: warm terracotta palette, Minor Third type scale, 5-level surface hierarchy."
author: vault-design
license: MIT
price: 29.00
tags: [design-system, dark-mode, tailwind, tokens]
entry: DESIGN-SYSTEM.mdPrompt
name: legal-contract-analyzer
version: "1.0.0"
category: prompt
description: "Analyzes legal contracts for risk clauses, unusual terms, and missing standard provisions."
author: legal-tools
license: proprietary
price: 14.00
tags: [legal, contracts, risk-analysis]CLAUDE.md
name: enterprise-compliance-config
version: "2.0.0"
category: claude-md
description: "Enterprise Claude Code configuration: data privacy rules, output formatting, and compliance guardrails."
author: enterprise-tools
license: proprietary
price: 0
tags: [enterprise, compliance, configuration]Application
name: api-scaffolder
version: "1.1.0"
category: application
description: "Generates a complete REST API scaffold with auth, rate limiting, and OpenAPI spec from a data model."
author: scaffold-labs
license: MIT
price: 39.00
tags: [api, scaffold, rest, openapi]
entry: APP.md
min_cli_version: "1.3.0"Validation
Run myclaude validate at any time to check your vault.yaml without publishing:
$ myclaude validate
# Validating vault.yaml...
# OK — all fields validThe same validation runs automatically during myclaude publish. Errors include the field name and the constraint that failed:
Error: vault.yaml validation failed
- price: value 0.50 is below minimum paid price of 1.00
- tags: maximum 5 tags, found 7
- description: 178 characters exceeds maximum of 160The full JSON Schema is at /specs/vault-yaml.schema.json. Use it for editor autocomplete or CI validation.
Common mistakes
| Mistake | Symptom | Fix |
|---|---|---|
| Unquoted version | version: 1.0 parsed as 1 | Always quote: version: "1.0.0" |
| Price below minimum | Rejected at publish | Use 0 for free or >= 1.00 for paid |
| Wrong category enum | Field validation error | Use exact lowercase values: skill, not Skill |
| Author mismatch | Auth error at publish | author must match your logged-in username |
| Description too long | Field validation error | Keep description under 160 characters |
| Tabs instead of spaces | YAML parse error | YAML requires spaces. Configure your editor to use spaces |
| Missing quotes on strings with colons | YAML parse error | Quote any string containing : |
Related pages
- Publishing Your First Product — step-by-step publish tutorial
- Product Categories — category-specific file structures and requirements
- Quickstart — the fastest path to a live product