Discovery and installation
Hosts discover APP.md, read compact catalog metadata, verify source and hash, ask consent, download support files, write local cache, and only then project entries. Installation is not execution.
Checklist
- Keep declarations machine-readable.
- Keep procedures in Agent Skills.
- Keep facts in Agent Knowledge.
- Keep execution in the host runtime.
- Attach app provenance to projected objects.