Publish on AllAddin Extensions

Who can publish, what we accept, and what you agree to when you submit. By registering as a publisher you accept the terms below.

Last updated: 18 April 2026.

Who this page is for

Developers and firms shipping reusable Revit tooling who want a curated, signed distribution channel instead of emailing DLLs around. If that is not you, the catalog is what you want.

Scope

AllAddin Extensions is a package manager for the AllAddin runtime. We accept four bundle formats:

.allax - extension bundles (hot-loadable panels, no Revit restart)
.allatool - compiled AllAddin tools
.allascript - scripted AllAddin tools
.pyrvt.zip - pyRevit pushbutton bundles

We do not accept add-ins that load directly into Revit outside of these runtimes, and we do not mirror listings from other marketplaces.

What you agree to

You have the right to distribute every line of code in your submission, including any bundled third-party libraries.
Your submission does not include proprietary Autodesk SDK binaries, licensed third-party code you cannot redistribute, or secrets of any kind (API keys, credentials, tokens).
Your submission is free of malware, keyloggers, credential harvesters, unauthorised telemetry, and anything intended to damage user systems or data.
You respond to support and takedown notices at the email you register with. If that email goes quiet, we disable publishing for the account.
You indemnify the AllAddin Extensions operator against claims arising from your submission (copyright, trademark, defamation, etc.).
We may remove a listing at our discretion if it breaks any of the above or if it poses a safety concern. We will tell you why.

Review process

Every submission runs a three-layer automated scan before a human sees it:

Structural - zip integrity, per-file and total size caps, path-traversal guards, manifest schema validation.
Static analysis - every Python source runs through a security linter for known dangerous patterns; every .NET DLL is scanned for references to sensitive APIs; every text file is scanned for leaked secrets. Leaked credentials hard-reject the submission.
Reputation - the artifact SHA-256 is looked up on VirusTotal. Hits from one or more vendors are surfaced in the review report; multiple malicious flags escalate.

A human reviewer is the only path to approval. No submission auto-publishes, regardless of how clean the automated scan is.
Review turnaround targets 3 business days. We reject with a reason; approved submissions appear in the catalog and are installable from inside AllAddin.
Submitting the same version label twice is rejected. Ship a new version label for each update.
Approved artifacts are Ed25519-signed by this server; the AllAddin client verifies the signature before installing.

Pricing

Listings are free. We do not process payments, take a cut, or collect revenue on your behalf. This may change in a future phase; if it does, we will notify publishers first and give you the option to opt out.

Register

Send an email to register, or use the publisher form on the main catalog page.

We ask for email, display name, and an optional website URL. We do not collect payment details, tax IDs, or any other PII beyond that.

Go to registration form

Takedowns

Right-holders and safety reporters use the takedown channel to request removal. Publishers may counter-notice through the same channel.