All extensions are open source so the current source code can be inspected at all times. Before an extension gets merged into the public repository, members from Raycast and the community collaboratively review extensions, and follow our store guidelines. After the code review, the Continuous Integration system performs a set of validations to make sure that manifest conforms to the defined schema, required assets have the correct format, the author is valid, and no build and type errors are present. (More CI pipeline tooling for automated static security analysis is planned.) The built extension is then archived and uploaded to the Raycast Store, and eventually published for a registered user account. When an extension is installed or updated, the extension is downloaded from the store, unarchived to disk, and a record is updated in the local Raycast database. End-users install extensions through the built-in store or the web store.