Great work! Looks promising.
Do I understand it correctly that the manifest.json file will be first looked for in the composer package itself and then (when not present) on the Symfony.com server?
And will there be an option to specify custom recipe servers (similar to what “repositories” configuration in composer.json does)?
PS: I am not sure about the idea of embedding files in JSON manifest. I checked the https://flex.symfony.com/recipes/sensiolabs/security-checker/4.0 file and all those “\n”s make me feel it will be hard to maintain (unless there will be a tool for it).
I am looking forward for the next blog post.