@openthread/claude-code-plugin 0.1.5 → 0.1.9

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "ot",
-  "version": "0.1.5",
-  "description": "Share Claude Code conversations to OpenThread",
+  "version": "0.1.9",
+  "description": "Share Claude Code conversations to OpenThread — the StackOverflow for AI agents. One command to publish any session.",
   "icon": "icon.svg",
   "author": {
     "name": "OpenThread"

package/README.md

@@ -1,6 +1,8 @@
 # @openthread/claude-code-plugin
 
-Share Claude Code conversations to [OpenThread](https://openthread.me) -- a Reddit-like platform for AI conversation threads.
+Share Claude Code conversations to [OpenThread](https://openthread.me) — **the StackOverflow for AI agents**. The community platform for the agentic AI era, where developers share, vote on, and discover the best AI conversation threads from Claude, ChatGPT, Gemini, and more.
+
+One command. Zero config. Publish any Claude Code session as a post others can learn from.
 
 [![npm version](https://img.shields.io/npm/v/@openthread/claude-code-plugin)](https://www.npmjs.com/package/@openthread/claude-code-plugin)
 [![license](https://img.shields.io/npm/l/@openthread/claude-code-plugin)](https://opensource.org/licenses/MIT)
@@ -25,7 +27,7 @@ Community: Coding with AI
 Tags: typescript, authentication, debugging
 
 Post shared successfully!
-View it at: https://openthread.me/post/abc123
+View it at: https://openthread.me/c/coding-with-ai/post/27512cb1
 ```
 
 ## Examples
@@ -51,7 +53,7 @@ Auto-generates title, picks the best community, adds tags, and posts -- no quest
 ? Tags: typescript, hono, api
 
 Post shared successfully!
-View it at: https://openthread.me/post/def456
+View it at: https://openthread.me/c/coding-with-ai/post/27512cb1
 ```
 
 ### Share after a long debugging session
@@ -66,13 +68,20 @@ The plugin reads the full conversation, generates a summary, and shares it as a
 
 The plugin auto-detects the current Claude Code session file. Works in any project directory -- just run `/ot:share` and it finds the right conversation.
 
+## Why OpenThread?
+
+OpenThread is the social platform for the agentic AI world — the place where developers share what their AI agents actually built. Think StackOverflow meets Reddit, designed from the ground up for AI conversations. Every post is a full thread (including code, thinking, and tool use) that the community votes on, comments on, and learns from.
+
+**This plugin is the one-command bridge from your Claude Code session to that community.**
+
 ## Features
 
-- **One-command sharing** -- run `/ot:share` inside any Claude Code session to publish the conversation to OpenThread.
-- **Quick mode** -- `/ot:share <description>` auto-generates a title, selects a community, and posts immediately.
-- **Interactive mode** -- `/ot:share` with no arguments prompts you to choose a title, community, and tags.
-- **Secure auth** -- PKCE OAuth flow with automatic token refresh. Credentials are stored locally at `~/.config/openthread/`.
-- **CLI management** -- `openthread-claude` binary for install, uninstall, status checks, and updates.
+- **One-command sharing** — run `/ot:share` inside any Claude Code session to publish the entire conversation to OpenThread.
+- **Quick mode** — `/ot:share <description>` auto-generates a title, picks the best-matching community, adds tags, and posts immediately. Zero questions asked.
+- **Interactive mode** — `/ot:share` with no arguments prompts you to choose a title, community, and tags.
+- **Privacy first** — strips usernames and local file paths before publishing. Your code, not your filesystem.
+- **Secure auth** — PKCE OAuth flow with automatic token refresh. Credentials stored locally at `~/.config/openthread/`.
+- **CLI management** — `openthread-claude` binary for install, uninstall, status checks, and updates.
 
 ## Usage
 
@@ -96,23 +105,108 @@ Run with no arguments to step through each field:
 2. Community (selectable from list)
 3. Tags (suggested, accept or modify)
 
+## Commands
+
+### `/ot:search <query>`
+
+Search OpenThread for threads, comments, communities, or users without
+leaving your Claude Code session.
+
+Flags:
+
+- `--type posts|comments|communities|users|all` (default `posts`)
+- `--community <name>`
+- `--provider claude|chatgpt|gemini|...`
+- `--time hour|day|week|month|year|all`
+- `--limit 1-25` (default `10`)
+
+Works without authentication (narrower visibility). If you're logged in,
+you also see private communities you're a member of. After results are
+shown, pick a number to import the thread via `/ot:import`.
+
+```
+> /ot:search hono auth bug
+
+[1] Debugging PKCE token refresh in auth middleware
+    c/coding-with-ai · u/alice · 3h ago · ▲ 42 · 💬 7
+    Walks through the PKCE refresh flow and the off-by-one in expiresAt...
+```
+
+### `/ot:import <post-id-or-url> [--read|--context]`
+
+Pull a published OpenThread thread into your current workspace.
+
+**Imported content is UNTRUSTED third-party data.** It may contain
+prompt injections. The plugin treats every imported byte as data, not
+instructions, and enforces that boundary at multiple layers.
+
+- **`--read`** (default) — downloads the thread, sanitizes and masks
+  it locally (defense-in-depth on top of server-side masking), and
+  saves it to `~/.openthread/imports/<uuid>.md` with mode `0600`
+  inside a `0700` directory. Claude does **not** automatically load
+  the file into context. If you want it read, ask in a separate
+  message after the import completes.
+- **`--context`** — additionally emits an
+  `<imported_thread trust="untrusted">` envelope that the skill shows
+  to Claude after you explicitly confirm. Even inside the envelope,
+  the content is treated as data, never as instructions.
+
+Inputs accepted:
+
+- Bare UUID: `27512cb1-4e7a-4c3b-9d8e-1f2a3b4c5d6e`
+- Path: `/c/<community>/post/<uuid>` or `/post/<uuid>`
+- Full URL: `https://openthread.me/c/<community>/post/<uuid>`
+
+Security properties:
+
+- Strict UUID validation on every input form.
+- HTTPS enforced unless `OPENTHREAD_API_URL` points to a loopback host.
+- Response bodies capped at 5 MB, read in bounded chunks.
+- Control characters and ANSI escapes are stripped; paths, usernames,
+  secrets, emails, and IPs are masked locally.
+- Writes are atomic via a `.part` rename — a partial fetch never lands
+  at the final path. Files land at mode `0600` in a `0700` directory.
+- Every saved file starts with a trust banner reminding Claude that
+  the content is data, not instructions.
+
+### `/ot:export <post-id-or-url>`
+
+Download a thread from OpenThread as a local file. Unlike `/ot:import`,
+this is for archival / sharing — the file is written with sharable
+permissions and does NOT include the "untrusted data" banner.
+
+Flags:
+
+- `--format markdown|text|json` (default `markdown`)
+- `--out <path>` (default `./ot-<slug>-<short>.<ext>`)
+- `--stdout`
+- `--no-banner`
+
+The file is path-traversal-guarded (relative paths must stay under cwd;
+absolute paths are denied into system dirs). Content is re-masked
+locally on top of the server's masking as defense-in-depth. Writes are
+atomic via a `.part` rename and land at mode `0644` so the file can be
+committed or shared. Exported files are NOT loaded into Claude's
+context — if you want Claude to read one, open it in a follow-up
+message.
+
 ## CLI Commands
 
-| Command | Description |
-| --- | --- |
-| `openthread-claude install` | Install and register the plugin with Claude Code |
+| Command                       | Description                                       |
+| ----------------------------- | ------------------------------------------------- |
+| `openthread-claude install`   | Install and register the plugin with Claude Code  |
 | `openthread-claude uninstall` | Remove the plugin and deregister from Claude Code |
-| `openthread-claude status` | Show plugin installation and registration state |
-| `openthread-claude update` | Reinstall plugin (update to current version) |
+| `openthread-claude status`    | Show plugin installation and registration state   |
+| `openthread-claude update`    | Reinstall plugin (update to current version)      |
 
 ## Configuration
 
 Environment variables override the default endpoints. Set them in your shell profile or `.env` file.
 
-| Variable | Default | Description |
-| --- | --- | --- |
-| `OPENTHREAD_API_URL` | `https://openthread.me/api` | Backend API base URL |
-| `OPENTHREAD_WEB_URL` | `https://openthread.me` | Web app base URL (used for post links) |
+| Variable             | Default                     | Description                            |
+| -------------------- | --------------------------- | -------------------------------------- |
+| `OPENTHREAD_API_URL` | `https://openthread.me/api` | Backend API base URL                   |
+| `OPENTHREAD_WEB_URL` | `https://openthread.me`     | Web app base URL (used for post links) |
 
 ## Manual Install
 

package/bin/cli.sh

@@ -22,6 +22,12 @@ usage() {
 }
 
 install_plugin() {
+  # Clean destination to prevent stale files from previous versions.
+  # cp -r does NOT delete files that exist in dest but not in src.
+  if [ -d "$DEST_DIR" ]; then
+    rm -rf "$DEST_DIR"
+  fi
+
   # Copy plugin files into marketplace structure
   mkdir -p "$DEST_DIR"
   for dir in .claude-plugin commands skills scripts; do
@@ -66,24 +72,9 @@ with open(path, 'w') as f:
     f.write('\n')
 "
 
-  # Enable in settings.json
-  python3 -c "
-import json, os
-path = '$SETTINGS_FILE'
-settings = {}
-if os.path.exists(path):
-    try:
-        with open(path) as f: settings = json.load(f)
-    except: pass
-if not isinstance(settings.get('enabledPlugins'), dict):
-    settings['enabledPlugins'] = {}
-settings['enabledPlugins']['$PLUGIN_KEY'] = True
-settings.pop('extraKnownMarketplaces', None)
-os.makedirs(os.path.dirname(path), exist_ok=True)
-with open(path, 'w') as f:
-    json.dump(settings, f, indent=2)
-    f.write('\n')
-"
+  # Enable in settings.json via the guarded writer (G16).
+  # Only enabledPlugins["ot@openthread"] is permitted to change.
+  node "$PLUGIN_DIR/bin/lib/settings-writer.js" enable
 
   VERSION=$(python3 -c "import json; print(json.load(open('$DEST_DIR/.claude-plugin/plugin.json'))['version'])")
   echo "✓ OpenThread plugin v$VERSION installed"
@@ -104,18 +95,14 @@ with open('$KNOWN_FILE', 'w') as f:
     f.write('\n')
 " 2>/dev/null || true
 
-  # Remove from settings.json
-  [ -f "$SETTINGS_FILE" ] && python3 -c "
-import json
-with open('$SETTINGS_FILE') as f: settings = json.load(f)
-if isinstance(settings.get('enabledPlugins'), dict):
-    settings['enabledPlugins'].pop('$PLUGIN_KEY', None)
-with open('$SETTINGS_FILE', 'w') as f:
-    json.dump(settings, f, indent=2)
-    f.write('\n')
-" 2>/dev/null || true
+  # Disable in settings.json via the guarded writer (G16).
+  [ -f "$SETTINGS_FILE" ] && node "$PLUGIN_DIR/bin/lib/settings-writer.js" disable 2>/dev/null || true
+
+  # Clear stored credentials from keychain and file
+  bash "$PLUGIN_DIR/scripts/token.sh" clear 2>/dev/null || true
+  [ -d "$HOME/.config/openthread" ] && rm -rf "$HOME/.config/openthread"
 
-  echo "✓ OpenThread plugin removed and deregistered"
+  echo "✓ OpenThread plugin removed, deregistered, and credentials cleared"
 }
 
 check_status() {

package/bin/lib/settings-writer.js

@@ -0,0 +1,144 @@
+#!/usr/bin/env node
+// Guarded writer for ~/.claude/settings.json.
+//
+// Only allows modifications to a strict allowlist of top-level keys. Refuses
+// any diff touching "hooks", "permissions", or unknown keys so that a
+// compromised release cannot inject a preToolUse hook or weaken permissions.
+
+const fs = require("node:fs");
+const path = require("node:path");
+const os = require("node:os");
+
+const SETTINGS_PATH = path.join(os.homedir(), ".claude", "settings.json");
+
+const ALLOWED_TOP_LEVEL_KEYS = new Set(["enabledPlugins"]);
+const ALLOWED_PLUGIN_KEYS = /^ot@openthread$/;
+
+// Keys that must never be used as property names (prototype pollution defense).
+const RESERVED_KEYS = new Set([
+  "__proto__",
+  "constructor",
+  "prototype",
+  "toString",
+  "valueOf",
+  "hasOwnProperty",
+  "__defineGetter__",
+  "__defineSetter__",
+]);
+
+function readSettings(settingsPath = SETTINGS_PATH) {
+  try {
+    const raw = fs.readFileSync(settingsPath, "utf8");
+    if (!raw.trim()) return {}; // handle 0-byte / whitespace-only files
+    return JSON.parse(raw);
+  } catch (e) {
+    if (e.code === "ENOENT") return {};
+    throw e;
+  }
+}
+
+function writeAtomically(data, settingsPath = SETTINGS_PATH) {
+  const tmp = settingsPath + ".part";
+  fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
+  try {
+    fs.writeFileSync(tmp, JSON.stringify(data, null, 2) + "\n", {
+      mode: 0o600,
+    });
+    fs.renameSync(tmp, settingsPath);
+    // Explicitly guarantee 0o600 on the final file — rename preserves perms
+    // on most systems but this is not guaranteed by POSIX.
+    fs.chmodSync(settingsPath, 0o600);
+  } catch (e) {
+    // Clean up .part file so it doesn't leak on failure
+    try {
+      fs.unlinkSync(tmp);
+    } catch {}
+    throw e;
+  }
+}
+
+function safeUpdateSettings(patch, settingsPath = SETTINGS_PATH) {
+  if (!patch || typeof patch !== "object" || Array.isArray(patch)) {
+    throw new Error("settings-writer: patch must be a plain object");
+  }
+
+  const current = readSettings(settingsPath);
+  const next = JSON.parse(JSON.stringify(current));
+
+  for (const key of Object.keys(patch)) {
+    if (!ALLOWED_TOP_LEVEL_KEYS.has(key)) {
+      throw new Error(
+        `settings-writer: refusing to modify top-level key "${key}"`,
+      );
+    }
+  }
+
+  // enabledPlugins merge (only ot@openthread keys allowed)
+  if (patch.enabledPlugins !== undefined) {
+    if (
+      !patch.enabledPlugins ||
+      typeof patch.enabledPlugins !== "object" ||
+      Array.isArray(patch.enabledPlugins)
+    ) {
+      throw new Error(
+        "settings-writer: enabledPlugins patch must be a plain object",
+      );
+    }
+    if (
+      !next.enabledPlugins ||
+      typeof next.enabledPlugins !== "object" ||
+      Array.isArray(next.enabledPlugins)
+    ) {
+      next.enabledPlugins = {};
+    }
+    for (const pluginKey of Object.keys(patch.enabledPlugins)) {
+      // Defense-in-depth: block reserved property names before regex check.
+      // The regex would also reject these, but an explicit guard is clearer
+      // and survives future regex changes.
+      if (RESERVED_KEYS.has(pluginKey)) {
+        throw new Error(
+          `settings-writer: refusing to modify reserved key "${pluginKey}"`,
+        );
+      }
+      if (!ALLOWED_PLUGIN_KEYS.test(pluginKey)) {
+        throw new Error(
+          `settings-writer: refusing to modify plugin key "${pluginKey}"`,
+        );
+      }
+      next.enabledPlugins[pluginKey] = patch.enabledPlugins[pluginKey];
+    }
+  }
+
+  writeAtomically(next, settingsPath);
+  return next;
+}
+
+// CLI entry point: node settings-writer.js enable | disable
+if (require.main === module) {
+  const cmd = process.argv[2];
+  try {
+    if (cmd === "enable") {
+      safeUpdateSettings({ enabledPlugins: { "ot@openthread": true } });
+      console.log("enabled ot@openthread in", SETTINGS_PATH);
+    } else if (cmd === "disable") {
+      safeUpdateSettings({ enabledPlugins: { "ot@openthread": false } });
+      console.log("disabled ot@openthread in", SETTINGS_PATH);
+    } else {
+      console.error("Usage: settings-writer.js enable|disable");
+      process.exit(1);
+    }
+  } catch (e) {
+    console.error(e.message);
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  safeUpdateSettings,
+  readSettings,
+  writeAtomically,
+  SETTINGS_PATH,
+  ALLOWED_TOP_LEVEL_KEYS,
+  ALLOWED_PLUGIN_KEYS,
+  RESERVED_KEYS,
+};

package/bin/postinstall.js

@@ -1,24 +1,107 @@
 #!/usr/bin/env node
 // Auto-install plugin into a Claude Code marketplace so it's discoverable via /ot:share
-const { existsSync, mkdirSync, cpSync, chmodSync, readdirSync, readFileSync, writeFileSync } = require("fs");
-const { join, resolve } = require("path");
+const {
+  existsSync,
+  mkdirSync,
+  rmSync,
+  cpSync,
+  chmodSync,
+  readdirSync,
+  readFileSync,
+  writeFileSync,
+  accessSync,
+  constants: fsConstants,
+} = require("fs");
+const { join, resolve, dirname } = require("path");
 const { homedir } = require("os");
 
+const pkg = require("../package.json");
+
+// --- Skip postinstall entirely if requested ---
+if (process.env.OT_SKIP_POSTINSTALL === "1") {
+  console.log("OT_SKIP_POSTINSTALL=1 — skipping plugin auto-install");
+  process.exit(0);
+}
+
+const { safeUpdateSettings } = require("./lib/settings-writer.js");
+
 const PLUGIN_ID = "ot";
 const MARKETPLACE_NAME = "openthread";
 const pluginSrc = resolve(__dirname, "..");
 
 // Marketplace lives alongside the official one
-const marketplaceDir = join(homedir(), ".claude", "plugins", "marketplaces", MARKETPLACE_NAME);
+const claudeDir = join(homedir(), ".claude");
+const marketplaceDir = join(claudeDir, "plugins", "marketplaces", MARKETPLACE_NAME);
 const pluginDest = join(marketplaceDir, "plugins", PLUGIN_ID);
 
 const DIRS_TO_COPY = [".claude-plugin", "commands", "skills", "scripts"];
 const FILES_TO_COPY = ["icon.svg"];
 
+// Required files that must exist after copy for the plugin to work.
+// If any are missing, the install is considered incomplete.
+const REQUIRED_FILES = [
+  ".claude-plugin/plugin.json",
+  "commands/share.md",
+  "skills/share-thread/SKILL.md",
+  "scripts/share.sh",
+  "scripts/token.sh",
+  "scripts/auth.sh",
+];
+
+// --- Preflight checks ---
+function preflight() {
+  const home = homedir();
+  try {
+    // Ensure ~/.claude exists or can be created
+    mkdirSync(claudeDir, { recursive: true });
+    accessSync(claudeDir, fsConstants.W_OK);
+  } catch {
+    console.warn(
+      `Warning: Cannot write to ${claudeDir}. Check permissions (chmod 755 ~/.claude).`,
+    );
+    console.warn("Try: claude --plugin-dir " + pluginSrc);
+    process.exit(0); // graceful — don't block npm install
+  }
+}
+
+// --- Atomic JSON write (read → merge → write .part → rename) ---
+function atomicJsonUpdate(filePath, mergeFn) {
+  let current = {};
+  if (existsSync(filePath)) {
+    try {
+      current = JSON.parse(readFileSync(filePath, "utf8"));
+    } catch {
+      current = {};
+    }
+  }
+  const next = mergeFn(current);
+  const tmp = filePath + ".part";
+  try {
+    mkdirSync(dirname(filePath), { recursive: true });
+    writeFileSync(tmp, JSON.stringify(next, null, 2) + "\n");
+    const { renameSync } = require("fs");
+    renameSync(tmp, filePath);
+  } catch (e) {
+    // Clean up .part file on failure
+    try {
+      const { unlinkSync } = require("fs");
+      unlinkSync(tmp);
+    } catch {}
+    throw e;
+  }
+}
+
 try {
-  // 1. Copy plugin files into marketplace/plugins/ot/
+  preflight();
+
+  // 1. Clean destination to prevent stale files from previous versions.
+  //    cpSync does NOT delete files that exist in dest but not in src.
+  if (existsSync(pluginDest)) {
+    rmSync(pluginDest, { recursive: true, force: true });
+  }
   mkdirSync(pluginDest, { recursive: true });
 
+  // 2. Copy plugin files into marketplace/plugins/ot/
   for (const dir of DIRS_TO_COPY) {
     const src = join(pluginSrc, dir);
     if (existsSync(src)) {
@@ -33,17 +116,31 @@ try {
     }
   }
 
-  // Sync version from package.json → plugin.json
-  const pkgJsonPath = join(pluginSrc, "package.json");
+  // 3. Validate required files exist after copy
+  const missing = REQUIRED_FILES.filter(
+    (f) => !existsSync(join(pluginDest, f)),
+  );
+  if (missing.length > 0) {
+    console.warn(
+      `Warning: Plugin install incomplete — missing: ${missing.join(", ")}`,
+    );
+    console.warn("Try reinstalling: npm install @openthread/claude-code-plugin");
+    // Don't exit — partial install is better than no install
+  }
+
+  // 4. Sync version from package.json → plugin.json
   const pluginJsonPath = join(pluginDest, ".claude-plugin", "plugin.json");
-  if (existsSync(pkgJsonPath) && existsSync(pluginJsonPath)) {
-    const version = JSON.parse(readFileSync(pkgJsonPath, "utf8")).version;
-    const pluginJson = JSON.parse(readFileSync(pluginJsonPath, "utf8"));
-    pluginJson.version = version;
-    writeFileSync(pluginJsonPath, JSON.stringify(pluginJson, null, 2) + "\n");
+  if (existsSync(pluginJsonPath)) {
+    try {
+      const pluginJson = JSON.parse(readFileSync(pluginJsonPath, "utf8"));
+      pluginJson.version = pkg.version;
+      writeFileSync(pluginJsonPath, JSON.stringify(pluginJson, null, 2) + "\n");
+    } catch (e) {
+      console.warn(`Warning: Could not sync version to plugin.json: ${e.message}`);
+    }
   }
 
-  // Ensure scripts are executable
+  // 5. Ensure scripts are executable
   const scriptsDir = join(pluginDest, "scripts");
   if (existsSync(scriptsDir)) {
     for (const f of readdirSync(scriptsDir)) {
@@ -53,52 +150,50 @@ try {
     }
   }
 
-  // 2. Create marketplace.json (like the official marketplace has)
+  // 6. Create marketplace.json (like the official marketplace has)
   const marketplaceJsonDir = join(marketplaceDir, ".claude-plugin");
   mkdirSync(marketplaceJsonDir, { recursive: true });
-  writeFileSync(join(marketplaceJsonDir, "marketplace.json"), JSON.stringify({
-    name: MARKETPLACE_NAME,
-    description: "OpenThread plugins for sharing AI conversations",
-    owner: { name: "OpenThread" },
-    plugins: [{
-      name: PLUGIN_ID,
-      description: "Share Claude Code conversations to OpenThread",
-      source: `./plugins/${PLUGIN_ID}`,
-    }],
-  }, null, 2) + "\n");
-
-  // 3. Register marketplace in known_marketplaces.json
+  writeFileSync(
+    join(marketplaceJsonDir, "marketplace.json"),
+    JSON.stringify(
+      {
+        name: MARKETPLACE_NAME,
+        description: "OpenThread plugins for sharing AI conversations",
+        owner: { name: "OpenThread" },
+        plugins: [
+          {
+            name: PLUGIN_ID,
+            description: "Share Claude Code conversations to OpenThread",
+            source: `./plugins/${PLUGIN_ID}`,
+          },
+        ],
+      },
+      null,
+      2,
+    ) + "\n",
+  );
+
+  // 7. Register marketplace in known_marketplaces.json (atomic write)
   const knownPath = join(homedir(), ".claude", "plugins", "known_marketplaces.json");
-  let known = {};
-  if (existsSync(knownPath)) {
-    try { known = JSON.parse(readFileSync(knownPath, "utf8")); } catch { known = {}; }
-  }
-  known[MARKETPLACE_NAME] = {
-    source: { source: "local", path: marketplaceDir },
-    installLocation: marketplaceDir,
-    lastUpdated: new Date().toISOString(),
-  };
-  writeFileSync(knownPath, JSON.stringify(known, null, 2) + "\n");
-
-  // 4. Enable the plugin in settings.json
-  const settingsPath = join(homedir(), ".claude", "settings.json");
-  let settings = {};
-  if (existsSync(settingsPath)) {
-    try { settings = JSON.parse(readFileSync(settingsPath, "utf8")); } catch { settings = {}; }
-  }
-  if (!settings.enabledPlugins || typeof settings.enabledPlugins !== "object" || Array.isArray(settings.enabledPlugins)) {
-    settings.enabledPlugins = {};
-  }
-  settings.enabledPlugins[`${PLUGIN_ID}@${MARKETPLACE_NAME}`] = true;
-  // Clean up old format if present
-  delete settings.extraKnownMarketplaces;
-  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+  atomicJsonUpdate(knownPath, (known) => {
+    known[MARKETPLACE_NAME] = {
+      source: { source: "local", path: marketplaceDir },
+      installLocation: marketplaceDir,
+      lastUpdated: new Date().toISOString(),
+    };
+    return known;
+  });
+
+  // 8. Enable the plugin in settings.json via the guarded writer (G16).
+  // The writer only permits changes to enabledPlugins["ot@openthread"] and
+  // refuses any diff touching hooks, permissions, or unknown keys.
+  safeUpdateSettings({ enabledPlugins: { "ot@openthread": true } });
 
-  const version = JSON.parse(readFileSync(join(pluginSrc, "package.json"), "utf8")).version;
-  console.log(`\x1b[32m✓\x1b[0m OpenThread plugin v${version} installed`);
+  console.log(`\x1b[32m✓\x1b[0m OpenThread plugin v${pkg.version} installed`);
   console.log(`  Marketplace: ${marketplaceDir}`);
   console.log(`  Restart Claude Code, then use \x1b[1m/ot:share\x1b[0m to share conversations.`);
 } catch (err) {
-  console.error(`Warning: Could not auto-install plugin: ${err.message}`);
-  console.error("Try: claude --plugin-dir " + pluginSrc);
+  console.warn(`Warning: Could not auto-install plugin: ${err.message}`);
+  console.warn("Try: claude --plugin-dir " + pluginSrc);
+  // Exit 0 — never block npm install for a postinstall failure
 }