@ory/claude-code 0.2.0 → 0.3.0

package/dist/cli/main.js

@@ -111,12 +111,18 @@ function status() {
     console.log("");
     (0, argus_1.printOryConfig)();
     (0, argus_1.printEnvironment)();
-    // Plugin-specific status
+    // Plugin-specific status. The default install path delegates plugin
+    // assembly to the public `ory/claude-plugins` marketplace, so the persistent
+    // dir below is only populated for `--from-source` installs (the dev launcher
+    // and local iteration). Run `claude plugin list` for an authoritative view
+    // of what the `claude` CLI has registered.
     console.log("");
     console.log("Plugin:");
     const assembled = fs.existsSync(PERSISTENT_DIR);
-    console.log(`  Plugin directory: ${assembled ? PERSISTENT_DIR : "(not installed — run: npx ory-claude install)"}`);
-    console.log(`  Skills: ${assembled && fs.existsSync(path.join(PERSISTENT_DIR, "skills")) ? "installed" : "not installed"}`);
+    console.log(`  Local --from-source dir: ${assembled ? PERSISTENT_DIR : "(none — production installs use the ory/claude-plugins marketplace; run 'claude plugin list' to see registered plugins)"}`);
+    if (assembled) {
+        console.log(`  Skills: ${fs.existsSync(path.join(PERSISTENT_DIR, "skills")) ? "installed" : "not installed"}`);
+    }
     console.log(`  Hook script: ${fs.existsSync(path.join(PACKAGE_ROOT, "dist", "hook.js")) ? "built" : "NOT BUILT (run pnpm build)"}`);
     (0, argus_1.printLogTail)();
 }
@@ -132,7 +138,7 @@ Commands:
   install [--global]   Install Ory plugin via claude CLI marketplace
   uninstall [--global] Remove Ory plugin and marketplace
   configure            Set or view Ory project URL and API key
-  permissions <cmd>    Manage permission mode and tool tuples (status, bootstrap, observe, enforce)
+  permissions <cmd>    Manage permission mode and tool permissions (status, bootstrap, observe, enforce)
   status               Show plugin status and configuration
   local <cmd>          Manage local Ory dev environment (up, down, status, seed, ...)
 

package/dist/cli/setup.d.ts

@@ -3,26 +3,35 @@
  * Setup CLI for the Ory Claude Code plugin.
  *
  * Uses the `claude` CLI to manage plugin installation via the marketplace:
- *   npx ory-claude-setup              # Install plugin (project scope)
- *   npx ory-claude-setup --global     # Install plugin (user scope)
- *   npx ory-claude-setup --uninstall  # Remove plugin
+ *   npx ory-claude-setup                  # Install plugin (project scope)
+ *   npx ory-claude-setup --global         # Install plugin (user scope)
+ *   npx ory-claude-setup --from-source    # Install from the local source tree (dev only)
+ *   npx ory-claude-setup --uninstall      # Remove plugin
  */
 /**
  * Install the Ory plugin via the `claude` CLI.
  *
- * 1. Assembles the plugin directory (manifest, skills, commands, hooks, MCP)
- * 2. Adds the Ory marketplace (pointing to that directory)
- * 3. Installs the plugin from that marketplace
+ * Two paths exist:
  *
- * Hooks, skills, commands, and the MCP server are picked up automatically
- * from the assembled directory by the Claude Code plugin system.
+ *   1. Default (production) — point the `claude` CLI at the public
+ *      `ory/claude-plugins` GitHub marketplace and install from there. The
+ *      release workflow keeps that repo's plugin subtree pinned to the latest
+ *      `@ory/claude-code` version, so the hook commands, skills, commands,
+ *      and MCP config all come from the published artifact. The install CLI
+ *      writes nothing to the persistent data dir on this path.
+ *
+ *   2. `--from-source` (dev only) — assemble the plugin directory from this
+ *      checkout's `.claude-plugin/`, register it as a local-file marketplace,
+ *      and install from there. The dev launcher uses this so changes in the
+ *      monorepo are exercised end-to-end without going through the release
+ *      mirror. End users should never need this flag.
  */
 export declare function install(args: string[]): void;
 /**
- * Uninstall the Ory plugin via the `claude` CLI.
+ * Uninstall the Ory plugin via the `claude` CLI. Mirrors `install`:
  *
- * 1. Uninstalls the plugin
- * 2. Removes the Ory marketplace
- * 3. Cleans up the assembled plugin directory
+ *   - Default: uninstall `ory-agent-plugin`, remove the production marketplace.
+ *   - `--from-source`: uninstall the locally-assembled plugin, remove its
+ *     marketplace entry, and clean up the assembled directory.
  */
 export declare function uninstall(args: string[]): void;

package/dist/cli/setup.js

@@ -4,9 +4,10 @@
  * Setup CLI for the Ory Claude Code plugin.
  *
  * Uses the `claude` CLI to manage plugin installation via the marketplace:
- *   npx ory-claude-setup              # Install plugin (project scope)
- *   npx ory-claude-setup --global     # Install plugin (user scope)
- *   npx ory-claude-setup --uninstall  # Remove plugin
+ *   npx ory-claude-setup                  # Install plugin (project scope)
+ *   npx ory-claude-setup --global         # Install plugin (user scope)
+ *   npx ory-claude-setup --from-source    # Install from the local source tree (dev only)
+ *   npx ory-claude-setup --uninstall      # Remove plugin
  */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
@@ -50,25 +51,35 @@ const path = __importStar(require("node:path"));
 const argus_1 = require("@ory/argus");
 const PACKAGE_ROOT = path.resolve(__dirname, "..", "..");
 /**
- * Resolve the marketplace and plugin names from the local `.claude-plugin/`
- * JSON files instead of hardcoding them.
+ * Production marketplace published by the release workflow as the read-only
+ * mirror of this monorepo's Claude Code plugin. The `name` field below is the
+ * short identifier declared by that repo's top-level
+ * `.claude-plugin/marketplace.json` — that's what the `claude` CLI registers
+ * the marketplace under, and what `claude plugin install <plugin>@<name>`
+ * dereferences. The plugin name matches the local `.claude-plugin/plugin.json`
+ * because the sync script preserves it.
  *
- * Source of truth for both the dev launcher and any local `ory-claude install`
- * run is `packages/claude-code/.claude-plugin/marketplace.json` (marketplace
- * name) and `.claude-plugin/plugin.json` (plugin name). The local marketplace
- * uses intentionally dev-flavored names — e.g. `ory-plugins-local-development`
- * and `ory-agent-plugin` — so a developer can see at a glance the install
- * came from this monorepo, not the production `ory/claude-plugins` repo the
- * release workflow syncs to.
+ * Keep these in sync with whatever the production marketplace declares — if
+ * the repo's marketplace.json `name` changes, update `PROD_MARKETPLACE_NAME`
+ * here too.
+ */
+const PROD_MARKETPLACE_REPO = "ory/claude-plugins";
+const PROD_MARKETPLACE_NAME = "ory";
+const PROD_PLUGIN_NAME = "ory-agent-plugin";
+/**
+ * For `--from-source` installs, resolve the marketplace and plugin names from
+ * the local `.claude-plugin/` JSON files instead of hardcoding them.
  *
- * The previous hardcoded `ory-plugins` / `ory-claude` constants caused
- * `claude plugin install ory-claude@ory-plugins` to fail with "Plugin
- * 'ory-claude' not found in marketplace 'ory-plugins'" because the
- * assembled local marketplace announces different names. Reading the
- * names from disk keeps the install CLI in lockstep with whatever the
- * marketplace files actually declare.
+ * Source of truth is `packages/claude-code/.claude-plugin/marketplace.json`
+ * (marketplace name) and `.claude-plugin/plugin.json` (plugin name). The local
+ * marketplace uses intentionally dev-flavored names — e.g.
+ * `ory-plugins-local-development` — so a developer can see at a glance the
+ * install came from this monorepo and not the production
+ * `ory/claude-plugins` repo. The default install path (no `--from-source`)
+ * bypasses these entirely and points the `claude` CLI at the production
+ * GitHub marketplace.
  */
-function readMarketplaceName() {
+function readLocalMarketplaceName() {
     const mfPath = path.join(PACKAGE_ROOT, ".claude-plugin", "marketplace.json");
     const data = JSON.parse(fs.readFileSync(mfPath, "utf-8"));
     if (!data.name) {
@@ -76,7 +87,7 @@ function readMarketplaceName() {
     }
     return data.name;
 }
-function readPluginName() {
+function readLocalPluginName() {
     const pjPath = path.join(PACKAGE_ROOT, ".claude-plugin", "plugin.json");
     const data = JSON.parse(fs.readFileSync(pjPath, "utf-8"));
     if (!data.name) {
@@ -89,18 +100,19 @@ const RENDER_OPTS = {
     packageName: "@ory/claude-code",
 };
 /**
- * Persistent install location used as the marketplace root. Lives under the
- * shared OS-agnostic data dir so all plugin state — config, DCR creds, harness
- * assets — sits in one place per platform. The plugin directory is assembled
- * here for both local and remote installs so the marketplace never points at
- * (or writes into) the package source tree.
+ * Persistent install location used as the marketplace root for `--from-source`
+ * installs. Lives under the shared OS-agnostic data dir so all plugin state —
+ * config, DCR creds, harness assets — sits in one place per platform. The
+ * production install path never touches this directory: the `claude` CLI
+ * fetches everything directly from the GitHub marketplace.
  */
 const PERSISTENT_DIR = (0, argus_1.getHarnessDataDir)("claude-code");
 /** Hook command that resolves the binary via the npm registry. */
 const HOOK_CMD_REMOTE = "npx -y -p @ory/claude-code ory-claude-hook";
 /**
  * Detect if we're running from a temporary npx/pnpm-dlx cache directory
- * rather than a proper local or global npm installation.
+ * rather than a proper local or global npm installation. Only consulted on
+ * the `--from-source` path to pick the right hook command.
  */
 function isRemoteContext() {
     const normalized = PACKAGE_ROOT.replace(/\\/g, "/");
@@ -112,7 +124,7 @@ function localHookCommand() {
 }
 /**
  * Assemble the Claude Code plugin directory in the persistent location and
- * return its path (used as the marketplace root).
+ * return its path (used as the marketplace root for `--from-source`).
  *
  * The plugin manifest (`.claude-plugin/`) and MCP config (`.mcp.json`) are
  * copied from the package; the skills, commands, and hooks are generated:
@@ -196,30 +208,100 @@ function checkClaudeCli() {
 /**
  * Install the Ory plugin via the `claude` CLI.
  *
- * 1. Assembles the plugin directory (manifest, skills, commands, hooks, MCP)
- * 2. Adds the Ory marketplace (pointing to that directory)
- * 3. Installs the plugin from that marketplace
+ * Two paths exist:
+ *
+ *   1. Default (production) — point the `claude` CLI at the public
+ *      `ory/claude-plugins` GitHub marketplace and install from there. The
+ *      release workflow keeps that repo's plugin subtree pinned to the latest
+ *      `@ory/claude-code` version, so the hook commands, skills, commands,
+ *      and MCP config all come from the published artifact. The install CLI
+ *      writes nothing to the persistent data dir on this path.
  *
- * Hooks, skills, commands, and the MCP server are picked up automatically
- * from the assembled directory by the Claude Code plugin system.
+ *   2. `--from-source` (dev only) — assemble the plugin directory from this
+ *      checkout's `.claude-plugin/`, register it as a local-file marketplace,
+ *      and install from there. The dev launcher uses this so changes in the
+ *      monorepo are exercised end-to-end without going through the release
+ *      mirror. End users should never need this flag.
  */
 function install(args) {
     const isGlobal = args.includes("--global");
+    const fromSource = args.includes("--from-source");
     const scope = claudeScope(isGlobal);
     if (!checkClaudeCli()) {
         console.error("Error: 'claude' CLI not found in PATH.");
         console.error("Install Claude Code first: https://docs.anthropic.com/en/docs/claude-code");
         process.exit(1);
     }
+    if (fromSource) {
+        installFromSource(scope);
+    }
+    else {
+        installFromProductionMarketplace(scope);
+    }
+    (0, argus_1.printNextSteps)("Claude Code", fromSource
+        ? "npx ory-claude uninstall --from-source"
+        : isRemoteContext()
+            ? "npx @ory/claude-code uninstall"
+            : "npx ory-claude uninstall");
+}
+/**
+ * Default production install path: register the `ory/claude-plugins` GitHub
+ * marketplace and install `ory-agent-plugin` from it. Nothing is assembled
+ * locally — the marketplace and the plugin tree both live in the GitHub repo,
+ * and the `claude` CLI fetches them on demand.
+ */
+function installFromProductionMarketplace(scope) {
+    console.log(`Registering Ory plugin marketplace from ${PROD_MARKETPLACE_REPO}...`);
+    const addResult = runClaude([
+        "plugin",
+        "marketplace",
+        "add",
+        PROD_MARKETPLACE_REPO,
+        "--scope",
+        scope,
+    ]);
+    if (!addResult.ok) {
+        if (addResult.output.toLowerCase().includes("already")) {
+            console.log("  Marketplace already registered, updating...");
+            runClaude(["plugin", "marketplace", "update", PROD_MARKETPLACE_NAME]);
+        }
+        else {
+            console.error(`Failed to add marketplace: ${addResult.output}`);
+            process.exit(1);
+        }
+    }
+    else {
+        console.log("  Marketplace added.");
+    }
+    console.log(`Installing ${PROD_PLUGIN_NAME}@${PROD_MARKETPLACE_NAME} plugin...`);
+    const installResult = runClaude([
+        "plugin",
+        "install",
+        `${PROD_PLUGIN_NAME}@${PROD_MARKETPLACE_NAME}`,
+        "--scope",
+        scope,
+    ]);
+    if (!installResult.ok) {
+        console.error(`Failed to install plugin: ${installResult.output}`);
+        process.exit(1);
+    }
+    console.log("  Plugin installed.");
+}
+/**
+ * Dev-only install path: assemble the plugin from this checkout and register
+ * it as a local-file marketplace. Used by the dev launcher (which publishes
+ * the monorepo packages to a local Verdaccio registry and then calls this CLI
+ * with `--from-source`) and by anyone hand-iterating on plugin code locally.
+ */
+function installFromSource(scope) {
     const remote = isRemoteContext();
     console.log("Assembling Ory plugin (skills, commands, hooks, MCP) at:");
     console.log(`  ${PERSISTENT_DIR}`);
     const pluginRoot = assemblePluginDir(remote ? HOOK_CMD_REMOTE : localHookCommand());
-    const marketplaceName = readMarketplaceName();
-    const pluginName = readPluginName();
+    const marketplaceName = readLocalMarketplaceName();
+    const pluginName = readLocalPluginName();
     console.log(`Source: ${pluginName}@${marketplaceName} (from ${pluginRoot})`);
-    // Step 1: Add the Ory marketplace
-    console.log("Adding Ory plugin marketplace...");
+    console.log("Adding local Ory plugin marketplace...");
     const addResult = runClaude([
         "plugin",
         "marketplace",
@@ -241,7 +323,6 @@ function install(args) {
     else {
         console.log("  Marketplace added.");
     }
-    // Step 2: Install the plugin from the marketplace
     console.log(`Installing ${pluginName} plugin...`);
     const installResult = runClaude([
         "plugin",
@@ -255,25 +336,26 @@ function install(args) {
         process.exit(1);
     }
     console.log("  Plugin installed.");
-    (0, argus_1.printNextSteps)("Claude Code", remote ? "npx @ory/claude-code uninstall" : "npx ory-claude uninstall");
 }
 /**
- * Uninstall the Ory plugin via the `claude` CLI.
+ * Uninstall the Ory plugin via the `claude` CLI. Mirrors `install`:
  *
- * 1. Uninstalls the plugin
- * 2. Removes the Ory marketplace
- * 3. Cleans up the assembled plugin directory
+ *   - Default: uninstall `ory-agent-plugin`, remove the production marketplace.
+ *   - `--from-source`: uninstall the locally-assembled plugin, remove its
+ *     marketplace entry, and clean up the assembled directory.
  */
 function uninstall(args) {
     const isGlobal = args.includes("--global");
+    const fromSource = args.includes("--from-source");
     const scope = claudeScope(isGlobal);
     if (!checkClaudeCli()) {
         console.error("Error: 'claude' CLI not found in PATH.");
         process.exit(1);
     }
-    const marketplaceName = readMarketplaceName();
-    const pluginName = readPluginName();
-    // Step 1: Uninstall the plugin
+    const pluginName = fromSource ? readLocalPluginName() : PROD_PLUGIN_NAME;
+    const marketplaceName = fromSource
+        ? readLocalMarketplaceName()
+        : PROD_MARKETPLACE_NAME;
     console.log(`Uninstalling ${pluginName} plugin...`);
     const uninstallResult = runClaude([
         "plugin",
@@ -288,7 +370,6 @@ function uninstall(args) {
     else {
         console.log("  Plugin uninstalled.");
     }
-    // Step 2: Remove the marketplace
     console.log("Removing Ory plugin marketplace...");
     const removeResult = runClaude([
         "plugin",
@@ -302,8 +383,9 @@ function uninstall(args) {
     else {
         console.log("  Marketplace removed.");
     }
-    // Step 3: Clean up the assembled plugin directory.
-    cleanPersistentDir();
+    if (fromSource) {
+        cleanPersistentDir();
+    }
 }
 // --- Standalone binary entry point (ory-claude-setup) ---
 if (require.main === module) {
@@ -315,13 +397,14 @@ Usage:
   npx ory-claude-setup [options]
 
 Options:
-  --global     Install to user scope (default: project scope)
-  --uninstall  Remove the Ory plugin and marketplace
-  -h, --help   Show this help
+  --global       Install to user scope (default: project scope)
+  --from-source  Install from this checkout's local marketplace (dev only)
+  --uninstall    Remove the Ory plugin and marketplace
+  -h, --help     Show this help
 
-Uses the 'claude' CLI to manage plugins via the marketplace system.
-The plugin's skills, commands, hooks, and MCP server are configured
-automatically.
+By default, points the 'claude' CLI at the public ory/claude-plugins
+marketplace and installs ory-agent-plugin from it. Pass --from-source to
+install from the local monorepo checkout instead (used by the dev launcher).
 `);
         process.exit(0);
     }

package/dist/handlers.js

@@ -198,23 +198,27 @@ async function handlePreToolUse(input, client, deps = {}) {
                 object: mcpTool.serverName,
                 relation: "use",
                 subjectId,
+                ...("subjectSet" in subject ? { subjectSet: subject.subjectSet } : {}),
                 spanAttributes: mcpAttrs,
             });
+            const decisionAttrs = decision.spanAttributes;
             if (decision.kind === "allow") {
-                client.tracer.record("tool.invoke", "ok", { attributes: mcpAttrs });
+                client.tracer.record("tool.invoke", "ok", {
+                    attributes: { ...mcpAttrs, ...decisionAttrs },
+                });
                 return {};
             }
             if (decision.kind === "observe") {
                 client.tracer.record("tool.block", "denied", {
-                    attributes: { ...mcpAttrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
+                    attributes: { ...mcpAttrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
                 });
                 client.tracer.record("tool.invoke", "ok", {
-                    attributes: { ...mcpAttrs, allowed: false, observed: true },
+                    attributes: { ...mcpAttrs, ...decisionAttrs, allowed: false, observed: true },
                 });
                 return {};
             }
             client.tracer.record("tool.block", "denied", {
-                attributes: { ...mcpAttrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
+                attributes: { ...mcpAttrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
             });
             return {
                 decision: "block",
@@ -227,21 +231,24 @@ async function handlePreToolUse(input, client, deps = {}) {
             return handlePermissionError(decision.error, toolName, client);
         }
         const attrs = { toolName, ...inputSummary };
+        const decisionAttrs = decision.spanAttributes;
         if (decision.kind === "allow") {
-            client.tracer.record("tool.invoke", "ok", { attributes: { ...attrs, allowed: true } });
+            client.tracer.record("tool.invoke", "ok", {
+                attributes: { ...attrs, ...decisionAttrs, allowed: true },
+            });
             return {};
         }
         if (decision.kind === "observe") {
             client.tracer.record("tool.block", "denied", {
-                attributes: { ...attrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
+                attributes: { ...attrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
             });
             client.tracer.record("tool.invoke", "ok", {
-                attributes: { ...attrs, allowed: false, observed: true },
+                attributes: { ...attrs, ...decisionAttrs, allowed: false, observed: true },
             });
             return {};
         }
         client.tracer.record("tool.block", "denied", {
-            attributes: { ...attrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
+            attributes: { ...attrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
         });
         return {
             decision: "block",
@@ -383,6 +390,7 @@ async function handlePermissionRequest(input, client) {
                 object: mcpTool.serverName,
                 relation: "use",
                 subjectId,
+                ...("subjectSet" in subject ? { subjectSet: subject.subjectSet } : {}),
                 spanAttributes: { toolName, mcpServer: mcpTool.serverName, mcpTool: mcpTool.toolName },
             });
             if (decision.kind === "deny") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ory/claude-code",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Ory plugin for Claude Code: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call",
   "license": "Apache-2.0",
   "homepage": "https://ory.com",
@@ -72,7 +72,7 @@
     "!dist/**/*.tsbuildinfo"
   ],
   "dependencies": {
-    "@ory/argus": "0.2.0"
+    "@ory/argus": "0.3.0"
   },
   "engines": {
     "node": ">=24"