auriga-cli 1.10.3 → 1.11.1

package/README.md

@@ -11,9 +11,9 @@ This repo itself is a fully configured harness project. You can clone it to see
 | Module | Description |
 |---|---|
 | **Workflow** | `CLAUDE.md` auriga workflow: requirement clarification -> TDD -> Review, Harness principles, Subagent usage guide |
-| **Skills** | Development process + orchestration skills — brainstorming, systematic-debugging, TDD, verification, planning, playwright, deep-review, test-designer, parallel-implementation |
+| **Skills** | Development process + orchestration skills — brainstorming, systematic-debugging, TDD, verification, planning, playwright, test-designer, parallel-implementation |
 | **Recommended Skills** | Optional utility skills (e.g. `codex-agent`, `claude-code-agent`) you can add on top of the workflow skills |
-| **Plugins** | Recommended Claude Code and Codex plugins — skill-creator, claude-md-management, codex, auriga-go, auriga-pr-guards, session-instructions-loader |
+| **Plugins** | Recommended Claude Code and Codex plugins — skill-creator, claude-md-management, codex, auriga-go, auriga-pr-guards, session-instructions-loader, deep-review |
 | **Hooks** | Claude Code hooks: `notify` (macOS notification, focus-aware sound-only when terminal is frontmost — **opt-in**: not installed by `install --all`, requires `install hooks --hook notify`) |
 
 ## Quick Start
@@ -90,7 +90,6 @@ Installs selected skills via `npx skills add`, targeting both Claude Code and Co
 | verification-before-completion | [obra/superpowers](https://github.com/obra/superpowers) | Pre-completion verification — evidence before assertions |
 | planning-with-files | [OthmanAdi/planning-with-files](https://github.com/OthmanAdi/planning-with-files) | File-based task planning and progress tracking |
 | playwright-cli | [microsoft/playwright-cli](https://github.com/microsoft/playwright-cli) | Browser automation and testing |
-| deep-review | [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) | Multi-dimensional PR review orchestrator (required + conditional reviewers + punch list) |
 | test-designer | [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) | Independent-Evaluation test designer for TDD red phase |
 | parallel-implementation | [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) | Slice planner for parallel multi-subagent code writing |
 
@@ -126,6 +125,7 @@ npx -y auriga-cli install plugins --agent both --plugin auriga-pr-guards
 | auriga-go | Claude Code / Codex | Workflow autopilot for the auriga workflow. Reminder-based navigation across the `CLAUDE.md` phases with an Experimental hook-backed `ship` mode. Bundles a skill (description-based NL trigger + `/auriga-go`) plus a plugin-level Stop hook for ship mode. |
 | auriga-pr-guards | Claude Code / Codex | Two PR-workflow guardrails packaged as a dual-Agent plugin: `pr-create-guard` (PostToolUse for `gh pr create` → fetch the new PR's body via `gh pr view` and inject headings + TODO counts as `additionalContext` so the Agent can self-verify scope / acceptance / risks / TODO) and `pr-ready-guard` (PreToolUse for `gh pr ready` → block on stray planning docs at `findings.md` / `progress.md` / `task_plan.md` / `docs/superpowers/specs/*.md`, unfinalized active specs in `docs/specs/*.md`, or unpushed commits; otherwise inject the body snapshot). Codex currently fails open on the `additionalContext` field for PreToolUse but enforces blocks identically. |
 | session-instructions-loader | Codex | Codex-only SessionStart plugin that injects ancestor `AGENTS.md` files plus repo-configured extra instruction files. |
+| deep-review | Claude Code / Codex | Multi-dimensional PR review orchestrator from [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) — dispatches parallel reviewers (spec-conformance, correctness, test-quality, docs-sync, plus conditional robustness/UX/performance/structure/code-quality/skill-plugin-quality) and synthesizes findings into an actionable punch list. Bundles a companion `reviewer-creator` skill for scaffolding project-level custom reviewers under `docs/rules/review/`. Drives the formal-review step in `CLAUDE.md` step 10. |
 
 ### Hooks
 

package/README.zh-CN.md

@@ -11,9 +11,9 @@
 | 模块 | 说明 |
 |---|---|
 | **Workflow** | `CLAUDE.md` 里的 auriga 工作流：需求澄清 → TDD → Review，Harness 原则，Subagent 使用指南 |
-| **Skills** | 开发流程 + 编排类 skills —— brainstorming、systematic-debugging、TDD、verification、planning、playwright、deep-review、test-designer、parallel-implementation |
+| **Skills** | 开发流程 + 编排类 skills —— brainstorming、systematic-debugging、TDD、verification、planning、playwright、test-designer、parallel-implementation |
 | **Recommended Skills** | 可选的工具类 skills（如 `codex-agent`、`claude-code-agent`），在 workflow skills 之外按需追加 |
-| **Plugins** | 推荐的 Claude Code 和 Codex 插件 —— skill-creator、claude-md-management、codex、auriga-go、auriga-pr-guards、session-instructions-loader |
+| **Plugins** | 推荐的 Claude Code 和 Codex 插件 —— skill-creator、claude-md-management、codex、auriga-go、auriga-pr-guards、session-instructions-loader、deep-review |
 | **Hooks** | Claude Code hooks：`notify`（macOS 通知，终端在焦点时仅放声不弹横幅 —— **opt-in**：`install --all` 不装，需要 `install hooks --hook notify`） |
 
 ## 快速开始
@@ -90,7 +90,6 @@ npx auriga-cli
 | verification-before-completion | [obra/superpowers](https://github.com/obra/superpowers) | 完成前验证，用证据说话 |
 | planning-with-files | [OthmanAdi/planning-with-files](https://github.com/OthmanAdi/planning-with-files) | 文件化任务计划与进度跟踪 |
 | playwright-cli | [microsoft/playwright-cli](https://github.com/microsoft/playwright-cli) | 浏览器自动化与测试 |
-| deep-review | [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) | 多维度 PR review 编排器（必选 + 条件 + punch list 汇总） |
 | test-designer | [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) | TDD 红灯阶段的 Independent Evaluation 测试设计器 |
 | parallel-implementation | [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) | 多 subagent 并行写代码时的切片计划器 |
 
@@ -126,6 +125,7 @@ npx -y auriga-cli install plugins --agent both --plugin auriga-pr-guards
 | auriga-go | Claude Code / Codex | auriga 工作流的自动驾驶：按 `CLAUDE.md` 的 phase 做 reminder-based 导航；包含 Experimental 的 hook-backed `ship` 模式。内置一个 skill（按 description 的自然语言触发 + `/auriga-go` slash command）和一个 plugin 层面的 Stop hook。 |
 | auriga-pr-guards | Claude Code / Codex | 两个 PR-workflow guardrail：`pr-create-guard`（`gh pr create` 的 PostToolUse —— 通过 `gh pr view` 拉真实 PR body，扫 `^##` / `^###` headings 并统计 `- [ ]` / `- [x]` 注入 `additionalContext`，让 Agent 对照范围 / 验收 / 风险 / 剩余 TODO 四要素）+ `pr-ready-guard`（`gh pr ready` 的 PreToolUse —— 仅按结构信号拦截：游离 `findings.md` / `progress.md` / `task_plan.md` / `docs/superpowers/specs/*.md`、`docs/specs/*.md` 内未结案的活跃 spec、未 push commits；放行时注入 body 快照）。Codex 当前对 PreToolUse 的 `additionalContext` 字段 fail-open（解析但不生效），block 路径两边一致。 |
 | session-instructions-loader | Codex | Codex-only SessionStart 插件，注入上层目录的 `AGENTS.md` 和仓库配置的额外 instruction 文件。 |
+| deep-review | Claude Code / Codex | 来自 [Ben2pc/g-claude-code-plugins](https://github.com/Ben2pc/g-claude-code-plugins) 的多维度 PR review 编排器 —— 并行派发各维度 reviewer（spec-conformance、correctness、test-quality、docs-sync，以及条件触发的 robustness/UX/performance/structure/code-quality/skill-plugin-quality），汇总成 punch list。同包内打包了 `reviewer-creator` skill，用于在 `docs/rules/review/` 下生成项目级自定义 reviewer。承担 `CLAUDE.md` 第 10 步的正式评审职责。 |
 
 ### Hooks
 

package/dist/catalog.json

@@ -1,14 +1,10 @@
 {
-  "generatedAt": "2026-05-09T13:57:14.259Z",
+  "generatedAt": "2026-05-10T08:17:52.704Z",
   "workflowSkills": [
     {
       "name": "brainstorming",
       "description": "You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation."
     },
-    {
-      "name": "deep-review",
-      "description": "Run a formal, multi-dimensional code review of a pull request. Reads the PR diff, classifies change types, dispatches parallel reviewers by dimension (spec-conformance, correctness incl. test quality, docs-sync, plus conditional robustness/UX/performance/structure and code-quality for non-trivial changes), and synthesizes findings into an actionable punch list. Use when the user asks to review a PR, run /deep-review, mark a PR as ready for review, or requests a formal/thorough code review."
-    },
     {
       "name": "parallel-implementation",
       "description": "Plan how to slice a non-trivial coding task across parallel subagents. Returns a dispatch plan (file assignments, dependencies, output-format contracts) — the main Agent then executes it with the Agent tool + `isolation: \"worktree\"`. Invoke only when work justifies multi-agent overhead: (a) greenfield 0→1 across multiple independent modules, (b) change touches ≥3 modules, or (c) ≥5 files each with >50 lines of diff. Small changes write inline."
@@ -81,6 +77,10 @@
       "name": "auriga-pr-guards",
       "description": "(Claude/Codex) PR-create snapshot inject + PR-ready structural block guardrails (Claude Code + Codex)"
     },
+    {
+      "name": "deep-review",
+      "description": "(Claude/Codex) Multi-dimensional PR review orchestrator. Dispatches parallel reviewers (spec-conformance, correctness, test-quality, docs-sync, robustness, security, ux, performance, structure, code-quality, skill-plugin-quality) and synthesizes findings into an actionable punch list. Supports project-level custom reviewers via docs/rules/review/ and ships a reviewer-creator skill for scaffolding them."
+    },
     {
       "name": "session-instructions-loader",
       "description": "(Codex) Injects extra instruction files on session start"

package/dist/codex-plugin-config.d.ts

@@ -1,3 +1,4 @@
+import { type MarketplaceRef } from "./marketplace.js";
 export interface CodexMarketplacePlugin {
     name: string;
     source?: {
@@ -13,6 +14,7 @@ export interface CodexInstallPlugin {
     name: string;
     description?: string;
     defaultOn?: boolean;
+    marketplace?: MarketplaceRef;
 }
 export interface CodexInstallConfig {
     plugins: CodexInstallPlugin[];

package/dist/codex-plugin-config.js

@@ -1,6 +1,6 @@
 import path from "node:path";
+import { MARKETPLACE_NAME_RE, validateMarketplaceField, } from "./marketplace.js";
 const PLUGIN_NAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
-const MARKETPLACE_NAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 export function validateCodexMarketplace(raw) {
     if (!raw || typeof raw !== "object") {
         throw new Error("Codex marketplace.json: root must be an object");
@@ -44,6 +44,9 @@ export function validateCodexInstallConfig(raw) {
         if (p.defaultOn !== undefined && typeof p.defaultOn !== "boolean") {
             throw new Error(`Codex install.json: plugins[${i}].defaultOn must be a boolean`);
         }
+        if (p.marketplace !== undefined) {
+            validateMarketplaceField(`Codex install.json: plugins[${i}]`, p.marketplace);
+        }
     }
 }
 export function codexLocalPluginPath(plugin) {

package/dist/guide.js

@@ -71,11 +71,10 @@ Targeted — single category, picking from the catalog surfaced in Step 2:
   ${cmd("npx -y auriga-cli install skills --skill brainstorming test-driven-development")}
   ${cmd("npx -y auriga-cli install plugins --plugin skill-creator codex --scope user")}
   ${cmd("npx -y auriga-cli install plugins --agent codex --plugin session-instructions-loader")}
-  ${cmd("npx -y auriga-cli install hooks --hook pr-ready-guard")}
 
-Opt-in hooks: some hooks (e.g. \`notify\`) are NOT in the default set
-because they have side effects (OS notifications, platform-gated deps).
-Name them explicitly to install:
+Opt-in hooks (\`defaultOn: false\`) are NOT in the default \`install --all\`
+set because they have side effects (OS notifications, platform-gated
+deps). Inspect \`install hooks --help\` for the catalog and install by name:
   ${cmd("npx -y auriga-cli install hooks --hook notify")}
 
 Opt-in recommended skills (cross-model delegation helpers —

package/dist/marketplace.d.ts

@@ -0,0 +1,7 @@
+export declare const MARKETPLACE_NAME_RE: RegExp;
+export declare const MARKETPLACE_SOURCE_RE: RegExp;
+export interface MarketplaceRef {
+    name: string;
+    source: string;
+}
+export declare function validateMarketplaceField(label: string, raw: unknown): asserts raw is MarketplaceRef;

package/dist/marketplace.js

@@ -0,0 +1,34 @@
+// Shared shape + validators for cross-Agent marketplace references.
+// Used by:
+//   - PluginDef.marketplace in src/utils.ts (Claude side, .claude/plugins.json)
+//   - CodexInstallPlugin.marketplace in src/codex-plugin-config.ts
+//     (Codex side, .agents/plugins/install.json)
+//
+// Both sides interpolate `<source>` into shell commands like
+// `codex plugin marketplace add https://github.com/<source>.git` and
+// `<plugin>@<name>` into TOML keys, so these regexes are the only thing
+// standing between a compromised metadata source and arbitrary command
+// execution. Tighten with care — a regression here is a shell-injection
+// vector. Both metadata files are fetched from raw GitHub at runtime.
+export const MARKETPLACE_NAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
+// GitHub `owner/repo` shape: exactly one `/`, both segments kebab-case-ish
+// without leading punctuation. Tighter than the prior PLUGIN_SOURCE_RE
+// which permitted multi-slash / `..` / trailing `.git` patterns and would
+// compose into confusing git-layer errors like `https://github.com/a/../b.git`.
+export const MARKETPLACE_SOURCE_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}\/[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
+// Centralizes the marketplace field shape check so the Claude-side
+// validatePluginsConfig and the Codex-side validateCodexInstallConfig
+// stay in lockstep. `label` is interpolated into the thrown Error so
+// the caller's file context (e.g. `plugins.json: plugins[3]`) survives.
+export function validateMarketplaceField(label, raw) {
+    if (!raw || typeof raw !== "object") {
+        throw new Error(`${label}.marketplace must be an object`);
+    }
+    const mp = raw;
+    if (typeof mp.name !== "string" || !MARKETPLACE_NAME_RE.test(mp.name)) {
+        throw new Error(`${label}.marketplace.name ${JSON.stringify(mp.name)} does not match ${MARKETPLACE_NAME_RE}`);
+    }
+    if (typeof mp.source !== "string" || !MARKETPLACE_SOURCE_RE.test(mp.source)) {
+        throw new Error(`${label}.marketplace.source ${JSON.stringify(mp.source)} does not match ${MARKETPLACE_SOURCE_RE}`);
+    }
+}

package/dist/plugins.js

@@ -4,16 +4,16 @@ import path from "node:path";
 import { checkbox, select } from "@inquirer/prompts";
 import { parse as parseToml, stringify as stringifyToml } from "smol-toml";
 import { codexManifestPath, validateCodexInstallConfig, validateCodexMarketplace, } from "./codex-plugin-config.js";
+import { validateMarketplaceField } from "./marketplace.js";
 import { atomicWriteFile, exec, fetchExtraContent, log, withEsc } from "./utils.js";
-// Plugin names, marketplace names/sources, and plugin-package names all
-// end up in `claude plugins ...` shell commands via string interpolation.
-// .claude/plugins.json is fetched from raw GitHub at runtime, so every
-// value must pass a conservative whitelist before composing the command.
-// Without this a compromised plugins.json would execute arbitrary
-// commands via shell metachar injection.
+// Plugin names and plugin-package names end up in `claude plugins ...`
+// shell commands via string interpolation. .claude/plugins.json is
+// fetched from raw GitHub at runtime, so every value must pass a
+// conservative whitelist before composing the command. Without this a
+// compromised plugins.json would execute arbitrary commands via shell
+// metachar injection. Marketplace shape (name + source) lives in
+// `./marketplace.js` so Claude and Codex sides share one validator.
 const PLUGIN_NAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
-const PLUGIN_SOURCE_RE = /^[A-Za-z0-9][A-Za-z0-9._/-]{0,255}$/;
-const MARKETPLACE_NAME_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 const PLUGIN_PACKAGE_RE = /^[A-Za-z0-9][A-Za-z0-9._@/-]{0,255}$/;
 export function validatePluginsConfig(raw) {
     if (!raw || typeof raw !== "object") {
@@ -35,16 +35,7 @@ export function validatePluginsConfig(raw) {
             throw new Error(`plugins.json: plugins[${i}].package ${JSON.stringify(plugin.package)} does not match ${PLUGIN_PACKAGE_RE}`);
         }
         if (plugin.marketplace !== undefined) {
-            if (!plugin.marketplace || typeof plugin.marketplace !== "object") {
-                throw new Error(`plugins.json: plugins[${i}].marketplace must be an object`);
-            }
-            const mp = plugin.marketplace;
-            if (typeof mp.name !== "string" || !MARKETPLACE_NAME_RE.test(mp.name)) {
-                throw new Error(`plugins.json: plugins[${i}].marketplace.name ${JSON.stringify(mp.name)} does not match ${MARKETPLACE_NAME_RE}`);
-            }
-            if (typeof mp.source !== "string" || !PLUGIN_SOURCE_RE.test(mp.source)) {
-                throw new Error(`plugins.json: plugins[${i}].marketplace.source ${JSON.stringify(mp.source)} does not match ${PLUGIN_SOURCE_RE}`);
-            }
+            validateMarketplaceField(`plugins.json: plugins[${i}]`, plugin.marketplace);
         }
     });
 }
@@ -136,6 +127,13 @@ function codexMarketplaceAddCommand(packageRoot) {
     }
     return "codex plugin marketplace add https://github.com/Ben2pc/auriga-cli.git";
 }
+function codexExternalMarketplaceAddCommand(source) {
+    // `source` is validated by validateCodexInstallConfig against
+    // MARKETPLACE_SOURCE_RE (alphanumerics + `._/-`) — no shell metachars
+    // can reach this string. URL form deliberately mirrors
+    // codexMarketplaceAddCommand's hardcoded production branch.
+    return `codex plugin marketplace add https://github.com/${source}.git`;
+}
 function codexMarketplaceUpgradeCommand(marketplaceName) {
     return `codex plugin marketplace upgrade ${shellQuote(marketplaceName)}`;
 }
@@ -273,15 +271,66 @@ function enableCodexPluginConfig(configPath, pluginKeys, needsPluginHooks) {
     const content = minimalContent ?? buildCodexPluginConfigToml(originalContent, configPath, pluginKeys, needsPluginHooks);
     atomicWriteFile(configPath, content.endsWith("\n") ? content : `${content}\n`);
 }
-async function installCodexPlugins(packageRoot, opts) {
-    const marketplace = loadCodexMarketplace(packageRoot);
-    if (!marketplace) {
-        const msg = "No .agents/plugins/marketplace.json found";
-        if (!opts.interactive)
-            throw new Error(msg);
-        log.warn(msg);
+async function addCodexMarketplaceWithRetry(marketplaceName, addCommand, opts, marketplaceExecOpts, failures) {
+    try {
+        exec(addCommand, marketplaceExecOpts);
+        log.ok(`Codex marketplace ${marketplaceName} added`);
         return;
     }
+    catch (e) {
+        if (opts.interactive || isCodexMarketplaceAlreadyAdded(e, marketplaceName)) {
+            try {
+                exec(codexMarketplaceUpgradeCommand(marketplaceName), marketplaceExecOpts);
+                log.ok(`Codex marketplace ${marketplaceName} upgraded`);
+                return;
+            }
+            catch (upgradeErr) {
+                // Surface the underlying upgrade error so a 6-month-out reader
+                // can tell apart ENOENT / network / auth / git failures.
+                log.error(`Failed to upgrade Codex marketplace: ${marketplaceName}\n${commandErrorText(upgradeErr)}`);
+                failures.push(`codex marketplace ${marketplaceName}`);
+                return;
+            }
+        }
+        // Same: surface the add error rather than masking ENOENT / network / auth.
+        log.error(`Failed to add Codex marketplace: ${marketplaceName}\n${commandErrorText(e)}`);
+        failures.push(`codex marketplace ${marketplaceName}`);
+    }
+}
+// Builds the `<name>@<marketplace>` config keys + decides whether
+// features.plugin_hooks needs to flip on. Local plugins resolve through
+// this repo's marketplace.json and require a manifest fetch + hooks
+// inspection; external plugins emit a key directly from install.json
+// (Codex CLI fetches the upstream manifest itself). External plugins do
+// NOT flip plugin_hooks today — we don't have access to the upstream
+// manifest at install time. Acceptable while no external plugin ships
+// hooks; once one does, prefer fetching the manifest or adding an
+// explicit `requiresPluginHooks: true` field on the install.json entry.
+async function composeCodexPluginKeys(packageRoot, localMarketplace, localSelected, externalSelected) {
+    const pluginKeys = [];
+    let needsPluginHooks = false;
+    if (localMarketplace) {
+        const localMpByName = new Map(localMarketplace.plugins.map((p) => [p.name, p]));
+        const selectedMarketplacePlugins = localSelected.map((p) => {
+            const plugin = localMpByName.get(p.name);
+            if (!plugin) {
+                throw new Error(`Codex install.json: plugin ${p.name} is not present in marketplace.json`);
+            }
+            return plugin;
+        });
+        await ensureCodexPluginManifests(packageRoot, selectedMarketplacePlugins);
+        for (const plugin of selectedMarketplacePlugins) {
+            pluginKeys.push(`${plugin.name}@${localMarketplace.name}`);
+            if (pluginHasHooks(packageRoot, plugin))
+                needsPluginHooks = true;
+        }
+    }
+    for (const p of externalSelected) {
+        pluginKeys.push(`${p.name}@${p.marketplace.name}`);
+    }
+    return { pluginKeys, needsPluginHooks };
+}
+async function installCodexPlugins(packageRoot, opts) {
     const installConfig = loadCodexInstallConfig(packageRoot);
     if (!installConfig) {
         const msg = "No .agents/plugins/install.json found";
@@ -290,7 +339,6 @@ async function installCodexPlugins(packageRoot, opts) {
         log.warn(msg);
         return;
     }
-    const marketplaceByName = new Map(marketplace.plugins.map((p) => [p.name, p]));
     const selected = opts.interactive
         ? await withEsc(checkbox({
             message: "Select Codex plugins to install:",
@@ -305,41 +353,53 @@ async function installCodexPlugins(packageRoot, opts) {
         log.skip("No Codex plugins selected");
         return;
     }
-    const failures = [];
-    const marketplaceExecOpts = opts.interactive ? { inherit: true } : undefined;
-    try {
-        exec(codexMarketplaceAddCommand(packageRoot), marketplaceExecOpts);
-        log.ok(`Codex marketplace ${marketplace.name} added`);
-    }
-    catch (e) {
-        if (opts.interactive || isCodexMarketplaceAlreadyAdded(e, marketplace.name)) {
-            try {
-                exec(codexMarketplaceUpgradeCommand(marketplace.name), marketplaceExecOpts);
-                log.ok(`Codex marketplace ${marketplace.name} upgraded`);
-            }
-            catch {
-                log.error(`Failed to upgrade Codex marketplace: ${marketplace.name}`);
-                failures.push(`codex marketplace ${marketplace.name}`);
+    // Local plugins are described by this repo's .agents/plugins/marketplace.json
+    // and need a manifest fetch + hooks-detection. External plugins point to a
+    // different GitHub-hosted Codex marketplace and are resolved by Codex CLI
+    // itself when the marketplace is added — we only need to register the
+    // marketplace and emit the right `<name>@<marketplace>` plugin key.
+    let localSelected = selected.filter((p) => p.marketplace === undefined);
+    const externalSelected = selected.filter((p) => p.marketplace !== undefined);
+    let localMarketplace = null;
+    if (localSelected.length > 0) {
+        localMarketplace = loadCodexMarketplace(packageRoot);
+        if (!localMarketplace) {
+            const msg = "No .agents/plugins/marketplace.json found";
+            // External-only fallback: when the user also selected external
+            // plugins (which don't depend on local marketplace.json), drop the
+            // local set and proceed instead of bailing out — partial install is
+            // strictly better than zero install. Throw / log-and-skip the
+            // local-only case as before.
+            if (externalSelected.length === 0) {
+                if (!opts.interactive)
+                    throw new Error(msg);
+                log.warn(msg);
+                return;
             }
+            log.warn(`${msg} — skipping ${localSelected.length} local plugin(s) but continuing with externals`);
+            localSelected = [];
         }
-        else {
-            log.error(`Failed to add Codex marketplace: ${marketplace.name}`);
-            failures.push(`codex marketplace ${marketplace.name}`);
-        }
+    }
+    const failures = [];
+    const marketplaceExecOpts = opts.interactive
+        ? { inherit: true }
+        : undefined;
+    if (localMarketplace) {
+        await addCodexMarketplaceWithRetry(localMarketplace.name, codexMarketplaceAddCommand(packageRoot), opts, marketplaceExecOpts, failures);
+    }
+    // Dedupe external marketplaces by name — multiple plugins from the same
+    // upstream share a single `marketplace add` call.
+    const uniqueExternalMarketplaces = new Map();
+    for (const p of externalSelected) {
+        uniqueExternalMarketplaces.set(p.marketplace.name, p.marketplace);
+    }
+    for (const mp of uniqueExternalMarketplaces.values()) {
+        await addCodexMarketplaceWithRetry(mp.name, codexExternalMarketplaceAddCommand(mp.source), opts, marketplaceExecOpts, failures);
     }
     if (failures.length === 0) {
-        const selectedMarketplacePlugins = selected.map((p) => {
-            const plugin = marketplaceByName.get(p.name);
-            if (!plugin) {
-                throw new Error(`Codex install.json: plugin ${p.name} is not present in marketplace.json`);
-            }
-            return plugin;
-        });
-        await ensureCodexPluginManifests(packageRoot, selectedMarketplacePlugins);
-        const pluginKeys = selectedMarketplacePlugins.map((p) => `${p.name}@${marketplace.name}`);
-        const needsPluginHooks = selectedMarketplacePlugins.some((p) => pluginHasHooks(packageRoot, p));
+        const { pluginKeys, needsPluginHooks } = await composeCodexPluginKeys(packageRoot, localMarketplace, localSelected, externalSelected);
         enableCodexPluginConfig(path.join(codexHome(), "config.toml"), pluginKeys, needsPluginHooks);
-        for (const plugin of selected) {
+        for (const plugin of [...localSelected, ...externalSelected]) {
             log.ok(`${plugin.name} enabled for Codex`);
         }
     }

package/dist/skills.js

@@ -7,7 +7,6 @@ import { exec, log, withEsc } from "./utils.js";
 // installRecommendedSkills as an opt-in utility.
 export const WORKFLOW_SKILLS = [
     "brainstorming",
-    "deep-review",
     "parallel-implementation",
     "planning-with-files",
     "playwright-cli",

package/dist/utils.d.ts

@@ -1,3 +1,4 @@
+import type { MarketplaceRef } from "./marketplace.js";
 export interface SkillEntry {
     source: string;
     sourceType: string;
@@ -11,10 +12,7 @@ export interface PluginDef {
     name: string;
     package: string;
     description: string;
-    marketplace?: {
-        name: string;
-        source: string;
-    };
+    marketplace?: MarketplaceRef;
 }
 export interface PluginsConfig {
     plugins: PluginDef[];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auriga-cli",
-  "version": "1.10.3",
+  "version": "1.11.1",
   "description": "Interactive CLI to install Claude Code harness modules (Workflow, Skills, Recommended Skills, Plugins, Hooks)",
   "license": "MIT",
   "repository": {