auriga-cli 1.15.2 → 1.17.0

package/dist/cli.js

@@ -102,6 +102,16 @@ export function parseArgs(argv) {
         }
         return { command: "guide" };
     }
+    if (head === "web-ui") {
+        try {
+            return { command: "web-ui", ui: parseUi(argv.slice(1)) };
+        }
+        catch (e) {
+            if (e instanceof PerTypeHelpRequest)
+                return { command: "help" };
+            throw e;
+        }
+    }
     if (head !== "install") {
         parseErr(`unknown argument '${head}'. Run 'npx auriga-cli --help' for usage.`);
     }
@@ -115,6 +125,43 @@ export function parseArgs(argv) {
         throw e;
     }
 }
+function parseUi(argv) {
+    const out = {};
+    let i = 0;
+    while (i < argv.length) {
+        const t = argv[i];
+        if (t === "--help" || t === "-h") {
+            // ui --help routes to the top-level help — keeps the parser narrow
+            // and avoids a per-command help renderer for one subcommand.
+            throw new PerTypeHelpRequest(undefined);
+        }
+        if (t === "--port" || t.startsWith("--port=")) {
+            const [v, adv] = readSingleValue(argv, i, "--port");
+            const n = Number.parseInt(v, 10);
+            // 0 is a deliberate "OS-assigned ephemeral port" affordance used by
+            // hermetic e2e tests (spec §8.1). Real users pass a normal port.
+            if (!Number.isFinite(n) || n < 0 || n > 65535) {
+                parseErr(`--port must be a port number in [0, 65535], got '${v}'`);
+            }
+            out.port = n;
+            i += adv;
+            continue;
+        }
+        if (t === "--ui-dir" || t.startsWith("--ui-dir=")) {
+            const [v, adv] = readSingleValue(argv, i, "--ui-dir");
+            out.uiDir = v;
+            i += adv;
+            continue;
+        }
+        if (t === "--no-open") {
+            out.noOpen = true;
+            i += 1;
+            continue;
+        }
+        parseErr(`unknown argument '${t}' for 'web-ui'. Run 'npx auriga-cli --help' for usage.`);
+    }
+    return out;
+}
 function parseInstall(argv) {
     const out = { all: false };
     let filterFlag = null;
@@ -326,6 +373,9 @@ export async function main(argv) {
         process.stdout.write(renderGuide({ color, version }));
         return 0;
     }
+    if (parsed.command === "web-ui") {
+        return runUi(parsed.ui, version);
+    }
     // install — catalog is required for filter validation and for the TTY
     // menu's category descriptions; fail-fast at entry rather than produce
     // a cryptic error mid-dispatch (spec §7 / §11 acceptance).
@@ -508,6 +558,176 @@ async function dispatchInstaller(category, packageRoot, opts) {
     }
 }
 // ---------------------------------------------------------------------------
+// `web-ui` subcommand — boots the local Web UI server (spec §4)
+// ---------------------------------------------------------------------------
+const UI_DEFAULT_PORT = 4747;
+const UI_PORT_RANGE = 10; // 4747..4756
+const UI_HEARTBEAT_TIMEOUT_MS = 15_000;
+async function runUi(p, version) {
+    // Lazy-load the server-side deps so the install / guide paths stay light.
+    const { randomBytes } = await import("node:crypto");
+    const { startServer } = await import("./server.js");
+    const { buildDefaultApplyHandlers } = await import("./apply-handlers.js");
+    const { buildScanCatalog } = await import("./scan-catalog.js");
+    const { ensureUiBundle } = await import("./ui-fetch.js");
+    const cwd = process.cwd();
+    const packageRoot = getPackageRoot();
+    // 1. Resolve UI bundle directory.
+    let uiDir;
+    if (p.uiDir) {
+        uiDir = path.resolve(p.uiDir);
+        if (!fs.existsSync(path.join(uiDir, "index.html"))) {
+            log.error(`--ui-dir does not contain index.html: ${uiDir}`);
+            return 3;
+        }
+    }
+    else if (process.env.DEV === "1") {
+        // Dev convenience: prefer the locally-built ui/dist over a network fetch.
+        const localDist = path.join(packageRoot, "ui", "dist");
+        if (fs.existsSync(path.join(localDist, "index.html"))) {
+            uiDir = localDist;
+        }
+        else {
+            log.error("DEV mode: ui/dist not built. Run 'npm --prefix ui run build' or unset DEV to fetch from GitHub.");
+            return 3;
+        }
+    }
+    else {
+        try {
+            uiDir = await ensureUiBundle({
+                version,
+                onLog: (line) => log.ok(line),
+            });
+        }
+        catch (e) {
+            log.error(`Failed to fetch UI bundle: ${e.message}\n` +
+                `  Try again or pass --ui-dir <path> with a locally-built bundle.`);
+            return 3;
+        }
+    }
+    // 2. Build scan catalog → ApplyCatalog + pluginAgentsByName.
+    let scanCatalog;
+    try {
+        scanCatalog = await buildScanCatalog(packageRoot);
+    }
+    catch (e) {
+        log.error(`Failed to build catalog: ${e.message}`);
+        return 1;
+    }
+    const applyCatalog = {
+        // Workflow is a singleton (one CLAUDE.md per project); we pick the
+        // sentinel name "workflow" to match what the Web UI's Dashboard sends
+        // and to remain semantically self-describing. The handler ignores the
+        // name argument either way.
+        workflow: new Set(["workflow"]),
+        skill: new Set(Object.keys(scanCatalog.skills)),
+        "recommended-skill": new Set(Object.keys(scanCatalog.recommendedSkills)),
+        plugin: new Set(Object.keys(scanCatalog.plugins)),
+        hook: new Set(Object.keys(scanCatalog.hooks)),
+    };
+    const pluginAgentsByName = new Map();
+    for (const [name, def] of Object.entries(scanCatalog.plugins)) {
+        pluginAgentsByName.set(name, def.agents);
+    }
+    const applyHandlers = buildDefaultApplyHandlers({
+        packageRoot,
+        cwd,
+        pluginAgentsByName,
+    });
+    // 3. Token: 32 bytes hex per spec §4.4.
+    const token = randomBytes(32).toString("hex");
+    // 4. Bind port: try requested → otherwise 4747..4756 in sequence.
+    // Use `!== undefined` so `--port 0` (OS-ephemeral) is honored. `0` is
+    // falsy in JS; `p.port ? [p.port] : range` would silently fall back to
+    // the default range and break hermetic e2e isolation.
+    const ports = p.port !== undefined
+        ? [p.port]
+        : Array.from({ length: UI_PORT_RANGE }, (_, i) => UI_DEFAULT_PORT + i);
+    let server = null;
+    let lastErr = null;
+    for (const port of ports) {
+        try {
+            server = await startServer({
+                port,
+                token,
+                cwd,
+                packageRoot,
+                heartbeatTimeoutMs: UI_HEARTBEAT_TIMEOUT_MS,
+                applyHandlers,
+                applyCatalog,
+                uiDir,
+            });
+            break;
+        }
+        catch (e) {
+            lastErr = e;
+            // Only swallow address-in-use; everything else propagates.
+            if (!/EADDRINUSE|EACCES/i.test(lastErr.message)) {
+                log.error(`Failed to start server on port ${port}: ${lastErr.message}`);
+                return 1;
+            }
+        }
+    }
+    if (!server) {
+        log.error(`All ports occupied in range (${ports[0]}..${ports[ports.length - 1]}). ` +
+            `Try '--port <n>' or 'npx auriga-cli' for the TTY menu. Last error: ${lastErr?.message ?? "unknown"}`);
+        return 2;
+    }
+    // 5. URL + browser open.
+    const url = `http://127.0.0.1:${server.port}/?token=${token}`;
+    process.stdout.write(`\n${highlight("auriga UI is live:")}  ${url}\n` +
+        `   (closing the browser shuts the server down after ~${Math.round(UI_HEARTBEAT_TIMEOUT_MS / 1000)}s of inactivity)\n` +
+        `   Note: the URL contains a per-session token — don't paste it into chats, CI logs, or screenshots.\n\n`);
+    if (!p.noOpen) {
+        await openBrowser(url);
+    }
+    // 6. Block until the server fully stops. The heartbeat closes it after
+    //    UI_HEARTBEAT_TIMEOUT_MS without a /api/ping; SIGINT triggers an
+    //    explicit close().
+    const onSig = () => {
+        void server.close();
+    };
+    process.once("SIGINT", onSig);
+    process.once("SIGTERM", onSig);
+    try {
+        await server.closed;
+    }
+    finally {
+        process.off("SIGINT", onSig);
+        process.off("SIGTERM", onSig);
+    }
+    return 0;
+}
+/** Best-effort cross-platform browser open. Failure is non-fatal — the
+ *  printed URL is still actionable. */
+async function openBrowser(url) {
+    const opener = process.platform === "darwin"
+        ? ["open", [url]]
+        : process.platform === "win32"
+            ? ["cmd", ["/c", "start", "", url]]
+            : ["xdg-open", [url]];
+    try {
+        const { spawn } = await import("node:child_process");
+        const proc = spawn(opener[0], opener[1], {
+            stdio: "ignore",
+            detached: true,
+        });
+        proc.on("error", () => {
+            /* swallow: URL was already printed */
+        });
+        proc.unref();
+    }
+    catch {
+        /* swallow */
+    }
+}
+/** Bold + cyan when stdout is a TTY; otherwise plain. */
+function highlight(text) {
+    if (!process.stdout.isTTY || process.env.NO_COLOR)
+        return text;
+    return `\x1b[1;36m${text}\x1b[0m`;
+}
+// ---------------------------------------------------------------------------
 // Legacy checkbox menu — preserved for `npx auriga-cli install` in TTY
 // and `npx auriga-cli` with no args.
 // ---------------------------------------------------------------------------

package/dist/help.js

@@ -15,6 +15,8 @@ USAGE
                                                          (excludes recommended — install separately)
   npx auriga-cli install <type> [type-specific flags]    single category
   npx auriga-cli install <type> --help                   per-category help + catalog subset
+  npx auriga-cli web-ui [--port <n>] [--ui-dir <path>] [--no-open]
+                                                         open the local Web UI (spec §4)
   npx auriga-cli --help
 
   For non-interactive (Agent) use, prepend npx's own -y flag:

package/dist/hooks.d.ts

@@ -203,4 +203,34 @@ export declare function resolveHookSelection(compatible: HookDef[], selected: st
  */
 export declare function findIncompatibleExplicit(all: HookDef[], compatible: HookDef[], selected: string[]): string[];
 export declare function installHooks(packageRoot: string, opts: InstallOpts): Promise<void>;
+/**
+ * Uninstall a single hook. Defaults to project scope; explicit
+ * `scope:"user"` cleans `~/.claude/...` instead.
+ *
+ * Project scope (default):
+ *   - rm `<cwd>/.claude/hooks/<name>/` directory.
+ *   - Strip the hook's marker from `<cwd>/.claude/settings.json` AND
+ *     `<cwd>/.claude/settings.local.json` (project + project-local share
+ *     the on-disk hook dir, so cleaning both settings files keeps users
+ *     who switched scopes from accumulating dangling registrations).
+ *
+ * User scope:
+ *   - rm `~/.claude/hooks/<name>/` directory.
+ *   - Strip the hook's marker from `~/.claude/settings.json`.
+ *   - Project files are NOT touched.
+ *
+ * Marker discovery: tries the live registry at `<cwd>` (or the npx
+ * package root if that fails) so we use the same marker the install path
+ * stamped in. If the registry can't resolve the hook (renamed / removed
+ * upstream), we fall back to a `auriga:<name>` convention — every shipped
+ * hook to date follows it, so the fallback is reliable for the common
+ * case.
+ *
+ * Idempotent: missing hook dir / missing settings / absent marker → no-op.
+ */
+export declare function uninstallHook(name: string, opts: {
+    cwd: string;
+    scope?: "project" | "user";
+    onLog?: (line: string) => void;
+}): Promise<void>;
 export {};

package/dist/hooks.js

@@ -868,3 +868,92 @@ export async function installHooks(packageRoot, opts) {
         throw new Error(`${failures.length} hook(s) failed to install: ${failures.join(", ")}`);
     }
 }
+// --- Uninstall ----------------------------------------------------------------
+const HOOK_NAME_RE_STRICT = /^[a-z][a-z0-9-]*$/;
+/**
+ * Uninstall a single hook. Defaults to project scope; explicit
+ * `scope:"user"` cleans `~/.claude/...` instead.
+ *
+ * Project scope (default):
+ *   - rm `<cwd>/.claude/hooks/<name>/` directory.
+ *   - Strip the hook's marker from `<cwd>/.claude/settings.json` AND
+ *     `<cwd>/.claude/settings.local.json` (project + project-local share
+ *     the on-disk hook dir, so cleaning both settings files keeps users
+ *     who switched scopes from accumulating dangling registrations).
+ *
+ * User scope:
+ *   - rm `~/.claude/hooks/<name>/` directory.
+ *   - Strip the hook's marker from `~/.claude/settings.json`.
+ *   - Project files are NOT touched.
+ *
+ * Marker discovery: tries the live registry at `<cwd>` (or the npx
+ * package root if that fails) so we use the same marker the install path
+ * stamped in. If the registry can't resolve the hook (renamed / removed
+ * upstream), we fall back to a `auriga:<name>` convention — every shipped
+ * hook to date follows it, so the fallback is reliable for the common
+ * case.
+ *
+ * Idempotent: missing hook dir / missing settings / absent marker → no-op.
+ */
+export async function uninstallHook(name, opts) {
+    if (!HOOK_NAME_RE_STRICT.test(name)) {
+        throw new Error(`uninstallHook: invalid hook name ${JSON.stringify(name)}`);
+    }
+    const cwd = path.resolve(opts.cwd);
+    const scope = opts.scope ?? "project";
+    const emit = (line) => { opts.onLog?.(line); };
+    // Look up marker from the registry. If the registry is absent or the
+    // hook isn't listed, fall back to `auriga:<name>` (the shipped naming
+    // convention for every hook in this repo).
+    let marker = `auriga:${name}`;
+    try {
+        const cfg = loadHooksConfig(cwd);
+        const def = cfg.hooks.find((h) => h.name === name);
+        if (def)
+            marker = def.marker;
+    }
+    catch {
+        // No registry at cwd — fine, fall back to the convention.
+    }
+    // Build a minimal HookDef stub for cleanHookFromScope. It only reads
+    // `marker` and `name` (via resolveScope), both of which we have.
+    const stub = {
+        name,
+        description: "",
+        runtimePlatforms: [],
+        settingsEvents: [],
+        command: 'node "$HOOK_DIR/index.mjs"',
+        files: [],
+        marker,
+    };
+    // resolveScope picks the settings/hooks paths based on scope.
+    // Project scope covers both project + project-local settings (shared
+    // on-disk hook dir); user scope covers only ~/.claude/settings.json.
+    const cleanScopes = scope === "user" ? ["user"] : ["project", "project-local"];
+    let totalRemoved = 0;
+    for (const s of cleanScopes) {
+        const r = cleanHookFromScope(stub, s, cwd);
+        if (r.removed > 0) {
+            totalRemoved += r.removed;
+            log.ok(`${name}: removed ${r.removed} entr${r.removed === 1 ? "y" : "ies"} from ${r.settingsPath}`);
+            emit(`removed ${r.removed} entr${r.removed === 1 ? "y" : "ies"} from ${r.settingsPath}`);
+        }
+    }
+    if (totalRemoved === 0) {
+        log.skip(`${name}: no settings entries found`);
+        emit(`${name}: no settings entries found`);
+    }
+    // Hook directory: user → ~/.claude/hooks/<name>; project → <cwd>/.claude/hooks/<name>.
+    const hookDir = scope === "user"
+        ? path.join(os.homedir(), ".claude", "hooks", name)
+        : path.join(cwd, ".claude", "hooks", name);
+    if (fs.existsSync(hookDir)) {
+        fs.rmSync(hookDir, { recursive: true, force: true });
+        log.ok(`${name}: directory removed`);
+        emit(`removed ${hookDir}`);
+    }
+    else {
+        log.skip(`${name}: directory not present`);
+        emit(`${name}: directory not present`);
+    }
+}

package/dist/plugins.d.ts

@@ -1,3 +1,32 @@
 import type { InstallOpts, PluginsConfig } from "./utils.js";
 export declare function validatePluginsConfig(raw: unknown): asserts raw is PluginsConfig;
 export declare function installPlugins(packageRoot: string, opts: InstallOpts): Promise<void>;
+/**
+ * Uninstall a single plugin.
+ *
+ *   Claude side: shells out to `claude plugins uninstall <id>` (the
+ *     canonical CLI path). Errors are propagated — the CLI sometimes
+ *     surfaces nuanced failure modes (marketplace gone, network) that
+ *     the caller needs to see verbatim.
+ *
+ *   Codex side: no `codex plugin uninstall` exists today (spec §10.4
+ *     flagged this as v0.1 needs-confirm). We mimic the install path
+ *     in reverse:
+ *       1. Read + parse `~/.codex/config.toml`, delete `[plugins."<id>"]`,
+ *          atomic write back. Throws on parse error (don't half-corrupt).
+ *       2. rm `~/.codex/plugins/cache/<marketplace>/<plugin>/` directory.
+ *     Both steps are idempotent — missing config / missing cache dir is
+ *     a no-op (the user may have manually cleaned half of the install).
+ *
+ *     Caveat: we deliberately do NOT remove the marketplace itself. A
+ *     single marketplace may host multiple plugins; tearing it down
+ *     because one plugin left would break others. The user can
+ *     `codex plugin marketplace remove` separately when they want.
+ *
+ * Validation happens before any I/O — a malformed id throws cleanly with
+ * no side effects, so retries are safe.
+ */
+export declare function uninstallPlugin(id: string, agent: "claude" | "codex", opts: {
+    cwd: string;
+    onLog?: (line: string) => void;
+}): Promise<void>;

package/dist/plugins.js

@@ -5,7 +5,7 @@ import { checkbox, select } from "@inquirer/prompts";
 import { parse as parseToml, stringify as stringifyToml } from "smol-toml";
 import { codexManifestPath, validateCodexInstallConfig, validateCodexMarketplace, } from "./codex-plugin-config.js";
 import { validateMarketplaceField } from "./marketplace.js";
-import { atomicWriteFile, exec, fetchExtraContent, log, withEsc } from "./utils.js";
+import { atomicWriteFile, exec, execAsync, fetchExtraContent, log, withEsc } from "./utils.js";
 // Plugin names and plugin-package names end up in `claude plugins ...`
 // shell commands via string interpolation. .claude/plugins.json is
 // fetched from raw GitHub at runtime, so every value must pass a
@@ -531,7 +531,14 @@ export async function installPlugins(packageRoot, opts) {
             for (const [name, source] of marketplacesToAdd) {
                 console.log(`\nAdding marketplace: ${name}...`);
                 try {
-                    exec(`claude plugins marketplace add ${source}`, { inherit: true });
+                    const cmd = `claude plugins marketplace add ${source}`;
+                    if (opts.onLog) {
+                        opts.onLog(`▸ ${cmd}`, "stdout");
+                        await execAsync(cmd, { onLine: opts.onLog });
+                    }
+                    else {
+                        exec(cmd, { inherit: true });
+                    }
                     log.ok(`Marketplace ${name} added`);
                 }
                 catch {
@@ -542,7 +549,14 @@ export async function installPlugins(packageRoot, opts) {
             for (const name of marketplacesToUpdate) {
                 console.log(`\nUpdating marketplace: ${name}...`);
                 try {
-                    exec(`claude plugins marketplace update ${name}`, { inherit: true });
+                    const cmd = `claude plugins marketplace update ${name}`;
+                    if (opts.onLog) {
+                        opts.onLog(`▸ ${cmd}`, "stdout");
+                        await execAsync(cmd, { onLine: opts.onLog });
+                    }
+                    else {
+                        exec(cmd, { inherit: true });
+                    }
                     log.ok(`Marketplace ${name} updated`);
                 }
                 catch (e) {
@@ -557,9 +571,14 @@ export async function installPlugins(packageRoot, opts) {
             for (const plugin of selected) {
                 console.log(`\nInstalling ${plugin.name}...`);
                 try {
-                    exec(`claude plugins install ${plugin.package} --scope ${scope}`, {
-                        inherit: true,
-                    });
+                    const cmd = `claude plugins install ${plugin.package} --scope ${scope}`;
+                    if (opts.onLog) {
+                        opts.onLog(`▸ ${cmd}`, "stdout");
+                        await execAsync(cmd, { onLine: opts.onLog });
+                    }
+                    else {
+                        exec(cmd, { inherit: true });
+                    }
                     log.ok(`${plugin.name} installed`);
                 }
                 catch {
@@ -584,3 +603,115 @@ export async function installPlugins(packageRoot, opts) {
         }
     }
 }
+// --- Uninstall ----------------------------------------------------------------
+// Plugin id format: `<plugin>@<marketplace>` (matches the Codex config.toml
+// key shape and Claude Code's `claude plugins install ...` argument).
+// Tightened with the same name regex used everywhere else in this file
+// (PLUGIN_NAME_RE on the plugin side, MARKETPLACE_NAME_RE on the
+// marketplace side, both anchored). `name` is interpolated into a shell
+// command (Claude path) and used as a filesystem segment (Codex path);
+// rejecting unsafe shapes here closes both attack surfaces in one place.
+const PLUGIN_ID_RE = /^([A-Za-z0-9][A-Za-z0-9._-]{0,127})@([A-Za-z0-9][A-Za-z0-9._-]{0,127})$/;
+function parsePluginId(id) {
+    const m = PLUGIN_ID_RE.exec(id);
+    if (!m) {
+        throw new Error(`uninstallPlugin: invalid plugin id ${JSON.stringify(id)}; expected <plugin>@<marketplace>`);
+    }
+    return { plugin: m[1], marketplace: m[2] };
+}
+/**
+ * Remove `[plugins."<id>"]` from a parsed Codex config TOML tree.
+ * Returns true if anything was removed. Idempotent: missing key → false.
+ *
+ * Pure function operating on the parsed tree — no I/O. Lets the test
+ * harness assert tree shape without touching disk + lets the I/O wrapper
+ * skip the atomic write when nothing changed.
+ */
+function removeCodexPluginFromConfig(parsed, pluginId) {
+    const plugins = parsed.plugins;
+    if (!isTomlTable(plugins))
+        return false;
+    if (!(pluginId in plugins))
+        return false;
+    delete plugins[pluginId];
+    return true;
+}
+/**
+ * Uninstall a single plugin.
+ *
+ *   Claude side: shells out to `claude plugins uninstall <id>` (the
+ *     canonical CLI path). Errors are propagated — the CLI sometimes
+ *     surfaces nuanced failure modes (marketplace gone, network) that
+ *     the caller needs to see verbatim.
+ *
+ *   Codex side: no `codex plugin uninstall` exists today (spec §10.4
+ *     flagged this as v0.1 needs-confirm). We mimic the install path
+ *     in reverse:
+ *       1. Read + parse `~/.codex/config.toml`, delete `[plugins."<id>"]`,
+ *          atomic write back. Throws on parse error (don't half-corrupt).
+ *       2. rm `~/.codex/plugins/cache/<marketplace>/<plugin>/` directory.
+ *     Both steps are idempotent — missing config / missing cache dir is
+ *     a no-op (the user may have manually cleaned half of the install).
+ *
+ *     Caveat: we deliberately do NOT remove the marketplace itself. A
+ *     single marketplace may host multiple plugins; tearing it down
+ *     because one plugin left would break others. The user can
+ *     `codex plugin marketplace remove` separately when they want.
+ *
+ * Validation happens before any I/O — a malformed id throws cleanly with
+ * no side effects, so retries are safe.
+ */
+export async function uninstallPlugin(id, agent, opts) {
+    const { plugin, marketplace } = parsePluginId(id);
+    const emit = (line) => { opts.onLog?.(line); };
+    if (agent === "claude") {
+        // Note: scope is intentionally NOT specified. `claude plugins
+        // uninstall <id>` operates against whatever scope the plugin is
+        // installed in (user / project) — letting the CLI find it is
+        // more robust than guessing wrong and silently no-op'ing.
+        exec(`claude plugins uninstall ${id}`, { cwd: opts.cwd, inherit: true });
+        log.ok(`${id} uninstalled from Claude Code`);
+        emit(`uninstalled ${id} from Claude Code`);
+        return;
+    }
+    // Codex path.
+    const home = codexHome();
+    const configPath = path.join(home, "config.toml");
+    if (fs.existsSync(configPath)) {
+        const content = fs.readFileSync(configPath, "utf-8");
+        // Parse-then-mutate: any parse failure aborts BEFORE we touch the
+        // filesystem (cache dir removal also gets skipped) so a damaged
+        // config doesn't end up half-uninstalled. The test "config.toml
+        // damaged → throw before mutation" locks this in.
+        const parsed = parseCodexConfigToml(content, configPath);
+        const removed = removeCodexPluginFromConfig(parsed, id);
+        if (removed) {
+            const next = stringifyToml(parsed);
+            atomicWriteFile(configPath, next.endsWith("\n") ? next : `${next}\n`);
+            log.ok(`${id} disabled in Codex config.toml`);
+            emit(`removed ${id} from Codex config.toml`);
+        }
+        else {
+            log.skip(`${id} not present in Codex config.toml`);
+            emit(`${id} not present in Codex config.toml`);
+        }
+    }
+    else {
+        log.skip(`Codex config.toml not present`);
+        emit(`Codex config.toml not present`);
+    }
+    // Cache dir: ~/.codex/plugins/cache/<marketplace>/<plugin>/
+    // PLUGIN_ID_RE constrains both segments to a safe charset, so the
+    // path can't escape via injection. rmSync with recursive+force is
+    // the standard rm-rf idiom; missing dir is a no-op.
+    const cacheDir = path.join(home, "plugins", "cache", marketplace, plugin);
+    if (fs.existsSync(cacheDir)) {
+        fs.rmSync(cacheDir, { recursive: true, force: true });
+        log.ok(`${id} cache directory removed`);
+        emit(`removed Codex cache directory for ${id}`);
+    }
+    else {
+        log.skip(`${id} cache directory not present`);
+        emit(`Codex cache directory for ${id} not present`);
+    }
+}

package/dist/scan-catalog.d.ts

@@ -0,0 +1,2 @@
+import type { Catalog as ScanCatalog } from "./state.js";
+export declare function buildScanCatalog(packageRoot: string): Promise<ScanCatalog>;