auriga-cli 1.29.0 → 1.29.2

package/README.md

@@ -121,7 +121,7 @@ Supports both project and global installation scopes.
 
 ### Plugins
 
-Installs selected plugins for Claude Code, Codex, or both. Claude Code uses `claude plugins install` and honors `--scope project|user`; Codex uses `codex plugin marketplace add/upgrade` (the right one is picked by reading `~/.codex/config.toml`) and enables selected plugins in `~/.codex/config.toml`.
+Installs selected plugins for Claude Code, Codex, or both. Claude Code uses `claude plugins install` and honors `--scope project|user`; Codex registers the marketplace via `codex plugin marketplace add/upgrade` (the right one is picked by reading `~/.codex/config.toml`), then installs each selected plugin with the native `codex plugin add <plugin>@<marketplace>` command. The Codex path requires a Codex CLI new enough to expose `codex plugin add`; on older versions the Codex-side install aborts with an upgrade hint.
 
 Examples:
 

package/README.zh-CN.md

@@ -121,7 +121,7 @@ npx auriga-cli
 
 ### Plugins
 
-可以把选中的插件安装到 Claude Code、Codex 或两者都装。Claude Code 路径使用 `claude plugins install`，并遵守 `--scope project|user`；Codex 路径根据 `~/.codex/config.toml` 中是否已注册同名 marketplace 自动选择 `codex plugin marketplace add` 或 `upgrade`，并在 `~/.codex/config.toml` 里启用选中的插件。
+可以把选中的插件安装到 Claude Code、Codex 或两者都装。Claude Code 路径使用 `claude plugins install`，并遵守 `--scope project|user`；Codex 路径根据 `~/.codex/config.toml` 中是否已注册同名 marketplace 自动选择 `codex plugin marketplace add` 或 `upgrade` 注册 marketplace，再用原生的 `codex plugin add <plugin>@<marketplace>` 命令安装每个选中的插件。Codex 路径要求 Codex CLI 版本新到支持 `codex plugin add`；旧版本会中止 Codex 侧安装并提示升级。
 
 示例：
 

package/dist/api-types.d.ts

@@ -95,8 +95,8 @@ export type ApplyScope = "project" | "user";
 /**
  * Workflow AGENTS.md language variant.
  *
- * - "zh-CN": Simplified Chinese AGENTS.md (the default).
- * - "en":    English AGENTS.en.md.
+ * - "zh-CN": Simplified Chinese workflow template (the default).
+ * - "en":    English workflow template.
  *
  * Only meaningful for `category === "workflow"`; rejected for other
  * categories so the API surface stays explicit.

package/dist/catalog.json

@@ -1,5 +1,5 @@
 {
-  "generatedAt": "2026-05-16T13:16:49.448Z",
+  "generatedAt": "2026-05-19T03:19:33.649Z",
   "workflowSkills": [
     {
       "name": "planning-with-files",

package/dist/cli.js

@@ -693,8 +693,9 @@ async function runUi(p, version) {
     //   - tarballRoot: where `dist/catalog.json` + the bundled DEV ui/dist live.
     //     Always read from the installed npm package; can't be fetched because
     //     dist/ is built artifact, not git content.
-    //   - contentRoot: where the runtime install recipes live (AGENTS.md,
-    //     marketplace manifests, extra_plugin_configs.json, skills-lock.json).
+    //   - contentRoot: where the runtime install recipes live (workflow
+    //     templates, marketplace manifests, extra_plugin_configs.json,
+    //     skills-lock.json).
     //     These files are
     //     NOT in the npm tarball — the `files` allowlist only ships `dist/*`
     //     + npm defaults. They are fetched from GitHub, pinned to the CLI
@@ -774,8 +775,9 @@ async function runUi(p, version) {
         pluginAgentsByName.set(name, def.agents);
     }
     const applyHandlers = buildDefaultApplyHandlers({
-        // contentRoot: install handlers read AGENTS.md, marketplace manifests,
-        // extra_plugin_configs.json, and skills-lock.json — all CONTENT_FILES.
+        // contentRoot: install handlers read workflow templates, marketplace
+        // manifests, extra_plugin_configs.json, and skills-lock.json — all
+        // CONTENT_FILES.
         // Routing them at tarballRoot fails ENOENT for npm-installed users.
         packageRoot: contentRoot,
         cwd,
@@ -800,8 +802,8 @@ async function runUi(p, version) {
                 cwd,
                 // server reads dist/catalog.json (tarball-shipped) via
                 // buildScanCatalog on each /api/state call; install-time content
-                // (marketplace manifests, extra plugin config, AGENTS.md, …) was already injected
-                // into applyHandlers above with contentRoot.
+                // (workflow templates, marketplace manifests, extra plugin config, …)
+                // was already injected into applyHandlers above with contentRoot.
                 packageRoot: tarballRoot,
                 heartbeatTimeoutMs: UI_HEARTBEAT_TIMEOUT_MS,
                 applyHandlers,

package/dist/plugins.d.ts

@@ -54,22 +54,18 @@ export declare function installPlugins(packageRoot: string, opts: InstallOpts):
  *     surfaces nuanced failure modes (marketplace gone, network) that
  *     the caller needs to see verbatim.
  *
- *   Codex side: no `codex plugin uninstall` exists today (spec §10.4
- *     flagged this as v0.1 needs-confirm). We mimic the install path
- *     in reverse:
- *       1. Read + parse `~/.codex/config.toml`, delete `[plugins."<id>"]`,
- *          atomic write back. Throws on parse error (don't half-corrupt).
- *       2. rm `~/.codex/plugins/cache/<marketplace>/<plugin>/` directory.
- *     Both steps are idempotent — missing config / missing cache dir is
- *     a no-op (the user may have manually cleaned half of the install).
+ *   Codex side: shells out to `codex plugin remove <id>`, which deletes
+ *     the plugin from Codex's local config and cache. We deliberately do
+ *     NOT remove the marketplace itself — a single marketplace may host
+ *     multiple plugins, and tearing it down because one plugin left would
+ *     break the others. The user can `codex plugin marketplace remove`
+ *     separately when they want. Errors are propagated like the Claude
+ *     side; idempotency (removing an already-absent plugin) is the Codex
+ *     CLI's responsibility.
  *
- *     Caveat: we deliberately do NOT remove the marketplace itself. A
- *     single marketplace may host multiple plugins; tearing it down
- *     because one plugin left would break others. The user can
- *     `codex plugin marketplace remove` separately when they want.
- *
- * Validation happens before any I/O — a malformed id throws cleanly with
- * no side effects, so retries are safe.
+ * `parsePluginId` validates the id shape — and rejects shell
+ * metacharacters in either segment — before any command runs, so a
+ * malformed id throws cleanly with no side effects and retries are safe.
  */
 export declare function uninstallPlugin(id: string, agent: "claude" | "codex", opts: {
     cwd: string;

package/dist/plugins.js

@@ -2,8 +2,8 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { checkbox, select } from "@inquirer/prompts";
-import { parse as parseToml, stringify as stringifyToml } from "smol-toml";
-import { codexLocalPluginPath, codexManifestPath, validateCodexMarketplace, } from "./codex-plugin-config.js";
+import { parse as parseToml } from "smol-toml";
+import { codexManifestPath, validateCodexMarketplace, } from "./codex-plugin-config.js";
 import { validateMarketplaceField } from "./marketplace.js";
 import { atomicWriteFile, exec, execAsync, log, withEsc } from "./utils.js";
 // Plugin names and plugin-package names end up in `claude plugins ...`
@@ -24,7 +24,6 @@ const MIGRATED_WORKFLOW_SKILLS = [
 const NOTIFY_PLUGIN_NAME = "auriga-notify";
 const WORKFLOW_SKILLS_PLUGIN_NAME = "auriga-workflow";
 const LEGACY_NOTIFY_MARKER = "auriga:notify";
-const CODEX_PLUGIN_VERSION_RE = /^[A-Za-z0-9][A-Za-z0-9._+-]{0,127}$/;
 function validateClaudeMarketplace(raw) {
     if (!raw || typeof raw !== "object") {
         throw new Error("Claude marketplace.json: root must be an object");
@@ -264,17 +263,6 @@ function resolveCodexPluginSelection(all, selected) {
 function codexHome() {
     return process.env.CODEX_HOME || path.join(os.homedir(), ".codex");
 }
-function codexMarketplaceCacheRoot(marketplaceName) {
-    return path.join(codexHome(), ".tmp", "marketplaces", marketplaceName);
-}
-function resolveCodexMarketplaceContentRoot(packageRoot, marketplaceName) {
-    const cachedRoot = codexMarketplaceCacheRoot(marketplaceName);
-    if (fs.existsSync(path.join(cachedRoot, ".agents", "plugins", "marketplace.json"))) {
-        return cachedRoot;
-    }
-    throw new Error(`Codex marketplace ${marketplaceName} cache missing at ${cachedRoot}. ` +
-        "Run `codex plugin marketplace add/upgrade` successfully before materializing local plugins.");
-}
 function shellQuote(value) {
     return `'${value.replace(/'/g, "'\\''")}'`;
 }
@@ -462,6 +450,35 @@ function codexExternalMarketplaceAddCommand(source) {
 function codexMarketplaceUpgradeCommand(marketplaceName) {
     return `codex plugin marketplace upgrade ${shellQuote(marketplaceName)}`;
 }
+// Capability probe for the native `codex plugin add` command. Older Codex
+// versions expose `codex plugin marketplace` but not `add`; probing the
+// subcommand's `--help` is version-number-agnostic — it needs no knowledge
+// of which Codex release introduced `add`, so it can't rot the way a
+// hardcoded minimum-version compare would. `--help` prints and exits 0
+// when the subcommand exists, and exits non-zero (throwing here) when it
+// doesn't.
+function codexSupportsPluginAdd() {
+    try {
+        exec("codex plugin add --help");
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// `--enable plugins` turns on the global Codex plugins feature; `--enable
+// plugin_hooks` is appended only for plugins that ship hooks. We pass the
+// feature flags explicitly rather than relying on `codex plugin add` to
+// flip them — both flags are idempotent, so re-passing them across
+// multiple `add` calls is harmless. The plugin key (`<name>@<marketplace>`)
+// is validated upstream (PLUGIN_NAME_RE / MARKETPLACE_NAME_RE), so no
+// shell metacharacter can reach this interpolated command.
+function codexPluginAddCommand(pluginKey, hasHooks) {
+    const enable = hasHooks
+        ? "--enable plugins --enable plugin_hooks"
+        : "--enable plugins";
+    return `codex plugin add ${pluginKey} ${enable}`;
+}
 function commandErrorText(error) {
     if (!(error instanceof Error))
         return String(error);
@@ -538,131 +555,6 @@ function ensureCodexPluginManifests(packageRoot, plugins) {
         throw new Error(`Codex plugin ${plugin.name} manifest missing at ${manifestPath}`);
     }
 }
-function readCodexPluginVersion(packageRoot, plugin) {
-    const manifestPath = codexManifestPath(plugin);
-    if (!manifestPath) {
-        throw new Error(`Codex marketplace.json: plugin ${plugin.name} must use a local source.path`);
-    }
-    const manifest = JSON.parse(fs.readFileSync(path.join(packageRoot, manifestPath), "utf-8"));
-    if (typeof manifest.version !== "string" || !CODEX_PLUGIN_VERSION_RE.test(manifest.version)) {
-        throw new Error(`Codex plugin ${plugin.name} manifest must include a safe string version`);
-    }
-    return manifest.version;
-}
-function materializeLocalCodexPluginCache(packageRoot, marketplaceName, plugins) {
-    const cacheRoot = path.join(codexHome(), "plugins", "cache");
-    for (const plugin of plugins) {
-        const sourcePath = codexLocalPluginPath(plugin);
-        if (!sourcePath) {
-            throw new Error(`Codex marketplace.json: plugin ${plugin.name} must use a local source.path`);
-        }
-        const version = readCodexPluginVersion(packageRoot, plugin);
-        const sourceDir = path.join(packageRoot, sourcePath);
-        const destDir = path.join(cacheRoot, marketplaceName, plugin.name, version);
-        const tmpDir = `${destDir}.tmp-${process.pid}-${Date.now()}`;
-        fs.rmSync(tmpDir, { recursive: true, force: true });
-        fs.mkdirSync(path.dirname(destDir), { recursive: true });
-        fs.cpSync(sourceDir, tmpDir, { recursive: true });
-        fs.rmSync(destDir, { recursive: true, force: true });
-        fs.renameSync(tmpDir, destDir);
-        if (!fs.existsSync(path.join(destDir, ".codex-plugin", "plugin.json"))) {
-            throw new Error(`Codex plugin ${plugin.name} cache materialization did not produce plugin.json`);
-        }
-    }
-}
-function ensureTomlBoolean(content, section, key, value) {
-    const line = `${key} = ${value ? "true" : "false"}`;
-    const header = `[${section}]`;
-    const lines = content.length > 0 ? content.split(/\r?\n/) : [];
-    const start = lines.findIndex((l) => l.trim() === header);
-    if (start === -1) {
-        const prefix = content.trimEnd();
-        return `${prefix}${prefix ? "\n\n" : ""}${header}\n${line}\n`;
-    }
-    let end = lines.length;
-    for (let i = start + 1; i < lines.length; i += 1) {
-        if (/^\s*\[/.test(lines[i])) {
-            end = i;
-            break;
-        }
-    }
-    const keyRe = new RegExp(`^\\s*${key}\\s*=`);
-    for (let i = start + 1; i < end; i += 1) {
-        if (keyRe.test(lines[i])) {
-            lines[i] = line;
-            return lines.join("\n");
-        }
-    }
-    lines.splice(end, 0, line);
-    return lines.join("\n");
-}
-function parseCodexConfigToml(content, configPath) {
-    if (content.trim().length === 0)
-        return {};
-    try {
-        return parseToml(content);
-    }
-    catch (e) {
-        throw new Error(`Codex config.toml is invalid TOML at ${configPath}: ${e.message}`);
-    }
-}
-function isTomlTable(value) {
-    return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-function getOrCreateTomlTable(parent, key, pathLabel) {
-    const existing = parent[key];
-    if (existing === undefined) {
-        const table = {};
-        parent[key] = table;
-        return table;
-    }
-    if (!isTomlTable(existing)) {
-        throw new Error(`Codex config.toml: ${pathLabel} must be a TOML table`);
-    }
-    return existing;
-}
-function buildCodexPluginConfigToml(originalContent, configPath, pluginKeys, needsPluginHooks) {
-    const parsed = parseCodexConfigToml(originalContent, configPath);
-    const features = getOrCreateTomlTable(parsed, "features", "features");
-    features.plugins = true;
-    if (needsPluginHooks) {
-        features.plugin_hooks = true;
-    }
-    const plugins = getOrCreateTomlTable(parsed, "plugins", "plugins");
-    for (const pluginKey of pluginKeys) {
-        const plugin = getOrCreateTomlTable(plugins, pluginKey, `plugins.${JSON.stringify(pluginKey)}`);
-        plugin.enabled = true;
-    }
-    return stringifyToml(parsed);
-}
-function tryMinimalCodexPluginConfigToml(originalContent, configPath, pluginKeys, needsPluginHooks) {
-    let content = originalContent;
-    content = ensureTomlBoolean(content, "features", "plugins", true);
-    if (needsPluginHooks) {
-        content = ensureTomlBoolean(content, "features", "plugin_hooks", true);
-    }
-    for (const pluginKey of pluginKeys) {
-        content = ensureTomlBoolean(content, `plugins."${pluginKey}"`, "enabled", true);
-    }
-    try {
-        parseToml(content);
-        return content;
-    }
-    catch {
-        // Existing configs may use legal TOML forms such as inline tables
-        // (`features = { plugins = false }`). In that case, a local section
-        // insertion would redefine the table, so fall back to structured output.
-        parseCodexConfigToml(originalContent, configPath);
-        return null;
-    }
-}
-function enableCodexPluginConfig(configPath, pluginKeys, needsPluginHooks) {
-    fs.mkdirSync(path.dirname(configPath), { recursive: true });
-    const originalContent = fs.existsSync(configPath) ? fs.readFileSync(configPath, "utf-8") : "";
-    const minimalContent = tryMinimalCodexPluginConfigToml(originalContent, configPath, pluginKeys, needsPluginHooks);
-    const content = minimalContent ?? buildCodexPluginConfigToml(originalContent, configPath, pluginKeys, needsPluginHooks);
-    atomicWriteFile(configPath, content.endsWith("\n") ? content : `${content}\n`);
-}
 async function addCodexMarketplaceWithRetry(marketplaceName, addCommand, expectedSource, opts, marketplaceExecOpts, failures) {
     const registeredSource = readCodexMarketplaceSource(marketplaceName);
     if (registeredSource !== null) {
@@ -706,29 +598,32 @@ async function addCodexMarketplaceWithRetry(marketplaceName, addCommand, expecte
         failures.push(`codex marketplace ${marketplaceName}`);
     }
 }
-// Builds the `<name>@<marketplace>` config keys + decides whether
-// features.plugin_hooks needs to flip on. Local plugins resolve through
-// this repo's marketplace.json and require a manifest check + hooks
-// inspection; external plugins emit a key directly from extra_plugin_configs.json
-// (Codex CLI fetches the upstream manifest itself). External plugins do
-// NOT flip plugin_hooks today — we don't have access to the upstream
-// manifest at install time. Acceptable while no external plugin ships
-// hooks; once one does, prefer fetching the manifest or adding an
-// explicit `requiresPluginHooks: true` field on the extra config entry.
-async function composeCodexPluginKeys(pluginContentRoot, localMarketplace, selectedMarketplacePlugins, externalSelected) {
-    const pluginKeys = [];
-    let needsPluginHooks = false;
+// Builds the `codex plugin add` work list: one entry per selected plugin.
+// Local plugins resolve their hooks flag from this repo's manifest;
+// external plugins emit a key straight from extra_plugin_configs.json
+// (Codex CLI fetches the upstream manifest itself) and never set
+// `hasHooks` — we don't have their manifest at install time. Acceptable
+// while no external plugin ships hooks; once one does, prefer fetching the
+// manifest or adding an explicit flag to the extra config entry.
+function composeCodexPluginAdds(pluginContentRoot, localMarketplace, selectedMarketplacePlugins, externalSelected) {
+    const adds = [];
     if (localMarketplace) {
         for (const plugin of selectedMarketplacePlugins) {
-            pluginKeys.push(`${plugin.name}@${localMarketplace.name}`);
-            if (pluginHasHooks(pluginContentRoot, plugin))
-                needsPluginHooks = true;
+            adds.push({
+                key: `${plugin.name}@${localMarketplace.name}`,
+                name: plugin.name,
+                hasHooks: pluginHasHooks(pluginContentRoot, plugin),
+            });
         }
     }
     for (const p of externalSelected) {
-        pluginKeys.push(`${p.name}@${p.marketplace.name}`);
+        adds.push({
+            key: `${p.name}@${p.marketplace.name}`,
+            name: p.name,
+            hasHooks: false,
+        });
     }
-    return { pluginKeys, needsPluginHooks };
+    return adds;
 }
 async function installCodexPlugins(packageRoot, opts) {
     const installConfig = loadCodexInstallConfig(packageRoot);
@@ -756,6 +651,20 @@ async function installCodexPlugins(packageRoot, opts) {
         log.skip("No Codex plugins selected");
         return;
     }
+    // Version gate: native `codex plugin add` materializes the plugin cache
+    // and writes the enable config itself. Without it there is no supported
+    // install path — fail fast with an actionable upgrade hint rather than
+    // falling back to a hand-rolled cache/config mechanism. Under `--agent
+    // both` this throw is caught by installPlugins' aggregator, so the
+    // Claude-side install still completes (the Codex side is recorded as a
+    // failure).
+    if (!codexSupportsPluginAdd()) {
+        const msg = "Codex CLI does not support `codex plugin add` — upgrade the Codex CLI and retry";
+        if (!opts.interactive)
+            throw new Error(msg);
+        log.error(msg);
+        return;
+    }
     // Local plugins are described by this repo's .agents/plugins/marketplace.json.
     // External plugins come from extra_plugin_configs.json and are resolved by
     // Codex CLI itself when their marketplace is added — we only need to
@@ -799,24 +708,26 @@ async function installCodexPlugins(packageRoot, opts) {
         await addCodexMarketplaceWithRetry(mp.name, codexExternalMarketplaceAddCommand(mp.source), codexExternalMarketplaceSource(mp.source), opts, marketplaceExecOpts, failures);
     }
     if (failures.length === 0) {
-        const localMarketplaceContentRoot = localMarketplace
-            ? resolveCodexMarketplaceContentRoot(packageRoot, localMarketplace.name)
-            : packageRoot;
-        const effectiveLocalMarketplace = localMarketplace
-            ? loadCodexMarketplace(localMarketplaceContentRoot) ?? localMarketplace
-            : null;
-        const selectedMarketplacePlugins = effectiveLocalMarketplace
-            ? resolveSelectedCodexMarketplacePlugins(effectiveLocalMarketplace, localSelected)
+        // Hooks detection reads this repo's manifest directly: local plugins
+        // listed in .agents/plugins/marketplace.json are sourced from this
+        // repo, so packageRoot is the authoritative manifest location. The
+        // plugin payload itself is materialized by `codex plugin add` from the
+        // marketplace snapshot registered above — no manual cache copy.
+        const selectedMarketplacePlugins = localMarketplace
+            ? resolveSelectedCodexMarketplacePlugins(localMarketplace, localSelected)
             : [];
-        ensureCodexPluginManifests(localMarketplaceContentRoot, selectedMarketplacePlugins);
-        if (effectiveLocalMarketplace) {
-            materializeLocalCodexPluginCache(localMarketplaceContentRoot, effectiveLocalMarketplace.name, selectedMarketplacePlugins);
-        }
-        const { pluginKeys, needsPluginHooks } = await composeCodexPluginKeys(localMarketplaceContentRoot, effectiveLocalMarketplace, selectedMarketplacePlugins, externalSelected);
-        enableCodexPluginConfig(path.join(codexHome(), "config.toml"), pluginKeys, needsPluginHooks);
-        for (const plugin of [...localSelected, ...externalSelected]) {
-            log.ok(`${plugin.name} enabled for Codex`);
-            runPostInstallMigration(plugin.name, opts, ["codex"]);
+        ensureCodexPluginManifests(packageRoot, selectedMarketplacePlugins);
+        const pluginAdds = composeCodexPluginAdds(packageRoot, localMarketplace, selectedMarketplacePlugins, externalSelected);
+        for (const entry of pluginAdds) {
+            try {
+                exec(codexPluginAddCommand(entry.key, entry.hasHooks), marketplaceExecOpts);
+                log.ok(`Codex plugin ${entry.key} added`);
+                runPostInstallMigration(entry.name, opts, ["codex"]);
+            }
+            catch (e) {
+                log.error(`Failed to add Codex plugin ${entry.key}\n${commandErrorText(e)}`);
+                failures.push(`codex plugin ${entry.key}`);
+            }
         }
     }
     if (failures.length > 0 && !opts.interactive) {
@@ -1046,23 +957,6 @@ function parsePluginId(id) {
     }
     return { plugin: m[1], marketplace: m[2] };
 }
-/**
- * Remove `[plugins."<id>"]` from a parsed Codex config TOML tree.
- * Returns true if anything was removed. Idempotent: missing key → false.
- *
- * Pure function operating on the parsed tree — no I/O. Lets the test
- * harness assert tree shape without touching disk + lets the I/O wrapper
- * skip the atomic write when nothing changed.
- */
-function removeCodexPluginFromConfig(parsed, pluginId) {
-    const plugins = parsed.plugins;
-    if (!isTomlTable(plugins))
-        return false;
-    if (!(pluginId in plugins))
-        return false;
-    delete plugins[pluginId];
-    return true;
-}
 /**
  * Uninstall a single plugin.
  *
@@ -1071,25 +965,21 @@ function removeCodexPluginFromConfig(parsed, pluginId) {
  *     surfaces nuanced failure modes (marketplace gone, network) that
  *     the caller needs to see verbatim.
  *
- *   Codex side: no `codex plugin uninstall` exists today (spec §10.4
- *     flagged this as v0.1 needs-confirm). We mimic the install path
- *     in reverse:
- *       1. Read + parse `~/.codex/config.toml`, delete `[plugins."<id>"]`,
- *          atomic write back. Throws on parse error (don't half-corrupt).
- *       2. rm `~/.codex/plugins/cache/<marketplace>/<plugin>/` directory.
- *     Both steps are idempotent — missing config / missing cache dir is
- *     a no-op (the user may have manually cleaned half of the install).
- *
- *     Caveat: we deliberately do NOT remove the marketplace itself. A
- *     single marketplace may host multiple plugins; tearing it down
- *     because one plugin left would break others. The user can
- *     `codex plugin marketplace remove` separately when they want.
+ *   Codex side: shells out to `codex plugin remove <id>`, which deletes
+ *     the plugin from Codex's local config and cache. We deliberately do
+ *     NOT remove the marketplace itself — a single marketplace may host
+ *     multiple plugins, and tearing it down because one plugin left would
+ *     break the others. The user can `codex plugin marketplace remove`
+ *     separately when they want. Errors are propagated like the Claude
+ *     side; idempotency (removing an already-absent plugin) is the Codex
+ *     CLI's responsibility.
  *
- * Validation happens before any I/O — a malformed id throws cleanly with
- * no side effects, so retries are safe.
+ * `parsePluginId` validates the id shape — and rejects shell
+ * metacharacters in either segment — before any command runs, so a
+ * malformed id throws cleanly with no side effects and retries are safe.
  */
 export async function uninstallPlugin(id, agent, opts) {
-    const { plugin, marketplace } = parsePluginId(id);
+    parsePluginId(id);
     const emit = (line) => { opts.onLog?.(line); };
     if (agent === "claude") {
         // Note: scope is intentionally NOT specified. `claude plugins
@@ -1101,44 +991,10 @@ export async function uninstallPlugin(id, agent, opts) {
         emit(`uninstalled ${id} from Claude Code`);
         return;
     }
-    // Codex path.
-    const home = codexHome();
-    const configPath = path.join(home, "config.toml");
-    if (fs.existsSync(configPath)) {
-        const content = fs.readFileSync(configPath, "utf-8");
-        // Parse-then-mutate: any parse failure aborts BEFORE we touch the
-        // filesystem (cache dir removal also gets skipped) so a damaged
-        // config doesn't end up half-uninstalled. The test "config.toml
-        // damaged → throw before mutation" locks this in.
-        const parsed = parseCodexConfigToml(content, configPath);
-        const removed = removeCodexPluginFromConfig(parsed, id);
-        if (removed) {
-            const next = stringifyToml(parsed);
-            atomicWriteFile(configPath, next.endsWith("\n") ? next : `${next}\n`);
-            log.ok(`${id} disabled in Codex config.toml`);
-            emit(`removed ${id} from Codex config.toml`);
-        }
-        else {
-            log.skip(`${id} not present in Codex config.toml`);
-            emit(`${id} not present in Codex config.toml`);
-        }
-    }
-    else {
-        log.skip(`Codex config.toml not present`);
-        emit(`Codex config.toml not present`);
-    }
-    // Cache dir: ~/.codex/plugins/cache/<marketplace>/<plugin>/
-    // PLUGIN_ID_RE constrains both segments to a safe charset, so the
-    // path can't escape via injection. rmSync with recursive+force is
-    // the standard rm-rf idiom; missing dir is a no-op.
-    const cacheDir = path.join(home, "plugins", "cache", marketplace, plugin);
-    if (fs.existsSync(cacheDir)) {
-        fs.rmSync(cacheDir, { recursive: true, force: true });
-        log.ok(`${id} cache directory removed`);
-        emit(`removed Codex cache directory for ${id}`);
-    }
-    else {
-        log.skip(`${id} cache directory not present`);
-        emit(`Codex cache directory for ${id} not present`);
-    }
+    // Codex path: `codex plugin remove` deletes the plugin from Codex's
+    // local config and cache. `id` was validated above, so it carries no
+    // shell metacharacter.
+    exec(`codex plugin remove ${id}`, { cwd: opts.cwd, inherit: true });
+    log.ok(`${id} removed from Codex`);
+    emit(`removed ${id} from Codex`);
 }

package/dist/skills.js

@@ -3,7 +3,7 @@ import os from "node:os";
 import path from "node:path";
 import { checkbox, select } from "@inquirer/prompts";
 import { atomicWriteFile, exec, execAsync, log, withEsc } from "./utils.js";
-// Curated default-on set: skills that the workflow in the root AGENTS.md
+// Curated default-on set: skills that the shipped workflow template
 // directly references. Anything else in skills-lock.json is surfaced via
 // installRecommendedSkills as an opt-in utility.
 export const WORKFLOW_SKILLS = [

package/dist/utils.d.ts

@@ -93,7 +93,7 @@ export interface LangOption {
     file: string;
 }
 export declare const DEFAULT_WORKFLOW_LANG = "zh-CN";
-export declare const DEFAULT_WORKFLOW_TEMPLATE_FILE = "AGENTS.md";
+export declare const DEFAULT_WORKFLOW_TEMPLATE_FILE = "AGENTS.template.zh-CN.md";
 export declare const LANGUAGES: LangOption[];
 /**
  * Reads `version` from the packaged manifest. Throws when the package

package/dist/utils.js

@@ -101,10 +101,10 @@ export function execAsync(cmd, opts) {
     });
 }
 export const DEFAULT_WORKFLOW_LANG = "zh-CN";
-export const DEFAULT_WORKFLOW_TEMPLATE_FILE = "AGENTS.md";
+export const DEFAULT_WORKFLOW_TEMPLATE_FILE = "AGENTS.template.zh-CN.md";
 export const LANGUAGES = [
-    { value: "zh-CN", label: "中文", file: "AGENTS.md" },
-    { value: "en", label: "English", file: "AGENTS.en.md" },
+    { value: "zh-CN", label: "中文", file: "AGENTS.template.zh-CN.md" },
+    { value: "en", label: "English", file: "AGENTS.template.en.md" },
 ];
 // --- Remote content ---
 const REPO = "Ben2pc/auriga-cli";
@@ -149,12 +149,16 @@ function resolveContentRef() {
 }
 const CONTENT_FILES = [
     DEFAULT_WORKFLOW_TEMPLATE_FILE,
-    "AGENTS.en.md",
+    "AGENTS.template.en.md",
     "skills-lock.json",
     ".claude-plugin/marketplace.json",
     ".agents/plugins/marketplace.json",
     "extra_plugin_configs.json",
 ];
+const LEGACY_CONTENT_FILE_FALLBACKS = {
+    "AGENTS.template.zh-CN.md": "AGENTS.md",
+    "AGENTS.template.en.md": "AGENTS.en.md",
+};
 async function fetchFile(file) {
     const ref = resolveContentRef();
     const url = `https://raw.githubusercontent.com/${REPO}/${ref}/${file}`;
@@ -163,6 +167,18 @@ async function fetchFile(file) {
         throw new Error(`Failed to fetch ${url}: ${res.status}`);
     return res.text();
 }
+async function fetchContentFile(file) {
+    try {
+        return await fetchFile(file);
+    }
+    catch (err) {
+        const legacyFile = LEGACY_CONTENT_FILE_FALLBACKS[file];
+        if (!legacyFile || !(err instanceof Error) || !/: 404$/.test(err.message)) {
+            throw err;
+        }
+        return fetchFile(legacyFile);
+    }
+}
 async function fetchFileBinary(file) {
     const ref = resolveContentRef();
     const url = `https://raw.githubusercontent.com/${REPO}/${ref}/${file}`;
@@ -177,7 +193,7 @@ export async function fetchContentRoot() {
     }
     const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "auriga-cli-"));
     for (const file of CONTENT_FILES) {
-        const content = await fetchFile(file);
+        const content = await fetchContentFile(file);
         const dest = path.join(tmpDir, file);
         fs.mkdirSync(path.dirname(dest), { recursive: true });
         fs.writeFileSync(dest, content);

package/dist/workflow-markers.js

@@ -21,9 +21,9 @@ export const MARKER_SCHEMA = "v1";
  * START marker line, one per template language. Only the prose differs — the
  * structural `AURIGA:WORKFLOW:v1 START` token is language-independent, so the
  * parser (`START_LINE_RE`) keys on the token alone and never needs to know the
- * language. The English `AGENTS.en.md` gets the English marker; `AGENTS.md`
- * gets the Chinese one, so a downstream file never carries a comment in the
- * wrong language for its document.
+ * language. `AGENTS.template.en.md` gets the English marker;
+ * `AGENTS.template.zh-CN.md` gets the Chinese one, so a downstream file never
+ * carries a comment in the wrong language for its document.
  */
 const WORKFLOW_START_MARKERS = {
     en: `<!-- AURIGA:WORKFLOW:${MARKER_SCHEMA} START — Managed block, maintained by auriga-cli. Do not edit by hand; upgrades replace it wholesale. Put project-specific instructions after the END marker below. -->`,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auriga-cli",
-  "version": "1.29.0",
+  "version": "1.29.2",
   "description": "Interactive CLI to install Claude Code harness modules (Workflow, Skills, Recommended Skills, Plugins)",
   "license": "MIT",
   "repository": {
@@ -25,8 +25,8 @@
     "dev": "tsc --watch",
     "start": "node dist/cli.js",
     "pretest": "npm run build",
-    "test": "tsc -p tsconfig.test.json && DEV=1 node --test --experimental-test-module-mocks dist-test/tests/skills.test.js dist-test/tests/skills-uninstall.test.js dist-test/tests/catalog.test.js dist-test/tests/cli-parse.test.js dist-test/tests/install-nontty.test.js dist-test/tests/preset.test.js dist-test/tests/legacy-menu.test.js dist-test/tests/plugins.test.js dist-test/tests/plugins-uninstall.test.js dist-test/tests/content-fetch.test.js dist-test/tests/utils.test.js dist-test/tests/guide.test.js dist-test/tests/validators.test.js dist-test/tests/entrypoint.test.js dist-test/tests/state.test.js dist-test/tests/server.test.js dist-test/tests/server-auth.test.js dist-test/tests/server-apply.test.js dist-test/tests/apply-handlers.test.js dist-test/tests/ui-fetch.test.js dist-test/tests/workflow-markers.test.js dist-test/tests/workflow-install.test.js dist-test/tests/workflow-uninstall.test.js dist-test/tests/tarball-shape.test.js dist-test/tests/spec-design.test.js dist-test/tests/goalify.test.js dist-test/tests/plugin-skill-frontmatter.test.js",
-    "test:watch": "tsc -p tsconfig.test.json --watch & node --test --watch --experimental-test-module-mocks dist-test/tests/skills.test.js dist-test/tests/skills-uninstall.test.js dist-test/tests/catalog.test.js dist-test/tests/cli-parse.test.js dist-test/tests/install-nontty.test.js dist-test/tests/preset.test.js dist-test/tests/legacy-menu.test.js dist-test/tests/plugins.test.js dist-test/tests/plugins-uninstall.test.js dist-test/tests/content-fetch.test.js dist-test/tests/utils.test.js dist-test/tests/guide.test.js dist-test/tests/validators.test.js dist-test/tests/entrypoint.test.js dist-test/tests/state.test.js dist-test/tests/server.test.js dist-test/tests/server-auth.test.js dist-test/tests/server-apply.test.js dist-test/tests/apply-handlers.test.js dist-test/tests/ui-fetch.test.js dist-test/tests/workflow-markers.test.js dist-test/tests/workflow-install.test.js dist-test/tests/workflow-uninstall.test.js dist-test/tests/tarball-shape.test.js dist-test/tests/spec-design.test.js dist-test/tests/goalify.test.js dist-test/tests/plugin-skill-frontmatter.test.js",
+    "test": "tsc -p tsconfig.test.json && DEV=1 node --test --experimental-test-module-mocks dist-test/tests/skills.test.js dist-test/tests/skills-uninstall.test.js dist-test/tests/catalog.test.js dist-test/tests/cli-parse.test.js dist-test/tests/install-nontty.test.js dist-test/tests/preset.test.js dist-test/tests/legacy-menu.test.js dist-test/tests/plugins.test.js dist-test/tests/plugins-uninstall.test.js dist-test/tests/content-fetch.test.js dist-test/tests/utils.test.js dist-test/tests/guide.test.js dist-test/tests/validators.test.js dist-test/tests/entrypoint.test.js dist-test/tests/state.test.js dist-test/tests/server.test.js dist-test/tests/server-auth.test.js dist-test/tests/server-apply.test.js dist-test/tests/apply-handlers.test.js dist-test/tests/ui-fetch.test.js dist-test/tests/workflow-markers.test.js dist-test/tests/workflow-install.test.js dist-test/tests/workflow-uninstall.test.js dist-test/tests/tarball-shape.test.js dist-test/tests/spec-design.test.js dist-test/tests/goalify.test.js dist-test/tests/plugin-skill-frontmatter.test.js dist-test/tests/auriga-workflow-skills.test.js",
+    "test:watch": "tsc -p tsconfig.test.json --watch & node --test --watch --experimental-test-module-mocks dist-test/tests/skills.test.js dist-test/tests/skills-uninstall.test.js dist-test/tests/catalog.test.js dist-test/tests/cli-parse.test.js dist-test/tests/install-nontty.test.js dist-test/tests/preset.test.js dist-test/tests/legacy-menu.test.js dist-test/tests/plugins.test.js dist-test/tests/plugins-uninstall.test.js dist-test/tests/content-fetch.test.js dist-test/tests/utils.test.js dist-test/tests/guide.test.js dist-test/tests/validators.test.js dist-test/tests/entrypoint.test.js dist-test/tests/state.test.js dist-test/tests/server.test.js dist-test/tests/server-auth.test.js dist-test/tests/server-apply.test.js dist-test/tests/apply-handlers.test.js dist-test/tests/ui-fetch.test.js dist-test/tests/workflow-markers.test.js dist-test/tests/workflow-install.test.js dist-test/tests/workflow-uninstall.test.js dist-test/tests/tarball-shape.test.js dist-test/tests/spec-design.test.js dist-test/tests/goalify.test.js dist-test/tests/plugin-skill-frontmatter.test.js dist-test/tests/auriga-workflow-skills.test.js",
     "pretest:e2e": "npm run build",
     "test:e2e": "tsc -p tsconfig.test.json && node --test dist-test/tests/e2e-install.test.js",
     "pretest:web-ui-e2e": "npm run build && npm --prefix ui ci && npm --prefix ui run build",