feat(plugins): Add universal plugin support#113
Draft
dcramer wants to merge 15 commits into
Draft
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
Add a canonical .agents/plugins plugin model based on the Codex manifest shape and generate deterministic runtime outputs for supported agent tools. Wire plugin declarations through config loading, lockfiles, install, sync, list, doctor, gitignore handling, and documentation. Reject same-project plugin installs that would overwrite their own source and cover the new behavior with regression tests. Co-Authored-By: Codex <codex@openai.com>
dcramer
force-pushed
the
codex/add-plugin-support
branch
from
f70f2bf to
925d589
Compare
Keep plugin lock entries after bundle installation so later syncs can repair runtime projection failures. Validate same-project plugin declarations in doctor, emit a single conventional OpenCode module, escape generated OpenCode imports, and preserve empty resolved paths for root git plugins. Co-Authored-By: GPT-5 Codex <codex@openai.com>
Use a manifest-shaped marketplace overlay so marketplace source and policy metadata do not leak into installed plugin manifests or generated Codex manifests. Reject same-project plugin declarations during frozen installs so frozen mode matches normal install, sync, and doctor behavior. Co-Authored-By: GPT-5 Codex <codex@openai.com>
Report missing plugin bundles as errors, avoid OpenCode stubs for absent explicit modules, and reject user-scope plugin declarations until user-scope projections are defined. Document the project-scope-only plugin behavior in the public docs and specs. Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
force-pushed
the
codex/add-plugin-support
branch
from
92df14a to
7b2c0fe
Compare
dcramer
force-pushed
the
codex/add-plugin-support
branch
from
7b2c0fe to
a9a6f7b
Compare
dcramer
force-pushed
the
codex/add-plugin-support
branch
from
a9a6f7b to
73edb08
Compare
Keep .agents/plugins/marketplace.json as authored canonical input instead of a generated or pruned runtime artifact. Tighten marketplace selector resolution and avoid treating unsupported source objects or URL-like paths as local filesystem paths. Preserve manifest-declared plugin names through validation, reject explicit path name mismatches, prefer directory-name plugin matches over root manifest matches, and keep same-project plugin aliases out of managed .agents/.gitignore entries. Report plugin sync issues from the repaired state, surface user-scope plugins as unsupported in doctor, and export public plugin config and lockfile types from the host package barrels. Extend the checked-in smoke example with a portable plugin fixture that exercises Claude, Cursor, Codex, Grok, and OpenCode plugin output generation and sync repair. Add regression coverage for git plugin lock metadata, explicit plugin path installs, manifest mismatches, plugin discovery precedence, public plugin type exports, and the reviewed sync and doctor plugin edge cases. Co-Authored-By: GPT-5 Codex <codex@openai.com>
dcramer
force-pushed
the
codex/add-plugin-support
branch
from
73edb08 to
73884c2
Compare
Add an explicit runtime QA command that loads untracked QA env files, keeps the default smoke no-cost, and runs timeout-bounded runtime probes only when requested. Document safe env forwarding for Docker QA and prevent repo-local .env files from being copied into sandbox fixtures. Co-Authored-By: Codex <noreply@openai.com>
This reverts commit e52c63e.
Docker QA showed Claude Code rejects a marketplace entry unless the referenced plugin has a Claude-native .claude-plugin/plugin.json manifest. Generate that managed manifest inside the canonical .agents/plugins bundle, point marketplace sources at ./.agents/plugins/<name>, and omit fields current Claude validation rejects. Co-Authored-By: Codex <noreply@openai.com>
Codex requires a repo-scoped .agents/plugins/marketplace.json before plugin add/list can discover a local plugin. Generate that managed catalog from installed plugin declarations and keep the per-plugin .codex-plugin manifest as the install target. Co-Authored-By: Codex <noreply@openai.com>
Move the checked-in example QA runner into the dotagents-qa skill and split it into explicit tasks for install file checks, sync repair, Claude plugin validation, Codex plugin install proof, OpenCode module projection, and optional Codex runtime proof. Document the task-specific Claude and Codex plugin QA flows so future validation uses the Docker skill instead of one all-in-one smoke script. Co-Authored-By: Codex <noreply@openai.com>
Document how to forward local QA credentials into Docker without copying secrets into fixtures, and spell out runtime-specific OpenRouter or custom-provider paths for Claude Code, Codex, Grok Build, OpenCode, and Cursor. Co-Authored-By: Codex <noreply@openai.com>
Capture the manual Docker proof path for OpenCode credentials, generated subagent discovery, and delegation through the task tool. Also document the local QA env template for provider-specific keys. Co-Authored-By: Codex <noreply@openai.com>
Add managed Cursor native plugin manifests alongside the generated marketplace so local Cursor plugin roots have the expected .cursor-plugin/plugin.json file. Cover write, verify, prune, and unmanaged manifest protection. Document plugin runtime verification steps for Claude, Codex, OpenCode, Cursor, and Grok so manual QA has a deterministic checklist where runtime clients or model auth are required. Co-Authored-By: Codex <noreply@openai.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7fd2c29. Configure here.
Preserve explicit Claude and Cursor component paths before falling back to conventional discovery, and compare managed Grok projection files as bytes so binary plugin assets update correctly. Keep same-project canonical plugins out of regenerated .agents/.gitignore, strengthen OpenCode plugin QA with debug config evidence, and align docs with the current native manifest projection contract. Co-Authored-By: Codex <noreply@openai.com>
Document that plugin-opencode now proves generated OpenCode plugin module loading through debug config while model-backed invocation remains explicit runtime QA. Co-Authored-By: Codex <noreply@openai.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds first-class plugin support using
.agents/pluginsas the canonical local layout while treating the Codex plugin manifest and marketplace shape as the generalized input model. Plugin declarations now flow through config loading, lockfiles, install, sync, list, doctor, gitignore handling, and specs/docs, with deterministic runtime projections for Claude Code, Cursor, Codex, Grok Build, and OpenCode.The implementation keeps source marketplace metadata distinct from generated runtime marketplaces, rejects same-project plugin sources that would overwrite
.agents/plugins/<name>with itself, and only overwrites managed runtime artifacts. Claude and Cursor get generated native manifests inside each canonical plugin bundle plus runtime marketplaces that point at./.agents/plugins/<name>. Codex gets the repo-scoped.agents/plugins/marketplace.jsonplus a generated.codex-plugin/plugin.json; Grok gets a managed bundle copy; OpenCode gets a generated re-export module for explicit or conventional plugin modules.The checked-in full example now includes a representative
qa-toolsplugin fixture, and the dotagents QA skill documents runtime-specific verification for Claude, Codex, OpenCode, Cursor, and Grok. Docker QA coverspnpm check,pnpm qa:example, focused plugin writer coverage, Claude plugin validation, Codex marketplace install/list/add, and OpenCode projection/config execution proof where available. Runtime UI or model-backed checks remain explicit final manual QA steps because those require the native client and authenticated model access.Claude currently warns that
metadata.managedByis unknown, but accepts the plugin and marketplace while dotagents uses that marker to avoid overwriting user-authored files.