fix: add plugin cache health check

[mturac]

What Changed

• Added scripts/codex/check-plugin-cache.js to verify the installed plugin cache resolves the manifest's skills, MCP config, and asset references.
• Documented the cache check after marketplace install and clarified that codex plugin list is only a registration check.
• Added regression coverage for missing cache entries, unresolved cached manifest references, resolving cached references, docs coverage, and npm publish inclusion.

Why This Change

Closes #2247.

A marketplace install can report ecc@ecc as installed/enabled even when the installed cache does not contain the files referenced by .codex-plugin/plugin.json. This keeps the current single-source plugin layout intact while giving users a deterministic post-install check and a clear path back to the supported sync flow when cache references are missing.

Testing Done

• Manual testing completed
• Automated tests pass locally (node tests/run-all.js)
• Edge cases considered and tested

Commands run:

• node scripts/codex/check-plugin-cache.js --plugin-dir plugins/ecc
• node tests/scripts/codex-hooks.test.js
• node tests/plugin-manifest.test.js
• node tests/scripts/npm-publish-surface.test.js
• npx eslint scripts/codex/check-plugin-cache.js tests/scripts/codex-hooks.test.js tests/scripts/npm-publish-surface.test.js tests/plugin-manifest.test.js
• git diff --check
• node tests/run-all.js (2738 passed, 0 failed)

Type of Change

• fix: Bug fix
• feat: New feature
• refactor: Code refactoring
• docs: Documentation
• test: Tests
• chore: Maintenance/tooling
• ci: CI/CD changes

Security & Quality Checklist

• No secrets or API keys committed (ghp_, sk-, AKIA, xoxb, xoxp patterns checked)
• JSON files validate cleanly
• Shell scripts pass shellcheck (if applicable; no shell scripts changed)
• Pre-commit hooks pass locally (if configured)
• No sensitive data exposed in logs or output
• Follows conventional commits format

Documentation

• Updated relevant documentation
• Added comments for complex logic
• README updated (if needed)

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

[ecc-tools]

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4d289840-cf60-40ac-8bfc-d3b454495c6c

📥 Commits

Reviewing files that changed from the base of the PR and between 3be2926 and b3a1449.

📒 Files selected for processing (1)

• tests/scripts/codex-hooks.test.js

💤 Files with no reviewable changes (1)

• tests/scripts/codex-hooks.test.js

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)

• GitHub Check: Test (windows-latest, Node 22.x, yarn)
• GitHub Check: Test (macos-latest, Node 20.x, npm)
• GitHub Check: Test (windows-latest, Node 20.x, pnpm)
• GitHub Check: Test (windows-latest, Node 18.x, pnpm)
• GitHub Check: Test (macos-latest, Node 18.x, bun)
• GitHub Check: Test (macos-latest, Node 22.x, yarn)
• GitHub Check: Test (windows-latest, Node 20.x, yarn)
• GitHub Check: Test (macos-latest, Node 22.x, npm)
• GitHub Check: Test (windows-latest, Node 22.x, pnpm)
• GitHub Check: Test (windows-latest, Node 18.x, yarn)
• GitHub Check: Test (windows-latest, Node 18.x, npm)
• GitHub Check: Test (macos-latest, Node 20.x, yarn)

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added a CLI tool to validate installed Codex plugin caches and report missing, broken, or unsafe references.

• Documentation

  • Updated marketplace and ECC plugin installation docs with a post-install cache verification step and guidance to treat marketplace-installed paths as discovery-only when references are missing; recommend manual sync when needed.

• Tests

  • Added tests for cache validation success/failure, manifest resolution, and safety checks.

• Chores

  • Included the cache validation tool in the package publish files.

Walkthrough

This PR adds a Node.js CLI (scripts/codex/check-plugin-cache.js), docs and tests to validate that an installed Codex plugin manifest resolves its referenced skills, MCP config, and assets in the local plugin cache, failing with diagnostics when references are missing or escape the cache.

Changes

Plugin Cache Validation

Layer / File(s)	Summary
Cache validation script implementation scripts/codex/check-plugin-cache.js	Implements a CLI that parses plugin name/version/location options, computes the expected cache directory, loads the installed manifest, collects all path references (skills, mcpServers, interface icons), and verifies each reference exists as a file or directory. Exits with code 0 on success, 1 if any reference is missing or the manifest is not found.
Integration tests and fixtures tests/scripts/codex-hooks.test.js	Adds filesystem helpers and fixture manifests to construct mock cache directories, then defines integration tests that validate script behavior: missing referenced files (expecting FAIL+exit 1), manifest traversal/escape rejection, successful resolution (OK+exit 0), missing manifest diagnostics, and invalid-argument rejection.
Documentation and npm publishing .codex-plugin/README.md, README.md, plugins/ecc/README.md, package.json, tests/plugin-manifest.test.js, tests/scripts/npm-publish-surface.test.js	Updates installation guides to include the cache-check command as a post-install verification step, adds the script to the npm publish files whitelist, and updates tests asserting the script is documented and packaged.

Sequence Diagram

sequenceDiagram
  participant User as User CLI
  participant Script as check-plugin-cache.js
  participant FS as Filesystem
  
  User->>Script: Run with plugin name/version/home
  Script->>FS: Resolve cache directory path
  FS-->>Script: Path computed
  Script->>FS: Check manifest exists
  alt manifest missing
    FS-->>Script: Not found
    Script->>User: Exit 1, list installed versions
  else manifest found
    FS-->>Script: Manifest file
    Script->>FS: Load JSON
    FS-->>Script: Parsed manifest
    Script->>Script: Collect skill, MCP, asset path references
    Script->>FS: Verify each reference resolves
    FS-->>Script: [OK] or [FAIL] per reference
    alt all references resolve
      Script->>User: Exit 0, validation passed
    else any reference missing
      Script->>User: Exit 1, list failed references
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• affaan-m/ECC#2117: Adds interface.composerIcon and interface.logo to the plugin manifest and packages the referenced asset files, which this PR's new validation script subsequently checks.

Poem

📦 A cache runs shallow, promises unmet,
🔍 A script now checks: did your files arrive yet?
✅ It scans the manifest, each skill and icon,
🚨 Flags missing paths so runtime won't lie on,
🛠️ Honest exits tell you what to fetch next.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a plugin cache health check script to verify installed plugin cache integrity.
Description check	✅ Passed	The description explains what changed, why it matters, and provides testing evidence. It directly addresses issue #2247 regarding unresolved manifest references in installed plugin caches.
Linked Issues check	✅ Passed	The PR directly addresses issue #2247 by implementing a post-install cache health check script that verifies manifest-referenced paths resolve, adding documentation, and providing regression test coverage for the identified cache resolution failures.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #2247: the health check script, documentation updates, test coverage, and npm package manifest inclusion. No unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR adds scripts/codex/check-plugin-cache.js, a post-install health-check that verifies all paths referenced by the cached plugin manifest actually exist inside the Codex plugin cache directory. It also updates documentation in three READMEs and wires the script into the npm publish surface.

• Health-check script: reads the cached plugin.json, resolves each skills, mcpServers, and interface ref relative to the cache root, and reports [OK]/[FAIL] per entry; manifest refs that escape the cache boundary via .. are rejected before any filesystem access.
• Tests: six new integration tests in codex-hooks.test.js cover missing cache, boundary-escaping manifest refs, a fully passing cache, missing install, traversal in CLI segments, and custom marketplace/plugin names; the version used to seed the cache is now read dynamically from package.json rather than hardcoded.
• Publish surface: the script is added to package.json's files array and to both assertion lists in npm-publish-surface.test.js.

Confidence Score: 5/5

Safe to merge — the new script is a read-only diagnostic tool with no side effects on the installed Codex state.

All three issues raised in previous review rounds have been resolved: the hardcoded version in tests is gone (now read dynamically from package.json), CLI path-segment traversal is blocked by validateCacheSegment, and manifest-ref traversal is caught by the relative-path boundary check. The remaining note about validateCacheSegment applying to the default version is cosmetic and cannot cause incorrect cache reads or data exposure.

scripts/codex/check-plugin-cache.js — the only non-trivial logic file; the boundary-escape check and default-version validation path are worth a quick read.

Important Files Changed

Filename	Overview
scripts/codex/check-plugin-cache.js	New health-check script; previously flagged path-traversal issues in CLI args and manifest refs are now guarded. One minor edge: validateCacheSegment is applied to the default version drawn from package.json, so a rare malformed package version would produce a confusing 'Invalid --version' error even though the user never passed the flag.
tests/scripts/codex-hooks.test.js	Six new cache-check tests added; the version is now read dynamically from package.json (addressing the previous hardcoded-version finding), and the hermetic env correctly propagates CODEX_HOME.
tests/scripts/npm-publish-surface.test.js	check-plugin-cache.js correctly added to both the expected-publish-paths helper and the required-pack-contents assertion.
tests/plugin-manifest.test.js	Added assertion that plugins/ecc README references check-plugin-cache.js; straightforward documentation coverage test.
package.json	scripts/codex/check-plugin-cache.js added to the files array so it is included in the npm publish surface.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([check-plugin-cache.js]) --> B[parseArgs]
    B --> C{plugin-dir provided?}
    C -- yes --> E[Use pluginDir directly]
    C -- no --> D[validateCacheSegment for marketplace / plugin / version]
    D --> F[Build cacheDir from CODEX_HOME]
    E --> G[cacheDir resolved]
    F --> G
    G --> H{manifest exists?}
    H -- no --> I[listInstalledVersions and print guidance]
    I --> Z([exit 1])
    H -- yes --> J[readJson plugin.json]
    J --> K[collectManifestRefs: skills / mcpServers / composerIcon / logo]
    K --> L{for each ref}
    L --> M{escapes cache boundary?}
    M -- yes --> N[FAIL: escapes]
    M -- no --> O{pathExists?}
    O -- yes --> P[OK]
    O -- no --> Q[FAIL: missing]
    N --> R{more refs?}
    P --> R
    Q --> R
    R -- yes --> L
    R -- no --> S{failures gt 0?}
    S -- yes --> T[print sync guidance]
    T --> Z
    S -- no --> U([exit 0])

Loading

_{Reviews (3): Last reviewed commit: "test: remove unused plugin cache fixture" | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/codex/check-plugin-cache.js`:
- Around line 198-200: The three log(...) lines hardcode an ECC-specific sync
command; update the fallback to be repo-agnostic by either (A) detecting the ECC
repo root and only printing the specific "npm install && bash
scripts/sync-ecc-to-codex.sh" when the script/sync-ecc-to-codex.sh file exists
(use __dirname or process.cwd() + fs.existsSync to check) and otherwise print a
generic instruction, or (B) always replace the hardcoded command with a
generalized message like "Use the supported manual sync workflow from your ECC
installation" (update the existing log(...) calls accordingly); change the code
around the log(...) calls so the message shown is conditional on the presence
check or replaced with the generic wording.
- Line 170: Replace the hardcoded log message that says 'No installed cache
entries found for ecc/ecc.' with a dynamic message that uses the actual values
passed in via options.marketplace and options.plugin (e.g., build the string
using options.marketplace and options.plugin) so the log reflects the real
search context; locate the log call (log(...)) around where options is available
and format the message accordingly, ensuring it handles missing values
gracefully (fallback to a placeholder like '<unknown>') if necessary.
- Around line 30-75: The parseArgs function currently mutates the local options
object; refactor it to build and return a new object instead: walk argv the same
way but collect argument values into a new plain object (e.g., newOptions) or
local variables, and at the end return a composed object (with resolved
codexHome/pluginDir and defaults from PACKAGE_JSON.version) rather than
reassigning properties on the original options; update uses of options in
parseArgs (including where codexHome and pluginDir are resolved) to set values
on the new object and optionally freeze it before returning to enforce
immutability.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: e3bc871a-8a3b-463e-a8e9-310b7e7ebe51

📥 Commits

Reviewing files that changed from the base of the PR and between 5b173d2 and 8ebdac5.

📒 Files selected for processing (8)

• .codex-plugin/README.md
• README.md
• package.json
• plugins/ecc/README.md
• scripts/codex/check-plugin-cache.js
• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (28)

• GitHub Check: Greptile Review
• GitHub Check: Test (macos-latest, Node 22.x, pnpm)
• GitHub Check: Test (macos-latest, Node 18.x, pnpm)
• GitHub Check: Test (macos-latest, Node 22.x, bun)
• GitHub Check: Test (windows-latest, Node 22.x, npm)
• GitHub Check: Test (windows-latest, Node 22.x, pnpm)
• GitHub Check: Test (windows-latest, Node 22.x, yarn)
• GitHub Check: Test (macos-latest, Node 20.x, pnpm)
• GitHub Check: Test (ubuntu-latest, Node 18.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 20.x, bun)
• GitHub Check: Test (windows-latest, Node 20.x, pnpm)
• GitHub Check: Test (macos-latest, Node 22.x, yarn)
• GitHub Check: Test (windows-latest, Node 20.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 20.x, pnpm)
• GitHub Check: Test (windows-latest, Node 18.x, npm)
• GitHub Check: Test (windows-latest, Node 18.x, pnpm)
• GitHub Check: Test (windows-latest, Node 20.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 20.x, yarn)
• GitHub Check: Test (windows-latest, Node 18.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 22.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 22.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 18.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 22.x, pnpm)
• GitHub Check: Test (ubuntu-latest, Node 20.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 22.x, bun)
• GitHub Check: Test (ubuntu-latest, Node 18.x, pnpm)
• GitHub Check: Test (ubuntu-latest, Node 18.x, bun)
• GitHub Check: Coverage

🧰 Additional context used

📓 Path-based instructions (20)

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

NEVER hardcode secrets in source code - ALWAYS use environment variables or a secret manager

Files:

• package.json
• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

{package.json,*.config.js,scripts/**/*.js}

📄 CodeRabbit inference engine (CLAUDE.md)

Package manager detection should support npm, pnpm, yarn, and bun, with configuration via CLAUDE_PACKAGE_MANAGER environment variable or project config.

Files:

• package.json
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,json,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Do not hardcode secrets, API keys, passwords, or tokens

Files:

• package.json
• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}

📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}: Always create new objects, never mutate existing ones. Use immutable patterns to prevent hidden side effects and enable safe concurrency
Organize code into many small files (200-400 lines typical, 800 lines max) organized by feature/domain rather than by type
Always handle errors explicitly at every level and never silently swallow errors
Always validate all user input before processing at system boundaries
Use schema-based validation where available
Fail fast with clear error messages when validation fails
Never trust external data (API responses, user input, file content)
Ensure code is readable and well-named
Keep functions small (less than 50 lines)
Keep files focused (less than 800 lines)
Avoid deep nesting (more than 4 levels)
Do not use hardcoded values; use constants or configuration instead

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

No hardcoded secrets (API keys, passwords, tokens) - validate before any commit

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}: All user inputs must be validated
Enable CSRF protection on all state-changing endpoints
Verify authentication and authorization for all protected endpoints
Implement rate limiting on all endpoints to prevent abuse
Ensure error messages do not leak sensitive data in responses

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Use parameterized queries to prevent SQL injection

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Implement XSS prevention by sanitizing HTML output

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)

**/*.{ts,tsx,js,jsx}: Use spread operator for immutable updates in TypeScript/JavaScript instead of direct mutation
Use async/await with try-catch for error handling in TypeScript/JavaScript
Use Zod for schema-based input validation in TypeScript/JavaScript
No console.log statements in production code; use proper logging libraries instead

**/*.{ts,tsx,js,jsx}: Auto-format JavaScript/TypeScript files using Prettier after edit
Warn about console.log statements in edited files
Check all modified files for console.log statements before session ends

**/*.{ts,tsx,js,jsx}: Use the ApiResponse interface pattern with generic type parameter: interface ApiResponse<T> { success: boolean; data?: T; error?: string; meta?: { total: number; page: number; limit: number; } }
Implement custom React hooks following the pattern: export a named function with use prefix, generic type parameters, and proper useEffect cleanup for side effects

**/*.{ts,tsx,js,jsx}: Never hardcode secrets; always use environment variables for sensitive credentials like API keys
Throw an error when required environment variables are not configured to fail fast and ensure security prerequisites are met

Use Playwright as the E2E testing framework for critical user flows in TypeScript/JavaScript

Sanitize HTML output to prevent XSS (Cross-Site Scripting) attacks

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{test,spec}.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{test,spec}.{js,ts,jsx,tsx}: Write tests before implementation (test-driven development); target 80%+ coverage
Achieve minimum 80% test coverage across all three layers: Unit, Integration, and E2E
Use AAA structure (Arrange / Act / Assert) in tests with descriptive test names that explain behavior under test

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts,jsx,tsx}: Always create new objects and never mutate in place; return new copies instead
Keep files between 200–400 lines typical, with a maximum of 800 lines
Extract helpers when a file exceeds 200 lines
Handle errors explicitly at every level; never swallow errors silently
Validate all user input before processing; use schema-based validation where available
Never trust external data (API responses, file content, query params); always validate
All user inputs must be validated and sanitized
Error messages must be scrubbed of sensitive internals
Use readable, well-named identifiers in all code
Keep functions under 50 lines
Keep files under 800 lines
Avoid nesting deeper than 4 levels
Implement comprehensive error handling in all code
Do not hardcode values; use constants or environment configuration instead
Do not use in-place mutation; always return new objects or state

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts}: Use parameterized queries for all database writes (no string interpolation)
Auth/authz must be checked server-side for every sensitive path
Rate limiting must be applied to all public endpoints

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{jsx,tsx,js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

HTML output must be sanitized where applicable

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Required environment variables must be validated at startup

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.{ts,tsx,js,jsx,py,go,rs,kt,java,cpp,cc,cxx,c,fs}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx,py,go,rs,kt,java,cpp,cc,cxx,c,fs}: Write tests before implementation using the TDD workflow (RED → GREEN → IMPROVE), ensuring 80%+ code coverage
Always create new objects and never mutate existing ones; return new copies with changes applied
Keep functions small (<50 lines) and files focused (<800 lines, typical 200-400 lines)
Avoid deep nesting (>4 levels) in code
No hardcoded values in code; use configuration or constants with proper naming
Validate all user inputs at system boundaries using schema-based validation; fail fast with clear error messages
Never hardcode secrets (API keys, passwords, tokens); use environment variables or secret managers instead
Use parameterized queries to prevent SQL injection attacks
Enable CSRF (Cross-Site Request Forgery) protection on all endpoints
Verify authentication and authorization for all endpoints and sensitive operations
Implement rate limiting on all endpoints
Error messages must not leak sensitive data; provide user-friendly messages in UI code and detailed context in server-side logs
Handle errors at every level of the application; never silently swallow errors
Use well-named identifiers that are readable and self-documenting
Organize code by feature/domain, not by type; maintain high cohesion and low coupling

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

**/*.test.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

Write unit tests for individual functions, utilities, and components

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js

**/*.{ts,tsx,js,jsx,py,go,rs,kt,java}

📄 CodeRabbit inference engine (AGENTS.md)

Use consistent API response format with success indicator, data payload, error message, and pagination metadata

Files:

• tests/plugin-manifest.test.js
• tests/scripts/codex-hooks.test.js
• tests/scripts/npm-publish-surface.test.js
• scripts/codex/check-plugin-cache.js

README.md

📄 CodeRabbit inference engine (CLAUDE.md)

When working on README.md files, use the /readme skill.

Files:

• README.md

scripts/**/*.js

📄 CodeRabbit inference engine (CLAUDE.md)

Ensure cross-platform support for Windows, macOS, and Linux via Node.js scripts in the scripts/ directory.

Files:

• scripts/codex/check-plugin-cache.js

{scripts,bin}/**

⚙️ CodeRabbit configuration file

{scripts,bin}/**: Focus on command injection, unsafe subprocess usage, path traversal, SSRF, secret exposure, and missing tests for new CLI behavior.

Files:

• scripts/codex/check-plugin-cache.js

🔇 Additional comments (8)

tests/scripts/codex-hooks.test.js (1)

14-14: LGTM!

Also applies to: 86-196

.codex-plugin/README.md (1)

41-47: LGTM!

README.md (1)

1393-1401: LGTM!

package.json (1)

84-84: LGTM!

plugins/ecc/README.md (1)

36-45: LGTM!

tests/plugin-manifest.test.js (1)

466-466: LGTM!

tests/scripts/npm-publish-surface.test.js (1)

71-71: LGTM!

Also applies to: 144-144

scripts/codex/check-plugin-cache.js (1)

125-144: Do not require extending collectManifestRefs for array-form skills/mcpServers.

Repo manifest checks show no existing plugin.json files use skills or mcpServers as arrays (jq found no entries where either field’s JSON type is array), so the current string-only handling doesn’t appear to skip any real-world references here.

			> Likely an incorrect or invalid review comment.

[ecc-tools]

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

tests/scripts/codex-hooks.test.js (1)

131-148: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add test coverage for malicious manifest references with path traversal.

The current test suite validates CLI argument traversal rejection but does not test whether the script properly rejects manifest references that traverse outside the cache boundary. A test case with a manifest containing "skills": "../../../../../etc/passwd" would verify that the script detects and fails such attempts.

🧪 Proposed test case

+if (
+  test('check-plugin-cache rejects manifest references that escape the cache boundary', () => {
+    const homeDir = createTempDir('codex-plugin-cache-traversal-manifest-home-');
+    const codexDir = path.join(homeDir, '.codex');
+
+    try {
+      const maliciousManifest = {
+        name: 'ecc',
+        version: packageVersion,
+        skills: '../../../../../etc/passwd',
+      };
+      seedPluginCache(codexDir, maliciousManifest);
+      const result = runNode(pluginCacheCheckScript, [], makeHermeticCodexEnv(homeDir, codexDir));
+
+      assert.strictEqual(result.status, 1, `${result.stdout}\n${result.stderr}`);
+      assert.match(result.stdout, /\[FAIL\] skills escapes cache boundary/);
+    } finally {
+      cleanup(homeDir);
+    }
+  })
+)
+  passed++;
+else failed++;
+

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/scripts/codex-hooks.test.js` around lines 131 - 148, Add a new test (or
extend the existing test 'check-plugin-cache fails when the installed cache is
missing manifest-referenced files') that seeds a plugin cache manifest
containing a path-traversal reference (e.g., skills:
"../../../../../etc/passwd") and then invokes runNode(pluginCacheCheckScript,
[], makeHermeticCodexEnv(homeDir, codexDir)); assert the process exits with
status 1 and that stdout/stderr contains the expected failure messages (e.g.,
"[FAIL] skills missing" or an explicit "path traversal" or "manifest reference
outside cache" error) so the script is verified to reject manifest entries that
traverse outside the cache; reuse createTempDir, seedPluginCache, cleanup and
existing assertion patterns (assert.strictEqual, assert.match) from the test
harness.

scripts/codex/check-plugin-cache.js (1)

204-212: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Path traversal vulnerability in manifest reference validation.

The resolved target is not validated to remain within cacheDir. A malicious plugin manifest can include traversal sequences (e.g., "skills": "../../../../../etc/passwd"), and path.resolve(cacheDir, entry.ref) will resolve to an absolute path outside the cache. The script will then probe whether that external path exists, creating a filesystem oracle vulnerability and defeating the cache self-containment check.

🔒 Proposed fix to validate boundary

   log(`Manifest: ${manifestPath}`);
   for (const entry of refs) {
     const target = path.resolve(cacheDir, entry.ref);
+    const relative = path.relative(cacheDir, target);
+    if (relative.startsWith('..') || path.isAbsolute(relative)) {
+      failures += 1;
+      log(`[FAIL] ${entry.label} escapes cache boundary -> ${entry.ref}`);
+      continue;
+    }
     if (pathExists(target, entry.kind)) {
       log(`[OK] ${entry.label} -> ${target}`);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/codex/check-plugin-cache.js` around lines 204 - 212, The loop
resolving plugin manifest refs uses path.resolve(cacheDir, entry.ref) to produce
target but does not validate that target stays inside cacheDir, allowing path
traversal; update the loop in which target is computed (the code using cacheDir,
entry.ref and target) to validate the resolved path is contained in cacheDir
before probing the filesystem: compute target as now, then compute const rel =
path.relative(cacheDir, target) and treat the entry as invalid if
rel.startsWith('..') or path.isAbsolute(rel) && rel.indexOf('..') === 0 (or
simply rel === '' or !rel.startsWith('..') to allow only same-tree paths);
log/mark a failure for traversal attempts instead of calling pathExists on the
external path. This keeps the cache self-containment check and prevents
filesystem oracle traversal.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@scripts/codex/check-plugin-cache.js`:
- Around line 204-212: The loop resolving plugin manifest refs uses
path.resolve(cacheDir, entry.ref) to produce target but does not validate that
target stays inside cacheDir, allowing path traversal; update the loop in which
target is computed (the code using cacheDir, entry.ref and target) to validate
the resolved path is contained in cacheDir before probing the filesystem:
compute target as now, then compute const rel = path.relative(cacheDir, target)
and treat the entry as invalid if rel.startsWith('..') or path.isAbsolute(rel)
&& rel.indexOf('..') === 0 (or simply rel === '' or !rel.startsWith('..') to
allow only same-tree paths); log/mark a failure for traversal attempts instead
of calling pathExists on the external path. This keeps the cache
self-containment check and prevents filesystem oracle traversal.

In `@tests/scripts/codex-hooks.test.js`:
- Around line 131-148: Add a new test (or extend the existing test
'check-plugin-cache fails when the installed cache is missing
manifest-referenced files') that seeds a plugin cache manifest containing a
path-traversal reference (e.g., skills: "../../../../../etc/passwd") and then
invokes runNode(pluginCacheCheckScript, [], makeHermeticCodexEnv(homeDir,
codexDir)); assert the process exits with status 1 and that stdout/stderr
contains the expected failure messages (e.g., "[FAIL] skills missing" or an
explicit "path traversal" or "manifest reference outside cache" error) so the
script is verified to reject manifest entries that traverse outside the cache;
reuse createTempDir, seedPluginCache, cleanup and existing assertion patterns
(assert.strictEqual, assert.match) from the test harness.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 946e314c-3d30-496a-af4d-489d79dceca6

📥 Commits

Reviewing files that changed from the base of the PR and between 8ebdac5 and 2321506.

📒 Files selected for processing (2)

• scripts/codex/check-plugin-cache.js
• tests/scripts/codex-hooks.test.js

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (28)

• GitHub Check: Greptile Review
• GitHub Check: Test (macos-latest, Node 22.x, pnpm)
• GitHub Check: Test (macos-latest, Node 22.x, yarn)
• GitHub Check: Test (macos-latest, Node 20.x, bun)
• GitHub Check: Test (windows-latest, Node 22.x, pnpm)
• GitHub Check: Test (macos-latest, Node 18.x, yarn)
• GitHub Check: Test (windows-latest, Node 22.x, yarn)
• GitHub Check: Test (windows-latest, Node 22.x, npm)
• GitHub Check: Test (windows-latest, Node 18.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 22.x, yarn)
• GitHub Check: Test (windows-latest, Node 20.x, pnpm)
• GitHub Check: Test (macos-latest, Node 18.x, npm)
• GitHub Check: Test (windows-latest, Node 18.x, pnpm)
• GitHub Check: Test (windows-latest, Node 20.x, yarn)
• GitHub Check: Test (windows-latest, Node 20.x, npm)
• GitHub Check: Test (windows-latest, Node 18.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 22.x, bun)
• GitHub Check: Test (ubuntu-latest, Node 22.x, pnpm)
• GitHub Check: Test (ubuntu-latest, Node 18.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 20.x, pnpm)
• GitHub Check: Test (ubuntu-latest, Node 18.x, pnpm)
• GitHub Check: Test (ubuntu-latest, Node 18.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 18.x, bun)
• GitHub Check: Test (ubuntu-latest, Node 20.x, bun)
• GitHub Check: Test (ubuntu-latest, Node 20.x, npm)
• GitHub Check: Test (ubuntu-latest, Node 20.x, yarn)
• GitHub Check: Test (ubuntu-latest, Node 22.x, npm)
• GitHub Check: Coverage

🧰 Additional context used

📓 Path-based instructions (19)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}

📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}: Always create new objects, never mutate existing ones. Use immutable patterns to prevent hidden side effects and enable safe concurrency
Organize code into many small files (200-400 lines typical, 800 lines max) organized by feature/domain rather than by type
Always handle errors explicitly at every level and never silently swallow errors
Always validate all user input before processing at system boundaries
Use schema-based validation where available
Fail fast with clear error messages when validation fails
Never trust external data (API responses, user input, file content)
Ensure code is readable and well-named
Keep functions small (less than 50 lines)
Keep files focused (less than 800 lines)
Avoid deep nesting (more than 4 levels)
Do not use hardcoded values; use constants or configuration instead

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

No hardcoded secrets (API keys, passwords, tokens) - validate before any commit

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}: All user inputs must be validated
Enable CSRF protection on all state-changing endpoints
Verify authentication and authorization for all protected endpoints
Implement rate limiting on all endpoints to prevent abuse
Ensure error messages do not leak sensitive data in responses

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Use parameterized queries to prevent SQL injection

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Implement XSS prevention by sanitizing HTML output

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

NEVER hardcode secrets in source code - ALWAYS use environment variables or a secret manager

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)

**/*.{ts,tsx,js,jsx}: Use spread operator for immutable updates in TypeScript/JavaScript instead of direct mutation
Use async/await with try-catch for error handling in TypeScript/JavaScript
Use Zod for schema-based input validation in TypeScript/JavaScript
No console.log statements in production code; use proper logging libraries instead

**/*.{ts,tsx,js,jsx}: Auto-format JavaScript/TypeScript files using Prettier after edit
Warn about console.log statements in edited files
Check all modified files for console.log statements before session ends

**/*.{ts,tsx,js,jsx}: Use the ApiResponse interface pattern with generic type parameter: interface ApiResponse<T> { success: boolean; data?: T; error?: string; meta?: { total: number; page: number; limit: number; } }
Implement custom React hooks following the pattern: export a named function with use prefix, generic type parameters, and proper useEffect cleanup for side effects

**/*.{ts,tsx,js,jsx}: Never hardcode secrets; always use environment variables for sensitive credentials like API keys
Throw an error when required environment variables are not configured to fail fast and ensure security prerequisites are met

Use Playwright as the E2E testing framework for critical user flows in TypeScript/JavaScript

Sanitize HTML output to prevent XSS (Cross-Site Scripting) attacks

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{test,spec}.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{test,spec}.{js,ts,jsx,tsx}: Write tests before implementation (test-driven development); target 80%+ coverage
Achieve minimum 80% test coverage across all three layers: Unit, Integration, and E2E
Use AAA structure (Arrange / Act / Assert) in tests with descriptive test names that explain behavior under test

Files:

• tests/scripts/codex-hooks.test.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts,jsx,tsx}: Always create new objects and never mutate in place; return new copies instead
Keep files between 200–400 lines typical, with a maximum of 800 lines
Extract helpers when a file exceeds 200 lines
Handle errors explicitly at every level; never swallow errors silently
Validate all user input before processing; use schema-based validation where available
Never trust external data (API responses, file content, query params); always validate
All user inputs must be validated and sanitized
Error messages must be scrubbed of sensitive internals
Use readable, well-named identifiers in all code
Keep functions under 50 lines
Keep files under 800 lines
Avoid nesting deeper than 4 levels
Implement comprehensive error handling in all code
Do not hardcode values; use constants or environment configuration instead
Do not use in-place mutation; always return new objects or state

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,jsx,tsx,json,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Do not hardcode secrets, API keys, passwords, or tokens

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{js,ts}: Use parameterized queries for all database writes (no string interpolation)
Auth/authz must be checked server-side for every sensitive path
Rate limiting must be applied to all public endpoints

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{jsx,tsx,js,ts}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

HTML output must be sanitized where applicable

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{js,ts,env*}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Required environment variables must be validated at startup

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.{ts,tsx,js,jsx,py,go,rs,kt,java,cpp,cc,cxx,c,fs}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx,py,go,rs,kt,java,cpp,cc,cxx,c,fs}: Write tests before implementation using the TDD workflow (RED → GREEN → IMPROVE), ensuring 80%+ code coverage
Always create new objects and never mutate existing ones; return new copies with changes applied
Keep functions small (<50 lines) and files focused (<800 lines, typical 200-400 lines)
Avoid deep nesting (>4 levels) in code
No hardcoded values in code; use configuration or constants with proper naming
Validate all user inputs at system boundaries using schema-based validation; fail fast with clear error messages
Never hardcode secrets (API keys, passwords, tokens); use environment variables or secret managers instead
Use parameterized queries to prevent SQL injection attacks
Enable CSRF (Cross-Site Request Forgery) protection on all endpoints
Verify authentication and authorization for all endpoints and sensitive operations
Implement rate limiting on all endpoints
Error messages must not leak sensitive data; provide user-friendly messages in UI code and detailed context in server-side logs
Handle errors at every level of the application; never silently swallow errors
Use well-named identifiers that are readable and self-documenting
Organize code by feature/domain, not by type; maintain high cohesion and low coupling

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

**/*.test.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

Write unit tests for individual functions, utilities, and components

Files:

• tests/scripts/codex-hooks.test.js

**/*.{ts,tsx,js,jsx,py,go,rs,kt,java}

📄 CodeRabbit inference engine (AGENTS.md)

Use consistent API response format with success indicator, data payload, error message, and pagination metadata

Files:

• tests/scripts/codex-hooks.test.js
• scripts/codex/check-plugin-cache.js

{package.json,*.config.js,scripts/**/*.js}

📄 CodeRabbit inference engine (CLAUDE.md)

Package manager detection should support npm, pnpm, yarn, and bun, with configuration via CLAUDE_PACKAGE_MANAGER environment variable or project config.

Files:

• scripts/codex/check-plugin-cache.js

scripts/**/*.js

📄 CodeRabbit inference engine (CLAUDE.md)

Ensure cross-platform support for Windows, macOS, and Linux via Node.js scripts in the scripts/ directory.

Files:

• scripts/codex/check-plugin-cache.js

{scripts,bin}/**

⚙️ CodeRabbit configuration file

{scripts,bin}/**: Focus on command injection, unsafe subprocess usage, path traversal, SSRF, secret exposure, and missing tests for new CLI behavior.

Files:

• scripts/codex/check-plugin-cache.js

🔇 Additional comments (12)

scripts/codex/check-plugin-cache.js (4)

30-44: LGTM!

---

46-93: LGTM!

---

188-193: LGTM!

---

221-227: LGTM!

tests/scripts/codex-hooks.test.js (8)

18-19: LGTM!

---

88-103: LGTM!

---

106-125: LGTM!

---

131-148: LGTM!

---

154-175: LGTM!

---

181-194: LGTM!

---

199-219: LGTM!

---

221-242: LGTM!

[ecc-tools]

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

[ecc-tools]

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.