Restore ArmorCodex entry in Community Plugins (lost during PR #115 reconcile)

[Harihara04sudhan]

Summary

Restores the ArmorCodex listing in ## Community Plugins → Tools & Integrations after it was accidentally dropped during the PR #115 reconcile (commit bc06f70 included a single-line - deletion of our entry alongside its + adds). Bundle was added in PR #140 (merged 2026-05-20); only the README line was lost.

What's in this PR

File / path	Change
README.md	Restore ArmorCodex entry under Community Plugins → Tools & Integrations (alphabetically between Antigravity and AxonFlow), with backticked bash + apply_patch per gemini-bot suggestion
plugins/armoriq/armorcodex/ (lowercased per maintainer convention)	Complete plugin bundle: .codex-plugin/plugin.json, .codex/, .mcp.json, hooks/hooks.json (8 events), scripts/bootstrap.mjs, scripts/hook-router.mjs, scripts/policy-mcp.mjs, scripts/lib/ (13 lib modules), README.md, LICENSE (MIT), SECURITY.md, .codexignore, assets/armoriq-logo.png
plugins/armoriq/armorcodex/.agents/plugins/marketplace.json	Per-plugin marketplace metadata (owner armoriq, plugin armorcodex, category Tools & Integrations, source URL https://github.com/armoriq/armorCodex.git, follows AgiFlow reference shape)

HOL Plugin Scanner — Evidence

Plugin repo: https://github.com/armoriq/armorCodex
Scanner workflow: .github/workflows/hol-plugin-scanner.yml using hashgraph-online/ai-plugin-scanner-action@v1, min_score: 80, fail_on_severity: high, SARIF upload.
CI run on plugin main: https://github.com/armoriq/armorCodex/actions/runs/27229800929 (✅ success)

Local scanner run:

$ pipx run plugin-scanner scan plugins/armorcodex --format text

── Manifest Validation (28/31) ──
── Security (15/20) ──
── Operational Security (6/6) ──
── Best Practices (9/9) ──
── Marketplace (0/0) ──
── Skill Security (0/0) ──
── Code Quality (10/10) ──

Findings: critical:0, high:0, medium:0, low:1, info:1

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Final Score: 92/100 (A - Excellent)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Bar: 80+/130 with zero critical/high. Achieved: 92/100, zero critical, zero high.

Note on repo-wide HOL Plugin Scanner — Lint check

This check is failing on this PR but failing identically on every other open PR (#202, #204) since the lint workflow was made mandatory in #199. I ran the lint locally against current main:

• Total findings: 1333
• HIGH findings: 139
• HIGH findings referencing plugins/armoriq/armorcodex/: 0

The HIGH findings come from skills/sealos-deploy/scripts/*.mjs (fs.readFileSync/fs.writeFileSync in install scripts), skills-codex/standards/references/*.md (code-example snippets in docs), archcore.ai/agentops install scripts, and 5 in this repo's own README.md. None are introduced by this PR.

Happy to send a follow-up PR with a --baseline for the existing 139 findings (standard pattern for this scanner) if useful.

Refs

• Original add: add ArmorCodex (security plugin for Codex) #140 (merged 2026-05-20, bundle survived)
• Accidental README delete: feat: add 10 pluginpool plugins (full bundles, scanner 97/100 PASS) #115 reconcile, commit bc06f70
• Plugin repo: https://github.com/armoriq/armorCodex
• Scanner workflow on plugin repo: https://github.com/armoriq/armorCodex/blob/main/.github/workflows/hol-plugin-scanner.yml
• Scanner CI green: https://github.com/armoriq/armorCodex/actions/runs/27229800929

🤖 Generated with Claude Code

[gemini-code-assist]

Code Review

This pull request adds the ArmorCodex plugin to the list of third-party plugins in README.md. The review feedback suggests enclosing 'bash' and 'apply_patch' in backticks to maintain formatting consistency and prevent markdown parsing issues.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

To maintain consistency with other entries in this document (such as rg, grep, and git blame), and to ensure that the underscore in apply_patch is not misinterpreted by markdown parsers, it is recommended to enclose bash (preferably lowercase) and apply_patch in backticks.\n\nFor example:\n- [ArmorCodex](https://github.com/armoriq/armorCodex) - Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on bashandapply_patch.

[internet-dot]

This PR only adds a README entry. For this bundle-required repo, a complete submission needs the full plugin bundle under plugins/armoriq/armorCodex/ plus entries in plugins.json and .agents/plugins/marketplace.json.\n\nIf the entry was lost during a prior merge, please resubmit with the complete bundle. See CONTRIBUTING.md.

[internet-dot]

Before this PR can be merged, your plugin repo needs the HOL AI Plugin Scanner running in CI. This is a mandatory requirement for all submissions.

Add this workflow to your plugin repo at .github/workflows/hol-plugin-scanner.yml:

name: HOL Plugin Scanner

on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]

permissions:
  contents: read
  security-events: write

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: HOL Plugin Scanner
        uses: hashgraph-online/ai-plugin-scanner-action@v1
        with:
          plugin_dir: "."
          mode: scan
          min_score: 80
          fail_on_severity: high
          format: sarif
          upload_sarif: true

Also run the scanner locally and include the score in your PR description:

pipx install plugin-scanner
plugin-scanner scan . --format text

Your plugin needs a score of 80/130 or higher with no critical or high severity findings. Link the CI run or paste the score in this PR description.

See the full guide: SCANNER_GUIDE.md

Additional issues:
This PR only restores a README line. You need to provide a full plugin bundle under plugins/armoriq/armorCodex/.

[Harihara04sudhan]

@internet-dot — all asks addressed. Single summary:

What's now in the PR

Ask	Status
Complete plugin bundle at plugins/armoriq/armorCodex/	✅ 25 files: .codex-plugin/plugin.json, .codex/, .mcp.json, hooks/hooks.json (8 events), scripts/ (bootstrap + hook-router + policy-mcp + 13 lib modules), README.md, LICENSE, SECURITY.md, .codexignore, assets/armoriq-logo.png
Per-plugin .agents/plugins/marketplace.json	✅ Added (owner armoriq, plugin armorcodex, category Tools & Integrations, source URL https://github.com/armoriq/armorCodex.git, follows AgiFlow shape)
HOL Plugin Scanner workflow in our plugin repo	✅ Live on armoriq/armorCodex main, CI run 27229800929 green, score 92/100, 0 high/critical
Alphabetical Order Check	✅ Passing on this PR
Gemini bot suggestion (backticks on bash / apply_patch)	✅ Applied

What's excluded from the bundle (intentionally)

• node_modules/ — resolved at runtime from package-lock.json
• tests/ — moved out of the plugin distribution dir per scanner compliance; lives at repo root in the source repo

On the repo-wide HOL Plugin Scanner — Lint check

It is failing on this PR but the failure is repo-wide (failing identically on #202, #204, every open PR since the workflow was made mandatory in #199). I ran the lint locally against current main:

• Total findings: 1333
• HIGH findings: 139
• HIGH findings referencing plugins/armoriq/armorCodex/: 0

The HIGH findings come from skills/sealos-deploy/scripts/*.mjs, skills-codex/standards/references/*.md, archcore.ai, agentops install scripts, and 5 in the repo's own README.md. None are introduced by this PR (which adds 1 README line + the standard bundle).

Standard fix for this scenario is --baseline mode: baseline the existing 139 highs against main so only NEW findings from a PR fail. Happy to send a follow-up PR with that baseline if it'd help.

Ready for re-review whenever you have a moment.

[internet-dot]

Two issues:

1. No scanner evidence — PR description lacks scanner score or CI link (mandatory).

2. Lowercase repo name in path — The bundle path is plugins/armoriq/armorCodex with mixed case. While not a blocker, the standard convention uses the repo's actual GitHub casing. Verify this matches the upstream repo structure.

Bundle otherwise looks complete: plugin.json, icon, SECURITY.md, LICENSE, marketplace.json, README entry. Alphabetical order is correct (Ar after Antigravity, before AxonFlow).

[Harihara04sudhan]

@internet-dot — addressed both review asks.

1. Scanner evidence in PR description — added. PR body now includes:

• Plugin repo + scanner workflow YAML link
• CI run link on plugin main (✅ success): https://github.com/armoriq/armorCodex/actions/runs/27229800929
• Local scanner output: 92/100 (A), 0 critical, 0 high, 0 medium

2. Lowercase repo name in path — renamed plugins/armoriq/armorCodex/ → plugins/armoriq/armorcodex/ to match the dominant convention in this repo (ai-plugin, codex-mem, unity-agent-workflows, call-e-integrations, etc.). 30 files renamed in commit f1befbe9. The upstream GitHub URL in plugin.json / marketplace.json still references the canonical https://github.com/armoriq/armorCodex.git (capital C preserved for the actual repo).

Ready for re-review.

[internet-dot]

Review Summary

✅ Approved

Checks Passed:

• README.md: ArmorCodex entry restored alphabetically between 'Antigravity 2.0' and 'AxonFlow' ✓
• Bundle structure: Complete plugin bundle under with:
  • ✓
  • ✓
  • ✓
  • ✓
  • (MIT) ✓
  • ✓
  • ✓
  • ✓
  • Complete scripts/ and hooks/ directories ✓
• marketplace.json: Per-plugin marketplace metadata added ✓
• Alphabetical order: Correctly positioned ✓
• No duplicates: Single entry ✓

Notes:

• Path lowercased from to per maintainer convention ✓
• Plugin scanner evidence provided (92/100 score, zero critical/high)
• Well-documented PR explaining the accidental deletion context

Thank you for the thorough restoration!

[Harihara04sudhan]

@internet-dot — branch had a conflict (upstream main had already moved Agent Workflow System to the right alphabetical slot, our older commit was a duplicate). Just rebased onto main and resolved. PR is back to MERGEABLE. Could you please re-approve and merge whenever you have a moment? Thanks.

[internet-dot]

Thanks for working on this. The plugin bundle looks good. Please also add:

1. An entry in plugins.json
2. An entry in .agents/plugins/marketplace.json

The README entry can be handled once those registry files are updated.

[Harihara04sudhan]

@internet-dot — added both registry entries in commit 845478e6:

1. plugins.json — new entry under Tools & Integrations:

{
  "name": "ArmorCodex",
  "url": "https://github.com/armoriq/armorCodex",
  "owner": "armoriq",
  "repo": "armorCodex",
  "description": "Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on `bash` and `apply_patch`.",
  "category": "Tools & Integrations",
  "source": "awesome-codex-plugins",
  "install_url": "https://raw.githubusercontent.com/armoriq/armorCodex/HEAD/.codex-plugin/plugin.json"
}

Bumped total: 112 → 113. Inserted alphabetically right before AxonFlow.

2. .agents/plugins/marketplace.json — new entry:

{
  "name": "armorcodex",
  "displayName": "ArmorCodex",
  "source": {
    "source": "local",
    "path": "./plugins/armoriq/armorcodex"
  },
  "policy": {
    "installation": "AVAILABLE",
    "authentication": "ON_INSTALL"
  },
  "category": "Tools & Integrations",
  "description": "Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on `bash` and `apply_patch`."
}

Diff is clean (25 lines total, just the two entries — no formatting churn). Branch is rebased on latest main, MERGEABLE.

Ready when you are.