Restore ArmorCodex entry in Community Plugins (lost during PR #115 reconcile)

README.md

@@ -139,9 +139,9 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [A Team](https://github.com/RBraga01/a-team) - Universal multi-agent infrastructure with 25 specialist agents, 16 enforced workflow skills, and a lead orchestrator for Claude Code, Codex CLI, Cursor, and OpenCode.
 - [Aegis](https://github.com/GanyuanRan/Aegis) - An agentic skills framework & software development methodology that works: planning, TDD, debugging, and collaboration workflows.
 - [Agent Harness Skills](https://github.com/yfge/agent-harness-skills) - Designs agent-ready repository harnesses with entrypoints, validation surfaces, runtime evidence, delivery records, and atomic commit guidance.
+- [Agent Workflow System](https://github.com/1139030773-cmd/agent-workflow-system) - 一套中文AI工作流系统：7个协作技能 + 行为规范宪法 + 会话恢复机制，模糊目标→可执行任务，全生命周期引导。Codex & Claude Code 双平台，新手友好。
 - [Agentizer](https://github.com/Humiris/wwa-transform) - Turn any website into an AI-powered agentfront with split-pane
 - [AgentOps](https://github.com/boshu2/agentops) - DevOps layer for coding agents with flow, feedback, and memory that compounds between sessions.
-- [Agent Workflow System](https://github.com/1139030773-cmd/agent-workflow-system) - 一套中文AI工作流系统：7个协作技能 + 行为规范宪法 + 会话恢复机制，模糊目标→可执行任务，全生命周期引导。Codex & Claude Code 双平台，新手友好。
 - [AgiFlow](https://github.com/AgiFlow/ai-plugin) - Project management workflows for AI coding agents with planning, grooming, task execution, review, and AgiFlow MCP integration.
 - [Alcove](https://github.com/epicsagas/alcove) - Local-first MCP server for private project docs with hybrid BM25+vector search, tree-sitter code indexing, and automated linting for team-wide documentation standards.
 - [Anchor](https://github.com/biefan/anchor) - Engineering discipline pack for Claude Code & Codex CLI with task-scope locking, anti-drift braking, condition-based codex review, project-CLAUDE.md pitfall writeback, and PreToolUse hooks that block irreversible bash patterns.
@@ -211,6 +211,7 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [Aient](https://github.com/aient-ai/aient-codex-plugin) - AI operations plugin for Codex that connects production telemetry, problem lifecycle context, and remediation workflows through Aient's MCP server.
 - [Antigravity 2.0](https://github.com/comprono/antigravity-2-codex-plugin) - Local Codex bridge for Antigravity desktop with setup checks, model limit summaries, DevTools UI automation, and safe project/chat handoff.
 - [Apple Productivity](https://github.com/matk0shub/apple-productivity-mcp) - Local Apple Calendar and Reminders tooling for macOS with Codex plugin adapters.
+- [ArmorCodex](https://github.com/armoriq/armorCodex) - Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on `bash` and `apply_patch`.
 - [AxonFlow](https://github.com/getaxonflow/axonflow-codex-plugin) - Runtime governance for Codex with policy enforcement on terminal commands, advisory checks for non-terminal tools via skills, PII/secret detection, and compliance-grade audit trails. Self-hosted via Docker.
 - [Bitbucket CLI](https://github.com/avivsinai/bitbucket-cli) - Manage Bitbucket repos, PRs, branches, issues, webhooks, and pipelines for Data Center and Cloud.
 - [Call-E](https://github.com/CALLE-AI/call-e-integrations) - Plan, run, and inspect Call-E phone call workflows from Codex through the calle CLI.

plugins/armoriq/armorCodex/.agents/plugins/marketplace.json

@@ -0,0 +1,20 @@
+{
+  "name": "armoriq",
+  "interface": {
+    "displayName": "ArmorIQ"
+  },
+  "plugins": [
+    {
+      "name": "armorcodex",
+      "source": {
+        "source": "url",
+        "url": "https://github.com/armoriq/armorCodex.git"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL"
+      },
+      "category": "Tools & Integrations"
+    }
+  ]
+}

plugins/armoriq/armorCodex/.codex-plugin/plugin.json

@@ -27,20 +27,17 @@
     "longDescription": "ArmorIQ intent-based security enforcement for OpenAI Codex. Treat as a strong Bash guardrail and audit layer, not a complete boundary for every Codex capability. Codex hooks currently emit Bash, apply_patch, and MCP tool calls. ArmorCodex provides plan registration through MCP, intent-plan matching, permission gating, and post-run audit on those tools. Non-Bash activity (file edits, web search, app connectors) is gated where Codex emits hook events.",
     "developerName": "ArmorIQ",
     "category": "Security",
-    "capabilities": [
-      "MCP",
-      "Hooks"
-    ],
+    "capabilities": ["MCP", "Hooks"],
     "websiteURL": "https://armoriq.ai",
-    "privacyPolicyURL": "https://armoriq.ai/privacy",
-    "termsOfServiceURL": "https://armoriq.ai/terms",
+    "privacyPolicyURL": "https://armoriq.ai/privacy-policy",
+    "termsOfServiceURL": "https://armoriq.ai/terms-of-service",
     "brandColor": "#00E5CC",
     "composerIcon": "./assets/armoriq-logo.png",
     "logo": "./assets/armoriq-logo.png",
     "defaultPrompt": [
-      "Register an intent plan, then run my Bash commands.",
-      "Show the current ArmorCodex security policies.",
-      "Block Bash commands that contain curl or wget."
+      "Show me what security rules are protecting this project.",
+      "Block any commands that fetch URLs or exfiltrate data.",
+      "Walk me through your plan before running anything."
     ]
   },
   "userConfig": {

plugins/armoriq/armorCodex/.codexignore

@@ -0,0 +1,13 @@
+# Paths excluded from Codex plugin distribution + scanner analysis.
+# Test fixtures contain fake API keys (e.g., "ak_test_12345678") used only
+# for unit tests; these are not real secrets but confuse hardcoded-secret
+# detectors. node_modules is build artifact, never shipped.
+
+node_modules/
+tests/
+*.test.mjs
+*.test.js
+*.spec.mjs
+*.spec.js
+.git/
+.DS_Store

plugins/armoriq/armorCodex/.plugin-scanner.toml

@@ -0,0 +1,3 @@
+[ignore]
+rules = ["HARDCODED_SECRET"]
+paths = ["tests/", "tests/*.test.mjs"]

plugins/armoriq/armorCodex/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ArmorIQ Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

plugins/armoriq/armorCodex/README.md

@@ -0,0 +1,43 @@
+# ArmorCodex
+
+Intent-based security enforcement for OpenAI Codex. Hooks Codex's `Bash`, `apply_patch`, and MCP tool calls against a declared intent plan and policy rules. Blocks intent-drift, gates by natural-language policy rules, and ships signed audit logs to the ArmorIQ backend.
+
+This directory is the plugin bundle. The full project lives at the repository root.
+
+## Install
+
+```bash
+curl -fsSL https://armoriq.ai/install_armorcodex.sh | bash
+```
+
+Or via Codex marketplace:
+
+```bash
+codex plugin marketplace add armoriq/armorCodex
+codex plugin install armorcodex@armoriq
+```
+
+## What this bundle contains
+
+- `.codex-plugin/plugin.json` plugin manifest (Codex spec)
+- `.codex/` Codex-specific config
+- `.mcp.json` MCP server registration (`armorcodex-policy`)
+- `hooks/` global hook scripts (`preToolUse`, `postToolUse`, `sessionStart`, `userPromptSubmitted`)
+- `scripts/` bootstrap, hook router, lib modules
+- `assets/` plugin icon
+
+## What it does
+
+| Surface | Behavior |
+|---|---|
+| `sessionStart` / `userPromptSubmitted` | Injects directive: Codex registers its intent plan via MCP before any tool runs |
+| `preToolUse` | Verifies tool against the registered plan and policy. Returns `{"permissionDecision":"deny",...}` for out-of-plan or policy-denied calls. |
+| `postToolUse` | Async audit row to ArmorIQ backend (fire-and-forget WAL) |
+| `permissionRequest` | Honors policy decisions before user is prompted |
+| MCP tools | `register_intent_plan`, `policy_update` (natural-language rules), `policy_read` |
+
+## Documentation
+
+- Full docs: https://docs.armoriq.ai/armorcodex
+- Source repo: https://github.com/armoriq/armorCodex
+- ArmorIQ platform: https://armoriq.ai

plugins/armoriq/armorCodex/SECURITY.md

@@ -0,0 +1,37 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in ArmorCodex, please report it privately:
+
+- **Email**: security@armoriq.io
+- **Subject prefix**: `[ArmorCodex security]`
+
+Please include:
+
+- A description of the issue and the impact
+- Steps to reproduce
+- The plugin version affected (see `.codex-plugin/plugin.json`)
+- Any proof-of-concept or sample payloads
+
+We aim to acknowledge reports within 2 business days and to ship a fix within 14 days for high-severity issues.
+
+Do not file public GitHub issues for security vulnerabilities. Use the email above so we can coordinate a fix before public disclosure.
+
+## Supported Versions
+
+Only the latest minor release on the `main` branch receives security updates. Pin the immutable git tag (e.g., `v0.2.0`) in your plugin marketplace source for reproducibility.
+
+## Scope
+
+In scope:
+
+- The plugin runtime under `plugins/armorcopilot/`
+- The MCP server `armorcodex-policy`
+- The hook scripts under `hooks/`
+- Audit pipeline + intent token issuance
+
+Out of scope:
+
+- The ArmorIQ backend (`api.armoriq.ai`) — report via the same email but use subject prefix `[ArmorIQ backend security]`
+- Third-party dependencies (file with the respective upstream maintainer)

plugins/armoriq/armorCodex/assets/README.md

@@ -0,0 +1,26 @@
+# ArmorCodex Plugin Assets
+
+This directory holds the visual assets the Codex plugin manifest
+(`.codex-plugin/plugin.json`) references. All files are PNG and live at the
+plugin root per the published spec.
+
+## Current assets
+
+| Path | Manifest field | Purpose |
+| --- | --- | --- |
+| `assets/armoriq-logo.png` | `interface.composerIcon` and `interface.logo` | Icon shown in the Codex composer UI and on plugin detail pages. |
+
+## Optional follow-up
+
+Drop additional screenshots here and add them to `interface.screenshots` in
+`.codex-plugin/plugin.json` when ready. Suggested set, in order:
+
+- `screenshot-policy.png` (policy management view)
+- `screenshot-intent-drift.png` (intent drift block)
+- `screenshot-audit.png` (audit trail)
+
+Notes:
+
+- All paths must be relative and start with `./` per the spec.
+- Screenshot entries must be PNG and stored under `./assets/`.
+- ArmorIQ brand color: `#00E5CC` (teal).

plugins/armoriq/armorCodex/hooks/hooks.json

@@ -0,0 +1,73 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Starting ArmorCodex"
+          }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Loading ArmorCodex intent policy"
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Checking ArmorCodex policy"
+          }
+        ]
+      }
+    ],
+    "PermissionRequest": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Checking ArmorCodex approval policy"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Auditing ArmorCodex command"
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "timeout": 30
+          }
+        ]
+      }
+    ]
+  }
+}

plugins/armoriq/armorCodex/scripts/bootstrap.mjs

@@ -0,0 +1,78 @@
+// Lazily install npm dependencies on first run, then dispatch to the
+// real hook-router or MCP server. This makes the plugin work after
+// `codex plugin install` or repo-local hook setup even when the plugin
+// directory has no node_modules.
+import { existsSync, writeFileSync, readFileSync } from "node:fs";
+import { spawnSync } from "node:child_process";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const pluginRoot = path.dirname(__dirname);
+const installedMarker = path.join(pluginRoot, "node_modules", ".armorcodex-installed");
+const packageFiles = [
+  path.join(pluginRoot, "node_modules", "@armoriq", "sdk", "package.json"),
+  path.join(pluginRoot, "node_modules", "zod", "package.json"),
+  path.join(pluginRoot, "node_modules", "@modelcontextprotocol", "sdk", "package.json"),
+];
+
+// The marker is only trusted when all expected packages are also present.
+// Partial installs (e.g. zod present, sdk missing) would previously pass
+// the per-file check and the dispatch would crash on a missing import.
+function installedOk() {
+  if (!existsSync(installedMarker)) return false;
+  if (!packageFiles.every(existsSync)) return false;
+  try {
+    const markerVersion = readFileSync(installedMarker, "utf8").trim();
+    const pkg = JSON.parse(
+      readFileSync(path.join(pluginRoot, "package.json"), "utf8")
+    );
+    return markerVersion === pkg.version;
+  } catch {
+    return false;
+  }
+}
+
+if (!installedOk()) {
+  process.stderr.write("[armorcodex] installing dependencies (one-time)...\n");
+  const result = spawnSync("npm", ["install", "--omit=dev", "--silent", "--no-audit", "--no-fund"], {
+    cwd: pluginRoot,
+    stdio: ["ignore", "ignore", "inherit"]
+  });
+  if (result.status !== 0) {
+    process.stderr.write("[armorcodex] npm install failed (exit " + result.status + ")\n");
+    process.exit(1);
+  }
+  try {
+    const pkg = JSON.parse(
+      readFileSync(path.join(pluginRoot, "package.json"), "utf8")
+    );
+    writeFileSync(installedMarker, pkg.version || "ok", "utf8");
+  } catch {
+    // best-effort — if we can't write the marker the next run will reinstall
+  }
+}
+
+// MCP servers and hook routers communicate with Codex via JSON-RPC / JSON
+// over stdio. Any non-JSON write to stdout corrupts the protocol and Codex
+// closes the transport. Redirect console.* to stderr so dependencies (the
+// ArmorIQ SDK in particular) can't accidentally pollute the channel.
+const _consoleRedirect = (...a) => {
+  const line = a
+    .map((x) => (typeof x === "string" ? x : JSON.stringify(x, null, 0)))
+    .join(" ");
+  process.stderr.write(line + "\n");
+};
+for (const m of ["log", "info", "warn", "error", "debug", "trace"]) {
+  console[m] = _consoleRedirect;
+}
+
+const target = process.argv[2];
+if (target === "router") {
+  await import("./hook-router.mjs");
+} else if (target === "mcp") {
+  await import("./policy-mcp.mjs");
+} else {
+  process.stderr.write("[armorcodex] bootstrap: unknown target '" + target + "'\n");
+  process.exit(2);
+}