Add Cursor plugin manifests and align skill name frontmatter

Author: MajidAbuRmila

.cursor-plugin/marketplace.json

@@ -0,0 +1,19 @@
+{
+  "name": "controlplane",
+  "owner": {
+    "name": "Control Plane",
+    "email": "support@controlplane.com"
+  },
+  "metadata": {
+    "description": "Control Plane plugins for Cursor — multi-cloud workload deployment, secrets, networking, troubleshooting.",
+    "version": "1.2.1"
+  },
+  "plugins": [
+    {
+      "name": "cpln",
+      "source": "plugins/cpln",
+      "version": "1.2.1",
+      "description": "Control Plane — hybrid multi-cloud platform. Skills, agents, and guardrails for deploying workloads, managing secrets, configuring networking, troubleshooting, and migrating from Kubernetes across AWS, GCP, Azure, and private clouds."
+    }
+  ]
+}

.github/workflows/release.yml

@@ -57,6 +57,9 @@ jobs:
           check plugins/cpln/.claude-plugin/plugin.json '.version'
           check .claude-plugin/marketplace.json '.plugins[0].version'
           check plugins/cpln/.codex-plugin/plugin.json '.version'
+          check plugins/cpln/.cursor-plugin/plugin.json '.version'
+          check .cursor-plugin/marketplace.json '.metadata.version'
+          check .cursor-plugin/marketplace.json '.plugins[0].version'
           check gemini-extension.json '.version'
           [ "$fail" -eq 0 ] || exit 1
 
@@ -65,11 +68,14 @@ jobs:
           jq empty \
             .claude-plugin/marketplace.json \
             .agents/plugins/marketplace.json \
+            .cursor-plugin/marketplace.json \
             gemini-extension.json \
             hooks/hooks.json \
             plugins/cpln/.claude-plugin/plugin.json \
             plugins/cpln/.codex-plugin/plugin.json \
             plugins/cpln/.codex-plugin/mcp.json \
+            plugins/cpln/.cursor-plugin/plugin.json \
+            plugins/cpln/.cursor-plugin/mcp.json \
             plugins/cpln/.claude-mcp.json \
             plugins/cpln/hooks/cpln-hooks.json
 

CHANGELOG.md

@@ -18,67 +18,60 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/) and this
 
 ### Added
 
-- `plugins/cpln/hooks/inject-rules.sh` — a single bundled shell script that walks `plugins/cpln/rules/*.md`, filters by `alwaysApply: true` in frontmatter, and emits the `hookSpecificOutput.additionalContext` envelope. Called from all three SessionStart hooks (Claude, Codex, Gemini); uses `awk` for JSON escaping so the hook has zero optional runtime dependencies.
+- Bundled SessionStart hook script that injects always-apply rules without requiring `jq` on the user's machine.
 
 ### Changed
 
-- `SessionStart` hooks across Claude (`plugins/cpln/hooks/cpln-hooks.json`), Codex (same), and Gemini (`hooks/hooks.json`) now invoke `inject-rules.sh` instead of inlining a `jq`-based shell pipeline. Behavior is byte-for-byte identical to the previous `jq` output (verified against the same rule files) but no longer depends on `jq` being installed on the user's machine.
-- README's Codex install section now explains the `plugin_hooks` feature flag (`UnderDevelopment, default_enabled: false` in `codex-rs/features/src/lib.rs`) and ships the `~/.codex/config.toml` snippet needed to enable plugin-bundled hook display and execution. Without the flag the Codex `/plugins` tab shows "No plugin hooks" and the SessionStart rule injector never fires.
+- README documents the Codex `plugin_hooks` feature flag required for the SessionStart guardrail injector to run.
 
 ### Fixed
 
-- **Empty 1.2.0 install on Claude.** `.claude-plugin/marketplace.json` used `{source: "github", repo: …, path: "plugins/cpln"}`; Claude's `github` source schema doesn't accept a `path` field, so the entire repo was cloned to the cache and Claude looked for `plugin.json` at the cache root (where only `marketplace.json` exists), loading the plugin with zero skills, agents, commands, or hooks. Source switched to the documented relative-path form `"./plugins/cpln"`.
-- **Empty Apps tab and parse warning on Codex.** `plugins/cpln/.app.json` shipped rich metadata (`name`, `description`, `apiBase`, `auth`, `docs`, …) but Codex's `PluginAppConfig` struct in `codex-rs/core-plugins/src/loader.rs` requires a single `id: String` field — an opaque `asdk_app_<hex>` identifier assigned by OpenAI's Apps SDK when Control Plane is registered as a ChatGPT App. Until that registration exists, the manifest's `apps: "./.app.json"` line and `.app.json` itself are removed; Codex no longer emits `missing field "id"` warnings on every session.
+- Empty plugin on Claude install — 1.2.0 marketplace used an invalid `source` shape, so Claude loaded zero skills/agents/commands.
+- Codex no longer emits a missing-`id` warning every session for an Apps SDK manifest that wasn't ready to ship.
 
 ### Removed
 
-- `plugins/cpln/.app.json` and the `apps` field in `plugins/cpln/.codex-plugin/plugin.json` (see Fixed above).
+- Placeholder `.app.json` for OpenAI Apps SDK, until Control Plane is registered as a ChatGPT App.
 
 ## [1.2.0] - 2026-05-11
 
 ### Added
 
-- Gemini `SessionStart` hook at repo-root `hooks/hooks.json` that injects the same `alwaysApply: true` rules every Claude and Codex session already receives. Uses Gemini's `${extensionPath}` config-time variable to reach `plugins/cpln/rules/`, and emits the standard `hookSpecificOutput.additionalContext` shape Gemini's hooks docs describe. All three runtimes now do rule injection from one source via one schema.
-- Marketplace-level `description` field in `.claude-plugin/marketplace.json`.
+- Gemini `SessionStart` hook so guardrail rules are injected every session (matching Claude and Codex).
+- `description` field on the Claude marketplace entry.
 
 ### Changed
 
-- **Repo restructured into `plugins/cpln/`.** All Claude + Codex plugin content (skills, agents, commands, rules, references, assets, hooks, plugin manifests, MCP configs) moved into `plugins/cpln/`; marketplaces, the Gemini extension manifest, and contributor docs stay at repo root. End-user install commands are unchanged — `/plugin upgrade` and `codex plugin marketplace upgrade` re-resolve automatically. Claude + Codex hooks now live in `plugins/cpln/hooks/cpln-hooks.json` and are declared via each plugin manifest's `hooks` field, freeing the default `hooks/hooks.json` path at the repo root for Gemini's auto-discovery.
+- Repo restructured: plugin content moved into `plugins/cpln/`. End-user install commands unchanged.
 
 ### Fixed
 
-- Codex plugin install failing silently with `"local plugin source path must not be empty"`. `.agents/plugins/marketplace.json` source previously declared `path: "./"`, which Codex's path validator rejects, causing the plugin to be dropped on every session so `/plugins` never listed it.
-- Codex `defaultPrompt` warning. `interface.defaultPrompt` had 4 entries (Codex max is 3) and was being ignored wholesale; trimmed to 3.
+- Codex plugin install failing silently due to an invalid `source.path` in the marketplace manifest.
+- Codex `defaultPrompt` trimmed to 3 entries (Codex's max) so it's no longer ignored.
 
 ### Removed
 
-- Claude + Codex `PreToolUse` Bash guards that denied generic `cpln secret create` (no type-specific subcommand) and `cpln apply` without `--file`. They caught syntax mistakes the `cpln` CLI itself already rejects with clear errors, so the deny-message added little over the CLI's own output — and the same guidance is now injected upfront via the SessionStart rule content. No corresponding Gemini `BeforeTool` guards shipped (they were drafted then removed in the same release).
+- Claude and Codex `PreToolUse` Bash guards for `cpln secret create` and `cpln apply` — the CLI itself rejects these clearly and the SessionStart rules now carry the same guidance.
 
 ## [1.1.0] - 2026-05-11
 
 ### Added
 
-- Always-on guardrail rule: Template Catalog first — recommend the matching catalog template (Postgres, Redis, Kafka, RabbitMQ, MongoDB, Nginx, etc.) before hand-rolling a workload, with HA variants noted where applicable.
-- Always-on guardrail rule: production-grade workload defaults — explicit minimums for CPU/memory sizing, multi-replica HA, autoscaling strategy, and required readiness/liveness probes for any workload destined for prod-like use.
-- Always-on guardrail rule: scale-to-zero is forbidden by default — only configured when the user explicitly opts in by name, never on customer-facing services.
-- README "Update to a newer release" sections per client (Claude Code, Codex, Gemini CLI), including auto-update opt-in flows.
-- GitHub Release notes now include per-client update commands alongside first-time install commands.
+- Three always-on guardrail rules: template catalog first; production-grade workload defaults (sizing, HA, probes); scale-to-zero forbidden unless explicitly opted in.
+- Per-client "Update to a newer release" instructions in README, including auto-update opt-in flows.
+- Per-client update commands in GitHub Release notes.
 
 ### Changed
 
-- `skills/workload-security` — added a Health Probes section covering readiness vs. liveness, default-by-workload-type, schema, production probe example, and probe design rules.
-- `skills/autoscaling-capacity` — bolded `minScale: 2+` as the production default; renamed the misleading "High-Traffic API (Serverless, Scale-to-Zero)" example to "Customer-Facing API (Serverless, Concurrency Autoscaling)" and removed the no-op `scaleToZeroDelay` line.
-- `skills/template-catalog` — added a "Recommend the catalog before building anything custom" lead section that frames the catalog as the default, not the fallback.
-- `skills/cpln` and `GEMINI.md` — embedded the three new guardrail rules in concise form so Codex and Gemini sessions pick them up alongside the Claude Code SessionStart hook.
+- `cpln-workload-security` — added a Health Probes section (readiness vs. liveness, schema, production example).
+- `cpln-autoscaling-capacity` — `minScale: 2+` as the production default; renamed the misleading scale-to-zero example.
+- `cpln-template-catalog` — lead section reframes the catalog as the default, not the fallback.
+- `cpln` and `GEMINI.md` — embedded the three new guardrail rules so Codex and Gemini sessions pick them up alongside Claude.
 
 ## [1.0.0] - 2026-04-27
 
 ### Added
 
-- Initial public release of the Control Plane AI Plugin.
-- Added Claude Code plugin metadata, skills, agents, commands, rules, hooks, and MCP configuration.
-- Added Codex plugin metadata and marketplace configuration.
-- Added Gemini CLI extension metadata and command support.
-- Added generic MCP client configuration for the hosted Control Plane MCP Server.
-- Added Control Plane workflow guidance for workloads, secrets, domains, cloud access, Kubernetes migration, access control, stateful workloads, and private-network agents.
-- Added security, privacy, troubleshooting, contribution, and release documentation.
+- Initial public release. Skills, agents, commands, rules, hooks, and MCP configuration for Claude Code, Codex, and Gemini CLI, plus a generic MCP client configuration for the hosted Control Plane MCP Server.
+- Workflow guidance for workloads, secrets, domains, cloud access, Kubernetes migration, access control, stateful workloads, and private-network agents.
+- Security, privacy, troubleshooting, contribution, and release documentation.