Restore ArmorCodex entry in Community Plugins (lost during PR #115 reconcile)

.agents/plugins/marketplace.json

@@ -63,6 +63,20 @@
       "description": "一套中文AI工作流系统：7个协作技能 + 行为规范宪法 + 会话恢复机制，模糊目标→可执行任务，全生命周期引导。Codex & Claude Code 双平台，新手友好。",
       "icon": "./plugins/1139030773-cmd/agent-workflow-system/assets/composer-icon.svg"
     },
+    {
+      "name": "armorcodex",
+      "displayName": "ArmorCodex",
+      "source": {
+        "source": "local",
+        "path": "./plugins/armoriq/armorcodex"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL"
+      },
+      "category": "Tools & Integrations",
+      "description": "Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on `bash` and `apply_patch`."
+    },
     {
       "name": "codiris-agentizer",
       "displayName": "Agentizer",

README.md

@@ -172,8 +172,8 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [Flaky Detector](./plugins/mturac/flaky-detector) - Run a test command N times, report per-test flakiness %.
 - [Frappe Agent](https://github.com/Dkm0315/frappe-agent) - Frappe and ERPNext coding, customization, bench, and review intelligence for Codex.
 - [GCF Proxy](https://github.com/blackwell-systems/gcf-codex-plugin) - Save 71% on MCP tool call tokens by wrapping any server with GCF encoding, with session stats hook and setup skill.
-- [GrayMatter](https://github.com/ValkyrLabs/GrayMatter) - Durable memory and shared graph state for Codex and OpenClaw agents, with live ValkyrAI schema awareness.
 - [Generative Media Skills](https://github.com/SamurAIGPT/Generative-Media-Skills) - 13 skills for image, video, and audio generation using 100+ models - FLUX, Midjourney v7, Veo3, Kling 3.0, Suno, and HunyuanVideo via muapi.ai.
+- [GrayMatter](https://github.com/ValkyrLabs/GrayMatter) - Durable memory and shared graph state for Codex and OpenClaw agents, with live ValkyrAI schema awareness.
 - [HOL Guard Plugin](https://github.com/hashgraph-online/hol-guard-plugin) - AI antivirus workflow for Codex, Claude Code, Cursor, Gemini, OpenCode, MCP servers, skills, and plugin release checks with local approvals and receipts.
 - [HOTL Plugin](https://github.com/yimwoo/hotl-plugin) - Human-on-the-Loop AI coding workflow plugin for Codex, Claude Code, and Cline with structured planning, review, and verification guardrails.
 - [LLM Transpile](https://github.com/epicsagas/llm-transpile) - Auto-compress .md, .html, and .txt files via PostToolUse hook, cutting context usage by up to 40% with zero workflow change.
@@ -215,6 +215,7 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [Aient](https://github.com/aient-ai/aient-codex-plugin) - AI operations plugin for Codex that connects production telemetry, problem lifecycle context, and remediation workflows through Aient's MCP server.
 - [Antigravity 2.0](https://github.com/comprono/antigravity-2-codex-plugin) - Local Codex bridge for Antigravity desktop with setup checks, model limit summaries, DevTools UI automation, and safe project/chat handoff.
 - [Apple Productivity](https://github.com/matk0shub/apple-productivity-mcp) - Local Apple Calendar and Reminders tooling for macOS with Codex plugin adapters.
+- [ArmorCodex](https://github.com/armoriq/armorCodex) - Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on `bash` and `apply_patch`.
 - [AxonFlow](https://github.com/getaxonflow/axonflow-codex-plugin) - Runtime governance for Codex with policy enforcement on terminal commands, advisory checks for non-terminal tools via skills, PII/secret detection, and compliance-grade audit trails. Self-hosted via Docker.
 - [Bitbucket CLI](https://github.com/avivsinai/bitbucket-cli) - Manage Bitbucket repos, PRs, branches, issues, webhooks, and pipelines for Data Center and Cloud.
 - [Call-E](https://github.com/CALLE-AI/call-e-integrations) - Plan, run, and inspect Call-E phone call workflows from Codex through the calle CLI.
@@ -249,8 +250,8 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [PDF Monster](https://github.com/jbaehova/pdf-monster) - Analyzes PDFs as extracted text, OCR text, rendered page images, and embedded figures for coding agents.
 - [prompt-to-asset](https://github.com/MohamedAbdallah-14/prompt-to-asset) - Route image-generation prompts to 30+ models (DALL-E, Stable Diffusion, Flux, Midjourney, and more) through a single MCP interface. Install: `npm install -g prompt-to-asset`.
 - [Remotion Plugin](https://github.com/tim-osterhus/codex-remotion-plugin) - Build parameterized Remotion videos in Codex with the official Remotion docs MCP, composition scaffolding, and a data-driven launch-video workflow.
-- [ScrapeGraph AI](https://github.com/ScrapeGraphAI/just-scrape) - AI-powered web scraping CLI to search, scrape, extract structured JSON, crawl, and monitor web pages via the ScrapeGraph AI API.
 - [Rust Reverse Engineering](https://github.com/jingjing2222/rust-reverse-engineering-skill) - Reverse engineer Rust binaries and libraries: triage targets, demangle symbols, recover crate namespaces, and map panic, unwind, async, and FFI paths.
+- [ScrapeGraph AI](https://github.com/ScrapeGraphAI/just-scrape) - AI-powered web scraping CLI to search, scrape, extract structured JSON, crawl, and monitor web pages via the ScrapeGraph AI API.
 - [sitemd](https://github.com/sitemd-cc/sitemd) - Build websites from Markdown via MCP — 22 tools for creating pages, generating content, validating, running SEO audits, configuring settings, and deploying static sites to Cloudflare Pages.
 - [Synta MCP](https://github.com/Synta-ai/n8n-mcp-codex-plugin-synta) - Build, edit, validate, and self-heal n8n workflows with Synta MCP tools and Codex-ready workflow guidance.
 - [Task Scheduler](https://github.com/6Delta9/task-scheduler-codex-plugin) - OpenAI Codex plugin and local MCP server for turning task lists into realistic schedules with blocked dates, capacity overrides, overflow tracking, and markdown planning output.

plugins.json

@@ -3,7 +3,7 @@
   "name": "awesome-codex-plugins",
   "version": "1.0.0",
   "last_updated": "2026-06-16",
-  "total": 112,
+  "total": 113,
   "categories": [
     "Development & Workflow",
     "Tools & Integrations"
@@ -669,6 +669,16 @@
       "source": "awesome-codex-plugins",
       "install_url": "https://raw.githubusercontent.com/matk0shub/apple-productivity-mcp/HEAD/plugins/apple-calendar/.codex-plugin/plugin.json"
     },
+    {
+      "name": "ArmorCodex",
+      "url": "https://github.com/armoriq/armorCodex",
+      "owner": "armoriq",
+      "repo": "armorCodex",
+      "description": "Intent-based security for Codex with MCP plan registration, policy gating, CSRG cryptographic proofs, and audit logging on `bash` and `apply_patch`.",
+      "category": "Tools & Integrations",
+      "source": "awesome-codex-plugins",
+      "install_url": "https://raw.githubusercontent.com/armoriq/armorCodex/HEAD/.codex-plugin/plugin.json"
+    },
     {
       "name": "AxonFlow",
       "url": "https://github.com/getaxonflow/axonflow-codex-plugin",

plugins/armoriq/armorcodex/.agents/plugins/marketplace.json

@@ -0,0 +1,20 @@
+{
+  "name": "armoriq",
+  "interface": {
+    "displayName": "ArmorIQ"
+  },
+  "plugins": [
+    {
+      "name": "armorcodex",
+      "source": {
+        "source": "url",
+        "url": "https://github.com/armoriq/armorCodex.git"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL"
+      },
+      "category": "Tools & Integrations"
+    }
+  ]
+}

plugins/armoriq/armorCodex/.codex-plugin/plugin.json → plugins/armoriq/armorcodex/.codex-plugin/plugin.json

@@ -27,20 +27,17 @@
     "longDescription": "ArmorIQ intent-based security enforcement for OpenAI Codex. Treat as a strong Bash guardrail and audit layer, not a complete boundary for every Codex capability. Codex hooks currently emit Bash, apply_patch, and MCP tool calls. ArmorCodex provides plan registration through MCP, intent-plan matching, permission gating, and post-run audit on those tools. Non-Bash activity (file edits, web search, app connectors) is gated where Codex emits hook events.",
     "developerName": "ArmorIQ",
     "category": "Security",
-    "capabilities": [
-      "MCP",
-      "Hooks"
-    ],
+    "capabilities": ["MCP", "Hooks"],
     "websiteURL": "https://armoriq.ai",
-    "privacyPolicyURL": "https://armoriq.ai/privacy",
-    "termsOfServiceURL": "https://armoriq.ai/terms",
+    "privacyPolicyURL": "https://armoriq.ai/privacy-policy",
+    "termsOfServiceURL": "https://armoriq.ai/terms-of-service",
     "brandColor": "#00E5CC",
     "composerIcon": "./assets/armoriq-logo.png",
     "logo": "./assets/armoriq-logo.png",
     "defaultPrompt": [
-      "Register an intent plan, then run my Bash commands.",
-      "Show the current ArmorCodex security policies.",
-      "Block Bash commands that contain curl or wget."
+      "Show me what security rules are protecting this project.",
+      "Block any commands that fetch URLs or exfiltrate data.",
+      "Walk me through your plan before running anything."
     ]
   },
   "userConfig": {

plugins/armoriq/armorcodex/.codexignore

@@ -0,0 +1,13 @@
+# Paths excluded from Codex plugin distribution + scanner analysis.
+# Test fixtures contain fake API keys (e.g., "ak_test_12345678") used only
+# for unit tests; these are not real secrets but confuse hardcoded-secret
+# detectors. node_modules is build artifact, never shipped.
+
+node_modules/
+tests/
+*.test.mjs
+*.test.js
+*.spec.mjs
+*.spec.js
+.git/
+.DS_Store

plugins/armoriq/armorcodex/.plugin-scanner.toml

@@ -0,0 +1,3 @@
+[ignore]
+rules = ["HARDCODED_SECRET"]
+paths = ["tests/", "tests/*.test.mjs"]

plugins/armoriq/armorcodex/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ArmorIQ Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

plugins/armoriq/armorcodex/README.md

@@ -0,0 +1,43 @@
+# ArmorCodex
+
+Intent-based security enforcement for OpenAI Codex. Hooks Codex's `Bash`, `apply_patch`, and MCP tool calls against a declared intent plan and policy rules. Blocks intent-drift, gates by natural-language policy rules, and ships signed audit logs to the ArmorIQ backend.
+
+This directory is the plugin bundle. The full project lives at the repository root.
+
+## Install
+
+```bash
+curl -fsSL https://armoriq.ai/install_armorcodex.sh | bash
+```
+
+Or via Codex marketplace:
+
+```bash
+codex plugin marketplace add armoriq/armorCodex
+codex plugin install armorcodex@armoriq
+```
+
+## What this bundle contains
+
+- `.codex-plugin/plugin.json` plugin manifest (Codex spec)
+- `.codex/` Codex-specific config
+- `.mcp.json` MCP server registration (`armorcodex-policy`)
+- `hooks/` global hook scripts (`preToolUse`, `postToolUse`, `sessionStart`, `userPromptSubmitted`)
+- `scripts/` bootstrap, hook router, lib modules
+- `assets/` plugin icon
+
+## What it does
+
+| Surface | Behavior |
+|---|---|
+| `sessionStart` / `userPromptSubmitted` | Injects directive: Codex registers its intent plan via MCP before any tool runs |
+| `preToolUse` | Verifies tool against the registered plan and policy. Returns `{"permissionDecision":"deny",...}` for out-of-plan or policy-denied calls. |
+| `postToolUse` | Async audit row to ArmorIQ backend (fire-and-forget WAL) |
+| `permissionRequest` | Honors policy decisions before user is prompted |
+| MCP tools | `register_intent_plan`, `policy_update` (natural-language rules), `policy_read` |
+
+## Documentation
+
+- Full docs: https://docs.armoriq.ai/armorcodex
+- Source repo: https://github.com/armoriq/armorCodex
+- ArmorIQ platform: https://armoriq.ai

plugins/armoriq/armorcodex/SECURITY.md

@@ -0,0 +1,37 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in ArmorCodex, please report it privately:
+
+- **Email**: security@armoriq.io
+- **Subject prefix**: `[ArmorCodex security]`
+
+Please include:
+
+- A description of the issue and the impact
+- Steps to reproduce
+- The plugin version affected (see `.codex-plugin/plugin.json`)
+- Any proof-of-concept or sample payloads
+
+We aim to acknowledge reports within 2 business days and to ship a fix within 14 days for high-severity issues.
+
+Do not file public GitHub issues for security vulnerabilities. Use the email above so we can coordinate a fix before public disclosure.
+
+## Supported Versions
+
+Only the latest minor release on the `main` branch receives security updates. Pin the immutable git tag (e.g., `v0.2.0`) in your plugin marketplace source for reproducibility.
+
+## Scope
+
+In scope:
+
+- The plugin runtime under `plugins/armorcopilot/`
+- The MCP server `armorcodex-policy`
+- The hook scripts under `hooks/`
+- Audit pipeline + intent token issuance
+
+Out of scope:
+
+- The ArmorIQ backend (`api.armoriq.ai`) — report via the same email but use subject prefix `[ArmorIQ backend security]`
+- Third-party dependencies (file with the respective upstream maintainer)

plugins/armoriq/armorcodex/assets/README.md

@@ -0,0 +1,26 @@
+# ArmorCodex Plugin Assets
+
+This directory holds the visual assets the Codex plugin manifest
+(`.codex-plugin/plugin.json`) references. All files are PNG and live at the
+plugin root per the published spec.
+
+## Current assets
+
+| Path | Manifest field | Purpose |
+| --- | --- | --- |
+| `assets/armoriq-logo.png` | `interface.composerIcon` and `interface.logo` | Icon shown in the Codex composer UI and on plugin detail pages. |
+
+## Optional follow-up
+
+Drop additional screenshots here and add them to `interface.screenshots` in
+`.codex-plugin/plugin.json` when ready. Suggested set, in order:
+
+- `screenshot-policy.png` (policy management view)
+- `screenshot-intent-drift.png` (intent drift block)
+- `screenshot-audit.png` (audit trail)
+
+Notes:
+
+- All paths must be relative and start with `./` per the spec.
+- Screenshot entries must be PNG and stored under `./assets/`.
+- ArmorIQ brand color: `#00E5CC` (teal).

plugins/armoriq/armorcodex/hooks/hooks.json

@@ -0,0 +1,73 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Starting ArmorCodex"
+          }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Loading ArmorCodex intent policy"
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Checking ArmorCodex policy"
+          }
+        ]
+      }
+    ],
+    "PermissionRequest": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Checking ArmorCodex approval policy"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "statusMessage": "Auditing ArmorCodex command"
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ./scripts/bootstrap.mjs router",
+            "timeout": 30
+          }
+        ]
+      }
+    ]
+  }
+}