fix: error message points to real path (/plugin manage), not nonexistent subcommand

/plugin reconfigure doesn't exist. The actual path is /plugin manage →
select plugin → Configure options (ManagePlugins.tsx:1692).

🏠 Remote-Dev: homespace

.claude-plugin/marketplace.json

@@ -458,16 +458,6 @@
       },
       "homepage": "https://www.firetiger.com/"
     },
-    {
-      "name": "flint",
-      "description": "Build and manage websites with Flint's AI website builder through natural conversation.",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/tryflint/claude-code-plugin.git",
-        "sha": "8f57ef474f59817c7e5930dd6c295232d43c3711"
-      },
-      "homepage": "https://www.tryflint.com/docs/claude-code-plugin"
-    },
     {
       "name": "followrabbit",
       "description": "Cloud cost optimization for GCP infrastructure. Review changes for cost impact and auto-apply savings recommendations using the followrabbit CLI.",

external_plugins/asana/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "asana",
-  "version": "1.0.0",
   "description": "Asana project management integration. Create and manage tasks, search projects, update assignments, track progress, and integrate your development workflow with Asana's work management platform.",
   "author": {
     "name": "Asana"

external_plugins/context7/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "context7",
-  "version": "1.0.0",
   "description": "Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.",
   "author": {
     "name": "Upstash"

external_plugins/discord/.claude-plugin/plugin.json

@@ -1,11 +1,20 @@
 {
   "name": "discord",
   "description": "Discord channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /discord:access.",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "keywords": [
     "discord",
     "messaging",
     "channel",
     "mcp"
-  ]
+  ],
+  "userConfig": {
+    "DISCORD_BOT_TOKEN": {
+      "type": "string",
+      "title": "Bot Token",
+      "description": "Bot token from the Discord Developer Portal. Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
+      "required": true,
+      "sensitive": true
+    }
+  }
 }

external_plugins/discord/.mcp.json

@@ -2,7 +2,10 @@
   "mcpServers": {
     "discord": {
       "command": "bun",
-      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"]
+      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"],
+      "env": {
+        "DISCORD_BOT_TOKEN": "${user_config.DISCORD_BOT_TOKEN}"
+      }
     }
   }
 }

external_plugins/discord/server.ts

@@ -39,10 +39,12 @@ const ACCESS_FILE = join(STATE_DIR, 'access.json')
 const APPROVED_DIR = join(STATE_DIR, 'approved')
 const ENV_FILE = join(STATE_DIR, '.env')
 
-// Load ~/.claude/channels/discord/.env into process.env. Real env wins.
-// Plugin-spawned servers don't get an env block — this is where the token lives.
+// Token is injected via ${user_config.DISCORD_BOT_TOKEN} from .mcp.json —
+// prompted at enable time, stored in keychain (macOS) or .credentials.json 0600
+// elsewhere. The .env file below is a legacy fallback for users configured
+// before H1 #3617646 — real env wins, so the injected value takes precedence.
 try {
-  // Token is a credential — lock to owner. No-op on Windows (would need ACLs).
+  // Defensive chmod for legacy .env files (no-op on Windows).
   chmodSync(ENV_FILE, 0o600)
   for (const line of readFileSync(ENV_FILE, 'utf8').split('\n')) {
     const m = line.match(/^(\w+)=(.*)$/)
@@ -56,8 +58,8 @@ const STATIC = process.env.DISCORD_ACCESS_MODE === 'static'
 if (!TOKEN) {
   process.stderr.write(
     `discord channel: DISCORD_BOT_TOKEN required\n` +
-    `  set in ${ENV_FILE}\n` +
-    `  format: DISCORD_BOT_TOKEN=MTIz...\n`,
+    `  re-enter via: /plugin manage → discord → Configure options\n` +
+    `  (stored in keychain/credentials.json, not settings.json)\n`,
   )
   process.exit(1)
 }

external_plugins/firebase/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "firebase",
-  "version": "1.0.0",
   "description": "Google Firebase MCP integration. Manage Firestore databases, authentication, cloud functions, hosting, and storage. Build and manage your Firebase backend directly from your development workflow.",
   "author": {
     "name": "Google"

external_plugins/github/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "github",
-  "version": "1.0.0",
   "description": "Official GitHub MCP server for repository management. Create issues, manage pull requests, review code, search repositories, and interact with GitHub's full API directly from Claude Code.",
   "author": {
     "name": "GitHub"

external_plugins/gitlab/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "gitlab",
-  "version": "1.0.0",
   "description": "GitLab DevOps platform integration. Manage repositories, merge requests, CI/CD pipelines, issues, and wikis. Full access to GitLab's comprehensive DevOps lifecycle tools.",
   "author": {
     "name": "GitLab"

external_plugins/greptile/.claude-plugin/plugin.json

@@ -1,17 +1,10 @@
 {
   "name": "greptile",
-  "version": "1.0.0",
   "description": "AI code review agent for GitHub and GitLab. View and resolve Greptile's PR review comments directly from Claude Code.",
   "author": {
     "name": "Greptile",
     "url": "https://greptile.com"
   },
   "homepage": "https://greptile.com/docs",
-  "keywords": [
-    "code-review",
-    "pull-requests",
-    "github",
-    "gitlab",
-    "ai"
-  ]
+  "keywords": ["code-review", "pull-requests", "github", "gitlab", "ai"]
 }

external_plugins/laravel-boost/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "laravel-boost",
-  "version": "1.0.0",
   "description": "Laravel development toolkit MCP server. Provides intelligent assistance for Laravel applications including Artisan commands, Eloquent queries, routing, migrations, and framework-specific code generation.",
   "author": {
     "name": "Laravel"

external_plugins/linear/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "linear",
-  "version": "1.0.0",
   "description": "Linear issue tracking integration. Create issues, manage projects, update statuses, search across workspaces, and streamline your software development workflow with Linear's modern issue tracker.",
   "author": {
     "name": "Linear"

external_plugins/playwright/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "playwright",
-  "version": "1.0.0",
   "description": "Browser automation and end-to-end testing MCP server by Microsoft. Enables Claude to interact with web pages, take screenshots, fill forms, click elements, and perform automated browser testing workflows.",
   "author": {
     "name": "Microsoft"

external_plugins/serena/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "serena",
-  "version": "1.0.0",
   "description": "Semantic code analysis MCP server providing intelligent code understanding, refactoring suggestions, and codebase navigation through language server protocol integration.",
   "author": {
     "name": "Oraios"

external_plugins/supabase/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "supabase",
-  "version": "1.0.0",
   "description": "Supabase MCP integration for database operations, authentication, storage, and real-time subscriptions. Manage your Supabase projects, run SQL queries, and interact with your backend directly.",
   "author": {
     "name": "Supabase"

external_plugins/telegram/.claude-plugin/plugin.json

@@ -1,11 +1,20 @@
 {
   "name": "telegram",
   "description": "Telegram channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "keywords": [
     "telegram",
     "messaging",
     "channel",
     "mcp"
-  ]
+  ],
+  "userConfig": {
+    "TELEGRAM_BOT_TOKEN": {
+      "type": "string",
+      "title": "Bot Token",
+      "description": "Bot token from @BotFather — format is 123456789:AAH... Stored in keychain (macOS) or ~/.claude/.credentials.json with 0600 permissions elsewhere. Never written to settings.json.",
+      "required": true,
+      "sensitive": true
+    }
+  }
 }

external_plugins/telegram/.mcp.json

@@ -2,7 +2,10 @@
   "mcpServers": {
     "telegram": {
       "command": "bun",
-      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"]
+      "args": ["run", "--cwd", "${CLAUDE_PLUGIN_ROOT}", "--shell=bun", "--silent", "start"],
+      "env": {
+        "TELEGRAM_BOT_TOKEN": "${user_config.TELEGRAM_BOT_TOKEN}"
+      }
     }
   }
 }

external_plugins/telegram/server.ts

@@ -28,10 +28,12 @@ const ACCESS_FILE = join(STATE_DIR, 'access.json')
 const APPROVED_DIR = join(STATE_DIR, 'approved')
 const ENV_FILE = join(STATE_DIR, '.env')
 
-// Load ~/.claude/channels/telegram/.env into process.env. Real env wins.
-// Plugin-spawned servers don't get an env block — this is where the token lives.
+// Token is injected via ${user_config.TELEGRAM_BOT_TOKEN} from .mcp.json —
+// prompted at enable time, stored in keychain (macOS) or .credentials.json 0600
+// elsewhere. The .env file below is a legacy fallback for users configured
+// before H1 #3617646 — real env wins, so the injected value takes precedence.
 try {
-  // Token is a credential — lock to owner. No-op on Windows (would need ACLs).
+  // Defensive chmod for legacy .env files (no-op on Windows).
   chmodSync(ENV_FILE, 0o600)
   for (const line of readFileSync(ENV_FILE, 'utf8').split('\n')) {
     const m = line.match(/^(\w+)=(.*)$/)
@@ -45,8 +47,8 @@ const STATIC = process.env.TELEGRAM_ACCESS_MODE === 'static'
 if (!TOKEN) {
   process.stderr.write(
     `telegram channel: TELEGRAM_BOT_TOKEN required\n` +
-    `  set in ${ENV_FILE}\n` +
-    `  format: TELEGRAM_BOT_TOKEN=123456789:AAH...\n`,
+    `  re-enter via: /plugin manage → telegram → Configure options\n` +
+    `  (stored in keychain/credentials.json, not settings.json)\n`,
   )
   process.exit(1)
 }

external_plugins/terraform/.claude-plugin/plugin.json

@@ -1,8 +0,0 @@
-{
-  "name": "terraform",
-  "version": "1.0.0",
-  "description": "The Terraform MCP Server provides seamless integration with Terraform ecosystem, enabling advanced automation and interaction capabilities for Infrastructure as Code (IaC) development.",
-  "author": {
-    "name": "HashiCorp"
-  }
-}

external_plugins/terraform/.mcp.json

@@ -1,12 +0,0 @@
-{
-  "terraform": {
-    "command": "docker",
-    "args": [
-      "run",
-      "-i",
-      "--rm",
-      "-e", "TFE_TOKEN=${TFE_TOKEN}",
-      "hashicorp/terraform-mcp-server:0.4.0"
-    ]
-  }
-}

plugins/agent-sdk-dev/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "agent-sdk-dev",
-  "version": "1.0.0",
   "description": "Claude Agent SDK Development Plugin",
   "author": {
     "name": "Anthropic",

plugins/code-review/.claude-plugin/plugin.json

@@ -1,9 +1,9 @@
 {
   "name": "code-review",
-  "version": "1.0.0",
   "description": "Automated code review for pull requests using multiple specialized agents with confidence-based scoring",
   "author": {
     "name": "Anthropic",
     "email": "support@anthropic.com"
   }
 }
+

plugins/commit-commands/.claude-plugin/plugin.json

@@ -1,9 +1,9 @@
 {
   "name": "commit-commands",
-  "version": "1.0.0",
   "description": "Streamline your git workflow with simple commands for committing, pushing, and creating pull requests",
   "author": {
     "name": "Anthropic",
     "email": "support@anthropic.com"
   }
 }
+

plugins/explanatory-output-style/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "explanatory-output-style",
-  "version": "1.0.0",
   "description": "Adds educational insights about implementation choices and codebase patterns (mimics the deprecated Explanatory output style)",
   "author": {
     "name": "Anthropic",

plugins/feature-dev/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "feature-dev",
-  "version": "1.0.0",
   "description": "Comprehensive feature development workflow with specialized agents for codebase exploration, architecture design, and quality review",
   "author": {
     "name": "Anthropic",

plugins/frontend-design/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "frontend-design",
-  "version": "1.0.0",
   "description": "Frontend design skill for UI/UX implementation",
   "author": {
     "name": "Anthropic",

plugins/hookify/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "hookify",
-  "version": "1.0.0",
   "description": "Easily create hooks to prevent unwanted behaviors by analyzing conversation patterns",
   "author": {
     "name": "Anthropic",

plugins/learning-output-style/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "learning-output-style",
-  "version": "1.0.0",
   "description": "Interactive learning mode that requests meaningful code contributions at decision points (mimics the unshipped Learning output style)",
   "author": {
     "name": "Anthropic",

plugins/mcp-server-dev/.claude-plugin/plugin.json

@@ -1,7 +1,6 @@
 {
   "name": "mcp-server-dev",
-  "version": "1.0.0",
-  "description": "Skills for designing and building MCP servers that work seamlessly with Claude \u2014 guides you through deployment models (remote HTTP, MCPB, local), tool design patterns, auth, and interactive MCP apps.",
+  "description": "Skills for designing and building MCP servers that work seamlessly with Claude — guides you through deployment models (remote HTTP, MCPB, local), tool design patterns, auth, and interactive MCP apps.",
   "author": {
     "name": "Anthropic",
     "email": "support@anthropic.com"

plugins/playground/.claude-plugin/plugin.json

@@ -1,7 +1,6 @@
 {
   "name": "playground",
-  "version": "1.0.0",
-  "description": "Creates interactive HTML playgrounds \u2014 self-contained single-file explorers with visual controls, live preview, and prompt output with copy button",
+  "description": "Creates interactive HTML playgrounds — self-contained single-file explorers with visual controls, live preview, and prompt output with copy button",
   "author": {
     "name": "Anthropic",
     "email": "support@anthropic.com"

plugins/plugin-dev/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "plugin-dev",
-  "version": "1.0.0",
   "description": "Plugin development toolkit with skills for creating agents, commands, hooks, MCP integrations, and comprehensive plugin structure guidance",
   "author": {
     "name": "Anthropic",

plugins/pr-review-toolkit/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "pr-review-toolkit",
-  "version": "1.0.0",
   "description": "Comprehensive PR review agents specializing in comments, tests, error handling, type design, code quality, and code simplification",
   "author": {
     "name": "Anthropic",

plugins/ralph-loop/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "ralph-loop",
-  "version": "1.0.0",
   "description": "Continuous self-referential AI loops for interactive iterative development, implementing the Ralph Wiggum technique. Run Claude in a while-true loop with the same prompt until task completion.",
   "author": {
     "name": "Anthropic",

plugins/security-guidance/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "security-guidance",
-  "version": "1.0.0",
   "description": "Security reminder hook that warns about potential security issues when editing files, including command injection, XSS, and unsafe code patterns",
   "author": {
     "name": "Anthropic",

plugins/skill-creator/.claude-plugin/plugin.json

@@ -1,6 +1,5 @@
 {
   "name": "skill-creator",
-  "version": "1.0.0",
   "description": "Create new skills, improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, or benchmark skill performance with variance analysis.",
   "author": {
     "name": "Anthropic",