Part of #656 (v0.10.0). Pipeline stage 3 of 4: install (permission-gated).
Goal
bro proposes a vetted resource and, only on explicit user approval, installs it into the local env. Installs are never silent.
What to design
- Proposal: present the top vetted candidate(s) via AskUserQuestion (interactive) or a clear prose ask (headless), including trust tier + risks from #NEXT_VET. Respect headless mode (no AUQ; default to NOT installing without approval, record the fallback).
- Install paths by type:
- plugin -> marketplace path (
claude plugin marketplace add + claude plugin install); never seed/copy/--plugin-dir (carry the benchmarks standing rule into the product).
- skill -> install into the local skills location TMB can load from.
- toolkit / MCP server -> register the MCP server config.
- Record: log the approved install (resource, version, source, trust tier) in the trajectory DB for audit + reproducibility.
- Aligns with the existing permission model — installing software is a side-effectful, human-approved action.
Acceptance
On approval, the resource is installed via its correct standard path and an audit row is written; on decline, nothing is installed and the decision is recorded. Headless without approval = not installed.
Part of #656 (v0.10.0). Pipeline stage 3 of 4: install (permission-gated).
Goal
bro proposes a vetted resource and, only on explicit user approval, installs it into the local env. Installs are never silent.
What to design
claude plugin marketplace add+claude plugin install); never seed/copy/--plugin-dir (carry the benchmarks standing rule into the product).Acceptance
On approval, the resource is installed via its correct standard path and an audit row is written; on decline, nothing is installed and the decision is recorded. Headless without approval = not installed.