docs: reframe scanner section as CI quality gate

[kantorcodes]

update readme

[gemini-code-assist]

Code Review

This pull request updates the README to modernize the plugin validation workflow, replacing standard pip installation instructions with pipx run and simplifying the GitHub Action configuration. Review feedback highlights a potential execution failure in the local preflight instructions due to missing pipx prefixes and suggests capitalization improvements for consistency in the new submission preflight list.

[gemini-code-assist]

The command codex-plugin-scanner verify . will fail if the user relies on pipx run from the previous line, as pipx run executes the package in a temporary environment without adding it to the system PATH. To ensure both commands work correctly without a permanent installation, both should be prefixed with pipx run.

Suggested change

	pipx run codex-plugin-scanner lint .
	codex-plugin-scanner verify .
	pipx run codex-plugin-scanner lint .
	pipx run codex-plugin-scanner verify .

[gemini-code-assist]

For consistency with other lists in this document, such as the 'Official Plugins' and 'Plugin Trust Scores' sections, the items in this list should start with a capital letter.

Suggested change

	- structural lint results
	- publish-readiness verification output
	- SARIF/findings for CI and code scanning
	- Structural lint results
	- Publish-readiness verification output
	- SARIF/findings for CI and code scanning

[kilo-code-bot]

SUGGESTION: Inconsistent invocation — lint uses pipx run but verify does not

The first command pipx run codex-plugin-scanner lint . implies the tool is not installed globally, yet the second command codex-plugin-scanner verify . assumes it is. Both should use the same invocation method to avoid confusing users.

Suggested change

	codex-plugin-scanner verify .
	pipx run codex-plugin-scanner verify .

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Changes Since Last Review

Change	Status
Added step 3 (HOL scanner GitHub Action) to Start Here workflow	Improves onboarding — no issues
Unified GitHub Action reference in PR Gate section	Fixes inconsistency — no issues
pipx run consistency on verify command	Fixed (previously flagged)
Lowercase list items in Submission Preflight	Fixed (previously flagged)

Files Reviewed (2 files)

• README.md - Documentation restructure and scanner section rewrite. All previously flagged issues resolved. No new issues.
• plugins.json - Routine date metadata bump (2026-03-31 → 2026-04-01). No issues.

---

_{Reviewed by mimo-v2-pro-20260318 · 117,430 tokens}

[kilo-code-bot]

SUGGESTION: Inconsistent invocation — lint uses pipx run but verify does not

The first command uses pipx run codex-plugin-scanner lint . but the second drops the pipx run prefix. This is the same inconsistency flagged on line 151 in the "Validate Before You Ship" section. Pick one convention and apply it to both commands.

Suggested change

	codex-plugin-scanner verify .
	pipx run codex-plugin-scanner verify .