[codex] Clarify CodeRabbit auth recovery flow

.agents/plugins/marketplace.json

@@ -334,7 +334,7 @@
       },
       "policy": {
         "installation": "AVAILABLE",
-        "authentication": "ON_INSTALL"
+        "authentication": "ON_USE"
       },
       "category": "Coding"
     }

plugins/coderabbit/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "coderabbit",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "AI-powered code review in Codex, powered by CodeRabbit.",
   "author": {
     "name": "CodeRabbit AI",
@@ -20,7 +20,7 @@
   "interface": {
     "displayName": "CodeRabbit",
     "shortDescription": "Run AI-powered code review for your current changes",
-    "longDescription": "Run CodeRabbit review workflows in Codex to inspect diffs, surface actionable findings, and turn review output into follow-up fixes.",
+    "longDescription": "Run CodeRabbit review workflows in Codex to inspect diffs, surface actionable issues, and turn review output into follow-up fixes.",
     "developerName": "CodeRabbit",
     "category": "Coding",
     "capabilities": [

plugins/coderabbit/skills/coderabbit-review/SKILL.md

@@ -1,35 +1,45 @@
 ---
 name: code-review
-description: Reviews code changes using CodeRabbit AI. Use when user asks for code review, PR feedback, code quality checks, security issues, or wants autonomous fix-review cycles.
+description: Reviews code changes using CodeRabbit AI. Use when user asks for code review, PR feedback, code quality checks, security issues, or requests fix-review cycles.
 ---
 
 # CodeRabbit Review
 
-Use this skill to run CodeRabbit from the terminal, summarize the findings, and help implement follow-up fixes.
+Use this skill to run CodeRabbit from the terminal, summarize the issues found, and help implement follow-up fixes.
 
-Stay silent while an active review is running. Do not send progress commentary about waiting, polling, remote processing, or scope selection once `coderabbit review` has started. Only message the user if authentication or other prerequisite action is required, when the review completes with results, or when the review has failed or timed out after the full wait window.
+Stay silent while an active review is running. Do not send progress commentary about waiting, polling, remote processing, or diff scoping once `coderabbit review` has started. Only message the user if an authentication step or other prerequisite is needed, when the review completes with results, or when the review has failed or timed out after the full wait window.
 
 ## Prerequisites
 
-1. Confirm the repo is a git worktree.
+1. Confirm the working directory is inside a git repository.
 2. Check the CLI:
 
 ```bash
 coderabbit --version
 ```
 
-3. Check auth in agent mode:
+If the command is not found or reports that CodeRabbit is not installed, do not stop at the error. Install it:
+
+```bash
+curl -fsSL https://cli.coderabbit.ai/install.sh | sh
+```
+
+Then re-run `coderabbit --version` to confirm the install succeeded before continuing. After a fresh install, proceed to the authentication step — the user will need to log in.
+
+3. Verify authentication in agent mode:
 
 ```bash
 coderabbit auth status --agent
 ```
 
-If auth is missing, run:
+If auth is missing or the CLI reports the user is not authenticated (including right after a fresh install), do not stop at the error. Initiate the login flow:
 
 ```bash
 coderabbit auth login --agent
 ```
 
+Then re-run `coderabbit auth status --agent` and only continue to review commands after authentication succeeds.
+
 ## Review Commands
 
 Default review:
@@ -47,26 +57,26 @@ coderabbit review --agent --base main
 coderabbit review --agent --base-commit <sha>
 ```
 
-If `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass the files that exist with `-c` to improve review quality.
+If any of `AGENTS.md`, `.coderabbit.yaml`, or `CLAUDE.md` exist in the repo root, pass them with `-c` to improve review quality.
 
 ## Output Handling
 
 - Parse each NDJSON line independently.
 - Collect `finding` events and group them by severity.
 - Ignore `status` events in the user-facing summary.
-- If an `error` event is returned, report the failure instead of inventing a manual review.
-- Treat a running CodeRabbit review as healthy for up to 10 minutes even if output is quiet.
-- Do not emit intermediary waiting or polling messages during that 10-minute window.
-- Only report timeout or failure after the full 10-minute wait budget is exhausted.
+- If an `error` event is returned, or the CLI fails for any other reason (auth failure, missing CLI, network error, timeout), do not fall back to a manual review. Report the exact failure and tell the user how to resolve it (e.g. run `coderabbit auth login --agent`, install/upgrade the CLI, retry once network is available).
+- Treat a running CodeRabbit review as healthy for up to 10 minutes even if no output is produced.
+- Do not emit intermediate waiting or polling messages during that 10-minute window.
+- Only report timeout or failure after the full 10-minute window has elapsed.
 
 ## Result Format
 
 - Start with a brief summary of the changes in the diff.
-- On a new line, state how many findings CodeRabbit found.
-- Present findings ordered by severity: critical, major, minor.
-- Format the severity/category label with a space between the emoji and the text, for example `❗ Critical`, `⚠️ Major`, and `ℹ️ Minor`.
-- Include file path, impact, and the concrete fix direction.
-- If there are no findings, say `CodeRabbit found 0 findings.` and do not invent issues.
+- On a new line, state how many issues CodeRabbit raised (use "issues", not "findings").
+- Present issues ordered by severity: critical, major, minor.
+- Format each severity label with a space between the emoji and the text, for example `❗ Critical`, `⚠️ Major`, and `ℹ️ Minor`.
+- Include the file path, impact, and a concrete suggested fix.
+- If there are none, say `CodeRabbit raised 0 issues.` and do not invent any.
 
 ## Guardrails