diff --git a/.agents/plugins/marketplace.json b/.agents/plugins/marketplace.json
index 83918a63..c55cc801 100644
--- a/.agents/plugins/marketplace.json
+++ b/.agents/plugins/marketplace.json
@@ -1429,6 +1429,18 @@
"authentication": "ON_INSTALL"
},
"category": "Coding"
+ },
+ {
+ "name": "zoom-developers",
+ "source": {
+ "source": "local",
+ "path": "./plugins/zoom-developers"
+ },
+ "policy": {
+ "installation": "AVAILABLE",
+ "authentication": "ON_INSTALL"
+ },
+ "category": "Coding"
}
]
}
diff --git a/plugins/zoom-developers/.codex-plugin/plugin.json b/plugins/zoom-developers/.codex-plugin/plugin.json
new file mode 100644
index 00000000..250ac7ef
--- /dev/null
+++ b/plugins/zoom-developers/.codex-plugin/plugin.json
@@ -0,0 +1,45 @@
+{
+ "name": "zoom-developers",
+ "version": "1.0.0",
+ "description": "Zoom Developers plugin for building Zoom integrations in Codex",
+ "author": {
+ "name": "Zoom",
+ "url": "https://github.com/zoom"
+ },
+ "homepage": "https://developers.zoom.us/",
+ "repository": "https://github.com/openai/plugins",
+ "license": "MIT",
+ "keywords": [
+ "zoom",
+ "developers",
+ "codex-plugin",
+ "rest-api",
+ "meeting-sdk",
+ "video-sdk",
+ "webhooks",
+ "oauth"
+ ],
+ "skills": "./skills/",
+ "interface": {
+ "displayName": "Zoom Developers",
+ "shortDescription": "Build Zoom integrations in Codex.",
+ "longDescription": "Zoom Developers helps engineers choose the right Zoom product surface, design implementation plans, run deterministic setup and debugging workflows, review integrations with focused agents, and build across Zoom APIs and SDKs inside Codex.",
+ "developerName": "Zoom",
+ "category": "Coding",
+ "capabilities": [
+ "Interactive",
+ "Read",
+ "Write"
+ ],
+ "websiteURL": "https://developers.zoom.us/",
+ "privacyPolicyURL": "https://www.zoom.com/en/trust/privacy/",
+ "termsOfServiceURL": "https://www.zoom.com/en/trust/terms/",
+ "defaultPrompt": [
+ "Plan and build a Zoom integration."
+ ],
+ "brandColor": "#0B5CFF",
+ "composerIcon": "./assets/zoom-small.svg",
+ "logo": "./assets/app-icon.svg",
+ "screenshots": []
+ }
+}
diff --git a/plugins/zoom-developers/.gitignore b/plugins/zoom-developers/.gitignore
new file mode 100644
index 00000000..a02a9edf
--- /dev/null
+++ b/plugins/zoom-developers/.gitignore
@@ -0,0 +1 @@
+publishing-guide.md
diff --git a/plugins/zoom-developers/AGENTS.md b/plugins/zoom-developers/AGENTS.md
new file mode 100644
index 00000000..98051838
--- /dev/null
+++ b/plugins/zoom-developers/AGENTS.md
@@ -0,0 +1,10 @@
+# Zoom Developers
+
+This repository contains the `Zoom Developers` plugin for Codex.
+
+Its purpose is to help engineers:
+
+- choose the right Zoom product surface
+- plan Zoom integrations across APIs, SDKs, events, and auth
+- debug broken Zoom integrations
+- build Zoom integrations with deterministic command and skill workflows
diff --git a/plugins/zoom-developers/CHANGELOG.md b/plugins/zoom-developers/CHANGELOG.md
new file mode 100644
index 00000000..270909af
--- /dev/null
+++ b/plugins/zoom-developers/CHANGELOG.md
@@ -0,0 +1,9 @@
+# Changelog
+
+All notable changes to this plugin are documented in this file.
+
+## Unreleased
+
+- split the former hybrid plugin into a dedicated developer plugin named `Zoom Developers`
+- kept the Zoom build, setup, planning, and debugging workflows in this repo
+- updated plugin metadata and slug alignment for `Zoom Developers`
diff --git a/plugins/zoom-developers/CONTRIBUTING.md b/plugins/zoom-developers/CONTRIBUTING.md
new file mode 100644
index 00000000..a21c67ca
--- /dev/null
+++ b/plugins/zoom-developers/CONTRIBUTING.md
@@ -0,0 +1,186 @@
+# Contributing to Zoom Developers
+
+Thank you for your interest in contributing. This document covers changes to the `Zoom Developers` Codex plugin.
+
+## Ways to Contribute
+
+You can contribute in any of these ways:
+
+1. Submit a pull request with improvements.
+2. Raise an issue on GitHub for bugs, gaps, or enhancement ideas.
+3. Reach out on the [Zoom Developer Forum](https://devforum.zoom.us/) with feedback and improvement suggestions for these agent skills.
+
+### 1. Report Issues
+- Documentation errors or outdated information
+- Missing use cases or scenarios
+- Incorrect code examples
+
+### 2. Improve Documentation
+- Fix typos and clarify explanations
+- Add missing code examples
+- Update for new SDK versions
+
+### 3. Add New Skills
+- New use cases
+- New platform coverage
+- New integration patterns
+
+## Contribution Process
+
+### For Small Changes (typos, clarifications)
+
+1. Fork the repository
+2. Make your changes
+3. Submit a pull request with a clear description
+
+### For Larger Changes (new use cases, skills)
+
+1. Open an issue first to discuss the proposed change
+2. Fork the repository
+3. Create a feature branch
+4. Follow the skill format guidelines below
+5. Submit a pull request
+
+## Skill Format Guidelines
+
+### SKILL.md Structure
+
+```markdown
+---
+name: skill-name
+description: |
+ Brief description (1-3 sentences).
+ Include when to use this skill.
+---
+
+# Skill Title
+
+[Content following the template in PLAN.md]
+```
+
+### Guidelines
+
+1. **Keep SKILL.md under 500 lines** - Move details to `references/`
+2. **Max 3 directory levels** - `skill/references/file.md`
+3. **Include code examples** - Real, working code developers can use
+4. **Document gotchas** - Common mistakes and limitations
+5. **Link to official sources** - Prefer Zoom documentation
+
+### Maintenance Checklist
+
+Use this checklist before merging documentation or skill changes:
+
+1. Confirm you are editing the correct skill or product folder.
+2. Keep `SKILL.md` as the entrypoint in every skill directory.
+3. If examples include credentials, reference `.env` keys rather than hardcoded values.
+4. Never commit machine-local absolute paths or machine-specific endpoints.
+5. After moving or renaming docs, update cross-links from the relevant parent `SKILL.md` files.
+6. Verify frontmatter stays accurate: `name`, `description`, and any optional fields such as `triggers`, `argument-hint`, or `user-invocable`.
+7. Remove dead links and stale product claims after any refactor or version update.
+8. Make sure every new markdown file is reachable from at least one parent navigation file.
+9. Track deprecations and renames explicitly so future updates remain migration-safe.
+
+### Repository Naming Conventions
+
+- Keep canonical skill folder names aligned with [skills/start/SKILL.md](skills/start/SKILL.md).
+- Current canonical folders include:
+- `general`, `rest-api`, `webhooks`, `websockets`, `meeting-sdk`, `video-sdk`, `zoom-apps-sdk`
+- `rtms`, `team-chat`, `ui-toolkit`, `cobrowse-sdk`, `oauth`
+- `contact-center`, `virtual-agent`, `phone`, `rivet-sdk`, `probe-sdk`
+
+### Markdown Linking Rules (Required)
+
+- Use real markdown links for local docs (for example: `text -> docs/example.md`).
+- Do not use backticks for local doc references if you want them counted in relationship graphs.
+- Use repository-relative paths; do not commit machine-local absolute paths (for example `/home/your-user/...`).
+- Every new `.md` file should be linked from at least one parent/index/`SKILL.md` file.
+
+## Using AI Assistants for Contributions
+
+You can use Codex or another AI assistant to help create or improve skills:
+
+### Recommended Workflow
+
+1. **Research Phase**
+ ```
+ Research the official Zoom documentation for [topic].
+ Check the developer forum for common issues.
+ Find working code examples.
+ ```
+
+2. **Drafting Phase**
+ ```
+ Create a skill following the SKILL.md template.
+ Include practical code examples.
+ Document known limitations and gotchas.
+ ```
+
+3. **Validation Phase**
+ ```
+ Cross-check all information with official Zoom docs.
+ Verify code examples are syntactically correct.
+ Ensure links are valid.
+ ```
+
+### Assistant Usage Tips
+
+- **Be specific**: "Create a use case for RTMS audio streaming to S3" not "write about RTMS"
+- **Provide context**: Share relevant existing skills as examples
+- **Iterate**: Review drafts and ask for improvements
+- **Verify**: Always cross-check AI-generated content with official sources
+
+### What AI Assistants Can Help With
+
+| Task | How Assistants Help |
+|------|------------------|
+| Research | Search docs, forums, GitHub for information |
+| Drafting | Create initial skill content following templates |
+| Code examples | Generate working code snippets |
+| Cross-referencing | Check consistency across skills |
+| Formatting | Ensure markdown is correct |
+
+### What Requires Human Review
+
+| Task | Why Human Review |
+|------|------------------|
+| Technical accuracy | AI may hallucinate APIs or features |
+| Real-world gotchas | Comes from actual development experience |
+| Business logic | Zoom-specific requirements and policies |
+| Security practices | Must be verified against official guidance |
+
+## Quality Standards
+
+### Do
+
+- Verify all claims with official documentation
+- Include working, tested code examples
+- Document known limitations prominently
+- Link to official resources
+- Keep examples simple and practical
+- Check that moved or renamed docs still have inbound links
+- Remove outdated guidance that no longer matches the current plugin structure
+
+### Don't
+
+- Include unverified information
+- Speculate about undocumented behavior
+- Copy proprietary code without permission
+- Include outdated or deprecated APIs without noting it
+- Over-engineer examples
+
+## Code of Conduct
+
+- Be respectful and constructive
+- Focus on improving the documentation
+- Credit sources appropriately
+- Follow Zoom's developer terms of service
+
+## Questions?
+
+- Open a GitHub issue for questions about contributing
+- Check existing issues before creating new ones
+- Join the [Zoom Developer Forum](https://devforum.zoom.us/) for Zoom-specific questions, feedback, and improvement requests for these agent skills
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the MIT License.
diff --git a/plugins/zoom-developers/LICENSE b/plugins/zoom-developers/LICENSE
new file mode 100644
index 00000000..d95e1f8a
--- /dev/null
+++ b/plugins/zoom-developers/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Zoom Video Communications, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/plugins/zoom-developers/README.md b/plugins/zoom-developers/README.md
new file mode 100644
index 00000000..fc78a68d
--- /dev/null
+++ b/plugins/zoom-developers/README.md
@@ -0,0 +1,134 @@
+# Zoom Developers
+
+Zoom Developers is a Codex plugin for planning, building, and debugging Zoom integrations. It helps engineers choose the right Zoom product surface, shape implementation plans, debug failures, and route into Zoom API, SDK, webhook, bot, and automation references without reading the full Zoom doc tree first.
+
+## Plugin Shape
+
+This repository is packaged as a Codex plugin:
+
+- plugin manifest: [`.codex-plugin/plugin.json`](.codex-plugin/plugin.json)
+- marketplace catalog entry: [`../../.agents/plugins/marketplace.json`](../../.agents/plugins/marketplace.json)
+- deterministic command workflows: [`commands/`](commands/)
+- focused reviewer agents: [`agents/`](agents/)
+- reusable workflows and references: [`skills/`](skills/)
+
+This plugin contains local developer guidance, commands, skills, and reviewer agents.
+
+## Using In Codex
+
+Codex can use this plugin through command, skill, and reviewer-agent surfaces:
+
+- install the plugin from `/plugins`
+- mention the plugin as `@Zoom Developers` if the UI exposes it
+- use slash commands for deterministic flows such as `/setup-zoom-oauth`, `/debug-zoom-auth`, `/debug-zoom-webhook`, and `/zoom-integration-doctor`
+- invoke a bundled skill explicitly with `$skill-name`, for example `$start` or `$setup-zoom-oauth`
+- describe the task naturally and let Codex route into the right skill
+
+This plugin is for developer guidance and implementation workflows only.
+
+If a newly installed skill does not trigger in the current thread, start a new Codex session so the plugin metadata reloads.
+
+## Command Workflows
+
+Use the bundled slash commands when you want a deterministic flow rather than open-ended routing:
+
+| Command | Description |
+|---|---|
+| [`/plan-zoom-product`](commands/plan-zoom-product.md) | Choose the right Zoom product surface for a use case and explain the tradeoffs clearly |
+| [`/plan-zoom-integration`](commands/plan-zoom-integration.md) | Turn a Zoom product idea into a practical build plan with auth, architecture, and milestones |
+| [`/debug-zoom`](commands/debug-zoom.md) | Triage a broken Zoom integration when the failing layer is not yet obvious |
+| [`/setup-zoom-oauth`](commands/setup-zoom-oauth.md) | Inspect the repo, choose the right Zoom OAuth flow, and wire the auth path cleanly |
+| [`/setup-zoom-webhooks`](commands/setup-zoom-webhooks.md) | Implement or correct a Zoom webhook receiver with validation, signature checks, and reliable delivery handling |
+| [`/setup-zoom-websockets`](commands/setup-zoom-websockets.md) | Implement or correct a Zoom WebSocket event stream with connection lifecycle and reconnect handling |
+| [`/debug-zoom-auth`](commands/debug-zoom-auth.md) | Isolate OAuth, SDK auth, or token lifecycle failures and propose the minimal fix |
+| [`/debug-zoom-webhook`](commands/debug-zoom-webhook.md) | Triage webhook registration, signature validation, delivery, and handler issues |
+| [`/zoom-integration-doctor`](commands/zoom-integration-doctor.md) | Run a read-first integration audit across auth, SDK/API choice, and eventing |
+
+## Build Commands
+
+Use the bundled build commands when you want Codex to drive a specific Zoom implementation path:
+
+| Command | Description |
+|---|---|
+| [`/build-zoom-rest-api-app`](commands/build-zoom-rest-api-app.md) | Implement a Zoom REST API integration with the right resources, auth path, and verification loop |
+| [`/build-zoom-apps-sdk-app`](commands/build-zoom-apps-sdk-app.md) | Implement a Zoom Apps SDK app that runs inside the Zoom client with the right running context and auth path |
+| [`/build-zoom-meeting-app`](commands/build-zoom-meeting-app.md) | Implement an embedded or managed Zoom meeting flow in the current codebase |
+| [`/build-zoom-meeting-sdk-app`](commands/build-zoom-meeting-sdk-app.md) | Implement a Zoom Meeting SDK integration with the right platform-specific join or start flow |
+| [`/build-zoom-video-sdk-app`](commands/build-zoom-video-sdk-app.md) | Implement a custom Zoom Video SDK session workflow |
+| [`/build-zoom-ui-toolkit-app`](commands/build-zoom-ui-toolkit-app.md) | Implement a Zoom Video SDK UI Toolkit integration for a prebuilt web session UI |
+| [`/build-zoom-cobrowse-app`](commands/build-zoom-cobrowse-app.md) | Implement a Zoom Cobrowse integration with session lifecycle, privacy controls, and support workflow wiring |
+| [`/build-zoom-rivet-app`](commands/build-zoom-rivet-app.md) | Implement a server-side Zoom integration with Rivet modules for auth, APIs, and webhooks |
+| [`/build-zoom-probe-flow`](commands/build-zoom-probe-flow.md) | Implement readiness checks with Zoom Probe SDK before users join meetings or sessions |
+| [`/build-zoom-rtms-app`](commands/build-zoom-rtms-app.md) | Implement a Zoom RTMS workflow for live media, transcript, or event-stream processing |
+| [`/build-zoom-scribe-app`](commands/build-zoom-scribe-app.md) | Implement a Zoom Scribe transcription pipeline for uploaded or stored media |
+| [`/build-zoom-bot`](commands/build-zoom-bot.md) | Implement a Zoom meeting bot, recorder, or real-time media workflow |
+| [`/build-zoom-team-chat-app`](commands/build-zoom-team-chat-app.md) | Implement a Zoom Team Chat integration or chatbot flow |
+| [`/build-zoom-phone-integration`](commands/build-zoom-phone-integration.md) | Implement a Zoom Phone integration around APIs, Smart Embed, or events |
+| [`/build-zoom-contact-center-app`](commands/build-zoom-contact-center-app.md) | Implement a Zoom Contact Center integration for web, mobile, or backend workflows |
+| [`/build-zoom-virtual-agent`](commands/build-zoom-virtual-agent.md) | Implement a Zoom Virtual Agent integration for web or mobile wrappers |
+
+## Reviewer Agents
+
+The plugin also bundles focused reviewer agents for specialist analysis:
+
+| Agent | Description |
+|---|---|
+| [`zoom-oauth-scope-auditor`](agents/zoom-oauth-scope-auditor.md) | Review scope sets for least privilege, missing scopes, and cross-surface mistakes |
+| [`zoom-integration-reviewer`](agents/zoom-integration-reviewer.md) | Review a Zoom integration end to end for architectural, auth, webhook, and SDK risks |
+
+## Primary Workflows
+
+Codex can invoke skills implicitly from task descriptions, or explicitly by mentioning a skill such as `$start` or `$setup-zoom-oauth`.
+
+| Skill | Description |
+|---|---|
+| [`start`](skills/start/SKILL.md) | Start with a Zoom app idea and route to the right product and build path |
+| [`setup-zoom-oauth`](skills/setup-zoom-oauth/SKILL.md) | Choose the auth model, scopes, and redirect flow for a Zoom app |
+| [`build-zoom-meeting-app`](skills/build-zoom-meeting-app/SKILL.md) | Build an embedded or managed Zoom meeting flow |
+| [`build-zoom-bot`](skills/build-zoom-bot/SKILL.md) | Build bots, recorders, and real-time meeting processors |
+| [`debug-zoom`](skills/debug-zoom/SKILL.md) | Triage a broken Zoom integration and isolate the failing layer |
+| [`build-zoom-rest-api-app`](skills/rest-api/SKILL.md) | Route into Zoom REST endpoints, scopes, and resource patterns |
+| [`build-zoom-meeting-sdk-app`](skills/meeting-sdk/SKILL.md) | Route into embedded Zoom meeting implementation details |
+| [`build-zoom-video-sdk-app`](skills/video-sdk/SKILL.md) | Route into custom video-session implementation details |
+| [`build-zoom-rtms-app`](skills/rtms/SKILL.md) | Route into Zoom RTMS for live media, transcript, and event-stream workflows |
+| [`setup-zoom-webhooks`](skills/webhooks/SKILL.md) | Set up Zoom webhook subscriptions, signature verification, and handlers |
+| [`setup-zoom-websockets`](skills/websockets/SKILL.md) | Set up Zoom WebSocket event delivery when it fits better than webhooks |
+| [`build-zoom-team-chat-app`](skills/team-chat/SKILL.md) | Build Team Chat user or chatbot integrations |
+| [`build-zoom-phone-integration`](skills/phone/SKILL.md) | Build Zoom Phone integrations around Smart Embed, APIs, and events |
+| [`build-zoom-contact-center-app`](skills/contact-center/SKILL.md) | Build Contact Center app, web, or native integrations |
+| [`build-zoom-virtual-agent`](skills/virtual-agent/SKILL.md) | Build Virtual Agent web or mobile wrapper integrations |
+
+## Supporting References
+
+The plugin keeps the Zoom product-specific reference library under `skills/`. These are supporting references, not the primary entry surface:
+
+- [`skills/general/`](skills/general/)
+- [`skills/rest-api/`](skills/rest-api/)
+- [`skills/meeting-sdk/`](skills/meeting-sdk/)
+- [`skills/video-sdk/`](skills/video-sdk/)
+- [`skills/webhooks/`](skills/webhooks/)
+- [`skills/websockets/`](skills/websockets/)
+- [`skills/rtms/`](skills/rtms/)
+- [`skills/oauth/`](skills/oauth/)
+
+## Example Prompts
+
+```text
+Use $start to plan an internal meeting assistant that extracts action items and stores summaries.
+```
+
+```text
+Run /build-zoom-meeting-app to add a Zoom join flow to this React app with the right auth and server-side pieces.
+```
+
+```text
+Run /debug-zoom-webhook to diagnose why Zoom events reach the endpoint but signature validation fails.
+```
+
+```text
+Run /plan-zoom-product for an internal meeting assistant that needs summaries, action items, and follow-up docs so we pick the right Zoom surface first.
+```
+
+## Related Plugin
+
+If your goal is to connect Codex to live Zoom meeting data, use the separate `Zoom` plugin instead of this one.
diff --git a/plugins/zoom-developers/agents/openai.yaml b/plugins/zoom-developers/agents/openai.yaml
new file mode 100644
index 00000000..5a2f2133
--- /dev/null
+++ b/plugins/zoom-developers/agents/openai.yaml
@@ -0,0 +1,6 @@
+interface:
+ display_name: "Zoom Developers"
+ short_description: "Use Zoom Developers reviewer agents for scope audits and integration reviews"
+ icon_small: "./assets/zoom-small.svg"
+ icon_large: "./assets/app-icon.svg"
+ default_prompt: "Use Zoom Developers reviewer agents to audit scopes and review Zoom integrations for architectural and implementation issues."
diff --git a/plugins/zoom-developers/agents/zoom-integration-reviewer.md b/plugins/zoom-developers/agents/zoom-integration-reviewer.md
new file mode 100644
index 00000000..1c70666f
--- /dev/null
+++ b/plugins/zoom-developers/agents/zoom-integration-reviewer.md
@@ -0,0 +1,15 @@
+You are the Zoom Integration Reviewer for this plugin.
+
+Purpose:
+- Review a Zoom integration end to end for architectural fit, auth correctness, eventing reliability, and SDK or API misuse.
+
+Rules:
+- Prioritize behavioral risk and production failure modes over style.
+- Flag wrong product-surface choices, broken token lifecycle assumptions, webhook verification bugs, and unsupported SDK or API assumptions first.
+- Report findings before summaries.
+- If evidence is incomplete, say what is missing instead of guessing.
+
+Output format:
+1. Findings ordered by severity
+2. Open questions or missing evidence
+3. Recommended next steps
diff --git a/plugins/zoom-developers/agents/zoom-oauth-scope-auditor.md b/plugins/zoom-developers/agents/zoom-oauth-scope-auditor.md
new file mode 100644
index 00000000..cc34f4f4
--- /dev/null
+++ b/plugins/zoom-developers/agents/zoom-oauth-scope-auditor.md
@@ -0,0 +1,16 @@
+You are the Zoom OAuth Scope Auditor for this plugin.
+
+Purpose:
+- Review requested, configured, and documented Zoom scopes for least privilege and correctness.
+- Catch missing scopes, over-broad scopes, and scope sets that mix the wrong Zoom product surfaces.
+
+Rules:
+- Prefer the narrowest documented scope set that supports the requested workflow.
+- Distinguish REST API scopes, SDK-related auth requirements, and product-specific granular scopes.
+- Do not invent scopes. If evidence is missing, say what is missing.
+- Treat classic broad scopes as suspect when the workflow clearly uses a published granular alternative.
+
+Output format:
+1. Findings ordered by severity
+2. Missing evidence or assumptions
+3. Recommended scope set by surface
diff --git a/plugins/zoom-developers/assets/app-icon.svg b/plugins/zoom-developers/assets/app-icon.svg
new file mode 100644
index 00000000..0e66c135
--- /dev/null
+++ b/plugins/zoom-developers/assets/app-icon.svg
@@ -0,0 +1,5 @@
+
diff --git a/plugins/zoom-developers/assets/zoom-small.svg b/plugins/zoom-developers/assets/zoom-small.svg
new file mode 100644
index 00000000..9a983167
--- /dev/null
+++ b/plugins/zoom-developers/assets/zoom-small.svg
@@ -0,0 +1,5 @@
+
diff --git a/plugins/zoom-developers/commands/_conventions.md b/plugins/zoom-developers/commands/_conventions.md
new file mode 100644
index 00000000..8da26a66
--- /dev/null
+++ b/plugins/zoom-developers/commands/_conventions.md
@@ -0,0 +1,70 @@
+# Command Conventions
+
+Every slash command in this plugin follows a consistent structure so Codex produces reliable, verifiable Zoom workflow results. Every non-underscore file in `commands/` must include all required sections below.
+
+## Required Sections
+
+### 1. Preflight
+
+Check prerequisites before doing any work:
+
+- Inspect the current repo for the relevant Zoom surface, framework, and existing integration code.
+- Confirm required local tools are available before relying on them.
+- Note missing credentials, env vars, callback routes, or endpoint URLs before attempting setup or debugging.
+- Flag dirty working tree or risky production-impacting changes when they matter to the requested workflow.
+
+Preflight failures should produce clear next actions. Do not silently skip them.
+
+### 2. Plan
+
+State what will happen before execution:
+
+- List the files, commands, and external checks the workflow will use.
+- Call out any destructive or production-impacting step and require explicit user confirmation.
+- If there are multiple viable paths, state which one was chosen and why.
+
+### 3. Commands
+
+The operational core. Follow these conventions:
+
+- Prefer read-first inspection before making code or config changes.
+- Never print secret values. Show env var names, scope names, file paths, and metadata only.
+- Use structured output when available.
+- Prefer the narrowest Zoom surface that actually solves the task.
+- Do not claim OAuth, webhook, or SDK setup succeeded without checking the relevant evidence.
+
+### 4. Verification
+
+After execution, confirm the outcome:
+
+- Re-read the changed files or live state.
+- Verify the exact auth, signature, endpoint, or config path that was modified.
+- Surface errors, warnings, and unresolved blockers explicitly.
+
+### 5. Summary
+
+Present a concise result block:
+
+```text
+## Result
+- Action: what was done
+- Status: success | partial | failed
+- Details: key files, env vars, endpoints, or findings
+```
+
+### 6. Next Steps
+
+Suggest the logical follow-up:
+
+- setup flows -> test auth or live API connectivity
+- debug flows -> rerun the failing path with the fix applied
+- review flows -> apply the recommended fixes or narrow the scope
+
+## File Naming
+
+- Command files live in `commands/` and end in `.md`.
+- Files prefixed with `_` are conventions or meta docs, not user-facing commands.
+
+## Frontmatter
+
+Every command file must include YAML frontmatter with at least a `description` field.
diff --git a/plugins/zoom-developers/commands/build-zoom-apps-sdk-app.md b/plugins/zoom-developers/commands/build-zoom-apps-sdk-app.md
new file mode 100644
index 00000000..993f4571
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-apps-sdk-app.md
@@ -0,0 +1,54 @@
+---
+description: Implement a Zoom Apps SDK app that runs inside the Zoom client with the right running context, auth path, and backend integration.
+---
+
+# Build Zoom Apps SDK App
+
+Use this command when the repo should build an app that runs inside the Zoom client rather than embedding Zoom in an external app.
+
+## Preflight
+
+1. Inspect the codebase for existing Zoom Apps SDK usage, frontend framework, backend APIs, and auth handling.
+2. Confirm the requirement is truly an in-client Zoom app and not a Meeting SDK or Video SDK workflow.
+3. Identify the required running context: meeting, webinar, main client, phone, collaborate mode, immersive mode, camera mode, or another supported context.
+4. Check for required Marketplace app settings, allowed domains, redirect URIs, and in-client OAuth requirements without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the target running context and user flow
+- list the files that will be changed
+- state the auth model, backend responsibilities, and any capability gating
+- state how the app will be verified locally or in Zoom client testing
+
+## Commands
+
+1. Add or correct Zoom Apps SDK initialization in the correct frontend surface.
+2. Configure capability checks and gate features by running context instead of assuming global support.
+3. Add the minimum backend or API wiring needed for the app’s first useful flow.
+4. Wire in-client OAuth or supporting backend auth only where the chosen workflow requires it.
+5. Keep domain allowlists, callback paths, and app configuration aligned with the implementation.
+6. Avoid mixing external embed assumptions into an in-client Zoom app architecture.
+
+## Verification
+
+1. Re-read the client initialization, capability checks, and backend integration code after changes.
+2. Run local build or tests where available.
+3. Verify the app load path, running-context assumptions, and first useful user action.
+4. State any remaining blocker such as allowlist gaps, missing Zoom client context, or app configuration mismatch.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Apps SDK app
+- Status: success | partial | failed
+- Details: running context, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the app inside the intended Zoom client context.
+- Add advanced client capabilities only after the base app loads reliably.
+- If the requirement is to run outside Zoom client, switch to the appropriate meeting, video, or REST flow.
diff --git a/plugins/zoom-developers/commands/build-zoom-bot.md b/plugins/zoom-developers/commands/build-zoom-bot.md
new file mode 100644
index 00000000..ccb924ed
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-bot.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom meeting bot, recorder, or real-time media workflow in the current codebase.
+---
+
+# Build Zoom Bot
+
+Use this command when the repo needs to join meetings programmatically, capture media, process transcripts, or automate meeting-time behavior.
+
+## Preflight
+
+1. Inspect the codebase for existing bot, worker, Meeting SDK, RTMS, or media-processing code.
+2. Identify whether the bot is joining meetings, consuming live media, processing recordings, or combining multiple paths.
+3. Confirm the execution environment and deployment model for the bot runtime.
+4. Check for required credentials, meeting join inputs, and media dependencies without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the bot goal and the Zoom surfaces involved
+- list the files that will be changed
+- state the auth path, runtime responsibilities, and media or transcript outputs
+- state how the first working bot path will be verified
+
+## Commands
+
+1. Add or correct the bot entry path, meeting join or attach flow, and downstream processing pipeline.
+2. Keep the first pass narrow: one working automation path before optional orchestration or analytics layers.
+3. Add the minimal server, worker, or scheduler wiring required for the workflow.
+4. Reuse existing logging, queueing, and secrets patterns where possible.
+5. Do not claim recording or transcript automation works until the path is checked end to end.
+
+## Verification
+
+1. Re-read the bot runtime, auth helpers, and processing code that changed.
+2. Run local build, tests, or static validation where available.
+3. Verify the join pipeline, media handling assumptions, or downstream artifact path.
+4. State any remaining blocker such as runtime environment constraints, account requirements, or missing meeting inputs.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom bot workflow
+- Status: success | partial | failed
+- Details: runtime, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test with a real meeting in a controlled environment.
+- Add storage, analytics, or downstream integrations only after the base bot loop works.
+- If the requirement is post-meeting retrieval rather than live participation, consider REST APIs or recording workflows instead.
diff --git a/plugins/zoom-developers/commands/build-zoom-cobrowse-app.md b/plugins/zoom-developers/commands/build-zoom-cobrowse-app.md
new file mode 100644
index 00000000..c6d7e48a
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-cobrowse-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Cobrowse integration with session lifecycle, privacy controls, and support workflow wiring.
+---
+
+# Build Zoom Cobrowse App
+
+Use this command when the repo needs a browser co-browsing experience for support or guided assistance workflows.
+
+## Preflight
+
+1. Inspect the codebase for existing support tooling, session initialization code, frontend embeds, and auth or token generation helpers.
+2. Confirm the workflow is truly browser co-browsing rather than Contact Center, Virtual Agent, or a general screen-sharing feature.
+3. Identify the role model: customer page, agent console, session initiation path, and handoff mechanism.
+4. Check whether required tokens, allowed origins, and privacy requirements are already represented without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the support workflow and role model
+- list the files that will be changed
+- state the auth path, session lifecycle responsibilities, and privacy controls in scope
+- state how the base Cobrowse flow will be verified
+
+## Commands
+
+1. Add or correct the Cobrowse SDK initialization and base session lifecycle in the proper frontend and backend layers.
+2. Implement the smallest working start or join flow before adding advanced annotations or remote-assist behavior.
+3. Add privacy masking and blocked-element handling early when required by the workflow.
+4. Reuse existing session management, logging, and support tooling patterns where possible.
+5. Avoid pushing unrelated Contact Center or Virtual Agent abstractions into a Cobrowse-specific flow.
+
+## Verification
+
+1. Re-read the session initialization, auth path, and privacy or event-handling code after changes.
+2. Run local build or tests where available.
+3. Verify the start or join flow, session lifecycle, and privacy assumptions.
+4. State any remaining blocker such as token generation, allowed-origin config, CORS or CSP, or browser constraints.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Cobrowse integration
+- Status: success | partial | failed
+- Details: files changed, auth path, session lifecycle, verification run
+```
+
+## Next Steps
+
+- Test one real support session end to end.
+- Add remote assist or richer collaboration only after the base session path works.
+- If the product choice is still uncertain, compare against Contact Center or Virtual Agent before expanding scope.
diff --git a/plugins/zoom-developers/commands/build-zoom-contact-center-app.md b/plugins/zoom-developers/commands/build-zoom-contact-center-app.md
new file mode 100644
index 00000000..9351db4e
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-contact-center-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Contact Center integration for web, mobile, or backend workflows with the right auth and event handling.
+---
+
+# Build Zoom Contact Center App
+
+Use this command when the repo needs Zoom Contact Center web, mobile, or backend integration work.
+
+## Preflight
+
+1. Inspect the codebase for existing Contact Center code, SDK usage, OAuth handling, and event consumers.
+2. Identify the target platform and workflow: web embed, native wrapper, engagement handling, campaign flow, or backend orchestration.
+3. Confirm the owning runtime and UI surface.
+4. Check for the required auth, SDK, or endpoint configuration without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the target platform and Contact Center workflow
+- list the files that will be changed
+- state the auth path, event path, and interaction model
+- state how the initial integration will be verified
+
+## Commands
+
+1. Add or correct the Contact Center integration at the proper platform layer.
+2. Reuse existing app structure and avoid generic abstractions that hide platform-specific requirements.
+3. Keep the first pass scoped to one concrete engagement or routing workflow.
+4. Add the minimum auth, event, and UI wiring required for a working path.
+5. Keep secrets and account-specific identifiers out of output.
+
+## Verification
+
+1. Re-read the platform integration files and supporting auth or event code that changed.
+2. Run local build or tests where available.
+3. Verify the configured workflow path and handler shape.
+4. State any remaining blocker such as missing SDK setup, app configuration, or account prerequisites.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Contact Center workflow
+- Status: success | partial | failed
+- Details: platform, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the target engagement flow in the intended environment.
+- Expand to more event or campaign cases only after the base path works.
+- If auth or delivery is failing, use the narrower setup or debug commands next.
diff --git a/plugins/zoom-developers/commands/build-zoom-meeting-app.md b/plugins/zoom-developers/commands/build-zoom-meeting-app.md
new file mode 100644
index 00000000..f40089cd
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-meeting-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement an embedded or managed Zoom meeting flow in the current codebase with the right SDK and auth path.
+---
+
+# Build Zoom Meeting App
+
+Use this command when the repo needs to embed or launch real Zoom meetings with the Meeting SDK or adjacent server-side join flow.
+
+## Preflight
+
+1. Inspect the codebase for existing Zoom meeting code, frontend framework, backend support, and auth handling.
+2. Confirm the requested experience is a real Zoom meeting and not a custom video experience that belongs on Video SDK.
+3. Identify the target platform: web, mobile, desktop, or multi-platform.
+4. Check whether the codebase already has the required server-side token or signature path without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the target platform and Meeting SDK surface
+- list the files that will be changed
+- state the join or start flow, auth path, and required backend pieces
+- state how the meeting flow will be verified locally
+
+## Commands
+
+1. Inspect current app structure and place the meeting integration in the correct UI and server layers.
+2. Add or correct Meeting SDK initialization, join or start flow, and backend auth support.
+3. Keep the implementation aligned with the target platform’s established patterns instead of forcing a generic abstraction.
+4. Add only the minimum UI, env wiring, and server code needed for a working meeting flow.
+5. Keep secrets, tokens, and meeting credentials out of output and logs.
+
+## Verification
+
+1. Re-read the meeting client code and any server auth helpers that changed.
+2. Run the relevant local build or tests.
+3. Verify the UI path reaches the expected join or start call shape.
+4. State any remaining blocker such as missing credentials, callback setup, domain config, or SDK prerequisites.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom meeting app flow
+- Status: success | partial | failed
+- Details: platform, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the join or start flow with a real meeting.
+- Add webhook or bot-side follow-up only if the product needs it.
+- If the requirement is actually custom media control, switch to `/build-zoom-video-sdk-app`.
diff --git a/plugins/zoom-developers/commands/build-zoom-meeting-sdk-app.md b/plugins/zoom-developers/commands/build-zoom-meeting-sdk-app.md
new file mode 100644
index 00000000..e6ebc74d
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-meeting-sdk-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Meeting SDK integration with the right platform-specific join or start flow, auth path, and verification loop.
+---
+
+# Build Zoom Meeting SDK App
+
+Use this command when the repo needs to join, start, or embed real Zoom meetings through the Meeting SDK rather than a broader meeting workflow.
+
+## Preflight
+
+1. Inspect the codebase for existing Meeting SDK usage, target platform code, backend signature helpers, and meeting join UI.
+2. Confirm the requirement is a real Zoom meeting and not a custom video session or an in-client Zoom app.
+3. Identify the target platform: web, Android, iOS, macOS, Windows, Electron, React Native, Unreal, or Linux bot.
+4. Check whether the required auth and meeting inputs exist without printing secrets: meeting number, password path, role, SDK auth material, and host start requirements.
+
+## Plan
+
+Before making changes:
+
+- state the target Meeting SDK platform and user flow
+- list the files that will be changed
+- state the auth path, join or start flow, and any required backend pieces
+- state how the implementation will be verified locally
+
+## Commands
+
+1. Add or correct Meeting SDK initialization at the appropriate client layer for the target platform.
+2. Implement the smallest working join or start flow before adding advanced meeting controls or raw data features.
+3. Add or correct the backend auth path needed for the chosen platform.
+4. Keep platform-specific behavior explicit instead of forcing a generic abstraction over materially different SDKs.
+5. Avoid leaking meeting credentials, signatures, or tokens in logs or command output.
+
+## Verification
+
+1. Re-read the client Meeting SDK code and supporting backend auth code after changes.
+2. Run the relevant local build or tests where available.
+3. Verify the join or start call shape, auth path, and expected meeting inputs.
+4. State any remaining blocker such as missing credentials, waiting room constraints, unsupported environment, or platform setup gaps.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Meeting SDK integration
+- Status: success | partial | failed
+- Details: platform, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the flow with a real meeting on the target platform.
+- Add meeting controls or bot-like behavior only after the base join path works.
+- If the requirement changes to a custom session product, switch to `/build-zoom-video-sdk-app`.
diff --git a/plugins/zoom-developers/commands/build-zoom-phone-integration.md b/plugins/zoom-developers/commands/build-zoom-phone-integration.md
new file mode 100644
index 00000000..afc61897
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-phone-integration.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Phone integration around APIs, Smart Embed, calling flows, and event handling.
+---
+
+# Build Zoom Phone Integration
+
+Use this command when the repo needs Zoom Phone APIs, embedded phone experiences, CTI-style workflows, or call-related automation.
+
+## Preflight
+
+1. Inspect the codebase for existing phone integration code, OAuth handling, embed surfaces, and event consumers.
+2. Identify whether the workflow is Smart Embed, direct API usage, call automation, CRM integration, or another phone-specific path.
+3. Confirm the runtime and UI surface that will own the phone workflow.
+4. Check for the required auth and event configuration without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the Phone workflow being implemented
+- list the files that will be changed
+- state the auth path, event path, and user interaction surface
+- state how the initial phone flow will be verified
+
+## Commands
+
+1. Add or correct the Zoom Phone integration at the appropriate UI or backend layer.
+2. Reuse existing routing, event, and API abstractions where possible.
+3. Keep the first pass focused on one concrete calling or phone-data workflow.
+4. Add the minimum configuration, auth handling, and event logic required for a working path.
+5. Avoid blending general meeting assumptions into phone-specific workflows.
+
+## Verification
+
+1. Re-read the phone integration code and supporting auth or event code that changed.
+2. Run local build or tests where available.
+3. Verify the API, embed, or event path shape.
+4. State any remaining blocker such as missing account setup, OAuth scope gaps, or runtime prerequisites.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Phone integration
+- Status: success | partial | failed
+- Details: files changed, auth path, event path, verification run
+```
+
+## Next Steps
+
+- Exercise one real call-related workflow end to end.
+- Add CRM or analytics follow-up only after the base integration works.
+- If auth is incomplete, run `/setup-zoom-oauth`.
diff --git a/plugins/zoom-developers/commands/build-zoom-probe-flow.md b/plugins/zoom-developers/commands/build-zoom-probe-flow.md
new file mode 100644
index 00000000..1a62e513
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-probe-flow.md
@@ -0,0 +1,53 @@
+---
+description: Implement readiness checks with Zoom Probe SDK before users join meetings or sessions.
+---
+
+# Build Zoom Probe Flow
+
+Use this command when the app needs pre-join diagnostics for browser, device, network, or environment readiness before Meeting SDK or Video SDK sessions.
+
+## Preflight
+
+1. Inspect the codebase for existing pre-join screens, media-permission checks, diagnostics code, and meeting or video join flows.
+2. Confirm the requirement is readiness gating before join, not a general support diagnostics page unrelated to Zoom session entry.
+3. Identify which checks matter for this workflow: browser support, camera, microphone, speaker, network, CPU, or diagnostic reports.
+4. Check how failed checks should be handled: block join, warn the user, or capture telemetry.
+
+## Plan
+
+Before making changes:
+
+- state the target join flow and the readiness checks in scope
+- list the files that will be changed
+- state the gating behavior and any telemetry or support output
+- state how the probe flow will be verified
+
+## Commands
+
+1. Add or correct the Probe SDK integration at the pre-join layer of the app.
+2. Run diagnostics before the Meeting SDK or Video SDK join path rather than during unrelated app initialization.
+3. Keep probe results separate from tokens and avoid collecting unnecessary device details.
+4. Add the minimum UI or state handling needed to communicate readiness and block or allow join appropriately.
+5. Reuse existing telemetry or support-reporting patterns where possible.
+
+## Verification
+
+1. Re-read the diagnostics code, gating logic, and any reporting path after changes.
+2. Run local build or tests where available.
+3. Verify the probe checks run before join and influence the flow as intended.
+4. State any remaining blocker such as HTTPS requirements, browser limitations, permission handling, or unsupported environments.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Probe readiness flow
+- Status: success | partial | failed
+- Details: files changed, checks added, gating behavior, verification run
+```
+
+## Next Steps
+
+- Test the flow under both passing and failing device or network conditions.
+- Tune the threshold between warn and block after observing real user behavior.
+- If the app also needs the actual meeting or session join flow, wire the probe output into the corresponding build command next.
diff --git a/plugins/zoom-developers/commands/build-zoom-rest-api-app.md b/plugins/zoom-developers/commands/build-zoom-rest-api-app.md
new file mode 100644
index 00000000..4d733c65
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-rest-api-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom REST API integration with the right resources, auth path, and verification loop.
+---
+
+# Build Zoom REST API App
+
+Use this command when the repo should call Zoom REST endpoints directly for meetings, users, recordings, docs-adjacent workflows, or account resources.
+
+## Preflight
+
+1. Inspect the codebase for existing Zoom API usage, env vars, HTTP client wrappers, and server routes.
+2. Confirm the requested workflow is actually a REST API problem and not better served by Meeting SDK, Video SDK, or Webhooks.
+3. Identify the runtime that will own the Zoom API calls and token lifecycle.
+4. Check whether the required OAuth values and scope configuration already exist without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the exact Zoom resource or endpoint family to implement
+- list the files that will be created or edited
+- state the auth model, token owner, and required scopes
+- state how the new API flow will be verified
+
+## Commands
+
+1. Inspect the existing project structure and add the Zoom API integration at the narrowest appropriate layer.
+2. Reuse existing HTTP client, config, and error-handling patterns where possible.
+3. Add or correct Zoom OAuth token usage, API calls, request validation, and response shaping.
+4. Keep secrets out of logs and avoid leaking access tokens in output.
+5. Add minimal docs or examples only where they materially help the next developer use the integration.
+
+## Verification
+
+1. Re-read the edited files and confirm the endpoint, auth path, and error handling are coherent.
+2. Run the relevant local tests or build if available.
+3. If safe credentials already exist, exercise the narrowest live or mocked API path to confirm request shape.
+4. State any remaining blocker such as missing scopes, callback setup, or account permissions.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom REST API integration
+- Status: success | partial | failed
+- Details: endpoints, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Run one end-to-end request with real credentials if not already done.
+- Add webhook handoff only if the use case actually needs it.
+- If auth is incomplete, run `/setup-zoom-oauth` next.
diff --git a/plugins/zoom-developers/commands/build-zoom-rivet-app.md b/plugins/zoom-developers/commands/build-zoom-rivet-app.md
new file mode 100644
index 00000000..cbe0353c
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-rivet-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a server-side Zoom integration with Rivet modules for auth, APIs, webhooks, and deployment-safe composition.
+---
+
+# Build Zoom Rivet App
+
+Use this command when the repo should build a server-side Zoom integration around the Rivet SDK instead of hand-rolled API and webhook plumbing.
+
+## Preflight
+
+1. Inspect the codebase for existing Rivet usage, server entry points, OAuth handling, webhook receivers, and deployment configuration.
+2. Confirm Rivet is the intended abstraction and not just a generic backend integration that should stay with direct API and webhook code.
+3. Identify the required modules: app configuration, OAuth, API clients, webhook handlers, and business workflow handlers.
+4. Check whether the required environment variables and deployment model are already represented without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the Rivet workflow being implemented
+- list the files that will be changed
+- state the auth path, webhook path, and module composition strategy
+- state how the first working Rivet path will be verified
+
+## Commands
+
+1. Add or correct the Rivet-based module structure at the correct server layer.
+2. Implement the smallest authenticated API path and webhook receiver before composing broader multi-module behavior.
+3. Keep environment handling and deployment assumptions explicit, especially for Lambda-style or serverless receivers.
+4. Reuse existing repo patterns for config, logging, and secret management where possible.
+5. Avoid wrapping Rivet in unnecessary abstractions that make the auth and webhook paths harder to reason about.
+
+## Verification
+
+1. Re-read the Rivet module setup, auth handling, and webhook integration code after changes.
+2. Run local build or tests where available.
+3. Verify the module wiring, auth path, and first useful API or webhook flow.
+4. State any remaining blocker such as framework drift, deployment mismatch, or missing app credentials.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Rivet integration
+- Status: success | partial | failed
+- Details: files changed, module setup, auth path, verification run
+```
+
+## Next Steps
+
+- Exercise one real authenticated API path and one webhook flow.
+- Expand to multi-module workflows only after the base path works.
+- If Rivet is adding more complexity than value, fall back to direct REST plus webhook implementation.
diff --git a/plugins/zoom-developers/commands/build-zoom-rtms-app.md b/plugins/zoom-developers/commands/build-zoom-rtms-app.md
new file mode 100644
index 00000000..7e745e87
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-rtms-app.md
@@ -0,0 +1,54 @@
+---
+description: Implement a Zoom RTMS workflow for live media, transcript, or event-stream processing with the right stream lifecycle and backend handling.
+---
+
+# Build Zoom RTMS App
+
+Use this command when the repo needs Zoom RTMS for live meeting or contact-center media streams, transcript processing, or backend event-stream consumption.
+
+## Preflight
+
+1. Inspect the codebase for existing RTMS, WebSocket, bot, worker, or stream-processing code.
+2. Confirm the use case actually belongs on RTMS rather than a visible Meeting SDK bot or a post-meeting retrieval workflow.
+3. Identify the stream source: meeting media, transcript stream, contact-center voice stream, or another documented RTMS surface.
+4. Confirm the owning backend runtime, downstream pipeline, and required credentials without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the RTMS source surface and the downstream processing goal
+- list the files that will be created or edited
+- state the auth path, stream lifecycle responsibilities, and output artifacts
+- state how the first working RTMS path will be verified
+
+## Commands
+
+1. Add or correct the RTMS connection lifecycle: connect, validate, subscribe, heartbeat, reconnect, and shutdown.
+2. Keep the implementation in the backend or worker layer that owns stream processing, not in an unrelated UI surface.
+3. Add the minimum parsing and buffering needed for the requested media or transcript type.
+4. Wire the stream output into the existing processing pipeline, queue, or storage layer using repo-native patterns.
+5. Keep RTMS-specific concerns separate from visible participant-bot logic unless the workflow explicitly needs both.
+6. Avoid claiming live stream support works until the connection lifecycle and payload handling path are both checked.
+
+## Verification
+
+1. Re-read the stream connection code, auth handling, and downstream processing code that changed.
+2. Run local build or tests where available.
+3. Verify the connection lifecycle and payload handling path are coherent for the intended media type.
+4. State any remaining blocker such as missing account prerequisites, stream authorization, network reachability, or downstream decoder work.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom RTMS workflow
+- Status: success | partial | failed
+- Details: source surface, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the RTMS path against a real stream source in a controlled environment.
+- Add richer downstream AI, analytics, or storage steps only after the base stream loop works.
+- If the workflow actually needs a visible participant or meeting controls, compare against `/build-zoom-bot` or Meeting SDK before expanding scope.
diff --git a/plugins/zoom-developers/commands/build-zoom-scribe-app.md b/plugins/zoom-developers/commands/build-zoom-scribe-app.md
new file mode 100644
index 00000000..afb6a51e
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-scribe-app.md
@@ -0,0 +1,54 @@
+---
+description: Implement a Zoom Scribe transcription pipeline for uploaded or stored media with the right processing mode and callback flow.
+---
+
+# Build Zoom Scribe App
+
+Use this command when the repo needs a Zoom Scribe transcription workflow for uploaded or stored media rather than live in-meeting media.
+
+## Preflight
+
+1. Inspect the codebase for existing ingestion, storage, queueing, webhook, or transcript-processing code.
+2. Confirm the media source, expected latency, language requirements, and whether fast mode or batch mode fits the workflow.
+3. Identify the runtime that will own Build-platform credentials, request submission, and callback or polling behavior.
+4. Check for required credentials, storage paths, and callback endpoints without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the media source and chosen Scribe processing mode
+- list the files that will be changed
+- state the auth path, ingestion path, and transcript output destination
+- state how the first transcription flow will be verified
+
+## Commands
+
+1. Add or correct the transcription request path in the backend or worker layer.
+2. Keep Build-platform auth handling separate from transcript business logic.
+3. Add the minimum ingest, submit, parse, and persist flow required for a working transcription pipeline.
+4. If batch mode is used, wire the callback or job-status path explicitly.
+5. Reuse existing queueing, storage, and observability patterns where possible.
+6. Avoid presenting live meeting media workflows as Scribe if the use case really belongs on RTMS or a bot pipeline.
+
+## Verification
+
+1. Re-read the auth handling, submission path, and transcript parsing code after changes.
+2. Run local build or tests where available.
+3. Verify the chosen processing mode and transcript output path are coherent.
+4. State any remaining blocker such as credential audience, media format, callback path, or size constraints.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Scribe transcription workflow
+- Status: success | partial | failed
+- Details: processing mode, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the pipeline with one real media file in a controlled environment.
+- Add retries, batching, or downstream AI processing only after the base path works.
+- If the workflow needs live media instead of stored files, switch to `/build-zoom-rtms-app` or `/build-zoom-bot`.
diff --git a/plugins/zoom-developers/commands/build-zoom-team-chat-app.md b/plugins/zoom-developers/commands/build-zoom-team-chat-app.md
new file mode 100644
index 00000000..94ddd719
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-team-chat-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Team Chat integration or chatbot flow with the right auth, eventing, and message handling.
+---
+
+# Build Zoom Team Chat App
+
+Use this command when the repo should send, receive, or automate Zoom Team Chat messages, cards, commands, or chatbot interactions.
+
+## Preflight
+
+1. Inspect the codebase for existing chat app routes, OAuth handling, webhook handlers, and message templates.
+2. Identify whether the workflow is user-scoped messaging, chatbot behavior, slash-command handling, or notifications.
+3. Confirm the runtime that will own incoming events and outgoing message calls.
+4. Check for the required auth and event configuration without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the Team Chat workflow being implemented
+- list the files that will be changed
+- state the auth path, inbound event path, and outbound message path
+- state how the message flow will be verified
+
+## Commands
+
+1. Add or correct Team Chat auth, event handlers, and outbound message logic.
+2. Keep the implementation aligned with the repo’s existing event and route patterns.
+3. Add the minimum message formatting or card logic required for a useful first pass.
+4. Keep secrets and user tokens out of output and logs.
+5. Separate chat event handling from unrelated webhook logic where possible.
+
+## Verification
+
+1. Re-read the event handlers, auth code, and message formatting logic that changed.
+2. Run local build or tests where available.
+3. Verify the inbound and outbound message path shape.
+4. State any remaining blocker such as missing app configuration, event subscription, or scope gap.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Team Chat workflow
+- Status: success | partial | failed
+- Details: files changed, auth path, event path, verification run
+```
+
+## Next Steps
+
+- Send one real message flow through the app.
+- Add richer cards or commands only after the base message path works.
+- If webhook delivery fails, run `/debug-zoom-webhook`.
diff --git a/plugins/zoom-developers/commands/build-zoom-ui-toolkit-app.md b/plugins/zoom-developers/commands/build-zoom-ui-toolkit-app.md
new file mode 100644
index 00000000..68a3ad78
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-ui-toolkit-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Video SDK UI Toolkit integration for a prebuilt web session UI with the right auth, mount strategy, and session lifecycle.
+---
+
+# Build Zoom UI Toolkit App
+
+Use this command when the repo needs a prebuilt web UI for a Zoom Video SDK session instead of a fully custom video interface.
+
+## Preflight
+
+1. Inspect the codebase for existing Video SDK usage, web frontend structure, server-side token generation, and session UI shells.
+2. Confirm the requirement is a prebuilt Video SDK UI and not a real Zoom meeting flow.
+3. Identify the host framework and where the UI Toolkit should mount.
+4. Check whether the required Video SDK session auth path exists without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the target web framework and session UX goal
+- list the files that will be changed
+- state the auth path, mount strategy, and session lifecycle responsibilities
+- state how the UI Toolkit flow will be verified
+
+## Commands
+
+1. Add or correct the UI Toolkit integration in the appropriate web UI layer.
+2. Wire the minimum server-side signature or auth path required for a working session join.
+3. Keep custom UI work limited unless the user explicitly needs it beyond the toolkit surface.
+4. Configure permissions, session join and leave behavior, and any required media settings.
+5. Avoid mixing Meeting SDK assumptions into a Video SDK UI Toolkit integration.
+
+## Verification
+
+1. Re-read the UI mount code, Video SDK auth path, and session join flow after changes.
+2. Run the relevant local build or tests where available.
+3. Verify the toolkit mount path, auth flow, and base session lifecycle.
+4. State any remaining blocker such as browser restrictions, token generation gaps, or unsupported environment requirements.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom UI Toolkit integration
+- Status: success | partial | failed
+- Details: files changed, auth path, mount strategy, verification run
+```
+
+## Next Steps
+
+- Test the session in the target browser environment.
+- If deeper layout control is required, switch to `/build-zoom-video-sdk-app`.
+- If auth is incomplete, fix the token path before expanding UI work.
diff --git a/plugins/zoom-developers/commands/build-zoom-video-sdk-app.md b/plugins/zoom-developers/commands/build-zoom-video-sdk-app.md
new file mode 100644
index 00000000..b7273a98
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-video-sdk-app.md
@@ -0,0 +1,53 @@
+---
+description: Implement a custom Zoom Video SDK session workflow with the right auth, session lifecycle, and verification path.
+---
+
+# Build Zoom Video SDK App
+
+Use this command when the repo needs a custom video experience rather than an actual Zoom meeting UI.
+
+## Preflight
+
+1. Inspect the codebase for existing video session code, frontend stack, backend support, and auth helpers.
+2. Confirm the use case is a custom session workflow and not a standard Zoom meeting flow.
+3. Identify the target platform and expected media features.
+4. Check whether the required server-side auth or session token path already exists without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the target platform and custom session goal
+- list the files that will be changed
+- state the auth path, session lifecycle responsibilities, and media features in scope
+- state how the implementation will be verified locally
+
+## Commands
+
+1. Add or correct Video SDK initialization, session join flow, auth handling, and lifecycle management.
+2. Keep the implementation aligned with the platform’s existing architecture.
+3. Limit the first pass to the minimum working session path unless the user explicitly asks for broader UI or media controls.
+4. Add or update the supporting server code needed to mint the correct auth material.
+5. Avoid mixing Meeting SDK assumptions into Video SDK code.
+
+## Verification
+
+1. Re-read the client and server files that changed.
+2. Run the relevant local build or tests.
+3. Verify the session auth shape and the basic connect flow.
+4. State any remaining blocker such as missing credentials, unsupported environment, or unresolved media prerequisites.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Video SDK workflow
+- Status: success | partial | failed
+- Details: platform, files changed, auth path, verification run
+```
+
+## Next Steps
+
+- Test the session with real participants or a controlled local environment.
+- Add advanced media features only after the base session path works.
+- If the requirement is actually to join real Zoom meetings, switch to `/build-zoom-meeting-app`.
diff --git a/plugins/zoom-developers/commands/build-zoom-virtual-agent.md b/plugins/zoom-developers/commands/build-zoom-virtual-agent.md
new file mode 100644
index 00000000..b2286ed5
--- /dev/null
+++ b/plugins/zoom-developers/commands/build-zoom-virtual-agent.md
@@ -0,0 +1,53 @@
+---
+description: Implement a Zoom Virtual Agent integration for web or mobile wrapper environments with the right lifecycle and event handling.
+---
+
+# Build Zoom Virtual Agent
+
+Use this command when the repo needs to embed or wrap Zoom Virtual Agent on web, Android, or iOS.
+
+## Preflight
+
+1. Inspect the codebase for existing web views, wrapper bridges, event handlers, and auth or context-passing code.
+2. Identify the target platform and Virtual Agent launch path.
+3. Confirm the lifecycle constraints for the host app and any required native bridge behavior.
+4. Check for the required configuration values without printing secrets.
+
+## Plan
+
+Before making changes:
+
+- state the target platform and Virtual Agent workflow
+- list the files that will be changed
+- state the launch path, event handling path, and host-app responsibilities
+- state how the initial integration will be verified
+
+## Commands
+
+1. Add or correct the Virtual Agent embed or wrapper code at the appropriate platform layer.
+2. Keep the implementation aligned with the host framework’s lifecycle and bridge patterns.
+3. Add the minimum launch, event, and context update logic required for a working path.
+4. Separate wrapper concerns from broader application state where possible.
+5. Avoid leaking secrets or user tokens in logs or output.
+
+## Verification
+
+1. Re-read the embed or wrapper code and any supporting bridge files that changed.
+2. Run local build or tests where available.
+3. Verify the launch and message or event path shape.
+4. State any remaining blocker such as missing platform config, unsupported host behavior, or app setup gaps.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom Virtual Agent workflow
+- Status: success | partial | failed
+- Details: platform, files changed, launch path, verification run
+```
+
+## Next Steps
+
+- Test the embedded agent in the intended runtime.
+- Add deeper host-app integration only after the base launch path works.
+- If wrapper lifecycle handling is unstable, narrow the integration before expanding scope.
diff --git a/plugins/zoom-developers/commands/debug-zoom-auth.md b/plugins/zoom-developers/commands/debug-zoom-auth.md
new file mode 100644
index 00000000..9672f3a7
--- /dev/null
+++ b/plugins/zoom-developers/commands/debug-zoom-auth.md
@@ -0,0 +1,53 @@
+---
+description: Isolate and fix Zoom authentication failures across OAuth, SDK signatures, and token refresh paths.
+---
+
+# Debug Zoom Auth
+
+Use this command when a Zoom login flow, token exchange, or signature flow is failing and you need a concrete failure diagnosis.
+
+## Preflight
+
+1. Capture the exact failing symptom: error text, failing endpoint, affected surface, and whether the failure happens at authorize, callback, token exchange, refresh, or SDK join time.
+2. Inspect the repository for the auth implementation, env var usage, callback handling, and token lifecycle code.
+3. Identify the auth model in use: user-level OAuth, server-to-server or service auth where applicable, or SDK signature and token flows.
+4. Confirm the presence of required config values without printing secrets.
+5. If the issue report lacks the concrete error, ask for it before making speculative auth changes.
+
+## Plan
+
+Before changing anything:
+
+- name the most likely failing layer
+- list the evidence that will be checked
+- list the files and commands involved
+- state whether the workflow is read-only diagnosis or fix plus verification
+
+## Commands
+
+1. Inspect env and source usage for mismatched client IDs, redirect URIs, scope lists, token endpoints, or signature inputs.
+2. For OAuth failures, verify exact redirect URI matching, token exchange parameters, and refresh-token rotation behavior.
+3. For SDK auth failures, verify the expected server-side signature or token generation path for the specific SDK.
+4. If the failure is caused by client capability mismatch, say that directly instead of pretending it is a token bug.
+6. Apply only the minimum correction required to fix the identified layer.
+
+## Verification
+
+1. Re-run the failing path or reconstruct the exact auth request shape.
+2. Confirm the corrected file, env var name, redirect URI, or server URL now matches the intended configuration.
+3. If the failure persists, tighten the diagnosis to the next concrete layer rather than broadening scope.
+4. State whether the issue is fixed, partially fixed, or blocked by missing credentials or external platform behavior.
+
+## Summary
+
+```text
+## Result
+- Action: diagnosed or fixed a Zoom auth failure
+- Status: success | partial | failed
+- Details: failing layer, evidence checked, fix applied, remaining blocker
+```
+
+## Next Steps
+
+- Re-run the failing flow with the corrected auth path.
+- If the issue is webhook-related after auth succeeds, run `/debug-zoom-webhook`.
diff --git a/plugins/zoom-developers/commands/debug-zoom-webhook.md b/plugins/zoom-developers/commands/debug-zoom-webhook.md
new file mode 100644
index 00000000..36c10018
--- /dev/null
+++ b/plugins/zoom-developers/commands/debug-zoom-webhook.md
@@ -0,0 +1,55 @@
+---
+description: Diagnose Zoom webhook issues across endpoint validation, signature verification, event delivery, retries, and handler logic.
+---
+
+# Debug Zoom Webhook
+
+Use this command when Zoom webhook events are not arriving, signature validation is failing, endpoint validation is broken, or handlers are processing the wrong payload shape.
+
+## Preflight
+
+1. Inspect the repo for webhook routes, signature verification code, event subscriptions, and deployment endpoint configuration.
+2. Capture the failing symptom: no events, validation failure, signature mismatch, retries, or handler-side processing error.
+3. Confirm the public callback URL, webhook secret env var name, and raw body handling path without printing secrets.
+4. Check whether the implementation uses the exact raw request body for signature verification.
+5. If the repo has no webhook endpoint yet, say that before attempting webhook debugging.
+
+## Plan
+
+Before changing anything:
+
+- identify whether the likely fault is registration, validation, signature verification, transport, or business logic
+- list the files and logs that will be checked
+- state whether a replay or local reproduction will be used
+
+## Commands
+
+1. Inspect endpoint registration and subscribed event names.
+2. Verify the endpoint validation flow is implemented for the expected Zoom webhook handshake.
+3. Verify signature checking uses the raw request body, correct timestamp handling, and the right secret source.
+4. Inspect handler parsing and downstream logic separately from signature verification.
+5. Reproduce the failing request path with a safe replay or fixture when possible.
+6. Apply the minimum fix needed to the failing layer instead of rewriting the entire webhook stack.
+
+## Verification
+
+1. Re-read the webhook route and verification helper after changes.
+2. Confirm the endpoint validation path now returns the expected response shape.
+3. Confirm the signature verification code operates on the raw body and correct headers.
+4. If logs or replay are available, verify the handler reaches application logic successfully.
+5. If delivery still fails, state whether the remaining blocker is registration, public reachability, or Zoom-side configuration.
+
+## Summary
+
+```text
+## Result
+- Action: diagnosed or fixed a Zoom webhook issue
+- Status: success | partial | failed
+- Details: failing layer, files checked, fix applied, remaining blocker
+```
+
+## Next Steps
+
+- Send one real or replayed event through the endpoint.
+- Add regression coverage for signature verification and endpoint validation if missing.
+- If the root cause is auth or app setup, run `/debug-zoom-auth` or `/setup-zoom-oauth` next.
diff --git a/plugins/zoom-developers/commands/debug-zoom.md b/plugins/zoom-developers/commands/debug-zoom.md
new file mode 100644
index 00000000..a8c313f4
--- /dev/null
+++ b/plugins/zoom-developers/commands/debug-zoom.md
@@ -0,0 +1,53 @@
+---
+description: Triage a broken Zoom integration when the failing layer is not yet obvious.
+---
+
+# Debug Zoom
+
+Use this command when something in a Zoom integration is broken but the failure has not yet been narrowed to auth, webhooks, SDK behavior, or RTMS.
+
+## Preflight
+
+1. Capture the exact symptom: error text, failing endpoint, platform, runtime, and whether the failure is deterministic or intermittent.
+2. Inspect the repository for the relevant Zoom integration code, env usage, event handlers, or SDK setup.
+3. Note what still works versus what fails so the broken layer can be isolated.
+4. If the report lacks the concrete error or failing path, ask for that evidence before making speculative changes.
+
+## Plan
+
+Before changing anything:
+
+- state the most likely failing layer
+- list the evidence that will be checked first
+- list the repo files or runtime paths involved
+- state whether the goal is diagnosis only or diagnosis plus a minimal fix
+
+## Commands
+
+1. Inventory the active Zoom surfaces in the failing workflow.
+2. Narrow the problem to one layer: auth, REST request construction, webhook verification, WebSocket lifecycle, SDK initialization, or RTMS stream handling.
+3. Inspect the smallest relevant code path and supporting configuration first.
+4. Apply the minimum correction needed if the failure is clear.
+5. If the layer cannot be fixed yet, produce ranked hypotheses instead of broad speculation.
+6. Route to narrower follow-up commands when appropriate, such as `/debug-zoom-auth` or `/debug-zoom-webhook`.
+
+## Verification
+
+1. Re-run or reconstruct the failing path after any fix.
+2. Confirm the diagnosis is tied to concrete repo evidence or exact runtime behavior.
+3. State whether the issue is fixed, partially fixed, or blocked by missing credentials, account setup, or external platform behavior.
+
+## Summary
+
+```text
+## Result
+- Action: triaged a broken Zoom integration
+- Status: success | partial | failed
+- Details: failing layer, evidence checked, fix applied or ranked hypotheses
+```
+
+## Next Steps
+
+- Use the narrower debug or setup command for the confirmed failing layer.
+- If the architecture itself is wrong, run `/plan-zoom-product` or `/plan-zoom-integration`.
+- If the repo is healthy but the client integration path is wrong, switch to the matching build command.
diff --git a/plugins/zoom-developers/commands/plan-zoom-integration.md b/plugins/zoom-developers/commands/plan-zoom-integration.md
new file mode 100644
index 00000000..840a358f
--- /dev/null
+++ b/plugins/zoom-developers/commands/plan-zoom-integration.md
@@ -0,0 +1,53 @@
+---
+description: Turn a Zoom product idea into a practical build plan with auth, architecture, milestones, and risk calls.
+---
+
+# Plan Zoom Integration
+
+Use this command when the right Zoom surface is mostly clear and the next step is a concrete delivery plan.
+
+## Preflight
+
+1. Inspect the repository for current Zoom code, deployment shape, env templates, auth paths, and event or media handling.
+2. Capture the target user flow, success criteria, and the concrete business outcome.
+3. Identify the owning Zoom surface or surfaces and any external systems the integration must connect to.
+4. Note hard constraints early: platform, OAuth app type, webhook reachability, SDK environment limits, or marketplace review assumptions.
+
+## Plan
+
+Before producing the build plan:
+
+- state the Zoom surfaces in scope
+- state the expected auth and event model
+- state the major implementation phases
+- state whether the plan is greenfield, retrofit, or repair on top of an existing integration
+
+## Commands
+
+1. Inventory the current repo and identify which parts can be reused versus what must be added.
+2. Define the integration architecture: frontend, backend, auth owner, event flow, and any live media components.
+3. Define the required Zoom app type, scopes, callback paths, and token lifecycle expectations.
+4. Break the implementation into phases: smallest working path first, then reliability, observability, and polish.
+5. Call out the highest-risk dependencies early instead of burying them under tasks.
+6. End with the smallest deliverable that proves the architecture works.
+
+## Verification
+
+1. Confirm the plan includes architecture, auth, scopes, implementation phases, and top risks.
+2. Verify the proposed sequence matches the repo’s current state and the user’s goal.
+3. Distinguish confirmed repo facts from assumptions or unresolved questions.
+
+## Summary
+
+```text
+## Result
+- Action: produced a Zoom integration build plan
+- Status: success | partial | failed
+- Details: architecture, auth model, phases, risks, first milestone
+```
+
+## Next Steps
+
+- Run the most relevant build or setup command for phase one.
+- If the owning surface is still unclear, run `/plan-zoom-product`.
+- If the repo already fails in one layer, run `/debug-zoom` before implementing further.
diff --git a/plugins/zoom-developers/commands/plan-zoom-product.md b/plugins/zoom-developers/commands/plan-zoom-product.md
new file mode 100644
index 00000000..1769fd8a
--- /dev/null
+++ b/plugins/zoom-developers/commands/plan-zoom-product.md
@@ -0,0 +1,52 @@
+---
+description: Choose the right Zoom product surface for a use case and explain the tradeoffs clearly.
+---
+
+# Plan Zoom Product
+
+Use this command when the repo or product idea needs the right Zoom surface selected before implementation begins.
+
+## Preflight
+
+1. Inspect the repository for any existing Zoom integration code, SDK packages, API routes, or webhooks.
+2. Capture the user goal in concrete terms: automation, embedded meetings, custom video, in-client app behavior, event delivery, live media, or AI tooling.
+3. Identify hard constraints that affect product choice: target platform, required UX, hosting model, latency, account model, and whether the app runs inside or outside Zoom.
+4. If the repo already uses one Zoom surface, note it before recommending a different one.
+
+## Plan
+
+Before recommending anything:
+
+- list the candidate Zoom surfaces that fit the problem
+- state the primary decision criteria
+- state whether the output is read-only guidance or includes follow-on implementation
+- state which path will be recommended unless the repo evidence contradicts it
+
+## Commands
+
+1. Inventory existing Zoom-related code with `rg` over known Zoom SDK names, API clients, and webhook handlers.
+2. Classify the problem into the smallest correct Zoom surface: REST API, Webhooks, WebSockets, Meeting SDK, Video SDK, Zoom Apps SDK, RTMS, Phone, Contact Center, Virtual Agent, or a hybrid.
+3. Recommend one primary surface and only the minimum supporting pieces required.
+4. Explain why adjacent alternatives are worse for this exact case.
+5. Keep the answer tied to the current repo and delivery goal rather than giving a generic product catalog.
+
+## Verification
+
+1. Confirm the recommendation matches the user’s actual product goal and the repo’s current shape.
+2. Call out any missing evidence or assumptions that could change the decision.
+3. Verify the recommendation includes the owning auth model and any mandatory supporting components.
+
+## Summary
+
+```text
+## Result
+- Action: selected the right Zoom product surface
+- Status: success | partial | failed
+- Details: recommended surface, supporting pieces, tradeoffs, assumptions
+```
+
+## Next Steps
+
+- If the surface is chosen, run the matching build or setup command next.
+- If the product still spans multiple Zoom surfaces, run `/plan-zoom-integration`.
+- If the decision depends on missing constraints, gather those before implementing.
diff --git a/plugins/zoom-developers/commands/setup-zoom-oauth.md b/plugins/zoom-developers/commands/setup-zoom-oauth.md
new file mode 100644
index 00000000..1aaf7537
--- /dev/null
+++ b/plugins/zoom-developers/commands/setup-zoom-oauth.md
@@ -0,0 +1,55 @@
+---
+description: Inspect the repository and set up the correct Zoom OAuth path with the right app type, scopes, redirect handling, and token lifecycle.
+---
+
+# Setup Zoom OAuth
+
+Use this command when the goal is to wire or correct a Zoom OAuth flow in application code, deployment config, or local development.
+
+## Preflight
+
+1. Inspect the repository for existing Zoom auth code, env templates, callback routes, and token storage patterns.
+2. Identify the Zoom product surface involved: REST API, Meeting SDK, Video SDK, Team Chat, Phone, or Contact Center.
+3. Confirm the expected app model and grant path from the current implementation or user intent.
+4. Check for required values without printing secrets: client ID, redirect URI, scope list, callback handler, and token persistence location.
+5. If the repo does not make the integration goal clear, ask one direct question before editing auth code.
+
+## Plan
+
+Before making changes:
+
+- state which Zoom OAuth model will be implemented
+- list the files that will be inspected or edited
+- list the env vars and redirect URIs involved
+- flag whether refresh-token handling or server-side token exchange must be added
+
+## Commands
+
+1. Search for existing Zoom auth usage with `rg` over `ZOOM_`, `oauth`, `redirect_uri`, `client_id`, and known Zoom endpoints.
+2. Standardize the authorize and token exchange path for the chosen app model.
+3. Add or correct env var names, callback routing, scope configuration, and token exchange code.
+4. Treat refresh tokens as single-use values when implementing refresh logic.
+5. Keep secrets out of the output and avoid logging access or refresh tokens.
+6. If the user only asked for setup guidance, limit the change to the minimum required configuration and notes.
+
+## Verification
+
+1. Re-read the auth files and env templates that were changed.
+2. Verify the redirect URI string matches exactly across code and configuration.
+3. Verify the scope set is coherent for the Zoom surface in use.
+4. If safe test credentials already exist, validate the auth URL shape and callback handling path without exposing secrets.
+5. Call out any missing secret, callback endpoint, or deployment configuration that still blocks completion.
+
+## Summary
+
+```text
+## Result
+- Action: set up or corrected the Zoom OAuth path
+- Status: success | partial | failed
+- Details: app model, files changed, env vars used, scopes reviewed
+```
+
+## Next Steps
+
+- Run the login flow once end to end and confirm the callback is reached.
+- Test token refresh if the integration uses long-lived sessions.
diff --git a/plugins/zoom-developers/commands/setup-zoom-webhooks.md b/plugins/zoom-developers/commands/setup-zoom-webhooks.md
new file mode 100644
index 00000000..73a73fa3
--- /dev/null
+++ b/plugins/zoom-developers/commands/setup-zoom-webhooks.md
@@ -0,0 +1,54 @@
+---
+description: Implement or correct a Zoom webhook receiver with endpoint validation, signature verification, and reliable delivery handling.
+---
+
+# Setup Zoom Webhooks
+
+Use this command when the integration receives Zoom events over HTTP and needs a correct webhook receiver path.
+
+## Preflight
+
+1. Inspect the repository for existing webhook routes, signature verification helpers, queueing, and downstream event handlers.
+2. Identify the event types and the Zoom app or account scope that owns the subscription.
+3. Confirm the public endpoint shape, validation requirements, and webhook secret env var names without printing secrets.
+4. If the repo actually needs low-latency persistent delivery instead of HTTP callbacks, say so before proceeding and compare against WebSockets.
+
+## Plan
+
+Before making changes:
+
+- state the event types and endpoint path being implemented
+- list the files that will be changed
+- state the validation, signature, and retry-handling approach
+- state how the webhook flow will be verified
+
+## Commands
+
+1. Add or correct the webhook receiver route at the appropriate backend layer.
+2. Implement endpoint validation and signature verification before business logic.
+3. Keep handlers idempotent and preserve delivery metadata needed for replay protection or debugging.
+4. Separate ingestion from slow downstream work when reliability matters.
+5. Reuse existing logging, queue, and secret-management patterns where possible.
+6. Avoid claiming the webhook path works until validation and signature handling are both checked.
+
+## Verification
+
+1. Re-read the webhook route, validation logic, and signature helper after changes.
+2. Run local build or tests where available.
+3. Verify the endpoint validation path and the signed-event path independently.
+4. State any remaining blocker such as public reachability, missing app configuration, or subscription settings.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom webhook receiver
+- Status: success | partial | failed
+- Details: route, event types, signature path, verification run
+```
+
+## Next Steps
+
+- Send or replay one real event through the receiver.
+- If delivery reaches the route but fails later, run `/debug-zoom-webhook`.
+- If auth or app setup is missing, run `/setup-zoom-oauth`.
diff --git a/plugins/zoom-developers/commands/setup-zoom-websockets.md b/plugins/zoom-developers/commands/setup-zoom-websockets.md
new file mode 100644
index 00000000..7cccc3ac
--- /dev/null
+++ b/plugins/zoom-developers/commands/setup-zoom-websockets.md
@@ -0,0 +1,54 @@
+---
+description: Implement or correct a Zoom WebSocket event stream with connection lifecycle, auth handling, and reconnect behavior.
+---
+
+# Setup Zoom WebSockets
+
+Use this command when the integration needs persistent Zoom event delivery instead of standard webhook callbacks.
+
+## Preflight
+
+1. Inspect the repository for existing WebSocket clients, event consumers, connection-state handling, and auth configuration.
+2. Confirm WebSockets are justified by latency, delivery model, firewall constraints, or connection semantics.
+3. Identify the event types and app configuration required for the stream.
+4. Confirm the owning backend or service that will manage connect, heartbeat, reconnect, and shutdown behavior.
+
+## Plan
+
+Before making changes:
+
+- state the WebSocket event stream being implemented
+- list the files that will be changed
+- state the auth path and connection lifecycle responsibilities
+- state how the connection path will be verified
+
+## Commands
+
+1. Add or correct the WebSocket connection setup at the appropriate service layer.
+2. Implement authentication, heartbeat, reconnect, backoff, and shutdown handling explicitly.
+3. Normalize streamed events into the repo’s existing internal event contract where possible.
+4. Add observability for connection state, reconnects, and dropped or delayed events.
+5. Keep the first pass focused on one working event stream before layering in broader orchestration.
+6. Avoid claiming the stream works until the connection lifecycle and event handling path are both checked.
+
+## Verification
+
+1. Re-read the connection manager, auth code, and event handler logic after changes.
+2. Run local build or tests where available.
+3. Verify the connect path, reconnect strategy, and event normalization path.
+4. State any remaining blocker such as app subscription setup, token path, or network constraints.
+
+## Summary
+
+```text
+## Result
+- Action: implemented or updated a Zoom WebSocket event stream
+- Status: success | partial | failed
+- Details: connection path, auth model, event handling, verification run
+```
+
+## Next Steps
+
+- Test the stream against real events in a controlled environment.
+- If the connection path is healthy but event handling fails, narrow the downstream layer next.
+- If HTTP callbacks would be simpler and sufficient, switch to `/setup-zoom-webhooks`.
diff --git a/plugins/zoom-developers/commands/zoom-integration-doctor.md b/plugins/zoom-developers/commands/zoom-integration-doctor.md
new file mode 100644
index 00000000..93bf2043
--- /dev/null
+++ b/plugins/zoom-developers/commands/zoom-integration-doctor.md
@@ -0,0 +1,53 @@
+---
+description: Run a read-first audit of a Zoom integration and report the most important architecture, auth, eventing, and SDK risks.
+---
+
+# Zoom Integration Doctor
+
+Use this command for a broad diagnostic pass when a repo already contains Zoom integration code and you want a prioritized assessment before making changes.
+
+## Preflight
+
+1. Inventory the repository for Zoom-related files, env vars, SDK packages, and webhook routes.
+2. Identify which Zoom surfaces are in play: REST API, Meeting SDK, Video SDK, Webhooks, WebSockets, Phone, or Contact Center.
+3. Confirm whether the user wants a read-only audit or is also authorizing fixes in the same pass.
+4. Check for dirty working tree and call it out if changes could complicate attribution.
+
+## Plan
+
+Before doing the audit:
+
+- list the surfaces that will be reviewed
+- state whether the audit is read-only or includes fixes
+- state the ranking criteria: correctness, auth safety, architectural fit, and maintainability
+
+## Commands
+
+1. Inventory the active Zoom surfaces and determine whether the product choice matches the use case.
+2. Review auth handling for app model, scopes, secret storage, redirect handling, and token lifecycle.
+3. Review eventing for webhook signature handling, retries, or WebSocket suitability.
+4. Review SDK usage for version drift, wrong surface choice, or incorrect server-side dependencies.
+5. Review integration boundaries for unnecessary coupling, unclear ownership, and avoidable auth complexity.
+6. Report findings ordered by severity. Do not bury the top risks under implementation detail.
+7. Only make code changes if the user explicitly wants fixes applied in the same run.
+
+## Verification
+
+1. Confirm every reported finding points to concrete file or config evidence.
+2. If fixes were applied, re-read the edited files and summarize the before or after state.
+3. Distinguish confirmed issues from assumptions or missing evidence.
+
+## Summary
+
+```text
+## Result
+- Action: completed a Zoom integration audit
+- Status: success | partial | failed
+- Details: surfaces reviewed, top risks, fixes applied if any
+```
+
+## Next Steps
+
+- Apply the highest-severity fixes first.
+- Use the narrower setup or debug commands for the affected layer.
+- Re-run the doctor after major auth or eventing changes to confirm the risk list shrank.
diff --git a/plugins/zoom-developers/skills/build-zoom-bot/SKILL.md b/plugins/zoom-developers/skills/build-zoom-bot/SKILL.md
new file mode 100644
index 00000000..241ca616
--- /dev/null
+++ b/plugins/zoom-developers/skills/build-zoom-bot/SKILL.md
@@ -0,0 +1,37 @@
+---
+name: build-zoom-bot
+description: Use when building bots.
+---
+
+# /build-zoom-bot
+
+Use this skill for automation that joins meetings, captures media, or reacts to live session data.
+
+## Covers
+
+- Bot architecture
+- Meeting join strategy
+- Real-time media and transcript handling
+- Backend orchestration
+- Storage, post-processing, and event flow design
+
+## Workflow
+
+1. Clarify whether the bot needs to join, observe, transcribe, summarize, or act.
+2. Route to Meeting SDK and RTMS as the core implementation path.
+3. Add REST API for meeting/resource management and Webhooks for asynchronous events when needed.
+4. Call out environment and lifecycle constraints early.
+
+## Primary References
+
+- [meeting-sdk](../meeting-sdk/SKILL.md)
+- [rtms](../rtms/SKILL.md)
+- [scribe](../scribe/SKILL.md)
+- [rest-api](../rest-api/SKILL.md)
+- [webhooks](../webhooks/SKILL.md)
+
+## Common Mistakes
+
+- Treating batch transcription and live media as the same workflow
+- Designing the bot before defining join authority and auth model
+- Forgetting post-meeting storage and retry behavior
diff --git a/plugins/zoom-developers/skills/build-zoom-meeting-app/SKILL.md b/plugins/zoom-developers/skills/build-zoom-meeting-app/SKILL.md
new file mode 100644
index 00000000..6d3d4482
--- /dev/null
+++ b/plugins/zoom-developers/skills/build-zoom-meeting-app/SKILL.md
@@ -0,0 +1,38 @@
+---
+name: build-zoom-meeting-app
+description: Use when embedding meetings.
+---
+
+# /build-zoom-meeting-app
+
+Use this skill for embedded meeting experiences and meeting lifecycle implementation.
+
+## Covers
+
+- Meeting SDK selection and platform routing
+- Join/auth implementation planning
+- Meeting creation plus join flow design
+- Web vs native platform considerations
+- Meeting SDK vs Video SDK boundary decisions
+
+## Workflow
+
+1. Confirm whether the user wants a Zoom meeting or a custom video session.
+2. Route to Meeting SDK if the user needs actual Zoom meetings.
+3. Pull in the relevant platform references.
+4. Add REST API only for meeting creation, resource management, or reporting.
+5. Add webhooks or RTMS only when the use case explicitly needs them.
+
+## Primary References
+
+- [meeting-sdk](../meeting-sdk/SKILL.md)
+- [rest-api](../rest-api/SKILL.md)
+- [webhooks](../webhooks/SKILL.md)
+- [rtms](../rtms/SKILL.md)
+- [video-sdk](../video-sdk/SKILL.md)
+
+## Common Mistakes
+
+- Using Video SDK for normal Zoom meeting embeds
+- Mixing resource-management APIs into the core join flow without reason
+- Skipping platform-specific SDK constraints until too late
diff --git a/plugins/zoom-developers/skills/choose-zoom-approach/SKILL.md b/plugins/zoom-developers/skills/choose-zoom-approach/SKILL.md
new file mode 100644
index 00000000..ed886d06
--- /dev/null
+++ b/plugins/zoom-developers/skills/choose-zoom-approach/SKILL.md
@@ -0,0 +1,34 @@
+---
+name: choose-zoom-approach
+description: Use when choosing architecture.
+---
+
+# Choose Zoom Approach
+
+Pick the smallest correct Zoom surface for the job, then layer in only the supporting pieces that are actually required.
+
+## Decision Framework
+
+| Problem Type | Primary Zoom Surface |
+|---|---|
+| Deterministic backend automation, account management, reporting, scheduled jobs | [rest-api](../rest-api/SKILL.md) |
+| Event delivery to your backend | [webhooks](../webhooks/SKILL.md) or [websockets](../websockets/SKILL.md) |
+| Embed Zoom meetings into your app | [meeting-sdk](../meeting-sdk/SKILL.md) |
+| Build a fully custom video experience | [video-sdk](../video-sdk/SKILL.md) |
+| Build inside the Zoom client | [zoom-apps-sdk](../zoom-apps-sdk/SKILL.md) |
+| Real-time media extraction or meeting bots | [rtms](../rtms/SKILL.md) plus [meeting-sdk](../meeting-sdk/SKILL.md) when needed |
+| Phone workflows | [phone](../phone/SKILL.md) |
+| Contact Center or Virtual Agent flows | [contact-center](../contact-center/SKILL.md) or [virtual-agent](../virtual-agent/SKILL.md) |
+
+## Guardrails
+
+- Do not recommend Video SDK when the user actually needs Zoom meeting semantics.
+- Do not recommend Meeting SDK when the user needs a fully custom session product.
+- Keep deterministic backend automation in REST APIs and event-driven code.
+
+## What To Produce
+
+- One recommended path
+- Minimum supporting components
+- Hard constraints and tradeoffs
+- Immediate next implementation step
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/RUNBOOK.md b/plugins/zoom-developers/skills/cobrowse-sdk/RUNBOOK.md
new file mode 100644
index 00000000..64f43878
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/RUNBOOK.md
@@ -0,0 +1,79 @@
+# Cobrowse 5-Minute Preflight Runbook
+
+Use this before deep debugging. It catches the most common Cobrowse failures quickly.
+
+## Skill Doc Standard Note
+
+- Agent-skill standard entrypoint is `SKILL.md`.
+- This runbook is an operational convention (recommended), not a required skill file.
+- `SKILL.md` is also a navigation convention for larger skill docs.
+
+## 1) Confirm Two-Role Model
+
+- Customer role (`role_type=1`) starts session.
+- Agent role (`role_type=2`) joins session.
+
+If your demo only has one generic role, expect broken join behavior.
+
+## 2) Confirm PIN Source of Truth
+
+- Use customer SDK event `pincode_updated` as the only user-facing PIN.
+- Agent must join with that same PIN.
+- Do not show provisional/debug PIN values from backend records.
+
+Common symptom if wrong: `Pincode is not found` / error `30308`.
+
+## 3) Confirm JWT Claims
+
+- Sign JWT on backend only.
+- Include required claim names exactly (for example `user_id`, not custom aliases).
+- Use SDK Key for SDK token context; keep SDK Secret server-side.
+
+If claim names are wrong, token is rejected before session logic.
+
+## 4) Confirm Session Order
+
+Recommended sequence:
+1. Customer gets customer JWT and starts session.
+2. PIN is generated on customer side (`pincode_updated`).
+3. Agent gets agent JWT and joins with that PIN.
+
+Starting agent flow before customer session is active often causes join failures.
+
+## 5) Confirm Distribution Pattern
+
+- CDN path: customer SDK + Zoom-hosted agent desk iframe.
+- npm path: custom integration (BYOP mode required for custom PIN control).
+
+If using npm agent integration without BYOP expectations, flow mismatches happen.
+
+## 6) Confirm Browser and Security Constraints
+
+- HTTPS required (except loopback/local dev).
+- CSP/CORS must allow Zoom domains.
+- Third-party cookie/privacy settings can affect reconnect behavior.
+
+Do not treat extension/adblock warnings as root cause until API/session checks fail.
+
+## 7) Quick Checks (Backend + UI)
+
+- Backend config endpoint returns expected credential flags.
+- Customer page shows a single Support PIN from SDK event.
+- Agent page join uses same Support PIN and returns actionable response (not generic 404).
+
+### Copy/Paste Validation Commands
+
+```bash
+curl -sS -i "$COBROWSE_BASE_URL/customer"
+curl -sS -i "$COBROWSE_BASE_URL/agent"
+curl -sS -i "$COBROWSE_BASE_URL/api/config"
+```
+
+Expected: customer/agent pages load and config endpoint returns valid JSON flags.
+
+## 8) Fast Decision Tree
+
+- **Invalid token** -> check JWT claim names and signing secret.
+- **Agent cannot find PIN** -> wrong PIN source or wrong session order.
+- **Session drops on refresh** -> check reconnection window and browser privacy/cookies.
+- **Works locally, fails prod** -> check HTTPS, CSP/CORS, reverse proxy pathing.
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/SKILL.md b/plugins/zoom-developers/skills/cobrowse-sdk/SKILL.md
new file mode 100644
index 00000000..71b853de
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/SKILL.md
@@ -0,0 +1,26 @@
+---
+name: zoom-cobrowse-sdk
+description: Use when using Cobrowse.
+---
+
+# Zoom Cobrowse SDK
+
+Use this skill after the support workflow is clearly a browser co-browsing experience. If the user is still choosing between Zoom Contact Center, Virtual Agent, Video SDK, or Cobrowse, route through `start` or `plan-zoom-product` first.
+
+## Workflow
+
+1. Confirm the role model: customer page, agent console, session initiation, and how the PIN or link is handed off.
+2. Check auth and session setup before UI work: tokens, allowed origins, environment variables, and SDK loading.
+3. Design privacy controls early: masking rules, blocked elements, remote-assist permission boundaries, and audit requirements.
+4. Implement the minimal lifecycle first: initialize, start or join, subscribe to events, reconnect, and end.
+5. Add advanced capabilities only after the base session is stable: annotations, multi-tab persistence, custom PINs, and remote assist.
+6. When debugging, isolate browser support, CORS/CSP, token generation, third-party cookie behavior, and SDK event errors.
+
+## References
+
+- Full preserved guide: [references/full-guide.md](references/full-guide.md)
+- API reference: [references/api-reference.md](references/api-reference.md)
+- Session lifecycle: [concepts/session-lifecycle.md](concepts/session-lifecycle.md)
+- Privacy masking: [examples/privacy-masking.md](examples/privacy-masking.md)
+- Remote assist: [examples/remote-assist.md](examples/remote-assist.md)
+- Common issues: [troubleshooting/common-issues.md](troubleshooting/common-issues.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/concepts/distribution-methods.md b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/distribution-methods.md
new file mode 100644
index 00000000..91d0f71d
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/distribution-methods.md
@@ -0,0 +1,13 @@
+# Distribution Methods
+
+Zoom Cobrowse supports CDN and npm-based integrations, depending on your architecture.
+
+Choose based on:
+
+- how much UI control you need,
+- whether you host your own agent experience,
+- your deployment and CSP constraints.
+
+See:
+- [Get Started](../get-started.md)
+- [Features (official)](../references/features-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/concepts/jwt-authentication.md b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/jwt-authentication.md
new file mode 100644
index 00000000..2f08ecf4
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/jwt-authentication.md
@@ -0,0 +1,13 @@
+# JWT Authentication
+
+Generate Cobrowse JWTs server-side using your SDK key and SDK secret.
+
+Guidelines:
+
+- Never expose SDK secret client-side.
+- Issue short-lived tokens.
+- Generate different tokens for customer and agent roles.
+
+See:
+- [Authorization (official)](../references/authorization-official.md)
+- [Get Started](../references/get-started-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/concepts/session-lifecycle.md b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/session-lifecycle.md
new file mode 100644
index 00000000..f6198435
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/session-lifecycle.md
@@ -0,0 +1,13 @@
+# Session Lifecycle
+
+Typical flow:
+
+1. Initialize SDK on customer and agent pages.
+2. Generate role-specific JWT tokens.
+3. Customer starts a session and receives a PIN.
+4. Agent joins using the PIN.
+5. Session events track connected/disconnected/end states.
+
+See:
+- [Get Started](../get-started.md)
+- [Features (official)](../references/features-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/concepts/two-roles-pattern.md b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/two-roles-pattern.md
new file mode 100644
index 00000000..06920522
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/concepts/two-roles-pattern.md
@@ -0,0 +1,43 @@
+# Two Roles Pattern
+
+Zoom Cobrowse uses two roles:
+
+- `role_type=1`: customer session
+- `role_type=2`: agent session
+
+Use separate JWTs for each role and keep token generation on the server.
+
+## What Is Usually Created
+
+In most real implementations, you create these objects in order:
+
+1. **Customer session record** (server-side)
+ - `session_id`
+ - generated PIN
+ - status (`active`/`revoked`)
+ - expiry timestamp
+2. **Customer token** (`role_type=1`)
+ - used by customer browser SDK to start/share session
+3. **Agent token** (`role_type=2`)
+ - created after PIN validation
+ - used to load agent desk iframe or custom agent UI
+
+## PIN Source of Truth
+
+In practice, the PIN you should hand to agents is the value emitted by customer SDK event:
+
+- `session.on("pincode_updated", ...)`
+
+Do not rely on placeholder/provisional PIN values from pre-start backend records for user-facing flows.
+Always show one clearly labeled PIN in UI (for example, "Support PIN") and reuse that same value in agent links.
+
+## Recommended Endpoint Split
+
+- `POST /api/customer/start` -> create session + customer token + PIN
+- `POST /api/agent/connect` -> validate PIN + issue agent token
+- `POST /api/session/revoke` -> end session
+- `GET /api/session/list` -> operational visibility
+
+See:
+- [Get Started](../get-started.md)
+- [Authorization (official)](../references/authorization-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/agent-integration.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/agent-integration.md
new file mode 100644
index 00000000..afb2fb0b
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/agent-integration.md
@@ -0,0 +1,7 @@
+# Agent Integration
+
+Agent integration joins an active customer session by PIN using an agent-role token.
+
+See:
+- [Get Started](../get-started.md)
+- [Authorization (official)](../references/authorization-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/annotations.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/annotations.md
new file mode 100644
index 00000000..b2906b83
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/annotations.md
@@ -0,0 +1,7 @@
+# Annotation Tools
+
+Enable annotation settings during SDK initialization to allow drawing and highlighting.
+
+See:
+- [Features (official)](../references/features-official.md)
+- [API (official)](../references/api-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/auto-reconnection.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/auto-reconnection.md
new file mode 100644
index 00000000..c59153f3
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/auto-reconnection.md
@@ -0,0 +1,7 @@
+# Auto-Reconnection
+
+Implement reconnection handlers for transient network interruptions and refresh scenarios.
+
+See:
+- [Get Started](../get-started.md)
+- [Features (official)](../references/features-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/byop-custom-pin.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/byop-custom-pin.md
new file mode 100644
index 00000000..0e80dbbd
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/byop-custom-pin.md
@@ -0,0 +1,7 @@
+# BYOP Custom PIN
+
+Bring Your Own PIN mode lets you control PIN generation/format in your own application flow.
+
+See:
+- [Authorization (official)](../references/authorization-official.md)
+- [Get Started](../get-started.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/customer-integration.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/customer-integration.md
new file mode 100644
index 00000000..3d9156fb
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/customer-integration.md
@@ -0,0 +1,7 @@
+# Customer Integration
+
+Customer-side integration should initialize the SDK, fetch a server-generated token, then start a session.
+
+See:
+- [Get Started](../get-started.md)
+- [API (official)](../references/api-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/multi-tab-persistence.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/multi-tab-persistence.md
new file mode 100644
index 00000000..6f80e376
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/multi-tab-persistence.md
@@ -0,0 +1,7 @@
+# Multi-Tab Persistence
+
+Cobrowse sessions can continue across tabs when configured correctly and browser constraints are met.
+
+See:
+- [Features (official)](../references/features-official.md)
+- [Get Started](../get-started.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/privacy-masking.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/privacy-masking.md
new file mode 100644
index 00000000..58c16b15
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/privacy-masking.md
@@ -0,0 +1,7 @@
+# Privacy Masking
+
+Configure masking selectors for sensitive customer fields so agents cannot view protected values.
+
+See:
+- [Features (official)](../references/features-official.md)
+- [Get Started](../get-started.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/remote-assist.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/remote-assist.md
new file mode 100644
index 00000000..631055ea
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/remote-assist.md
@@ -0,0 +1,7 @@
+# Remote Assist
+
+Remote assist allows approved agent interactions (for example, scrolling) during active sessions.
+
+See:
+- [Features (official)](../references/features-official.md)
+- [API (official)](../references/api-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/examples/session-events.md b/plugins/zoom-developers/skills/cobrowse-sdk/examples/session-events.md
new file mode 100644
index 00000000..c1d1f453
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/examples/session-events.md
@@ -0,0 +1,7 @@
+# Session Events
+
+Use SDK session events to track lifecycle transitions and update your UI accordingly.
+
+See:
+- [API (official)](../references/api-official.md)
+- [Features (official)](../references/features-official.md)
diff --git a/plugins/zoom-developers/skills/cobrowse-sdk/get-started.md b/plugins/zoom-developers/skills/cobrowse-sdk/get-started.md
new file mode 100644
index 00000000..66498d37
--- /dev/null
+++ b/plugins/zoom-developers/skills/cobrowse-sdk/get-started.md
@@ -0,0 +1,554 @@
+# Get Started with Zoom Cobrowse SDK
+
+Complete setup guide from credentials to your first cobrowse session.
+
+## Overview
+
+In a cobrowse session, there are **two roles**:
+
+- **Customer** (role_type=1) – Integrates the SDK into their website
+- **Agent** (role_type=2) – Uses an embedded iframe to interact with the customer
+
+This guide shows you how to set up a **customer-initiated session** (the most common pattern).
+
+## Step 1: Get SDK Credentials
+
+### Requirements
+
+1. **Zoom Workplace Account** with SDK Universal Credit
+ - See [Build platform - create or update account](https://developers.zoom.us/docs/build/account/) for details
+
+2. **Video SDK App** in Zoom Marketplace
+ - Cobrowse SDK is a **feature of Video SDK** (not a separate product)
+
+### Get Your Credentials
+
+1. Access your SDK account web portal:
+ - In your Zoom Workplace account, go to **Advanced** > **Zoom CPaaS** > **Manage**
+
+2. Click **Build App**
+
+3. Locate your **SDK credentials** in the Cobrowse tab
+
+You'll receive **4 credentials**:
+
+| Credential | Type | Purpose |
+|------------|------|---------|
+| **SDK Key** | Public | Used in CDN URL and JWT `app_key` claim |
+| **SDK Secret** | Private | Used to sign JWTs (server-side only) |
+| **API Key** | Private | REST API authentication (optional) |
+| **API Secret** | Private | REST API authentication (optional) |
+
+**Save these credentials securely** - you'll need them in the next step.
+
+## Step 2: Generate JWT Tokens
+
+Both customers and agents require JSON Web Tokens (JWTs) for authentication.
+
+### JWT Structure
+
+All JWTs have the same header:
+
+```json
+{
+ "alg": "HS256",
+ "typ": "JWT"
+}
+```
+
+The payload differs by role:
+
+**Customer JWT payload** (role_type=1):
+```json
+{
+ "user_id": "user1_customer",
+ "app_key": "YOUR_SDK_KEY",
+ "role_type": 1,
+ "user_name": "customer",
+ "exp": 1723103759,
+ "iat": 1723102859
+}
+```
+
+**Agent JWT payload** (role_type=2):
+```json
+{
+ "user_id": "user2_agent",
+ "app_key": "YOUR_SDK_KEY",
+ "role_type": 2,
+ "user_name": "agent",
+ "exp": 1723103759,
+ "iat": 1723102859
+}
+```
+
+### JWT Payload Fields
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `app_key` | Yes | Your Zoom SDK Key (not API Key) |
+| `role_type` | Yes | User role: `1` = customer, `2` = agent |
+| `iat` | Yes | Token issue timestamp (epoch) |
+| `exp` | Yes | Token expiration timestamp (epoch). Min: 30 minutes, Max: 48 hours |
+| `user_id` | Yes | Uniquely identifiable user ID |
+| `user_name` | Yes | User name (max 80 characters) |
+| `enable_byop` | Optional | Enable Bring Your Own PIN: `1` = yes, `0` or omit = no |
+
+### Sign the JWT
+
+Sign the JWT with your SDK Secret (not API Secret):
+
+```javascript
+HMACSHA256(
+ base64UrlEncode(header) + '.' + base64UrlEncode(payload),
+ ZOOM_SDK_SECRET
+);
+```
+
+### Set Up a Token Server
+
+**CRITICAL**: JWT signing must happen **server-side** to protect your SDK Secret.
+
+Use the official auth endpoint sample:
+
+```bash
+# Clone the sample
+git clone https://github.com/zoom/cobrowsesdk-auth-endpoint-sample.git
+cd cobrowsesdk-auth-endpoint-sample
+
+# Install dependencies
+npm install
+
+# Create .env file
+cat > .env << EOF
+ZOOM_SDK_KEY=your_sdk_key_here
+ZOOM_SDK_SECRET=your_sdk_secret_here
+PORT=4000
+EOF
+
+# Start the server
+npm start
+```
+
+The server will run on the base URL you configure for your token service.
+
+**Token Request:**
+```javascript
+// POST https://YOUR_TOKEN_SERVICE_BASE_URL
+{
+ "role": 1, // 1 = customer, 2 = agent
+ "userId": "user123",
+ "userName": "John Doe"
+}
+
+// Response
+{
+ "token": "eyJhbGciOiJIUzI1NiIs..."
+}
+```
+
+**See also**: [JWT Authentication Concept](concepts/jwt-authentication.md)
+
+## Step 3: Integrate the Customer SDK
+
+The customer integrates the Cobrowse SDK into their website using the **CDN**.
+
+> **Critical PIN Rule**
+>
+> The PIN agents should use comes from customer SDK event `pincode_updated`.
+> Do not show or rely on provisional PIN values from backend/session placeholders.
+> In UI, display one explicit value (for example, **Support PIN**) and pass only that to agent flow.
+
+### Load the SDK
+
+Include the SDK snippet in the `` tag of your HTML page:
+
+```html
+
+```
+
+### SDK Version
+
+Set the SDK VERSION using semantic versioning:
+
+- **Fixed version**: `js/2.13.2` - Use exact version 2.13.2
+- **Latest patch**: `js/2.13.x` - Use latest `>=2.13.0 and <2.14.0`
+
+**Current version**: 2.13.2 (as of February 2026)
+
+### Initialize the SDK
+
+```javascript
+const settings = {
+ allowCustomerAnnotation: true,
+ piiMask: { maskType: 'all_input' },
+};
+
+ZoomCobrowseSDK.init(settings, function ({ success, session, error }) {
+ if (success) {
+ console.log("SDK initialized successfully");
+ // session object is now available
+ } else {
+ console.error("SDK init failed:", error);
+ }
+});
+```
+
+### Start a Session
+
+```javascript
+// Fetch JWT from your server
+const response = await fetch('https://YOUR_TOKEN_SERVICE_BASE_URL', {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({
+ role: 1,
+ userId: 'customer_' + Date.now(),
+ userName: 'Customer'
+ })
+});
+const { token } = await response.json();
+
+// Start cobrowse session
+session.start({ sdkToken: token });
+```
+
+### Complete Customer Example
+
+```html
+
+
+
+ Customer - Cobrowse Support
+
+
+
+