One thing to think about is a distinction between installed vs. enabled for scripts and plugins.
A good system that I have used is how debian sets things up for the apache configuration.
When you install the apache package they setup things like mods-available and mods-enabled directories:
root@b28027aa3d70:/# ls -l /etc/apache2/mods-available/|head
total 524
-rw-r--r-- 1 root root 100 Oct 24 2015 access_compat.load
-rw-r--r-- 1 root root 377 Oct 24 2015 actions.conf
-rw-r--r-- 1 root root 66 Oct 24 2015 actions.load
-rw-r--r-- 1 root root 843 Oct 24 2015 alias.conf
-rw-r--r-- 1 root root 62 Oct 24 2015 alias.load
root@b28027aa3d70:/# ls -l /etc/apache2/mods-enabled/|head
total 0
lrwxrwxrwx 1 root root 36 Jun 7 13:46 access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx 1 root root 28 Jun 7 13:46 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 Jun 7 13:46 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 Jun 7 13:46 auth_basic.load -> ../mods-available/auth_basic.load
if I install the libapache2-mod-php5 package I end up with it enabled automatically:
root@b28027aa3d70:/# ls -l /etc/apache2/mods-*/php*
-rw-r--r-- 1 root root 865 Apr 27 11:42 /etc/apache2/mods-available/php5.conf
-rw-r--r-- 1 root root 59 Apr 27 11:42 /etc/apache2/mods-available/php5.load
lrwxrwxrwx 1 root root 27 Jun 7 13:48 /etc/apache2/mods-enabled/php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root 27 Jun 7 13:48 /etc/apache2/mods-enabled/php5.load -> ../mods-available/php5.load
but then can easily disable it without uninstalling it:
root@b28027aa3d70:/# a2dismod php5
Module php5 disabled.
To activate the new configuration, you need to run:
service apache2 restart
root@b28027aa3d70:/# ls -l /etc/apache2/mods-*/php*
-rw-r--r-- 1 root root 865 Apr 27 11:42 /etc/apache2/mods-available/php5.conf
-rw-r--r-- 1 root root 59 Apr 27 11:42 /etc/apache2/mods-available/php5.load
This is just hooked up in the apache config using
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
They also do this available/enabled setup for standalone conf files and sites(vhost configs)
The nice thing about this system is that the base installation can include standard modules that are present but not enabled by default:
root@b28027aa3d70:/# ls -l /etc/apache2/mods-*/cgi.*
-rw-r--r-- 1 root root 58 Oct 24 2015 /etc/apache2/mods-available/cgi.load
root@b28027aa3d70:/# a2enmod cgi
root@b28027aa3d70:/# ls -l /etc/apache2/mods-*/cgi.*
-rw-r--r-- 1 root root 58 Oct 24 2015 /etc/apache2/mods-available/cgi.load
lrwxrwxrwx 1 root root 26 Jun 7 13:56 /etc/apache2/mods-enabled/cgi.load -> ../mods-available/cgi.load
The directory/symlink thing is just one implementation, automatically editing a special .bro file and adding/removing lines would work too.
So, the way this could work is that '$TOOL install foo' could both 'install' and 'enable' 'foo' and '$TOOL disable foo' could disable it without removing it.