feat: restrict which plugin marketplaces Codex can use

[viyatb-oai]

Why

Plugin marketplace requirements need to make disallowed marketplaces inert in the core plugin manager, not merely hide them at one UI edge. Existing config, remote sync state, or cached plugin outcomes should not keep a disallowed marketplace effective after policy changes.

What changed

• Filter configured plugins and marketplace listings by the managed allowlist.
• Reject local plugin reads and installs from disallowed marketplaces.
• Include marketplace requirements in the plugin cache key.
• Skip remote curated sync when that marketplace is no longer approved.
• Restrict configured marketplace upgrades to approved marketplaces.

Example config.toml

With the managed requirements stack applied, an approved marketplace can still appear in user config.toml like this:

[features]
plugins = true

[marketplaces.approved-marketplace]
source_type = "git"
source = "https://github.com/example/approved-marketplace.git"

There is intentionally no user-writable allowed_sources key in config.toml; skill-source restrictions are enforced only from managed requirements.

Verification

• Added regression coverage for disallowed marketplace loading, reads, installs, and cache separation in codex-rs/core-plugins/src/manager_tests.rs.
• Added coverage that remote curated sync is skipped when openai-curated is disallowed.

Stack

• feat: prepare managed controls for skills and marketplaces #21462: internal managed artifact requirement plumbing
• feat: restrict which skill sources Codex can load #21457: managed skill enforcement
  --> feat: restrict which plugin marketplaces Codex can use #21458: core plugin allowlist enforcement
• feat: enforce marketplace restrictions at plugin entry points #21459: plugin entrypoint enforcement
• feat: let admins configure managed skill and marketplace controls #21413: managed artifact requirements activation

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/app-server/src/request_processors/plugins.rs

Lines 896 to 897 in 8c02e63

	let result = plugins_manager
	.install_plugin(request)

Call the config-aware installer from plugin/install

The new allowlist check lives in install_plugin_for_config, but the app-server plugin/install path still calls install_plugin, which resolves and installs without consulting PluginsConfigInput. A user can pass a marketplacePath for a marketplace hidden by managed requirements and still install it, bypassing the allowlist this change is meant to enforce.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".