Feature request: age-gate plugin marketplace upgrades

Summary

Codex plugin marketplaces can be upgraded, but there does not appear to be a way to delay adoption of very recent plugin or marketplace revisions.

Please add an optional minimum-age policy for plugin marketplace upgrades, similar in spirit to npm's min-release-age or mise's minimum_release_age.

Why

Plugins can expose tools, skills, MCP servers, and hooks. A cooldown window would let users keep marketplace upgrades enabled while avoiding the first few hours or days after a new revision is published.

This would help reduce exposure to freshly introduced regressions or compromised updates without requiring users to pin everything permanently.

Requested behavior

Support a configurable policy, for example:

[plugins.update_policy]
minimum_release_age = "3d"

or marketplace-level:

[marketplaces.openai-curated.update_policy]
minimum_revision_age = "3d"

When set:

• codex plugin marketplace upgrade skips revisions newer than the configured age.
• automatic marketplace upgrades apply the same policy.
• Codex reports when an update is skipped because it is too new.
• if no eligible update exists, the installed revision remains unchanged.

Notes

For git-backed marketplaces, "age" may need a clear definition. A first-seen timestamp may be safer than commit time, since commit dates can be misleading.

Pinning refs is useful, but it turns upgrades into a manual repinning workflow. This request is for automatic upgrades with a configurable waiting period.

Related:

• #16488: npm min-release-age can block @openai/codex upgrades while Codex still reports success
• #19163: package-manager hardening work
• #17425 / #17673 / #20478 / #21396: marketplace auto-upgrade and CLI marketplace upgrade flows
• #21005: marketplace upgrade staging directory cleanup issue