Issue Station
Sign In
Tools hereToolbox

codex - ✅(Solved) Fix Feature request: Marketplace restriction [2 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openai/codex#22507Fetched 2026-05-14 03:34:56
View on GitHub
Comments
0
Participants
1
Timeline
6
Reactions
0
Author
rwallerwalle
Participants
rwallerwalle
Timeline (top)
labeled ×4renamed ×1unlabeled ×1

PR fix notes

PR #19857: Add strict known marketplace requirements

Description (problem / solution / changelog)

Why

Enterprises need a managed way to restrict user-added plugin marketplaces to approved sources while keeping Codex's built-in catalogs available. This gives admins a source-based allowlist for marketplace installs without turning curated or backend catalogs into managed-config surface area.

What

  • add a strict_known_marketplaces managed requirement with exact matching over source_type, normalized source, ref, and sparse_paths
  • enforce the allowlist for configured user marketplaces when adding, discovering, installing from, and upgrading them
  • keep openai-curated plus backend-provided catalogs intentionally outside this requirement, and document that boundary inline
  • expose the requirement through configRequirements/read and regenerate the app-server schema/TypeScript fixtures

Verification

  • cargo test -p codex-config deserialize_strict_known_marketplaces
  • cargo test -p codex-core-plugins add_marketplace_sync_rejects_git_source_blocked_by_requirements_before_clone
  • cargo test -p codex-core install_plugin_rejects_disallowed_configured_marketplace
  • cargo test -p codex-app-server-protocol config_requirements
  • cargo test -p codex-core-plugins -p codex-hooks

Changed files

  • codex-rs/app-server-protocol/schema/json/ClientRequest.json (modified, +1/-1)
  • codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json (modified, +38/-1)
  • codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json (modified, +38/-1)
  • codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json (modified, +37/-0)
  • codex-rs/app-server-protocol/schema/json/v2/RawResponseItemCompletedNotification.json (modified, +1/-1)
  • codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json (modified, +1/-1)
  • codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceSourceType.ts (added, +5/-0)
  • codex-rs/app-server-protocol/schema/typescript/v2/StrictKnownMarketplaceRequirement.ts (added, +6/-0)
  • codex-rs/app-server-protocol/schema/typescript/v2/index.ts (modified, +2/-0)
  • codex-rs/app-server-protocol/src/protocol/v2.rs (modified, +21/-0)
  • codex-rs/app-server/README.md (modified, +1/-1)
  • codex-rs/app-server/src/codex_message_processor.rs (modified, +13/-0)
  • codex-rs/app-server/src/codex_message_processor/plugins.rs (modified, +2/-1)
  • codex-rs/app-server/src/config/external_agent_config.rs (modified, +28/-5)
  • codex-rs/app-server/src/config_api.rs (modified, +43/-0)
  • codex-rs/cli/src/marketplace_cmd.rs (modified, +12/-0)
  • codex-rs/cloud-requirements/src/lib.rs (modified, +16/-0)
  • codex-rs/config/src/config_requirements.rs (modified, +109/-0)
  • codex-rs/config/src/lib.rs (modified, +1/-0)
  • codex-rs/core-plugins/src/installed_marketplaces.rs (modified, +77/-3)
  • codex-rs/core-plugins/src/marketplace.rs (modified, +5/-0)
  • codex-rs/core-plugins/src/marketplace_add.rs (modified, +104/-10)
  • codex-rs/core/src/config/config_loader_tests.rs (modified, +3/-0)
  • codex-rs/core/src/config/config_tests.rs (modified, +2/-0)
  • codex-rs/core/src/config/mod.rs (modified, +1/-0)
  • codex-rs/core/src/plugins/discoverable_tests.rs (modified, +11/-7)
  • codex-rs/core/src/plugins/manager.rs (modified, +117/-11)
  • codex-rs/core/src/plugins/manager_tests.rs (modified, +126/-35)
  • codex-rs/core/src/tools/handlers/tool_suggest_tests.rs (modified, +10/-7)
  • codex-rs/tui/src/debug_config.rs (modified, +2/-0)

PR #21458: feat: restrict which plugin marketplaces Codex can use

Description (problem / solution / changelog)

Why

Plugin marketplace requirements need to make disallowed marketplaces inert in the core plugin manager, not merely hide them at one UI edge. Existing config, remote sync state, or cached plugin outcomes should not keep a disallowed marketplace effective after policy changes.

What changed

  • Filter configured plugins and marketplace listings by the managed allowlist.
  • Reject local plugin reads and installs from disallowed marketplaces.
  • Include marketplace requirements in the plugin cache key.
  • Skip remote curated sync when that marketplace is no longer approved.
  • Restrict configured marketplace upgrades to approved marketplaces.

Example config.toml

With the managed requirements stack applied, an approved marketplace can still appear in user config.toml like this:

[features]
plugins = true

[marketplaces.approved-marketplace]
source_type = "git"
source = "https://github.com/example/approved-marketplace.git"

There is intentionally no user-writable allowed_sources key in config.toml; skill-source restrictions are enforced only from managed requirements.

Verification

  • Added regression coverage for disallowed marketplace loading, reads, installs, and cache separation in codex-rs/core-plugins/src/manager_tests.rs.
  • Added coverage that remote curated sync is skipped when openai-curated is disallowed.

Stack

  • #21462: internal managed artifact requirement plumbing
  • #21457: managed skill enforcement --> #21458: core plugin allowlist enforcement
  • #21459: plugin entrypoint enforcement
  • #21413: managed artifact requirements activation

Changed files

  • codex-rs/app-server/src/request_processors/plugins.rs (modified, +1/-0)
  • codex-rs/core-plugins/src/loader.rs (modified, +2/-4)
  • codex-rs/core-plugins/src/manager.rs (modified, +157/-11)
  • codex-rs/core-plugins/src/manager_tests.rs (modified, +225/-0)
  • codex-rs/core-plugins/src/marketplace.rs (modified, +3/-0)
RAW_BUFFERClick to expand / collapse

What variant of Codex are you using?

CLI

What feature would you like to see?

Admin should be able to disable automatic download of "OpenAI Curated" marketplace data and set restrictions of which marketplace is allowed for Codex.

Currently, when a user uses /plugins, the "OpenAI Curated" marketplace gets automatically added without an easy way to remove it. There is no config that prevents the installation of this marketplace or determine which marketplaces are allowed.

Additional information

I saw two related PRs that provide more control in this area:

https://github.com/openai/codex/pull/19857 https://github.com/openai/codex/pull/21458

However they are closed without any explanation.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#installation#API routing#API middleware#SSR setup#ISR setup

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

codex - ✅(Solved) Fix Feature request: Marketplace restriction [2 pull requests, 1 participants]