fix: harden plugin feature gating (#15020)

1. Use requirement-resolved config.features as the plugin gate. 2. Guard plugin/list, plugin/read, and related flows behind that gate. 3. Skip bad marketplace.json files instead of failing the whole list. 4. Simplify plugin state and caching.
2026-04-25 15:15:15 +00:00 · 2026-03-18 10:11:43 -07:00
parent 606d85055f
commit 580f32ad2a
40 changed files with 926 additions and 52 deletions
--- a/codex-rs/app-server/tests/suite/v2/plugin_list.rs
+++ b/codex-rs/app-server/tests/suite/v2/plugin_list.rs
@@ -377,6 +377,179 @@ enabled = false
    Ok(())
 }

+#[tokio::test]
+async fn plugin_list_filters_plugins_for_custom_session_source_products() -> Result<()> {
+    let codex_home = TempDir::new()?;
+    let repo_root = TempDir::new()?;
+    std::fs::create_dir_all(repo_root.path().join(".git"))?;
+    std::fs::create_dir_all(repo_root.path().join(".agents/plugins"))?;
+    std::fs::write(
+        repo_root.path().join(".agents/plugins/marketplace.json"),
+        r#"{
+  "name": "codex-curated",
+  "plugins": [
+    {
+      "name": "all-products",
+      "source": {
+        "source": "local",
+        "path": "./all-products"
+      }
+    },
+    {
+      "name": "chatgpt-only",
+      "source": {
+        "source": "local",
+        "path": "./chatgpt-only"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL",
+        "products": ["CHATGPT"]
+      }
+    },
+    {
+      "name": "atlas-only",
+      "source": {
+        "source": "local",
+        "path": "./atlas-only"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL",
+        "products": ["ATLAS"]
+      }
+    },
+    {
+      "name": "codex-only",
+      "source": {
+        "source": "local",
+        "path": "./codex-only"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL",
+        "products": ["CODEX"]
+      }
+    }
+  ]
+}"#,
+    )?;
+
+    let mut mcp =
+        McpProcess::new_with_args(codex_home.path(), &["--session-source", "chatgpt"]).await?;
+    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
+
+    let request_id = mcp
+        .send_plugin_list_request(PluginListParams {
+            cwds: Some(vec![AbsolutePathBuf::try_from(repo_root.path())?]),
+            force_remote_sync: false,
+        })
+        .await?;
+
+    let response: JSONRPCResponse = timeout(
+        DEFAULT_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
+    )
+    .await??;
+    let response: PluginListResponse = to_response(response)?;
+
+    let marketplace = response
+        .marketplaces
+        .into_iter()
+        .find(|marketplace| marketplace.name == "codex-curated")
+        .expect("expected marketplace entry");
+
+    assert_eq!(
+        marketplace
+            .plugins
+            .into_iter()
+            .map(|plugin| plugin.name)
+            .collect::<Vec<_>>(),
+        vec!["all-products".to_string(), "chatgpt-only".to_string()]
+    );
+    Ok(())
+}
+
+#[tokio::test]
+async fn plugin_list_defaults_non_custom_session_source_to_codex_products() -> Result<()> {
+    let codex_home = TempDir::new()?;
+    let repo_root = TempDir::new()?;
+    std::fs::create_dir_all(repo_root.path().join(".git"))?;
+    std::fs::create_dir_all(repo_root.path().join(".agents/plugins"))?;
+    std::fs::write(
+        repo_root.path().join(".agents/plugins/marketplace.json"),
+        r#"{
+  "name": "codex-curated",
+  "plugins": [
+    {
+      "name": "all-products",
+      "source": {
+        "source": "local",
+        "path": "./all-products"
+      }
+    },
+    {
+      "name": "chatgpt-only",
+      "source": {
+        "source": "local",
+        "path": "./chatgpt-only"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL",
+        "products": ["CHATGPT"]
+      }
+    },
+    {
+      "name": "codex-only",
+      "source": {
+        "source": "local",
+        "path": "./codex-only"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL",
+        "products": ["CODEX"]
+      }
+    }
+  ]
+}"#,
+    )?;
+
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
+
+    let request_id = mcp
+        .send_plugin_list_request(PluginListParams {
+            cwds: Some(vec![AbsolutePathBuf::try_from(repo_root.path())?]),
+            force_remote_sync: false,
+        })
+        .await?;
+
+    let response: JSONRPCResponse = timeout(
+        DEFAULT_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
+    )
+    .await??;
+    let response: PluginListResponse = to_response(response)?;
+
+    let marketplace = response
+        .marketplaces
+        .into_iter()
+        .find(|marketplace| marketplace.name == "codex-curated")
+        .expect("expected marketplace entry");
+
+    assert_eq!(
+        marketplace
+            .plugins
+            .into_iter()
+            .map(|plugin| plugin.name)
+            .collect::<Vec<_>>(),
+        vec!["all-products".to_string(), "codex-only".to_string()]
+    );
+    Ok(())
+}
+
 #[tokio::test]
 async fn plugin_list_returns_plugin_interface_with_absolute_asset_paths() -> Result<()> {
    let codex_home = TempDir::new()?;