fix: harden plugin feature gating (#15104)

Resubmit https://github.com/openai/codex/pull/15020 with correct content. 1. Use requirement-resolved config.features as the plugin gate. 2. Guard plugin/list, plugin/read, and related flows behind that gate. 3. Skip bad marketplace.json files instead of failing the whole list. 4. Simplify plugin state and caching.
2026-04-25 07:05:38 +00:00 · 2026-03-18 17:03:37 -07:00
parent 56d0c6bf67
commit dcd5e08269
13 changed files with 337 additions and 108 deletions
--- a/codex-rs/app-server/tests/suite/v2/plugin_read.rs
+++ b/codex-rs/app-server/tests/suite/v2/plugin_read.rs
@@ -232,6 +232,7 @@ async fn plugin_read_accepts_legacy_string_default_prompt() -> Result<()> {
  }
 }"##,
    )?;
+    write_plugins_enabled_config(&codex_home)?;

    let mut mcp = McpProcess::new(codex_home.path()).await?;
    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
@@ -285,6 +286,7 @@ async fn plugin_read_returns_invalid_request_when_plugin_is_missing() -> Result<
  ]
 }"#,
    )?;
+    write_plugins_enabled_config(&codex_home)?;

    let mut mcp = McpProcess::new(codex_home.path()).await?;
    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
@@ -336,6 +338,7 @@ async fn plugin_read_returns_invalid_request_when_plugin_manifest_is_missing() -
  ]
 }"#,
    )?;
+    write_plugins_enabled_config(&codex_home)?;

    let mut mcp = McpProcess::new(codex_home.path()).await?;
    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
@@ -382,3 +385,13 @@ fn write_installed_plugin(
    )?;
    Ok(())
 }
+
+fn write_plugins_enabled_config(codex_home: &TempDir) -> Result<()> {
+    std::fs::write(
+        codex_home.path().join("config.toml"),
+        r#"[features]
+plugins = true
+"#,
+    )?;
+    Ok(())
+}