Revert "fix: harden plugin feature gating"#15102
Conversation
This reverts commit 580f32a.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c5281d1f5a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| plugins: marketplace | ||
| .plugins | ||
| .into_iter() | ||
| .filter(|plugin| { | ||
| session_source.matches_product_restriction(&plugin.policy.products) | ||
| }) | ||
| .map(|plugin| PluginSummary { | ||
| id: plugin.id, |
There was a problem hiding this comment.
plugin/list now maps every marketplace plugin into the response without checking plugin.policy.products. Because plugin/install has no separate product gate, Codex sessions can discover and install plugins marked for other products (e.g. ChatGPT/Atlas-only), violating marketplace policy and exposing unsupported integrations.
Useful? React with 👍 / 👎.
| let skills_outcome = Arc::new( | ||
| self.services | ||
| .skills_manager | ||
| .skills_for_config(&per_turn_config), | ||
| &session_configuration.session_source, | ||
| )); | ||
| ); |
There was a problem hiding this comment.
This constructs skills_outcome directly from skills_for_config and passes it into TurnSkillsContext with no session-source filtering. Skills whose policy.products excludes the current product are now eligible for implicit injection/selection, so product-scoped skills can affect prompts in the wrong client.
Useful? React with 👍 / 👎.
2 participants
Reverts #15020
I messed up the commit in my PR and accidentally merged changes that were still under review.