xl-openai

This commit introduces **significant enhancements to the curated plugin startup synchronization process**, improving both resource management and observability. It implements **robust cleanup mechanisms** to prevent the accumulation of stale temporary directories, ensuring that `plugins-clone-*` directories are properly managed and removed, even after failed sync attempts. Additionally, this **new feature** integrates **OpenTelemetry metrics** into the `plugins` subsystem, providing detailed counters for startup sync transport attempts and their final outcomes across both Git and HTTP paths. This work enhances the reliability of plugin synchronization and offers critical operational insights into its performance and success rates.

Cleanup no-in-use plugins for now. (#122)

This commit **enhances** the `plugin-creator` skill by **adding support for home-local plugins** and **refining marketplace policy handling**. It **updates documentation** in `SKILL.md` and `plugin-json-spec.md` to clarify home-local plugin creation, marketplace workflows, and relative path conventions for home-rooted marketplaces. Furthermore, the `create_basic_plugin.py` script's help messages are **updated** to guide users on these new capabilities. These changes improve the overall flexibility and clarity of plugin development within the system.

This commit provides a **bug fix** for the **Slack plugin** by updating icon configurations across multiple **Slack skills**. Specifically, it **changes the icon format from SVG to PNG** and adjusts `icon_small` paths to be relative within the `openai.yaml` agent definitions for skills like `slack-channel-summarization`, `slack-daily-digest`, and `slack-reply-drafting`. This **maintenance** ensures that Slack skill icons display correctly, addressing current system limitations that require PNG format and per-skill icon maintenance. The changes impact the visual representation of these Slack-related functionalities within the application.

This commit provides **maintenance fixes** for the **Canva** and **Slack plugins**, addressing issues with default prompts and an icon reference. It **updates the default prompt** for the **Canva plugin** to include 'campaign' and for the **Slack plugin** to include 'updates', enhancing their semantic accuracy. Additionally, the large icon reference for the **Slack OpenAI agent** was corrected from a PNG to an SVG format, ensuring proper visual display. These changes improve the overall user experience by refining prompt suggestions and resolving icon rendering issues.

This commit introduces a **new capability** to report errors encountered during the loading of plugin marketplaces. It extends the **`codex-rs/core` plugin management system** to capture `MarketplaceListError` instances and wraps marketplace listing outcomes in new structs like `MarketplaceListOutcome`. The **`PluginListResponse` protocol** in `codex-rs/app-server-protocol` is updated to include a `marketplaceLoadErrors` field, which the `codex-rs/app-server` populates when handling plugin list requests. This allows client applications to receive and display specific details about marketplace loading failures, significantly improving **diagnosability and user feedback** regarding plugin availability.

This commit introduces a **new capability** to **disable skills by name**, specifically addressing the challenge of managing **plugin skills** whose installation paths may change across versions. It updates the **`app-server-protocol` schemas** to support name-based skill selection and an `enabled` status, alongside modifications to the **`app-server` logic** for processing these new configuration writes. The **`core` module** is significantly enhanced with new configuration structures, a dedicated `skills/config_rules` module for processing disabling rules, and updates to the plugin and skill managers to leverage this new mechanism. This **feature addition** provides a more robust and user-friendly way to control skill availability, ensuring consistent disabling even with dynamic plugin paths. Extensive tests have been added across the `app-server` and `core` components to validate this functionality.

This commit introduces a **schema update** to the **marketplace configuration** by adding an empty `products` array to the `policy` object in `.agents/plugins/marketplace.json`. This **preparatory change** is specifically for **testing purposes**, establishing the necessary structure within the **booking policy definition** to support future product-specific policy rules. It modifies the configuration's data model, laying the groundwork for upcoming features that will leverage this new field. The immediate impact is minimal, as the array is empty, but it anticipates expanded functionality for policy management.

This commit introduces a **new capability** for the **curated plugin synchronization** mechanism within the `codex-rs/core/src/plugins` subsystem. It implements a robust strategy that **prefers Git clone** for fetching curated plugins, falling back to an **HTTP zipball download** if Git is unavailable or fails, thereby improving reliability and efficiency. This change centralizes all synchronization logic into `startup_sync.rs` and includes a **concurrency fix** by adding a mutex to `PluginsManager` to prevent simultaneous sync operations. The update ensures more stable and efficient plugin updates for users.

This commit introduces a **new capability** for **one-time startup remote plugin synchronization**, significantly enhancing the **initial user experience** by automatically enabling plugins. The **`codex-rs/app-server`** now initiates this process via `maybe_start_plugin_startup_tasks_for_latest_config`, which is managed by a new `startup_sync` module within **`codex-rs/core/src/plugins`**. This ensures that essential plugins are added during the application's first launch or specific setup conditions, utilizing an `additive_only` sync mode in `sync_plugins_from_remote` and marker files to guarantee it runs only once. This feature streamlines onboarding by providing a more complete initial application state for new users. New tests in `plugin_list.rs` and `manager_tests.rs` validate this behavior.

This commit introduces a **bug fix** and **refactoring** to the **plugin management and marketplace resolution logic** within `codex-rs/core/src/plugins`. It **correctly distinguishes between missing and explicitly empty product lists** when determining plugin eligibility, where a missing list now implies **all products are allowed**, while an explicitly empty list (`[]`) means **no products are allowed**. This change, affecting functions like `restriction_product_matches` and `resolve_marketplace_plugin`, ensures **accurate plugin installation and listing behavior** by preventing plugins from being incorrectly allowed or disallowed based on their product restrictions. Comprehensive **test updates** are included to validate this refined behavior across the plugin system.

This commit introduces a **new capability** to expose whether a plugin requires authentication, primarily for improved UI rendering. It adds a `needs_auth` boolean field to the `AppSummary` across various **protocol schemas** (JSON, TypeScript, and Rust `v2::AppSummary` struct) and related responses like `PluginInstallResponse` and `PluginReadResponse`. The **app-server logic** in `plugin_app_helpers.rs` is updated to correctly determine and set this flag based on accessible connectors. This enhancement allows the **UI to properly render plugin information**, improving the user experience by indicating authentication requirements upfront for **plugin management**.

This commit introduces a **new capability** to support **product-scoped plugins and skills** by extending the `SessionSource` enum with a `Custom(String)` variant and adding a `--session-source` CLI argument. It updates the **application server protocol** to recognize this new session source and modifies the **core plugin and skill managers** to enforce product-based restrictions. This ensures that plugins and skills are dynamically filtered based on the active session's product, preventing incompatible features from being loaded or installed. The same filtering logic is also applied to curated background refresh processes, enhancing control over available functionalities across different product contexts.

This commit **hardens the plugin feature gating mechanism** by leveraging the `config.features` for precise control over plugin operations. It introduces a **bug fix** to the **plugin marketplace listing**, allowing it to gracefully skip invalid `marketplace.json` files instead of failing entirely. Furthermore, it involves a significant **refactoring** of the **plugin manager** (`plugins/manager`) to simplify state and caching, ensuring that `plugin/list` and `plugin/read` flows are properly guarded. This improves the overall robustness and configurability of the **plugin and skill loading subsystems**, affecting how the application server interacts with these components.

This commit **reverts** a previous change that aimed to harden plugin feature gating by introducing 'custom' session source types. It **undoes the addition of product restriction logic and session source-based filtering** across the `codex-rs` **app server, core logic, and protocol definitions** (TypeScript and Python). This rollback impacts **plugin and skill management, session handling, and filtering logic**, effectively removing the infrastructure for differentiating plugin/skill availability by custom session origin. The `session_source` parameter is now hardcoded to `SessionSource::VSCode` in app server initialization, simplifying the system by removing this dynamic configuration.

This commit **hardens plugin and skill feature gating** by introducing and leveraging a **`SessionSource`** concept, including a new `Custom` variant, to control feature availability. It ensures that **plugin and skill listing, reading, and synchronization** are strictly filtered based on product restrictions derived from the current session's source. This **bug fix and enhancement** involves significant **protocol schema updates** across `app-server-protocol`, modifications to the **plugin manager and skill filtering logic** in `codex-rs/core`, and the addition of a `--session-source` CLI argument. The changes improve the **security and correctness** of plugin and skill exposure, while also making the system more robust by gracefully skipping malformed `marketplace.json` files.

This commit introduces **product-aware policies** for both **marketplace plugins** and **skills**, enabling fine-grained control over their availability based on specific product types via a new `Product` enum. It significantly **refactors** the **plugin management** subsystem by moving marketplace installation and authentication logic under a new `MarketplacePluginPolicy` structure, enhancing modularity and clarity. Additionally, **plugin manifest handling** is improved by renaming types like `RawPluginManifest` to explicitly distinguish between raw serialization formats and resolved in-memory models, which simplifies parsing and increases maintainability. This change impacts how plugins and skills are loaded, listed, and installed, laying the groundwork for more sophisticated product-specific feature gating.

This commit performs **maintenance** by **removing unused remote skill endpoints and their associated data models** from the project. Specifically, it **removes unused remote skill-related data models and request/response classes** from the **generated Python SDK** (`sdk/python/src/codex_app_server/generated/v2_all.py`), ensuring the client aligns with the current protocol schema. Concurrently, the **core Rust remote skill handling** (`codex-rs/core/src/skills/remote.rs`) undergoes an internal **refactoring**, localizing type definitions for `RemoteSkillScope` and `RemoteSkillProductSurface` within functions like `list_remote_skills` and `export_remote_skill`. This cleanup streamlines the codebase by eliminating dead code and deprecated API surface that is no longer in use.

This commit **refactors** the **plugin marketplace entry data model** to align with existing interface conventions, specifically by nesting the `displayName` field within a new `MarketplaceInterface` structure and enforcing `camelCase`. This change impacts the **`app-server-protocol` schemas** (JSON, TypeScript, and Rust definitions), the **`app-server`'s message processing logic**, and the **`core` plugin management components** responsible for loading and summarizing marketplace data. The **fix** ensures a consistent and standardized representation for plugin display information across the system, requiring updates to both data structures and the application logic that interacts with them.

This commit introduces a **new capability** to the **plugin management system**, enabling **remote synchronization** for `plugin/install` and `plugin/uninstall` operations. A new `forceRemoteSync` parameter has been added to the `PluginInstallParams` and `PluginUninstallParams` within the **`app-server-protocol`**, allowing these actions to first update the remote plugin status before applying local changes. This ensures greater consistency between the local application and the remote backend regarding plugin states, with new logic in **`core/src/plugins`** and a dedicated `remote.rs` module handling the backend interactions. This enhancement significantly improves the reliability of **plugin lifecycle management** by making local changes conditional on successful remote updates.