Files
codex/codex-rs/core-plugins
T
felixxia-oai 7e0dce91df [codex] Centralize plugin auth capability filtering (#27902)
## Summary

This is the first step in making plugin auth routing consistent. The
rule should not live as one-off checks in every place that loads or
displays plugin capabilities.

This PR introduces a small resolver for the auth-level policy: given a
plugin's declared apps, MCP servers, current auth mode, and active
state, return the capabilities that are actually usable in that context.

## Why

Product rule:
- SiWC auth can use app connectors, so app declarations stay available.
- API-key/direct auth cannot use app connectors, so app declarations are
removed.
- When an active plugin has both an app and an MCP server with the same
name, the app route wins for Codex-backed auth and the conflicting MCP
server is hidden.

Putting that rule in `capabilities.rs` gives the rest of the stack one
place to ask instead of duplicating auth checks in loader, manager,
marketplace, and details code.

## Validation

- `cargo fmt`
- `cargo test -p codex-core-plugins`
7e0dce91df ยท 2026-06-16 00:13:27 +00:00
History
..