radar

DEEP_DIVE_STORY.LNK

howtonotcode.com // protocol_active
arrow_back_ios RETURN_TO_FEED
READ_TIME 0:37_MIN
LIVE_REDACTION
OPENAI PUB_DATE: 2026.03.28

CODEX GETS GOVERNED PLUGINS FOR ENTERPRISE-GRADE AGENT WORKFLOWS

OpenAI added a governed plugin system to Codex so teams can standardize and control agent workflows and integrations. Per [InfoWorld](https://www.infoworld.com...

Codex gets governed plugins for enterprise-grade agent workflows

OpenAI added a governed plugin system to Codex so teams can standardize and control agent workflows and integrations.

Per InfoWorld, Codex plugins are versioned bundles that can include skills, app integrations, and MCP servers, with JSON-defined marketplaces and install policies like INSTALLED_BY_DEFAULT, AVAILABLE, and NOT_AVAILABLE. This creates a policy layer for distribution and access control, though the third‑party marketplace is reportedly not open yet; background and examples live in the Codex docs.

Ars Technica says plugins are already in the Codex app with a searchable library and one‑click installs spanning tools like GitHub, Gmail, Box, Cloudflare, and Vercel, pushing Codex beyond pure coding tasks. A third‑party skill library even shipped Codex and Claude Code plugin bundles in a public GitHub release, hinting at an emerging ecosystem.

[ WHY_IT_MATTERS ]
01.

You can now gate which agent workflows and external tools are allowed, blocked, or installed by default across repos and teams.

02.

One‑click installs reduce setup drift and make it easier to roll out consistent engineering workflows.

[ WHAT_TO_TEST ]
  • terminal

    Package a common workflow as a Codex plugin bundle and enforce repo‑level policies (INSTALLED_BY_DEFAULT, AVAILABLE, NOT_AVAILABLE); verify install via CLI/IDE and auth prompts.

  • terminal

    Run an MCP‑backed plugin end‑to‑end and red‑team it with a prompt‑injection test skill; confirm logs, egress, and secrets handling behave as expected.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

  • 01.

    Start with a private marketplace JSON per monorepo; map existing scripts to skills and roll out behind NOT_AVAILABLE until security review passes.

  • 02.

    Align plugin auth with current secrets and SSO; test MCP connectors behind proxies and constrained egress.

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

  • 01.

    Publish a minimal default catalog for CI, observability, and change control as INSTALLED_BY_DEFAULT for all new services.

  • 02.

    Encode golden paths for scaffolding, migrations, and releases as versioned skills to reduce onboarding time.

arrow_back
PREVIOUS_DATA_LOG
GitHub flips Copilot training to opt-out on April 24; Copilot CLI 1.0.13 brings MCP inference approvals, rewind, and speedups
Initialize_Return_to_Core
LINK_STATUS: 127.0.0.1 (SECURE)
NEXT_DATA_LOG
OpenAI turns Responses API into an agent runtime, solidifies Sora Videos API, and ships Realtime 1.5—mind the edges
arrow_forward
SUBSCRIBE_FEED
Get the digest delivered. No spam.
Terminate_subscription anytime.