OpenAI Codex Launches Plugin Marketplace for Agents
OpenAI ships a plugin marketplace for Codex CLI v0.117.0, bundling skills, app integrations, and MCP server configs behind an enterprise governance layer.
6 min read
OpenAI shipped Codex CLI v0.117.0 on March 27, 2026 with a plugin marketplace built in. For a tool that now has 1.6 million weekly active users, it's a meaningful infrastructure shift: Codex can now be extended with packaged integrations for Slack, Notion, Figma, Gmail, and Google Drive without any custom scripting.
The launch is narrow by design. Five curated plugins, all OpenAI-selected, no third-party submissions yet. What's actually interesting is the architecture underneath - and how aggressively the governance model is aimed at enterprise IT departments.
TL;DR
- Codex CLI v0.117.0 ships a plugin marketplace with five launch integrations: Slack, Notion, Figma, Gmail, Google Drive
- Plugins bundle skills (prompt workflows), app integrations, and MCP server configs into a single installable unit
- Enterprise admins control plugin availability via JSON policy files with three states: pushed, available, or blocked
- 1.6M weekly active users on Codex; token usage up 5x since GPT-5.3-Codex launched
- Third-party plugin publishing isn't open yet - that's listed as "coming soon"
Inside the Plugin System
Three Components in Every Plugin
Each plugin is an installable directory containing up to three parts. Skills are predefined prompt workflows that guide Codex's behavior - think reusable instruction sets that activate when you install a plugin. App integrations handle the OAuth and API surface for external services. MCP server configurations point Codex at remote tool endpoints via the Model Context Protocol.
You don't need all three. A plugin that only adds Codex skills has no MCP or app integration components. A plugin that only wires up a MCP server doesn't need skills. The manifest ties them together.
The required file is .codex-plugin/plugin.json. A minimal manifest looks like this:
{
"name": "my-slack-plugin",
"version": "1.0.0",
"description": "Send messages and read channels from Codex",
"author": "your-org",
"keywords": ["slack", "messaging"],
"skills": ["skills/notify.md"],
"mcpServers": {
"slack": {
"url": "https://mcp.slack.com/sse"
}
},
"apps": {
"slack": {
"authType": "oauth2"
}
}
}
Optional fields cover an interface block for display metadata - category, icons, screenshots for the directory listing.
How Installation Works
From the Codex CLI, /plugins opens the directory. Selecting a plugin calls the plugin/install endpoint, which copies the plugin to a local cache folder and registers it in config.toml. The plugin is then active across the desktop app, CLI, and IDE extensions.
A built-in @plugin-creator skill scaffolds new plugin manifests locally. You point it at an existing MCP server and it generates the boilerplate structure, which makes authoring faster even if you can't publish to the public directory yet.
The Codex plugin directory at launch, showing the five curated integrations. Third-party publishing is listed as coming soon.
Source: developers.openai.com
Enterprise Governance
This is where the story gets less like a developer tool launch and more like a pitch to platform engineering teams.
Policy Files
Administrators can control plugin availability via JSON policy files scoped to either a repo or a user's machine. Each plugin entry in a marketplace catalog carries an installation field with three states:
INSTALLED_BY_DEFAULT- pushed to every developer in the environment automaticallyAVAILABLE- visible in the directory but not pre-installedNOT_AVAILABLE- blocked completely from that environment
An authentication field controls when auth happens: ON_INSTALL (during setup) or ON_FIRST_USE (deferred until the plugin is actually invoked). For organizations rolling out Slack or Google Drive access, this matters for SSO flows and credential management timing.
Forrester analyst Charlie Dai told InfoWorld this approach "aligns AI agents with existing IT governance models rather than bypassing them." He described it as elevating Codex development "from ad hoc usage to managed infrastructure."
Three Tiers of Plugin Sources
Codex reads plugin catalogs in order: the official OpenAI-managed directory first, then a repo-scoped marketplace at $REPO_ROOT/.agents/plugins/marketplace.json, then a user-level one at ~/.agents/plugins/marketplace.json. This layered resolution means teams can maintain their own internal plugin registries without waiting for OpenAI's public directory to open.
The repo-scoped marketplace is the practical path right now for organizations that want to distribute internal tools - a Python package manager for AI agent behaviors, basically.
The MCP Connection
The Figma integration that OpenAI announced March 17 as a standalone partnership is now also available as a packaged Codex plugin. That's the clearest example of how MCP servers and the plugin system relate: MCP handles the protocol layer, plugins handle the packaging and distribution layer.
What OpenAI is doing is making MCP server configurations manageable at scale. Instead of asking each developer to manually configure remote tool endpoints in their Codex setup, a plugin bundles the server URL, authentication details, and associated skills into one installable unit. Governance policies then control which of those bundles are allowed in a given environment.
The MCP standard itself stays open - the same Figma and Slack MCP servers work with Claude Code and other clients. OpenAI isn't forking the protocol. It's building a management layer on top.
Codex CLI with a plugin active, showing tool calls being routed through the MCP layer.
Source: developers.openai.com
Requirements and Compatibility
| Surface | Plugin Support | Notes |
|---|---|---|
| Codex desktop app (macOS) | Full | Directory UI built-in |
| Codex desktop app (Windows) | Full | Available since Windows launch |
| Codex CLI | Full | /plugins command |
| VS Code extension | Full | Shares config with CLI |
| Other IDE extensions | Full | Same config.toml |
| ChatGPT web | No | Plugin system is Codex-specific |
| API (pay-as-you-go) | CLI/SDK only | No cloud feature access |
The plugin system requires Codex CLI v0.117.0 or later. Older CLI versions can't install plugins from the directory. No separate SDK update is needed for IDE extension users - extensions pull the same plugin configs.
Where It Falls Short
The launch is real, but the gaps are also real.
Five apps is a thin directory. GitHub Copilot Extensions has dozens. Cursor ships with 30+ integrations. OpenAI's argument is that behavioral standardization and governance matter more than raw count at enterprise scale - which is plausible, but doesn't help a developer who needs a tool that isn't in the curated five.
Third-party publishing is conspicuously absent at launch. "Coming soon" could mean next month or next year. Until the marketplace opens to external developers, teams are stuck either waiting for OpenAI to add their tool or maintaining private internal registries. That's extra operational overhead that competing products don't require.
The security boundary for local marketplace sources is explicitly called out as limited in the implementation PR. The note in the codebase says local marketplace.json is "trusted local config" and not a strong security boundary. For teams with strict supply chain controls, that's worth understanding before deploying.
No revenue sharing model has been disclosed for eventual third-party plugin developers. If OpenAI is building a platform here, the developer economics will determine whether the ecosystem grows at all.
The governance tooling is genuinely well-designed for enterprise buyers. The three-tier catalog resolution, the policy states, and the per-environment controls give IT teams real levers. Whether that's enough to pull enterprise Codex deployments forward depends on how quickly the directory fills out and when self-serve publishing actually ships.
Sources: The Decoder - InfoWorld - OpenAI Developers - Plugins docs - OpenAI Developers - Codex Changelog - Unite.AI
