feat(codex): add plugin list enable disable commands

[kevinslin]

Summary

• Adds /codex plugins list to show configured Codex sub-plugins from plugins.entries.codex.config.codexPlugins.plugins.
• Adds /codex plugins enable <name> and /codex plugins disable <name> to update the enabled flag in openclaw.json.
• Keeps the command surface scoped to list, enable, and disable; unsupported subcommands report help without advertising add/remove/toggle/menu.

Verification

• node scripts/run-vitest.mjs extensions/codex/src/command-plugins-management.test.ts extensions/codex/src/commands.test.ts
• npx oxfmt --check extensions/codex/src/command-plugins-management.ts extensions/codex/src/command-plugins-management.test.ts
• node scripts/run-bundled-extension-oxlint.mjs
• git diff --check
• pnpm docs:list
• pnpm format:docs:check
• pnpm docs:check-mdx

Real behavior proof

Behavior addressed: /codex plugins list, /codex plugins enable <name>, and /codex plugins disable <name> work through the Codex command surface and mutate the configured Codex sub-plugin policy.
Real environment tested: Local linked OpenClaw worktree on macOS, branch codex/plugins-list-enable-disable, using a temporary OPENCLAW_CONFIG_PATH with a configured google-calendar Codex sub-plugin entry.
Exact steps or command run after this patch: node --import tsx --input-type=module -e '<script created temp openclaw.json, loaded real config with loadConfig(), mutated it with mutateConfigFile(), and invoked handleCodexPluginsSubcommand for list, disable google-calendar, list, enable google-calendar, list>'
Evidence after fix: Terminal output from the live config-mutation probe:

$ /codex plugins list
Codex sub-plugins in Openclaw config (~/.openclaw/openclaw.json):

  ON   google-calendar  google-calendar  [openai-curated]

New Codex conversations pick up policy changes automatically; /new or /reset to refresh the current one.
---
$ /codex plugins disable google-calendar
google-calendar: disabled in openclaw.json. New Codex conversations pick this up automatically. Use /new or /reset to refresh the current one.
---
$ /codex plugins list
Codex sub-plugins in Openclaw config (~/.openclaw/openclaw.json):

  OFF  google-calendar  google-calendar  [openai-curated]

New Codex conversations pick up policy changes automatically; /new or /reset to refresh the current one.
---
$ /codex plugins enable google-calendar
google-calendar: enabled in openclaw.json. New Codex conversations pick this up automatically. Use /new or /reset to refresh the current one.
---
$ /codex plugins list
Codex sub-plugins in Openclaw config (~/.openclaw/openclaw.json):

  ON   google-calendar  google-calendar  [openai-curated]

New Codex conversations pick up policy changes automatically; /new or /reset to refresh the current one.
---
final enabled=true

Observed result after fix: The Google Calendar Codex sub-plugin starts listed as ON, /codex plugins disable google-calendar changes the persisted policy to OFF, and /codex plugins enable google-calendar changes it back to ON with final enabled=true in the temporary openclaw.json.
What was not tested: A real Google Calendar API call was not made; this proof covers OpenClaw's Codex plugin policy command path and persisted config mutation.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch adds Codex chat subcommands to list configured native Codex plugins and enable or disable existing entries in openclaw.json, plus tests, docs, and a changelog entry.

Reproducibility: not applicable. this is a feature PR, not a bug report. The PR body includes terminal after-fix proof for list, disable, enable, and final persisted state against a temporary config.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: Focused and well-proven, with no blocking code findings found, but merge readiness depends on maintainer acceptance of the persistent config-write boundary.

Rank-up moves:

• Get explicit maintainer approval for the owner/operator.admin-gated config mutation command.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 💎 rare Cosmic Review Wisp

       /\  .---.  /\         
      /  \/     \/  \        
     /   ( -   - )   \       
    |       ._.       |      
    |   /|  ===  |\   |      
     \  \|______/|/  /       
      '._  `--'  _.'         
         '-.__.-'            
       _/|_|  |_|\_          
      /__|      |__\         
       `-----------'         
 ~===================~       

Rarity: 💎 rare.
Trait: keeps receipts.
Share on X: post this hatch
Copy: My PR egg hatched a 💎 rare Cosmic Review Wisp in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (terminal): The PR body includes terminal after-fix proof from a local linked OpenClaw worktree showing list, disable, enable, and final persisted enabled state with a temporary config.

Risk before merge
Why this matters: - Merging adds a chat-command path that persistently enables or disables configured Codex native plugins in openclaw.json; maintainers need to accept owner/operator.admin as the right authority boundary.

• The command manages only already configured entries and does not cover add/remove, OAuth repair, or non-curated marketplace lifecycle, so it should not be treated as the full Codex plugin-management surface.

Maintainer options:

1. Approve The Scoped Config Write Surface
   Merge after a maintainer explicitly accepts that owner/operator.admin chat callers may persistently toggle configured Codex native plugin policy.
2. Tighten The Authority Contract First
   Ask for a small follow-up before merge if maintainers want stronger docs, extra integration coverage, or a different authorization scope for persistent config writes.
3. Defer To Broader Plugin Lifecycle Work
   Pause or close this PR if maintainers want a broader picker/install/OAuth flow to own the final user-facing plugin-management surface.

Next step before merge
Human review should accept or reject the owner/operator.admin persistent config-mutation boundary; no narrow automated repair remains.

Security
Cleared: The diff adds a security-sensitive config mutation path, but it is owner/operator.admin-gated, escapes config-derived output, and adds no dependency, workflow, package, or secret-handling changes.

Review details

Best possible solution:

Have a maintainer decide whether to land this scoped owner/operator.admin-gated list/enable/disable surface while leaving broader install, OAuth, and marketplace lifecycle work to a separate design path.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a feature PR, not a bug report. The PR body includes terminal after-fix proof for list, disable, enable, and final persisted state against a temporary config.

Is this the best way to solve the issue?

Yes, pending maintainer approval: the patch keeps scope to configured entries, escapes config-derived output, documents refresh behavior, and gates persistent writes to owner or operator.admin callers.

Label justifications:

• P2: This is a normal-priority user-facing Codex feature with limited blast radius but a sensitive config-write boundary.
• merge-risk: 🚨 security-boundary: The PR lets authorized chat callers persistently change Codex plugin policy, so the trust boundary needs explicit maintainer acceptance.

What I checked:

• PR command implementation: The PR adds /codex plugins routing and wires a codexPluginsManagementIo dependency into the Codex command registration path. (extensions/codex/index.ts:56, 57fa8a09407b)
• Mutation boundary: The new handler gates enable/disable to owners or operator.admin and mutates only an existing configured plugin entry, enabling the global switch on enable. (extensions/codex/src/command-plugins-management.ts:55, 57fa8a09407b)
• Tests cover the command surface: The PR adds tests for list, enable/disable, non-owner rejection, operator.admin allowance, escaping config-derived output, not-configured targets, and usage errors. (extensions/codex/src/command-plugins-management.test.ts:43, 57fa8a09407b)
• Docs explain scope and refresh behavior: The docs say the commands write OpenClaw config only, require owner/operator.admin for mutation, and affect new Codex conversations or refreshed current conversations. Public docs: docs/plugins/codex-native-plugins.md. (docs/plugins/codex-native-plugins.md:104, 57fa8a09407b)
• Current config-write contract: Current main resolves omitted config-write follow-up to auto, and config writes refresh the runtime snapshot/notify listeners when a runtime snapshot is active. (src/config/runtime-snapshot.ts:13, e00cb664ad4b)
• Whitespace check: The PR diff has no git diff --check whitespace errors for the changed range. (57fa8a09407b)

Likely related people:

• steipete: Peter Steinberger authored the current Codex app-server controls feature and later Codex app-server lifecycle hardening in the same extension area. (role: feature introducer and recent area contributor; confidence: high; commits: 31a0b7bd42a5, 659bcc5e5b59; files: extensions/codex/harness.ts, extensions/codex/index.ts, extensions/codex/src/app-server/run-attempt.ts)
• vincentkoc: Vincent Koc authored recent Codex auth-profile and canonical OAuth routing work that affects app-server startup and plugin/runtime boundaries. (role: adjacent auth/runtime contributor; confidence: medium; commits: f1cc8f0cfc7c, 859eb0666282; files: extensions/codex/src/app-server/run-attempt.ts, extensions/codex/src/app-server/auth-bridge.ts)
• joshavant: Josh Avant recently changed Codex app-server run-attempt policy around Docker bind writes, adjacent to the runtime safety boundary this PR documents. (role: recent area contributor; confidence: medium; commits: 3ee03420613f; files: extensions/codex/src/app-server/run-attempt.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against e00cb664ad4b.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4bae6153ae

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".