mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-07-14 21:26:58 -03:00
Add an opt-in allowlist so a vetted external developer who already has a plugin live in this marketplace — but cannot use the submission form (e.g. an enterprise partner without a Claude account) — can open a reviewable PR instead of having it auto-closed. - .github/external-contributors.json: username -> allowed_sources map (doubles as the allowlist and the per-author source scope). - close-external-prs.yml: skip the auto-close for allowlisted authors (reads the list from the trusted base checkout). Grants ONLY the right to open a PR; CI + maintainer approval are unchanged. - external-pr-scope-guard.yml: required check for allowlisted external authors. Fails unless the PR touches ONLY marketplace.json and the delta is additions-only, with every added entry's source.url under that author's allowed_sources. Anthropic members are unrestricted. Reads head marketplace.json as data via the API (no untrusted checkout). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
35 lines
1.6 KiB
JSON
35 lines
1.6 KiB
JSON
{
|
|
"$comment": [
|
|
"Allowlist of external (non-Anthropic) developers permitted to open pull requests",
|
|
"against this repository. Used by .github/workflows/close-external-prs.yml (to skip",
|
|
"the auto-close) and .github/workflows/external-pr-scope-guard.yml (to constrain what",
|
|
"an allowlisted external author may change).",
|
|
"",
|
|
"Being on this list grants ONLY the right to OPEN a reviewable PR. It does NOT grant",
|
|
"merge rights: all CI still runs and an Anthropic maintainer approval is still required",
|
|
"by branch protection before merge.",
|
|
"",
|
|
"Criterion for inclusion: a developer who already has at least one plugin live in this",
|
|
"marketplace and cannot use the submission form (https://clau.de/plugin-directory-submission),",
|
|
"e.g. an enterprise partner without a Claude account. Add an entry via a normal reviewed PR.",
|
|
"",
|
|
"allowed_sources: the scope guard requires every plugin entry this author ADDS to point",
|
|
"at a source.url under one of these prefixes (match is a case-insensitive prefix on the",
|
|
"normalized https URL, with any leading https:// and trailing .git removed). Keep it as",
|
|
"tight as the author's actual repos."
|
|
],
|
|
"contributors": [
|
|
{
|
|
"github_username": "flovogt",
|
|
"name": "Florian Vogt",
|
|
"affiliation": "SAP SE",
|
|
"allowed_sources": [
|
|
"github.com/UI5/",
|
|
"github.com/SAP/",
|
|
"github.com/SAP-samples/"
|
|
],
|
|
"note": "SAP UI5 org. Live plugins from github.com/UI5/plugins-coding-agents: ui5, ui5-typescript-conversion, ui5-modernization. SAP cannot currently use the submission form (no Claude account)."
|
|
}
|
|
]
|
|
}
|