[codex] Retarget org plugin contributions to platform repos

[SeoFood]

Summary

• Retargets the TypeWhisper organization profile from the retired standalone plugin repository to platform-owned plugin contribution paths.
• Keeps the add-ons catalog link, but removes the typewhisper-plugins repository row.
• Directs macOS plugin contributions to TypeWhisper/typewhisper-mac and Windows plugin contributions to TypeWhisper/typewhisper-win.
• Keeps provider-neutral access policy guidance for third-party provider integrations.

Companion

• Website docs update: [codex] Retarget plugin submissions to platform repos typewhisper.com#75
• Repository retirement notice: [codex] Retire standalone plugin repository typewhisper-plugins#3

Validation

• git diff --check

Summary by CodeRabbit

• Documentation
  • Updated documentation with add-ons catalog reference.
  • Added Plugin Contributions section outlining guidelines for third-party provider integrations, including authorization requirements and prohibited practices for integrations.

[coderabbitai]

📝 Walkthrough

Walkthrough

The profile README is updated to redirect users from a generic "Plugins" catalog link to a dedicated "Add-ons" catalog, and introduces a new contribution section establishing clear rules for plugin contributions and strict compliance requirements for third-party provider integrations.

Changes

Profile README Ecosystem Documentation

Layer / File(s)	Summary
Apps Catalog Navigation profile/README.md	The Apps section table row is updated to link to the add-ons catalog instead of a generic plugins page.
Plugin Contribution Guidelines profile/README.md	A new Plugin Contributions section is added documenting contribution placement (platform-owned repos) and compliance requirements for third-party providers (authorization paths, no impersonation, no credential misuse, no unofficial OAuth, no ID copying, no hidden endpoints, no improper token refresh).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A README blooms with care,
Add-ons cataloged fair and square,
Plugin rules now crystal-clear,
Third-party trust we hold dear,
Guidelines pave the righteous way!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: retargeting plugin contributions documentation from a retired standalone repository to platform-owned repositories (macOS and Windows).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch seofood/plugin-auth-policy-org-profile

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

profile/README.md (1)

56-57: ⚡ Quick win

Consider breaking the compliance requirements into bullet points for better readability.

The sentence covering compliance requirements is grammatically correct but quite dense with multiple prohibitions. Breaking it into a bulleted list would make it easier for plugin developers to understand and follow each requirement.

📋 Proposed refactor for improved clarity

-Plugins that connect to external providers must use access paths the provider authorizes for third-party integrations. They must not impersonate a provider's first-party client, use consumer subscription credentials as API access unless the provider explicitly supports that third-party path, or rely on unofficial OAuth clients, copied client IDs, hidden endpoints, or token refresh flows intended for another first-party product.
+Plugins that connect to external providers must use access paths the provider authorizes for third-party integrations. They must not:
+
+- Impersonate a provider's first-party client
+- Use consumer subscription credentials as API access unless the provider explicitly supports that third-party path
+- Rely on unofficial OAuth clients
+- Use copied client IDs
+- Use hidden endpoints
+- Use token refresh flows intended for another first-party product

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@profile/README.md` around lines 56 - 57, Split the long compliance sentence
in profile/README.md into a short introductory sentence followed by a bulleted
list where each prohibition is its own item (e.g., "Must not impersonate a
provider's first-party client", "Must not use consumer subscription credentials
as API access unless explicitly supported", "Must not rely on unofficial OAuth
clients or copied client IDs", "Must not use hidden endpoints or token refresh
flows intended for another first-party product"); update the surrounding text to
introduce the list and keep original wording for each rule to avoid changing
intent.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@profile/README.md`:
- Around line 56-57: Split the long compliance sentence in profile/README.md
into a short introductory sentence followed by a bulleted list where each
prohibition is its own item (e.g., "Must not impersonate a provider's
first-party client", "Must not use consumer subscription credentials as API
access unless explicitly supported", "Must not rely on unofficial OAuth clients
or copied client IDs", "Must not use hidden endpoints or token refresh flows
intended for another first-party product"); update the surrounding text to
introduce the list and keep original wording for each rule to avoid changing
intent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 36bc9cbb-60db-4493-b9d1-94de65a3e96a

📥 Commits

Reviewing files that changed from the base of the PR and between 2e9c429 and d64f3b7.

📒 Files selected for processing (1)

• profile/README.md