[codex] Retarget plugin submissions to platform repos

[SeoFood]

Summary

• Retargets plugin contribution guidance from the retired standalone typewhisper-plugins flow to the platform repositories that own the app integrations.
• Directs macOS plugin contributions to TypeWhisper/typewhisper-mac and Windows plugin contributions to TypeWhisper/typewhisper-win.
• Keeps provider-neutral access policy guidance for third-party provider integrations.
• Stops fetching community plugins from the retired standalone repository and keeps the generated community plugin feed empty.
• Updates the Playwright coverage to verify the platform repo links and that the develop page no longer links to typewhisper-plugins.

Companion

• Organization profile update: [codex] Retarget org plugin contributions to platform repos .github#2
• Repository retirement notice: [codex] Retire standalone plugin repository typewhisper-plugins#3

Validation

• npm run test:i18n
• npx playwright test tests/addons-develop-policy.spec.ts
• npm run build
• git diff --check

Closes #74

Summary by CodeRabbit

• New Features

  • Replaced prior submission instructions with a new "Contribute Plugins" section and localized "Provider access policy" guidance.

• Documentation

  • Updated contribution guidance to point to platform-specific macOS/Windows repositories and note retirement of the former community plugin submission flow; available in multiple locales.

• Tests

  • Added automated checks to verify policy content and localized links.

• Chores

  • Retired community plugin fetcher; now emits an empty community plugins file and logs retirement.

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaces the old submission instructions with a localized “Contribute Plugins” section including a Provider access policy, adds Playwright tests validating the policy across locales, and retires the community-plugins fetch script by writing an empty index file.

Changes

Add-ons Developer Policy & Retirement

Layer / File(s)	Summary
Provider-access policy UI and import cleanup src/pages/addons/_develop.tsx	Replaces “Submit to the Plugin Catalog” content with “Contribute Plugins” and adds a localized “Provider access policy” panel; removes ExternalLink from lucide-react imports.
Playwright policy tests tests/addons-develop-policy.spec.ts	Adds policyScenarios per locale and a test suite that visits each page, asserts heading and accepted/rejected example texts, checks Mac/Windows repo links, and verifies no typewhisper-plugins anchor is present.
Community plugins retirement script scripts/fetch-community-plugins.mjs	Replaces network-fetching logic with a stub that writes community-plugins.json containing an empty plugins array and logs that the community-plugin repo is retired.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A gentle hop across the site,
New policy card in German and English light.
Tests peek in each locale nook,
The old fetcher closed its book.
Hooray for clear paths—no tricks in sight! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR successfully addresses all coding requirements from #74: updates English and German pages with provider-auth policy details, maintains submission guidance pointing to TypeWhisper/typewhisper-plugins, includes acceptable and disallowed access patterns, and adds validation tests.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the linked issue scope: policy documentation updates, test validation, and retiring the community plugin fetch script reflect the shift from community plugin submissions to platform repo submissions.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: retargeting plugin submission guidance from a community repository to platform (macOS/Windows) repositories, which is the primary refactoring across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch seofood/plugin-auth-policy-docs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

tests/addons-develop-policy.spec.ts (1)

8-11: ⚡ Quick win

Expand assertions to cover the full required policy boundary.

The spec currently checks only one accepted and one rejected example per locale, so substantial policy regressions could still pass. Add assertions for the other required clauses (official developer billing, documented third-party SDK/OAuth, local-only integrations, and disallowed unofficial OAuth/copied client IDs/hidden endpoints/first-party refresh flows).

Proposed test hardening

 const policyScenarios = [
   {
     locale: "en",
     path: "/en/addons/develop",
     heading: "Provider access policy",
-    acceptedExample: /user-provided API keys/,
-    rejectedExample: /impersonate a provider's first-party client/,
+    acceptedExamples: [
+      /user-provided API keys/,
+      /official developer platform billing/,
+      /officially documented SDK or OAuth flows intended for third-party apps/,
+      /local-only integrations/,
+    ],
+    rejectedExamples: [
+      /impersonate a provider's first-party client/,
+      /consumer subscription credentials as API access unless the provider explicitly supports/,
+      /unofficial OAuth clients/,
+      /copied client IDs/,
+      /hidden endpoints/,
+      /token refresh flows intended for another first-party product/,
+    ],
     macRepo: "TypeWhisper/typewhisper-mac",
     windowsRepo: "TypeWhisper/typewhisper-win",
   },
   {
     locale: "de",
     path: "/de/addons/develop",
     heading: "Provider-Zugriffsrichtlinie",
-    acceptedExample: /nutzerbereitgestellte API-Schlüssel/,
-    rejectedExample: /First-Party-Client eines Anbieters imitieren/,
+    acceptedExamples: [
+      /nutzerbereitgestellte API-Schlüssel/,
+      /offizielle Abrechnung über Entwicklerplattformen/,
+      /offiziell dokumentierte SDK- oder OAuth-Flows für Drittanbieter-Apps/,
+      /rein lokale Integrationen/,
+    ],
+    rejectedExamples: [
+      /First-Party-Client eines Anbieters imitieren/,
+      /Verbraucher-Abo-Zugangsdaten als API-Zugriff verwenden/,
+      /inoffizielle OAuth-Clients/,
+      /kopierte Client-IDs/,
+      /versteckte Endpunkte/,
+      /Token-Refresh-Flows.*anderes First-Party-Produkt/,
+    ],
     macRepo: "TypeWhisper/typewhisper-mac",
     windowsRepo: "TypeWhisper/typewhisper-win",
   },
 ] as const;
@@
-      await expect(page.getByText(scenario.acceptedExample)).toBeVisible();
-      await expect(page.getByText(scenario.rejectedExample)).toBeVisible();
+      for (const acceptedExample of scenario.acceptedExamples) {
+        await expect(page.getByText(acceptedExample)).toBeVisible();
+      }
+      for (const rejectedExample of scenario.rejectedExamples) {
+        await expect(page.getByText(rejectedExample)).toBeVisible();
+      }

Also applies to: 17-20, 32-37

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/addons-develop-policy.spec.ts` around lines 8 - 11, The current test
uses only acceptedExample and rejectedExample in the locale blocks (e.g., the
object with acceptedExample, rejectedExample, macRepo, windowsRepo) and must be
expanded: update the test cases in tests/addons-develop-policy.spec.ts to add
assertions covering all required clauses per locale — add positive assertions
for official developer billing, documented third-party SDK/OAuth, and local-only
integrations, and negative assertions rejecting unofficial OAuth, copied client
IDs, hidden endpoints, and first-party refresh flows; ensure these new
expectations are added alongside the existing acceptedExample/rejectedExample
checks for each locale block (also apply the same additions to the other similar
blocks referenced in the comment).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@tests/addons-develop-policy.spec.ts`:
- Around line 8-11: The current test uses only acceptedExample and
rejectedExample in the locale blocks (e.g., the object with acceptedExample,
rejectedExample, macRepo, windowsRepo) and must be expanded: update the test
cases in tests/addons-develop-policy.spec.ts to add assertions covering all
required clauses per locale — add positive assertions for official developer
billing, documented third-party SDK/OAuth, and local-only integrations, and
negative assertions rejecting unofficial OAuth, copied client IDs, hidden
endpoints, and first-party refresh flows; ensure these new expectations are
added alongside the existing acceptedExample/rejectedExample checks for each
locale block (also apply the same additions to the other similar blocks
referenced in the comment).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 978b1113-930f-4def-be1e-92b9facc9060

📥 Commits

Reviewing files that changed from the base of the PR and between af58bab and c05ca13.

📒 Files selected for processing (3)

• scripts/fetch-community-plugins.mjs
• src/pages/addons/_develop.tsx
• tests/addons-develop-policy.spec.ts