plugin marketplaces are the new endpoint policy for coding agents

GitHub added an enterprise setting this week that looks like the kind of thing most developers will never read about unless it breaks their editor.

Enterprise managed settings now support strictKnownMarketplaces for VS Code and GitHub Copilot CLI. In plain English: an organization can restrict which extension and plugin marketplaces are known and allowed inside the developer tools people actually use.

That sounds like desktop management.

I think it is more interesting than that.

If coding agents can discover tools, install plugins, call commands, read repositories, modify files, and run workflows from the IDE or terminal, then plugin marketplace policy is no longer a minor preference. It is part of the runtime boundary.

GitHub added an enterprise setting this week that looks like the kind of thing most developers will never read about unless it breaks their editor.

That sounds like desktop management.

I think it is more interesting than that.

plugin marketplaces are the new endpoint policy for coding agents

plugin marketplaces are the new endpoint policy for coding agents

Other newsrooms on this story

Related reading

Enterprise-managed settings now support strictKnownMarketplaces in VS Code and…

Enterprise-managed plugins in VS Code in public preview - GitHub Changelog

GitHub Copilot CLI Plugins and Marketplaces: Extend Your Terminal Agent

coding agents made repositories the security boundary

GitHub Copilot app: The agent-native desktop experience

Your AI Agent Has Push Access to Every Repo

Other newsrooms on this story

Related reading

Enterprise-managed settings now support strictKnownMarketplaces in VS Code and…

Enterprise-managed plugins in VS Code in public preview - GitHub Changelog

GitHub Copilot CLI Plugins and Marketplaces: Extend Your Terminal Agent

coding agents made repositories the security boundary

GitHub Copilot app: The agent-native desktop experience

Your AI Agent Has Push Access to Every Repo