feat: proxy-aware marketplace indexes#617
Merged
sergio-sisternes-epam merged 4 commits intomicrosoft:mainfrom Apr 9, 2026
Merged
feat: proxy-aware marketplace indexes#617sergio-sisternes-epam merged 4 commits intomicrosoft:mainfrom
sergio-sisternes-epam merged 4 commits intomicrosoft:mainfrom
Conversation
Route marketplace browse/search/add through the registry proxy when PROXY_REGISTRY_URL is set. When PROXY_REGISTRY_ONLY=1 the GitHub Contents API fallback is blocked entirely, enabling air-gapped marketplace discovery. Closes microsoft#506 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR makes marketplace index fetching proxy-aware so apm marketplace add/browse/search/update can work in proxied or air-gapped environments by preferring the registry proxy (Artifactory Archive Entry Download) and optionally blocking direct GitHub API fallback when PROXY_REGISTRY_ONLY=1. It also adds support for registering marketplaces on non-github.com hosts and prevents cache collisions across hosts.
Changes:
- Add proxy-first fetch path for
marketplace.jsonviafetch_entry_from_archive(), with optional registry-only enforcement blocking GitHub fallback. - Add
--host(andHOST/OWNER/REPO) support toapm marketplace add, and include host in marketplace cache keys. - Add unit tests for proxy behavior and cache-key host isolation; update changelog.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
src/apm_cli/marketplace/client.py |
Implements proxy-first marketplace JSON fetch and host-aware cache keys / cache clearing. |
src/apm_cli/commands/marketplace.py |
Adds --host support and argument parsing for non-github.com marketplace repos; updates cache clearing to include host. |
tests/unit/marketplace/test_marketplace_client.py |
Adds unit tests covering proxy success/fallback/enforce-only and cache key behavior. |
CHANGELOG.md |
Adds an Unreleased entry describing the proxy-aware marketplace behavior. |
- Validate --host flag with is_valid_fqdn() and normalize to lowercase - Normalize host in _cache_key() for case-insensitive comparison - Update CHANGELOG to use backticks and include update command - Add docs for --host flag and proxy support in marketplace guide, CLI reference, and APM guide skill Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Replace `"ghes.corp.com" in key` with `startswith()`/`endswith()` assertions to satisfy CodeQL's URL substring sanitization check. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Collaborator
sergio-sisternes-epam
left a comment
sergio-sisternes-epam
left a comment
There was a problem hiding this comment.
Clean, well-scoped PR. Proxy support layers naturally into the existing _fetch_file() flow, tests are comprehensive (10 new covering all proxy paths), and docs/CHANGELOG/skill files are all updated consistently. One minor performance suggestion below.
sergio-sisternes-epam
approved these changes
Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
apm marketplace add/browse/search/updatethrough the registry proxy (Artifactory Archive Entry Download) whenPROXY_REGISTRY_URLis setPROXY_REGISTRY_ONLY=1, enabling fully air-gapped marketplace discovery--hostflag tomarketplace addfor GHES / non-github.com marketplace reposBuilds on the shared
fetch_entry_from_archive()utility from #525.Closes #506
Design
_fetch_file()inmarketplace/client.pynow checksRegistryConfig.from_env()first. When a proxy is configured, it callsfetch_entry_from_archive()to fetchmarketplace.jsonvia the Artifactory Archive Entry Download API. If the proxy returns valid JSON, it is used directly. If it fails andPROXY_REGISTRY_ONLY=1, the GitHub API fallback is blocked._auto_detect_path()gains proxy support transparently since it calls_fetch_file()in a loop.Test plan
marketplace add/browse/search/updatewithPROXY_REGISTRY_ONLY=1againsthttps://artifactory-remote.checkpoint.com/artifactory/github/usinganthropics/skillsandarevlo/claude-code-workflowsRelated
fetch_entry_from_archive()infrastructure (merged)_parse_artifactory_base_url()ignoresPROXY_REGISTRY_URL(separate bug)apm install plugin@marketplacevalidation bypasses registry proxy #615 --apm install plugin@marketplacevalidation bypasses registry proxy (separate bug)🤖 Generated with Claude Code