Skip to content

feat: proxy-aware marketplace indexes#617

Open
chkp-roniz wants to merge 2 commits intomicrosoft:mainfrom
chkp-roniz:feat/marketplace-proxy
Open

feat: proxy-aware marketplace indexes#617
chkp-roniz wants to merge 2 commits intomicrosoft:mainfrom
chkp-roniz:feat/marketplace-proxy

Conversation

@chkp-roniz
Copy link
Copy Markdown
Contributor

@chkp-roniz chkp-roniz commented Apr 7, 2026

Summary

  • Route apm marketplace add/browse/search/update through the registry proxy (Artifactory Archive Entry Download) when PROXY_REGISTRY_URL is set
  • Block direct GitHub Contents API fallback when PROXY_REGISTRY_ONLY=1, enabling fully air-gapped marketplace discovery
  • Add --host flag to marketplace add for GHES / non-github.com marketplace repos
  • Include host in cache key to prevent collisions across different hosts

Builds on the shared fetch_entry_from_archive() utility from #525.

Closes #506

Design

_fetch_file() in marketplace/client.py now checks RegistryConfig.from_env() first. When a proxy is configured, it calls fetch_entry_from_archive() to fetch marketplace.json via the Artifactory Archive Entry Download API. If the proxy returns valid JSON, it is used directly. If it fails and PROXY_REGISTRY_ONLY=1, the GitHub API fallback is blocked. _auto_detect_path() gains proxy support transparently since it calls _fetch_file() in a loop.

Test plan

  • 10 new unit tests: proxy success, fallback, enforce-only, non-JSON, auto-detect through proxy, end-to-end, cache key isolation
  • Full unit suite passes (3,683 tests)
  • Live tested marketplace add/browse/search/update with PROXY_REGISTRY_ONLY=1 against https://artifactory-remote.checkpoint.com/artifactory/github/ using anthropics/skills and arevlo/claude-code-workflows
  • Verified direct GitHub path still works without proxy (no regression)
  • No internal data in source or tests

Related

🤖 Generated with Claude Code

@chkp-roniz @claude
feat: proxy-aware marketplace indexes (microsoft#506)
c6a8b84 
Route marketplace browse/search/add through the registry proxy when
PROXY_REGISTRY_URL is set.  When PROXY_REGISTRY_ONLY=1 the GitHub
Contents API fallback is blocked entirely, enabling air-gapped
marketplace discovery.

Closes microsoft#506

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 7, 2026 20:18
Copilot AI reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes marketplace index fetching proxy-aware so apm marketplace add/browse/search/update can work in proxied or air-gapped environments by preferring the registry proxy (Artifactory Archive Entry Download) and optionally blocking direct GitHub API fallback when PROXY_REGISTRY_ONLY=1. It also adds support for registering marketplaces on non-github.com hosts and prevents cache collisions across hosts.

Changes:

  • Add proxy-first fetch path for marketplace.json via fetch_entry_from_archive(), with optional registry-only enforcement blocking GitHub fallback.
  • Add --host (and HOST/OWNER/REPO) support to apm marketplace add, and include host in marketplace cache keys.
  • Add unit tests for proxy behavior and cache-key host isolation; update changelog.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
src/apm_cli/marketplace/client.py Implements proxy-first marketplace JSON fetch and host-aware cache keys / cache clearing.
src/apm_cli/commands/marketplace.py Adds --host support and argument parsing for non-github.com marketplace repos; updates cache clearing to include host.
tests/unit/marketplace/test_marketplace_client.py Adds unit tests covering proxy success/fallback/enforce-only and cache key behavior.
CHANGELOG.md Adds an Unreleased entry describing the proxy-aware marketplace behavior.

@chkp-roniz @claude
fix: address Copilot review on microsoft#617
f393409 
- Validate --host flag with is_valid_fqdn() and normalize to lowercase
- Normalize host in _cache_key() for case-insensitive comparison
- Update CHANGELOG to use backticks and include update command
- Add docs for --host flag and proxy support in marketplace guide,
  CLI reference, and APM guide skill

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danielmeppiel danielmeppiel Awaiting requested review from danielmeppiel danielmeppiel is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Support Artifactory-hosted marketplace indexes

2 participants

@chkp-roniz