[MAJOR ISSUE] Plugin duplication issue leading to permanent plugin submission lockdown

Hi there,

As the title of this post implies I’m here to bring in some bad news we’ve discovered recently by playing around with HTTPS manifest redirections.
I’ll try to make the problem as clear as I can in this post and to provide all the data required to reproduce the bug (that’s in fact pretty easy).

The problem in (very) short

It is possible to create duplicates of the same plugin just be playing with manifest HTTPS redirections, without having to go through any submission process.
Such duplication will eventually result in a permanent lockdown of the “install unverified” option for the duplicated plugin, making it impossible to submit or install by anyone.
Installing the plugin from the duplicated domain in developer mode will also install all the duplicates at once.
Details are explained in the completed walkthrough right below.

How to reproduce - complete walkthrough

In this walkthrough I’m going to describe what I did with my plugin hosted at chatgpt.erc20list.org to get to the point I’m currently at.

This plugin currently has a manifest file hosted at chatgpt.erc20list.org/.well-known/ai-plugin.json that redirects to pluginlab.chatgpt.erc20list.org/.well-known/ai-plugin.json.

As pointed out by the official docs this is an accepted redirection behaviour.

The plugin can successfully be installed in development mode using chatgpt.erc20list.org without issue.

According to the docs, the root domain for such plugin is the one of the redirection, i.e pluginlab.chatgpt.erc20list.org, which is fine.

Inspecting the JSON data returned by Openai for the plugin in the UI, we can however see that the domain field of the plugin is chatgpt.erc20list.org, and not the expected root domain of pluginlab.chatgpt.erc20list.org. Feels natural although the docs are stating otherwise, but I first assumed it to be normal behaviour.

{
    "id": "plugin-3b6d863d-cfc1-4c62-90bb-db102c8c3b0a",
    "domain": "chatgpt.erc20list.org",
    "namespace": "erc20_tokenlist_explorer",
    "status": "unreviewed",
    "manifest": {
        "schema_version": "v1",
        "name_for_model": "erc20_tokenlist_explorer",
        "name_for_human": "Crypto ERC20 Scout",
        "description_for_model": "...",
        "description_for_human": "...",
        "auth": {
            /* omitted for clarity */
        },
        "api": {
            "type": "openapi",
            "url": "https://pluginlab.chatgpt.erc20list.org/.well-known/pluginlab/openapi.json"
        },
        "logo_url": "...",
        "contact_email": "...",
        "legal_info_url": "..."
    },
    "oauth_client_id": "...",
    "user_settings": {
        "is_installed": true,
        "is_authenticated": true
    },
    "categories": []
}

(I’ve got data of this kind by inspecting the response of the calls made to https://chat.openai.com/backend-api/aip/p?offset=0&limit=250&is_installed=true.
Same goes for the other JSON blobs posted below.)

The ID however, seems to have been uniquely generated based on that final redirection domain. More on that later.

Now, let’s say I want to change this redirection because I changed my mind. The plugin got delisted and I’m about to install it again, then resubmit it. As it should go.

After this change, chatgpt.erc20list.org/.well-known/ai-plugin.json is pointing to pluginlab2.chatgpt.erc20list.org/.well-known/ai-plugin.json (pluginlab was turned into pluginlab2).

The new root domain for the plugin should therefore be pluginlab2.chatgpt.erc20list.org.

I get the plugin installed through the developer flow again without any problem, but here is the corresponding JSON I get for it:

{
   "id": "plugin-05fd4e2b-6863-4521-b81f-0c276f8b243a"
    "domain": "chatgpt.erc20list.org",
    "namespace": "erc20_tokenlist_explorer",
    "status": "unreviewed",
    "manifest": {
        "schema_version": "v1",
        "name_for_model": "erc20_tokenlist_explorer",
        "name_for_human": "Crypto ERC20 Scout",
        "description_for_model": "...",
        "description_for_human": "...",
        "auth": {
            /* omitted for clarity */
        },
        "api": {
            "type": "openapi",
            "url": "https://pluginlab2.chatgpt.erc20list.org/.well-known/pluginlab/openapi.json"
        },
        "logo_url": "...",
        "contact_email": "...",
        "legal_info_url": "..."
    },
    "oauth_client_id": "...",
    "user_settings": {
        "is_installed": true,
        "is_authenticated": true
    },
    "categories": []
}

The generated id is different from the previous one, however the domain field is still chatgpt.erc20list.org, which is again not even supposed to be the root domain as per the docs.

And that’s where everything will start going wrong.

From that point, there are two different plugins that are associated with the same domain field of chatgpt.erc20list.org. These plugins are different because they essentially do not share the same id.

And that will litterally make installing the plugin as an unverified plugin impossible and actually lock it down, as these screenshots show:

image

Given the error message returned by the API it’s pretty clear that the installation problem has to do with the unexpected plugin duplication taking place.
In case the domain does not exist the message is normally domain not found or something like that.

My guess is that the backend does query plugins by their domain field and find an unexpectedly greater than one amount of plugins matching that same domain, which is not supported.

This duplication process can be repeated as many times as it is wanted. I actually did it a third time to make sure but I’m not going to show that off here since it does not bring more info on the table.

I’m currently locked in that state and can’t do anything to remove the duplicates. That could happen to any plugin going through the same process, too.

It would be incredibly helpful to have some insights about this problem and to get it fixed, or at least provide a way to escape it since it results in a permanent lockdown of the duplicated plugin. Since it can’t be installed as an unverified one it’s impossible to resubmit it for approval in the store.

Also having some clarification about what’s said on the docs about redirections and root domains would be of very great help.

I hope this post helped and that we’ll get a way to fix that ASAP.

2 Likes

If @logankilpatrick or @isaac_oai could see this thread, it would be great to help and investigate this.