The plugin model catalog now reflects what the backend can actually execute. Until today, GET /api/v1/plugin/ai-models and GET /api/v1/plugin/pricing advertised every model permitted by the caller's plan — even when the underlying cg-worker had no API token configured for the provider. A plugin submitting against such an advertised entry would have credits reserved, then watch the job retry three times before being abandoned to the dead-letter queue, with no actionable signal back to the caller.
A runtime allow-list, PLUGIN_AVAILABLE_PROVIDERS, now gates both listing endpoints and the POST /api/v1/plugin/jobs (and /jobs/batch) submission paths. Requests that name a provider outside the allow-list are rejected before any credit reservation or order insert with the standard invalid_input error envelope (HTTP 422) and a message pointing the caller back at GET /api/v1/plugin/ai-models. If you previously hard-coded replicate in your integration, switch to byteplus, google, or openai — those are the providers currently served in production. When unset (local/dev), the filter no-ops and the legacy behaviour is preserved.