vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 19:40:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(plugins): warn on install source package drift

Browse Source 
Warn when provider or channel catalog package identity drifts from openclaw.install.npmSpec while keeping compatible catalogs non-fatal.
This commit is contained in:
Vincent Koc
2026-04-24 09:31:40 -07:00
committed by GitHub
parent 90877e0d42
commit 4d1ee3a73e
9 changed files with 162 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/plugins/manifest.md
View File

@@ -596,9 +596,10 @@ entries should pair exact specs with `expectedIntegrity` so update flows fail
closed if the fetched npm artifact no longer matches the pinned release.
Interactive onboarding still offers trusted registry npm specs, including bare
package names and dist-tags, for compatibility. Catalog diagnostics can
distinguish exact, floating, integrity-pinned, missing-integrity, and invalid
default-choice sources. They also warn when `expectedIntegrity` is present but
there is no valid npm source it can pin. When `expectedIntegrity` is present,
distinguish exact, floating, integrity-pinned, missing-integrity, package-name
mismatch, and invalid default-choice sources. They also warn when
`expectedIntegrity` is present but there is no valid npm source it can pin.
When `expectedIntegrity` is present,
install/update flows enforce it; when it is omitted, the registry resolution is
recorded without an integrity pin.