Plugins: allow unsafe-force override on update

2026-04-08 15:51:06 +00:00 · 2026-04-03 00:20:16 -04:00
parent 824ff335c6
commit c4f40c3f7d
10 changed files with 193 additions and 12 deletions
--- a/src/cli/plugins-cli.update.test.ts
+++ b/src/cli/plugins-cli.update.test.ts
@@ -1,7 +1,9 @@
+import { Command } from "commander";
 import { beforeEach, describe, expect, it } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
 import {
  loadConfig,
+  registerPluginsCli,
  resetPluginsCliTestState,
  runPluginsCommand,
  runtimeErrors,
@@ -11,11 +13,43 @@ import {
  writeConfigFile,
 } from "./plugins-cli-test-helpers.js";

+function createTrackedPluginConfig(params: {
+  pluginId: string;
+  spec: string;
+  resolvedName?: string;
+}): OpenClawConfig {
+  return {
+    plugins: {
+      installs: {
+        [params.pluginId]: {
+          source: "npm",
+          spec: params.spec,
+          installPath: `/tmp/${params.pluginId}`,
+          ...(params.resolvedName ? { resolvedName: params.resolvedName } : {}),
+        },
+      },
+    },
+  } as OpenClawConfig;
+}
+
 describe("plugins cli update", () => {
  beforeEach(() => {
    resetPluginsCliTestState();
  });

+  it("shows the dangerous unsafe install override in update help", () => {
+    const program = new Command();
+    registerPluginsCli(program);
+
+    const pluginsCommand = program.commands.find((command) => command.name() === "plugins");
+    const updateCommand = pluginsCommand?.commands.find((command) => command.name() === "update");
+    const helpText = updateCommand?.helpInformation() ?? "";
+
+    expect(helpText).toContain("--dangerously-force-unsafe-install");
+    expect(helpText).toContain("Bypass built-in dangerous-code update");
+    expect(helpText).toContain("blocking for plugins");
+  });
+
  it("updates tracked hook packs through plugins update", async () => {
    const cfg = {
      hooks: {
@@ -203,6 +237,34 @@ describe("plugins cli update", () => {
    );
  });

+  it("passes dangerous force unsafe install to plugin updates", async () => {
+    const config = createTrackedPluginConfig({
+      pluginId: "openclaw-codex-app-server",
+      spec: "openclaw-codex-app-server@beta",
+    });
+    loadConfig.mockReturnValue(config);
+    updateNpmInstalledPlugins.mockResolvedValue({
+      config,
+      changed: false,
+      outcomes: [],
+    });
+
+    await runPluginsCommand([
+      "plugins",
+      "update",
+      "openclaw-codex-app-server",
+      "--dangerously-force-unsafe-install",
+    ]);
+
+    expect(updateNpmInstalledPlugins).toHaveBeenCalledWith(
+      expect.objectContaining({
+        config,
+        pluginIds: ["openclaw-codex-app-server"],
+        dangerouslyForceUnsafeInstall: true,
+      }),
+    );
+  });
+
  it("keeps using the recorded npm tag when update is invoked by plugin id", async () => {
    const config = {
      plugins: {