diff --git a/CHANGELOG.md b/CHANGELOG.md index 94d404e0b18..ed2a26ec9d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,7 @@ Docs: https://docs.openclaw.ai - Thinking defaults/status: raise the implicit default thinking level for reasoning-capable models from legacy `off`/`low` fallback behavior to a safe provider-supported `medium` equivalent when no explicit config default is set, preserve configured-model reasoning metadata when runtime catalog loading is empty, and make `/status` report the same resolved default as runtime. - Gateway/model pricing: fetch OpenRouter and LiteLLM pricing asynchronously at startup and extend catalog fetch timeouts to 30 seconds, reducing noisy timeout warnings during slow upstream responses. +- Plugins/install: add newly installed plugin ids to an existing `plugins.allow` list before enabling them, so allowlisted configs load installed plugins after restart. - Status: show `Fast` in `/status` when fast mode is enabled, including config/default-derived fast mode, and omit it when disabled. - OpenAI/image generation: detect Azure OpenAI-style image endpoints, use Azure `api-key` auth plus deployment-scoped image URLs, and honor `AZURE_OPENAI_API_VERSION` so image generation and edits work against Azure-hosted OpenAI resources. (#70570) Thanks @zhanggpcsu. - Models/auth: merge provider-owned default-model additions from `openclaw models auth login` instead of replacing `agents.defaults.models`, so re-authenticating an OAuth provider such as OpenAI Codex no longer wipes other providers' aliases and per-model params. Migrations that must rename keys (Anthropic -> Claude CLI) opt in with `replaceDefaultModels`. Fixes #69414. (#70435) Thanks @neeravmakwana. diff --git a/docs/tools/plugin.md b/docs/tools/plugin.md index 99bf8d899f0..84251dcf2dd 100644 --- a/docs/tools/plugin.md +++ b/docs/tools/plugin.md @@ -255,6 +255,10 @@ plugin). Other bundled plugins still need `openclaw plugins enable `. plugins. It is not supported with `--link`, which reuses the source path instead of copying over a managed install target. +When `plugins.allow` is already set, `openclaw plugins install` adds the +installed plugin id to that allowlist before enabling it, so installs are +immediately loadable after restart. + `openclaw plugins update ` applies to tracked installs. Passing an npm package spec with a dist-tag or exact version resolves the package name back to the tracked plugin record and records the new spec for future updates. diff --git a/src/cli/plugins-install-persist.test.ts b/src/cli/plugins-install-persist.test.ts new file mode 100644 index 00000000000..bfc75535a6f --- /dev/null +++ b/src/cli/plugins-install-persist.test.ts @@ -0,0 +1,64 @@ +import { beforeEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import { + enablePluginInConfig, + recordPluginInstall, + resetPluginsCliTestState, + writeConfigFile, +} from "./plugins-cli-test-helpers.js"; + +describe("persistPluginInstall", () => { + beforeEach(() => { + resetPluginsCliTestState(); + }); + + it("adds installed plugins to restrictive allowlists before enabling", async () => { + const { persistPluginInstall } = await import("./plugins-install-persist.js"); + const baseConfig = { + plugins: { + allow: ["memory-core"], + }, + } as OpenClawConfig; + const enabledConfig = { + plugins: { + allow: ["alpha", "memory-core"], + entries: { + alpha: { enabled: true }, + }, + }, + } as OpenClawConfig; + const persistedConfig = { + plugins: { + ...enabledConfig.plugins, + installs: { + alpha: { + source: "npm", + spec: "alpha@1.0.0", + installPath: "/tmp/alpha", + }, + }, + }, + } as OpenClawConfig; + + enablePluginInConfig.mockImplementation((...args: unknown[]) => { + const [cfg, pluginId] = args as [OpenClawConfig, string]; + expect(pluginId).toBe("alpha"); + expect(cfg.plugins?.allow).toEqual(["alpha", "memory-core"]); + return { config: enabledConfig }; + }); + recordPluginInstall.mockReturnValue(persistedConfig); + + const next = await persistPluginInstall({ + config: baseConfig, + pluginId: "alpha", + install: { + source: "npm", + spec: "alpha@1.0.0", + installPath: "/tmp/alpha", + }, + }); + + expect(next).toBe(persistedConfig); + expect(writeConfigFile).toHaveBeenCalledWith(persistedConfig); + }); +}); diff --git a/src/cli/plugins-install-persist.ts b/src/cli/plugins-install-persist.ts index 8146f0c4583..8cf60d65448 100644 --- a/src/cli/plugins-install-persist.ts +++ b/src/cli/plugins-install-persist.ts @@ -12,6 +12,20 @@ import { logSlotWarnings, } from "./plugins-command-helpers.js"; +function addInstalledPluginToAllowlist(cfg: OpenClawConfig, pluginId: string): OpenClawConfig { + const allow = cfg.plugins?.allow; + if (!Array.isArray(allow) || allow.length === 0 || allow.includes(pluginId)) { + return cfg; + } + return { + ...cfg, + plugins: { + ...cfg.plugins, + allow: [...allow, pluginId].toSorted(), + }, + }; +} + export async function persistPluginInstall(params: { config: OpenClawConfig; baseHash?: string; @@ -20,7 +34,10 @@ export async function persistPluginInstall(params: { successMessage?: string; warningMessage?: string; }): Promise { - let next = enablePluginInConfig(params.config, params.pluginId).config; + let next = enablePluginInConfig( + addInstalledPluginToAllowlist(params.config, params.pluginId), + params.pluginId, + ).config; next = recordPluginInstall(next, { pluginId: params.pluginId, ...params.install,